• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 79
  • Last Modified:

Help with DNS set up on only DC to join computers to domain

Greetings,

I need to configure DNS on a win 2012 r2 DC so I can join computers to this new domain. It is the only DC. Currently, DNS and DHCP are handled by a router at 192.168.1.1. I am concerned that workgroup computers getting DNS / IP addresses from the router will lose network / internet connection if DNS and DHCP are switched to the server. This could be troublesome as I am doing this remotely. Perhaps I am incorrect about the computers losing connection though.

Should I leave DNS / DHCP on the router? Or, do I need to run those services from the server, at least DNS, for the domain to properly function?

Help and understanding of how this works is appreciated.
0
king daddy
Asked:
king daddy
  • 4
  • 4
  • 4
  • +1
5 Solutions
 
Cliff GaliherCommented:
Domain joined machines need to use the DC for DNS. Workgroup Lachine can also use the DC for DNS... But you'll want to plan licensing and security accordingly.  If the workgroup machines will never be on the domain, a separate network or VLAN may be more appropriate.

If you want different machines to use different DNS settings,. That means static configuration on some or all machines instead of DHCP. Or  as previously mentioned, separate networks with their own separate DHCP servers.

DHCP on the DC or the router is personal preference. There is no requirement for one or the other. I'm a purist and don't run non-essential roles on my domain controllers. But that's just me.
0
 
MAS (MVE)EE Solution GuideCommented:
-->Should I leave DNS / DHCP on the router? Or, do I need to run those services from the server, at least DNS, for the domain to properly function?
It is always recommended to have AD integrated DHCP/DNS.

BTW you can use the same DNS for workgroup computers as well.
Configure DNS forwarder.
https://www.petri.com/configure-dns-forwarders-windows-server-2012-r2

Please read this thread as well for better understanding.
https://www.experts-exchange.com/questions/29069311/AD-DHCP-DNS.html#a42374389
0
 
yo_beeDirector of Information TechnologyCommented:
Edit: Sorry for repetitive links or info.  I was composing this prior to the last reply.

I am assuming that you do not have a DC in your environment as of yet.  So I will write this in that mind set.  
How many machines are we dealing with?  I think having DHCP left on the router in a real big deal, but I would move the DNS to the DC.  I would configure your DHCP setting on the router to assign the future DC as your DNS server.  During the promotion of your server to a DC you will be asked if you want DNS integrated with your DC.  At this point you say yes.

Here is a link that will illustrate these steps.
https://social.technet.microsoft.com/wiki/contents/articles/14505.how-to-promote-windows-server-2012-as-a-domain-controller.aspx

You should setup DNS forwarder setting for public domain resolution like google.com, etc.
https://www.petri.com/configure-dns-forwarders-windows-server-2012-r2

If you want to setup your DC as a DHCP you can do this as well, but remember to disable this on your router.  I recommend that you set up a range that is outside your current range to avoid any IP conflict, but I think that Server 2012 does do address this concern.  

Here is another link that will help you with setting up a DHCP server on your windows machine.
http://www.rebeladmin.com/2014/06/step-by-step-guide-to-install-dhcp-role-and-configure/

With all that being said I would move both roles from the router to the server.
1
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
king daddyAuthor Commented:
Thanks for the quick replies everyone.

Going backwards:
yo_bee: It is the first and only DC. It is already on-site. There are only 6 computers in this small business, all still in workgroup. I do not have the router login info yet. I am not sure they even know it. Someone set it up over a year ago and isn't around anymore. I will configure the DNS forwarder but may need to leave DHCP on the router for a while, if I can't get into it, or I may just set a range outside of that used by the router. However, without logging in to see the range, that may not be possible. Thanks for the links.

MAS EE MVE: Thanks for the links as well. I will integrate AD / DHCP / DNS accordingly, or at least DNS for now.

Cliff: I thought domain-joined computers, or to even join the domain, DNS on the DC is required so thanks for confirming. Thankfully it's only 6 computers so I won't need to deal with a separate network or VLAN here as they will all be joined. I may leave DHCP on the router, especially since I a may not be able to login to it and don't really fell the need to reset and reconfigure it.

I was concerned about DNS on the DC affecting workgroup computers but if they get DNS from the router and don't even "talk" to the DC for DNS info, there shouldn't be an issue.

However, once joined, they will get DNS info from the DC and DHCP from the router, which also gives DNS info. Will that cause an issue?

