2

This is my first time posting here, so please bear with me. I have been searching for this answer for a few days now with no luck. Maybe my google-fu is not strong enough.

I am a software engineer working (currently) exclusively with the Microsoft stack. My home network is set up with a AD Domain. I know this is overkill for a home network. I use this for many things, mostly to test out ideas for Windows Authentication, and Group Access to applications that I write. Nothing too advanced. Mostly hypothetical cases that I would have no way of testing at work (or would take weeks of red tape). I also use it to restrict access to data on my file servers (Media, General Data, Backups) for guests that I let on my network. I do not pretend to be a Server/Domain Engineer :)

When I set up my Domain, I set up a 2008 server hosting AD, DNS, and DHCP (I believe that is all). I then added another 2012 server last year and made it primary.

So my question:

Do the DNS and DHCP roles have to be running on a windows server, or can I remove those roles and have them served up by my router? The only thing that I actively do with either is make reservations in DHCP when I get a new device. I have a few DNS entries to resolve a custom name, but I can live without that. I could easily handle DHCP reservations on my router.

I want to do this for two reasons.

  1. If my AD server goes down (Power Outage, or whatever), Internet access drops. My wife works from home a lot, and I am not always available to troubleshoot other than telling her to go check the light on the server.

  2. I have recently purchased a UPS that I would like to use to cover my modem, router, server, and wireless phone. This would give us a few methods of communication in cases of a power outage. This is what is most important to me. If I can remove those roles and have them served up by the router, I can send a command for my AD Server to shutdown cleanly on a power outage (signal from the BBU) and still have network access for phones, tablets, and laptops without the server hogging all of the battery.

I believe that DHCP CAN be moved, but I am not sure about whether or not DNS is irrevocably tied to AD and must be on a Windows server.

As a second question, if removing DNS is not possible, can things be configured to fail back to my ISP's DNS when the server goes down?

Sorry for the novel...

Improve this question
2
  • AD requires AD-enabled DNS. This doesn't have to be the MS DNS, but it's WAY easier to use it. If you move to a non-MS DNS server then you need to ensure it has all the proper records required for the domain controllers (and various domain services, etc.) so they can be located by the AD clients.
    – Ƭᴇcʜιᴇ007
    Commented Jan 14, 2015 at 20:23
  • That is what I feared, and was thinking. Thank you for your help. I am going to try the answer below and see if that gives me what I am looking for.
    – TychonOmega
    Commented Jan 14, 2015 at 20:56

1 Answer 1

Reset to default
2

Although you can remove both from the server, it is not recommended to remove the DNS server part, because this handles the translation from server name to IP address.

Then of course, there is always the ability to have 2 DHCP servers running concurrently. Configure them the same, but make sure their scopes do not overlap. This way, you always have a fall back. But this is not required. You could entirely use the DHCP server from the router, which, in this case, is preferable.

What you want to do is as follows:

Make sure your server has a static IP address outside of the DHCP scope. On your router configure the DHCP server to hand out IP's as follows:
- IP range with subnet mask that is free
- DNS Server1: server 1, your server's IP address
- DNS Server2: Either the one of your ISP, or 8.8.8.8 (google's DNS server)

Do note that there is a risk with this setup. If your server goes down, DNS will not be translated anymore. The client will still be using this DNS server until they get a new leash from the DHCP server, so the client needs to reboot until the server problems are solved.

This is not best practice, but for what you want it should do.

Improve this answer
7
  • This would be great, if that works. For some reason, I was thinking that it would not be possible to mix AD and Non-AD DNS. If this works, that would meet all of my needs I believe. I will give it a try after the wife goes to bed (and I can risk bringing the internet access down). If the main concern would be the required manual intervention of rebooting or renewing the connection after a power outage/failure, I am perfectly fine with that. Most of my devices are not on AD or connecting to internal computers (tablets, phones, printers), so I could sort it out quickly enough.
    – TychonOmega
    Commented Jan 14, 2015 at 20:51
  • 1
    As I am not sure of the protocol in accepting answers, I plan to check this out and come back to accept if it works.
    – TychonOmega
    Commented Jan 14, 2015 at 20:55
  • Thats fine. I have run an AD server in my home network to test things out as well, and I wanted to do the same thing. so I am actually talking out of experience here. But sure, test it, and when it works, then accept the answer. :)
    – LPChip
    Commented Jan 14, 2015 at 21:30
  • One thing I had not considered. My AD/DNS Server is a virtual on Hyper-V. If I set the DNS up this way, would the host always use the secondary DNS on startup, since the Domain Controller/DNS has not spun up yet? Or, would it be better to run DNS on my host? I know I ambreaking best practices in a big way...
    – TychonOmega
    Commented Jan 14, 2015 at 22:04
  • Nah, use your DNS on the Hyper-V. The server must be up and running before clients can connect to it anyway. So it doesn't matter if the DNS is on the host or the Hyper-V. Its best-practice to have the DNS on the same as the Domain Controller in a situation like this.
    – LPChip
    Commented Jan 14, 2015 at 22:55

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .