Re: when connected to a domain. takes forever to login
From: Ron Lowe (ron-msng_at_{d.e.l.e.t.e.}lowe-family.me.uk)
Date: 09/09/04
- Next message: Hans-Georg Michna: "Re: The net is so close I can taste it 8|"
- Previous message: Ron Lowe: "Re: CANNOT CREATE A CONNECTION"
- In reply to: lost soul: "Re: when connected to a domain. takes forever to login"
- Next in thread: lost soul: "Re: when connected to a domain. takes forever to login"
- Reply: lost soul: "Re: when connected to a domain. takes forever to login"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 9 Sep 2004 09:52:55 +0100
>> You *must* point the clients to the internal DNS that hosts the AD
>> domain.
>> Yes, that will break external ( Internet ) name resolution untill you go
>> configure the internal DNS server to handle that too.
>>
> Thanks,
> My concern is, would this make the w2k server become public on the
> internet?
> It was used for accounting purpose and was intended as an internal server
> only. Somehow the contractor set it as domain controller and I inherited
> all
> the mess. Will using it as DNS server make it vulnerable to hackers since
> it
> doesn't have a firewall? Maybe I'll just buy another server as the
> proxy...How to join a win2003 server to a win2k server?
> (I should have have listened to mom and study medicine)
>
Can I address this in sections:
> My concern is, would this make the w2k server become public on the
> internet?
No, it would not be a Internet-facing DNS server.
It is providing DNS service for internal machines only.
Sure, it needs to make_outbound_ connections to other DNS
servers to query them, but you will not be permitting inbound
connections to you. Your router or firewall will be dropping
any inbound connection attempts to all your LAN except those
which you explicitly permit.
Which brings me to:
> doesn't have a firewall?
Hmm, alarm bells are ringing.
How is it connected to the Internet?
If it's via a broadband router, which provides NAT, then that's not so bad.
That automatically provides stateful inbound firewalling.
This is a common configuration, and is what I expect you would have.
Does the machine have a non-routable IP address ( eg 192.168.x.x )?
That's what the above configuration would give.
If you have a routed subnet of public IP addresses, then you need some form
of firewalling, I'd use a standalone firewall box between the router and
the LAN.
If it's directly conneted, via a modem directly connected to the server,
then again you need some form of firewalling as described above.
In addition to a boreder firewall, you might want to consider host firewalls
on individual machines.
The XP-SP2 windows firewall is perfectly good for this, as are others like
Zone Alarm.
Of your configuration is either a routed subnet of public IP addresses, or a
direct connection, and there is no firewalling, then you are seriously
exposed and you need to bet a firewall installed.
An exposed DNS service would be the least of your worries in this case.
-- Best Regards, Ron Lowe MS-MVP Windows Networking
- Next message: Hans-Georg Michna: "Re: The net is so close I can taste it 8|"
- Previous message: Ron Lowe: "Re: CANNOT CREATE A CONNECTION"
- In reply to: lost soul: "Re: when connected to a domain. takes forever to login"
- Next in thread: lost soul: "Re: when connected to a domain. takes forever to login"
- Reply: lost soul: "Re: when connected to a domain. takes forever to login"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
