date:20101001

Re: [brlug-general] Offsite DNS hosting for Active Directory

2010-10-01 Thread Mark A. Lappin

It's going depend on how much you need AD for in the environment.  Chances are, 
if you're a small enough AD to have one DC, that DC is going to have everything 
on it that AD needs and probably, anything that is going to actually require AD 
to function.   Clients can/will use cached logon credentials for user login, 
although shared resources on other workstations may become unavailable unless 
the credential was cached before AD went down (assuming you're allowing 
workstations to cache X number of local logon credentials].  Assume you're 
pointing your clients to an off site DNS as well otherwise they'll be SOL 
waiting for something to be done.Services which need the GC are going to be 
hosed even if DNS is working if your only DC is down.






Mark A. Lappin, CCNA, MCITP: Enterprise Administrator | Lee Michaels Fine 
Jewelry
Director of Information Technology
11314 Cloverland Ave | Baton Rouge, LA 70809

Ph: 225.291.9094 ext 245 | Fax: 225.368.3675  | Mobile: 225-362-2770
www.lmfj.com 

[http://www.lmfj.com/images/lmfjsig.gif]


This communication is privileged and confidential.  If you are not the intended 
recipient, please notify the sender by reply e-mail and destroy all copies of 
this communication .
From: general-boun...@brlug.net [mailto:general-boun...@brlug.net] On Behalf Of 
Dustin Puryear
Sent: Friday, October 01, 2010 4:24 PM
To: general@brlug.net
Subject: Re: [brlug-general] Offsite DNS hosting for Active Directory

Actually, that's not true.

From: general-boun...@brlug.net [mailto:general-boun...@brlug.net] On Behalf Of 
Tim Fournet
Sent: Friday, October 01, 2010 2:29 PM
To: general@brlug.net
Subject: Re: [brlug-general] Offsite DNS hosting for Active Directory

Even if you've got the DNS portion of Active Directory replicated, when the 
rest of AD comes crashing down, you're going to have major work-stopping 
outages happening pretty quickly. Why not just bring up offsite hosted full 
domain controllers?
___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

Re: [brlug-general] Offsite DNS hosting for Active Directory

2010-10-01 Thread Dustin Puryear

Actually, that's not true.

From: general-boun...@brlug.net [mailto:general-boun...@brlug.net] On Behalf Of 
Tim Fournet
Sent: Friday, October 01, 2010 2:29 PM
To: general@brlug.net
Subject: Re: [brlug-general] Offsite DNS hosting for Active Directory

Even if you've got the DNS portion of Active Directory replicated, when the 
rest of AD comes crashing down, you're going to have major work-stopping 
outages happening pretty quickly. Why not just bring up offsite hosted full 
domain controllers?

On Fri, Oct 1, 2010 at 2:23 PM, Dustin Puryear 
mailto:dpury...@puryear-it.com>> wrote:
Well, we're looking for an offsite service that WE DON'T HAVE TO MANAGE. Like 
an EasyDNS service. Hmm.

-Original Message-
From: general-boun...@brlug.net 
[mailto:general-boun...@brlug.net] On Behalf 
Of Keith Stokes
Sent: Friday, October 01, 2010 1:28 PM
To: general@brlug.net
Subject: Re: [brlug-general] Offsite DNS hosting for Active Directory

Damn.  Brad can type faster than me.

On Oct 1, 2010, at 1:25 PM, Brad Bendily wrote:

> We don't use a service to do this, but we host AD DC DNS on our
> Linux/BIND DNS boxes.
> I haven't done the AD side, but apparently there's a tool to extract
> the DNS entries and then
> they can get imported into BIND. So, it should be fairly easy to do.
> You could also setup
> a master/slave trust between the zones and the entries can be pulled
> that way.
> If you had a DNS host, running linux that would open to trying a few
> things.
>
>
> bb
>
> On Fri, Oct 1, 2010 at 1:15 PM, Dustin Puryear 
> mailto:dpury...@puryear-it.com>
> > wrote:
>> We have a [common] situation where a company has a single site, has
>> Active
>> Directory, and only has one Domain Controller (DC). We could bring
>> up a
>> second DC, but there are hardware and licensing costs. That, and
>> most AD
>> networks that are workstation-heavy can survive quite well after a
>> DC goes
>> down for a good bit of time. If you exclude the fact that the DC is
>> also the
>> DNS primary for that network.
>>
>>
>>
>> Anyone know of a DNS hosting service that is known to play well
>> with hosting
>> secondary DNS for AD DNS?
>>
>>
>>
>> And what are your thoughts on this in terms of security? Anyone
>> using a
>> hosting service to provide secondary DNS capabilities for internal
>> DNS?
>>
>>
>>
>> ---
>>
>> Puryear IT, LLC - We see IT differently.
>>
>> Baton Rouge, LA - 225-706-8414
>>
>> http://www.puryear-it.com/
>>
>>
>>
>> ___
>> General mailing list
>> General@brlug.net
>> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>>
>>
>
>
>
> --
> Have Mercy & Say Yeah
>
> ___
> General mailing list
> General@brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net


