Re: .local and .com
From: Dana Brash (dbrash_at_gmail.com)
Date: 11/07/04
- Next message: CiD: "DNS issue"
- Previous message: Craig: "Re: Event Viewer DNS error question"
- In reply to: Douglas Merrill: ".local and .com"
- Next in thread: William Stacey [MVP]: "Re: .local and .com"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 7 Nov 2004 21:41:25 +0800
Hi Douglas,
I would NOT recommend using the .local namespace, but to use create a
sub-namespace of your publicly registered namespace. e.g.
office.company.com. This is particularly helpful for mobile users so
they're not switching back and forth between exchange.company.local and
mail.company.com depending on their location.
Split DNS ~ For running internal network in same namespace as internet
presence
http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.
Note that "This is not a recommended configuration" but does come in handy
when you're already built up this way..
Active Directory, ADSI and Directory Services Technical Articles
Microsoft Windows 2000 Namespace Design ~ A more thorough Discussion
Regarding your question about allowing external users to send you email and
view your website, you'll have public DNS records that will point to your
public IP. So your ISP will host DNS for www.company.com and an MX record
for mail.company.com. Both these records will point at the public side
(STATIC!) IP on your firewall, and your firewall/router will manage
directing http/s (80/443)and smtp(25) traffic to the correct internal server
for service by using port mapping.
Steve makes very solid security recommendations, and I'd like to add one
more: hosting web services and mail on your Domain Controller is like
painting a target on your forehead. DC's shouldn't be exposed to that sort
of traffic for any reason. If you are really limited in hardware, DC's
generally don't need to be too powerful, get a high-end desktop class box
and build it up instead. You're exposing your entire Active Directory to
the internet otherwise. Not only will hackers and viruses have a field day,
you're users should have to wait for web requests before they can
authenticate and access resources internally.
-- HTH, =d= Dana Brash MCSE, MCDBA, MCSA dbrash@NOSPAM.gmail.com "Douglas Merrill" <DouglasMerrill@discussions.microsoft.com> wrote in message news:79269967-D398-46D7-99E3-0733E8C267CF@microsoft.com... > My question(s) are regarding .local vs. .com > > We will be implementing a Windows Small Business 2003 Server using > Exchange > and IIS. > > We have already registered "mycompany.com" and services such as e-mail and > web hosting are currently be hosted by a third-party hosting company. We > would like to bring these services in-house. I know we will have to > contact > the company that manages the "mycompany.com" DNS record and have them make > changes to the MX and A Records to point to our public IP address. > > After reading other posts and researching on the Microsoft web site it is > recommended to use a private/internal domain name such as mycompany.local > vs. > mycompany.com for security and name resolution issues since we are not > hosting our own public name servers. > > If we configure our server to use "mycompany.local" how will we go about > configuring DNS on our server to: > > 1. Use our "mycompany.com" domain for hosting e-mail and web services > in-house (on our "mycompany.local" domain controller) and allow outside > users > to send us e-mail and view our web site? > > 2. Allow our internal users to access "mycompany.com" and other external > domains when they are configured to use the "mycompany.local" DNS server. > > Any advise would be appreciated.
- Next message: CiD: "DNS issue"
- Previous message: Craig: "Re: Event Viewer DNS error question"
- In reply to: Douglas Merrill: ".local and .com"
- Next in thread: William Stacey [MVP]: "Re: .local and .com"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
