subject:"RE\: Stupid DNS question..."

Re: Stupid DNS question...

2008-10-10 Thread Kurt Buff

That's where I thought you were heading with your question.

I'm going to tell them it's not worth the hassle and security exposure.

Thanks!

On Thu, Oct 9, 2008 at 8:07 PM, Michael B. Smith
<[EMAIL PROTECTED]> wrote:
> Can't be done without installing IIS (or a really smart traffic shaper).
>
> What you would do on your DC's is everything that comes in port 80 for
> "example.com" you would redirect to "www.example.com".
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2008 7:46 PM
> To: NT System Admin Issues
> Subject: Re: Stupid DNS question...
>
> BTW - I'm fine if the answer is "can't be done without installing IIS"
> - 'cause then I can tell them it's not worth it for security reasons,
> and be done with it.
>
> On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> <[EMAIL PROTECTED]> wrote:
>> Do you have IIS installed on your domain controllers?
>>
>> Regards,
>>
>> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
>> My blog: http://TheEssentialExchange.com/blogs/michael
>> Link with me at: http://www.linkedin.com/in/theessentialexchange
>>
>>
>> -Original Message-
>> From: Kurt Buff [mailto:[EMAIL PROTECTED]
>> Sent: Thursday, October 09, 2008 7:05 PM
>> To: NT System Admin Issues
>> Subject: Stupid DNS question...
>>
>> My DNS skills are weak...
>>
>> We run a split brain DNS - ISP takes care of external, we do internal.
>>
>> Internally, www points to external web site, but president of company
>> wants bare URL (http://mycompany.com) also to resolve to external.
>>
>> I tried adding a blank record to internal DNS pointing to external web
>> site, but that seems not to be working.
>>
>> How can I implement this?
>>
>> Kurt
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Stupid DNS question...

2008-10-10 Thread Kurt Buff

Correct.

It's beginning to look like this is not worth pursuing. I'm not going
to install IIS on a DC just so I can publish a redirect.

Kurt

On Thu, Oct 9, 2008 at 9:22 PM, Ken Schaefer <[EMAIL PROTECTED]> wrote:
> I got the impression that the boss wanted internal users that type in 
> http://company.com to be taken to their externally hosted website, just like 
> if they typed that into a browser when outside the company network.
>
> Cheers
> Ken
>
>> -Original Message-
>> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
>> Sent: Friday, 10 October 2008 3:10 PM
>> To: NT System Admin Issues
>> Subject: RE: Stupid DNS question...
>>
>> I thought the OP was asking about INTERNALLY. I don't think that ISA is a
>> solution there
>>
>> Regards,
>>
>> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
>> My blog: http://TheEssentialExchange.com/blogs/michael
>> Link with me at: http://www.linkedin.com/in/theessentialexchange
>>
>>
>> -Original Message-
>> From: Ken Schaefer [mailto:[EMAIL PROTECTED]
>> Sent: Friday, October 10, 2008 12:07 AM
>> To: NT System Admin Issues
>> Subject: RE: Stupid DNS question...
>>
>> Well, Microsoft does make something called ISA Server :-)
>>
>> But there are some much lighter-weight options.
>>
>> Cheers
>> Ken
>>
>> > -Original Message-
>> > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
>> > Sent: Friday, 10 October 2008 2:54 PM
>> > To: NT System Admin Issues
>> > Subject: RE: Stupid DNS question...
>> >
>> > Well, tru dat.
>> >
>> > I was thinking of specifically MSFT software. So shoot me. :-)
>> >
>> > Regards,
>> >
>> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
>> > My blog: http://TheEssentialExchange.com/blogs/michael
>> > Link with me at: http://www.linkedin.com/in/theessentialexchange
>> >
>> >
>> > -Original Message-
>> > From: Ken Schaefer [mailto:[EMAIL PROTECTED]
>> > Sent: Thursday, October 09, 2008 11:11 PM
>> > To: NT System Admin Issues
>> > Subject: RE: Stupid DNS question...
>> >
>> > You could put a proxy on your DCs - no need for IIS specifically.
>> >
>> > Cheers
>> > Ken
>> >
>> > > -Original Message-
>> > > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
>> > > Sent: Friday, 10 October 2008 2:07 PM
>> > > To: NT System Admin Issues
>> > > Subject: RE: Stupid DNS question...
>> > >
>> > > Can't be done without installing IIS (or a really smart traffic shaper).
>> > >
>> > > What you would do on your DC's is everything that comes in port 80 for
>> > > "example.com" you would redirect to "www.example.com".
>> > >
>> > > Regards,
>> > >
>> > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
>> > > My blog: http://TheEssentialExchange.com/blogs/michael
>> > > Link with me at: http://www.linkedin.com/in/theessentialexchange
>> > >
>> > >
>> > > -Original Message-
>> > > From: Kurt Buff [mailto:[EMAIL PROTECTED]
>> > > Sent: Thursday, October 09, 2008 7:46 PM
>> > > To: NT System Admin Issues
>> > > Subject: Re: Stupid DNS question...
>> > >
>> > > BTW - I'm fine if the answer is "can't be done without installing IIS"
>> > > - 'cause then I can tell them it's not worth it for security reasons,
>> > > and be done with it.
>> > >
>> > > On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
>> > > <[EMAIL PROTECTED]> wrote:
>> > > > Do you have IIS installed on your domain controllers?
>> > > >
>> > > > Regards,
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Greg Mulholland

yeah i was thinking of the wrong thing. i'm sure ive done similar to this once 
with a script file or host file like of some sort. i just cant remeber the 
exact details.

