Lab system oh boy! - NAT on a DC+DNS

Posted on 2005-04-26
Last Modified: 2010-04-10
want to set up a lab system with 3 pc's. One will be a windows 2003 DC with DNS running to serve clients in the domain.  The other systems will use this DC for domain and internet. DNS will be set up to forward internet requests to the ISP's dns.
The dc will connect to a DLS line with a public IP but I have no router to work with here. I want to put 2 nic cards in the dc - one public and one private but I am confused about the gateways.  Is this possible to do with one interface listening to client dns requests and one connected to the public network?

Here's what I'm thinking:

Private NIC
GW ?

Public NIC

Open RAS wizard and configure the box as a router with NAT on the public NIC. Can this work?

Thanks in advance!
Question by:zenportafino
    LVL 24

    Accepted Solution

    Yes, this is how I have my home system set up.

    Two NICs, the first with a private IP of your choice.  This NIC should have no default gateway set (your server is the default gateway), and it's only DNS server entry should be itself (using the private address).

    The other NIC (connected to your DSL line) would be set up with your public IP, default gateway as provided by your ISP, and DNS itself again (but using the public IP address, in your example  It is your DNS server that should be set up to forward requests to your ISP's DNS server, this should not be set on your NICs.  If you do set up your ISPs DNS servers on your NIC, Windows will try and query it for Active Directory information, and also try to update it with this information - which will be rejected by most ISPs and just wastes bandwidth (can also create long delays when browsing resources on your local network).

    After that, it is as you say... run RRAS wizard and tell it which interface is which... it pretty much takes care of itself.  It is worth enabling at least the basic firewall too on the public interface.  Many people recommend getting an additional firewall, though in a test set-up it is probably not necessary.  I stick with just the basic firewall for my set-up.
    LVL 4

    Expert Comment

    Sorry, but I always say firewalls are mandatory between public and private networks. Personal bias, but even in labs I would do it. You would essentially be turning that DC into a router, so you actually do have one to work with now...
    LVL 8

    Expert Comment

    I'm with you rburns50 .
    There is NO substitute for a hardware firewall.
    Why give your domain controller even more overheads by making it impersonate a router aswell?
    the way i look at it is this. If i want to stop intruders into my network i want more than 1 hardware device doing it, and why let them get all the way to a server before trying to stop them?
    Went to a seminar a few years ago and it has stuck with me, even way back in midevial times did they only have one line of defense? of course not they had a moat, then high walled castles, then archers. and if you got past that there were several decoys inside to mislead a potential thief/invader.
    LVL 1

    Author Comment

    Thanks a bunch purple. We're in a pinch so making the box a router as well is going to have to do. I know for some this is an a rotton thing to do but it will serve it's purpose and will be down by next week.  

    Also, for excitement, we're not going to rename the administrator account either!
    LVL 24

    Expert Comment

    >>I stick with just the basic firewall for my set-up.

    I knew that would get a comment or two...  Still, in my view what I do on my network is entirely up to me.  For other people's networks I always recommend and install a hardware firewall/router... but on my network, I'll do things my way...  A basic firewall is still a firewall, and I'm still waiting for those millions of hackers to break into my system...

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Suggested Solutions

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now