Re: [brlug-general] Offsite DNS hosting for Active Directory

Fri, 01 Oct 2010 11:27:41 -0700

If your only goal is to provide DNS, how about running BIND on a Linux box? I haven't explicitly done it, but Win DNS does support BIND secondaries.
There's only 1 drawback with that plan that has bit me in the behind recently. I had a similar site from which my backup DC was removed from the budget. I wasn't happy but figured it would be okay with the cached logins. 


Last week the DC went down and all of my Terminal Sessions couldn't  
log in.  We have repeatedly tested and it's consistent.  Research by  
one of the guys in my group showed that while you can log onto the  
console of a server (and a workstation is in fact the console) RDC and  
all other network sessions are not supported with cached credentials.



In other words, you can log onto your workstation, but forget about  
getting to a network resource.  Is that going to work for you?



As far as hardware costs go, you can use one of my solutions:  I run a  
virtual DC on a workstation as a backup.  This PC happens to be at my  
house and runs over a VPN, but obviously it would work better on the  
LAN.  I did it at home so that I'd have an offsite AD backup.


Of course you still have the server license with which to contend.


Now that I'm thinking...has anyone used Samba recently for DC backup?   
As I remember, version 3 and before only supported NT4 auth, but would  
that be enough to get to the network resources?  Now I'm going to have  
to try that.  Samba 4 is supposed to be fully AD-integrated whenever  
it comes out.


On Oct 1, 2010, at 1:15 PM, Dustin Puryear wrote:


We have a [common] situation where a company has a single site, has  
Active Directory, and only has one Domain Controller (DC). We could  
bring up a second DC, but there are hardware and licensing costs.  
That, and most AD networks that are workstation-heavy can survive  
quite well after a DC goes down for a good bit of time. If you  
exclude the fact that the DC is also the DNS primary for that network.



Anyone know of a DNS hosting service that is known to play well with  
hosting secondary DNS for AD DNS?



And what are your thoughts on this in terms of security? Anyone  
using a hosting service to provide secondary DNS capabilities for  
internal DNS?


---
Puryear IT, LLC - We see IT differently.
Baton Rouge, LA - 225-706-8414
http://www.puryear-it.com/

_______________________________________________
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net



--

Keith Stokes






_______________________________________________
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net






















					Reply via email to