From: Ken Schaefer [EMAIL PROTECTED]
Sent: Friday, 10 October 2008 3:32 PM
To: NT System Admin Issues
Subject: RE: Stupid DNS question...

Um - that just sets the user's proxy server configuration. The problem here is 
DNS resolution...

Either the proxy server needs to use different DNS servers, or where the 
internal DNS record resolves to (DCs) needs to host a proxy server.

Cheers
Ken

> -Original Message-
> From: Greg Mulholland [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 3:28 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> Thats the way i took it. actually a wpad script could probably do this in ISA
> or a simple proxy.pac if you had some other flavour. You'd have to test and
> might need some stuffing around to get it working.
>
> Greg
> 
> From: Ken Schaefer [EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 3:22 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> I got the impression that the boss wanted internal users that type in
> http://company.com to be taken to their externally hosted website, just like
> if they typed that into a browser when outside the company network.
>
> Cheers
> Ken
>
> > -Original Message-
> > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 10 October 2008 3:10 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > I thought the OP was asking about INTERNALLY. I don't think that ISA is a
> > solution there
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> > Sent: Friday, October 10, 2008 12:07 AM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > Well, Microsoft does make something called ISA Server :-)
> >
> > But there are some much lighter-weight options.
> >
> > Cheers
> > Ken
> >
> > > -Original Message-
> > > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, 10 October 2008 2:54 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Stupid DNS question...
> > >
> > > Well, tru dat.
> > >
> > > I was thinking of specifically MSFT software. So shoot me. :-)
> > >
> > > Regards,
> > >
> > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > >
> > >
> > > -Original Message-
> > > From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, October 09, 2008 11:11 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Stupid DNS question...
> > >
> > > You could put a proxy on your DCs - no need for IIS specifically.
> > >
> > > Cheers
> > > Ken
> > >
> > > > -Original Message-
> > > > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > > > Sent: Friday, 10 October 2008 2:07 PM
> > > > To: NT System Admin Issues
> > > > Subject: RE: Stupid DNS question...
> > > >
> > > > Can't be done without installing IIS (or a really smart traffic shaper).
> > > >
> > > > What you would do on your DC's is everything that comes in port 80 for
> > > > "example.com" you would redirect to "www.example.com".
> > > >
> > > > Regards,
> > > >
> > > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > > >
> > > >
> > > > -Original Message-
> > > > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > > > Sent: Thursday, October 09, 2008 7:46 PM
> > > > To: NT System Admin Issues
> > > > Subject: Re: Stupid DNS question...
> > > >
> > > > BTW - I'm fine if the answer is "can't be done without installing IIS"
> > > > - 'cause then I can tell them it's not worth it for security reasons,
> > > > and be done with it.
> > > >
> > > > On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> > > > <[EMAIL PROTECTED]> wrote:
> > > > > Do you have IIS installed on your domain controllers?
> > > > >
> > > > > Regards,
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Ken Schaefer

ISA has proxy functionality. Just tell it to proxy requests that come in on 
port 80 for http://example.com to http://www.example.com (which would resolve 
to the public website) and select the URL rewriting option.

