2003 Server Multihomed?

When a 2003 Server R2 is connected to the internet, must it have 2 NIC
cards?

Right now we have a Birch T1 line in which Birch controls the DHCP and DNS.
Birch suggested that if we want to control DHCP we would need a router
behind their router.

Which is preferred?
1) to have the ISP handle DHCP
2) to have the 2003 Server R2 handle DHCP

Regards,
Dale

msnews.microsoft.com wrote:
> When a 2003 Server R2 is connected to the internet, must it have 2 NIC
> cards?
No, unless you are using it as a firewall, such as ISA server.

>
> Right now we have a Birch T1 line in which Birch controls the DHCP and DNS.
> Birch suggested that if we want to control DHCP we would need a router
> behind their router.
There are multiple ways to hand out IP address, a router is just
one of them and sometimes the easiest option for a small office.

>
> Which is preferred?
> 1) to have the ISP handle DHCP
> 2) to have the 2003 Server R2 handle DHCP
Depending upon the number of network devices, I would do DHCP myself
and use a router for < 40 devices.

Above 40 devices, I would use a single server with A/D, DNS and DHCP
installed.

>
> Regards,
> Dale

moncho

Workstations on our network take a long time to log in. It appears that
they may be using the public DNS to log in.
The Server IP configuration looks like this:

Host Name . . . . . . . . . . . . : lawnetserver
Primary Dns Suffix . . . . . . . : rushtonet.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : rushtonet.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI
Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-0D-61-7A-60-E8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 127.0.0.1

The Workstation IP Configuration

Host Name . . . . . . . . . . . . : NewOne
Primary Dns Suffix . . . . . . . : rushtonet.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : rushtonet.local
birch.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : birch.net
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection
Physical Address. . . . . . . . . : 00-03-47-F0-1A-1E
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.104
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 65.16.215.254
Lease Obtained. . . . . . . . . . : Thursday, September 11, 2008
10:03:06 AM
Lease Expires . . . . . . . . . . : Thursday, September 18, 2008
8:43:06

"moncho" <(E-Mail Removed)> wrote in message
news:gjeyk.20$(E-Mail Removed)...
> msnews.microsoft.com wrote:
>> When a 2003 Server R2 is connected to the internet, must it have 2 NIC
>> cards?
> No, unless you are using it as a firewall, such as ISA server.
>
>>
>> Right now we have a Birch T1 line in which Birch controls the DHCP and
>> DNS. Birch suggested that if we want to control DHCP we would need a
>> router behind their router.
> There are multiple ways to hand out IP address, a router is just
> one of them and sometimes the easiest option for a small office.
>
>>
>> Which is preferred?
>> 1) to have the ISP handle DHCP
>> 2) to have the 2003 Server R2 handle DHCP
> Depending upon the number of network devices, I would do DHCP myself
> and use a router for < 40 devices.
>
> Above 40 devices, I would use a single server with A/D, DNS and DHCP
> installed.
>
>>
>> Regards,
>> Dale
>
> moncho

We have some issues with these configuration.

1. This is multihomed computer using the same IP range: 192.168.1.50 and
192.168.1.104.
2. One DNS uses 127.0.0.1.
3. One DNS uses public DNS: 65.16.215.254

