|
|
Our Hot Pick: Rising Antivirus 2006 - Certified by TUV & Checkmark! Get 10% discount by entering this coupon code: ONDISCOUNT10
I have read many folks saying not to use a .com domain when setting up a
2003 SBS. However I did one 2 years ago and never saw any problems (did it
before reading).
I now need to do another for a new company. Can somebody give any valid
reasons why I shouldn't use domain.com?
Thanks
Ryan
|
|
Because most companies will use thier company name as their domain name and
also their company website uses companyname.com. So if were working at ABC
our website most likely will be called www.abc.com thus creating a problem
if I name my domain abc. Also .com, .net, etc.... are mostly used for
websites and not domain. Thus the default choice when installing SBS is
..local.
"Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] >I have read many folks saying not to use a .com domain when setting up a
>2003 SBS. However I did one 2 years ago and never saw any problems (did it
>before reading).
>
> I now need to do another for a new company. Can somebody give any valid
> reasons why I shouldn't use domain.com?
>
> Thanks
> Ryan
>
|
|
Ryan Strange <ryan[ at ]controlbynet.com> wrote:
[Quoted Text] > I have read many folks saying not to use a .com domain when setting
> up a 2003 SBS. However I did one 2 years ago and never saw any
> problems (did it before reading).
>
> I now need to do another for a new company. Can somebody give any
> valid reasons why I shouldn't use domain.com?
>
> Thanks
> Ryan
Well, if your internal/AD-integrated DNS is whatever.com, it will (rightly)
think itself authoritative for whatever.com.
So, an internal user trying to access something *external* on whatever.com
(e.g., the publicly hosted website) won't be able to get there, as your
internal DNS server will not be able to find it on your internal network.
You could create a host called www in your internal DNS, and provide the IP
for the public website, but if you have a shared web hosting account, you
may not have a static IP. This is just one example.
It's generally easier just to use something else. I generally use .local
(presuming there are no older Macs on the network), but you could also use
internal.whatever.com - this is more of a preference issue than anything
else.
|
|
See "The Domain Name System name recommendations for Small Business Server
2000 and Windows Small Business Server 2003"
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b296250
"Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] >I have read many folks saying not to use a .com domain when setting up a
>2003 SBS. However I did one 2 years ago and never saw any problems (did it
>before reading).
>
> I now need to do another for a new company. Can somebody give any valid
> reasons why I shouldn't use domain.com?
>
> Thanks
> Ryan
>
|
|
turn the question on it's head, why would you name your AD to be in public
namespace?
The question has very little to do with SBS vs anything else.
"Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] >I have read many folks saying not to use a .com domain when setting up a
>2003 SBS. However I did one 2 years ago and never saw any problems (did it
>before reading).
>
> I now need to do another for a new company. Can somebody give any valid
> reasons why I shouldn't use domain.com?
>
> Thanks
> Ryan
>
|
|
Ok, I do not see an issue with naming your domain AD the same as a public
domain name that you own.
If your public domain was ABC.COM and you wanted your Active Directory
Domain to also be ABC.COM you can do so. The conflicts will exist as the AD
DNS will not have the (A) records for your domain WWW. This can be solved
simply by just adding it. Same goes for any other (non-conflicting with
internal network resources).
User should have an understanding that to access a web page you mostly go to
http://www. Or https://secure. And so on.
"SuperGumby [SBS MVP]" <not[ at ]your.nellie> wrote in message
news:O%23cz0VcsHHA.4788[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > turn the question on it's head, why would you name your AD to be in public
> namespace?
>
> The question has very little to do with SBS vs anything else.
>
> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
> news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
>>I have read many folks saying not to use a .com domain when setting up a
>>2003 SBS. However I did one 2 years ago and never saw any problems (did
>>it before reading).
>>
>> I now need to do another for a new company. Can somebody give any valid
>> reasons why I shouldn't use domain.com?
>>
>> Thanks
>> Ryan
>>
>
>
|
|
Lanwench [MVP - Exchange] wrote:
[Quoted Text] > It's generally easier just to use something else. I generally use .local
> (presuming there are no older Macs on the network), but you could also use
> internal.whatever.com - this is more of a preference issue than anything
> else.
A side note on this: I use in.whatever.com as my own AD domain name, but
I've noticed a problem when using RWW to connect to a Vista client where
the vista login screen shows the user name of the currently logged in
user as "in\stephen" instead of "whatever\stephen". I have to click
"other user" and type in whatever\stephen to unlock the session. Is this
an RWW or Vista bug?
-- stephen
|
|
stephen <stephen[ at ]nospam.nodomain> wrote:
[Quoted Text] > Lanwench [MVP - Exchange] wrote:
>> It's generally easier just to use something else. I generally use
>> .local (presuming there are no older Macs on the network), but you
>> could also use internal.whatever.com - this is more of a preference
>> issue than anything else.
>
> A side note on this: I use in.whatever.com as my own AD domain name,
> but I've noticed a problem when using RWW to connect to a Vista
> client where the vista login screen shows the user name of the
> currently logged in user as "in\stephen" instead of
> "whatever\stephen".
And WHATEVER is the NetBIOS name of your domain?
> I have to click "other user" and type in
> whatever\stephen to unlock the session. Is this an RWW or Vista bug?
>
> -- stephen
Try via UPN (username[ at ]in.whatever.com) - I suspect Vista is the culprit, if
this works fine on XP clients.
|
|
you're still thinking 'why not?', think 'why?'.
Why would I wish to give a public name to a private resource?
SO OK, you do name the AD company.com, and make an A record for www on the
externally hosted service, and your hosting company decide to move your site
to another server. Everyone on the planet is immediately aware of the change
(except those behind caching DNS servers) _except_ you, you have to manually
update your records because you are running your own 'copy' of a DNS zone
which in reality is owned by the hosting company's DNS server. You have told
your AD DNS it is SOA for a zone it is not the owner of.
SO OK, we take ownership of the zone. WHY??? Why would I wish to have people
querying DNS through my internet connection when my hosting company has a
big fat server on a big fat pipe with a security team monitoring it.
The question went to some general windows groups as well as SBS, but it is
SBS, indicating a smaller company. Is such a company going to have
independent internet connections and physically seperate locations to run
the minimum desirable 2 DNS servers? Does such a company really need to
learn about split horizon DNS?
HECK, even in 'enterprise' space, do I want the headache? When I can leave
it under the control of my web hosting service for less cost per year than a
days wages for one of my engineers?
Not 'why can't we?', not 'I can deal with the issues', not 'let's fool our
system', why do it?
Even in the case of internal resources being accessible by public names (eg.
you may want to host your own web pages, which I again think is silly) the
internal name of the server does not normally matter. You have a firewall
accepting public connections and forwarding them to the internal resource.
"Mr. Smith" <mrsmith[ at ]boxen.homeip.net> wrote in message
news:eAWF5xcsHHA.4324[ at ]TK2MSFTNGP03.phx.gbl...
[Quoted Text] > Ok, I do not see an issue with naming your domain AD the same as a public > domain name that you own. > > If your public domain was ABC.COM and you wanted your Active Directory > Domain to also be ABC.COM you can do so. The conflicts will exist as the > AD DNS will not have the (A) records for your domain WWW. This can be > solved simply by just adding it. Same goes for any other (non-conflicting > with internal network resources). > > User should have an understanding that to access a web page you mostly go > to http://www. Or https://secure. And so on. > > > > > "SuperGumby [SBS MVP]" <not[ at ]your.nellie> wrote in message > news:O%23cz0VcsHHA.4788[ at ]TK2MSFTNGP05.phx.gbl... >> turn the question on it's head, why would you name your AD to be in >> public namespace? >> >> The question has very little to do with SBS vs anything else. >> >> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message >> news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl... >>>I have read many folks saying not to use a .com domain when setting up a >>>2003 SBS. However I did one 2 years ago and never saw any problems (did >>>it before reading). >>> >>> I now need to do another for a new company. Can somebody give any valid >>> reasons why I shouldn't use domain.com? >>> >>> Thanks >>> Ryan >>> >> >> > >
|
|
couldn't sleep so here's reason no.2 why not.
Fred James started the company, called it Fred James Enterprises, fje.com,
so that's what we called the AD. Fred's now retired because Bob Smith bought
him out, now we have to rename the AD.
"Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] >I have read many folks saying not to use a .com domain when setting up a
>2003 SBS. However I did one 2 years ago and never saw any problems (did it
>before reading).
