On 9/19/05, James W. McKeand <james at mckeand dot biz> wrote:
> PF: m0n0wall wrote:
> >> -----Original Message-----
> >> From: Jay Binks [mailto:Jay dot Binks at safeworld dot net dot au]
> >> Subject: FW: [m0n0wall] DHCP Settings
> >> Mainly, because the windows server sucks.
> >> And is up and down like a yoyo..
> >> Ive managed to HACK my monowall to do as a wanted.
> > If you are running a Windows Active Directory, you are going to
> > eventually run in to a situation where you NEED the Windows DNS
> > working properly or things are going to get hosed. Windows
> > 2000/2003/XP and active directory are very dependent on DNS working
> > properly for the machines that are on the network (i.e.. Servers and
> > workstations need DNS entries.) For example, if you try and add a
> > machine to the domain and it can't resolve the AD servers DNS name,
> > it won't fly.
> > I run several Windows networks and never have had any issues with
> > Windows 2000/2003 DNS servers crashing or being unavailable.
> > Something is wrong with your setup if this is happening.
> > As another poster mentioned, the best idea is to use the AD DNS for
> > your Windows machines and have the AD DNS servers use m0n0wall as the
> > DNS forwarder.
> > OK, let the flame war commence.
> Don't want to flame - want to agree... For AD to work properly you need
> use Microsoft's DNS. They say you can use BIND, but my experience has
> been when you don't use Microsoft's parts things go goofy - quick.
> Probably 95% of the networks I have been called into work on have
> problems stemming from name resolution - this goes back for over 8 years
> with NT 4 networks. If name resolution does not work properly - all
> kinds of squirrelly things happen. Whether the name resolution mechanism
> is DNS or WINS, if it is broke (or not used) things do not go well.
> As far as "HACK my monowall to do as a wanted" why would anyone go threw
> that much trouble. You can take a piece of steel, drill a hole, tap it
> (put internal threads in the hole), cut the corners off and make a nut.
> Or go to the hardware store a get one ready made out of a bin.
Another "yes indeed" from someone whose day job is ~25% administering
a Windows AD network, plus consulting jobs to clean up the mess where
"Windows goes wrong", and has been working with Windows domains since
the NT 4 days starting shortly after it came out back in 1996.
If any Windows server, especially 2000 or 2003, is "up and down like a
yoyo", the least of your problems are coming from Redmond. Rather
might I suggest you find someone competent to handle Windows server
and to the original poster: I told you how to do what you're after in
my first response, all the functionality exists in m0n0wall already.