All of these are not recommended.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"dgibble" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Workstations on our network take a long time to log in. It appears that
> they may be using the public DNS to log in.
> The Server IP configuration looks like this:
>
> Host Name . . . . . . . . . . . . : lawnetserver
> Primary Dns Suffix . . . . . . . : rushtonet.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : rushtonet.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI
> Gigabit Ethernet Controller
> Physical Address. . . . . . . . . : 00-0D-61-7A-60-E8
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.50
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.1
> DNS Servers . . . . . . . . . . . : 127.0.0.1
>
> The Workstation IP Configuration
>
> Host Name . . . . . . . . . . . . : NewOne
> Primary Dns Suffix . . . . . . . : rushtonet.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : rushtonet.local
> birch.net
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . : birch.net
> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
> Connection
> Physical Address. . . . . . . . . : 00-03-47-F0-1A-1E
> Dhcp Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 192.168.1.104
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.1
> DHCP Server . . . . . . . . . . . : 192.168.1.1
> DNS Servers . . . . . . . . . . . : 65.16.215.254
> Lease Obtained. . . . . . . . . . : Thursday, September 11, 2008
> 10:03:06 AM
> Lease Expires . . . . . . . . . . : Thursday, September 18, 2008
> 8:43:06
>
> "moncho" <(E-Mail Removed)> wrote in message
> news:gjeyk.20$(E-Mail Removed)...
>> msnews.microsoft.com wrote:
>>> When a 2003 Server R2 is connected to the internet, must it have 2 NIC
>>> cards?
>> No, unless you are using it as a firewall, such as ISA server.
>>
>>>
>>> Right now we have a Birch T1 line in which Birch controls the DHCP and
>>> DNS. Birch suggested that if we want to control DHCP we would need a
>>> router behind their router.
>> There are multiple ways to hand out IP address, a router is just
>> one of them and sometimes the easiest option for a small office.
>>
>>>
>>> Which is preferred?
>>> 1) to have the ISP handle DHCP
>>> 2) to have the 2003 Server R2 handle DHCP
>> Depending upon the number of network devices, I would do DHCP myself
>> and use a router for < 40 devices.
>>
>> Above 40 devices, I would use a single server with A/D, DNS and DHCP
>> installed.
>>
>>>
>>> Regards,
>>> Dale
>>
>> moncho
>
>

"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We have some issues with these configuration.
>
> 1. This is multihomed computer using the same IP range: 192.168.1.50 and
> 192.168.1.104.
> 2. One DNS uses 127.0.0.1.
> 3. One DNS uses public DNS: 65.16.215.254
>
> All of these are not recommended.
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "dgibble" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Workstations on our network take a long time to log in. It appears that
>> they may be using the public DNS to log in.
>> The Server IP configuration looks like this:
>>
>> Host Name . . . . . . . . . . . . : lawnetserver
>> Primary Dns Suffix . . . . . . . : rushtonet.local
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : rushtonet.local
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI
>> Gigabit Ethernet Controller
>> Physical Address. . . . . . . . . : 00-0D-61-7A-60-E8
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.1.50
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.1.1
>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>
>> The Workstation IP Configuration
>>
>> Host Name . . . . . . . . . . . . : NewOne
>> Primary Dns Suffix . . . . . . . : rushtonet.local
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : rushtonet.local
>> birch.net
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . : birch.net
>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
>> Connection
>> Physical Address. . . . . . . . . : 00-03-47-F0-1A-1E
>> Dhcp Enabled. . . . . . . . . . . : Yes
>> Autoconfiguration Enabled . . . . : Yes
>> IP Address. . . . . . . . . . . . : 192.168.1.104
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.1.1
>> DHCP Server . . . . . . . . . . . : 192.168.1.1
>> DNS Servers . . . . . . . . . . . : 65.16.215.254
>> Lease Obtained. . . . . . . . . . : Thursday, September 11, 2008
>> 10:03:06 AM
>> Lease Expires . . . . . . . . . . : Thursday, September 18, 2008
>> 8:43:06
>>
>> "moncho" <(E-Mail Removed)> wrote in message
>> news:gjeyk.20$(E-Mail Removed)...
>>> msnews.microsoft.com wrote:
>>>> When a 2003 Server R2 is connected to the internet, must it have 2 NIC
>>>> cards?
>>> No, unless you are using it as a firewall, such as ISA server.
>>>
>>>>
>>>> Right now we have a Birch T1 line in which Birch controls the DHCP and
>>>> DNS. Birch suggested that if we want to control DHCP we would need a
>>>> router behind their router.
>>> There are multiple ways to hand out IP address, a router is just
>>> one of them and sometimes the easiest option for a small office.
>>>
>>>>
>>>> Which is preferred?
>>>> 1) to have the ISP handle DHCP
>>>> 2) to have the 2003 Server R2 handle DHCP
>>> Depending upon the number of network devices, I would do DHCP myself
>>> and use a router for < 40 devices.
>>>
>>> Above 40 devices, I would use a single server with A/D, DNS and DHCP
>>> installed.
>>>
>>>>
>>>> Regards,
>>>> Dale
>>>
>>> moncho
>>
>>
>
I agree with Bob Lin. That is really a bit of a dog's breakfast.

