- May 21, 2003
- 2,403
- 3
- 81
tl;dr My actual questions are bolded.
I picked up a complimentary license for 2012 Standard from MS's dreamspark site and a couple of SSD's. I'm attempting to duplicate the functionality of my Ubuntu home server. It used to (and still will if I boot the HDD) do all of the following on my network:
-File Server (samba, sftp, nfs, http)
-DHCP & DNS (dnsmasq)
-Firewall/NAT (shorewall)
-DRBL (dnsmasq, nfs, apache)
-local only http(s) (apache)
I do like the look and feel of the OS but I get frustrated with the silly wizards and the MS specific jargon and protocols.
My current, biggest, problem is with the NAT/routing. The config manager wizard insists that I implement either "DirectAccess" and/or VPN along with NAT/routing. The initial wizard offers the option to add/configure NAT alone but then the DA/VPN wizard keeps popping up, with some apparent claim of necessity. If I enable either one, the devices on my LAN lose internet connectivity. I'm assuming each device would then require some configuration to join the VPN. Not all of my devices are windows so I don't think DirectAccess is appropriate. This surprised me because I thought VPNs were only for securing WAN to LAN access. The NAT works currently but the nag wizard disturbs me.
1. Is VPN/DirectAccess really necessary?
My other problem/goal is to achieve some DNS tweaks I had with dnsmasq. It let me create records for devices on the LAN, in addition to reading a separate file of blacklisted domains (about 15000 of them) in the form of
for the purpose of blocking ads and malware (similar to using a HOSTS file). The MS DNS server GUI doesn't look very useful or make much sense to me. If I find myself looking at a helpful error message in windows explaining that 0.0.0.0 isn't a valid address, I fear that I might punch a baby or something. Also, I can't figure out how to tell it not to answer queries on my WAN port.
So briefly my questions on MS DNS are;
2. How to load/import massive numbers of custom records?
3. How to keep it from answering queries on the WAN port?
4. Other efficient options for blocking huge lists of domains on the entire lan?
5. Will MS DNS read records from the OS's HOSTS file file?
TIA for any help.
I picked up a complimentary license for 2012 Standard from MS's dreamspark site and a couple of SSD's. I'm attempting to duplicate the functionality of my Ubuntu home server. It used to (and still will if I boot the HDD) do all of the following on my network:
-File Server (samba, sftp, nfs, http)
-DHCP & DNS (dnsmasq)
-Firewall/NAT (shorewall)
-DRBL (dnsmasq, nfs, apache)
-local only http(s) (apache)
I do like the look and feel of the OS but I get frustrated with the silly wizards and the MS specific jargon and protocols.
My current, biggest, problem is with the NAT/routing. The config manager wizard insists that I implement either "DirectAccess" and/or VPN along with NAT/routing. The initial wizard offers the option to add/configure NAT alone but then the DA/VPN wizard keeps popping up, with some apparent claim of necessity. If I enable either one, the devices on my LAN lose internet connectivity. I'm assuming each device would then require some configuration to join the VPN. Not all of my devices are windows so I don't think DirectAccess is appropriate. This surprised me because I thought VPNs were only for securing WAN to LAN access. The NAT works currently but the nag wizard disturbs me.
1. Is VPN/DirectAccess really necessary?
My other problem/goal is to achieve some DNS tweaks I had with dnsmasq. It let me create records for devices on the LAN, in addition to reading a separate file of blacklisted domains (about 15000 of them) in the form of
Code:
0.0.0.0 somegarbagespewingdomain.com
So briefly my questions on MS DNS are;
2. How to load/import massive numbers of custom records?
3. How to keep it from answering queries on the WAN port?
4. Other efficient options for blocking huge lists of domains on the entire lan?
5. Will MS DNS read records from the OS's HOSTS file file?
TIA for any help.