--

Keith Stokes






___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

Re: [brlug-general] Offsite DNS hosting for Active Directory

2010-10-01 Thread Tim Fournet

Even if you've got the DNS portion of Active Directory replicated, when the
rest of AD comes crashing down, you're going to have major work-stopping
outages happening pretty quickly. Why not just bring up offsite hosted full
domain controllers?


On Fri, Oct 1, 2010 at 2:23 PM, Dustin Puryear wrote:

> Well, we're looking for an offsite service that WE DON'T HAVE TO MANAGE.
> Like an EasyDNS service. Hmm.
>
> -Original Message-
> From: general-boun...@brlug.net [mailto:general-boun...@brlug.net] On
> Behalf Of Keith Stokes
> Sent: Friday, October 01, 2010 1:28 PM
> To: general@brlug.net
> Subject: Re: [brlug-general] Offsite DNS hosting for Active Directory
>
> Damn.  Brad can type faster than me.
>
> On Oct 1, 2010, at 1:25 PM, Brad Bendily wrote:
>
> > We don't use a service to do this, but we host AD DC DNS on our
> > Linux/BIND DNS boxes.
> > I haven't done the AD side, but apparently there's a tool to extract
> > the DNS entries and then
> > they can get imported into BIND. So, it should be fairly easy to do.
> > You could also setup
> > a master/slave trust between the zones and the entries can be pulled
> > that way.
> > If you had a DNS host, running linux that would open to trying a few
> > things.
> >
> >
> > bb
> >
> > On Fri, Oct 1, 2010 at 1:15 PM, Dustin Puryear  > > wrote:
> >> We have a [common] situation where a company has a single site, has
> >> Active
> >> Directory, and only has one Domain Controller (DC). We could bring
> >> up a
> >> second DC, but there are hardware and licensing costs. That, and
> >> most AD
> >> networks that are workstation-heavy can survive quite well after a
> >> DC goes
> >> down for a good bit of time. If you exclude the fact that the DC is
> >> also the
> >> DNS primary for that network.
> >>
> >>
> >>
> >> Anyone know of a DNS hosting service that is known to play well
> >> with hosting
> >> secondary DNS for AD DNS?
> >>
> >>
> >>
> >> And what are your thoughts on this in terms of security? Anyone
> >> using a
> >> hosting service to provide secondary DNS capabilities for internal
> >> DNS?
> >>
> >>
> >>
> >> ---
> >>
> >> Puryear IT, LLC - We see IT differently.
> >>
> >> Baton Rouge, LA - 225-706-8414
> >>
> >> http://www.puryear-it.com/
> >>
> >>
> >>
> >> ___
> >> General mailing list
> >> General@brlug.net
> >> http://mail.brlug.net/mailman/listinfo/general_brlug.net
> >>
> >>
> >
> >
> >
> > --
> > Have Mercy & Say Yeah
> >
> > ___
> > General mailing list
> > General@brlug.net
> > http://mail.brlug.net/mailman/listinfo/general_brlug.net
>
>
> --
>
> Keith Stokes
>
>
>
>
>
>
> ___
> General mailing list
> General@brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>
> ___
> General mailing list
> General@brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>
___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

Re: [brlug-general] Offsite DNS hosting for Active Directory

2010-10-01 Thread Dustin Puryear

Well, we're looking for an offsite service that WE DON'T HAVE TO MANAGE. Like 
an EasyDNS service. Hmm.

-Original Message-
From: general-boun...@brlug.net [mailto:general-boun...@brlug.net] On Behalf Of 
Keith Stokes
Sent: Friday, October 01, 2010 1:28 PM
To: general@brlug.net
Subject: Re: [brlug-general] Offsite DNS hosting for Active Directory

Damn.  Brad can type faster than me.