Thanks again everyone.
0
 
yo_beeDirector of Information TechnologyCommented:
What type of router? You maybe able to reset it to factory default. That maybe an option that will work for you.  Being that it is such a small network I would almost recommend starting over and rebuild it from the ground up.  It may be the quicker of all methods to try and shoehorn this setup to meet you vision.
0
 
Cliff GaliherCommented:
If you can't get into the router, you'll be looking to a reset and reconfigure of some sort...static configure the workstations. There is no way around that.

The problem is the router will continue to give out itself for DNS which breaks domain functionality and you can't get into the router to change that or disable DHCP. So you can't make sure machines are getting the DC for DNS.

Even if you configure DHCP on the server with a different range, DHCP is a broadcast protocol, so machines will accept info from whichever DHCP server answers first.. Meaning you still have a good shot of a machine getting its DHCP info from the router and mucking it all up.

So you really have to stop the router from giving out bad settings. Which means getting into it to change or disable DHCP, or factory resetting so you can get into it to do the former. Or having machines simply not use DHCP at all.
1
 
MAS (MVE)EE Solution GuideCommented:
Agree with Cliff.
We had a discussion regarding the same and concluded to use DHCP on server.
0
 
king daddyAuthor Commented:
Thanks everyone. Looks like I will reset the router (a Linksys) and reconfigure network to use DC for DHCP and DNS.

For now, I am thinking of setting all computers to static and setting the DC (192.168.1.100) as DNS and router as default gateway (192.168.1.1). Since I don't have the ISP info, can I set the DC to point to the router for DNS (point DC to 192.168.1.1) and also a google DNS server? One issue I thought of is that 3 of the computers are laptops and since they will leave the office setting a static IP could be problematic when they leave.

Thanks again for all the help.
0
 
Cliff GaliherCommented:
A domain controller configures the DNS server to use root hints by default and, honestly, that usually works just fine. Some people prefer to configure forwarders, but I don't see any significant benefit to doing so. Google data mines and isn't faster. ISO DNS servers usually are slightly faster due to the reduced latency, but are notorious for being prepared me to poisoning and ISPs making unnoticed changes. And services that do DNS filtering tend to break RFC specs to do so, and can cause issues.

My recommendation is to leave well enough alone.

If you really do want to use another DNS source, no, don't configure your server:s NIC to point to anything but itself. Your question ambiguously implied that's what you were considering.

The NIC always points to  DC and only a DC. The DNS server can optionally be configured with forwarders which is how recursive queries are handled.
0
 
king daddyAuthor Commented:
Got it. Thanks for the info Cliff.

I am going to install DNS on the DC and just leave it as is from the wizard and point to itself. Though, I thought it would need to point to some external DNS server or at least the router. Forgive my lack of knowledge on configuring a new DC, and the only one in the network, with DNS. It's not even fully in production but since I need to work on it remotely I don't want to incorrectly configure this and lose access.

I will leave computers at DHCP from router (at least for a few days until I get out to the site and get router login info or reset it) but configure NICs on the computers to use the DC and the router for DNS.

I am also going to add a google or an opendns server in case a laptop leaves the office. Since I will have set static DNS servers, which may prevent the laptop from getting a DNS server from a DHCP server outside of the network, I think I need to do this.

Does that sound like a decent plan until DHCP/DNS can be reconfigured on the router and set all to DHCP/DNS from DC?

Thanks again.
0
 
yo_beeDirector of Information TechnologyCommented:
There is no need to set static addresses accept for servers and printers. All workstations should use DHCP to configure the clients ip and dns. As you are concerned with laptops this is the exact reason why.

You should be fine with the reset of the router as long as you are getting the ISP for the router via DHCP. If not you will have to contact the ISP for this info to statically set the WAN port.
0
 
yo_beeDirector of Information TechnologyCommented:
Do not set any dns setting statically. This will cause internal issues with your domain. Your dns server will handle all requests both internal and external.
0
 
Cliff GaliherCommented:
Yes urn plan sounds like a lot of temporary work for appreciable gain.

I'd recommend not setting up a domain name until you are ready to do so completely. Duct tape and band-aids are prone to failure in the worst ways and even if it doesn't fail,  labor has a cost too. All that work configuring NICs just to revert later when you deploy the domain (where pointing at a non DC even as a secondary DNS server is bad),is hours of extra work.

Wait until you can d configure the router and do the changes once in their final configuration. Don't fake it; you'll regret it.
0
 
king daddyAuthor Commented:
Thanks all. I am just going to wait to reconfigure router before completing domain. I did set up DNS on server and pointed one machine to it to test and I was able to join the domain, but didn't.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 4
  • 4
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now