Is it ok to Have DNS on the DC

I have a small network 200 users  5 windows 2003 R2 servers Buying new system to install use for DC
Can it be the DNS nd DHCP server as well or should I have a seperate system for DNS
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

There is no issue with running DNS on a domain controller and its mandatory with active directory integrated zones, which I would recommend running.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Certainly, only in larger organisations with tens of thousands of users do you generally spread DNS across multiple servers. However, if you're using Active Directory Integrated DNS (which is highly recommended, since DNS data is stored in Active Directory and follows the replication settings for AD - much siimpler) you can only install your DNS servers for that zone to a Domain Controller (since DCs are the only servers which would have the AD data replicated to them)

i would recommend it too.  The main things you should try to keep off a DC is heavy duty apps like exchange and SQL.  If anything you should buy another server and introduce another DC in case the one you've got goes down.  That will save you a lot of heart and earache if it should happen.

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Brian PiercePhotographerCommented:
It is far better in most cases to have DNS on the DC and to use AD Integrated DNS since the two are highly dependant on each other.
In windows 2000 it was not so good idea to have dns integrated with active directory if it was large, because any change to it, would generate a total replication of dns info to the others dcs. With windows 2003 that doesn't happen. Only diferences are replicated. It is recomended that you install DNS on a domain controller because the integration of the DNS n the AD provides for replication, integrated storage, security, and the other advantages inherent in the AD. Your zone files will be integrated in the AD.
Note that you can install DHCP server on domain controllers (and dns also) but domain controllers will have to be statically configured. They must have a static IP address, and don't forget to configure each dns ip address in the tcp/ip properties of the dns server. Sometimes we install dns server on some domain controller and forget to configure its own dns ip address on tcp/ip properties with its own ip address.
Use AD-integrated-DNS for your private, AD zone.  As has been said in previous comments, AD-integrated- DNS has to be on a DC, plus it helps for redundancy and load-balancing if you have multiple DCs providing DNS services to your AD zone.

Use a separate DNS server for your public DNS, non-Windows if possible, if you host your own name servers.  Don't use your AD-integrated-DNS to also host your public NS.  AD relies on its DNS to function - you don't want to expose your AD's DNS to the public network.  I am not saying that there are current exploits for known vulnerabilities in a fully-patched Windows 2K3 DNS that would put the integrity of your forest at risk, nor am I giving any assurances that there are not.  However, why take the chance?  One may be discovered and zero-day exploited tomorrow.  Remember, just because AD needs DNS doesn't mean DNS needs AD - and try as they might to make it so, DNS is not a Windows-only proprietary service - it's a true standard.

Use a separate DNS server as your caching forwarder for public DNS lookups.  No need to put that load on your DCs.  Have the DC-hosted DNS servers refer non-AD-zone requests to the caching forwarder, and not cache the results themselves.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.