On Oct 1, 2010, at 1:25 PM, Brad Bendily wrote:

> We don't use a service to do this, but we host AD DC DNS on our
> Linux/BIND DNS boxes.
> I haven't done the AD side, but apparently there's a tool to extract
> the DNS entries and then
> they can get imported into BIND. So, it should be fairly easy to do.
> You could also setup
> a master/slave trust between the zones and the entries can be pulled  
> that way.
> If you had a DNS host, running linux that would open to trying a few  
> things.
>
>
> bb
>
> On Fri, Oct 1, 2010 at 1:15 PM, Dustin Puryear  > wrote:
>> We have a [common] situation where a company has a single site, has  
>> Active
>> Directory, and only has one Domain Controller (DC). We could bring  
>> up a
>> second DC, but there are hardware and licensing costs. That, and  
>> most AD
>> networks that are workstation-heavy can survive quite well after a  
>> DC goes
>> down for a good bit of time. If you exclude the fact that the DC is  
>> also the
>> DNS primary for that network.
>>
>>
>>
>> Anyone know of a DNS hosting service that is known to play well  
>> with hosting
>> secondary DNS for AD DNS?
>>
>>
>>
>> And what are your thoughts on this in terms of security? Anyone  
>> using a
>> hosting service to provide secondary DNS capabilities for internal  
>> DNS?
>>
>>
>>
>> ---
>>
>> Puryear IT, LLC - We see IT differently.
>>
>> Baton Rouge, LA - 225-706-8414
>>
>> http://www.puryear-it.com/
>>
>>
>>
>> ___
>> General mailing list
>> General@brlug.net
>> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>>
>>
>
>
>
> -- 
> Have Mercy & Say Yeah
>
> ___
> General mailing list
> General@brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net


--

Keith Stokes






___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

Re: [brlug-general] Offsite DNS hosting for Active Directory

2010-10-01 Thread Joey Kelly

On Fri October 1 2010 1:15 pm, Dustin Puryear wrote:
> We have a [common] situation where a company has a single site, has Active
> Directory, and only has one Domain Controller (DC). We could bring up a
> second DC, but there are hardware and licensing costs. That, and most AD
> networks that are workstation-heavy can survive quite well after a DC goes
> down for a good bit of time. If you exclude the fact that the DC is also
> the DNS primary for that network.
>
> Anyone know of a DNS hosting service that is known to play well with
> hosting secondary DNS for AD DNS?

Wouldn't slaved BIND do the trick?

-- 
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550

___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

Re: [brlug-general] Offsite DNS hosting for Active Directory

2010-10-01 Thread Keith Stokes

Damn.  Brad can type faster than me.

On Oct 1, 2010, at 1:25 PM, Brad Bendily wrote:

> We don't use a service to do this, but we host AD DC DNS on our
> Linux/BIND DNS boxes.
> I haven't done the AD side, but apparently there's a tool to extract
> the DNS entries and then
> they can get imported into BIND. So, it should be fairly easy to do.
> You could also setup
> a master/slave trust between the zones and the entries can be pulled  
> that way.
> If you had a DNS host, running linux that would open to trying a few  
> things.
>
>
> bb
>
> On Fri, Oct 1, 2010 at 1:15 PM, Dustin Puryear  > wrote:
>> We have a [common] situation where a company has a single site, has  
>> Active
>> Directory, and only has one Domain Controller (DC). We could bring  
>> up a
>> second DC, but there are hardware and licensing costs. That, and  
>> most AD
>> networks that are workstation-heavy can survive quite well after a  
>> DC goes
>> down for a good bit of time. If you exclude the fact that the DC is  
>> also the
>> DNS primary for that network.
>>
>>
>>
>> Anyone know of a DNS hosting service that is known to play well  
>> with hosting
>> secondary DNS for AD DNS?
>>
>>
>>
>> And what are your thoughts on this in terms of security? Anyone  
>> using a
>> hosting service to provide secondary DNS capabilities for internal  
>> DNS?
>>
>>
>>
>> ---
>>
>> Puryear IT, LLC - We see IT differently.
>>
>> Baton Rouge, LA - 225-706-8414
>>
>> http://www.puryear-it.com/
>>
>>
>>
>> ___
>> General mailing list
>> General@brlug.net
>> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>>
>>
>
>
>
> -- 
> Have Mercy & Say Yeah
>
> ___
> General mailing list
> General@brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net


--

Keith Stokes






___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

Re: [brlug-general] Offsite DNS hosting for Active Directory

2010-10-01 Thread Keith Stokes

If your only goal is to provide DNS, how about running BIND on a Linux  
box?  I haven't explicitly done it, but Win DNS does support BIND  
secondaries.


There's only 1 drawback with that plan that has bit me in the behind  
recently.  I had a similar site from which my backup DC was removed  
from the budget.  I wasn't happy but figured it would be okay with the  
cached logins.


Last week the DC went down and all of my Terminal Sessions couldn't  
log in.  We have repeatedly tested and it's consistent.  Research by  
one of the guys in my group showed that while you can log onto the  
console of a server (and a workstation is in fact the console) RDC and  
all other network sessions are not supported with cached credentials.


