• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 171
  • Last Modified:

DHCP - DNS for remote locations: how to best configure?

We have a network that spans multiple physical locations.  Each physical location has it's own server running DHCP.  It's configured to be a single domain via routers (nothing fancy).  The domain controllers (primary & backup) are located at the home office.  So my question is about best practices with DHCP configurations.  These remote servers currently give out two IPs for DNS resolution:

   1 - their self
   2 - the primary domain controller at home office

They don't reference the backup domain controller.  Is this the best strategy for configuring remote DHCP servers?  If not, how should it be configured?

  • 2
1 Solution
David LeeCommented:
Hi. Gary.

You don't mention which servers are DNS servers.  I'm assuming that they all are.  There's also no mention of what type of servers we're talking about, but since the question is in the Windows 2000 TA I guess that's what they are.  The reason I'm a little unsure is because your posts mention primary and backup servers and that was an NT4 concept.  W2K has domain controllers and member servers.  Since there's no correlation I know of between a server being a DC and DNS, then for my money the best configuration is the one that uses the least bandwidth.  For the outlying offices, having DHCP hand out a DNS address to an onsite DNS server means no traffic on the WAN.  In my book that's good.  If the local server is down, then having a secondary DNS entry pointing to another office, in this case the home office, sounds good too.  nless of course the home office is several hops away on the WAN and there's another DNS server that's closer in terms of hops.  I don't think it matters too much which DNS server at the home office you point to.  Just so long as they (the outlying offices) have some place to fall back to.  You might want to decide that issue based on what else the servers at the home office do.  If the server you consider as the primary has a high utilization rate, then it might be a good idea to point the outlying clients at the other server.  If both servers have similar ultilization levels, then either pick one or divide the clients up so that some remote locations point to one and some to the other.  That's my two cents worth.
the best way would be to have a domain controller in each office.  eaach would run dns and dhcp and replicate with each other office.  this would also allow the other offices to logon if the main office is offline, becausae each has a logon server.  

does this help any?
garystarkAuthor Commented:
Hi BlueDevilFan,

Much thanks for the info.  Just a bit of clarification...when I say primary and backup servers, I'm referring to the fact they they both have Active Directory running on them.  The servers in the outer offices do not have AD installed.  I realize this strays from the original question, but should I have AD running on the outer office servers as well?

You asked which servers are running DNS.  As you guessed, all of the servers mentioned are.  And yes, they're all Win2k.  And yes, I do get confused with the old NT concepts in my descriptions.

I think you've really answered my questions, even without the clarifications.  But I'm still wondering if I should have AD installed on the outer office servers...?

One more thing....doesn't DHCP allow you to specify more than two DNS servers?  If so, shouldn't I just specify both of the home DNS machines instead of just one or the other?

David LeeCommented:

It's a matter of choice as to whether you opt to have AD on the outer office servers.  Some folks will say that's the way to do it and others will say it's not.  I have a similar office structure to what you described, a home office with several remote branch offices.  We elected to put an AD server in each remote office so they'd be able to authenticate even if the WAN link is down and to minimize traffic on the WAN.  We're cursed with slow WAN links and felt this was the best way to minimize bandwidth usage.  The downside of doing it this way is that it increase the complexity of your AD structure and it increases replication traffic.  If you have extremely stable WAN links, or have backup circuits so that communication with the home office is pretty well assured, and the links are fast enough and not overly saturated, then I'd say don't bother putting an AD server in the remote offices.  Otherwise, I'd recommend putting one in each office.  

Yes, I believe you can configure more than two DNS servers in DHCP.  It certainly can't hurt to configure a third server in case one of the two DCs are down in the home office.

Hope that helps.


Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now