[windows2000] Re: Porn Crazy Users!
- From: "Robert Coffman - Info From Data Corporation" <bcoffman@xxxxxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Fri, 22 Aug 2003 13:11:18 -0400
I think two DNS servers is your best bet, although it is a case of security
through obscurity.
I don't believe the suggestion to use a secondary DNS server will work.
Correct me if I'm wrong, but if a lookup fails on the primary server, it
won't then go to the secondary server to see if it works there. It only
uses the secondary in the event that the primary server is unresponsive.
Re-reading this, i'm not certain that this is what was being suggested, so
ignore this if I'm mistaken!
- Bob Coffman
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]
Sent: Friday, August 22, 2003 12:51 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Porn Crazy Users!
The suggestion about two DNS servers is a good one - I think that might
work. The suggestion about setting the primary DNS to internal and the
secondary to external is not recommended by Microsoft. I don't have the
documentation to prove it handy, but I have seen it and have been told
the same thing by their support services. Microsoft wants all machines
to look at an internal DNS server which forwards out (or uses root
hints). Thanks for all the suggestions.
-----Original Message-----
From: SEspeseth@xxxxxxxx [mailto:SEspeseth@xxxxxxxx]
Sent: Thursday, August 21, 2003 1:25 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Porn Crazy Users!
The other possibility as someone already said was to add the
isp/external dns as a secondary dns only to people that need internet
access. Set your other users to the internal dns, and turn off
forwarding for the internal dns server.
Or put the users on different subnets. Get creative with the sunbet
masking: example inet router ip=10.0.0.1/25 users with inet access have
ip 10.0.0.1-127/24 users without inet access have ip 10.0.0.129-254/24.
The users computers all will talk because they are on the same subnet,
but the router will not respond nicely to the users in the 10.0.0.128+
group because it thinks they ar not local.
http://thethin.net/win2000list.cfm
********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you know,
in most cases, CPU Utilization IS NOT the single biggest constraint to scaling
up?! Get this free white paper to understand the real constraints & how to
overcome them. SAVE MONEY by scaling-up rather than buying more servers.
http://www.rtosoft.com/Enter.asp?ID=148
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
