Advice on network topolgy

[dacoman]

Hello,

I have to ask your advise about a network solution.

Currently we have a domain controled windows network directory with two
win2k domain controlers and a number of workstation. One of the two
servers with two network cards is connected both to a router (a 4-port
Netgear) for WAN and to a hub for LAN. The IP's for the worktations are
assigned by a DHCP server runnign on one of the w2k servers. The
workstations are connected to the LAN through a set of hubs.

I would like to change this as follows. Use the same rounter but then (
and here is the change) use a switch(s) to connect both the
workstations and the servers. Now the router will assign IP's

Is this possible? Is this going to screw up the domain controlers?

One problem might be that I will have to change the IP of the LAN DNS
server (one of the W2k servers which right now has the first IP *.*.*.1
in the private domain) since I have to assign this IP address to the
router.

I will apreciate very much you input.

Regards,
D.

 

[Kurt]

Hook it up just as you say, but disable DHCP on the router and continue to
allow the Windows DHCP server to assign the IP addresses. You won't need the
second NIC in the server anymore (I assume you're doing this to allow
everybody to have Internet access). The big advantage here is that the
Windows DHCP server can register your workstations in DNS (even if they're
Win98) automatically.

Alternatively, you could disable DHCP on the server, put your local DNS
server's address into the router and allow the router to hand out Ip
addresses. But since you've already got a working DHCP server on the DC, why
change it?

If you have a "." (root) zone in your DNS zones, you'll either have to
delete it or set up your ISP's DNS server as a forwarder.

....kurt

 

[chrispsg]

Explained perfectly Kurt. I wouldnt use DHCP from the router when you
already have a working scope. The router's DHCP probably isnt as
configurable as the w2k dhcp server either.

psg

 

[dacoman]

Thanks Kurt, very useful advice.

--D

 

[dacoman]

Kurt,

A clarification about your posting.

You mention
"If you have a "." (root) zone in your DNS zones, you'll either have to
delete it or set up your ISP's DNS server as a forwarder. "

Should I do this if I choose to move the DSN and DCHP on the router or
do I have to do this even if I keep those services on the machine that
hosts them right now?

Thanks,
-D

 

[chrispsg]

You will not need to change anything if you replace the Hub with a
switch. What is the use of the second NIC?

Configuration for all devices:
W2K Server: DNS, (configure forwarders here. use the DNS server that
your ISP has given you.) DHCP Server (confiugre this to hand out the
lan ip of your router)
Clients: Set to obtain IP automatically
Router: Statically assigned IP address

Flow of traffic to internet should go like this:
request for www.example.com from client.........internal dns server
does not have the record...DNS forwards the request to ISP dns server
through the router. The FQDN is resolved and the webpage is displayed.

You will not have to change any IP settings if you replace the hub with
a switch

psg

 

[Kurt]

You can't - repeat CAN'T - use the router (which is acting llike a
forwarding DNS proxy) as the DNS server if you want your active directory
domain to be functional. You MUST use your Domain Controller (or a properly
configured DNS server with all of the SRV records for a domain - I wouldn't
go there). Active Directory depends on DNS - it's heirarchy is modeled after
DNS. DHCP uses very little resources. There is just simply no reason to even
consider the router for either of these functions. Your server is the only
way to go. You'll have nothing but problems if you don't use your AD DNS.
And Windows DHCP is designed specifically to integrate into your Windows
DNS. Do yourself a favor and do it the way it ws all intended to work.

....kurt

 

[Kurt]

Oh ya. You can forward requests for Internet name resolution to another DNS
server (usually your own ISP's Server). This offloads your own DNS server
from having to process requests for zones other than the ones for which it
is the SOA. But if you don't want to do that, you can just delete the "."
zone (if you have one) and your DNS server can resolve all requests (both
local and Internet). It is a full blown DNS server. It really depends on how
many hosts you are servicing and what kinds of other services you are
loading your server down with. If your DC is the file server, sql server,
terminal server, remote access server, print server and your one and only
DC, you might want to limit any additional load. On the other hand, if the
system idle process it at 99%, I wouldn't worry about it.

....kurt