>
> I now need to do another for a new company. Can somebody give any valid
> reasons why I shouldn't use domain.com?
>
> Thanks
> Ryan
>
|
|
couldn't sleep so here's reason no.3 why not.
We are a successful company, we run company.com. Most of our success is due
to our widgets, we also run widget.com. Our development team are good too,
they've invented a new kind of widget, the widget2, so we're gonna run up
widget2.com.
What is the correct name for our AD?
"Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] >I have read many folks saying not to use a .com domain when setting up a
>2003 SBS. However I did one 2 years ago and never saw any problems (did it
>before reading).
>
> I now need to do another for a new company. Can somebody give any valid
> reasons why I shouldn't use domain.com?
>
> Thanks
> Ryan
>
|
|
Lanwench [MVP - Exchange] wrote:
[Quoted Text] > stephen <stephen[ at ]nospam.nodomain> wrote:
>> Lanwench [MVP - Exchange] wrote:
>>> It's generally easier just to use something else. I generally use
>>> .local (presuming there are no older Macs on the network), but you
>>> could also use internal.whatever.com - this is more of a preference
>>> issue than anything else.
>> A side note on this: I use in.whatever.com as my own AD domain name,
>> but I've noticed a problem when using RWW to connect to a Vista
>> client where the vista login screen shows the user name of the
>> currently logged in user as "in\stephen" instead of
>> "whatever\stephen".
>
> And WHATEVER is the NetBIOS name of your domain?
Yes.
>
>> I have to click "other user" and type in
>> whatever\stephen to unlock the session. Is this an RWW or Vista bug?
>>
>> -- stephen
>
> Try via UPN (username[ at ]in.whatever.com) - I suspect Vista is the culprit, if
> this works fine on XP clients.
I can logon as stephen[ at ]in.whatever.com and whatever\stephen, but if I
disconnect from RWW and reconnect, the current user is shown as
in\stephen and I can't logon with that.
The reason I suspected that this is an RWW issue is that I only see it
when using RWW. If I lock my session in vista directly, then the logon
screen correctly shows whatever\stephen as the current user.
It's a bug I can live with though.
-- stephen
|
|
IMO it's basically Short Sighting the whole Business!
Assuming today is going to be the same as tomorrow
And IMO assuming that is not a good idea.
*Unless of course you like to cause problems for clients in the future,
which I know is some IT People's Goal.
To change from .com to a .lan is only a three letter difference sure.
but it can mean a lot of work in the future, and issues has Gumby says.
And My goal is to cause less headaches for clients, not more!
Russ
--
Russell Grover
SBITS.Biz
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
support [ at ] SBITS.Biz
Remote SBS2003 Support
http://www.SBITS.Biz
"SuperGumby [SBS MVP]" <not[ at ]your.nellie> wrote in message
news:eoYOPkdsHHA.536[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > couldn't sleep so here's reason no.3 why not.
>
> We are a successful company, we run company.com. Most of our success is
> due to our widgets, we also run widget.com. Our development team are good
> too, they've invented a new kind of widget, the widget2, so we're gonna
> run up widget2.com.
>
> What is the correct name for our AD?
>
> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
> news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
>>I have read many folks saying not to use a .com domain when setting up a
>>2003 SBS. However I did one 2 years ago and never saw any problems (did
>>it before reading).
>>
>> I now need to do another for a new company. Can somebody give any valid
>> reasons why I shouldn't use domain.com?
>>
>> Thanks
>> Ryan
>>
>
>
|
|
|
[Quoted Text] > And My goal is to cause less headaches for clients, not more!
Unless they're billable hours.
--
GaryK
"Russ Grover (SBITS.Biz)" <support[ at ]REMOVETHIS.SBITS.Biz> wrote in message
news:OsLxJhesHHA.1416[ at ]TK2MSFTNGP06.phx.gbl...
> IMO it's basically Short Sighting the whole Business!
>
> Assuming today is going to be the same as tomorrow
>
> And IMO assuming that is not a good idea.
> *Unless of course you like to cause problems for clients in the future,
> which I know is some IT People's Goal.
>
> To change from .com to a .lan is only a three letter difference sure.
> but it can mean a lot of work in the future, and issues has Gumby says.
>
> And My goal is to cause less headaches for clients, not more!
>
> Russ
>
> --
>
> Russell Grover
> SBITS.Biz
> Microsoft Certified Small Business Specialist.
> MCP, MCPS, MCNPS, (MCP-SBS)
> support [ at ] SBITS.Biz
> Remote SBS2003 Support
> http://www.SBITS.Biz
>
>
> "SuperGumby [SBS MVP]" <not[ at ]your.nellie> wrote in message
> news:eoYOPkdsHHA.536[ at ]TK2MSFTNGP06.phx.gbl...
>> couldn't sleep so here's reason no.3 why not.
>>
>> We are a successful company, we run company.com. Most of our success is
>> due to our widgets, we also run widget.com. Our development team are good
>> too, they've invented a new kind of widget, the widget2, so we're gonna
>> run up widget2.com.
>>
>> What is the correct name for our AD?
>>
>> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
>> news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
>>>I have read many folks saying not to use a .com domain when setting up a
>>>2003 SBS. However I did one 2 years ago and never saw any problems (did
>>>it before reading).
>>>
>>> I now need to do another for a new company. Can somebody give any valid
>>> reasons why I shouldn't use domain.com?
>>>
>>> Thanks
>>> Ryan
>>>
>>
>>
>
>
|
|
Well I work on Billable hours
however, to Create WORK is never my intent.
I'm Currently Arguing with a Client now to spend $500 now so in 3 months
it's not $3,000.00
UGH!
Russ
--
Russell Grover
SBITS.Biz
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
support [ at ] SBITS.Biz
Remote SBS2003 Support
http://www.SBITS.Biz
"Gary Karasik" <gkarasik[ at ]fea.net> wrote in message
news:uAQyp8esHHA.1416[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] >> And My goal is to cause less headaches for clients, not more! > > Unless they're billable hours. > > -- > > GaryK > > > "Russ Grover (SBITS.Biz)" <support[ at ]REMOVETHIS.SBITS.Biz> wrote in message > news:OsLxJhesHHA.1416[ at ]TK2MSFTNGP06.phx.gbl... >> IMO it's basically Short Sighting the whole Business! >> >> Assuming today is going to be the same as tomorrow >> >> And IMO assuming that is not a good idea. >> *Unless of course you like to cause problems for clients in the future, >> which I know is some IT People's Goal. >> >> To change from .com to a .lan is only a three letter difference sure. >> but it can mean a lot of work in the future, and issues has Gumby says. >> >> And My goal is to cause less headaches for clients, not more! >> >> Russ >> >> -- >> >> Russell Grover >> SBITS.Biz >> Microsoft Certified Small Business Specialist. >> MCP, MCPS, MCNPS, (MCP-SBS) >> support [ at ] SBITS.Biz >> Remote SBS2003 Support >> http://www.SBITS.Biz>> >> >> "SuperGumby [SBS MVP]" <not[ at ]your.nellie> wrote in message >> news:eoYOPkdsHHA.536[ at ]TK2MSFTNGP06.phx.gbl... >>> couldn't sleep so here's reason no.3 why not. >>> >>> We are a successful company, we run company.com. Most of our success is >>> due to our widgets, we also run widget.com. Our development team are >>> good too, they've invented a new kind of widget, the widget2, so we're >>> gonna run up widget2.com. >>> >>> What is the correct name for our AD? >>> >>> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message >>> news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl... >>>>I have read many folks saying not to use a .com domain when setting up a >>>>2003 SBS. However I did one 2 years ago and never saw any problems (did >>>>it before reading). >>>> >>>> I now need to do another for a new company. Can somebody give any >>>> valid reasons why I shouldn't use domain.com? >>>> >>>> Thanks >>>> Ryan >>>> >>> >>> >> >> > >
|
|
I'm with Russ and Gumby! (dom-mit! - sorry - had to go there...)
We're in business to Serve in the Customers Best Interest - not to set
ourselves up for "Billable Time".
"Make Service Your First Priority, and Success Will Follow."
Microsoft and Gumby have the same Best Practice Principles in mind.
Name Separation is key in .com and .local naming conventions.
Keep outside out, and inside in (.local is non-routable).
I've seen domains in a .com name space that took well over two or four
minutes time to authenticate at login.
DNS runs XP and 2003 authentication - and beyond.
