Microsoft

Tech Tip: Set up a DNS server/Configure TCP/IP filters in Win2K

Learn how to set up a DNS server and configure TCP/IP filters.

Windows 2000 Professional: Set up a DNS server

There was a time when it wasn't necessary to resolve an IP address from a host name. Systems administrators shared a text file that contained the name-to-address mapping of all the servers anyone could possibly want to access. Today, with millions of computers connected to the Internet, that simple method doesn't cut it anymore. That's where Domain Name Service (DNS) comes into play.

A DNS server accepts name resolution requests and returns the associated IP address. Windows NT Server, Windows 2000 Server, and Windows Server 2003 all have DNS services that allow them to act as DNS servers. However, Windows 2000 Professional does not.

If you're setting up your own Web server or need to delegate a portion of your domain, and you don't want the expense of setting up Windows 2000 Server, there are a handful of third-party DNS server applications that can run on Windows 2000 Professional (and even Windows 9x). JH Software's Simple DNS Plus is one option. A search of your favorite download site will likely turn up others.

In addition to choosing a DNS server application for Windows 2000 Professional, you also need to consider potential changes to your firewall to accommodate the DNS server. Specifically, if the DNS server sits on a private subnet and the firewall uses port mapping to direct traffic, you should configure the firewall to forward port 53 to your DNS server.

Windows 2000 Server: Configure TCP/IP filters

Firewalls are standard for every network, but they don't solve all problems. While they do a great job of protecting a network of computers, they do very little for each individual server. This is where a helpful, yet rarely used, Windows 2000 feature can help you. TCP/IP filtering lets you configure special IP filters that determine the type of network traffic that reaches your computer.

You can specify which TCP or UDP ports and IP protocols to allow or not allow into your server. While this is no substitute for a real firewall, it will make your network a little more secure.

To configure IP filters, follow these steps:

  1. Open the Network And Dial-Up Connections folder, and right-click the network interface that you want to configure IP filters for.
  2. Click Properties, and click Advanced.
  3. On the Options tab, select TCP/IP Filtering in the Optional Settings list.
  4. Click Properties, and select the Enable TCP/IP Filtering check box.
  5. For each filter type (TCP, UDP, IP), you can permit all and deny only specified, or deny everything except the specified. (For instance, if you want to allow only TCP Port 80 to your computer, click Permit Only for all three filter types, and click Add for TCP Ports and specify port 80.)
  6. When you're finished, click OK to close the dialog box.

Make sure you properly plan for TCP/IP filtering. Disabling everything except ports you explicitly define creates stronger security because you know exactly what's open. However, when configuring IP filters, you must be very familiar with your network, or some applications might stop working.

Editor's Picks

Free Newsletters, In your Inbox