How do I set up DNS on a simple 2008 R2 Server for a 35 computer network?

Posted on 2011-03-18
Last Modified: 2013-12-02
I have a small network of 35 computers all in one location.  We have a comcast cable modem that acts as our Gateway, DHCP, and I assume our DNS since I'm using a Novell 5.1 file server only.
I would like to migrate to a Windows Server 2008 R2 and use active directory which would require us to have the server run DNS.  This server will not be accessible on the web.  It will be a LAN only.  
Since I won't be putting this server on the WEB do I have to use a registered domain name?  Can I just use: (as an example).  Do I need to do anything with the comcast cable modem?  It currently points to a static IP address and 2 DNS addresses.  Does my DNS once active on the 2008 R2 Server take over for this?  Do I point the server to the modem/router?
Is there a simple step by step guide out there?  I would think with this being the most basic of setups for server 2008 R2 there would be a nice step by step guide out there.  Do I need forward look up zones with this simple a setup?  Would really appreciate someone directing me to a simple and plan instruction manual on this type of setup.  Once setup up I plan on using this as a simple file server only.  Nothing else.  I don't like the delays with workgroups...we need the security of active directory.

Scott McDonald
Question by:SMcDonald666
  • 2
  • 2
  • 2
  • +3
LVL 59

Accepted Solution

Darius Ghassem earned 250 total points
ID: 35166279
Installing Active Directory is really easy. Here are some guide below.

When you install AD you can allow dcpromo to install DNS for you now this will create your DNS Zones.

On your client computers they should be pointing to the Windows 2008 Server for DNS in their TCP\IP properties

Your DNS server should be using DNS Forwarders to resolve external DNS requests.

Your internal Domain has nothing to do with your external domain you don't have to register internal domains

Expert Comment

ID: 35166307
Hi there,

This is a basic step by step guide:

1. Turn off DHCP Server on Comcast (Windows 2008 R2 has much better options like client reservation and secure dynamic updates in DNS zones)
2. Install Windows 2008 R2 server, and point primary DNS server on NIC tcp/ip v4 properties to itself ( this is required for AD to work)
3. Install Active Directory domain services and choose name for new domain (you can also use corp.local or whatever you want)
4. Install DHCP Server role and create new DHCP scope for your clients. (make sure that DNS server address in your scope is IP address of AD server not router)
5. Join computers to domain.

Expert Comment

ID: 35166312
Do you already have a Microsoft Active Directory Domain internally?  You will need this for DNS to work properly.  You will want to use an internal FQDN such as businessname.local rather than a .org.  There are certificate ramifications to using a top level domain internally, and changing is tougher than making it right in the first place.  That being said...

Run the Add Role wizard and select AD DS.  This will create a new domain in a new forest named what you give it.  Then it will launch the DCPROMO wizard.  It will automatically install DNS as well.  Make sure that the server has a static IP address, and once installed, point its NIC to itself as DNS server.  You will likely want to install DHCP as well, and create a scope option for DNS to point at the Windows server.  

Hope this helps.
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 35166416
>  This server will not be accessible on the web.  It will be a LAN only.  
What do you mean?  It will not have internet access?  It won't be a web server?  You won't run any publicly accessible services?  You don't want to run VPN?  Please clarify what you mean by this statement.

> Can I just use: (as an example).  
Assuming your most conservative meaning above, then you COULD name it whatever you like... HOWEVER, because needs and expectations change, I would recommend sticking to one of the two accepted standards - either use WhateverYouWant.local or use a sub domain of whatever domain you have registered - for example, if you're e-mail goes to, then use - DO NOT use (My preference is the .local domain)

> Do I need to do anything with the comcast cable modem?  
Shouldn't have to do anything at all.

> It currently points to a static IP address and 2 DNS addresses.  
If you are not hosting any services than a static address is an unnecessary expense.

> Does my DNS once active on the 2008 R2 Server take over for this?  
Assuming your server WILL have internet access (not necessarily serving anything externally), then yes.

> Do I point the server to the modem/router?
For DNS? You could.  Some argue that using a third party DNS server would provide faster resolution... to me, an extra quarter second is unimportant. I usually let Windows handle DNS directly.

> Do I need forward look up zones with this simple a setup?  
See my previous point.

As for a guide, is one of the better places to start.... but I would STRONGLY recommend if you want to get this right, hire a consultant to setup - YOU maintain, but the consultant should install.  Otherwise, may sure you install this a couple of times in a test environment to get familiar with the proper setup and configuration.  It's never a good idea to make the first time you've done something your actual production environment even if you think you've got it right.

Finally, while you are within the use limits of SBS (Small Business Server 2011), if you do not plan on using exchange, I would not recommend it.  The CALs are considerably more expensive.
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.


Expert Comment

ID: 35166441
Your scenario is pretty simple.  
Install Server OS
Configure it with a static IP
Run dcpromo
*You don't need a real FQDN.  Setup your AD domain with mycompany.local
*Later, configure DNS to forward all other lookups to comcast.
Finally, create user accounts and join workstations to the new ad domain

Author Comment

ID: 35166503
I've not added this server to the network yet.  We are still on the Novell 5.1 server and login system.  My plan is to get this new 2008 R2 up and running with my machine connecting to it and then role it out.  When you say point my clients in there TCPIP properties, does this mean I turn off automatically obtain IP address etc?  I know I'll need to change all the clients from workgroup to domain, but wasn't sure if I'd need to change IP addressing.  Pointing the DNS server to itself is correct?  Can I get DNS running without also going with DHCP?  Or should I do both at the same time.  So I keep the router the same unless I move DHCP role to the new DNS server?  I use as the gateway for printers etc.  No changes there correct?

Author Comment

ID: 35166528
My server will be connected to the internet.  We have no plans at this time for a VPN.  So outside the office access is done by Radmin.

Expert Comment

ID: 35166595
You don't need to change anything IP wise.  Just make sure you give the new server a static IP and make sure DHCP is ready to run before you disable DHCP service on the router.

The gateway wont change - you will need to specify the same gateway address in your dhcp pool.
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35166879
Point the clients however you do it but usually DHCP you need to make sure clients are going to Server for DNS not external DNS servers.

You should use the actual IP address of the server not loopback address.

Keep the router the same you can use DNS without DHCP but I recommend that you disable DHCP on router and allow Windows to be your DHCP server

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now