Re: DNS and AD on same machine

• From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 4 Aug 2001 11:32:20 -0500

Hi Jim,

I'm going to disagree with you regarding the DNS server configuration.
If you use a Win2k Server that doing nothing else but serve as a very
low volume DNS server, and the DNS server is acting as a Standard
Secondary to a AD Integrated DNS somewhere else, it should work fine. I
mention this because that was the original question posited by Joseph on
the Web Boards.

I agree wholeheartedly with everything else you said :-)

Tom
www.isaserver.org/shinder
 

Thomas W Shinder, M.D., MCSE, MCT

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, August 04, 2001 11:20 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: DNS and AD on same machine


http://www.ISAserver.org


Inline commentary...

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message ----- 
From: cismic 
To: [ISAserver.org Discussion List] 
Sent: Friday, August 03, 2001 6:11 PM
Subject: [isalist] DNS and AD on same machine


http://www.ISAserver.org


I've been reading though postings to the list about the pro's and con's
of having DNS on the AD machine.  I have several questions.
 
1.  Machine wise what is a good configuration i.e. P166 with 96MB  with
minimal hits. Would this be a good system
     to use for testing etc.
* No, this is not a good machine for W2K server at all, much less an AD.
Get at least a PII-300, 256MB RAM for the AD.
 
2.  If you DNS server is in the DMZ  is it still possible to AD enable
DNS so as not to comprimise the internal network?
* You can, but the configuration is a nightmare.  The DNS must be a
member of the domain in order to use AD-integration for any zone and
passing Kerberos and NetBIOS through ISA.
 
3.  Is it better to use ROUTE -P ADD x.x.x.1 MASK x.x.x.0 x.x.x.x rather
then use packet filters within the ISA machine?
* No.  Never.  If you want a router, install RRAS.  If you want a
firewall, use ISA.  Manual routes are just truck-sized holes in your
firewall.
 
4.  Is it best to place your WEB and SQL servers in the DMZ.
* That's a completely personal preference.  You lose
application-awareness through ISA with DMZ traffic, but you gain
isolation.
 

Thank you,

Joseph 
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » DNS and AD on same machine
• » Re: DNS and AD on same machine
• » Re: DNS and AD on same machine
• » Re: DNS and AD on same machine
• » Re: DNS and AD on same machine
• » Re: DNS and AD on same machine
• » Re: DNS and AD on same machine

1. Home
2. isalist
3. Archive
4. 08-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---