DNS and IPSEC

TheMSsForum.com: The Microsoft Software Forum

Hi All,

Do I need a DNS server in order to be able to use IPSEC between DC server
and clients?

I have win 2000 server with AD and about 10 win2000 pro clients.

I know I have to have a dns for AD but u can also use someone elses DNS as
long as it is configured to serve AD.

Regards,

Admir
Top

Re: DNS and IPSEC by David

David
Thu Sep 11 02:43:05 CDT 2003

No, DNS isn't going to be used by IPSec.
I'd advise taking care in designing your ipsec policy. Quite a number of
different client services require accessing your DC and it's easy to create
a policy which accidently blocks them.

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no rights.


"Admir" <admir000@xs4all.nl> wrote in message
news:%23Gjkd8rdDHA.2176@TK2MSFTNGP09.phx.gbl...
> Hi All,
>
> Do I need a DNS server in order to be able to use IPSEC between DC server
> and clients?
>
> I have win 2000 server with AD and about 10 win2000 pro clients.
>
> I know I have to have a dns for AD but u can also use someone elses DNS as
> long as it is configured to serve AD.
>
> Regards,
>
> Admir
>
>
>


Top

Re: DNS and IPSEC by Admir

Admir
Fri Sep 12 03:07:37 CDT 2003

Thank you verry much David.

Regards,

Admir

"David Beder [MSFT]" <dbeder@online.microsoft.com> wrote in message
news:%231R6ZhDeDHA.2312@TK2MSFTNGP09.phx.gbl...
> No, DNS isn't going to be used by IPSec.
> I'd advise taking care in designing your ipsec policy. Quite a number of
> different client services require accessing your DC and it's easy to
create
> a policy which accidently blocks them.
>
> --
> David
> Microsoft Windows Networking
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "Admir" <admir000@xs4all.nl> wrote in message
> news:%23Gjkd8rdDHA.2176@TK2MSFTNGP09.phx.gbl...
> > Hi All,
> >
> > Do I need a DNS server in order to be able to use IPSEC between DC
server
> > and clients?
> >
> > I have win 2000 server with AD and about 10 win2000 pro clients.
> >
> > I know I have to have a dns for AD but u can also use someone elses DNS
as
> > long as it is configured to serve AD.
> >
> > Regards,
> >
> > Admir
> >
> >
> >
>
>


Top

Re: DNS and IPSEC by bbenson

bbenson
Tue Sep 16 12:49:00 CDT 2003


Hi Admir,

We (Microsoft) do not support negotiating security with IPsec from client
to DC. We do support it from client-client and client-server however.
(IPsec can be used to Block, Permit, or Negotiate Security.)

Read more about what scenarios we support in this KB:
254949 Client-to-Domain Controller and Domain Controller-to-Domain
Controller
http://support.microsoft.com/?id=254949

IPsec does not need DNS since policies can be configured with IPs and not
names. However, clients on a Windows2000 Domain do need DNS.

Boyd Benson
Microsoft Technical Support
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Admir" <admir000@xs4all.nl>
>References: <#Gjkd8rdDHA.2176@TK2MSFTNGP09.phx.gbl>
<#1R6ZhDeDHA.2312@TK2MSFTNGP09.phx.gbl>
>Subject: Re: DNS and IPSEC
>Date: Fri, 12 Sep 2003 10:07:37 +0200
>Lines: 45
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <uEBjwTQeDHA.2432@TK2MSFTNGP09.phx.gbl>
>Newsgroups: microsoft.public.security
>NNTP-Posting-Host: admirqwerty.xs4all.nl 80.126.180.46
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.security:34811
>X-Tomcat-NG: microsoft.public.security
>
>Thank you verry much David.
>
>Regards,
>
>Admir
>
>"David Beder [MSFT]" <dbeder@online.microsoft.com> wrote in message
>news:%231R6ZhDeDHA.2312@TK2MSFTNGP09.phx.gbl...
>> No, DNS isn't going to be used by IPSec.
>> I'd advise taking care in designing your ipsec policy. Quite a number of
>> different client services require accessing your DC and it's easy to
>create
>> a policy which accidently blocks them.
>>
>> --
>> David
>> Microsoft Windows Networking
>> This posting is provided "AS IS" with no warranties, and confers no
>rights.
>>
>>
>> "Admir" <admir000@xs4all.nl> wrote in message
>> news:%23Gjkd8rdDHA.2176@TK2MSFTNGP09.phx.gbl...
>> > Hi All,
>> >
>> > Do I need a DNS server in order to be able to use IPSEC between DC
>server
>> > and clients?
>> >
>> > I have win 2000 server with AD and about 10 win2000 pro clients.
>> >
>> > I know I have to have a dns for AD but u can also use someone elses DNS
>as
>> > long as it is configured to serve AD.
>> >
>> > Regards,
>> >
>> > Admir
>> >
>> >
>> >
>>
>>
>
>
>

Top