If you built your own external DNS servers for , this section has information you should know. If you are using existing external DNS servers for your solution, you can skip this part of Best Practices for Centralized Management.

Remove or Disable Unneeded Services

Because your external DNS server is running on a stand-alone computer running Windows Server 2003, most of the default services are unnecessary. The best approach is to not install services you do not need. If the service is already there, uninstall it. Not all services allow this, though. Disable the ones you cannot remove.

Services to Remove

If they exist, uninstall the following DNS server services as shown in the following table. Next to each item is an indication whether the item is part of a default Windows Server 2003 installation.

Table: DNS Server Services to Uninstall

Service Default

Certificate Services

No

Indexing Service

Yes

Internet Information Services (IIS) and All Components

Yes

All Management and Monitoring Tools (with the Possible Exception of SNMP)

No

Message Queuing Services

No

All Networking Services Subcomponents Except DNS

No

All Other Network File and Print Services

No

Remote Installation Devices

No

Remote Storage

No

Terminal Services Licensing

No

Windows Media Services

No

Note:
If you want, install Simple Network Management Protocol (SNMP) (under Management and Monitoring tools) and Terminal Services.

Disable the following services. Some are set to manual, and some are set to automatic; none of them are required, so disabling them is the safest route. (A few services, such as inter-site messaging and the Kerberos key distribution center are already disabled, so they are not listed here.)

  • Alerter
  • Application Management
  • ClipBook
  • Computer Browser
  • Distributed File System
  • Distributed Link Tracking Client
  • Distributed Link Tracking Server
  • Distributed Transaction Coordinator
  • Fax Service
  • File Replication
  • Internet Connection Sharing
  • License Logging Service
  • Messenger
  • NetMeeting Remote Desktop Sharing
  • Network Dynamic Data Exchange (DDE)
  • Network DDE Share Database Manager (DSDM)
  • Print Spooler
  • Remote Access Auto Connection Manager
  • Remote Access Connection Manager
  • Remote Registry Service
  • RunAs Service
  • Smart Card
  • Smart Card Helper
  • Task Scheduler
  • TCP/IP NetBIOS Helper Service
  • Telephony
  • Telnet

Network Configuration

Because the DNS server does not perform any file sharing or similar activities, you should confirm that in the advanced properties of the TCP/IP protocol the following properties are disabled:

  • Client for Microsoft Networks
  • File and Printer Sharing for Microsoft Networks
  • NetBIOS over TCP/IP

You perform these steps when you configure external DNS servers.