Get in the good habits now, or loose out on those Successful Billable Hours!
"Russ Grover (SBITS.Biz)" <support[ at ]REMOVETHIS.SBITS.Biz> wrote in message
news:uvF7vXisHHA.1420[ at ]TK2MSFTNGP03.phx.gbl...
[Quoted Text] > Well I work on Billable hours > however, to Create WORK is never my intent. > > I'm Currently Arguing with a Client now to spend $500 now so in 3 months > it's not $3,000.00 > > UGH! > > Russ > > -- > > Russell Grover > SBITS.Biz > Microsoft Certified Small Business Specialist. > MCP, MCPS, MCNPS, (MCP-SBS) > support [ at ] SBITS.Biz > Remote SBS2003 Support > http://www.SBITS.Biz> > > "Gary Karasik" <gkarasik[ at ]fea.net> wrote in message > news:uAQyp8esHHA.1416[ at ]TK2MSFTNGP06.phx.gbl... >>> And My goal is to cause less headaches for clients, not more! >> >> Unless they're billable hours. >> >> -- >> >> GaryK >> >> >> "Russ Grover (SBITS.Biz)" <support[ at ]REMOVETHIS.SBITS.Biz> wrote in message >> news:OsLxJhesHHA.1416[ at ]TK2MSFTNGP06.phx.gbl... >>> IMO it's basically Short Sighting the whole Business! >>> >>> Assuming today is going to be the same as tomorrow >>> >>> And IMO assuming that is not a good idea. >>> *Unless of course you like to cause problems for clients in the future, >>> which I know is some IT People's Goal. >>> >>> To change from .com to a .lan is only a three letter difference sure. >>> but it can mean a lot of work in the future, and issues has Gumby says. >>> >>> And My goal is to cause less headaches for clients, not more! >>> >>> Russ >>> >>> -- >>> >>> Russell Grover >>> SBITS.Biz >>> Microsoft Certified Small Business Specialist. >>> MCP, MCPS, MCNPS, (MCP-SBS) >>> support [ at ] SBITS.Biz >>> Remote SBS2003 Support >>> http://www.SBITS.Biz>>> >>> >>> "SuperGumby [SBS MVP]" <not[ at ]your.nellie> wrote in message >>> news:eoYOPkdsHHA.536[ at ]TK2MSFTNGP06.phx.gbl... >>>> couldn't sleep so here's reason no.3 why not. >>>> >>>> We are a successful company, we run company.com. Most of our success is >>>> due to our widgets, we also run widget.com. Our development team are >>>> good too, they've invented a new kind of widget, the widget2, so we're >>>> gonna run up widget2.com. >>>> >>>> What is the correct name for our AD? >>>> >>>> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message >>>> news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl... >>>>>I have read many folks saying not to use a .com domain when setting up >>>>>a 2003 SBS. However I did one 2 years ago and never saw any problems >>>>>(did it before reading). >>>>> >>>>> I now need to do another for a new company. Can somebody give any >>>>> valid reasons why I shouldn't use domain.com? >>>>> >>>>> Thanks >>>>> Ryan >>>>> >>>> >>>> >>> >>> >> >> > >
|
|
In article <uvF7vXisHHA.1420[ at ]TK2MSFTNGP03.phx.gbl>,
support[ at ]REMOVETHIS.SBITS.Biz says...
[Quoted Text] > Well I work on Billable hours
> however, to Create WORK is never my intent.
>
> I'm Currently Arguing with a Client now to spend $500 now so in 3 months
> it's not $3,000.00
Because of early issues with .local (and I never use .com) I adopted
..lan everywhere. I've had no issues with .lan and do not believe that
..lan will every be adopted as a public TLD. .lan didn't cause problems
for MAC's like .local did.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
So I've heard I'll have to put an entry in DNS to allow users to reach the
website. Also heard that it may take a couple seconds more to login
(although never experienced that). I know Microsoft's opinion, but as a
Microsoft guy I know they miss a lot (see all sw products).
Website is hosted on Small Business Server (why pay someone to do it when I
can). Bandwidth is not an issue.
Basically it sounds like there are a bunch of possible problems, but on the
extreme end. Someone asked why do it, why not? Abc.com is lot easier to
remember for users and makes sense to all.
"Leythos" <void[ at ]nowhere.lan> wrote in message
news:MPG.20e1760ab285abe3989701[ at ]adfree.Usenet.com...
[Quoted Text] > In article <uvF7vXisHHA.1420[ at ]TK2MSFTNGP03.phx.gbl>,
> support[ at ]REMOVETHIS.SBITS.Biz says...
>> Well I work on Billable hours
>> however, to Create WORK is never my intent.
>>
>> I'm Currently Arguing with a Client now to spend $500 now so in 3 months
>> it's not $3,000.00
>
> Because of early issues with .local (and I never use .com) I adopted
> .lan everywhere. I've had no issues with .lan and do not believe that
> .lan will every be adopted as a public TLD. .lan didn't cause problems
> for MAC's like .local did.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
In article <uKyJkdnsHHA.4800[ at ]TK2MSFTNGP05.phx.gbl>,
ryan[ at ]controlbynet.com says...
[Quoted Text] > So I've heard I'll have to put an entry in DNS to allow users to reach the
> website. Also heard that it may take a couple seconds more to login
> (although never experienced that). I know Microsoft's opinion, but as a
> Microsoft guy I know they miss a lot (see all sw products).
>
> Website is hosted on Small Business Server (why pay someone to do it when I
> can). Bandwidth is not an issue.
>
> Basically it sounds like there are a bunch of possible problems, but on the
> extreme end. Someone asked why do it, why not? Abc.com is lot easier to
> remember for users and makes sense to all.
..COM doesn't make any sense inside the network as there is little if any
reason to use the TLD when using your computer. .COM also presents many
DNS issues with the real world.
Hosting your company public website on your DC/SBS is always a BAD IDEA
for security, always, never an exception, always.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
You can use .com if you insist. But a non routable domain is very private,
and that's the intent. If you use .com, you assume the responsibility to
ensure your private data remains that way, and your systems aren't
compromised unnessecarily, or becasue you didn't know better.
--
Les Connor [SBS MVP]
"Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
news:uKyJkdnsHHA.4800[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > So I've heard I'll have to put an entry in DNS to allow users to reach the
> website. Also heard that it may take a couple seconds more to login
> (although never experienced that). I know Microsoft's opinion, but as a
> Microsoft guy I know they miss a lot (see all sw products).
>
> Website is hosted on Small Business Server (why pay someone to do it when
> I can). Bandwidth is not an issue.
>
> Basically it sounds like there are a bunch of possible problems, but on
> the extreme end. Someone asked why do it, why not? Abc.com is lot easier
> to remember for users and makes sense to all.
>
> "Leythos" <void[ at ]nowhere.lan> wrote in message
> news:MPG.20e1760ab285abe3989701[ at ]adfree.Usenet.com...
>> In article <uvF7vXisHHA.1420[ at ]TK2MSFTNGP03.phx.gbl>,
>> support[ at ]REMOVETHIS.SBITS.Biz says...
>>> Well I work on Billable hours
>>> however, to Create WORK is never my intent.
>>>
>>> I'm Currently Arguing with a Client now to spend $500 now so in 3 months
>>> it's not $3,000.00
>>
>> Because of early issues with .local (and I never use .com) I adopted
>> .lan everywhere. I've had no issues with .lan and do not believe that
>> .lan will every be adopted as a public TLD. .lan didn't cause problems
>> for MAC's like .local did.
>>
>> --
>>
>> Leythos
>> - Igitur qui desiderat pacem, praeparet bellum.
>> - Calling an illegal alien an "undocumented worker" is like calling a
>> drug dealer an "unlicensed pharmacist"
>> spam999free[ at ]rrohio.com (remove 999 for proper email address)
>
>
|
|
Leythos,
His company motto is "Hindsight."
not "Foresight.."
Russ
--
Russell Grover
SBITS.Biz
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
support [ at ] SBITS.Biz
Remote SBS2003 Support
http://www.SBITS.Biz
"Leythos" <void[ at ]nowhere.lan> wrote in message
news:MPG.20e1c55ef74c7b31989744[ at ]adfree.Usenet.com...
[Quoted Text] > In article <uKyJkdnsHHA.4800[ at ]TK2MSFTNGP05.phx.gbl>,
> ryan[ at ]controlbynet.com says...
