Hiya Tom.. I wasn't trying to make comparative statements (although I seem to have succeeded), just that my observations have been when the OS creators suggest a platform as minimum, it's for a reason. I've had more problems in "less than ideal" configurations that I've solved by "beefing up the machine" than I can count (ok, so I only get to 20.5). I've been able to run W2K server on an AMD K6 266 with 128MB, but it wasn't reliable. ..maybe I'm a hardware snob? ;-) Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, August 04, 2001 10:05 AM Subject: [isalist] Re: DNS and AD on same machine http://www.ISAserver.org Hi Jim, I don't want to get into the "I've got a smaller d**k than you but I have more children contest" :-), but I have run Win2k Server and AD on a Cyrix 133 with 96 MB and RAM, and its still running after 14 months. I would not install this at a customer's site, but it runs fine for background DNS stuff. YMMV, Tom www.isaserver.org/shinder Thomas W Shinder, M.D., MCSE, MCT -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, August 04, 2001 11:52 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: DNS and AD on same machine http://www.ISAserver.org Hiya Tom, I see; ask one question on one board and a different question on another board and see which answer suits you best... Shame on Joseph.. :-) Still, a P1-166, 96MB is not even a supported config for W2K, regardless of it's intended job. W2K might work on that box, but it certainly won't "run". I have a W2K web server running on an AMD K6-2/500, 256MB with UW SCSI and it's slower than I can tolerate some days. I'd end up shooting Joseph's intended DNS server purely as a mercy killing. As far as DNS on the AD; that's my preferred config for the AD-supporting DNS zone. That way, you don't get the chicken-and-egg issue of who has to be started first and also avoid potential network issues... You only have to make sure that the NetLogon service is dependent on the DNS service in that scenario. Otherwise, it's solid as a rock. ..Chevy, that is... Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, August 04, 2001 9:32 AM Subject: [isalist] Re: DNS and AD on same machine http://www.ISAserver.org Hi Jim, I'm going to disagree with you regarding the DNS server configuration. If you use a Win2k Server that doing nothing else but serve as a very low volume DNS server, and the DNS server is acting as a Standard Secondary to a AD Integrated DNS somewhere else, it should work fine. I mention this because that was the original question posited by Joseph on the Web Boards. I agree wholeheartedly with everything else you said :-) Tom www.isaserver.org/shinder Thomas W Shinder, M.D., MCSE, MCT -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, August 04, 2001 11:20 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: DNS and AD on same machine http://www.ISAserver.org Inline commentary... Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: cismic To: [ISAserver.org Discussion List] Sent: Friday, August 03, 2001 6:11 PM Subject: [isalist] DNS and AD on same machine http://www.ISAserver.org I've been reading though postings to the list about the pro's and con's of having DNS on the AD machine. I have several questions. 1. Machine wise what is a good configuration i.e. P166 with 96MB with minimal hits. Would this be a good system to use for testing etc. * No, this is not a good machine for W2K server at all, much less an AD. Get at least a PII-300, 256MB RAM for the AD. 2. If you DNS server is in the DMZ is it still possible to AD enable DNS so as not to comprimise the internal network? * You can, but the configuration is a nightmare. The DNS must be a member of the domain in order to use AD-integration for any zone and passing Kerberos and NetBIOS through ISA. 3. Is it better to use ROUTE -P ADD x.x.x.1 MASK x.x.x.0 x.x.x.x rather then use packet filters within the ISA machine? * No. Never. If you want a router, install RRAS. If you want a firewall, use ISA. Manual routes are just truck-sized holes in your firewall. 4. Is it best to place your WEB and SQL servers in the DMZ. * That's a completely personal preference. You lose application-awareness through ISA with DMZ traffic, but you gain isolation. Thank you, Joseph ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')