Active Directory/DNS friendly router

[palswim]

I have a home network with my roommates and like AD for two reasons: user propagation (so that I can sit at my roommate's computer and log onto it without killing his session and without him having to create an account for me) and roaming profiles.

I have a server and several client machines (and game systems, print servers, etc.), which I've networked together with a D-Link DGL 4300 router (and a switch). The server runs as an AD server, a DNS server, a file server, and used to run as a media server (but now I've headed the DLNA route with that). I realize that some of you may disagree with my choice about a multi-role server, but it works so far.

I like my router because it has features I like (port forwarding, DHCP reservation, remote management) and allows me to manage them very well. But, I really wish it let me offload DNS queries to the address/computer of my choosing. It has something saying "Use these DNS Servers", but after trying to use the feature (by inputting my server's local IP address), I have a feeling it only lets me use external sources (when I give it OpenDNS servers, it works as I expect).

If I want to manually set each of my computers to use the server's address for their DNS server, then the computer can join the domain without problem.

So, I'm wondering if a (consumer) router exists which would enable me to redirect me home computers' DNS queries to my server. It wouldn't have to have wireless, since I could put the D-Link in bridge/switch mode, but I would like it to at least have the features which the D-Link has. I have checked the DD-WRT firmware, but I can't tell if it would do this or not.

Or perhaps, I don't need another router and a different solution exists! I don't know!


Cliffs: Can I find a router which will allow me to redirect DNS queries to another machine within the local network?

 

[spidey07]

All you need to do is manually assign the DNS server in your routers configuration. It will then give this server to clients to use for DNS via DHCP.

 

[Crusty]

Your local dns server will be able to resolve external hostnames, so as long as your router is handing out your local dns server's IP via DHCP there shouldn't be a need to do anything else.

 

[palswim]

Originally posted by: spidey07
All you need to do is manually assign the DNS server in your routers configuration. It will then give this server to clients to use for DNS via DHCP.

I don't think my router does that, though, since I put my server's address in the configuration and it didn't do anything. Only when I manually changed my client PC's DNS server could I connect to the domain.

 

[spidey07]

You can check what DNS server is being provide with DHCP with the command ipconfig/all.

Are you saying the router didn't give out the correct DNS server? What's the model. Any router should be able to do this.

 

[palswim]

Originally posted by: spidey07
You can check what DNS server is being provide with DHCP with the command ipconfig/all.

Are you saying the router didn't give out the correct DNS server? What's the model. Any router should be able to do this.

If I use the "Obtain DNS Server automatically", ipconfig /all shows that my DNS server is "192.168.0.1" (the router's address). Then, when I ping www.google.com, I see "Pinging google.navigation.opendns.com [208.67.219.231] with 32 bytes of data", which leads me to believe that it's using OpenDNS servers, which I've set up as the secondary DNS server on my router (I've input my own server as the first). When I ping the domain name, I get no response.

 

[palswim]

Originally posted by: spidey07
You can check what DNS server is being provide with DHCP with the command ipconfig/all.

Are you saying the router didn't give out the correct DNS server? What's the model. Any router should be able to do this.

I use a D-Link DGL-4300.

 

[spidey07]

Are you sure your internal DNS server is functioning correctly? Manually set the clients to use it and then use the command line tool 'nslookup' to put in fully qualified domain names (FQDN).

A domain by itself is not required to have an address, but frequently does. google.com is a domain, www.google.com is a FQDN. You can also try upgrading your firmware and also listing the model so others can help. What your trying to do is pretty normal and something I would expect all SOHO routers to support.

A lot of SOHO routers will give their internal address as the DNS server to dhcp clients as they act like a caching name server. You could also try calling support for your router. Or see if your model supports 3rd party firmware such as ddwrt which can provide more features. I know very little about ddwrt or the others but it does provide more features/control.

 

[RebateMonger]

The standard way to set up DHCP and DNS in an office with a server is to turn OFF the DHCP server on the router and turn ON DHCP and DNS on the server. All the router does is provide NAT and port forwarding as needed.