Cheers
Ken

> -Original Message-
> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 3:38 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> I completely concur. ISA is not my specialty (nowhere close), but I don't
> see how ISA can resolve that on the internal DCs..
>
> IIS or some other proxy - sure. But ISA on a DC is much more "heavy" than
> IIS...
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 10, 2008 12:23 AM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> I got the impression that the boss wanted internal users that type in
> http://company.com to be taken to their externally hosted website, just like
> if they typed that into a browser when outside the company network.
>
> Cheers
> Ken
>
> > -Original Message-
> > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 10 October 2008 3:10 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > I thought the OP was asking about INTERNALLY. I don't think that ISA is a
> > solution there
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> > Sent: Friday, October 10, 2008 12:07 AM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > Well, Microsoft does make something called ISA Server :-)
> >
> > But there are some much lighter-weight options.
> >
> > Cheers
> > Ken
> >
> > > -Original Message-
> > > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, 10 October 2008 2:54 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Stupid DNS question...
> > >
> > > Well, tru dat.
> > >
> > > I was thinking of specifically MSFT software. So shoot me. :-)
> > >
> > > Regards,
> > >
> > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > >
> > >
> > > -Original Message-
> > > From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, October 09, 2008 11:11 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Stupid DNS question...
> > >
> > > You could put a proxy on your DCs - no need for IIS specifically.
> > >
> > > Cheers
> > > Ken
> > >
> > > > -Original Message-
> > > > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > > > Sent: Friday, 10 October 2008 2:07 PM
> > > > To: NT System Admin Issues
> > > > Subject: RE: Stupid DNS question...
> > > >
> > > > Can't be done without installing IIS (or a really smart traffic
> shaper).
> > > >
> > > > What you would do on your DC's is everything that comes in port 80 for
> > > > "example.com" you would redirect to "www.example.com".
> > > >
> > > > Regards,
> > > >
> > > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > > >
> > > >
> > > > -Original Message-
> > > > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > > > Sent: Thursday, October 09, 2008 7:46 PM
> > > > To: NT System Admin Issues
> > > > Subject: Re: Stupid DNS question...
> > > >
> > > > BTW - I'm fine if the answer is "can't be done without installing IIS"
> > > > - 'cause then I can tell them it's not worth it for security reasons,
> > > > and be done with it.
> > > >
> > > > On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> > > > <[EMAIL PROTECTED]> wrote:
> > > > > Do you have IIS installed on your domain controllers?
> > > > >
> > > > > Regards,
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Michael B. Smith

I completely concur. ISA is not my specialty (nowhere close), but I don't
see how ISA can resolve that on the internal DCs..

IIS or some other proxy - sure. But ISA on a DC is much more "heavy" than
IIS...

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange


-Original Message-
From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: Friday, October 10, 2008 12:23 AM
To: NT System Admin Issues
Subject: RE: Stupid DNS question...

I got the impression that the boss wanted internal users that type in
http://company.com to be taken to their externally hosted website, just like
if they typed that into a browser when outside the company network.

Cheers
Ken

> -Original Message-
> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 3:10 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> I thought the OP was asking about INTERNALLY. I don't think that ISA is a
> solution there
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 10, 2008 12:07 AM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> Well, Microsoft does make something called ISA Server :-)
>
> But there are some much lighter-weight options.
>
> Cheers
> Ken
>
> > -Original Message-
> > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 10 October 2008 2:54 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > Well, tru dat.
> >
> > I was thinking of specifically MSFT software. So shoot me. :-)
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, October 09, 2008 11:11 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > You could put a proxy on your DCs - no need for IIS specifically.
> >
> > Cheers
> > Ken
> >
> > > -Original Message-
> > > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, 10 October 2008 2:07 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Stupid DNS question...
> > >
> > > Can't be done without installing IIS (or a really smart traffic
shaper).
> > >
> > > What you would do on your DC's is everything that comes in port 80 for
> > > "example.com" you would redirect to "www.example.com".
> > >
> > > Regards,
> > >
> > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > >
> > >
> > > -Original Message-
> > > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, October 09, 2008 7:46 PM
> > > To: NT System Admin Issues
> > > Subject: Re: Stupid DNS question...
> > >
> > > BTW - I'm fine if the answer is "can't be done without installing IIS"
> > > - 'cause then I can tell them it's not worth it for security reasons,
> > > and be done with it.
> > >
> > > On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> > > <[EMAIL PROTECTED]> wrote:
> > > > Do you have IIS installed on your domain controllers?
> > > >
> > > > Regards,


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Ken Schaefer

Um - that just sets the user's proxy server configuration. The problem here is 
DNS resolution...

Either the proxy server needs to use different DNS servers, or where the 
internal DNS record resolves to (DCs) needs to host a proxy server.

