Gekko_uk Posted June 23, 2005 Share Posted June 23, 2005 Hi everyone,Is it better to leave the job of DHCP + DNS to the router or to the server 2003 Box, which is also running AD.I am also wondering if it is just best to use router for dns, and use staic ip's.Your thoughts?cheersAndy (1st time poster) Link to comment Share on other sites More sharing options...
FAT64 Posted June 23, 2005 Share Posted June 23, 2005 (edited) Personally, I would have both running DHCP (with different address ranges of course), so that if the Server is offline, at least your clients can get an IP address. Routers don't provide DNS as far as I am aware. Your Server will provide LAN DNS and your ISP will provide Internet DNS. Edited June 23, 2005 by FAT64 Link to comment Share on other sites More sharing options...
maxamoto Posted June 23, 2005 Share Posted June 23, 2005 (edited) Highly recommended that you run DHCP+DNS from the Server2003 box. Just make sure you secure your DNS against cache poisoning and other things. Check Technet DNS best practices for a good DNS primer. Edited June 23, 2005 by maxamoto Link to comment Share on other sites More sharing options...
FAT64 Posted June 23, 2005 Share Posted June 23, 2005 Also from the same TechNet site ...With two DHCP servers, if one server is unavailable, the other server can take its place and continue to lease new addresses or renew existing clients. Link to comment Share on other sites More sharing options...
Hamins Posted June 23, 2005 Share Posted June 23, 2005 I dunno of any routers that provide DNS, you can use Static IPs in a small network. However, I know of certain firewalls that are capable of assigning IPs, and providing DNS, eg. Watchguard X500. Link to comment Share on other sites More sharing options...
valter Posted June 23, 2005 Share Posted June 23, 2005 Hi everyone,Is it better to leave the job of DHCP + DNS to the router or to the server 2003 Box, which is also running AD.I am also wondering if it is just best to use router for dns, and use staic ip's.Your thoughts?cheersAndy (1st time poster)<{POST_SNAPBACK}>You CAN NOT authorize router DHCP server in AD ... so run DHCP from your Win2k3 box ... Link to comment Share on other sites More sharing options...
ironfist241 Posted June 23, 2005 Share Posted June 23, 2005 Hmm... would it not be favourable to do away with the router and use the 2003 box as a gateway? thru routing and remote access that will also provide a better NAT (if NAT is required that is, you didnt state if it was a WAN router or IP router) Link to comment Share on other sites More sharing options...
maxamoto Posted June 23, 2005 Share Posted June 23, 2005 Hi everyone,Is it better to leave the job of DHCP + DNS to the router or to the server 2003 Box, which is also running AD.I am also wondering if it is just best to use router for dns, and use staic ip's.Your thoughts?cheersAndy (1st time poster)<{POST_SNAPBACK}>You CAN NOT authorize router DHCP server in AD ... so run DHCP from your Win2k3 box ...<{POST_SNAPBACK}>I'm not sure not being able to auth a router's DHCP service in AD would affect anything, since clients would still be able to grab IPs from any DHCP server on the network, including a router. It would, however, affect being able to use RIS, since I'v personally had issues with using non-AD DHCP servers and RIS. I'm sure there are ways to provision an AD network so that clients refuse anything except AD DHCP packets. I'd actually be interested to hear if anyone has ever done this Link to comment Share on other sites More sharing options...
valter Posted June 23, 2005 Share Posted June 23, 2005 Hi everyone,Is it better to leave the job of DHCP + DNS to the router or to the server 2003 Box, which is also running AD.I am also wondering if it is just best to use router for dns, and use staic ip's.Your thoughts?cheersAndy (1st time poster)<{POST_SNAPBACK}>You CAN NOT authorize router DHCP server in AD ... so run DHCP from your Win2k3 box ...<{POST_SNAPBACK}>I'm not sure not being able to auth a router's DHCP service in AD would affect anything, since clients would still be able to grab IPs from any DHCP server on the network, including a router. It would, however, affect being able to use RIS, since I'v personally had issues with using non-AD DHCP servers and RIS. I'm sure there are ways to provision an AD network so that clients refuse anything except AD DHCP packets. I'd actually be interested to hear if anyone has ever done this <{POST_SNAPBACK}>I've tried few times using non-AD DHCP and there were always issues ... bunch of errors in event log, etc. ... I dont think MS thought of someone using third party DHCP server with AD Link to comment Share on other sites More sharing options...
Gekko_uk Posted June 30, 2005 Author Share Posted June 30, 2005 Sorry guys, Ive been away for awhile.See, my main reason for using router as DHCP was so in the event of server falling on its arse, users could still surf the net via local accounts.But, would this still work, ie if server fell over, would they clients just keep the assigned addresses and be able to surf?I had to restart the server recently, and the clients couldnt surf the internet.When I tried using static IP's, the logins would take 7min+!!! for some unknown reson, using server as dhcp solved this.But now that I have learned more, and the system is more established, I would like to refine it a little more.Cheers Link to comment Share on other sites More sharing options...
maxamoto Posted June 30, 2005 Share Posted June 30, 2005 (edited) Sorry guys, Ive been away for awhile.See, my main reason for using router as DHCP was so in the event of server falling on its arse, users could still surf the net via local accounts.But, would this still work, ie if server fell over, would they clients just keep the assigned addresses and be able to surf?I had to restart the server recently, and the clients couldnt surf the internet.When I tried using static IP's, the logins would take 7min+!!! for some unknown reson, using server as dhcp solved this.But now that I have learned more, and the system is more established, I would like to refine it a little more.Cheers<{POST_SNAPBACK}>Long logins with AD is almost always a DNS issue. Check your client records in the DNS console for duplicates. Also, if you're running WINS duplicate records in the database can sometimes cause a problem.If you want your clients to be able to surf the net when server falls over (although, keeping the server standing up straight would also solve your issues, it would seem), configure your Win2003 DHCP to assign your clients the AD DNS server as DNS server #1 and your ISP DNS server as #2. Or alternately, just set up a caching-only DNS server in your perimeter and call it a day. Edited June 30, 2005 by maxamoto Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now