Obviously, you enable DHCP and DNS services on the server. All of the PCs in the office, including the server itself, use the server's DNS service. You can use DHCP, DHCP Reservations, or Static IP addresses on the client PCs.

You tell the server's DNS service to use Root Hints to find names on the Internet. If the server doesn't find a name on the local network, then it will use the Root Hints to locate the name on the Internet.

 

[Jamsan]

Agree with RebateMonger. Use the server to handle DHCP and it shouldn't have any issues giving out the correct DNS server to the clients. 03 Server can do everything your router can (reservations), so it shouldn't be an issue to switch over to it.

 

[palswim]

Originally posted by: RebateMonger
The standard way to set up DHCP and DNS in an office with a server is to turn OFF the DHCP server on the router and turn ON DHCP and DNS on the server. All the router does is provide NAT and port forwarding as needed.

Obviously, you enable DHCP and DNS services on the server. All of the PCs in the office, including the server itself, use the server's DNS service. You can use DHCP, DHCP Reservations, or Static IP addresses on the client PCs.

You tell the server's DNS service to use Root Hints to find names on the Internet. If the server doesn't find a name on the local network, then it will use the Root Hints to locate the name on the Internet.

Well, I don't know all the protocols behind DNS and DHCP, but I did configure my (Windows Server 2008) server as a DHCP server today (it already acting as a DNS & AD server), then disabled my router's DNS service. But, my test client machine could not locate the DHCP server once I made the switch. With my router's DHCP off and my server's on, I received the following error:

An error occurred while renewing interface Wireless Network Connection : unable
to contact your DHCP server. Request has timed out.

So, do I have to do something to "register" my server as a DHCP server, or should the network configure everything automatically?

 

[palswim]

If I still want to try to use the router with DHCP, but offload the DNS, I try to configure it like this.

The router does have another setting called "Enable DNS Relay", which sounds like something I want to set.

 

[RebateMonger]

Originally posted by: palswim
So, do I have to do something to "register" my server as a DHCP server, or should the network configure everything automatically?

Well, a DHCP server DOES have to be Authorized by Windows Server 2003. Right click on the DHCP server's icon and click "Authorize". And the DHCP Scope has to be Activated.

But you might also be having problems with the client PC's NIC looking for the "old" DHCP server. At the command prompt, release the old IP address. That NIC will keep trying to renew from the same DHCP server.

"IPConfig /release"

Then, have the NIC obtain a new IP address from the new DHCP server.

Seriously, Windows Server's DHCP server is pretty simple, normally. Once you get it working, you'll probably never touch it again. Don't split the DHCP server/DNS server.

 

[palswim]

Originally posted by: RebateMonger

Originally posted by: palswim
So, do I have to do something to "register" my server as a DHCP server, or should the network configure everything automatically?

Well, a DHCP server DOES have to be Authorized by Windows Server 2003. Right click on the DHCP server's icon and click "Authorize". And the DHCP Scope has to be Activated.

But you might also be having problems with the client PC's NIC looking for the "old" DHCP server. At the command prompt, release the old IP address. That NIC will keep trying to renew from the same DHCP server.

"IPConfig /release"

Then, have the NIC obtain a new IP address from the new DHCP server.

Seriously, Windows Server's DHCP server is pretty simple, normally. Once you get it working, you'll probably never touch it again. Don't split the DHCP server/DNS server.

Well, looks like I forgot to Authorize my server. Now, my Server 2008 machine functions at my DNS and DHCP server - and it does look like I won't have to touch it again. Thanks guys!

DNS seems a little more sluggish, but I'll have to keep this configuration for a while to see if it does, in fact run slower. Now, my server uses the router as a forwarder, which uses the OpenDNS servers itself (this seems to run faster than using the OpenDNS servers directly from my server).

 

[RebateMonger]

Originally posted by: palswim
Now, my server uses the router as a forwarder, which uses the OpenDNS servers itself (this seems to run faster than using the OpenDNS servers directly from my server).

That seems strange, since you are adding one additional step to DNS resolution. Of course, most DNS requests will be cached after a bit, either by the client PC or by the Windows Server DNS.

