DNS Server And Web Server

Hi.

Could somebody tell me -
Should these two servers have their own, indpendant boxes?
Or, is it safe to run DNS on the same box that does Web traffic?
I am guessing DNS and Web should be on their own hardware
but I figured i'd get some experienced input.

Thanks.

Internal or external DNS? You could use the same machine. But... with
Windows, if you are running DNS, that usually means Domain Controller. It is
not advisable to put a Windows Domain Controller directly on the Internet.

Also,normally you would use your ISP for external DNS and use a Windows
Domain Controller for your internal DNS. Is that what you have in mind? No?
Explain please.

-Frank

"pbd22" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi.
>
> Could somebody tell me -
> Should these two servers have their own, indpendant boxes?
> Or, is it safe to run DNS on the same box that does Web traffic?
> I am guessing DNS and Web should be on their own hardware
> but I figured i'd get some experienced input.
>
> Thanks.
>

On Apr 2, 5:31 pm, "Frankster" <F...@SPAMTOTRASH.com> wrote:
> Internal or external DNS? You could use the same machine. But... with
> Windows, if you are running DNS, that usually means Domain Controller. It is
> not advisable to put a Windows Domain Controller directly on the Internet.
>
> Also,normally you would use your ISP for external DNS and use a Windows
> Domain Controller for your internal DNS. Is that what you have in mind? No?
> Explain please.
>
> -Frank
>
> "pbd22" <dush...@gmail.com> wrote in message
>
> news:(E-Mail Removed) oups.com...
>
> > Hi.
>
> > Could somebody tell me -
> > Should these two servers have their own, indpendant boxes?
> > Or, is it safe to run DNS on the same box that does Web traffic?
> > I am guessing DNS and Web should be on their own hardware
> > but I figured i'd get some experienced input.
>
> > Thanks.


Thanks for the reply.

> Is that what you have in mind? No? Explain please.

I am trying to figure out what is the best network design for the
following:

1) Web Server
2) Mail Server
3) File Server (video)
4) Database Server(s)

I am using Active Directory (as you guessed) and Windows Server 2003.
What I am a little unclear about is how to design the network (ie what
services
go on what boxes and where in the network). I just put together a
network diagram in Paint but see that google forums doesnt offer an
upload option.
So, this is what I am (currently) thinking:

[INTERNET/ISP]
|
[modem]
|
[firewall/router]
|
[web server/domain controller] [dns server (ns1)] [dns server (ns2)]
[dhcp server] [file server]
|
[firewall/router]
|
[DB server(s)] [mail server]

Each server represents its own box. I put the domain controller for
active directory on the same box as the web server - is that correct?
I also gave DNS and DHCP their own boxes (and a back-up for DNS). I
put mail and the DB cluster behind a firewall. Does the above network
diagram look
reasonable? What changes (if any) would you make?
Thanks in advance!

I might put the web server and the mail server on one box (assuming you want
access from outside).

Domain Controller, DNS server and file server on another box. Don't allow
external access to your DC.

There is a lot more to this than simply what applications you are running.
The type of access you need is important to the design
(LAN/WAN/Remote/VPN/Terninal Server?). As well as the loading (heavy
processing power or I/O, light processing power or I/O, large/small number
of users, etc.)