Cheers
Ken

> -Original Message-
> From: Greg Mulholland [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 3:28 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> Thats the way i took it. actually a wpad script could probably do this in ISA
> or a simple proxy.pac if you had some other flavour. You'd have to test and
> might need some stuffing around to get it working.
>
> Greg
> 
> From: Ken Schaefer [EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 3:22 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> I got the impression that the boss wanted internal users that type in
> http://company.com to be taken to their externally hosted website, just like
> if they typed that into a browser when outside the company network.
>
> Cheers
> Ken
>
> > -Original Message-
> > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 10 October 2008 3:10 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > I thought the OP was asking about INTERNALLY. I don't think that ISA is a
> > solution there
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> > Sent: Friday, October 10, 2008 12:07 AM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > Well, Microsoft does make something called ISA Server :-)
> >
> > But there are some much lighter-weight options.
> >
> > Cheers
> > Ken
> >
> > > -Original Message-
> > > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, 10 October 2008 2:54 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Stupid DNS question...
> > >
> > > Well, tru dat.
> > >
> > > I was thinking of specifically MSFT software. So shoot me. :-)
> > >
> > > Regards,
> > >
> > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > >
> > >
> > > -Original Message-
> > > From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, October 09, 2008 11:11 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Stupid DNS question...
> > >
> > > You could put a proxy on your DCs - no need for IIS specifically.
> > >
> > > Cheers
> > > Ken
> > >
> > > > -Original Message-
> > > > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > > > Sent: Friday, 10 October 2008 2:07 PM
> > > > To: NT System Admin Issues
> > > > Subject: RE: Stupid DNS question...
> > > >
> > > > Can't be done without installing IIS (or a really smart traffic shaper).
> > > >
> > > > What you would do on your DC's is everything that comes in port 80 for
> > > > "example.com" you would redirect to "www.example.com".
> > > >
> > > > Regards,
> > > >
> > > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > > >
> > > >
> > > > -Original Message-
> > > > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > > > Sent: Thursday, October 09, 2008 7:46 PM
> > > > To: NT System Admin Issues
> > > > Subject: Re: Stupid DNS question...
> > > >
> > > > BTW - I'm fine if the answer is "can't be done without installing IIS"
> > > > - 'cause then I can tell them it's not worth it for security reasons,
> > > > and be done with it.
> > > >
> > > > On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> > > > <[EMAIL PROTECTED]> wrote:
> > > > > Do you have IIS installed on your domain controllers?
> > > > >
> > > > > Regards,
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Greg Mulholland

Thats the way i took it. actually a wpad script could probably do this in ISA 
or a simple proxy.pac if you had some other flavour. You'd have to test and 
might need some stuffing around to get it working.

Greg

From: Ken Schaefer [EMAIL PROTECTED]
Sent: Friday, 10 October 2008 3:22 PM
To: NT System Admin Issues
Subject: RE: Stupid DNS question...

I got the impression that the boss wanted internal users that type in 
http://company.com to be taken to their externally hosted website, just like if 
they typed that into a browser when outside the company network.

Cheers
Ken

> -Original Message-
> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 3:10 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> I thought the OP was asking about INTERNALLY. I don't think that ISA is a
> solution there
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 10, 2008 12:07 AM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> Well, Microsoft does make something called ISA Server :-)
>
> But there are some much lighter-weight options.
>
> Cheers
> Ken
>
> > -Original Message-
> > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 10 October 2008 2:54 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > Well, tru dat.
> >
> > I was thinking of specifically MSFT software. So shoot me. :-)
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, October 09, 2008 11:11 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > You could put a proxy on your DCs - no need for IIS specifically.
> >
> > Cheers
> > Ken
> >
> > > -Original Message-
> > > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, 10 October 2008 2:07 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Stupid DNS question...
> > >
> > > Can't be done without installing IIS (or a really smart traffic shaper).
> > >
> > > What you would do on your DC's is everything that comes in port 80 for
> > > "example.com" you would redirect to "www.example.com".
> > >
> > > Regards,
> > >
> > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > >
> > >
> > > -Original Message-
> > > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, October 09, 2008 7:46 PM
> > > To: NT System Admin Issues
> > > Subject: Re: Stupid DNS question...
> > >
> > > BTW - I'm fine if the answer is "can't be done without installing IIS"
> > > - 'cause then I can tell them it's not worth it for security reasons,
> > > and be done with it.
> > >
> > > On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> > > <[EMAIL PROTECTED]> wrote:
> > > > Do you have IIS installed on your domain controllers?
> > > >
> > > > Regards,


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Ken Schaefer

I got the impression that the boss wanted internal users that type in 
http://company.com to be taken to their externally hosted website, just like if 
they typed that into a browser when outside the company network.

Cheers
Ken

> -Original Message-
> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 3:10 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> I thought the OP was asking about INTERNALLY. I don't think that ISA is a
> solution there
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 10, 2008 12:07 AM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> Well, Microsoft does make something called ISA Server :-)
>
> But there are some much lighter-weight options.
>
> Cheers
> Ken
>
> > -Original Message-
> > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 10 October 2008 2:54 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > Well, tru dat.
> >
> > I was thinking of specifically MSFT software. So shoot me. :-)
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, October 09, 2008 11:11 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > You could put a proxy on your DCs - no need for IIS specifically.
> >
> > Cheers
> > Ken
> >
> > > -Original Message-
> > > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, 10 October 2008 2:07 PM
> > > To: NT System Admin Issues
> > > Subject: RE: Stupid DNS question...
> > >
> > > Can't be done without installing IIS (or a really smart traffic shaper).
> > >
> > > What you would do on your DC's is everything that comes in port 80 for
> > > "example.com" you would redirect to "www.example.com".
> > >
> > > Regards,
> > >
> > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > >
> > >
> > > -Original Message-
> > > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, October 09, 2008 7:46 PM
> > > To: NT System Admin Issues
> > > Subject: Re: Stupid DNS question...
> > >
> > > BTW - I'm fine if the answer is "can't be done without installing IIS"
> > > - 'cause then I can tell them it's not worth it for security reasons,
> > > and be done with it.
> > >
> > > On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> > > <[EMAIL PROTECTED]> wrote:
> > > > Do you have IIS installed on your domain controllers?
> > > >
> > > > Regards,


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Greg Mulholland

and on a DC too.. starting to sound like an sbs setup :)

*duck*

From: Michael B. Smith [EMAIL PROTECTED]
Sent: Friday, 10 October 2008 3:10 PM
To: NT System Admin Issues
Subject: RE: Stupid DNS question...