 

[palswim]

Originally posted by: RebateMonger

Originally posted by: palswim
Now, my server uses the router as a forwarder, which uses the OpenDNS servers itself (this seems to run faster than using the OpenDNS servers directly from my server).

That seems strange, since you are adding one additional step to DNS resolution. Of course, most DNS requests will be cached after a bit, either by the client PC or by the Windows Server DNS.

Yeah, but it seemed to work faster than using the OpenDNS servers as forwarders directly on the server - I kept receiving timeouts. I can't tell you why it works that way, though.

 

[RebateMonger]

Originally posted by: palswim
Yeah, but it seemed to work faster than using the OpenDNS servers as forwarders directly on the server - I kept receiving timeouts. I can't tell you why it works that way, though.

Hmmm...timeouts. That's not "slower". That's "not working correctly". Does the same thing happen if you use a different DNS server as the Forwarder? (Your ISP's server, for instance.)

 

[Crusty]

Are you sure DNS server has Internet access?

 

[palswim]

Originally posted by: Crusty
Are you sure DNS server has Internet access?

Well, at first glance, I thought "of course!", but now I don't know. At the moment, I'm outside my domain, but can remote desktop into my laptop on the domain. I can ping my server from the laptop, but I can't access the server directly via the port forwarders I've configured on my router. I had figured that somehow my router determined the wrong address for the server. Also, the server didn't appear online in my Hamachi clients list or my LogMeIn computers.

But, after logging into my server with RDP via my laptop, I open a brower window and get a timeout error. I can't ping Google. So, it looks like I do not, in fact have access to the Internet. I know I've physically connected my server to the network (through a switch - I can't take it off the switch at the moment, since I'm not at home).


ipconfig /all (with edits):

Windows IP Configuration

Host Name . . . . . . . . . . . . : server
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : - Redacted -
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : - Redacted -
IPv4 Address. . . . . . . . . . . : 192.168.0.XXX (Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

Ethernet adapter VMware Network Adapter VMnet8:

Ethernet adapter Hamachi:

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected

Tunnel adapter Local Area Connection* 11:

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected

 

[drebo]

Originally posted by: palswimipconfig /all (with edits):

Windows IP Configuration
...
IPv4 Address. . . . . . . . . . . : 192.168.0.XXX (Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
...

Well there's your problem. No Default Gateway specified. That means your server will never be able to access any network outside your local 192.168.0.0/24 network.

Add the IP of your router in the interface's Default Gateway field and all your problems should be fixed.

 

[Crusty]

Yep, with no default gateway your Server doesn't know where to send traffic that isn't in it's local network.

 

[palswim]

Originally posted by: palswim

Originally posted by: Crusty
Are you sure DNS server has Internet access?

ipconfig /all (with edits):

Ethernet adapter Local Area Connection:
Default Gateway . . . . . . . . . :

I noticed this line and I guess somehow I had cleared my gateway. I re-set it to my router's IP address, and now I have connectivity. ¡Ay Caramba!

 

[palswim]

And I failed to refresh the forums, so I didn't see you guys' replies, either. Haha.

 

[Crusty]

It's always a good idea to set static IP's for all of your servers and use DHCP for all the client computers. DHCP reservations are okay, but if something happens to your firewall and you have to replace it you will lose connectivity to your servers until you reconfigure your firewall to have the DHCP reservations set again and if you didn't happen to write down those MAC addresses you have to go back to your servers and rebuild the rules manually.

 

[palswim]

Originally posted by: Crusty
It's always a good idea to set static IP's for all of your servers and use DHCP for all the client computers. DHCP reservations are okay, but if something happens to your firewall and you have to replace it you will lose connectivity to your servers until you reconfigure your firewall to have the DHCP reservations set again and if you didn't happen to write down those MAC addresses you have to go back to your servers and rebuild the rules manually.

I have set a static IP on my server and my clients use DHCP, but I can't quite tell what you're saying. I use DHCP reservations within the server's DHCP server. My router now functions only as a NAT machine and port forwarder. I believe you're saying that I should have this type of configuration, yes?