9

I have a question related to servers which will not have any outside internet connection.

The topology is very simple :

enter image description here

I have an example IP address of 10.10.10.10 for the server and the workstations which have IP addresses 10.10.10.30 and 10.10.10.31.

How exactly is the IPv4 properties supposed to be configured in this case?

I am confused as there is no router and am unsure as to what exactly the default gateway should be.

For example :

enter image description here

Should the default gateway be 10.10.10.11 or is 10.10.10.10 not going to cause issues?

The same question goes for the DNS, as for Active Directory servers DNS is required. Should DNS be 10.10.10.10?

marcelm
  • 1,034
  • 8
  • 9
MFerguson
  • 193
  • 5
  • 6
    As a nitpick, if that server has a network connection, I wouldn't call it air-gapped. You could perhaps call the _network_ air-gapped, but honestly I think it's better to use a different term altogether. "Isolated network" perhaps. – marcelm Jan 07 '22 at 10:20
  • 7
    @marcelm that's not a nitpick, that's a real difference – Vince Bowdren Jan 07 '22 at 12:36
  • There's no router, so there's no default gateway. – Zac67 Jan 30 '22 at 19:07

3 Answers3

21

Leave the default gateway blank. There is no default gateway, because there's no access to any other subnets.

Grant
  • 17,859
  • 14
  • 72
  • 103
13

It really doesn't matter what you put as default gateway. All machines are in the same network thus no routing needs to happen so no gateway to another network needs to be contacted.

--edit--

And yes, for DNS, if your server is hosting DNS and the other clients need it then the servers ip should be put into the clients' config as default DNS as you already properly did according to the screenshot.

--edit2-- As others have pointed out in their answers: While putting anything into your default gateway configuration won't break your setup, leaving the default gateway blank is the more elegant way to go.

MoWo
  • 443
  • 1
  • 10
  • The screenshot shows windows, so IT there's a windows AD then DNS will be required. If its a workgroup, then DNS is a convenience, though for a 3 host network that never changes, host file entries might be sufficient. – Criggie Jan 08 '22 at 21:12
6

Leaving the default gateway blank is the best choice for two reasons

  1. If there's a default gateway set, things will have to wait for a timeout whereas leaving it blank tells the OS there is "no route to host" and that will fail much quicker.
  2. if some device ever gets that IP, it will start receiving unexpected traffic - probably ignoring it all but still not ideal.

You can still use a DHCP server that doesn't send a default gateway in the DHCP offers, and if this isolated network grows to more hosts then that can be convenient.

Criggie
  • 2,379
  • 14
  • 25
  • I'm curious why OP wants an isolated network, but that's unrelated. – Criggie Jan 08 '22 at 11:37
  • 1
    Well I'd guess testing, and I know of some network storage setups that 'just' run a isolated network. I've currently got one running at home for testing/working out some future network upgrades that looks wierdly akin to this :D – Journeyman Geek Jan 09 '22 at 10:02
  • @JourneymanGeek yep - I have something like this for a CCTV camera VLAN, where the `motion` server is dual-homed and serves DHCP, but does not have any IP forwarding because cheap asian cameras phoning home. My ISCSI vlans are similar. Just wondering what OP's reason was. I've seen someone with a literal air-gapped computer take a virus to it on a floppy, because "it didn't open on the internet-connected computer" – Criggie Jan 09 '22 at 18:14