Re: DNS and AD on same machine
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 4 Aug 2001 16:18:36 -0700
Hiya Tom..
I wasn't trying to make comparative statements (although I seem to have
succeeded), just that my observations have been when the OS creators suggest
a platform as minimum, it's for a reason. I've had more problems in "less
than ideal" configurations that I've solved by "beefing up the machine" than
I can count (ok, so I only get to 20.5).
I've been able to run W2K server on an AMD K6 266 with 128MB, but it
wasn't reliable.
..maybe I'm a hardware snob? ;-)
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, August 04, 2001 10:05 AM
Subject: [isalist] Re: DNS and AD on same machine
http://www.ISAserver.org
Hi Jim,
I don't want to get into the "I've got a smaller d**k than you but I
have more children contest" :-), but I have run Win2k Server and AD on a
Cyrix 133 with 96 MB and RAM, and its still running after 14 months. I
would not install this at a customer's site, but it runs fine for
background DNS stuff.
YMMV,
Tom
www.isaserver.org/shinder
Thomas W Shinder, M.D., MCSE, MCT
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, August 04, 2001 11:52 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: DNS and AD on same machine
http://www.ISAserver.org
Hiya Tom,
I see; ask one question on one board and a different question on
another
board and see which answer suits you best... Shame on Joseph.. :-)
Still, a P1-166, 96MB is not even a supported config for W2K,
regardless
of it's intended job. W2K might work on that box, but it certainly
won't
"run". I have a W2K web server running on an AMD K6-2/500, 256MB with
UW
SCSI and it's slower than I can tolerate some days. I'd end up shooting
Joseph's intended DNS server purely as a mercy killing.
As far as DNS on the AD; that's my preferred config for the
AD-supporting DNS zone. That way, you don't get the chicken-and-egg
issue
of who has to be started first and also avoid potential network
issues...
You only have to make sure that the NetLogon service is dependent on the
DNS
service in that scenario. Otherwise, it's solid as a rock. ..Chevy,
that
is...
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, August 04, 2001 9:32 AM
Subject: [isalist] Re: DNS and AD on same machine
http://www.ISAserver.org
Hi Jim,
I'm going to disagree with you regarding the DNS server configuration.
If you use a Win2k Server that doing nothing else but serve as a very
low volume DNS server, and the DNS server is acting as a Standard
Secondary to a AD Integrated DNS somewhere else, it should work fine. I
mention this because that was the original question posited by Joseph on
the Web Boards.
I agree wholeheartedly with everything else you said :-)
Tom
www.isaserver.org/shinder
Thomas W Shinder, M.D., MCSE, MCT
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, August 04, 2001 11:20 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: DNS and AD on same machine
http://www.ISAserver.org
Inline commentary...
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: cismic
To: [ISAserver.org Discussion List]
Sent: Friday, August 03, 2001 6:11 PM
Subject: [isalist] DNS and AD on same machine
http://www.ISAserver.org
I've been reading though postings to the list about the pro's and con's
of having DNS on the AD machine. I have several questions.
1. Machine wise what is a good configuration i.e. P166 with 96MB with
minimal hits. Would this be a good system
to use for testing etc.
* No, this is not a good machine for W2K server at all, much less an AD.
Get at least a PII-300, 256MB RAM for the AD.
2. If you DNS server is in the DMZ is it still possible to AD enable
DNS so as not to comprimise the internal network?
* You can, but the configuration is a nightmare. The DNS must be a
member of the domain in order to use AD-integration for any zone and
passing Kerberos and NetBIOS through ISA.
3. Is it better to use ROUTE -P ADD x.x.x.1 MASK x.x.x.0 x.x.x.x rather
then use packet filters within the ISA machine?
* No. Never. If you want a router, install RRAS. If you want a
firewall, use ISA. Manual routes are just truck-sized holes in your
firewall.
4. Is it best to place your WEB and SQL servers in the DMZ.
* That's a completely personal preference. You lose
application-awareness through ISA with DMZ traffic, but you gain
isolation.
Thank you,
Joseph
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
