Re: DNS and DMZ zone problem
From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 02/03/05
- Next message: Marlon Brown: "I change DNS primary and it doesn't update DNS secondary"
- Previous message: Marlon Brown: "In DNS, can I redirect users to advisory page if they are using oldproxyaddress ?"
- In reply to: Arne And: "Re: DNS and DMZ zone problem"
- Next in thread: Arne And: "Re: DNS and DMZ zone problem"
- Reply: Arne And: "Re: DNS and DMZ zone problem"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 3 Feb 2005 11:48:03 -0500
Arne And wrote:
> we have a lot of users that get stuff from us from our ftp site.
Dangerous. Don't put DCs in your DMZ, and don't host a public FTP site on
your LAN, whether on a DC or member server or standalone server. Keep your
domain controllers entirely within your LAN, and stick a separate FTP server
in your DMZ (doesn't have to be a Windows box at all), and don't open up any
ports inbound from your DMZ to LAN (although opening up FTP the other way
around is fine, so your users can transfer files to the FTP server from
machines within the LAN).
>
> When we have just a server that is in a workgroup, its much harder too
> restore users or have a failover contra a dc
You're asking for major trouble with your existing config from a security
standpoint
>
> -aa-
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> skrev i
> melding news:OPpjWAaCFHA.3436@TK2MSFTNGP12.phx.gbl...
>> Arne And wrote:
>>> Hi
>>>
>>> I have an Windows 2000 server that is a DC in my DMZ zone. I have
>>> now installed a new server in the same DMZ zone (windows 2003
>>> server) that joined my domain.
>>
>> Why do you have DCs in your DMZ?
>>
>>>
>>> That worked fine, exept that when am trying to connect to the
>>> internet my 2003 server cant find any sites.
>>>
>>> I dont haft to install a DNS server on my 2003 server when it
>>> allready is installed on my DC (win2000)?
>>
>> No - as long as you point to the correct DNS server in that new
>> server's IP config. As in, the DC's IP. Can you ping anything on the
>> Internet by IP? As in, a public DNS server?
>>>
>>> I can ping my DC, and my Default Gateway, but not on the internett.
>>>
>>> what can I do?
>>>
>>> -regards
>>>
>>> -AA-
- Next message: Marlon Brown: "I change DNS primary and it doesn't update DNS secondary"
- Previous message: Marlon Brown: "In DNS, can I redirect users to advisory page if they are using oldproxyaddress ?"
- In reply to: Arne And: "Re: DNS and DMZ zone problem"
- Next in thread: Arne And: "Re: DNS and DMZ zone problem"
- Reply: Arne And: "Re: DNS and DMZ zone problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
