Correct IP address for DNS Setup

Been on this site for a few weeks and have already learned more than the network classes I took three years ago. Unfortuanly, the other job took precedence, but I'm geting back into it.

What IP address should I set in my TCP/IP for the Server? The Static assigned by my ISP or as I thought and read something I decide on, like

My static IP is 69.73.xx.xx and it routes thru port 2 of a cisco router (not sure of the model, it's mounted to the wall). Gateway IP I have a Kingston Ether Pro hub attached to Port 2 with the server and one client plugged into the hub.

I've tried both ways and the only way I get to the internet is by assiging my static IP. When I set to the 192.168...., I get a notice about the gateway not being on the same subnet and no access.

WIth the static IP, I get all the indications DNS is working properly. (NSLOOKUP comes back to my Static IP and my domain name, etc.) Then I setup DHCP with a scope of - 20, authorize and all appears fine. When I test a client computer, it's like the DHCP request turns left at the gateway and finds a IP address outside instead of finding the DHCP from the Server. I've tried the clinet with and without a gateway setting, plus with and without the DNS setting point to the Server (static IP)

Am I getting confused on internal and external domains? I'm trying to setup a Server (AD, DNS and DHCP) for a 5 XP machine network.

Network Background on the building: The network: 10 XP machines running as a workgroup. I installed a Server 2003 R2 and need 5 of the 10 computers on a secure seperate network. Matrix Fiber Optic with 24 port cisco with gateway IP (not sure model number, ISP manages it and ID plate is against the wall). Ports 8-24 are for VoIP. Ports 1-6 are static IP's ( - 69.73.xx.xx) 1 is the WAN and Port 6 is the LAN. Port 6 connected to a 3 Com Cable/DSL. Ports 2, 3, 4, and 5 are Static IP's. Port 7 is dead (according to ISP Tech Support). I attached a Kingston Ether Pro Switch to cisco port 2 and the sever to the Kingston switch. Clinet plugged into the Kingston switch as well. ISP DNS's are 69.1.xx.xx and 69.1.xx.xx.

Appreciate any help for a NOIB DNS'er
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ok, I'm a little unclear about your configuration and not familiar with Cisco equipment, per se, but if that device is a router, not a switch, then port 1 needs to be configured with the static IP of your Gateway (and you need to be sure it's acting as a gateway, and not a router. It sounds like it is, but you need to be sure. Time Warner provides a "gateway" to us, that can be a router, but we had them put it in gateway mode (no routing, no DHCP, and the device behind it uses the same IP as the gateway.) Also, if the Cisco device is a router, not a switch, besides setting port 1 to a static IP, you need to make sure it's not providing DHCP of it's own (may not even be capable, but just to be sure.) Next, port 6 of your router needs to be set to an internal static IP. If you want to use the (24 = range, then set the router to, preferably, but it can be anything in that range. Finally, set your DHCP server to use the range and have it broadcast the router's internal IP as 003 router in the DHCP scope. DNS should be set to your Domain Controller/DHCP server, assuming that you are providing DNS.

If you are incorrect and that Cisco device is just a switch (the fact that setting your DC to the external static IP allowed you connect makes me suspect, but I don't know Cisco), then either that Gateway device needs to be a router, or you will have to buy one or, not preferably, you can make your DC also a router. You have to have a routing device, and it has to be in between the ISP and your subnet.

On my subnet is the internal IP address of my router, .2 and .9 are my DHCP/DNS servers.
RaptorfixerAuthor Commented:
Thank you for the info.

Some additional Info:
I mispoke in my original e-mail

Ports 3-5 are access ports, we have 6 static IP's assigned.
DSL/Cable is a 3 Comm Office Connect Router (I don't have admin password and since I'm not sure of current settings, don't want to reset it and loose any key settings for the phones)

Info provided by ISP: (Not true IP's, only representative)
Port 1 WAN
Port 2-5 Access Ports
Port 6 - LAN
Ports 8-12 Phones

Inferface IP
Gateway IP
Subnet Mask
DNS Server and .51

Routed Network Information
Office Subnet with 6 usable IP's
Usable Range
Subnet Mask

I'll contact Knology tech support, who manages the cisco,  and ask somemore about the cisco setup and get the model number.  When you say " , port 6 of your router needs to be set to an internal static IP." does this mean having tech support change a setting to the cisco so it always points to the static IP?

When I taked to tech support yesterday, they told me my access ports (2-5) are not set up to recogize DHCP. If i hook a computer up to a port, I get a IP address, but it's not nothing I recogize. The ViOP phones get DHCP (ports 8-12) from the Cable/DSL and are the typcial 192.168.x.x.

When you say to use another router, how could I connect it with the cisco and current DSL/Cable.

I've only set up small office networks and this one is more complex than I'm used to, especially with the cisco in place.