-Frank

"pbd22" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> On Apr 2, 5:31 pm, "Frankster" <F...@SPAMTOTRASH.com> wrote:
>> Internal or external DNS? You could use the same machine. But... with
>> Windows, if you are running DNS, that usually means Domain Controller. It
>> is
>> not advisable to put a Windows Domain Controller directly on the
>> Internet.
>>
>> Also,normally you would use your ISP for external DNS and use a Windows
>> Domain Controller for your internal DNS. Is that what you have in mind?
>> No?
>> Explain please.
>>
>> -Frank
>>
>> "pbd22" <dush...@gmail.com> wrote in message
>>
>> news:(E-Mail Removed) oups.com...
>>
>> > Hi.
>>
>> > Could somebody tell me -
>> > Should these two servers have their own, indpendant boxes?
>> > Or, is it safe to run DNS on the same box that does Web traffic?
>> > I am guessing DNS and Web should be on their own hardware
>> > but I figured i'd get some experienced input.
>>
>> > Thanks.
>
>
> Thanks for the reply.
>
>> Is that what you have in mind? No? Explain please.
>
> I am trying to figure out what is the best network design for the
> following:
>
> 1) Web Server
> 2) Mail Server
> 3) File Server (video)
> 4) Database Server(s)
>
> I am using Active Directory (as you guessed) and Windows Server 2003.
> What I am a little unclear about is how to design the network (ie what
> services
> go on what boxes and where in the network). I just put together a
> network diagram in Paint but see that google forums doesnt offer an
> upload option.
> So, this is what I am (currently) thinking:
>
> [INTERNET/ISP]
> |
> [modem]
> |
> [firewall/router]
> |
> [web server/domain controller] [dns server (ns1)] [dns server (ns2)]
> [dhcp server] [file server]
> |
> [firewall/router]
> |
> [DB server(s)] [mail server]
>
> Each server represents its own box. I put the domain controller for
> active directory on the same box as the web server - is that correct?
> I also gave DNS and DHCP their own boxes (and a back-up for DNS). I
> put mail and the DB cluster behind a firewall. Does the above network
> diagram look
> reasonable? What changes (if any) would you make?
> Thanks in advance!
>

Frankly that doesn't make any sense at all. What you have created is a
DMZ using back-to-back firewalls. This is a pretty tricky thing to handle.
If I did go that way I certainly would not put the DC in the DMZ. I would
put the DC (with DNS and DHCP) on the private LAN behind the inner firewall.
There are arguments for and against putting the mail server in the DMZ.

"pbd22" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> On Apr 2, 5:31 pm, "Frankster" <F...@SPAMTOTRASH.com> wrote:
>> Internal or external DNS? You could use the same machine. But... with
>> Windows, if you are running DNS, that usually means Domain Controller. It
>> is
>> not advisable to put a Windows Domain Controller directly on the
>> Internet.
>>
>> Also,normally you would use your ISP for external DNS and use a Windows
>> Domain Controller for your internal DNS. Is that what you have in mind?
>> No?
>> Explain please.
>>
>> -Frank
>>
>> "pbd22" <dush...@gmail.com> wrote in message
>>
>> news:(E-Mail Removed) oups.com...
>>
>> > Hi.
>>
>> > Could somebody tell me -
>> > Should these two servers have their own, indpendant boxes?
>> > Or, is it safe to run DNS on the same box that does Web traffic?
>> > I am guessing DNS and Web should be on their own hardware
>> > but I figured i'd get some experienced input.
>>
>> > Thanks.
>
>
> Thanks for the reply.
>
>> Is that what you have in mind? No? Explain please.
>
> I am trying to figure out what is the best network design for the
> following:
>
> 1) Web Server
> 2) Mail Server
> 3) File Server (video)
> 4) Database Server(s)
>
> I am using Active Directory (as you guessed) and Windows Server 2003.
> What I am a little unclear about is how to design the network (ie what
> services
> go on what boxes and where in the network). I just put together a
> network diagram in Paint but see that google forums doesnt offer an
> upload option.
> So, this is what I am (currently) thinking:
>
> [INTERNET/ISP]
> |
> [modem]
> |
> [firewall/router]
> |
> [web server/domain controller] [dns server (ns1)] [dns server (ns2)]
> [dhcp server] [file server]
> |
> [firewall/router]
> |
> [DB server(s)] [mail server]
>
> Each server represents its own box. I put the domain controller for
> active directory on the same box as the web server - is that correct?
> I also gave DNS and DHCP their own boxes (and a back-up for DNS). I
> put mail and the DB cluster behind a firewall. Does the above network
> diagram look
> reasonable? What changes (if any) would you make?
> Thanks in advance!
>