If you have two NICs in a server they really need to be in different IP
subnets (such as one on the private LAN and one connected to the public
Internet. You certainly would not run a DC like that (except SBS server
which is designed to run that way).

If you are running AD you really should have your own DNS and DHCP setup.
The DC should have only one NIC and have a manual static IP. All machines
including the server itself should use this IP address (and this one only)
for DNS. To resolve foreign URLs, configure your local DNS to forward to a
public DNS (such as your ISP).

The problem is with the Birch router. You would need to be able to turn
the DHCP option off on this router before you could run your own DHCP server
on your DC. IF they will do that, you can run your own and just use the
router as your default gateway. The DC would handle both DNS and DHCP.

dgibble gives the IP configuration for a server with IP address 192.168.1.50
and the IP configuration for a workstation with IP address 192.168.1.104.

The way I read the post from dgibble, these are two seperate computers, not
a multihomed server.

The DNS server address for the workstation is given (by dgibble) as
65.16.215.254, which is not that of the server, which may account for the
"slow logons" he reports.

Perhaps the DNS server address for the workstations should be 192.168.1.50.

I susupect that moncho has the right answer - if the installation is small,
get a "router" that has built-in DHCP service (and NAT, Firewall etc.) and
connect the up-link to the "Birch router" and all the other computers to the
new "router" either using its built in ports or via one or more switches.


--
Bruce Sanderson
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We have some issues with these configuration.
>
> 1. This is multihomed computer using the same IP range: 192.168.1.50 and
> 192.168.1.104.
> 2. One DNS uses 127.0.0.1.
> 3. One DNS uses public DNS: 65.16.215.254
>
> All of these are not recommended.
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "dgibble" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Workstations on our network take a long time to log in. It appears that
>> they may be using the public DNS to log in.
>> The Server IP configuration looks like this:
>>
>> Host Name . . . . . . . . . . . . : lawnetserver
>> Primary Dns Suffix . . . . . . . : rushtonet.local
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : rushtonet.local
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI
>> Gigabit Ethernet Controller
>> Physical Address. . . . . . . . . : 00-0D-61-7A-60-E8
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.1.50
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.1.1
>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>
>> The Workstation IP Configuration
>>
>> Host Name . . . . . . . . . . . . : NewOne
>> Primary Dns Suffix . . . . . . . : rushtonet.local
>> Node Type . . . . . . . . . . . . : Unknown
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : rushtonet.local
>> birch.net
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . : birch.net
>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
>> Connection
>> Physical Address. . . . . . . . . : 00-03-47-F0-1A-1E
>> Dhcp Enabled. . . . . . . . . . . : Yes
>> Autoconfiguration Enabled . . . . : Yes
>> IP Address. . . . . . . . . . . . : 192.168.1.104
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.1.1
>> DHCP Server . . . . . . . . . . . : 192.168.1.1
>> DNS Servers . . . . . . . . . . . : 65.16.215.254
>> Lease Obtained. . . . . . . . . . : Thursday, September 11, 2008
>> 10:03:06 AM
>> Lease Expires . . . . . . . . . . : Thursday, September 18, 2008
>> 8:43:06
>>
>> "moncho" <(E-Mail Removed)> wrote in message
>> news:gjeyk.20$(E-Mail Removed)...
>>> msnews.microsoft.com wrote:
>>>> When a 2003 Server R2 is connected to the internet, must it have 2 NIC
>>>> cards?
>>> No, unless you are using it as a firewall, such as ISA server.
>>>
>>>>
>>>> Right now we have a Birch T1 line in which Birch controls the DHCP and
>>>> DNS. Birch suggested that if we want to control DHCP we would need a
>>>> router behind their router.
>>> There are multiple ways to hand out IP address, a router is just
>>> one of them and sometimes the easiest option for a small office.
>>>
>>>>
>>>> Which is preferred?
>>>> 1) to have the ISP handle DHCP
>>>> 2) to have the 2003 Server R2 handle DHCP
>>> Depending upon the number of network devices, I would do DHCP myself
>>> and use a router for < 40 devices.
>>>
>>> Above 40 devices, I would use a single server with A/D, DNS and DHCP
>>> installed.
>>>
>>>>
>>>> Regards,
>>>> Dale
>>>
>>> moncho
>>
>>
>

No, I can't agree with you on that, Bruce. If he is running AD that still
doesn't solve the problem.

