# Windows Server 2012 with AD, DHCP and DNS -- Using Internet



## Leon53 (Nov 6, 2015)

Hello,

I am commisioning a new Windows Server 2012 R2. I have added AD, DNS and DHCP to the server. I have a TP Link router and a valid account to an ISP which is connected to the server and has a static ip address of 192.168.1.1. The DNS server is 192.168.1.3.

On the clients, if I select iPv4 properties as "Obtain DNS Address Automatically", then I have a connection to my SQL Server on the domain, but no internet access.

If I set preferred server to 192.168.1.3 (AD server) and Alternate to 192.168.1.1 (router). This allows internet access, but can give a bad resolution to the server name (name of server is Server03). I suspect that this is because the router is not part of AD and cannot resolve the local PC names.

How can I get this fixed?

Best regards
Leon


----------



## Triple6 (Dec 26, 2002)

Did you disable DNS and DHCP on the router? Both need to be disabled. When you set up DHCP and DNS on the server, are you sure you configured it correctly and ensured both are running and handing out the correct info? You should restart both services. On a client PC with DHCP enabled when you run IPCONFIG /ALL what does it list for the IP address, DHCP server, DNS and Gateway? Post those results. Did you enter in external DNS servers as Forwarders in the DNS setup?


----------



## Leon53 (Nov 6, 2015)

DHCP is most definitely disabled on the router which is a TP Link. It is not a DNS Server, or at least, there is no way to enable or disable it. I have attached a file showing the output for IPCONFIG /All.

You might note that there is a Preferred DNS Server of 192.168.1.3 (correct) and an Alternate of 192.168.1.1 (router). I see your suggestion above. The Preferred and Alternate Server are set in the iPv4 properties of the client PC. If I set that property to "Obtain DNS Server Address Automatically", the problem resolving SEL-SERVER-03 goes away, but no one then has internet access (Probe DNS Bad Config). 

In the Forwarders part of DNS, I have only an entry for SEL-SERVER-03 as 192.168.1.3. No external forwards. 

The PCs occasionally resolve SEL-SERVER-03 to 216.21.224.203 which I do not recognise as anything. I cannot find it anywhere. It is not in the Forwarders, Reverse Lookup and there is nothing at all in the hosts file. It appears to come from the router. I can mitigate this by doing ipconfig /renew on the PC which gets it (sometimes, sometimes not) to resolve to the (correct) 192.168.1.3. Obviously, not ideal.

Leon


----------



## Triple6 (Dec 26, 2002)

Remove the router as the secondary DNS.

Run IPCONFIG /FLUSHDNS

The 216.21.224.203 is an address on the web which is not not be resolving too.


----------



## fishscene (Apr 1, 2015)

In addition to Triple6:

Your server should be the only DNS server your computer's talk to. 

On the server DHCP server settings, make sure the following is true:
- DNS Servers: 192.168.1.3 (Your server)
- DHCP: Gateway Router: 192.168.1.1

On the Server DNS server settings,
Make sure the DNS forwarder is set to an external DNS server, such as your ISP (I don't trust Google's DNS servers: 8.8.8.8, 8.8.4.4)

How this works:
Your clients will get their DHCP information for your server so that they know if they want to go online, they need to talk to 192.168.1.1, but if they want to look up computer names or websites, they go to 192.168.1.3
When your DHCP server hands out an IP address to a client, it also writes an entry in the DNS server for that device:
computer1=192.168.1.50

So now if you try to ping "computer1", it will look it up on the DNS server and your DNS server says the computer is at 192.168.1.50

If your DNS server does NOT have an entry for a name or device, it will automatically forward the request to the DNS forwarder servers (which point to your ISP). If you ISP doesn't know, it forwards the request to other DNS servers up-stream. As soon as a DNS server somewhere on the chain has an entry and replies, all the DNS servers in the chain automatically cache the response for a period of time. Even your server. So the first person to go to google.com will spawn this process, your ISP will respond with google's IP address, your DNS server will cache the request temporarily (for example, a day) and if anyone on your network tries to go to google.com, your DNS server won't have to go through the whole lookup process and can just send Google's IP address to the client, who then knows to go through the gateway router to reach that external IP address.

In this way, you have DNS resolution for Internal AND External IP addresses, and if it is for an external IP address, the clients know to talk to the Gateway router.

Hope this helps!


----------



## Leon53 (Nov 6, 2015)

Thank you Triple6 and Fishscene. 

So, I go onto the server. On DNS, option 3(router) is already set to 192.168.1.1. Option 6 (DNS) is set to 192.168.1.3. So I don't need to do anything there.

On forwarders, do I remove the entry for SEL-SERVER-03? I add a new entry for 8.8.8.8 (warning noted, I may use something else) and simply mark it as, say, "Google"? 

On the DHCP clients, set the iPv4 property to "Obtain DNS Server Address Automatically". I ask if they will still get through to the internet at this point (they didn't before, but then again I did not have the forwarder set).

Thanks
Leon


----------



## Triple6 (Dec 26, 2002)

Under DHCP router should be 192.168.1.1, DNS should only be 192.168.1.3.

In DNS under Forwarders, not Conditional Forwarders, enter in either Google, OpenDNS, your ISP's DNS IP, or another one of your choosing. Not sure what you mean by 'mark it "Google"', you only need to enter in the IP, the Server FQDN will populate by itself if it's successful.


----------



## Leon53 (Nov 6, 2015)

Update -- I think I know what is going on here. I am suffering from "Split DNS".
The name of the AD Server is shipleyestates.com. They also have a registered web site with this domain name.
If on the client you set the ipV4 properties to "Obtain DNS Automatically IP Address" then SEL-SERVER-03 ALWAYS resolves to 192.168.1.3 and all is well BUT the client cannot access any websites using a browser (DNS_PROBE_BAD_CONFIG).
If you set the ipV4 properties so that the Preferred DNS Server is 192.168.1.3 and the Alternate is 8.8.8.8 then internet access works perfectly well BUT when you ping SEL-SERVER-03 you occasionally get it resolved as SEL-SERVER-03 (192.168.1.3) but sometimes get SEL-SERVER-03.shipleyestates.com 216.21.224.203 (the IP address is that of the web site) and the local users have no access to SQL Server. 
This seems really messy to sort out. Any help appreciated.


----------



## Leon53 (Nov 6, 2015)

Attached is a list of IPCONFIG info. The computer was newly booted. 
Note that at the start, the resolution of SEL-SERVER-03 is as SEL-SERVER-03.shipleyestates.com
After an ipconfig /renew, the resolution becomes SEL-SERVER-03 and is correct.


----------



## Triple6 (Dec 26, 2002)

So have you looked at any of the guides on setting up split DNS? In my experience I've never seen no internet access at all with this setup but just no access to the web site sharing the same name so I'm not sure whats going on and why you have no access to the internet at all. I suspect you might still have something else wrong. Maybe Fishscene will have more advice.


----------



## Leon53 (Nov 6, 2015)

Thank you for all of your help. I contracted a local IT support desk and they, after quite some looking, found a rogue record in the DNS Router configuration. It had an IP address of 0.0.0.0. He removed it and va-va-voom! Weird one. I hope I never see it again.


----------



## Triple6 (Dec 26, 2002)

Ahh, that makes sense.


----------

