This is my first time posting here, so please bear with me. I have been searching for this answer for a few days now with no luck. Maybe my google-fu is not strong enough.
I am a software engineer working (currently) exclusively with the Microsoft stack. My home network is set up with a AD Domain. I know this is overkill for a home network. I use this for many things, mostly to test out ideas for Windows Authentication, and Group Access to applications that I write. Nothing too advanced. Mostly hypothetical cases that I would have no way of testing at work (or would take weeks of red tape). I also use it to restrict access to data on my file servers (Media, General Data, Backups) for guests that I let on my network. I do not pretend to be a Server/Domain Engineer 🙂
When I set up my Domain, I set up a 2008 server hosting AD, DNS, and DHCP (I believe that is all). I then added another 2012 server last year and made it primary.
So my question:
Do the DNS and DHCP roles have to be running on a windows server, or can I remove those roles and have them served up by my router? The only thing that I actively do with either is make reservations in DHCP when I get a new device. I have a few DNS entries to resolve a custom name, but I can live without that. I could easily handle DHCP reservations on my router.
I want to do this for two reasons.
-
If my AD server goes down (Power Outage, or whatever), Internet access drops. My wife works from home a lot, and I am not always available to troubleshoot other than telling her to go check the light on the server.
-
I have recently purchased a UPS that I would like to use to cover my modem, router, server, and wireless phone. This would give us a few methods of communication in cases of a power outage. This is what is most important to me. If I can remove those roles and have them served up by the router, I can send a command for my AD Server to shutdown cleanly on a power outage (signal from the BBU) and still have network access for phones, tablets, and laptops without the server hogging all of the battery.
I believe that DHCP CAN be moved, but I am not sure about whether or not DNS is irrevocably tied to AD and must be on a Windows server.
As a second question, if removing DNS is not possible, can things be configured to fail back to my ISP's DNS when the server goes down?
Sorry for the novel…
Best Answer
Although you can remove both from the server, it is not recommended to remove the DNS server part, because this handles the translation from server name to IP address.
Then of course, there is always the ability to have 2 DHCP servers running concurrently. Configure them the same, but make sure their scopes do not overlap. This way, you always have a fall back. But this is not required. You could entirely use the DHCP server from the router, which, in this case, is preferable.
What you want to do is as follows:
Make sure your server has a static IP address outside of the DHCP scope. On your router configure the DHCP server to hand out IP's as follows:
- IP range with subnet mask that is free
- DNS Server1: server 1, your server's IP address
- DNS Server2: Either the one of your ISP, or 8.8.8.8 (google's DNS server)
Do note that there is a risk with this setup. If your server goes down, DNS will not be translated anymore. The client will still be using this DNS server until they get a new leash from the DHCP server, so the client needs to reboot until the server problems are solved.
This is not best practice, but for what you want it should do.