If you built your own external DNS servers for , this section has information you should know. If you are using existing external DNS servers for your solution, you can skip this part of Best Practices for Centralized Management.
Remove or Disable Unneeded Services
Because your external DNS server is running on a stand-alone computer running Windows Server 2003, most of the default services are unnecessary. The best approach is to not install services you do not need. If the service is already there, uninstall it. Not all services allow this, though. Disable the ones you cannot remove.
Services to Remove
If they exist, uninstall the following DNS server services as shown in the following table. Next to each item is an indication whether the item is part of a default Windows Server 2003 installation.
Table: DNS Server Services to Uninstall
Service | Default |
---|---|
Certificate Services |
No |
Indexing Service |
Yes |
Internet Information Services (IIS) and All Components |
Yes |
All Management and Monitoring Tools (with the Possible Exception of SNMP) |
No |
Message Queuing Services |
No |
All Networking Services Subcomponents Except DNS |
No |
All Other Network File and Print Services |
No |
Remote Installation Devices |
No |
Remote Storage |
No |
Terminal Services Licensing |
No |
Windows Media Services |
No |
Note: |
---|
If you want, install Simple Network Management Protocol (SNMP) (under Management and Monitoring tools) and Terminal Services. |
Disable the following services. Some are set to manual, and some are set to automatic; none of them are required, so disabling them is the safest route. (A few services, such as inter-site messaging and the Kerberos key distribution center are already disabled, so they are not listed here.)
- Alerter
- Application Management
- ClipBook
- Computer Browser
- Distributed File System
- Distributed Link Tracking Client
- Distributed Link Tracking Server
- Distributed Transaction Coordinator
- Fax Service
- File Replication
- Internet Connection Sharing
- License Logging Service
- Messenger
- NetMeeting Remote Desktop Sharing
- Network Dynamic Data Exchange (DDE)
- Network DDE Share Database Manager (DSDM)
- Print Spooler
- Remote Access Auto Connection Manager
- Remote Access Connection Manager
- Remote Registry Service
- RunAs Service
- Smart Card
- Smart Card Helper
- Task Scheduler
- TCP/IP NetBIOS Helper Service
- Telephony
- Telnet
Network Configuration
Because the DNS server does not perform any file sharing or similar activities, you should confirm that in the advanced properties of the TCP/IP protocol the following properties are disabled:
- Client for Microsoft Networks
- File and Printer Sharing for Microsoft Networks
- NetBIOS over TCP/IP
You perform these steps when you configure external DNS servers.