DNS & DHCP on External NAT Device/Router - Not on Windows 2003 Ser

Discussion in 'DNS Server' started by The Organizer, Apr 21, 2006.

  1. Hello,
    I searched through the forum and nothing came up so I decided to post. This
    is my first posting so be gentle :)

    I just got a new Windows 2003 SBS and I am setting up a new network with XP
    Pro clients.
    I have a a linksys router/DSL gateway/NAT that is connected to a dsl modem
    and acts as DNS/DHCP/NAT.

    I understand that AD uses DNS heavilly. Do I have to make the 2003 server
    DHCP/DNS or can the router keep doing this job?

    What are the pros and cons of letting the router or server do DHCP/DNS? Is
    there any point in having one do the DNS and the other DHCP?
     
    The Organizer, Apr 21, 2006
    #1
    1. Advertisements

  2. The Organizer

    Jmnts Guest

    Hello,

    1 - Disable the Dhcp on the router. (Use the Sbs Dhcp so that can be used
    for registering your client's IPAddress in Dns). Sbs will refuse to start
    his DHCP server if detects any unouthorized DHCP in the network, and you'll
    start to see other related problems in eventviewer. If I recall well if you
    are using Sbs premium edition, and the Dhcp service is stoped then the ISA
    server will stop.
    2 - The Dns on the router is relating to your ISP dns?
    3 - The Dns Server that your clients should use is the Sbs DNS ONLY. What
    you could do to increase security is to configure the Sbs Dns properties and
    under Forwarders tab and place the router IPAddress (Optional - Check do not
    use recursion for this domain, be aware that checking this box your Dns will
    not try to use the root hints for internet resolution, so if the router
    can't resolve internet names, all queries will fail) - Generaly the Sbs
    configuration does this for you , use To do List in Sbs Admin Menu, and
    click -> Connect to Internet.
     
    Jmnts, Apr 21, 2006
    #2
    1. Advertisements

  3. Thanks for your response.

    Here are some answers to your questions and more questions?

    1 - Do I have to use SBS's DHCP? Why?

    2 - The router is setup with ISP (external) DNS servers. There is also an A
    and MX record on ISP DNS that points to the router's IP address as our mail
    server.

    3 - Do I have to use SBS's DNS? Why?



    I just want to make sure I got it right.
     
    The Organizer, Apr 21, 2006
    #3
  4. The Organizer

    Herb Martin Guest

    Simon and Jmnts have it correct so I am only going
    to add a couple of encouragements or emphasize a
    couple of "gotchas"....

    Many of these routers will NOT allow you to configure
    their DHCP to give out a different DNS than the router
    (or configure other things either.)

    This is CRITICAL as Simon says. Windows DNS Clients
    MUST use STRICTLY the (internal) DNS which resolve
    all of the internal names related to the Domain Controller(s)
    and other AD issues. There is NO choice.

    Typically the internal DNS CAN (and probably should)
    forward to the Router's DNS server so that the DC-DNS
    will not have to expose itself to the danger (or load) of
    having to visit the (entire) world of the Internet which
    can potentially include places such as "evilhackersRus.com"

    Simon is saying it precisely correctly. It has to resolve
    those interal names.

    PRACTICALLY this means the internal DNS client must
    use the SBS (or the internal DNS server set if you were
    using regular Windows server.)

    Don't fight it. Just do this.
    I vote for letting the internal DNS forward to the ROUTER,
    and let the router deal with the Internet.

    Notice that the internal (SBS) DNS will only forward for
    those names it doesn't know, and only after it has checked
    for all of the internal names.

    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Apr 23, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.