Re: Public DNS names for SBS 2K3 - Question

From: Microsoft (jspam_at_bobcatridge.com)
Date: 02/22/04 

Date: Sun, 22 Feb 2004 12:23:18 -0800

David,
I found the document at:
http://members.microsoft.com/partner/premium/solutions/infotech/SmallITSolution.aspx

This site requires that you register as a Partner, it is free and easy.

Jeff.
"Dave Hibbeln" <santaclaws@nospam.net> wrote in message
news:%23CObMLM%23DHA.3488@tk2msftngp13.phx.gbl...
> Jeff,
> In what document did you find these recommendations for DNS names.
> They make sense and are similar what I setup in my external DNS.
> I am curious to read the MS text.
> I did not find any references to DNS naming conventions in the SBS2003
help
> files.
>
> Regards,
> David R. Hibbeln
>
> "Tony Su" <anonymous@discussions.microsoft.com> wrote in message
> news:137e901c3f784$0735dca0$a401280a@phx.gbl...
> > If that is exactly what the Small IT Solutions document
> > says, it should be modified slightly... When configuring
> > CNAMES, you don't map a name to an IP address, you map an
> > alias name to an existing A hostname record.
> >
> > Let's see if I can explain this simply...
> >
> > Each of the suggested names (they are only suggestions)
> > relate to different functions and reasons why someone
> > might connect to your server. Personally, I would probably
> > recommend "www" instead of "portal" because people are
> > more familiar with "www" although "portal" is more
> > descriptive.
> >
> > The reason why the CNAMEs are recommended is that it might
> > make more sense to a User to connect a vpn
> > using "vpn.business.com" instead of "portal.business.com"
> >
> > I have one customer who doesn't need all those CNAMES,
> > they understand the concept that they can
> > use "www.business.com" for <all> connections... web, ftp,
> > vpn, everything.
> >
> > In other words, all the name does (any name) is simply map
> > to an IP address. Depending on what protocol/service
> > you're using, if you are using standard ports, the port is
> > automatically configured and is not specially defined. If
> > you are connecting to a service on a non-standard port
> > (like Companyweb on port 444), then you need to specify
> > that port regardless what name you use (remembering again
> > that DNS only maps names to IP addresses, never specifying
> > ports).
> >
> > Tony Su
> >
> >
> >
> >
> >
> > >-----Original Message-----
> > >Hi,
> > >As per SBS's help file, I have opened up the following
> > ports on my Cisco
> > >firewall and routed them to the same port on the SBS
> > server.
> > >
> > >Service Port Protocol
> > >----------- ---- ---------
> > >web 80 TCP
> > > 443 TCP
> > >remote desktop 4125 TCP
> > >PPTP VPN 1723 TCP
> > >Mail 25 TCP
> > >FTP 21 UDP
> > >SharePoint 444 TCP
> > > 3389 TCP
> > >
> > >In the 'Small IT Solutions, Small Business Service's
> > document it recommends
> > >a number DNS records be created. For example it
> > recommends:
> > >
> > >FQDN Record
> > Type IP
> > >Address
> > >------------------- -----------
> > ---- ------
> > >--------------
> > >Businessname.com MX
> > Record Static IP
> > >on firewall
> > >portal.businessname.com A
> > Record Static IP
> > >on firewall
> > >remote.businessname.com CNAME Record
> > Static IP on
> > >firewall
> > >mail.businessname.com CNAME Record
> > Static IP on
> > >firewall
> > >vpn.businessname.com CNAME Record
> > Static IP on
> > >firewall
> > >companyweb.businessname.com CNAME Record Static
> > IP on firewall
> > >
> > >I think I understand the first two names, MX Record and A
> > Record
> > >respectively. My question is about the use of the rest
> > of the list. Since
> > >each one points to the same IP address, I guess the only
> > difference would be
> > >what port the traffic comes in on. So, what is the
> > proper use of the
> > >remote, mail, vpn, and companyweb names? On my client
> > machine where would I
> > >use these names?
> > >
> > >I hope this is not too silly a question....
> > >
> > >Jeff.
> > >
> > >
> > >.
> > >
>
>

Relevant Pages

  • Re: Issue with port blocking on public DNS server
    ... I am talking about the "Destination Ports" in the "Responses to local DNS ... names (other then the domain names in my own DNS server) on the servers. ... Filtering outbound requests on port 53 FROM the DNS to the Internet ...
    (microsoft.public.windows.server.dns)
  • Re: Connecting to Linux machine remotely
    ... The way to connect to a machine from a remote location is via ssh. ... want to connect from which queries the dns server of my ISP every 5 min ... ]> need you can forward tcp ports through ssh. ...
    (comp.os.linux.networking)
  • Re: iptables, NAT, DNS & Dan Kaminsky
    ... in RFC-compliant DNS caching servers the successful execution of which ... I.e. boxes within the NATted LAN which use ... random UDP ports are secure and neither the 2.4.x nor the 2.6.x series ...
    (Linux-Kernel)
  • Re: After DNS update: critical services being blocked from listening on standard TCP/IP ports
    ... DNS service listening on ports that other services require. ... I also observed this behaviour on our SBS after the July DNS updates, ... 'MaxUserPort' registry value is set* (see: ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote desktop over vpn
    ... >>90% of people, when configuring a VPN, configure it wide open, all ports ... Jeff, how many corporate VPN's have you had experience with? ... protocols required for a typical corporate workstation to do a domain log ...
    (comp.security.firewalls)