I thought the OP was asking about INTERNALLY. I don't think that ISA is a
solution there

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange


-Original Message-
From: Ken Schaefer [mailto:[EMAIL PROTECTED]
Sent: Friday, October 10, 2008 12:07 AM
To: NT System Admin Issues
Subject: RE: Stupid DNS question...

Well, Microsoft does make something called ISA Server :-)

But there are some much lighter-weight options.

Cheers
Ken

> -Original Message-
> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 2:54 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> Well, tru dat.
>
> I was thinking of specifically MSFT software. So shoot me. :-)
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2008 11:11 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> You could put a proxy on your DCs - no need for IIS specifically.
>
> Cheers
> Ken
>
> > -Original Message-
> > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 10 October 2008 2:07 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > Can't be done without installing IIS (or a really smart traffic shaper).
> >
> > What you would do on your DC's is everything that comes in port 80 for
> > "example.com" you would redirect to "www.example.com".
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, October 09, 2008 7:46 PM
> > To: NT System Admin Issues
> > Subject: Re: Stupid DNS question...
> >
> > BTW - I'm fine if the answer is "can't be done without installing IIS"
> > - 'cause then I can tell them it's not worth it for security reasons,
> > and be done with it.
> >
> > On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> > <[EMAIL PROTECTED]> wrote:
> > > Do you have IIS installed on your domain controllers?
> > >
> > > Regards,
> > >
> > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > >
> > >
> > > -Original Message-
> > > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, October 09, 2008 7:05 PM
> > > To: NT System Admin Issues
> > > Subject: Stupid DNS question...
> > >
> > > My DNS skills are weak...
> > >
> > > We run a split brain DNS - ISP takes care of external, we do internal.
> > >
> > > Internally, www points to external web site, but president of company
> > > wants bare URL (http://mycompany.com) also to resolve to external.
> > >
> > > I tried adding a blank record to internal DNS pointing to external web
> > > site, but that seems not to be working.
> > >
> > > How can I implement this?
> > >
> > > Kurt


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Michael B. Smith

I thought the OP was asking about INTERNALLY. I don't think that ISA is a
solution there

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange


-Original Message-
From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: Friday, October 10, 2008 12:07 AM
To: NT System Admin Issues
Subject: RE: Stupid DNS question...

Well, Microsoft does make something called ISA Server :-)

But there are some much lighter-weight options.

Cheers
Ken

> -Original Message-
> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 2:54 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> Well, tru dat.
>
> I was thinking of specifically MSFT software. So shoot me. :-)
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2008 11:11 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> You could put a proxy on your DCs - no need for IIS specifically.
>
> Cheers
> Ken
>
> > -Original Message-
> > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 10 October 2008 2:07 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > Can't be done without installing IIS (or a really smart traffic shaper).
> >
> > What you would do on your DC's is everything that comes in port 80 for
> > "example.com" you would redirect to "www.example.com".
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, October 09, 2008 7:46 PM
> > To: NT System Admin Issues
> > Subject: Re: Stupid DNS question...
> >
> > BTW - I'm fine if the answer is "can't be done without installing IIS"
> > - 'cause then I can tell them it's not worth it for security reasons,
> > and be done with it.
> >
> > On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> > <[EMAIL PROTECTED]> wrote:
> > > Do you have IIS installed on your domain controllers?
> > >
> > > Regards,
> > >
> > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > >
> > >
> > > -Original Message-
> > > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, October 09, 2008 7:05 PM
> > > To: NT System Admin Issues
> > > Subject: Stupid DNS question...
> > >
> > > My DNS skills are weak...
> > >
> > > We run a split brain DNS - ISP takes care of external, we do internal.
> > >
> > > Internally, www points to external web site, but president of company
> > > wants bare URL (http://mycompany.com) also to resolve to external.
> > >
> > > I tried adding a blank record to internal DNS pointing to external web
> > > site, but that seems not to be working.
> > >
> > > How can I implement this?
> > >
> > > Kurt


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Ken Schaefer

Well, Microsoft does make something called ISA Server :-)

But there are some much lighter-weight options.

