-1

I have two lans every one should use individual internet line :

First is 10.10.10.0 255.255.254.0

topology:

  • router connected to switches and have one sever connected to same switches
  • server act as: AD, DNS and DHCP server and every thing is working well

Second lan have 8 public ip and modem no router:

Topology:

  • now modem connected to a switch separated from other switches and PCs have static public ips (users connected to that switch use this internet line alone, we will not to integrate the two lines)

what i want is to join these pcs in AD server and DHCP server

what will i do??

  • i will connect the switch of these public network to another lan card in the same sever and give this interface one of the public ips this lan have.

  • in PCs, delete static ip

  • in DHCP server i will create another scope to these public IPs with default gateway: ((Modem public IP)) and DNS (( AD server IP which in different lan but DHCP and AD server can't see this lan coz they are in different lans

  • so i will setup ((remote access >> routing >> custom >> lan routing )) between these two interfaces.

First Qestion is : in this new interface what DNS should be assigned to it :

  • ip of this server in the other lan (10.10.10.5)
  • or make it empty because the other interface have the AD and DHCP dns (10.10.10.5) so no need to give it one.

Second question is :

is this solution to join this pcs to AD and DHCP server make any problems or will work fine??

  • in this solution server have two internet lines ((of course the new interface have no D.G)). Is this 2 internet lines to same switch will make problems in server or in Network or what ??

and if it was another better solution for this case without adding any new hardware, please suggest ...

Community
  • 1
Mahmoud Ahmed
  • 1
  • 2

1 Answers1

1

The DNS servers of everything should go through AD. On the DC, I usually set the primary to localhost and the secondary to another DC. You can do it in both interfaces if you want; it doesn't make much difference.

This use case of yours is normal. I'm guessing from what you wrote that you plan to add a second interface on the DHCP/AD server for your second LAN - this is fine. You will want something other than your AD server routing between those LANs though, for performance reasons at the very least.

The DHCP server for a LAN needs to be in the same broadcast domain as the devices it configures. However, you can get around this by using a DHCP forwarder; that's up to you.

If you go with a DHCP forwarder, you can avoid adding the second interface to the DC, since the forwarder will take care of DHCP and routing will provide access to the DNS and DHCP servers.

Give that a shot and see how it works for you.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
  • "You will want something other than your AD server routing between those LANs though, for performance reasons at the very least." the routing is just to make pcs join to AD an uses an external storage in the other lan (it's just 6 pcs ) what do think server can't do it?? – Mahmoud Ahmed Oct 10 '15 at 22:56
  • Yes, I think so. This is doubly the case if your boxes will all be accessing the internet through it. Do you want the network to go down every time you install windows updates? – Falcon Momot Oct 10 '15 at 22:58
  • please see my comment after editing :) and every lan have it's internet line separated – Mahmoud Ahmed Oct 10 '15 at 22:59
  • Yes, it is fine if your DC has many default routes. You don't even need to leave the default gateway blank on the second interface. – Falcon Momot Oct 10 '15 at 23:02
  • so u suggest to add ip of modem in the second interface, and ip of the router in the first interface ? and no problem is happend if i do this ? – Mahmoud Ahmed Oct 11 '15 at 00:28
  • now without connect the second interface i leave d.g blank on server and have internet because router have dhcp on it with the same network, so u suggest to add ip of modem in the second interface as a D.G, and ip of the router in the first interface as D.G? do this and no problem is happend if i do this ? Note (every internet line is a separated network ips and mask ) – Mahmoud Ahmed Oct 11 '15 at 00:34
  • Yes, from what you have said this should work fine. Just give it a shot and see if you have any problems. – Falcon Momot Oct 11 '15 at 01:29