DHCP in Windows 2003/2008 DC or in Router?
Solution 1:
I'd hand out IP addresses with the Windows DHCP server. It's nicer than any router's DHCP server I've ever seen (as far as the management interface and displaying statistics). Perhaps I've grown soft w/ my age, but I prefer the GUI management in Windwos for DHCP Servers.
Having a secondary domain controller (also assigned the "Global Catalog" role) is a great cheap insurance policy. If you're not going to store any data on it then it doesn't have to have a "set the world on fire" disk subsystem or hardware redundancy. It's just really, really nice in a disaster scenario to have a second copy of AD around.
I'd have both DC's run DNS and "point" clients at both. You can configure both with either "root hints" or "forwarders" to your ISP's DNS servers-- your choice.
As far as a secondary DHCP server goes I'm fairly "down" on the behaviour of Microsoft DHCP Server when you have two overlapping DHCP servers. The behaviour becomes nondeterministic since they don't coordinate their activities (i.e. a client will get a lease from the first one that responds). My solution is to make sure that the DHCP database is backed-up each day and, in the event of failure, I'll manually roll the DHCP backup onto the secondary node and bring DHCP up there. Running 8+ day DHCP leases helps with this, too.
Perhaps I'm not paranoid enough, but in environments the size you're talking about w/ properly spec'd server computer hardware (UPS, redundant power supplies, RAID) I just don't "lose" server computers all that frequently enough to be worried sick about DHCP failover.
Solution 2:
It is always good practice to have (even for a small network), to have a main dc and a fail over dc.
For example:
Primary Box:
- DNS
- main DC
- Other services
Secondary Box:
- DHCP
- backup DC
- Other services
With a setup like this you have room for scalability and more control over your environment. This is similar to what I have implemented for my network.
Also it can be good practice to have a gateway server (connected to your router), that has an external network separate to your internal network. This way internet traffic can be properly controlled and fire walled.