Re: DNS Setup


"Jamie" <Jamie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:91BD3AC1-F668-4296-9610-9060C91F591F@xxxxxxxxxxxxxxxx
Well that brings up another question. With the size of this network the
server has many hats. It acts as everything. It is the DC, the DNS, file
server, print server, backup server, ect, ect. Is this still the best way
to
proceed?

Is which "this" the best way?

Having everything on one server? No, not
necessarily but sometimes that is all you can afford.

Having a "forwarder"? Yes, the more stuff on your server (the more
critical and sensitive it is) then the more you need to protect it and
a forwarder eliminates the need for that sensitive server to visit the
Internet.

You really should have a second DC if you can affor it, or you MUST
make backups regularly AND TEST them.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

"Herb Martin" wrote:


"Jamie" <Jamie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BB4E04BA-3A7F-41D0-B21A-39D144ABEC20@xxxxxxxxxxxxxxxx
I really appreciate all the help. Are forwarders standard in setting up
DNS
servers? I have setup a few networks and never used a fowarder.

They are a standard option but not absolutely necessary to many networks.

Forwarders serve two major functions:

1) Performance (consolidating cache, avoiding trips across WAN lines,
using server [e.g., ISP] closest to the Internet backbone.)

2) Security -- when internal sensitive DNS servers either cannot (due
to firewalls) or must not (due to security policy) visit the
entire
Internet. (We really don't won't our DNS, especially our
DNS-DCs
visiting "EvilHackersRus.com", right?)


--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)





.

Relevant Pages

  • Re: Urgent! New router and big disaster
    ... The SBS DNS server, running on ... its IP it means that your problem is now DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot connect to RWW from home PC
    ... DNS stuff says your mail server is responding with reply that is not MS ... When we setup this new SBS2003 setup we installed without ISA as it does ... not seeing any problems anywhere regards internet or email - we also run ...
    (microsoft.public.windows.server.sbs)
  • Re: Non-domain connection problem
    ... For some reason the DNS is persistent. ... connect new PC to the internet from the non-domain network: ... In server 2000 gpoedit.msc showed them but in SBS it is different. ...
    (microsoft.public.windows.server.sbs)
  • Re: resolve incorrect IP from RRA server.
    ... dynamic address, 10.5.101.123 from DHCP server. ... This is because the addtional DNS records that get registered cause major problems with AD functionality, especially the additional IPs registered by RRAS. ... However, if you choose to keep RRAS on the DC, then you have to force DNS to only register the internal static interface, and no others. ... If it is the internet gateway, it is recommended to purchase an inexpensive, or cable/DLS router, or even better, a Cisco or similar firewall to perform the task, which if it is compromised by an internet attacker remotely, can further compromise the rest of the internal network. ...
    (microsoft.public.windows.server.dns)
  • Re: Urgent! New router and big disaster
    ... Even a single-NIC configuration should have ONLY the LAN IP of the server as ... Then you can run the CEICW or use the DNS console to enter ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)
Loading