Cheers
Ken

> -Original Message-
> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 2:54 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> Well, tru dat.
>
> I was thinking of specifically MSFT software. So shoot me. :-)
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Ken Schaefer [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2008 11:11 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> You could put a proxy on your DCs - no need for IIS specifically.
>
> Cheers
> Ken
>
> > -Original Message-
> > From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> > Sent: Friday, 10 October 2008 2:07 PM
> > To: NT System Admin Issues
> > Subject: RE: Stupid DNS question...
> >
> > Can't be done without installing IIS (or a really smart traffic shaper).
> >
> > What you would do on your DC's is everything that comes in port 80 for
> > "example.com" you would redirect to "www.example.com".
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, October 09, 2008 7:46 PM
> > To: NT System Admin Issues
> > Subject: Re: Stupid DNS question...
> >
> > BTW - I'm fine if the answer is "can't be done without installing IIS"
> > - 'cause then I can tell them it's not worth it for security reasons,
> > and be done with it.
> >
> > On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> > <[EMAIL PROTECTED]> wrote:
> > > Do you have IIS installed on your domain controllers?
> > >
> > > Regards,
> > >
> > > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > > My blog: http://TheEssentialExchange.com/blogs/michael
> > > Link with me at: http://www.linkedin.com/in/theessentialexchange
> > >
> > >
> > > -Original Message-
> > > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > > Sent: Thursday, October 09, 2008 7:05 PM
> > > To: NT System Admin Issues
> > > Subject: Stupid DNS question...
> > >
> > > My DNS skills are weak...
> > >
> > > We run a split brain DNS - ISP takes care of external, we do internal.
> > >
> > > Internally, www points to external web site, but president of company
> > > wants bare URL (http://mycompany.com) also to resolve to external.
> > >
> > > I tried adding a blank record to internal DNS pointing to external web
> > > site, but that seems not to be working.
> > >
> > > How can I implement this?
> > >
> > > Kurt


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Michael B. Smith

Well, tru dat.

I was thinking of specifically MSFT software. So shoot me. :-)

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange


-Original Message-
From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 09, 2008 11:11 PM
To: NT System Admin Issues
Subject: RE: Stupid DNS question...

You could put a proxy on your DCs - no need for IIS specifically.

Cheers
Ken

> -Original Message-
> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 2:07 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> Can't be done without installing IIS (or a really smart traffic shaper).
>
> What you would do on your DC's is everything that comes in port 80 for
> "example.com" you would redirect to "www.example.com".
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2008 7:46 PM
> To: NT System Admin Issues
> Subject: Re: Stupid DNS question...
>
> BTW - I'm fine if the answer is "can't be done without installing IIS"
> - 'cause then I can tell them it's not worth it for security reasons,
> and be done with it.
>
> On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> <[EMAIL PROTECTED]> wrote:
> > Do you have IIS installed on your domain controllers?
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, October 09, 2008 7:05 PM
> > To: NT System Admin Issues
> > Subject: Stupid DNS question...
> >
> > My DNS skills are weak...
> >
> > We run a split brain DNS - ISP takes care of external, we do internal.
> >
> > Internally, www points to external web site, but president of company
> > wants bare URL (http://mycompany.com) also to resolve to external.
> >
> > I tried adding a blank record to internal DNS pointing to external web
> > site, but that seems not to be working.
> >
> > How can I implement this?
> >
> > Kurt
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Ken Schaefer

You could put a proxy on your DCs - no need for IIS specifically.

Cheers
Ken

> -Original Message-
> From: Michael B. Smith [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 2:07 PM
> To: NT System Admin Issues
> Subject: RE: Stupid DNS question...
>
> Can't be done without installing IIS (or a really smart traffic shaper).
>
> What you would do on your DC's is everything that comes in port 80 for
> "example.com" you would redirect to "www.example.com".
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2008 7:46 PM
> To: NT System Admin Issues
> Subject: Re: Stupid DNS question...
>
> BTW - I'm fine if the answer is "can't be done without installing IIS"
> - 'cause then I can tell them it's not worth it for security reasons,
> and be done with it.
>
> On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> <[EMAIL PROTECTED]> wrote:
> > Do you have IIS installed on your domain controllers?
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, October 09, 2008 7:05 PM
> > To: NT System Admin Issues
> > Subject: Stupid DNS question...
> >
> > My DNS skills are weak...
> >
> > We run a split brain DNS - ISP takes care of external, we do internal.
> >
> > Internally, www points to external web site, but president of company
> > wants bare URL (http://mycompany.com) also to resolve to external.
> >
> > I tried adding a blank record to internal DNS pointing to external web
> > site, but that seems not to be working.
> >
> > How can I implement this?
> >
> > Kurt
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Stupid DNS question...

2008-10-09 Thread Michael B. Smith

Can't be done without installing IIS (or a really smart traffic shaper).

What you would do on your DC's is everything that comes in port 80 for
"example.com" you would redirect to "www.example.com".

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange


-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 09, 2008 7:46 PM
To: NT System Admin Issues
Subject: Re: Stupid DNS question...