>> So I've heard I'll have to put an entry in DNS to allow users to reach
>> the
>> website. Also heard that it may take a couple seconds more to login
>> (although never experienced that). I know Microsoft's opinion, but as a
>> Microsoft guy I know they miss a lot (see all sw products).
>>
>> Website is hosted on Small Business Server (why pay someone to do it when
>> I
>> can). Bandwidth is not an issue.
>>
>> Basically it sounds like there are a bunch of possible problems, but on
>> the
>> extreme end. Someone asked why do it, why not? Abc.com is lot easier to
>> remember for users and makes sense to all.
>
> .COM doesn't make any sense inside the network as there is little if any
> reason to use the TLD when using your computer. .COM also presents many
> DNS issues with the real world.
>
> Hosting your company public website on your DC/SBS is always a BAD IDEA
> for security, always, never an exception, always.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
Cute...I understand towing the microsoft recommendations. And that's what
SBS is for...mail, hosting, domain, etc. Hosting a website on sbs is the
essence of small business....don't have to go buy another server and copy of
server 2003 to host.
I have since received a message from a Dell Exchange/SBS consultant. His
claims were Microsoft thoughts were more for Enterprise and other than
having to add a dns entry to access the website there is no real reason not
to use .com. Logic fails microsoft often, and the natural way to think is
xyz.com....not xyz.local.
Les, thanks for that input.
"Russ Grover (SBITS.Biz)" <support[ at ]REMOVETHIS.SBITS.Biz> wrote in message
news:uXzslBvsHHA.4196[ at ]TK2MSFTNGP03.phx.gbl...
[Quoted Text] > Leythos, > His company motto is "Hindsight." > not "Foresight.." > > Russ > > -- > > Russell Grover > SBITS.Biz > Microsoft Certified Small Business Specialist. > MCP, MCPS, MCNPS, (MCP-SBS) > support [ at ] SBITS.Biz > Remote SBS2003 Support > http://www.SBITS.Biz> > > "Leythos" <void[ at ]nowhere.lan> wrote in message > news:MPG.20e1c55ef74c7b31989744[ at ]adfree.Usenet.com... >> In article <uKyJkdnsHHA.4800[ at ]TK2MSFTNGP05.phx.gbl>, >> ryan[ at ]controlbynet.com says... >>> So I've heard I'll have to put an entry in DNS to allow users to reach >>> the >>> website. Also heard that it may take a couple seconds more to login >>> (although never experienced that). I know Microsoft's opinion, but as a >>> Microsoft guy I know they miss a lot (see all sw products). >>> >>> Website is hosted on Small Business Server (why pay someone to do it >>> when I >>> can). Bandwidth is not an issue. >>> >>> Basically it sounds like there are a bunch of possible problems, but on >>> the >>> extreme end. Someone asked why do it, why not? Abc.com is lot easier >>> to >>> remember for users and makes sense to all. >> >> .COM doesn't make any sense inside the network as there is little if any >> reason to use the TLD when using your computer. .COM also presents many >> DNS issues with the real world. >> >> Hosting your company public website on your DC/SBS is always a BAD IDEA >> for security, always, never an exception, always. >> >> -- >> >> Leythos >> - Igitur qui desiderat pacem, praeparet bellum. >> - Calling an illegal alien an "undocumented worker" is like calling a >> drug dealer an "unlicensed pharmacist" >> spam999free[ at ]rrohio.com (remove 999 for proper email address) > >
|
|
Ryan Strange wrote:
[Quoted Text] > Cute...I understand towing the microsoft recommendations. And that's
> what SBS is for...mail, hosting, domain, etc. Hosting a website on
> sbs is the essence of small business....don't have to go buy another
> server and copy of server 2003 to host.
>
> I have since received a message from a Dell Exchange/SBS consultant.
> His claims were Microsoft thoughts were more for Enterprise and other
> than having to add a dns entry to access the website there is no real
> reason not to use .com. Logic fails microsoft often, and the natural
> way to think is xyz.com....not xyz.local.
What I really don't understand is why you bothered to come here and ask
a question in the first place. You have been given loads of reasons for
not using .com and you have chosen to ignore everyone, preferring
instead to go down a route that will get you (or, more precisely and
more importantly, your clients) burned one day.
You say that hosting a web site on SBS is the essence of small
business. No - it's not. Hosting an *internal* web site is one thing,
but using it to host an external web site is, frankly, reckess and
stupid. You are opening up your (or your clients') internal company
resources to the risks of a port 80 HTTP connection. That's just dumb,
unless you don't know any better. You have been warned, but you go
ahead anyway. I'm glad we're not one of your clients.
--
Regards,
Steve.
|
|
In article <uyEyg40sHHA.4880[ at ]TK2MSFTNGP02.phx.gbl>,
ryan[ at ]controlbynet.com says...
[Quoted Text] > Cute...I understand towing the microsoft recommendations. And that's what
> SBS is for...mail, hosting, domain, etc. Hosting a website on sbs is the
> essence of small business....don't have to go buy another server and copy of
> server 2003 to host.
It has nothing to do woth "Towing the Microsoft" anything, it has to do
with providing customers with a secure solution that will not easily
permit their company data, accounts, etc.. to be compromised for the
sake of being stupid.
Host PUBLIC website on SBS is not the intended function of SBS, in fact,
if you are going to provide any lookup to the SBS SQL database you can
not license SBS properly (according to MS) for anonymous access to a
website that uses the SBS SQL service.
So, again, you can be foolish for the sake of it, but, as many of us
design secure networks for public businesses, for medical groups, for
H/S, for public utility companies, we are telling you that you do NOT
WANT TO COMPROMISE YOUR CLIENTS SECURITY FOR THE SAKE OF BEING STUPID.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
Ryan,
What's this Dell Contact name
I'd be more than happy to spend time calling him, and his manager.
Russ
--
Russell Grover
SBITS.Biz
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
support [ at ] SBITS.Biz
Remote SBS2003 Support
http://www.SBITS.Biz
"Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
news:uyEyg40sHHA.4880[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > Cute...I understand towing the microsoft recommendations. And that's what > SBS is for...mail, hosting, domain, etc. Hosting a website on sbs is the > essence of small business....don't have to go buy another server and copy > of server 2003 to host. > > I have since received a message from a Dell Exchange/SBS consultant. His > claims were Microsoft thoughts were more for Enterprise and other than > having to add a dns entry to access the website there is no real reason > not to use .com. Logic fails microsoft often, and the natural way to > think is xyz.com....not xyz.local. > > Les, thanks for that input. > > > "Russ Grover (SBITS.Biz)" <support[ at ]REMOVETHIS.SBITS.Biz> wrote in message > news:uXzslBvsHHA.4196[ at ]TK2MSFTNGP03.phx.gbl... >> Leythos, >> His company motto is "Hindsight." >> not "Foresight.." >> >> Russ >> >> -- >> >> Russell Grover >> SBITS.Biz >> Microsoft Certified Small Business Specialist. >> MCP, MCPS, MCNPS, (MCP-SBS) >> support [ at ] SBITS.Biz >> Remote SBS2003 Support >> http://www.SBITS.Biz>> >> >> "Leythos" <void[ at ]nowhere.lan> wrote in message >> news:MPG.20e1c55ef74c7b31989744[ at ]adfree.Usenet.com... >>> In article <uKyJkdnsHHA.4800[ at ]TK2MSFTNGP05.phx.gbl>, >>> ryan[ at ]controlbynet.com says... >>>> So I've heard I'll have to put an entry in DNS to allow users to reach >>>> the >>>> website. Also heard that it may take a couple seconds more to login >>>> (although never experienced that). I know Microsoft's opinion, but as >>>> a >>>> Microsoft guy I know they miss a lot (see all sw products). >>>> >>>> Website is hosted on Small Business Server (why pay someone to do it >>>> when I >>>> can). Bandwidth is not an issue. >>>> >>>> Basically it sounds like there are a bunch of possible problems, but on >>>> the >>>> extreme end. Someone asked why do it, why not? Abc.com is lot easier >>>> to >>>> remember for users and makes sense to all. >>> >>> .COM doesn't make any sense inside the network as there is little if any >>> reason to use the TLD when using your computer. .COM also presents many >>> DNS issues with the real world. >>> >>> Hosting your company public website on your DC/SBS is always a BAD IDEA >>> for security, always, never an exception, always. >>> >>> -- >>> >>> Leythos >>> - Igitur qui desiderat pacem, praeparet bellum. >>> - Calling an illegal alien an "undocumented worker" is like calling a >>> drug dealer an "unlicensed pharmacist" >>> spam999free[ at ]rrohio.com (remove 999 for proper email address) >> >> > >
|
|
In article <Ok9pRh4sHHA.4236[ at ]TK2MSFTNGP05.phx.gbl>,
support[ at ]REMOVETHIS.SBITS.Biz says...
