Long story short, we have a router at our organization that I cannot get rid of. Behind it is a new Server 2003 SBS box and a bunch of client computers. Since the server will be doing AD, it obviously has to run DNS too. However, again, the hardware router will be doing DHCP/NAT. When I set up the server to run DNS, should I configure it to forward DNS quires it doesn't handle directly to our ISP's DNS servers or to the router? -Ryan Adams Free Computer Tips and more:http://RyanTAdams.com Paid Tech Support: Black Diamond

That doesn't matter. Both will work. I would suggest to forward to your router, because if your ISP changes ip addresses of their dns servers, because of technical problems or whatsoever, the router is aware of it. At the server, you have to configure it manually and so under such circumstances, it will no longer work. Please send a reply, if you solved the problem !!!

bigger concern is configuring the routers dhcp server to provide the workstations with the SBS DNS ip and not that of the gateway or the isps dns servers. Personally I prefer to list the isp's dns servers [at least two] in the forwarders tab since I have found more problems with sending a dns request to a gateway [who knows who answers on the other side] vs doing the isps dns servers as static entries. bummer about the router doing dhcp is you don't get the dynamic dns updates to the sbs dns server.

Update: I talked with the powers-to-be and figured out why they want the router doing DHCP. Here is the situation, they have a cable modem for Internet access. The modem connects to the router (which does DHCP and therefore NAT), and then the router connects to a switch. All of the workstations and the server connect to this switch. The organization does not have a hardware firewall, so they are using the router's NAT as a sort of inbound firewall. I tried to get them to purchase a Cisco PIX or ISA firewall, but they didn't go for it. It is beyond my control, so the (cheap, consumer grade) router must remain to do its NAT thing... Anyhow, with that new information, how should I go about setting up the server so that I can use AD and DNS, but still have the bit of security provided by the router's NAT setup? -Ryan Adams Free Computer Tips and more:http://RyanTAdams.com Paid Tech Support: Black Diamond

Let it, as it is. Simply configure the server with AD and DNS, which is needed to run AD. In the DNS forwarders section, set the router as destination for queries that can't be resolved locally. So the workstations can use the server as a DNS server, the server forwards to the router, the router forwards to the ISP. Please send a reply, if you solved the problem !!!

That seems to be working except for one thing. Client computers can't get an IP address. If I go in and manually configure an IP/subnet/gateway(rotuer IP)/dns(server IP) everything works. The server does not have the DHCP role setup, so it shouldn't be conflicting. Additionally, this happens to workstations that aren't yet joined to the domain, so it isn't an AD issue. Any ideas what is going on? More details: Router has ip of 192.168.0.1 Server 2003 has it's single NIC set to use IP 192.168.0.2, subnet 255.255.255.0, and gateway/dns server of 192.168.0.1 Server has DNS and AD role configured, DHCP role not installed.

I would disagree with the advise of using the gateway as the dns ip to forward to. That is a general shove-it-out-here-and-lets-hope-someone answers approach. I prefer a send-it-here with the actual ISP dns server ips listed in the forwarders tab. MS dns server should point to itself for dns not the gateway All workstations should point to ms dns not the gateway This is standard AD DNS configuration. The router doing dhcp has nothing to do with nat. There is no relationship between the two. There is no valid reason not to move dhcp services to the server especially when you consider you can have dhcp dynamically update ms dns. An added benefit. Router would continue to do nat when it was not doing dhcp. You would of course configure the server dhcp scope to be in the same present subnet. Whatever dhcp server you use, I will reiterate once again, it needs to provide the ms dns server ip as dns server not the gateway or isp dns server. Otherwise you will have no local name resolution except via broadcasts. concerning workstations not getting dhcp provided ip. Review the scope on the dhcp server and that there are enough addresses to go around. When the workstation doesn't get an ip is its ip 0.0.0.0 or a 169.254.x.x ip? Looking in the router what is the dhcp scope range?