Re: Web Edition come with DNS services?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

In article <vh7bi35lcv05thpin67346hra839m5dr8t@xxxxxxx>,
spam_narf_spam@xxxxxxxxxxxx says...
In message <MPG.218eff20e2bd343e989741@xxxxxxxxxxxxxxxxx> Leythos
<void@xxxxxxxxxxx> wrote:

In article <eiB1s4bGIHA.5328@xxxxxxxxxxxxxxxxxxxx>,
coraleighmiller@xxxxxxxxx says...
Websites do need DNS to be accessible yes, however many website owners use
external DNS hosting companies to handle this for a very minimal cost
(~$10-$20 per year). Alternatively if you wished to provide your own DNS
service for you website, you could purchase the full Windows Server 2003
Standard edition.. or Windows Server Small Business Edition is a less
expensive alternative and along with DNS provides a few nice extra
components. -give it a look though to see if this is a better fit for you..
http://www.microsoft.com/windowsserver2003/sbs/evaluation/default.mspx


Why would anyone want a public web server to also handle public DNS?

DNS servers should be in the LAN, web servers in the DMZ, if your web
server needs DNS resolution, setup a firewall rule to allow DNS (TCP 53)
from DMZ to LAN IP OF DNS Server.

If you're talking internal LAN DNS, then you're quite correct.

However, if you're talking about an internet facing web server, you need
some sort of DNS service too. This is very often outsourced to your
domain registrar, but there is no practical reason why you need to, if
you have a reasonably skilled DNS admin kicking around and have needs
that exceed your domain registrar's abilities, then it's a very common
and very valid setup.

As it turns out, Windows 2003 Web's DNS server is perfectly capable of
handling this role.

If you can only afford that cheap version of Windows, with limited CPU
support, then my guess is that you're not actually going to purchase a
quality firewall device, proper configuration, and you're going to cheap
out on other things. There is no reason to be running your own public
facing DNS on your Web server also - it's just another point of exposure
to be attacked.

Yes, it "Can" be done, not it's not a best practice.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

Relevant Pages

  • Issues migrating SBS 2003 domain to Server 2008 Standard
    ... We are stuck migrating our SBS 2003 domain to Server 2008. ... Fatal Error:DsGetDcName (SRV-EXCH) call failed, ... Verify your Domain Name Sysytem (DNS) is ... network connectivity to a domain controller. ...
    (microsoft.public.windows.server.sbs)
  • Re: AD management snap in cannot find DC (netdiag /v workstation)
    ... The name.local entries are used by my apache server to implement ... change button, more button, the "Primary DNS suffix of this ... Attr: subschemaSubentry ... Owner of the binding path: ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD management snap in cannot find DC (netdiag /v workstation)
    ... button, more button, the "Primary DNS suffix of this computer", it should ... The Security System could not establish a secured connection with the server ... Attr: subschemaSubentry ... Owner of the binding path: ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD management snap in cannot find DC (netdiag /v workstation)
    ... DNS Host Name: tonyb-pc.imageproc.imageproc.com ... Testing IpConfig - pinging the DHCP Server... ... Attr: subschemaSubentry ... Owner of the binding path: ...
    (microsoft.public.windows.server.active_directory)
  • RE: NT->AD2003 upgrade
    ... server to Windows Server 2003. ... If the existing DNS zones are AD-integrated, ... Method 1: Zone Transfer ... Create a secondary zone on the Windows Server 2003 system for the zone ...
    (microsoft.public.windows.server.migration)