Local IP on DC

Hi guys,

Is it advisable to configure local IP on DCs? i have a DC e.g domain.com, i
configured it with a live IP which is behind a third party firewall acting
as a default gateway, for further enhance security, i intended to configure
a local IP on the DC so that it will totally be inaccessible to unauthorize
users. That DC DOMAIN.COM is a parent domain controller with child domains
A.DOMAIN.COM and B.DOMAIN.COM both located in a remote locations. I wanted
to know if local IP is configured, is there going to be achieved replication
of all FSMO roles from the parent domain to child domain and vice versa? or
Whats your advice on how to specifically configure these settings if it is
really achievable?

Present config data
Domain.com
IP= 83.229.122.4
subnet=255.255.255.0
Gateway=83.229.122.1 (firewall)

A.Domain.com
IP=83.229.122.9
subnet=255.255.255.0
gateway=83.229.122.5

B.Domain.com/
IP=83.229.122.14
subnet=255.255.255.0
gateway=83.229.125.10

All DCs Runs DHCP and are Authoritative to their zone forwarding to th other
DCs as alternate DNS servers.

Trusting in your quick Response
Thanks in Advance
Adamu.

Adamu,

Generally people will try to keep Domain Controllers off of a public IP
address at all costs. Domain Controllers are integral to your operations and
should be protected behind a NAT and firewall or a security server like
Microsoft ISA server.

Domain controllers are usually given internal IP addresses only. In cases
where a windows server is going to be acting as a router/ NAT device, this
box will usually be a stand alone server to prevent exposing a domain
resource.

As to having both addresses, Domain Controllers tend to have problems when
they have NICs in more than one subnet (dual homed) and this is not a
recommended configuration.

Replication between subnets (and thus sites) is usually passed through a
router or layer-3 switch that can ensure that packets get to their
destination. This is not usually done using Windows Servers as the routing
component. Imagine what this would do to the default gateway and the routing
table...

Hope this helps.


--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"Adamu Garba" wrote:

> Hi guys,
>
> Is it advisable to configure local IP on DCs? i have a DC e.g domain.com, i
> configured it with a live IP which is behind a third party firewall acting
> as a default gateway, for further enhance security, i intended to configure
> a local IP on the DC so that it will totally be inaccessible to unauthorized
> users. That DC DOMAIN.COM is a parent domain controller with child domains
> A.DOMAIN.COM and B.DOMAIN.COM both located in a remote locations. I wanted
> to know if local IP is configured, is there going to be achieved replication
> of all FSMO roles from the parent domain to child domain and vice versa? or
> Whats your advice on how to specifically configure these settings if it is
> really achievable?
>
> Present config data
> Domain.com
> IP= 83.229.122.4
> subnet=255.255.255.0
> Gateway=83.229.122.1 (firewall)
>
> A.Domain.com
> IP=83.229.122.9
> subnet=255.255.255.0
> gateway=83.229.122.5
>
> B.Domain.com/
> IP=83.229.122.14
> subnet=255.255.255.0
> gateway=83.229.125.10
>
> All DCs Runs DHCP and are Authoritative to their zone forwarding to th other
> DCs as alternate DNS servers.
>
> Trusting in your quick Response
> Thanks in Advance
> Adamu.
>