Setting up primary DNS server on Router

**cranialsurge** · 03-26-10, 12:43 PM

Hi,

I have a Windows Server 2008 R2 machine setup as my primary domain controller with AD installed on it. I can connect to my domain from all of my clients by manually specifying the internal address (assigned by the router's NAT) of this server as the client's primary DNS server address. However I would like for this process to be automated. So whenever a new client joins my network, the router should automatically assign my domain controller's IP (192.168.x.x) as the client's primary dns address. Currently all the clients get the router's internal IP as the default DNS server address. So I have to manually change that on each client's ethernet adapter properties to point to my domain controller.

I am guessing that I have to specify the internal address of my DC (which has forwarder's to my ISP's DNS servers) as the router's primary DNS server, however when I try to do that, nothing changes. The clients continue to get my router's IP as their primary DNS. I am using a Netgear WNDR3700 router.

Any help would be appreciated.

Thanks

**YeOldeStonecat** · 03-26-10, 01:57 PM

Whatever DHCP service you run for your network....edit it, and have it hand out the LAN IP of your DC, as the one and only DNS server. Your router will default to having DHCP enabled, and it will default to handing out itself as a DNS forwarder, or hand out your ISPs 2x DNS servers...which, naturally, will break active directory on your network. Workstations MUST use the IP of your domain controllers for DNS, not the router, and not your ISPs servers, nor any other public DNS servers.

I prefer to have my servers run DHCP, rather than the router. Keeps active directory running tighter, faster/better client DNS registration, etc.

**cranialsurge** · 03-26-10, 04:51 PM

Hey,

Thanks for you reponse. So essentially I could just have my router connected to the modem, assign a public static IP to the router, disable DHCP on it and use a server connected to that router as the DHCP router. Right ?

This would entail the following:

Assigning the NIC on the server with a static internal address ... something like 192.168.x.x and the default gateway would be the router's LAN IP e.g. 192.168.1.1. Also I will be using the server as my DNS too so the NIC's primary dns would read "127.0.0.1" with appropriate DNS forwarders configured on the server that point to my ISP's DNS.

Please correct me if I am wrong in my steps above. So at this point if I connected a wireless client like a laptop to my router using wi-fi, would it automatically detect my DHCP server and get an address assigned from it ?

**YeOldeStonecat** · 03-26-10, 05:06 PM

How you have your routers WAN interface setup is irrelevant of the internal setup. You only setup your routers WAN interface in a static setup if that's what your ISP requires. Other option...leave it "Obtain via DHCP" so your ISP hands it the same IP via a reservation on their end, or have it PPPoE is you're on the common type of DSL.

LAN interface of the router, yeah, 192.168.10.1 or whatever (I usually move biz networks away from the common 192.168.1.1 or 192.168.0.1 ranges...for the purpose of VPN from home or flexibility in creating WANs).

Disable DHCP service on the router..else the Windows DHCP service won't be happy.

On the server, create a DHCP service...routers LAN IP as the gateway, the servers LAN IP as the DNS server, create your options...exclusions, I usually have the DHCP service start handing out IP starting at .100. Leaving .2-99 reserved for static things. Servers usually in the teens, printers in the 20's, etc.

And yes the server needs to look at itself for DNS..either its actual LAN IP like 192.168.11.11, or local host 127.0.0.1

For increased security, I always set the servers DNS to forward to OpenDNS DNS servers, 208.67.222.222 and 208.67.220.220. Increased protection from malware..as they block known malware distributing sites. Your workstations can't download what they can't resolve.

If there's no server on the network, I'll set the routers WAN side to those DNS servers, and/or customize the routers DHCP service to hand out those IPs instead of the ISPs DNS servers.