[Quoted Text] > What's this Dell Contact name
LOL - Dell, like they even have as much a clue as the Geek Squad people
:)
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
So you wouldn't name it fje.local or fje.lan? Just curious-- we
don't use generic domain names internally, though it's an interesting take.
"SuperGumby [SBS MVP]" <not[ at ]your.nellie> wrote in message
news:eZ$AJhdsHHA.4916[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > couldn't sleep so here's reason no.2 why not.
>
> Fred James started the company, called it Fred James Enterprises, fje.com,
> so that's what we called the AD. Fred's now retired because Bob Smith
bought
> him out, now we have to rename the AD.
>
>
> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
> news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
> >I have read many folks saying not to use a .com domain when setting up a
> >2003 SBS. However I did one 2 years ago and never saw any problems (did
it
> >before reading).
> >
> > I now need to do another for a new company. Can somebody give any valid
> > reasons why I shouldn't use domain.com?
> >
> > Thanks
> > Ryan
> >
>
>
|
|
if it wasn't for the issue of possible future interconnect I'd probably name
every AD 'our.lan', literally.
When doing the LoungeAN AD I decided LC.lan, 'coz I live in Lane Cove. It
was great for a couple of years then I faced the possibility of changing
suburbs (eventually didn't, still in LC), the AD name limited where I could
move :-)
'as generic a name as possible' comes to mind.
"Andrew M. Saucci, Jr." <spam-only[ at ]2000computer.com> wrote in message
news:%23CpmI46sHHA.3640[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > So you wouldn't name it fje.local or fje.lan? Just curious-- we
> don't use generic domain names internally, though it's an interesting
> take.
>
> "SuperGumby [SBS MVP]" <not[ at ]your.nellie> wrote in message
> news:eZ$AJhdsHHA.4916[ at ]TK2MSFTNGP05.phx.gbl...
>> couldn't sleep so here's reason no.2 why not.
>>
>> Fred James started the company, called it Fred James Enterprises,
>> fje.com,
>> so that's what we called the AD. Fred's now retired because Bob Smith
> bought
>> him out, now we have to rename the AD.
>>
>>
>> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
>> news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
>> >I have read many folks saying not to use a .com domain when setting up a
>> >2003 SBS. However I did one 2 years ago and never saw any problems (did
> it
>> >before reading).
>> >
>> > I now need to do another for a new company. Can somebody give any
>> > valid
>> > reasons why I shouldn't use domain.com?
>> >
>> > Thanks
>> > Ryan
>> >
>>
>>
>
>
|
|
That's why I'd have no problem calling this person, that's giving bad advice
AND his manager...
Russ
--
Russell Grover
SBITS.Biz
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
support [ at ] SBITS.Biz
Remote SBS2003 Support
http://www.SBITS.Biz
"Leythos" <void[ at ]nowhere.lan> wrote in message
news:MPG.20e37d11db76679598970b[ at ]adfree.Usenet.com...
[Quoted Text] > In article <Ok9pRh4sHHA.4236[ at ]TK2MSFTNGP05.phx.gbl>,
> support[ at ]REMOVETHIS.SBITS.Biz says...
>> What's this Dell Contact name
>
> LOL - Dell, like they even have as much a clue as the Geek Squad people
> :)
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
Mine is SMALLBUSINESS.LOCAL
(Although now I'd name it SMALLBUSINESS.LAN)
Then I've seen DOMAIN.LOCAL even..
Really no different than OUR.LAN
K.I.S.S. is always best In my book
Russ
--
Russell Grover
SBITS.Biz
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
support [ at ] SBITS.Biz
Remote SBS2003 Support
http://www.SBITS.Biz
"SuperGumby [SBS MVP]" <not[ at ]your.nellie> wrote in message
news:O1pbjG7sHHA.1416[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > if it wasn't for the issue of possible future interconnect I'd probably
> name every AD 'our.lan', literally.
>
> When doing the LoungeAN AD I decided LC.lan, 'coz I live in Lane Cove. It
> was great for a couple of years then I faced the possibility of changing
> suburbs (eventually didn't, still in LC), the AD name limited where I
> could move :-)
>
> 'as generic a name as possible' comes to mind.
>
> "Andrew M. Saucci, Jr." <spam-only[ at ]2000computer.com> wrote in message
> news:%23CpmI46sHHA.3640[ at ]TK2MSFTNGP05.phx.gbl...
>> So you wouldn't name it fje.local or fje.lan? Just curious-- we
>> don't use generic domain names internally, though it's an interesting
>> take.
>>
>> "SuperGumby [SBS MVP]" <not[ at ]your.nellie> wrote in message
>> news:eZ$AJhdsHHA.4916[ at ]TK2MSFTNGP05.phx.gbl...
>>> couldn't sleep so here's reason no.2 why not.
>>>
>>> Fred James started the company, called it Fred James Enterprises,
>>> fje.com,
>>> so that's what we called the AD. Fred's now retired because Bob Smith
>> bought
>>> him out, now we have to rename the AD.
>>>
>>>
>>> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
>>> news:eA8em5bsHHA.4364[ at ]TK2MSFTNGP06.phx.gbl...
>>> >I have read many folks saying not to use a .com domain when setting up
>>> >a
>>> >2003 SBS. However I did one 2 years ago and never saw any problems
>>> >(did
>> it
>>> >before reading).
>>> >
>>> > I now need to do another for a new company. Can somebody give any
>>> > valid
>>> > reasons why I shouldn't use domain.com?
>>> >
>>> > Thanks
>>> > Ryan
>>> >
>>>
>>>
>>
>>
>
>
|
|
In article <#CpmI46sHHA.3640[ at ]TK2MSFTNGP05.phx.gbl>, spam-only[ at ]
2000computer.com says...
[Quoted Text] > So you wouldn't name it fje.local or fje.lan? Just curious-- we
> don't use generic domain names internally, though it's an interesting take.
Having seen MANY companies merge, sell, die, I never name the network
the same of the company. For many locations I use company.lan or
business.lan or medical.lan or water.lan or a description of their
business, but never their company name.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
Listen, trying to get facts and use facts. Per this whole conversation,
there are not many actual reasons outside of opinions...which I certainly
hear. Stephen actually said he uses .com.
What I've learned:
DNS will be affected, will have to make entry to access public website from
within network.
Naming change is difficult....but isn't that difficult regardless of what's
to the right of the period?
Login time could be increased...maybe.
That's the just of the entire conversation.
Also Microsoft's #8 of 10 reasons for using SBS 2003 is hosting your own
domain website. That is the nature of small business....not to have to
spend extra money on additional hardware and software. I did not make it
up..... http://www.microsoft.com/windowsserver2003/sbs/evaluation/top.mspx
I did not mean to solely sound stubborn, I just have run across a few where
they used .com and never noticed a difference. I was only looking for
facts, not to ignore but to become educated.
Thanks
Ryan
"Les Connor [SBS MVP]" <les.connor[ at ]DEL.cfive.ca> wrote in message
news:DC2F33EB-43A3-4A02-BFBC-02471902422A[ at ]microsoft.com...
[Quoted Text] > You can use .com if you insist. But a non routable domain is very private,
> and that's the intent. If you use .com, you assume the responsibility to
> ensure your private data remains that way, and your systems aren't
> compromised unnessecarily, or becasue you didn't know better.
>
> --
> Les Connor [SBS MVP]
>
>
> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
> news:uKyJkdnsHHA.4800[ at ]TK2MSFTNGP05.phx.gbl...
>> So I've heard I'll have to put an entry in DNS to allow users to reach
>> the website. Also heard that it may take a couple seconds more to login
>> (although never experienced that). I know Microsoft's opinion, but as a
>> Microsoft guy I know they miss a lot (see all sw products).
>>
>> Website is hosted on Small Business Server (why pay someone to do it when
>> I can). Bandwidth is not an issue.
>>
>> Basically it sounds like there are a bunch of possible problems, but on
>> the extreme end. Someone asked why do it, why not? Abc.com is lot
>> easier to remember for users and makes sense to all.