OK taking a t look through this you have now provided enough information to give an answer, firstly your router has two zones, inside and outside and both are configured with public IP addresses (Very wasteful)

Outside You can see from your sebnet mask that there are only two IP's on this network, the other one being your default gateway for the router

on the inside you have 6 useable IP addresses is used on the internal Interface of the router and is used by any device on your internal network as the default gateway, so in actual face you can only have 5 other devices on the inside with a public routable IP address. 114-118

If your planning on connecting your server directly to the network the router is on you would need to give it an IP address from 114-118

This raises the obvious question, what are you using for a firewall? this should be given one of your public IP address on its outside interface and a private IP address such as the 192.168.*.* you mentioned in your first post.
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

One more thing, if you are planning on connecting devices directly to the public range given by your ISP then you should use DNS Server and .51 as your DNS servers.

However I would highly recommend you install a firewall and give your clients that devices internal interface as thier DNS server and have that device quiery the public DNS's server provided by your ISP
RaptorfixerAuthor Commented:


I've set up the server using, as a IP, install DNS, setup forward and reverse lookup zones, use and .51 in the forwarders tab. I do a NSlookup and get my domain name in reture with the IP showing. DNS events start writing and everything looks like it's running well.

At this point the Server is attached to the Kingston Hub  and appears to be operating normally. I then set the Server up for DHCP, and by all indications, appears to be running normally.  In DHCP options, I'm showing
o3 Router
06 DNS Server
15 DNS Domain Name "shows my domain"

I'vehave tried diffent scopes, but cannot get a client to pull a IP. I'm testing with one client XP machine that works fine when attached to the ViOP phone.

I think it has something to do with the way I have the hub plugged into the cicso. Is it even correct to plug the Kingson Hub straight into a access port?

I may be overthinking my needs. I just need to limit access to the server by 5 computers/users and planned on using AD to perform that task. AD requires DNS, but will this work without a DHCP server? I've searched the site, but get pros and cons to both, but it's not clear.

Right now I'm relying on windows firewall, but after testing and setup, I'll move to a more robust firewall.
what IP are you giving your clients in DHCP? also is this a Windows domain? if so you would need to authorise the DHCP server
RaptorfixerAuthor Commented:
I've tried everything I could think of. Since my IP is (I incorrectly put .113 in my reply to you) I tried and varations of 192.168.1 and .2. with compatible subnet masks.

Each time I creat a scope, I authorize it and I get a green up arrow.

When I try DHCP from a workstation, it will aquire a IP like 69.73.xx.xx (the xx.xx usually are the same with each /renew, but sometimes different). The IP it's aquiring, but not connecting to, doesn't even appear to be inside the office networks.  I've tried to set the workstations TCP/IP settings to the gateway of the router, but still no DHCP from the server. On the off chance it'd work, I did a ipconfig /flushdns with no luck.

 It'll be tomorrow before I can get back to the office, I can do a few /renews and post if you think if would help.
That IP address is either coming from the "gateway", or your ISP itself (or possibly the router.) Probably the former. Talk to your ISP and tell them you want that to make sure the gateway is just that and that it is not running DHCP, nor is it passing DHCP requests.
Not to be mean, but this seems like a big mess.  I just want to make sure I have the general idea of what is going on.  You have a cisco device that must support VLANS as well as routing capabilities due to the NAT on the VOIP interfaces.  You are interested in setting up the 2003 server, using DHCP, and creating 2 subnets for security.  You have 6 public IP's available.  1 port on the CISCO is allready set for the office subnet?  No other firewall exists other than Windows firewall (and the security provided by NAT on the CISCO).  If your ultimate goal is the server and the 2 subnets for security, than why do you need 6 routable IP's?  Are you using some of the IP's for the VOIP circuits?  Anyway, without IP's and the rest, let us know what the ultimate goal is.  The ideal method for what I see would be to use the public IP's externally only, assign NAT to 2 LAN ports on the CISCO.  Allow DHCP passthrough on the 2 LAN ports.  Setup 2 DCHP scopes (1 for each subnet).  Assign the server a non-routable IP (192.168.XXX.XXX 10.XXX.XXX.XXX 172.128.XXX.XXX) and use a slightly different subnet for the other network.  The other option would be to use another firewall between the two subnets, but it would seem that the CISCO could do this already.
RaptorfixerAuthor Commented:
Sorry I haven't responded in a while, picked up the flu.

For now, instead of going with a DC, I've decided to stay with a workgroup environnment. Turns out the law program the lawyers need to run requires Sequel 2005 and for now, they don't want to spend additional money on another server, so this one will do the duty. We've developed a 12 month plan to purchase additional servers and bring the entire network of 12 computers under a single domain instead of splitting the effort.

Thanks everyone for your inputs.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.