Hi, I would like some thoughts on this. I am doing some work for a very small company (in terms of infrastructure) and I think there is only around 8 workstations and possible 2 remote stations 1 is a phone which can vpn in to the server and sync. I came to check over the server because various things don't work very well at all. Going on what they said, I immediately thought DNS issues. So I went and checked over the server and sure enough there are some things wrongly set.... First, there are all sorts of errors in the eventvwr concerning dns and systems issues which I wont go into here. My query really is about the best setup for dns and dhcp. Here is the Topology. ...............................Clients................. ...................................|..................... --internet----router----switch------server ......................|.................................. ................voip router ......................... The single server runs as DC, DNS with AD. Clients use the router for dhcp. The routers dns servers are statically assigned as: Primary: 10.0.0.20 (server) Secondary: bla.bla.bla.bla (isp dns) Obviously using this method the dhcp clients get a dns server initially which is the router itself which then forwards requests to the server... at which point the server responds accordingly. Now when I initially saw this setup I realised the advantage to this is that : 1. The server is not hastled with dhcp services and requests. 2. If the server goes down, access to the internet is still possible (although maybe slower) as the router will hand out it's secondary dns (isp dns) in the situation whereby there is no response from the Primary (server)!! Correct? So this means some work can still be done such as emails etc. Now corrected, but I also found on the server that the statically assigned dns servers on the interface card had been assigned as the routers ip as Primary dns causing a loop in the servers interface. ---- server requests dns from router, router points request back to itself arhahaa.. Anyway. My question is should i make the server deal with dhcp and setup dns to forward requests to isp dns or should I leave the router pointing to the server for dns for primary and isp as secondary thus giving internet access to workstations in case of server failure.... Hmm, second thoughts. If the servers down then no domain logon is possible, but at least they could log on locally to there workstations and have internet.... Your thoughts please.

Ok, first things first. With regard to an AD integrated domain, clients need to authenticate to the DC via DNS. So the clients DNS address should point at the DC's IP. The DNS on the DC should be forwarded to the provider's DNS server(s). This way, when users login, they are authenticated to the domain properly and can still get out on the internet properly. If it were me, I'd disable DHCP on the router and do it on the DC. The router should be acting as nothing more than a firewall. DHCP won't put much of a load on a DC in small environment like the one you're talking about since it's only going to be used when a client logs on or requests a renewal. Should you decide to go with DHCP on the DC, remember to use the ISP's DNS as the secondary DNS for clients inside the domain since you won't be using the router for that anymore. You can use a secondary DNS address in the DHCP scope that points directly at the provider's DNS (or the routers DNS....either should work). This way if the server does go down for some reason, clients can still get out on the internet. Anyhow, that's how I've always set it up in the past on SBS for small businesses. - DHCP on the DC - DHCP scope defines primary DNS as the DC and secondary as the ISP's DNS server(s) - DNS forwarded to ISP's DNS server(s)