In other words, you can log onto your workstation, but forget about  
getting to a network resource.  Is that going to work for you?


As far as hardware costs go, you can use one of my solutions:  I run a  
virtual DC on a workstation as a backup.  This PC happens to be at my  
house and runs over a VPN, but obviously it would work better on the  
LAN.  I did it at home so that I'd have an offsite AD backup.


Of course you still have the server license with which to contend.

Now that I'm thinking...has anyone used Samba recently for DC backup?   
As I remember, version 3 and before only supported NT4 auth, but would  
that be enough to get to the network resources?  Now I'm going to have  
to try that.  Samba 4 is supposed to be fully AD-integrated whenever  
it comes out.


On Oct 1, 2010, at 1:15 PM, Dustin Puryear wrote:

We have a [common] situation where a company has a single site, has  
Active Directory, and only has one Domain Controller (DC). We could  
bring up a second DC, but there are hardware and licensing costs.  
That, and most AD networks that are workstation-heavy can survive  
quite well after a DC goes down for a good bit of time. If you  
exclude the fact that the DC is also the DNS primary for that network.


Anyone know of a DNS hosting service that is known to play well with  
hosting secondary DNS for AD DNS?


And what are your thoughts on this in terms of security? Anyone  
using a hosting service to provide secondary DNS capabilities for  
internal DNS?


---
Puryear IT, LLC - We see IT differently.
Baton Rouge, LA - 225-706-8414
http://www.puryear-it.com/

___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net



--

Keith Stokes





___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

Re: [brlug-general] Offsite DNS hosting for Active Directory

2010-10-01 Thread Brad Bendily

We don't use a service to do this, but we host AD DC DNS on our
Linux/BIND DNS boxes.
I haven't done the AD side, but apparently there's a tool to extract
the DNS entries and then
they can get imported into BIND. So, it should be fairly easy to do.
You could also setup
a master/slave trust between the zones and the entries can be pulled that way.
If you had a DNS host, running linux that would open to trying a few things.


bb

On Fri, Oct 1, 2010 at 1:15 PM, Dustin Puryear  wrote:
> We have a [common] situation where a company has a single site, has Active
> Directory, and only has one Domain Controller (DC). We could bring up a
> second DC, but there are hardware and licensing costs. That, and most AD
> networks that are workstation-heavy can survive quite well after a DC goes
> down for a good bit of time. If you exclude the fact that the DC is also the
> DNS primary for that network.
>
>
>
> Anyone know of a DNS hosting service that is known to play well with hosting
> secondary DNS for AD DNS?
>
>
>
> And what are your thoughts on this in terms of security? Anyone using a
> hosting service to provide secondary DNS capabilities for internal DNS?
>
>
>
> ---
>
> Puryear IT, LLC - We see IT differently.
>
> Baton Rouge, LA - 225-706-8414
>
> http://www.puryear-it.com/
>
>
>
> ___
> General mailing list
> General@brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>
>



-- 
Have Mercy & Say Yeah

___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

[brlug-general] Offsite DNS hosting for Active Directory

2010-10-01 Thread Dustin Puryear

We have a [common] situation where a company has a single site, has Active 
Directory, and only has one Domain Controller (DC). We could bring up a second 
DC, but there are hardware and licensing costs. That, and most AD networks that 
are workstation-heavy can survive quite well after a DC goes down for a good 
bit of time. If you exclude the fact that the DC is also the DNS primary for 
that network.

Anyone know of a DNS hosting service that is known to play well with hosting 
secondary DNS for AD DNS?

And what are your thoughts on this in terms of security? Anyone using a hosting 
service to provide secondary DNS capabilities for internal DNS?

---
Puryear IT, LLC - We see IT differently.
Baton Rouge, LA - 225-706-8414
http://www.puryear-it.com/

___
General mailing list
General@brlug.net
http://mail.brlug.net/mailman/listinfo/general_brlug.net

Re: [brlug-general] Offsite DNS hosting for Active Directory

Re: [brlug-general] Offsite DNS hosting for Active Directory

Re: [brlug-general] Offsite DNS hosting for Active Directory

Re: [brlug-general] Offsite DNS hosting for Active Directory

Re: [brlug-general] Offsite DNS hosting for Active Directory

Re: [brlug-general] Offsite DNS hosting for Active Directory

Re: [brlug-general] Offsite DNS hosting for Active Directory

Re: [brlug-general] Offsite DNS hosting for Active Directory

[brlug-general] Offsite DNS hosting for Active Directory

9 matches

Site Navigation

Mail list logo

Footer information