Guide on correcting Server 2016 DNS server settings

An organization I am working for recently had two brand new Server 2016 Active Directory servers setup. These servers both have two RJ45 network jacks that are plugged into the internal network

Since this initial setup the IT person added the Hyper-V role to both servers but left the initial DNS server addresses in use.

Then I took over and this organization switched to a faster internet service provider.

I'm looking for a guide on how to go back and properly configure the DNS within this network, in these servers, and on the client computers (which use DHCP) to use the correct internal and external DNS server addresses using the "Configure a DNS Server wizard" or whatever type of manual configuration might be needed.

Please let me know if any further information is needed.
IT GuyNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Us hat changed once the transition to the new provider, were the LAN IPs changed/transitioned to new segments?

Sounds as though the organization relies on the equipment provided by the Internet provider, to fix the issue with minimal impact us configure the LAN on the new provider's equipment to match the old, including exclusions, reservation that the old one had.

I usually prefer to retain control by using the systems as DHCP/DNS servers for the LAN.

If firewall ASA, juniper'srx/ssg, fortinet's, sonicwall, checkpoint, watchguard, etc.
This way you can maintain the LAN stability without regard to the Internet provider.......

Sounds in your case it is a clustered hyper-v with VMs.

Trying to revamp your hyper-v hosts, VMs to transition to the new LAN is more involved, that adjusting the LAN to the segments you used.
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Active Directory and DNS go together like butter on toast.  Lets say our AD Servers are DC01 and DC02.

To properly setup your DNS on your internal network the goal is KISS.  Keep it Simple Stupid.

DC01 NIC'(s) should have static IP addresses.  On DC01, DNS should point to itself as Primary and DC02 as secondary. On DC02 that server should point to DC01 as primary and to itself as secondary.  Now your NIC's are done.

Both DC's should have a basic DNS setup in place from making them Domain Controllers.  Now make sure you have a reverse lookup Zone for your subnet(s).  Turn on your Server Aging/Scavenging and leave it at the default.  In the properties of the servers, remove any forwarders or Conditional Forwarders. You don't need them and best practices is not to use them unless absolutely necessary.

Check to make sure your DNS servers are replicating properly.  Your DNS is finished.

Now, I typically setup 2 DHCP servers. These can exist on those same DC's.  Make the same scope on each one of them, but make different exclusion ranges.  For example DC01 may hand out addresses 100 - 177 and exclude 178 - 254.  DC02 would do the opposite. This way you have redundant DHCP servers, but they do not step on each other. You can put the same reservation in each though.

Within DHCP, under the IPv4 properties, DNS tab, select Always dynamically update DNS records and Dynamically update DNS records for DHCP Clients that do not request updates.......

 Setup your DHCP Server options with 006 DNS servers.  Again put DC01 and DC02 in, in that order on both servers. Also put in 015 DNS Domain name.  Lastly on the Scope options, put the IP address of your router (gateway),

Do that on both servers.

Now you are all setup.  A client DHCP requests an address and one of the DHCP servers will answer, giving out an IP address. With your settings, that DHCP server will register that client in DNS.  Whenever a client wants a website for example, their DHCP provided DNS settings will send that request to DC01 and if offline DC02.  DC01 then goes out to the Internet Root Servers, resolves the IP address and then caches the information.  

This works whether you are talking about physical servers, virtual machines or network hardware.

It is simple, easy and adheres to best practices and takes away some of that vulnerability with single points of failure.

With this setup, you never have to worry about switching ISP's, etc., because your internal DNS servers are doing what they were designed to do and if they don't know, they ask the Internet Root servers.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I'm looking for a guide on how to go back and properly configure the DNS within this network, in these servers, and on the client computers (which use DHCP) to use the correct internal and external DNS server addresses using the "Configure a DNS Server wizard" or whatever type of manual configuration might be needed.
For starters, the DHCP systems should be using the domain controllers for DNS. Then the domain controllers should have forwarders to external DNS servers (whether they be your ISP's or someone else's). I'm also making the assumption that they're joined to the Active Directory domain. Basically, the computers look to internal resources for answers to lookups, and the internal resources look outside only when the answer isn't available within.

What is acting as the DHCP server right now? Many ISP-provided routers will not let you choose what DNS servers to send to DHCP clients. If your answer is the ISP-provided router, then you will want to change this, and have a domain controller also act as your DHCP server (this approach requires no new equipment). If you have a firewall handling DHCP, then you should be able to change the options for DHCP clients.

These servers both have two RJ45 network jacks that are plugged into the internal network
How exactly are the NICs configured? If they're configured for teaming, that's one thing. But that's something you're best off analyzing and requesting assistance if needed.

While my answer obviously overlaps with the other two, I think Steve actually provided a well laid out description.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

IT GuyNetwork EngineerAuthor Commented:
The current DHCP server is the SonicWALL TZ600 firewall.

The NICs on both servers have a standard configuration. There is no NIC teaming configured.
I forgot to remove the NIC commentary as it wasn't needed anymore.

Within the DHCP server settings, there was a tab for DNS/WINS. Here you should be able to set the DNS servers sent to DHCP clients.
IMHO, in the DHCP on the lan should be on the system/servers.
Sonicwall should assign IPs to the other ports of systems/devices unrelated to the AD domain.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.