BTW - I'm fine if the answer is "can't be done without installing IIS"
- 'cause then I can tell them it's not worth it for security reasons,
and be done with it.

On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
<[EMAIL PROTECTED]> wrote:
> Do you have IIS installed on your domain controllers?
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2008 7:05 PM
> To: NT System Admin Issues
> Subject: Stupid DNS question...
>
> My DNS skills are weak...
>
> We run a split brain DNS - ISP takes care of external, we do internal.
>
> Internally, www points to external web site, but president of company
> wants bare URL (http://mycompany.com) also to resolve to external.
>
> I tried adding a blank record to internal DNS pointing to external web
> site, but that seems not to be working.
>
> How can I implement this?
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Stupid DNS question...

2008-10-09 Thread Durf

I don't think it can be done without mucking up your Active Directory
resolution.  Drop out to NSLOOKUP and type 'mycompany.com' - you should get
a list of your DC's.  If that's resolving to an external web host instead -
it will break things.  That's why there are those SRV records in DNS that
read "same as parent" in the top-level zone - your DC's are essentially
already aliased to mycompany.com.

-- Durf

On Thu, Oct 9, 2008 at 7:46 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:

> BTW - I'm fine if the answer is "can't be done without installing IIS"
> - 'cause then I can tell them it's not worth it for security reasons,
> and be done with it.
>
> On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
> <[EMAIL PROTECTED]> wrote:
> > Do you have IIS installed on your domain controllers?
> >
> > Regards,
> >
> > Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> > My blog: http://TheEssentialExchange.com/blogs/michael
> > Link with me at: http://www.linkedin.com/in/theessentialexchange
> >
> >
> > -Original Message-
> > From: Kurt Buff [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, October 09, 2008 7:05 PM
> > To: NT System Admin Issues
> > Subject: Stupid DNS question...
> >
> > My DNS skills are weak...
> >
> > We run a split brain DNS - ISP takes care of external, we do internal.
> >
> > Internally, www points to external web site, but president of company
> > wants bare URL (http://mycompany.com) also to resolve to external.
> >
> > I tried adding a blank record to internal DNS pointing to external web
> > site, but that seems not to be working.
> >
> > How can I implement this?
> >
> > Kurt
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>



-- 
--
Give a man a fish, and he'll eat for a day.
Give a fish a man, and he'll eat for weeks!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Stupid DNS question...

2008-10-09 Thread Greg Mulholland

Sounds like a bad practise to allow internal web requests to be forwarded out 
to the net unless you have a good reason to do so.

From: Kurt Buff [EMAIL PROTECTED]
Sent: Friday, 10 October 2008 10:44 AM
To: NT System Admin Issues
Subject: Re: Stupid DNS question...

It resolves to the IP address of my main DC - the FSMO role holder.

On Thu, Oct 9, 2008 at 4:33 PM, Ken Schaefer <[EMAIL PROTECTED]> wrote:
> What does ping mycompany.com resolve to?
>
> Cheers
> Ken
>
>> -Original Message-
>> From: Kurt Buff [mailto:[EMAIL PROTECTED]
>> Sent: Friday, 10 October 2008 10:05 AM
>> To: NT System Admin Issues
>> Subject: Stupid DNS question...
>>
>> My DNS skills are weak...
>>
>> We run a split brain DNS - ISP takes care of external, we do internal.
>>
>> Internally, www points to external web site, but president of company
>> wants bare URL (http://mycompany.com) also to resolve to external.
>>
>> I tried adding a blank record to internal DNS pointing to external web
>> site, but that seems not to be working.
>>
>> How can I implement this?
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Stupid DNS question...

2008-10-09 Thread Kurt Buff

Yup - the same, inside and out.

On Thu, Oct 9, 2008 at 5:06 PM, Rick Berry <[EMAIL PROTECTED]> wrote:
> Is it the exact same domain name inside and out?  (mycompany.com is your AD 
> domain AND your public domain, as opposed to mycompany.local vs. 
> mycompany.com)
>
> I *think* if they're the same you're unable to do it.
>
> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2008 7:05 PM
> To: NT System Admin Issues
> Subject: Stupid DNS question...
>
> My DNS skills are weak...
>
> We run a split brain DNS - ISP takes care of external, we do internal.
>
> Internally, www points to external web site, but president of company
> wants bare URL (http://mycompany.com) also to resolve to external.
>
> I tried adding a blank record to internal DNS pointing to external web
> site, but that seems not to be working.
>
> How can I implement this?
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Stupid DNS question...

2008-10-09 Thread Rick Berry

Is it the exact same domain name inside and out?  (mycompany.com is your AD 
domain AND your public domain, as opposed to mycompany.local vs. mycompany.com)

I *think* if they're the same you're unable to do it.

-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 09, 2008 7:05 PM
To: NT System Admin Issues
Subject: Stupid DNS question...

My DNS skills are weak...

We run a split brain DNS - ISP takes care of external, we do internal.