>>
>> "Leythos" <void[ at ]nowhere.lan> wrote in message
>> news:MPG.20e1760ab285abe3989701[ at ]adfree.Usenet.com...
>>> In article <uvF7vXisHHA.1420[ at ]TK2MSFTNGP03.phx.gbl>,
>>> support[ at ]REMOVETHIS.SBITS.Biz says...
>>>> Well I work on Billable hours
>>>> however, to Create WORK is never my intent.
>>>>
>>>> I'm Currently Arguing with a Client now to spend $500 now so in 3
>>>> months
>>>> it's not $3,000.00
>>>
>>> Because of early issues with .local (and I never use .com) I adopted
>>> .lan everywhere. I've had no issues with .lan and do not believe that
>>> .lan will every be adopted as a public TLD. .lan didn't cause problems
>>> for MAC's like .local did.
>>>
>>> --
>>>
>>> Leythos
>>> - Igitur qui desiderat pacem, praeparet bellum.
>>> - Calling an illegal alien an "undocumented worker" is like calling a
>>> drug dealer an "unlicensed pharmacist"
>>> spam999free[ at ]rrohio.com (remove 999 for proper email address)
>>
>>
>
|
|
Ryan Strange <ryan[ at ]controlbynet.com> wrote:
[Quoted Text] > Listen, trying to get facts and use facts. Per this whole > conversation, there are not many actual reasons outside of > opinions...which I certainly hear. Stephen actually said he uses > .com. > What I've learned: > DNS will be affected, will have to make entry to access public > website from within network. > Naming change is difficult....but isn't that difficult regardless of > what's to the right of the period? > Login time could be increased...maybe. > > That's the just of the entire conversation. > > Also Microsoft's #8 of 10 reasons for using SBS 2003 is hosting your > own domain website. That is the nature of small business....not to > have to spend extra money on additional hardware and software. I did > not make it up..... > http://www.microsoft.com/windowsserver2003/sbs/evaluation/top.mspx> I did not mean to solely sound stubborn, I just have run across a few > where they used .com and never noticed a difference. I was only > looking for facts, not to ignore but to become educated. > > Thanks > Ryan
Eh. That stuff is written by marketing weasels....and yes, hosting a public
website on your SBS is indeed possible. What you're hearing here is more
along the lines of "Just because you can, doesn't mean you *should*."
.....and you definitely shouldn't.
Putting a public website anywhere on your LAN, where it can touch AD at all,
is unwise from a security standpoint....and putting a public website on your
sole server, which is a DC/DNS/Exchange box, is additionally foolish.
Hosting accounts are inexpensive, and a shared server in a datacenter will
perform a lot better as well have more skilled eyes on it...and it won't
expose your private network to the public at large.
Re the valid TLD thing - it really is more of a preference than anything
else. If you really understand how DNS works (particularly "split brain"
DNS), have particular reasons to prefer one over the other, and are sure
know what you're doing - then you can make your internal & external DNS
namespace the same, and have it work just fine However, there's rarely any
justification for doing so, and most users do not know the ramifications -
hence the suggestion that you avoid that setup. If your DNS isn't set up
right, nothing at all will work in AD or Exchange.
<snipped for length>
|
|
If we were having beers in the back yard, I would not argue the .com or
..local thing with you, but I'd be red in the face about hosting a
public-facing web site on a domain controller. I'm the most loyal Microsoft
customer there is, and I'm sure I'd like the marketing guy who wrote #8, but
I doubt you'll find anyone outside of marketing who agrees with that idea.
You're taking your most valuable data - your active directory, your Exchange
stores, and your user shares, and inviting the public onto that same server
with a web site. Have you looked at hosting services? You can get a basic
plan from Godaddy for about $3 a month. Their most expensive plan is under
$15 a month. IMO there's nothing that can be said to justify the risk of
putting a public web site on a domain controller to save forty bucks a year.
"Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
news:euoNttNtHHA.2752[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > Listen, trying to get facts and use facts. Per this whole conversation, > there are not many actual reasons outside of opinions...which I certainly > hear. Stephen actually said he uses .com. > > What I've learned: > DNS will be affected, will have to make entry to access public website > from within network. > Naming change is difficult....but isn't that difficult regardless of > what's to the right of the period? > Login time could be increased...maybe. > > That's the just of the entire conversation. > > Also Microsoft's #8 of 10 reasons for using SBS 2003 is hosting your own > domain website. That is the nature of small business....not to have to > spend extra money on additional hardware and software. I did not make it > up..... http://www.microsoft.com/windowsserver2003/sbs/evaluation/top.mspx> > I did not mean to solely sound stubborn, I just have run across a few > where they used .com and never noticed a difference. I was only looking > for facts, not to ignore but to become educated. > > Thanks > Ryan > > > "Les Connor [SBS MVP]" <les.connor[ at ]DEL.cfive.ca> wrote in message > news:DC2F33EB-43A3-4A02-BFBC-02471902422A[ at ]microsoft.com... >> You can use .com if you insist. But a non routable domain is very >> private, and that's the intent. If you use .com, you assume the >> responsibility to ensure your private data remains that way, and your >> systems aren't compromised unnessecarily, or becasue you didn't know >> better. >> >> -- >> Les Connor [SBS MVP] >> >> >> "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message >> news:uKyJkdnsHHA.4800[ at ]TK2MSFTNGP05.phx.gbl... >>> So I've heard I'll have to put an entry in DNS to allow users to reach >>> the website. Also heard that it may take a couple seconds more to login >>> (although never experienced that). I know Microsoft's opinion, but as a >>> Microsoft guy I know they miss a lot (see all sw products). >>> >>> Website is hosted on Small Business Server (why pay someone to do it >>> when I can). Bandwidth is not an issue. >>> >>> Basically it sounds like there are a bunch of possible problems, but on >>> the extreme end. Someone asked why do it, why not? Abc.com is lot >>> easier to remember for users and makes sense to all. >>> >>> "Leythos" <void[ at ]nowhere.lan> wrote in message >>> news:MPG.20e1760ab285abe3989701[ at ]adfree.Usenet.com... >>>> In article <uvF7vXisHHA.1420[ at ]TK2MSFTNGP03.phx.gbl>, >>>> support[ at ]REMOVETHIS.SBITS.Biz says... >>>>> Well I work on Billable hours >>>>> however, to Create WORK is never my intent. >>>>> >>>>> I'm Currently Arguing with a Client now to spend $500 now so in 3 >>>>> months >>>>> it's not $3,000.00 >>>> >>>> Because of early issues with .local (and I never use .com) I adopted >>>> .lan everywhere. I've had no issues with .lan and do not believe that >>>> .lan will every be adopted as a public TLD. .lan didn't cause problems >>>> for MAC's like .local did. >>>> >>>> -- >>>> >>>> Leythos >>>> - Igitur qui desiderat pacem, praeparet bellum. >>>> - Calling an illegal alien an "undocumented worker" is like calling a >>>> drug dealer an "unlicensed pharmacist" >>>> spam999free[ at ]rrohio.com (remove 999 for proper email address) >>> >>> >> > >
|
|
Thanks Lanwench..good info.
I agree with the public website on the server..wishing MS would come out
with scaled down web server solely for that purpose.
Aren't RWW, OWA, and other services just basically public websites as well?
I understand that the normal anonymous user doesn't run across those like
they would a public .com site....but that's not really what the hackers are
looking for anyway as they're just scanning for any ports to get at. And
then you start getting into a different server for OWA or smtp then haven't
you ruined the point of SBS....allowing small businesses a way into using
functions of an enterprise?
From a dns perspective: I have a sbs domain abc.com with clients using it
for dns and forwarders to the ISP. I have an entry that lets internal users
know that abc.com is on that box if needed. Clients log into abc.com
domain. Mail comes to mail.abc.com which is that sbs box (the ISP makes the
DNS entry for mail/web, I do not do it on the sbs). What doesn't work
regarding sbs at that point? It's likely I haven't ever used those features
that are affected.
I'm as much trying to understand as anything. I appreciate your help.