A NAT/firewall/router running DHCP and doing DNS proxy works fine for a
workgroup. Once you introduce AD you really need to run a local DNS and have
all client machines using this DNS only (and set up this DNS server to
forward to a public DNS server). The clients need to use the firewall IP for
a gateway setting but use the DC for DNS. The best way to get it to work is
to turn off the DHCP option on the router/firewall and run DHCP on the DC.
The DHCP server built into the router/firewall is only an option if you can
change its default DNS settings to point to the DC.

"Bruce Sanderson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> dgibble gives the IP configuration for a server with IP address
> 192.168.1.50 and the IP configuration for a workstation with IP address
> 192.168.1.104.
>
> The way I read the post from dgibble, these are two seperate computers,
> not a multihomed server.
>
> The DNS server address for the workstation is given (by dgibble) as
> 65.16.215.254, which is not that of the server, which may account for the
> "slow logons" he reports.
>
> Perhaps the DNS server address for the workstations should be
> 192.168.1.50.
>
> I susupect that moncho has the right answer - if the installation is
> small, get a "router" that has built-in DHCP service (and NAT, Firewall
> etc.) and connect the up-link to the "Birch router" and all the other
> computers to the new "router" either using its built in ports or via one
> or more switches.
>
>
> --
> Bruce Sanderson
> http://members.shaw.ca/bsanders
>
> It is perfectly useless to know the right answer to the wrong question.
>
>
>
> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> We have some issues with these configuration.
>>
>> 1. This is multihomed computer using the same IP range: 192.168.1.50 and
>> 192.168.1.104.
>> 2. One DNS uses 127.0.0.1.
>> 3. One DNS uses public DNS: 65.16.215.254
>>
>> All of these are not recommended.
>>
>> --
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com
>> "dgibble" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> Workstations on our network take a long time to log in. It appears that
>>> they may be using the public DNS to log in.
>>> The Server IP configuration looks like this:
>>>
>>> Host Name . . . . . . . . . . . . : lawnetserver
>>> Primary Dns Suffix . . . . . . . : rushtonet.local
>>> Node Type . . . . . . . . . . . . : Unknown
>>> IP Routing Enabled. . . . . . . . : No
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : rushtonet.local
>>>
>>> Ethernet adapter Local Area Connection:
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010
>>> PCI Gigabit Ethernet Controller
>>> Physical Address. . . . . . . . . : 00-0D-61-7A-60-E8
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.1.50
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>>
>>> The Workstation IP Configuration
>>>
>>> Host Name . . . . . . . . . . . . : NewOne
>>> Primary Dns Suffix . . . . . . . : rushtonet.local
>>> Node Type . . . . . . . . . . . . : Unknown
>>> IP Routing Enabled. . . . . . . . : No
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : rushtonet.local
>>> birch.net
>>>
>>> Ethernet adapter Local Area Connection:
>>>
>>> Connection-specific DNS Suffix . : birch.net
>>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
>>> Connection
>>> Physical Address. . . . . . . . . : 00-03-47-F0-1A-1E
>>> Dhcp Enabled. . . . . . . . . . . : Yes
>>> Autoconfiguration Enabled . . . . : Yes
>>> IP Address. . . . . . . . . . . . : 192.168.1.104
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>> DHCP Server . . . . . . . . . . . : 192.168.1.1
>>> DNS Servers . . . . . . . . . . . : 65.16.215.254
>>> Lease Obtained. . . . . . . . . . : Thursday, September 11, 2008
>>> 10:03:06 AM
>>> Lease Expires . . . . . . . . . . : Thursday, September 18, 2008
>>> 8:43:06
>>>
>>> "moncho" <(E-Mail Removed)> wrote in message
>>> news:gjeyk.20$(E-Mail Removed)...
>>>> msnews.microsoft.com wrote:
>>>>> When a 2003 Server R2 is connected to the internet, must it have 2 NIC
>>>>> cards?
>>>> No, unless you are using it as a firewall, such as ISA server.
>>>>
>>>>>
>>>>> Right now we have a Birch T1 line in which Birch controls the DHCP and
>>>>> DNS. Birch suggested that if we want to control DHCP we would need a
>>>>> router behind their router.
>>>> There are multiple ways to hand out IP address, a router is just
>>>> one of them and sometimes the easiest option for a small office.
>>>>
>>>>>
>>>>> Which is preferred?
>>>>> 1) to have the ISP handle DHCP
>>>>> 2) to have the 2003 Server R2 handle DHCP
>>>> Depending upon the number of network devices, I would do DHCP myself
>>>> and use a router for < 40 devices.
>>>>
>>>> Above 40 devices, I would use a single server with A/D, DNS and DHCP
>>>> installed.
>>>>
>>>>>
>>>>> Regards,
>>>>> Dale
>>>>
>>>> moncho
>>>
>>>
>>
>

