SIGforum.com Main Page The Lounge Looking for a little help from our member IT experts. Thanks. - Original post updated.
Main Page The Lounge Looking for a little help from our member IT experts. Thanks. - Original post updated.Page 1 2
Go | New | Find | Notify | Tools | Reply | |
| Member |
I’m seeking help from our resident IT experts. I’ve searched the web but feel I must not be using the correct search terms because I’m not finding any information. If any of you can point me to an article or better yet a video that will guide me through the process, I would be very grateful. I have a server 2012R2 AD server with DNS set up to use 10.200.10.0/24 IP range. I need this same server to manage the 10.200.20.0/24 IP range. But I don’t know how to configure it. Any help or pointers would be greatly appreciated. V/r, John 2.2.2021 - Thanks for all the input. BIG thanks to eyrich. Your suggestion was right on the money. I was able to accomplish what I needed by creating a reverse look up zone.This message has been edited. Last edited by: JohnDFW, | ||
|
The One True IcePick |
open up DNS manager go to server's name Find reverse lookup zone right click New Zone Try using DNS Zone in your search | |||
|
Member |
I don't understand what you're actually trying to do. Is your AD server setup to be a DNS server for all clients on the x.x.10.0/24? And you're trying to do the same thing for clients on x.x.20.0/24? If so, you can either hardcode each individual client to have the AD server as it's DNS. Or you can change the config of the DHCP server for those clients so that they simply get offered the AD server as the preferred DNS. This is all assuming you have proper routing setup between the two subnets of course. Or have I completely missed my mark and you're trying to do something else? This is where my signature goes. | |||
|
| Member |
Yes, the AD server is also functioning as the DNS server; currently for the ..10.0/24 subnet. But I want it to also function as the DNS server for the ..20.x/24 range. I am already setting the AD server as the DNS server in the NIC properties as each machine is assigned a static IP. But unless the AD server (DNS server) is configured properly I don't see how it would recognize a ..20.x/24 IP address. I'm pretty sure eyrich has sent me in the proper direction. just started researching. Thanks | |||
|
| Alea iacta est |
No, DNS does not care about client ip addresses. As for creating a new zone, the only new zone you would need to create would be a reverse lookup zone. Forward lookup zones also do not care about client ip addresses. As stated by the previous poster, more information is needed about what, exactly, you're trying to accomplish. Your original request, as written, makes no sense. Unless you have ACLs or firewalls in the way, AD and DNS can service any network capable of communicating with them with no additional configuration whatsoever. Even if there are ACLs or firewalls, the necessary reconfiguration would not be on the domain controller, but rather on the intervening network gear. Having said all that, you should stop using 2012. It's quite long in the tooth, and 2019 has many security upgrades and advantages over 2012. Even 2016 is substantially more secure. | |||
|
Optimistic Cynic |
Is it possible the OP is talking about DHCP rather than DNS? That is, wanting to get his server to issue leases on both subnets? | |||
|
Member |
That's what I'm thinking. Your DHCP server will assign the IP range or CIDR block for a subnet. You can then assign your 2012R2 server to be the DNS server for a particular subnet. You need to log into your DHCP server and adjust your settings accordingly. __________________________________ An operator is someone who picks up the phone when I dial 0. | |||
|
| Alea iacta est |
Dhcp servers assign addresses, not ranges. In any event, don't forget he will also need to configure ip-helper on the other vlan, because muti-homing a domain controller is like a 101 level mistake. | |||
|
| Member |
Thanks for all the input. Yes, I know 2012 is very long in the tooth, but that's what the client runs and unfortunately I have no control over their decision. As to what I am wanting, the IP ..10/24 will allow approximately 256 IP assigned to systems (actually less of course). If I add the additional IP range to the DNS then more systems can be controlled by this AD server. I'm not talking about DHCP because I assign all the IP addresses. Under the environment I'm trying to configure the NIC will reflect the gateway and mask of the specific subnet but the DNS settings will be the same on both. | |||
|
| Alea iacta est |
Respectfully, this does not help to clarify what you are trying to do. | |||
|
quarter MOA visionary |
I agree.