"Lanwench [MVP - Exchange]"
<lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:uRQSbTOtHHA.3364[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > Ryan Strange <ryan[ at ]controlbynet.com> wrote: >> Listen, trying to get facts and use facts. Per this whole >> conversation, there are not many actual reasons outside of >> opinions...which I certainly hear. Stephen actually said he uses >> .com. >> What I've learned: >> DNS will be affected, will have to make entry to access public >> website from within network. >> Naming change is difficult....but isn't that difficult regardless of >> what's to the right of the period? >> Login time could be increased...maybe. >> >> That's the just of the entire conversation. >> >> Also Microsoft's #8 of 10 reasons for using SBS 2003 is hosting your >> own domain website. That is the nature of small business....not to >> have to spend extra money on additional hardware and software. I did >> not make it up..... >> http://www.microsoft.com/windowsserver2003/sbs/evaluation/top.mspx>> I did not mean to solely sound stubborn, I just have run across a few >> where they used .com and never noticed a difference. I was only >> looking for facts, not to ignore but to become educated. >> >> Thanks >> Ryan > > Eh. That stuff is written by marketing weasels....and yes, hosting a > public website on your SBS is indeed possible. What you're hearing here is > more along the lines of "Just because you can, doesn't mean you *should*." > ....and you definitely shouldn't. > > Putting a public website anywhere on your LAN, where it can touch AD at > all, is unwise from a security standpoint....and putting a public website > on your sole server, which is a DC/DNS/Exchange box, is additionally > foolish. Hosting accounts are inexpensive, and a shared server in a > datacenter will perform a lot better as well have more skilled eyes on > it...and it won't expose your private network to the public at large. > > Re the valid TLD thing - it really is more of a preference than anything > else. If you really understand how DNS works (particularly "split brain" > DNS), have particular reasons to prefer one over the other, and are sure > know what you're doing - then you can make your internal & external DNS > namespace the same, and have it work just fine However, there's rarely any > justification for doing so, and most users do not know the ramifications - > hence the suggestion that you avoid that setup. If your DNS isn't set up > right, nothing at all will work in AD or Exchange. > > <snipped for length> >
|
|
Ryan I have a couple of clients who's previous IT person made their local
domain a .com
and they have a remote Site that VPN's into theirs for data.
I'm sure they would argue about the .com not being an issue.
I think a lot of us are Yes, you can do it, but why bother?
To me that's like putting a $500 on the dash of your car locking the doors
and walking away.
Sure you can do it, and you may get lucky, it may be there when you get
back, but why?
Not all risks can be eliminated, but IMO a IT persons job is to reduce them
as much as possible.
Russ
--
Russell Grover
SBITS.Biz
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
support [ at ] SBITS.Biz
Remote SBS2003 Support
http://www.SBITS.Biz
"Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message
news:exzy0sOtHHA.1208[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > Thanks Lanwench..good info. > > I agree with the public website on the server..wishing MS would come out > with scaled down web server solely for that purpose. > > Aren't RWW, OWA, and other services just basically public websites as > well? I understand that the normal anonymous user doesn't run across those > like they would a public .com site....but that's not really what the > hackers are looking for anyway as they're just scanning for any ports to > get at. And then you start getting into a different server for OWA or > smtp then haven't you ruined the point of SBS....allowing small businesses > a way into using functions of an enterprise? > > From a dns perspective: I have a sbs domain abc.com with clients using it > for dns and forwarders to the ISP. I have an entry that lets internal > users know that abc.com is on that box if needed. Clients log into > abc.com domain. Mail comes to mail.abc.com which is that sbs box (the ISP > makes the DNS entry for mail/web, I do not do it on the sbs). What > doesn't work regarding sbs at that point? It's likely I haven't ever used > those features that are affected. > > I'm as much trying to understand as anything. I appreciate your help. > > > "Lanwench [MVP - Exchange]" > <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in > message news:uRQSbTOtHHA.3364[ at ]TK2MSFTNGP02.phx.gbl... >> Ryan Strange <ryan[ at ]controlbynet.com> wrote: >>> Listen, trying to get facts and use facts. Per this whole >>> conversation, there are not many actual reasons outside of >>> opinions...which I certainly hear. Stephen actually said he uses >>> .com. >>> What I've learned: >>> DNS will be affected, will have to make entry to access public >>> website from within network. >>> Naming change is difficult....but isn't that difficult regardless of >>> what's to the right of the period? >>> Login time could be increased...maybe. >>> >>> That's the just of the entire conversation. >>> >>> Also Microsoft's #8 of 10 reasons for using SBS 2003 is hosting your >>> own domain website. That is the nature of small business....not to >>> have to spend extra money on additional hardware and software. I did >>> not make it up..... >>> http://www.microsoft.com/windowsserver2003/sbs/evaluation/top.mspx>>> I did not mean to solely sound stubborn, I just have run across a few >>> where they used .com and never noticed a difference. I was only >>> looking for facts, not to ignore but to become educated. >>> >>> Thanks >>> Ryan >> >> Eh. That stuff is written by marketing weasels....and yes, hosting a >> public website on your SBS is indeed possible. What you're hearing here >> is more along the lines of "Just because you can, doesn't mean you >> *should*." ....and you definitely shouldn't. >> >> Putting a public website anywhere on your LAN, where it can touch AD at >> all, is unwise from a security standpoint....and putting a public website >> on your sole server, which is a DC/DNS/Exchange box, is additionally >> foolish. Hosting accounts are inexpensive, and a shared server in a >> datacenter will perform a lot better as well have more skilled eyes on >> it...and it won't expose your private network to the public at large. >> >> Re the valid TLD thing - it really is more of a preference than anything >> else. If you really understand how DNS works (particularly "split brain" >> DNS), have particular reasons to prefer one over the other, and are sure >> know what you're doing - then you can make your internal & external DNS >> namespace the same, and have it work just fine However, there's rarely >> any justification for doing so, and most users do not know the >> ramifications - hence the suggestion that you avoid that setup. If your >> DNS isn't set up right, nothing at all will work in AD or Exchange. >> >> <snipped for length> >> > >
|
|
I agree with you Russ with that analogy.
What about all the other 'public' stuff hosted on SBS? In theory the only
difference in it and a website is the people accessing it....however there
will be no difference if it's a hacker just probing, right? Or does the
OWA, RWW and others have a different security access point I am missing
besides basically sitting out there for all to see?
Thanks again.