Bill, I agree with you; I guess I didn't state what I meant very well.
Definitely, as you say, with Active Directory, using the AD Integrated DNS
server on the domain controller is the way to go.

DHCP is a bit different. If the router supports configuring the DNS server
address (as you point out, not all do), using the DHCP server in the router
is possibly a simpler solution to manage for (very) small environments -
avoids having to install and configure the Windows Server DHCP service.

For example, at home here, there are computers that are not domain members
and may be running when my domain controller isn't even powered on. The
first router I had (Microsoft MN-700) had a DHCP service, but there was no
way to tell it what IP address to send to DHCP clients as the DNS Server, so
I manually configured the DNS server IP address in all my domain members
(there's only a handfull, even with all the virtual machines I use for
testing and experimenting so that was not a big deal). That router stopped
working (after many years of good service) and with the new one I now have
(LinkSys WRTN310N) one can specify the IP addresses for DNS servers (up to
three of them), so I've put the IP address of my domain controller (which
has AD Integrated DNS) in there and now don't have to manually configure the
DNS server address for new domain members - very useful! By default, this
router also sends, as alternate DNS Server addresses, those it gets from
upstream (ISP in this case), so they can be used if the domain controller
computer is not running.

As well as making DNS services available when the domain controller isn't
running, this means I don't have to install and configure the Windows Server
2008 DHCP service, which I don't have any experience with.

I've configured the AD integrated DNS server to forward unknown requests (as
you suggested) to the router (which in turn routes the request to the ISP's
DNS server). This is working well.

