DHCP in Windows 2003/2008 DC or in Router?

windows-server-2008 active-directory dhcp domain-controller windows-server-2003

Solution 1:

I'd hand out IP addresses with the Windows DHCP server. It's nicer than any router's DHCP server I've ever seen (as far as the management interface and displaying statistics). Perhaps I've grown soft w/ my age, but I prefer the GUI management in Windwos for DHCP Servers.

Having a secondary domain controller (also assigned the "Global Catalog" role) is a great cheap insurance policy. If you're not going to store any data on it then it doesn't have to have a "set the world on fire" disk subsystem or hardware redundancy. It's just really, really nice in a disaster scenario to have a second copy of AD around.

I'd have both DC's run DNS and "point" clients at both. You can configure both with either "root hints" or "forwarders" to your ISP's DNS servers-- your choice.

As far as a secondary DHCP server goes I'm fairly "down" on the behaviour of Microsoft DHCP Server when you have two overlapping DHCP servers. The behaviour becomes nondeterministic since they don't coordinate their activities (i.e. a client will get a lease from the first one that responds). My solution is to make sure that the DHCP database is backed-up each day and, in the event of failure, I'll manually roll the DHCP backup onto the secondary node and bring DHCP up there. Running 8+ day DHCP leases helps with this, too.

Perhaps I'm not paranoid enough, but in environments the size you're talking about w/ properly spec'd server computer hardware (UPS, redundant power supplies, RAID) I just don't "lose" server computers all that frequently enough to be worried sick about DHCP failover.

Solution 2:

It is always good practice to have (even for a small network), to have a main dc and a fail over dc.

For example:

Primary Box:

  • DNS
  • main DC
  • Other services

Secondary Box:

  • DHCP
  • backup DC
  • Other services

With a setup like this you have room for scalability and more control over your environment. This is similar to what I have implemented for my network.

Also it can be good practice to have a gateway server (connected to your router), that has an external network separate to your internal network. This way internet traffic can be properly controlled and fire walled.

Related

Best Network Antivirus for Windows XP [closed]
Daemon to verify Linux md raid
InfiniBand Storage
How can I force an Ethernet port device name to always be Eth0?
Oracle DB on VMWare?
Two Centos Machines. Wildly different updates
Microsoft licensing and IT test servers [duplicate]
MultiCPU servers - which one can you suggest? [closed]
How to expose SQL 2008 database to the world through the Internet?
Best way to index this very large table
Reliable way to check if a DRAC card is installed in Linux environment?
Managing Redundant/Conflicting Group Policies