"Russ Grover (SBITS.Biz)" <support[ at ]REMOVETHIS.SBITS.Biz> wrote in message
news:O9nj1WQtHHA.4972[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > Ryan I have a couple of clients who's previous IT person made their local > domain a .com > and they have a remote Site that VPN's into theirs for data. > > I'm sure they would argue about the .com not being an issue. > I think a lot of us are Yes, you can do it, but why bother? > > To me that's like putting a $500 on the dash of your car locking the doors > and walking away. > Sure you can do it, and you may get lucky, it may be there when you get > back, but why? > > Not all risks can be eliminated, but IMO a IT persons job is to reduce > them as much as possible. > > Russ > > -- > > Russell Grover > SBITS.Biz > Microsoft Certified Small Business Specialist. > MCP, MCPS, MCNPS, (MCP-SBS) > support [ at ] SBITS.Biz > Remote SBS2003 Support > http://www.SBITS.Biz> > > "Ryan Strange" <ryan[ at ]controlbynet.com> wrote in message > news:exzy0sOtHHA.1208[ at ]TK2MSFTNGP05.phx.gbl... >> Thanks Lanwench..good info. >> >> I agree with the public website on the server..wishing MS would come out >> with scaled down web server solely for that purpose. >> >> Aren't RWW, OWA, and other services just basically public websites as >> well? I understand that the normal anonymous user doesn't run across >> those like they would a public .com site....but that's not really what >> the hackers are looking for anyway as they're just scanning for any ports >> to get at. And then you start getting into a different server for OWA or >> smtp then haven't you ruined the point of SBS....allowing small >> businesses a way into using functions of an enterprise? >> >> From a dns perspective: I have a sbs domain abc.com with clients using >> it for dns and forwarders to the ISP. I have an entry that lets internal >> users know that abc.com is on that box if needed. Clients log into >> abc.com domain. Mail comes to mail.abc.com which is that sbs box (the >> ISP makes the DNS entry for mail/web, I do not do it on the sbs). What >> doesn't work regarding sbs at that point? It's likely I haven't ever >> used those features that are affected. >> >> I'm as much trying to understand as anything. I appreciate your help. >> >> >> "Lanwench [MVP - Exchange]" >> <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in >> message news:uRQSbTOtHHA.3364[ at ]TK2MSFTNGP02.phx.gbl... >>> Ryan Strange <ryan[ at ]controlbynet.com> wrote: >>>> Listen, trying to get facts and use facts. Per this whole >>>> conversation, there are not many actual reasons outside of >>>> opinions...which I certainly hear. Stephen actually said he uses >>>> .com. >>>> What I've learned: >>>> DNS will be affected, will have to make entry to access public >>>> website from within network. >>>> Naming change is difficult....but isn't that difficult regardless of >>>> what's to the right of the period? >>>> Login time could be increased...maybe. >>>> >>>> That's the just of the entire conversation. >>>> >>>> Also Microsoft's #8 of 10 reasons for using SBS 2003 is hosting your >>>> own domain website. That is the nature of small business....not to >>>> have to spend extra money on additional hardware and software. I did >>>> not make it up..... >>>> http://www.microsoft.com/windowsserver2003/sbs/evaluation/top.mspx>>>> I did not mean to solely sound stubborn, I just have run across a few >>>> where they used .com and never noticed a difference. I was only >>>> looking for facts, not to ignore but to become educated. >>>> >>>> Thanks >>>> Ryan >>> >>> Eh. That stuff is written by marketing weasels....and yes, hosting a >>> public website on your SBS is indeed possible. What you're hearing here >>> is more along the lines of "Just because you can, doesn't mean you >>> *should*." ....and you definitely shouldn't. >>> >>> Putting a public website anywhere on your LAN, where it can touch AD at >>> all, is unwise from a security standpoint....and putting a public >>> website on your sole server, which is a DC/DNS/Exchange box, is >>> additionally foolish. Hosting accounts are inexpensive, and a shared >>> server in a datacenter will perform a lot better as well have more >>> skilled eyes on it...and it won't expose your private network to the >>> public at large. >>> >>> Re the valid TLD thing - it really is more of a preference than anything >>> else. If you really understand how DNS works (particularly "split brain" >>> DNS), have particular reasons to prefer one over the other, and are sure >>> know what you're doing - then you can make your internal & external DNS >>> namespace the same, and have it work just fine However, there's rarely >>> any justification for doing so, and most users do not know the >>> ramifications - hence the suggestion that you avoid that setup. If your >>> DNS isn't set up right, nothing at all will work in AD or Exchange. >>> >>> <snipped for length> >>> >> >> > >
|
|
In article <exzy0sOtHHA.1208[ at ]TK2MSFTNGP05.phx.gbl>,
ryan[ at ]controlbynet.com says...
[Quoted Text] > I agree with the public website on the server..wishing MS would come out
> with scaled down web server solely for that purpose.
They did, it's called Windows 2003 Web Server edition.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
In article <uA9DNnQtHHA.3364[ at ]TK2MSFTNGP02.phx.gbl>,
ryan[ at ]controlbynet.com says...
[Quoted Text] > What about all the other 'public' stuff hosted on SBS?
It's not public - it's not available via HTTP, only HTTPS and only after
a user authenticates with the server.
HTTP is exposed to the world - very big difference.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
Agreed IMO big Difference
If you call a https a Public site:
Then you would call access to your bank account Public access also.
(Since it's on a Public site.)
If so, please give me your login and password so I can make a withdrawal ;)
Russ
--
Russell Grover
SBITS.Biz
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
support [ at ] SBITS.Biz
Remote SBS2003 Support
http://www.SBITS.Biz
"Leythos" <void[ at ]nowhere.lan> wrote in message
news:MPG.20e61af79b7dc91598971f[ at ]adfree.Usenet.com...
[Quoted Text] > In article <uA9DNnQtHHA.3364[ at ]TK2MSFTNGP02.phx.gbl>,
> ryan[ at ]controlbynet.com says...
>> What about all the other 'public' stuff hosted on SBS?
>
> It's not public - it's not available via HTTP, only HTTPS and only after
> a user authenticates with the server.
>
> HTTP is exposed to the world - very big difference.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free[ at ]rrohio.com (remove 999 for proper email address)
|
|
Ryan Strange <ryan[ at ]controlbynet.com> wrote:
[Quoted Text] > Thanks Lanwench..good info.
>
> I agree with the public website on the server..wishing MS would come
> out with scaled down web server solely for that purpose.
As someone else mentioned, they do....Win2003 Web Server edition. If you're
going to use it, put it in a DMZ w/no connectivity to your LAN at all...
>
> Aren't RWW, OWA, and other services just basically public websites as
> well?
No....they require authentication. And I'd love not to have them exposed at
all, but they are a necessary evil.
> I understand that the normal anonymous user doesn't run across
> those like they would a public .com site....but that's not really
> what the hackers are looking for anyway as they're just scanning for
> any ports to get at. And then you start getting into a different
> server for OWA or smtp then haven't you ruined the point of
> SBS....allowing small businesses a way into using functions of an
> enterprise?
No, I don't think so. You can't realistically put everything an "enterprise"
uses on one server. And an enterprise doesn't put a web server on a DC.
>
> From a dns perspective: I have a sbs domain abc.com with clients
> using it for dns and forwarders to the ISP. I have an entry that
> lets internal users know that abc.com is on that box if needed. Clients
> log into abc.com domain. Mail comes to mail.abc.com which is
> that sbs box (the ISP makes the DNS entry for mail/web, I do not do
> it on the sbs). What doesn't work regarding sbs at that point? It's
> likely I haven't ever used those features that are affected.
Yep - and it may be just fine. As I said, if you fully understand the
ramifications, and DNS, you can get away with it. However, you never
know....and I think it's easier just to avoid the potential problems. Use
internal.abc.com if you don't like .local.
>
> I'm as much trying to understand as anything. I appreciate your help.
No prob.
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
> message news:uRQSbTOtHHA.3364[ at ]TK2MSFTNGP02.phx.gbl...
>> Ryan Strange <ryan[ at ]controlbynet.com> wrote:
>>> Listen, trying to get facts and use facts. Per this whole
>>> conversation, there are not many actual reasons outside of
>>> opinions...which I certainly hear. Stephen actually said he uses
>>> .com.
>>> What I've learned:
>>> DNS will be affected, will have to make entry to access public
>>> website from within network.
>>> Naming change is difficult....but isn't that difficult regardless of
>>> what's to the right of the period?
>>> Login time could be increased...maybe.
>>>
>>> That's the just of the entire conversation.
>>>
>>> Also Microsoft's #8 of 10 reasons for using SBS 2003 is hosting your
>>> own domain website. That is the nature of small business....not to
>>> have to spend extra money on additional hardware and software. I
>>> did not make it up.....
>>> http://www.microsoft.com/windowsserver2003/sbs/evaluation/top.mspx
>>> I did not mean to solely sound stubborn, I just have run across a
>>> few where they used .com and never noticed a difference. I was only
>>> looking for facts, not to ignore but to become educated.
>>>
>>> Thanks
>>> Ryan
>>
>> Eh. That stuff is written by marketing weasels....and yes, hosting a
>> public website on your SBS is indeed possible. What you're hearing
>> here is more along the lines of "Just because you can, doesn't mean
>> you *should*." ....and you definitely shouldn't.
>>
>> Putting a public website anywhere on your LAN, where it can touch AD
>> at all, is unwise from a security standpoint....and putting a public
>> website on your sole server, which is a DC/DNS/Exchange box, is
>> additionally foolish. Hosting accounts are inexpensive, and a shared
>> server in a datacenter will perform a lot better as well have more
>> skilled eyes on it...and it won't expose your private network to the
>> public at large. Re the valid TLD thing - it really is more of a
>> preference than
>> anything else. If you really understand how DNS works (particularly
>> "split brain" DNS), have particular reasons to prefer one over the
>> other, and are sure know what you're doing - then you can make your
>> internal & external DNS namespace the same, and have it work just
>> fine However, there's rarely any justification for doing so, and
>> most users do not know the ramifications - hence the suggestion that
>> you avoid that setup. If your DNS isn't set up right, nothing at all
>> will work in AD or Exchange. <snipped for length>
|
|
Ryan Strange wrote:
[Quoted Text] > I agree with you Russ with that analogy.
>
> What about all the other 'public' stuff hosted on SBS? In theory the only
> difference in it and a website is the people accessing it....however there
> will be no difference if it's a hacker just probing, right? Or does the
> OWA, RWW and others have a different security access point I am missing
> besides basically sitting out there for all to see?
>
They're not anonymous access pages, at the very least they use Windows
authentication. They are indeed only as strong as the passwords used,
but that's | | |