AD domain name = Net domain name

Discussion in 'Active Directory' started by gpharr, Jan 5, 2004.

  1. gpharr

    gpharr Guest

    We first setup a web presence about the time when Windows
    2000 Server came out. Without knowing any better, we
    named our AD domain the same thing as our internet domain
    name [e.g. AD name is domain.com ; web address is
    http://www.domain.com]. That seemed to be what the wizard
    in W2K Server suggested!? Now I am hearing that this is a
    security issue and am wondering [1] is it really a
    security issue now that we have upgraded all servers to
    W2K3 Server and [2] if it is, how do I fix it? We have 2
    DC's running W2K3. One of them also runs Exchange 2003.
    We also host our own website on a member server also
    running W2K3. Our workstations [13] run either W2K Pro or
    XP Pro.

    Any advice is greatly appreciated!
     
    gpharr, Jan 5, 2004
    #1
    1. Advertisements

  2. gpharr

    Chriss3 Guest

    I will try to answer your questions.

    1. The Security issue is if you use same internal dns server, as external.
    the Security issue is if you publish the Active Directory Integrated Dns
    zone to the internet.
    if you have an internal dns server for your network and one external dns
    server for your webhostning. the name doesn't make senesce.
    2. I will recommend to have one external and one internal dns. or let an ISP
    serve the external DNS
     
    Chriss3, Jan 5, 2004
    #2
    1. Advertisements

  3. gpharr

    garyp Guest

    I have 2 internal DNS servers that are AD integrated but
    do NOT publish externally. Our router/firewall device
    uses the ISP DNS servers to look up web addresses. Our
    ISP DNS server points to our external public IP [our
    router] and the router forwards all packets on port 80 to
    the web server only. Our internal DNS server uses an
    Alias (Cname) record to point to the webserver also. We
    do this because we host 2 sites on one server.

    Good or bad setup??? TIA.
     
    garyp, Jan 6, 2004
    #3
  4. gpharr

    Chriss3 Guest

    Good Setup.. That is a recommend solution of the best practices

    --
    Regards,

    Christoffer Andersson
    No email replies please - reply in the newsgroup

    http://www.itsystem.se/employers.asp?ID=1

     
    Chriss3, Jan 6, 2004
    #4
  5. gpharr

    garyp Guest

    Thank you so much for your feedback. I feel better now ;)

    Gary
     
    garyp, Jan 7, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.