Internally, www points to external web site, but president of company
wants bare URL (http://mycompany.com) also to resolve to external.

I tried adding a blank record to internal DNS pointing to external web
site, but that seems not to be working.

How can I implement this?

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Stupid DNS question...

2008-10-09 Thread Kurt Buff

BTW - I'm fine if the answer is "can't be done without installing IIS"
- 'cause then I can tell them it's not worth it for security reasons,
and be done with it.

On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
<[EMAIL PROTECTED]> wrote:
> Do you have IIS installed on your domain controllers?
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2008 7:05 PM
> To: NT System Admin Issues
> Subject: Stupid DNS question...
>
> My DNS skills are weak...
>
> We run a split brain DNS - ISP takes care of external, we do internal.
>
> Internally, www points to external web site, but president of company
> wants bare URL (http://mycompany.com) also to resolve to external.
>
> I tried adding a blank record to internal DNS pointing to external web
> site, but that seems not to be working.
>
> How can I implement this?
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Stupid DNS question...

2008-10-09 Thread Kurt Buff

It resolves to the IP address of my main DC - the FSMO role holder.

On Thu, Oct 9, 2008 at 4:33 PM, Ken Schaefer <[EMAIL PROTECTED]> wrote:
> What does ping mycompany.com resolve to?
>
> Cheers
> Ken
>
>> -Original Message-
>> From: Kurt Buff [mailto:[EMAIL PROTECTED]
>> Sent: Friday, 10 October 2008 10:05 AM
>> To: NT System Admin Issues
>> Subject: Stupid DNS question...
>>
>> My DNS skills are weak...
>>
>> We run a split brain DNS - ISP takes care of external, we do internal.
>>
>> Internally, www points to external web site, but president of company
>> wants bare URL (http://mycompany.com) also to resolve to external.
>>
>> I tried adding a blank record to internal DNS pointing to external web
>> site, but that seems not to be working.
>>
>> How can I implement this?
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Stupid DNS question...

2008-10-09 Thread Sam Cayze

You have to create a new zone, and then a blank A record, not just an A
record...

I think.  Not a DNS expert by any means... But I just did something very
similar. 

-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 09, 2008 6:05 PM
To: NT System Admin Issues
Subject: Stupid DNS question...

My DNS skills are weak...

We run a split brain DNS - ISP takes care of external, we do internal.

Internally, www points to external web site, but president of company
wants bare URL (http://mycompany.com) also to resolve to external.

I tried adding a blank record to internal DNS pointing to external web
site, but that seems not to be working.

How can I implement this?

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Stupid DNS question...

2008-10-09 Thread Ken Schaefer

What does ping mycompany.com resolve to?

Cheers
Ken

> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Friday, 10 October 2008 10:05 AM
> To: NT System Admin Issues
> Subject: Stupid DNS question...
>
> My DNS skills are weak...
>
> We run a split brain DNS - ISP takes care of external, we do internal.
>
> Internally, www points to external web site, but president of company
> wants bare URL (http://mycompany.com) also to resolve to external.
>
> I tried adding a blank record to internal DNS pointing to external web
> site, but that seems not to be working.
>
> How can I implement this?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Stupid DNS question...

2008-10-09 Thread Kurt Buff

Not on your life...

On Thu, Oct 9, 2008 at 4:18 PM, Michael B. Smith
<[EMAIL PROTECTED]> wrote:
> Do you have IIS installed on your domain controllers?
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 09, 2008 7:05 PM
> To: NT System Admin Issues
> Subject: Stupid DNS question...
>
> My DNS skills are weak...
>
> We run a split brain DNS - ISP takes care of external, we do internal.
>
> Internally, www points to external web site, but president of company
> wants bare URL (http://mycompany.com) also to resolve to external.
>
> I tried adding a blank record to internal DNS pointing to external web
> site, but that seems not to be working.
>
> How can I implement this?
>
> Kurt
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Stupid DNS question...

2008-10-09 Thread Michael B. Smith

Do you have IIS installed on your domain controllers?

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange


-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 09, 2008 7:05 PM
To: NT System Admin Issues
Subject: Stupid DNS question...

My DNS skills are weak...

We run a split brain DNS - ISP takes care of external, we do internal.

Internally, www points to external web site, but president of company
wants bare URL (http://mycompany.com) also to resolve to external.

I tried adding a blank record to internal DNS pointing to external web
site, but that seems not to be working.

How can I implement this?

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Stupid DNS question...

Re: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

Re: Stupid DNS question...

RE: Stupid DNS question...

Re: Stupid DNS question...

RE: Stupid DNS question...

Re: Stupid DNS question...

Re: Stupid DNS question...

RE: Stupid DNS question...

RE: Stupid DNS question...

Re: Stupid DNS question...

RE: Stupid DNS question...

24 matches

Site Navigation

Mail list logo

Footer information