^^^ is a bit confusing as that sounds to me the like DHCP role?? I would ask the OP what is in his view what is the role of the DNS server? Also a more complete outline of the network would be helpful including defining the clients and how they are located physically.  | |||
|
| Member |
Fair, I should have said router. Either way the ranges are defined upstream from the DNS server. And in the OP's case I'm guessing his router and DHCP server are likely the same device. __________________________________ An operator is someone who picks up the phone when I dial 0. | |||
|
| Alea iacta est |
Huh? | |||
|
| Member |
The OP most likely has a router or security appliance that sits between his switches and gateway. That device in most cases also serves as the DHCP server. He's going to have to log into the console or terminal of this device and define IP ranges, VLANs, and which DNS server he wants those clients to use. __________________________________ An operator is someone who picks up the phone when I dial 0. | |||
|
A Grateful American |
You can have a DHCP Zone for both third octets. x.x.10.x and x.x.20.x You can set the range for a very narrow number to allow the DHCP Service to manage both ranges. Foe example, set each zone to hand out leases from x.x.10.2 through 10. That would be 8 addresses (you could do 2 addresses if you want.) Do the same for the x.x.20.x zone. Then you can set lease reservation of any range you are using for your static IP addresses you are assigning clients. (I think that is what you say you are doing for both of those networks). If you are using a router in addition to an AD DHCP server, you either need to reserve or lease in ranges that do not result in more than one DHCP service to issue any identical address(es). Then as suggested, set up a primary and reverse zone for each of the two networks (the ...10.x and ...20.x) so manage DNS resolution. And make sure the DNS records reflect the DHCP servers. If you want to email me to discuss or talk on the phone to help me understand what you have and are trying to achieve. I would be happy to assist. (I have done some things with some very odd equipment over the years that required some unique configurations not wholly orthodox. Not everything is "MS File and Print", and a lot of information is limited to those constraints.) "the meaning of life, is to give life meaning" ✡ Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב! | |||
|
| Alea iacta est |
First, near everything you said is an assumption, and is in no way a realistic representation of any information provided by the op thus far. Second, I'm not sure what types of networks you've been working on, but in any business network large enough to require handing out more Tha a single /24s worth of addresses, the router AND the gateway ARE the switch. The gateway is nothing more than an SVI on the vlan, and L3 routing is handled by that same switch. Lastly, I've been in thousands of networks over the past 2 decades, and if a customer uses DHCP (I've seen a grand total of 1 that did not use DHCP for endpoints), I can count on one hand the number of customer networks that did not do DHCP on a windows server (typically on a domain controller, but not always). The only exception to this, normally, is a DHCP scope configured on VoIP vlans. This is normally handled on a network device somewhere. Usually. We can all continue to speculate about what the op is attempting to do, or he can come back here and tell us. | |||
|
| Alea iacta est |
I know you're a sharp guy, and have some professional experience in this arena as well. As such, I'll extend the professional courtesy of assuming you're tired from working a customer outage all weekend. Since op hasn't returned, and is likely to read this thread at some point and start googling what we are all talking about, allow me to do him the courtesy of of tidying some of your oversights/misspeaks. DHCP servers do not have zones, they have scopes. Yes, he can configure the scopes to hand out a very narrow range, however, decades of experience has taught me that it is easier to configure the scope to hand out the entire network's worth of addresses, then restrict those you do not actually want to hand out via the use of exclusions. Exclusions can be modified later without taking a scope down. Redefining a scope cannot be done hot, and will cause service disruption. Static ip addresses do not require reservations. Static ip addresses should be in the exclusions. Reservations are used to provide the same DHCP ip address to a client machine. While functionally equivalent (mostly), the two are not interchangeable, nor is the terminology. "set up a primary [zone]". This is most perplexing to me. If he is using ad-integrated dns, why would he configure a primary zone? Based on the rest of that sentence: "and a reverse zone", I can only conclude that you meant a forward zone, not a primary zone. Since he already has a forward lookup zone (assuming ad actually functions), and he wants to "manage this other address space using the same domain controller", it is logical to assume the second network would also be in the same domain, thus he already has all the forward zone required. Only a reverse zone would need to be configured. Strictly speaking, unless the new network has servers in it, the configuration of a reverse lookup zone is more a "nice to have" since the overwhelming majority of networks today do not care about reverse resolution of client (endpoint) devices. When providing technical advice, especially advice that is likely to be further researched, it is paramount that we use the correct terminology so that the person doing the research is able to understand what we are saying. Otherwise, we do a disservice. Lastly, I have some concern that op refers to the domains owner as "the client". This, logically, leads one to believe he is in some type of for-hire relationship with the owner of the server in question. I hope "the client" doesn't read this and see that the professional they are working with is unable to even explain what it is he is trying to accomplish, while presumably charging for these same services. | |||
|
| Member |
My assumption is that this is a fairly basic network and he's trying to isolate a portion of it for something like a sub-contractor or an M&A where they still need a domain account of some sort but with lower levels of privilege. Plenty of businesses hand out more than 256 addresses without needing a separate Windows server. Between multi-function devices, laptops, conference room computers, and the IoT coffee maker, a 70 person business can easily have 300 devices on their network. Heck, my house has 10 devices per person. But you're correct, until we know the business goal and see the topology it's hard to understand what's going on and what's the intent. __________________________________ An operator is someone who picks up the phone when I dial 0. | |||
|
| Member |
I know you're also a sharp guy, but don't be a condescending ass.  __________________________________ An operator is someone who picks up the phone when I dial 0. | |||
|
| A Grateful American |
Yeah. Tired, and old. I am finding I am making more such cognitive errors as I make another trip form night to day. I can still do it without thinking about it. You are correct, my brain knows, but I had a failure in the translating that to fingers. I have been working in the computer field since 1980, and simply walked out the door October 4th 2019. I should have left the book closed. I will do so from this moment forward. You offer to help him. I'm out. "the meaning of life, is to give life meaning" ✡ Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב! | |||
|
| Powered by Social Strata | Page 1 2 |
 | Please Wait. Your request is being processed... |
|
SIGforum.com Main Page The Lounge Looking for a little help from our member IT experts. Thanks. - Original post updated.
Main Page The Lounge Looking for a little help from our member IT experts. Thanks. - Original post updated.© SIGforum 2024