Re: DNS and DMZ zone problem
From: Arne And (kjellhoy_at_start.no)
Date: 02/03/05
- Next message: Kevin D. Goodknecht Sr. [MVP]: "Re: Still having trouble removing DNS Server from Domain"
- Previous message: Massimiliano-T: "Re: PTR"
- In reply to: Lanwench [MVP - Exchange]: "Re: DNS and DMZ zone problem"
- Next in thread: Kevin D. Goodknecht Sr. [MVP]: "Re: DNS and DMZ zone problem"
- Reply: Kevin D. Goodknecht Sr. [MVP]: "Re: DNS and DMZ zone problem"
- Reply: Lanwench [MVP - Exchange]: "Re: DNS and DMZ zone problem"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 3 Feb 2005 20:59:31 +0100
Hmmm well, if i have just a ftp server in my DMZ, and its packed with 100
users that have there one username and password and there own folder in my
ftp site. Its a hell of a admin work too manage all this, when the server is
only a mebmerserver.
Lets say that I have a server crach, and I haft to restore.. It would bee
easyer too have a DC there, then it would have all the useraccount on the
second DC. While on the memberserver I would have too punch them in all
manually....
or am I way off here....
Regards
-AA-
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> skrev i melding
news:%23RV3oBhCFHA.1264@TK2MSFTNGP12.phx.gbl...
> Arne And wrote:
>> we have a lot of users that get stuff from us from our ftp site.
>
> Dangerous. Don't put DCs in your DMZ, and don't host a public FTP site on
> your LAN, whether on a DC or member server or standalone server. Keep your
> domain controllers entirely within your LAN, and stick a separate FTP
> server
> in your DMZ (doesn't have to be a Windows box at all), and don't open up
> any
> ports inbound from your DMZ to LAN (although opening up FTP the other way
> around is fine, so your users can transfer files to the FTP server from
> machines within the LAN).
>>
>> When we have just a server that is in a workgroup, its much harder too
>> restore users or have a failover contra a dc
>
> You're asking for major trouble with your existing config from a security
> standpoint
>
>
>>
>> -aa-
>>
>>
>> "Lanwench [MVP - Exchange]"
>> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> skrev i
>> melding news:OPpjWAaCFHA.3436@TK2MSFTNGP12.phx.gbl...
>>> Arne And wrote:
>>>> Hi
>>>>
>>>> I have an Windows 2000 server that is a DC in my DMZ zone. I have
>>>> now installed a new server in the same DMZ zone (windows 2003
>>>> server) that joined my domain.
>>>
>>> Why do you have DCs in your DMZ?
>>>
>>>>
>>>> That worked fine, exept that when am trying to connect to the
>>>> internet my 2003 server cant find any sites.
>>>>
>>>> I dont haft to install a DNS server on my 2003 server when it
>>>> allready is installed on my DC (win2000)?
>>>
>>> No - as long as you point to the correct DNS server in that new
>>> server's IP config. As in, the DC's IP. Can you ping anything on the
>>> Internet by IP? As in, a public DNS server?
>>>>
>>>> I can ping my DC, and my Default Gateway, but not on the internett.
>>>>
>>>> what can I do?
>>>>
>>>> -regards
>>>>
>>>> -AA-
>
>
- Next message: Kevin D. Goodknecht Sr. [MVP]: "Re: Still having trouble removing DNS Server from Domain"
- Previous message: Massimiliano-T: "Re: PTR"
- In reply to: Lanwench [MVP - Exchange]: "Re: DNS and DMZ zone problem"
- Next in thread: Kevin D. Goodknecht Sr. [MVP]: "Re: DNS and DMZ zone problem"
- Reply: Kevin D. Goodknecht Sr. [MVP]: "Re: DNS and DMZ zone problem"
- Reply: Lanwench [MVP - Exchange]: "Re: DNS and DMZ zone problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
