Re: DNSReport w/ Hosting Your Own DNS
- From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
- Date: Sun, 30 Jul 2006 13:01:51 +1000
not quite true Cris, that bit about MVP's not hosting, I host several sites
on my LoungeAN (and yes, all sites are directly 'owned' by my company or SBS
users (eg, my sister's personal site)).
Thing is, I'm aware of the risks, monitor the server daily, patch as soon as
something comes out and gets tested,,, basically I nurse the baby every day.
The cost of this form of monitoring for most SBS users would be extreme.
I also accept the impact this has on my 'home style' internet connection.
I wouldn't dream of attempting to run public DNS. I don't satisfy the
'diverse location' nor 'diverse connection' criteria, and outsourcing it to
someone who does is as near free as possible.
"Cris Hanna (SBS-MVP)" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:ejzwfDNsGHA.1512@xxxxxxxxxxxxxxxxxxxxxxx
Nathan
I'm going to sumarize whats been said here because it does not appear that
the message is clear
1. While it is permissible on an SBS server to host a website directly
related that company's business, it is not advisable.
2. The EULA clearly prohibits hosting websites for others on yours/a
clients SBS server
The security risks to hosting a website on the server which does your
company's primary business is very well documented in numerous places..I'm
sure you can google for yourself.
Large companies of world renown would never host a website on the First
Server at the root of the Active Directory Forest. They may very well put
a server in their DMZ and host their website. And they will have multiple
DNS servers.
This small business can spend 5.00 a month to host their site on
Godaddy.com, have redundant DNS, have their business network much more
secure and so forth
None of the MVPs with the exception of smallbizserver.net in the Netherlands
is hosting a website on their SBS servers.
So I don't think you are gonna get the answers you are looking for...sorry
--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so all
can take advantage
"Nathan" <Nathan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:680A5E42-5582-4A80-95AD-2C91CA38F8A5@xxxxxxxxxxxxxxxx
Hi Susan, long time reader, always a student.
I've seen that point of ports being open a risk a lot with hardly a reason
to go along with it.
It's my impression that an open port means nothing if there is nothing
listening on the other side (53/dns, 80/iis, 21/ftp, 25/smtp, 23/telnet)
and
even then it's how the listener handles the info.
IIS in the past with the worm issues were a problem only because a bug was
exploited. Same with sql and I'm sure it won't be the last. (I can't think
of
any Microsoft dns related problems).
Then comes ISA which goes through the data before it comes into the
destination listening app. Though I'll admit, ISA in itself won't be able
to
protect from a worm using a "valid" GET request to IIS that exploits a
bug.
I'll refer everyone to Murphy's Law.
This small biz needs to use it's own dns for automated purposes.
While this conversation is very valuable, it doesn't answer the Virtual
Server setup question, nor the original title post about DNSReport
results.
Though, I will grant that if DNS is being hosted at a provider then the
DNSReport will have no bearing here.
Thanks for the input. I'm still looking for solutions.
Nathan
"Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:
> In a small firm there is no need to host your own DNS....it just doesn't
> make any sense when there's no need for the SBS box to do it.
>
> The issue is risk. Every port you open is a risk. Port 80 is one of
> the most sniffed/pinged/nailed ports out there. Normally in big server
> land they do everything they can to isolate that domain controller...
> and what do we do? Want to put it, open ports and the kitchen sink
> right out there on the nasty ol' Internet.
>
> So do you care about the data on that server? The only open the minimum
> amount of ports you need. Small businesses don't need port 53
> open..there's no need, it gives you no advantages when you can just use
> DNS info from your ISP when needed, and it adds risk and complexity.
.
- Prev by Date: IBM Ultrium 3 (LTO 3) driver installation issues
- Next by Date: Re: rpc for http
- Previous by thread: IBM Ultrium 3 (LTO 3) driver installation issues
- Next by thread: Re: rpc for http
- Index(es):
Relevant Pages
|
Loading
