[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1839
  • Last Modified:

How do I set up DNS on a simple 2008 R2 Server for a 35 computer network?

I have a small network of 35 computers all in one location.  We have a comcast cable modem that acts as our Gateway, DHCP, and I assume our DNS since I'm using a Novell 5.1 file server only.
I would like to migrate to a Windows Server 2008 R2 and use active directory which would require us to have the server run DNS.  This server will not be accessible on the web.  It will be a LAN only.  
Since I won't be putting this server on the WEB do I have to use a registered domain name?  Can I just use:  corp.buisnessname.org? (as an example).  Do I need to do anything with the comcast cable modem?  It currently points to a static IP address and 2 DNS addresses.  Does my DNS once active on the 2008 R2 Server take over for this?  Do I point the server to the modem/router?
Is there a simple step by step guide out there?  I would think with this being the most basic of setups for server 2008 R2 there would be a nice step by step guide out there.  Do I need forward look up zones with this simple a setup?  Would really appreciate someone directing me to a simple and plan instruction manual on this type of setup.  Once setup up I plan on using this as a simple file server only.  Nothing else.  I don't like the delays with workgroups...we need the security of active directory.

Scott McDonald
  • 2
  • 2
  • 2
  • +3
2 Solutions
Darius GhassemCommented:
Installing Active Directory is really easy. Here are some guide below.

When you install AD you can allow dcpromo to install DNS for you now this will create your DNS Zones.

On your client computers they should be pointing to the Windows 2008 Server for DNS in their TCP\IP properties

Your DNS server should be using DNS Forwarders to resolve external DNS requests.


Your internal Domain has nothing to do with your external domain you don't have to register internal domains
Hi there,

This is a basic step by step guide:

1. Turn off DHCP Server on Comcast (Windows 2008 R2 has much better options like client reservation and secure dynamic updates in DNS zones)
2. Install Windows 2008 R2 server, and point primary DNS server on NIC tcp/ip v4 properties to itself ( this is required for AD to work)
3. Install Active Directory domain services and choose name for new domain (you can also use corp.local or whatever you want)
4. Install DHCP Server role and create new DHCP scope for your clients. (make sure that DNS server address in your scope is IP address of AD server not router)
5. Join computers to domain.
Do you already have a Microsoft Active Directory Domain internally?  You will need this for DNS to work properly.  You will want to use an internal FQDN such as businessname.local rather than a .org.  There are certificate ramifications to using a top level domain internally, and changing is tougher than making it right in the first place.  That being said...

Run the Add Role wizard and select AD DS.  This will create a new domain in a new forest named what you give it.  Then it will launch the DCPROMO wizard.  It will automatically install DNS as well.  Make sure that the server has a static IP address, and once installed, point its NIC to itself as DNS server.  You will likely want to install DHCP as well, and create a scope option for DNS to point at the Windows server.  

Hope this helps.
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Lee W, MVPTechnology and Business Process AdvisorCommented:
>  This server will not be accessible on the web.  It will be a LAN only.  
What do you mean?  It will not have internet access?  It won't be a web server?  You won't run any publicly accessible services?  You don't want to run VPN?  Please clarify what you mean by this statement.

> Can I just use:  corp.buisnessname.org? (as an example).  
Assuming your most conservative meaning above, then you COULD name it whatever you like... HOWEVER, because needs and expectations change, I would recommend sticking to one of the two accepted standards - either use WhateverYouWant.local or use a sub domain of whatever domain you have registered - for example, if you're e-mail goes to Scott@McDonaldCorp.com, then use corp.McDonaldCorp.com - DO NOT use McDonaldCorp.com (My preference is the .local domain)

> Do I need to do anything with the comcast cable modem?  
Shouldn't have to do anything at all.

> It currently points to a static IP address and 2 DNS addresses.  
If you are not hosting any services than a static address is an unnecessary expense.

> Does my DNS once active on the 2008 R2 Server take over for this?  
Assuming your server WILL have internet access (not necessarily serving anything externally), then yes.

> Do I point the server to the modem/router?
For DNS? You could.  Some argue that using a third party DNS server would provide faster resolution... to me, an extra quarter second is unimportant. I usually let Windows handle DNS directly.

> Do I need forward look up zones with this simple a setup?  
See my previous point.

As for a guide, http://www.petri.co.il/installing-active-directory-windows-server-2008.htm is one of the better places to start.... but I would STRONGLY recommend if you want to get this right, hire a consultant to setup - YOU maintain, but the consultant should install.  Otherwise, may sure you install this a couple of times in a test environment to get familiar with the proper setup and configuration.  It's never a good idea to make the first time you've done something your actual production environment even if you think you've got it right.

Finally, while you are within the use limits of SBS (Small Business Server 2011), if you do not plan on using exchange, I would not recommend it.  The CALs are considerably more expensive.
Your scenario is pretty simple.  
Install Server OS
Configure it with a static IP
Run dcpromo
*You don't need a real FQDN.  Setup your AD domain with mycompany.local
*Later, configure DNS to forward all other lookups to comcast.
Finally, create user accounts and join workstations to the new ad domain
SMcDonald666Author Commented:
I've not added this server to the network yet.  We are still on the Novell 5.1 server and login system.  My plan is to get this new 2008 R2 up and running with my machine connecting to it and then role it out.  When you say point my clients in there TCPIP properties, does this mean I turn off automatically obtain IP address etc?  I know I'll need to change all the clients from workgroup to domain, but wasn't sure if I'd need to change IP addressing.  Pointing the DNS server to itself is correct?  Can I get DNS running without also going with DHCP?  Or should I do both at the same time.  So I keep the router the same unless I move DHCP role to the new DNS server?  I use as the gateway for printers etc.  No changes there correct?
SMcDonald666Author Commented:
My server will be connected to the internet.  We have no plans at this time for a VPN.  So outside the office access is done by Radmin.
You don't need to change anything IP wise.  Just make sure you give the new server a static IP and make sure DHCP is ready to run before you disable DHCP service on the router.

The gateway wont change - you will need to specify the same gateway address in your dhcp pool.
Darius GhassemCommented:
Point the clients however you do it but usually DHCP you need to make sure clients are going to Server for DNS not external DNS servers.

You should use the actual IP address of the server not loopback address.

Keep the router the same you can use DNS without DHCP but I recommend that you disable DHCP on router and allow Windows to be your DHCP server

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now