DHCP - DNS for remote locations: how to best configure?

Posted on 2004-10-19
Medium Priority
Last Modified: 2010-04-14
We have a network that spans multiple physical locations.  Each physical location has it's own server running DHCP.  It's configured to be a single domain via routers (nothing fancy).  The domain controllers (primary & backup) are located at the home office.  So my question is about best practices with DHCP configurations.  These remote servers currently give out two IPs for DNS resolution:

   1 - their self
   2 - the primary domain controller at home office

They don't reference the backup domain controller.  Is this the best strategy for configuring remote DHCP servers?  If not, how should it be configured?

Question by:garystark
  • 2
LVL 76

Expert Comment

by:David Lee
ID: 12353632
Hi. Gary.

You don't mention which servers are DNS servers.  I'm assuming that they all are.  There's also no mention of what type of servers we're talking about, but since the question is in the Windows 2000 TA I guess that's what they are.  The reason I'm a little unsure is because your posts mention primary and backup servers and that was an NT4 concept.  W2K has domain controllers and member servers.  Since there's no correlation I know of between a server being a DC and DNS, then for my money the best configuration is the one that uses the least bandwidth.  For the outlying offices, having DHCP hand out a DNS address to an onsite DNS server means no traffic on the WAN.  In my book that's good.  If the local server is down, then having a secondary DNS entry pointing to another office, in this case the home office, sounds good too.  nless of course the home office is several hops away on the WAN and there's another DNS server that's closer in terms of hops.  I don't think it matters too much which DNS server at the home office you point to.  Just so long as they (the outlying offices) have some place to fall back to.  You might want to decide that issue based on what else the servers at the home office do.  If the server you consider as the primary has a high utilization rate, then it might be a good idea to point the outlying clients at the other server.  If both servers have similar ultilization levels, then either pick one or divide the clients up so that some remote locations point to one and some to the other.  That's my two cents worth.

Expert Comment

ID: 12353650
the best way would be to have a domain controller in each office.  eaach would run dns and dhcp and replicate with each other office.  this would also allow the other offices to logon if the main office is offline, becausae each has a logon server.  

does this help any?

Author Comment

ID: 12353749
Hi BlueDevilFan,

Much thanks for the info.  Just a bit of clarification...when I say primary and backup servers, I'm referring to the fact they they both have Active Directory running on them.  The servers in the outer offices do not have AD installed.  I realize this strays from the original question, but should I have AD running on the outer office servers as well?

You asked which servers are running DNS.  As you guessed, all of the servers mentioned are.  And yes, they're all Win2k.  And yes, I do get confused with the old NT concepts in my descriptions.

I think you've really answered my questions, even without the clarifications.  But I'm still wondering if I should have AD installed on the outer office servers...?

One more thing....doesn't DHCP allow you to specify more than two DNS servers?  If so, shouldn't I just specify both of the home DNS machines instead of just one or the other?

LVL 76

Accepted Solution

David Lee earned 1000 total points
ID: 12354495

It's a matter of choice as to whether you opt to have AD on the outer office servers.  Some folks will say that's the way to do it and others will say it's not.  I have a similar office structure to what you described, a home office with several remote branch offices.  We elected to put an AD server in each remote office so they'd be able to authenticate even if the WAN link is down and to minimize traffic on the WAN.  We're cursed with slow WAN links and felt this was the best way to minimize bandwidth usage.  The downside of doing it this way is that it increase the complexity of your AD structure and it increases replication traffic.  If you have extremely stable WAN links, or have backup circuits so that communication with the home office is pretty well assured, and the links are fast enough and not overly saturated, then I'd say don't bother putting an AD server in the remote offices.  Otherwise, I'd recommend putting one in each office.  

Yes, I believe you can configure more than two DNS servers in DHCP.  It certainly can't hurt to configure a third server in case one of the two DCs are down in the home office.

Hope that helps.


Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
As a person who answers a lot of questions, I often see code that could be simplified, made easier to read, and perhaps most importantly made easier to maintain if the code was modified to use the Select Case statement. This article explains how to…
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question