--
Bruce Sanderson
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> No, I can't agree with you on that, Bruce. If he is running AD that still
> doesn't solve the problem.
>
> A NAT/firewall/router running DHCP and doing DNS proxy works fine for a
> workgroup. Once you introduce AD you really need to run a local DNS and
> have all client machines using this DNS only (and set up this DNS server
> to forward to a public DNS server). The clients need to use the firewall
> IP for a gateway setting but use the DC for DNS. The best way to get it to
> work is to turn off the DHCP option on the router/firewall and run DHCP on
> the DC. The DHCP server built into the router/firewall is only an option
> if you can change its default DNS settings to point to the DC.
>
> "Bruce Sanderson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> dgibble gives the IP configuration for a server with IP address
>> 192.168.1.50 and the IP configuration for a workstation with IP address
>> 192.168.1.104.
>>
>> The way I read the post from dgibble, these are two seperate computers,
>> not a multihomed server.
>>
>> The DNS server address for the workstation is given (by dgibble) as
>> 65.16.215.254, which is not that of the server, which may account for the
>> "slow logons" he reports.
>>
>> Perhaps the DNS server address for the workstations should be
>> 192.168.1.50.
>>
>> I susupect that moncho has the right answer - if the installation is
>> small, get a "router" that has built-in DHCP service (and NAT, Firewall
>> etc.) and connect the up-link to the "Birch router" and all the other
>> computers to the new "router" either using its built in ports or via one
>> or more switches.
>>
>>
>> --
>> Bruce Sanderson
>> http://members.shaw.ca/bsanders
>>
>> It is perfectly useless to know the right answer to the wrong question.
>>
>>
>>
>> "Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> We have some issues with these configuration.
>>>
>>> 1. This is multihomed computer using the same IP range: 192.168.1.50 and
>>> 192.168.1.104.
>>> 2. One DNS uses 127.0.0.1.
>>> 3. One DNS uses public DNS: 65.16.215.254
>>>
>>> All of these are not recommended.
>>>
>>> --
>>> Bob Lin, MS-MVP, MCSE & CNE
>>> Networking, Internet, Routing, VPN Troubleshooting on
>>> http://www.ChicagoTech.net
>>> How to Setup Windows, Network, VPN & Remote Access on
>>> http://www.HowToNetworking.com
>>> "dgibble" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>> Workstations on our network take a long time to log in. It appears
>>>> that they may be using the public DNS to log in.
>>>> The Server IP configuration looks like this:
>>>>
>>>> Host Name . . . . . . . . . . . . : lawnetserver
>>>> Primary Dns Suffix . . . . . . . : rushtonet.local
>>>> Node Type . . . . . . . . . . . . : Unknown
>>>> IP Routing Enabled. . . . . . . . : No
>>>> WINS Proxy Enabled. . . . . . . . : No
>>>> DNS Suffix Search List. . . . . . : rushtonet.local
>>>>
>>>> Ethernet adapter Local Area Connection:
>>>>
>>>> Connection-specific DNS Suffix . :
>>>> Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010
>>>> PCI Gigabit Ethernet Controller
>>>> Physical Address. . . . . . . . . : 00-0D-61-7A-60-E8
>>>> DHCP Enabled. . . . . . . . . . . : No
>>>> IP Address. . . . . . . . . . . . : 192.168.1.50
>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>>> DNS Servers . . . . . . . . . . . : 127.0.0.1
>>>>
>>>> The Workstation IP Configuration
>>>>
>>>> Host Name . . . . . . . . . . . . : NewOne
>>>> Primary Dns Suffix . . . . . . . : rushtonet.local
>>>> Node Type . . . . . . . . . . . . : Unknown
>>>> IP Routing Enabled. . . . . . . . : No
>>>> WINS Proxy Enabled. . . . . . . . : No
>>>> DNS Suffix Search List. . . . . . : rushtonet.local
>>>> birch.net
>>>>
>>>> Ethernet adapter Local Area Connection:
>>>>
>>>> Connection-specific DNS Suffix . : birch.net
>>>> Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
>>>> Connection
>>>> Physical Address. . . . . . . . . : 00-03-47-F0-1A-1E
>>>> Dhcp Enabled. . . . . . . . . . . : Yes
>>>> Autoconfiguration Enabled . . . . : Yes
>>>> IP Address. . . . . . . . . . . . : 192.168.1.104
>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>> Default Gateway . . . . . . . . . : 192.168.1.1
>>>> DHCP Server . . . . . . . . . . . : 192.168.1.1
>>>> DNS Servers . . . . . . . . . . . : 65.16.215.254
>>>> Lease Obtained. . . . . . . . . . : Thursday, September 11, 2008
>>>> 10:03:06 AM
>>>> Lease Expires . . . . . . . . . . : Thursday, September 18, 2008
>>>> 8:43:06
>>>>
>>>> "moncho" <(E-Mail Removed)> wrote in message
>>>> news:gjeyk.20$(E-Mail Removed)...
>>>>> msnews.microsoft.com wrote:
>>>>>> When a 2003 Server R2 is connected to the internet, must it have 2
>>>>>> NIC cards?
>>>>> No, unless you are using it as a firewall, such as ISA server.
>>>>>
>>>>>>
>>>>>> Right now we have a Birch T1 line in which Birch controls the DHCP
>>>>>> and DNS. Birch suggested that if we want to control DHCP we would
>>>>>> need a router behind their router.
>>>>> There are multiple ways to hand out IP address, a router is just
>>>>> one of them and sometimes the easiest option for a small office.
>>>>>
>>>>>>
>>>>>> Which is preferred?
>>>>>> 1) to have the ISP handle DHCP
>>>>>> 2) to have the 2003 Server R2 handle DHCP
>>>>> Depending upon the number of network devices, I would do DHCP myself
>>>>> and use a router for < 40 devices.
>>>>>
>>>>> Above 40 devices, I would use a single server with A/D, DNS and DHCP
>>>>> installed.
>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Dale
>>>>>
>>>>> moncho
>>>>
>>>>
>>>
>>