w2k server ad/dhcp and dns

[rippinchikkin]

ok Im going to make this a simple as possiable. Im setting up a brand
new server on a network, there are no other servers on the network. so
this will be my dc, i have installed dns and have it directed to our
ISP. ( i think i did this right)
I have assigned the server a static IP, and I have a router that I
was wanting to use for firewall protection and dhcp services, for the
clients.
will this work , or do i need to allow w2k server to run dhcp and
take the router out of the loop?
that is the question, basicly will ad run properly with the router
doing dhcp, or shoud I remove the router and let the setver do it all
if any one needs any further info please let me know

T1 line
linksy router
linksy 16 port switch
1 windows 2000 server
10 clients running win XP
4 clients running win 98s

 

[Herb Martin]

ok Im going to make this a simple as possiable. Im setting up a brand
new server on a network, there are no other servers on the network. so
this will be my dc, i have installed dns and have it directed to our
ISP. ( i think i did this right)

You do NOT direct the "NIC properties" of an internal domain machine
to the ISP. Direct it to itself or the internal DNS server (set).

In the Forwarding tab of the DNS server(s) you usually forward to the ISP
DNS.

I have assigned the server a static IP, and I have a router that I
was wanting to use for firewall protection and dhcp services, for the
clients.
will this work ,

Yes, but only build a scope for the internal side of the router.

or do i need to allow w2k server to run dhcp and
take the router out of the loop?

Not necessary -- either can work.

that is the question, basicly will ad run properly with the router
doing dhcp, or shoud I remove the router and let the setver do it all
if any one needs any further info please let me know

I prefer the router -- even though some people are FORCED to put their
DC on the Internet it is NOT a recommended (security) idea.

 

[Jonathan de Boyne Pollard]

r> do i need to allow w2k server to run dhcp and
r> take the router out of the loop?

Only if you want your DHCP server to send Dynamic DNS updates to your content
DNS server when leases are granted and when they expire, if you want secure
dynamic updates (perhaps because traffic on your LAN is not under your sole
and exclusive control), and if your router's DHCP server does not support
secure DDNS (or even simply does not support DDNS at all) or does not use the
same client verification mechanism for DDNS as Microsoft's DNS server does
(which it quite probably does not).

 

[Alan Wood [MSFT]]

Hi All,
I believe I understand what you are saying. When you stated you Directed
DNS to your ISP, did you mean you set it up to forward to your ISP via the
DNS console on the forwarders tab? If yes that would be correct.

My next question would what are the Client workstation OS's? That is going
to determine alot in this scenerio, on most DHCP routers they automatically
send the DNS Servers to the clients as what is configured on it's self.
Very few have the option to configure what DNS server is being handed to
the client. In anycase, Clients that are Windows 2000 or Windows XP
REQUIRE to use the internal DNS server for AD Authentiction. Your system
may actually still log in, but they are going be slow and Group Policy
Objects and other benefits of the AD will not be functioning.

Point being it really doesn't matter what the DHCP server is as long as
your W2K and WinXP clients are configured to only us your internal DNS
servers or a DNS server that can resolve the SRV records inside your AD
domain.

Hope this Helps!


Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Ace Fekay [MVP]]

In "Alan Wood" [MSFT] <[email protected]> posted their thoughts, then I
offered mine

Point being it really doesn't matter what the DHCP server is as long
as your W2K and WinXP clients are configured to only us your internal
DNS servers or a DNS server that can resolve the SRV records inside
your AD domain.

Hope this Helps!

Hi Alan and Herb,

Actually I prefer Windows DCHP since it works hand in hand with the DDNS
APIs (creating and removing records), and there are more available options,
such as WINS options and Option 081 (registering machines that cannot
register themselves).

Cheers!
Have a great weekend.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Alan Wood [MSFT]]

HI Ace,
I completly agree with you, if there are downlevel clients, but in a
small environment single segment site, downlevel clients don't really need
to be listed in DNS. Personally I would always use W2K DNS, but in some
situations it could be unwarranted and more administration then nessecary
with an existing infrastructure.

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Ace Fekay [MVP]]

In

HI Ace,
I completly agree with you, if there are downlevel clients, but
in a small environment single segment site, downlevel clients don't
really need to be listed in DNS. Personally I would always use W2K
DNS, but in some situations it could be unwarranted and more
administration then nessecary with an existing infrastructure.

Hi Alan,

This is very true. In most cases client registration is overhead and
unnecessary. I just kind of like MS DNS and DHCP. I've just found it easier
since it's on the same machine anway. Either one they choose, at least
clients get their IP addresses!

Cheers!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory