Tricky question in regards to DNS and ISP DNS

August 21, 2007

Hiya all,

I am gonna build a network and this is what its gonna look like(I

hope),

http://i16.tinypic.com/4rafpn7.jpg

PC1 : Windows XP Professional

PC2 : Windows 2003 Server

PC3 : Windows XP Professional

the big question I have now is the following, people here have already

told me I should set up forwarders in my Windows 2003 DNS section, or

just forget about using them and just stick with the root hints

already in there.

But my big issue with this is, my PC2 isn't supposed to be online all

the time, its actually a fileserver that I occasionaly boot so I can

transfer my files to. But the way people here suggested I set it

up(like you can see in the picture), implies that I have PC2 running

at all times.

Every PC on that screenshot has two NIC's, so I can use two UTP cables

on each, so my question really is, is there some way that I can set up

my network in such a way that I still have a properly functioning

domain whilst also having the ability of having PC2 offline and the

rest of the PC's(PC1 and PC3)being able to surf the internet?

I already asked if I could not just do it like this,

http://i10.tinypic.com/4p29gk1.jpg

so to use an alternate DNS for both these clients, and they said this

would cause huge problems and my clients not knowing to what they

should resolve DNS.

So how do I make this work the way I would like?

August 21, 2007

Re: Tricky question in regards to DNS and ISP DNS

hello,

it's ok to have a secondary dns that is your FAI. What is bad is that if

your PC2 is nearly never online, you may experience slow dns resolution

(always trying that offline pc2 before the working one).

If you put the FAI dns primary, then you will always surf great, but will

never have a good domain/dns config.

If this server is always down, you would prefer a simple workgroup instead

of an active directory domain.

--

Cordialement,

Mathieu CHATEAU

http://lordoftheping.blogspot.com

<antiparadox@gmail.com> wrote in message

news:1187721571.424464.304890@a39g2000hsc.googlegroups.com...

> Hiya all,

>

> I am gonna build a network and this is what its gonna look like(I

> hope),

>

> http://i16.tinypic.com/4rafpn7.jpg

>

> PC1 : Windows XP Professional

> PC2 : Windows 2003 Server

> PC3 : Windows XP Professional

>

> the big question I have now is the following, people here have already

> told me I should set up forwarders in my Windows 2003 DNS section, or

> just forget about using them and just stick with the root hints

> already in there.

>

> But my big issue with this is, my PC2 isn't supposed to be online all

> the time, its actually a fileserver that I occasionaly boot so I can

> transfer my files to. But the way people here suggested I set it

> up(like you can see in the picture), implies that I have PC2 running

> at all times.

>

> Every PC on that screenshot has two NIC's, so I can use two UTP cables

> on each, so my question really is, is there some way that I can set up

> my network in such a way that I still have a properly functioning

> domain whilst also having the ability of having PC2 offline and the

> rest of the PC's(PC1 and PC3)being able to surf the internet?

>

> I already asked if I could not just do it like this,

>

> http://i10.tinypic.com/4p29gk1.jpg

>

> so to use an alternate DNS for both these clients, and they said this

> would cause huge problems and my clients not knowing to what they

> should resolve DNS.

>

> So how do I make this work the way I would like?

>

August 21, 2007

Re: Tricky question in regards to DNS and ISP DNS

Well hello there again Mathieu,

Well its not allways offline, but then again it really isn't supposed

to be online all the time, so thats why I was struggling with this

little matter and the suggestions offered here.

But you'r saying there's no way I can take advantage of the two nic's

I have on each PC, maybe in such a way that I set it up like this,

http://i16.tinypic.com/4rafpn7.jpg

but sneakingly also have a second NIC set up that I use for when I

wanna connect to the internet. Then this way I'll only bring online my

LAN nics when I need them and vice versa. So if I wanna use my domain

I disable my internet NIC and activate my LAN nic, and vice versa.

August 21, 2007

Re: Tricky question in regards to DNS and ISP DNS

Hello antiparadox@gmail.com,

Sorry but it's me also again, why will you make so much difficulties? I think

you are very afraid that somebody will break in your network. A lot of routers

has built in firewalls, in the workstations you can install free software

firewalls. Why will you make all this additional work what is not really

necessary. Just have control about your event logs, services you are running

and it will work like a charm without preparing all this additional work

of configuring NIC's and stopping and starting NIC's.

Best regards

Meinolf Weber (Myweb)

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

> Well hello there again Mathieu,

>

> Well its not allways offline, but then again it really isn't supposed

> to be online all the time, so thats why I was struggling with this

> little matter and the suggestions offered here.

>

> But you'r saying there's no way I can take advantage of the two nic's

> I have on each PC, maybe in such a way that I set it up like this,

>

> http://i16.tinypic.com/4rafpn7.jpg

>

> but sneakingly also have a second NIC set up that I use for when I

> wanna connect to the internet. Then this way I'll only bring online my

> LAN nics when I need them and vice versa. So if I wanna use my domain

> I disable my internet NIC and activate my LAN nic, and vice versa.

>

August 21, 2007

Re: Tricky question in regards to DNS and ISP DNS

Well Meinolf, you hit the nail on the head there, I am indeed

extremely paranoid, and I don't just have any router, I have a

professional company router, it cost me about 1000 euro's but thats a

price I gladly payed for good security. In 10 years time I haven't had

a single virus or penetration(nasty word I know but ya know what I

mean), my security knowledge and awareness of things out of the

ordinary is far better than my networking skills, so thats why I was

asking this. Since this is the first time I am using windows 2003

server, I am still on unfamiliar ground in regards to its security,

and one extra PC behind the internet for me is one extra thing to

worry about.

August 21, 2007

Re: Tricky question in regards to DNS and ISP DNS

good security when you don't have time/knowledge:

-Windows update every second tuesday of the month (install them!)

-Antivirus up to date / windows defender once a month

-Firewall up on workstation

-use a non administrator account for daily tasks

-Antiphising on IE 7 may help

--

Cordialement,

Mathieu CHATEAU

http://lordoftheping.blogspot.com

<antiparadox@gmail.com> wrote in message

news:1187731135.627675.324600@r34g2000hsd.googlegroups.com...

> Well Meinolf, you hit the nail on the head there, I am indeed

> extremely paranoid, and I don't just have any router, I have a

> professional company router, it cost me about 1000 euro's but thats a

> price I gladly payed for good security. In 10 years time I haven't had

> a single virus or penetration(nasty word I know but ya know what I

> mean), my security knowledge and awareness of things out of the

> ordinary is far better than my networking skills, so thats why I was

> asking this. Since this is the first time I am using windows 2003

> server, I am still on unfamiliar ground in regards to its security,

> and one extra PC behind the internet for me is one extra thing to

> worry about.

>

August 21, 2007

Re: Tricky question in regards to DNS and ISP DNS

Hello antiparadox@gmail.com,

Ok, I am not a security guy, but if you have configured you're router on

a proper way for security and do not use the server or workstations for browsing,

theire must really be someone outside who is interested to find a way to

break your router first then prepare packets to communicate to your machines,

because the router uses NAT for workstation traffic and so on. Maybe you

can post to the microsoft.public.windows.server.security ng with a question

about configuring security for your network. That can be the better ng for

this kind of question then the sever.general ng.