Intranet Issue

[Dan]

I created an intranet website. I created a dns record called intranet so
when users type in http://intranet it goes to my site. I remember with older
software i think NT4 or 98 you would have to add this to a setting so when
users type this in their browser it will stay in the internal LAN rather
than trying to resolve it or access it on the outside. How do you configure
this in windows 2000. Also I get an active x security warning on some
computers when they view the site how can i setup a GPO to allow this site
to low securty.

thanks

 

[Phillip Windell]

I created an intranet website. I created a dns record called intranet so
when users type in http://intranet it goes to my site. I remember with older
software i think NT4 or 98 you would have to add this to a setting so when
users type this in their browser it will stay in the internal LAN rather
than trying to resolve it or access it on the outside. How do you configure
this in windows 2000. Also I get an active x security warning on some
computers when they view the site how can i setup a GPO to allow this site
to low securty.

The exception list is part of the browser. It doesn't matter if it was 98,
NT, 2000, XP, or 2003. It is all the same. You never needed that in 98 or
NT either,...what it really depended on what what kind of device was being
used to "provide" the Internet (proxy, nat firewall, etc) and how that
device is built, configured, and how its "behavor logic" is designed.

For example a CERN Compliant Web Proxy would resolve the URL on behalf of
the client (client doesn't resolve it itself typically in such cases). The
DNS used by the proxy must be the one setup to resolve to the IP# you
desire. It then compared the discovered IP# to the Local Address Table (LAT)
and if it was in the table the proxy "dropped out" and let the client acess
the site directly, but it the address was not in the LAT it would pass the
request to the outbound Internet router. A NAT-based Firewall device would
be a little different, the client would resolve the URL itself, so whatever
DNS it used had to be the right one so it would resolve to the right
address. Once it had the address it would drop the request on to the "wire"
if it was the same subnet or pass it to the Layer3 routing scheme (default
gateway or static specified gateway). If the request then reached the
Firewall Device it would compare it to it LAT and process accrdingly.

I have used each of those variations here at our location and run Win95,
Win98, NT4.0, Win2000, XP, and Server 2000 & 2003. I have never had to
include an exception in the Browsr's exception list.

 

[Dan]

I dont have a proxy server. I just have a Watchguard firewall. Yes now i
remember the settings i was talking about was the proxy setup where you can
bypass certain sites in the exception list. Since i dont use a proxy then i
think im ok.

 

[Phillip Windell]

I dont have a proxy server. I just have a Watchguard firewall. Yes now i

Yes, one of my "internet devices" is a Watchgaurd too,...its a 1000 series.

 

[Phillip Windell]

I dont have a proxy server. I just have a Watchguard firewall. Yes now i
remember the settings i was talking about was the proxy setup where you can
bypass certain sites in the exception list. Since i dont use a proxy then i
think im ok.

You still shouldn't have to use that exception list,...but if it is working
you can just go with it. But I'm stilll thinking about this,...is this a
Domain?,...you have a DC running DNS? How have you rigged this up?

The simplest and standard way would be to have *all* machines use your
AD/DNS (and only that) as their DNS setting in their network config. The
only place your ISP's DNS would ever appear is in the forwarders list in
your DNS's config. The ISP's DNS should not even appear in the DC's own
network config,...it should not be anywhere except within the Forwarder's
list of the AD/DNS config.

Your own DNS will always be the first DNS (and really the only) that is
queried. If it can't resolve the URL itself it will the "ask" the ISP's DNS
and then give the result back to the Client. The Client will never ask the
ISP's DNS for anything directly. This way, any "intranet" URL will always
be processed by your own DNS which should alwys be able to handle it and
there will never be any "DNS confusion" so there would never be any need for
the "exceptions" to be placed in the browser's settings on the individual
clients.

 

[Dan]

I have my clients point to my Internal DNS Server i have two DC and both
are running DNS in AD mode. My isp doesnt provide DNS so i dont have any
fowarders. I tried to use my register (Network Solutions) dns servers but
kept getting a lot of dns error in the event log.

thanks