DNS Configuration and Domain Controllers on Home Network

Question

I want to experiment with Active Directory, strictly for my own education, so on my home network I launched two VMs, both Win2k8 R2 Servers (named 'Server1' and 'Server2'). I created two root domains ('alpha.com', 'bravo.com') intended to be accessible only from my LAN (obviously I don't own those domain names).

My first problem was that a ping of server1.alpha.com returned an actual internet address, rather than my VM address. I know why that happened, but how I should fix it is my question. I started to reason that all machines on my LAN should know that Server1.alpha.com is now a (local) DNS server. However, all knowledge of DNS servers is DHCP-served from my WAN/LAN modem (it is a combined modem, wifi and 4 port router).

So I replaced the "dynamic" DHCP settings on my modem with two "static" entries. I made the "primary" DNS the explicit IP of my machine server1.alpha.com. I left the "secondary" DNS exactly as my modem had suggested (a legit internet IP address).

This "solution" mostly worked. All machines can surf the web, and all machines now resolve server1.alpha.com to the "correct" intranet/local machine. Nevertheless, all I really did was circumvent the problem, rather than solve it. That is illustrated clearly by my next problem.

When I ping server2.bravo.com, I get a real IP rather than a NAT address of my local box. Once again, the DNS servers are routing out into the real world.

So the question remains: what is the proper way to configure DNS both within my modem's DHCP settings and on my two domain controllers? Yes, I established both my domain controllers to be DNS integrated / DNS servers.

I'm hoping that when everything is "fixed," I will also be able to ping just the common name (CN) of "server1" and "server2" and see an IP address. Right now when I ping the common name, I get a link-local IPV6 address. I think that means NetBIOS is handling the common-name lookup.

p.s. I hope the solution does not involve making configuration changes on every machine in my house (such as altering the hosts file), but I will do so if that is what it takes.

update An important element of this exercise, which at first I didn't properly take into account, is that the DC's I've established are only available 30% of the time (accidents happen!!). So it turns out that my solution is to leave my network unmodified, and instead adjust the hosts file on each machine (originally I did not want that, but now it makes sense).

I would, however, be interested in knowing if there are other ways to have a machine common name resolved properly, without using DNS suffixes automatically appended. Is there any other way to achieve that?

Answer 1

Here's one way to do it:

1. Configure server1.alpha.com with a conditional forwarder to server1.bravo.com for the bravo.com DNS zone.

2. Configure the DNS settings on the clients to append alpha.com and bravo.com to their DNS queries.

As for your ping returning IPv6 addresses: If the clients and the servers have IPv6 enabled, and they have IPv6 records registered in the DNS servers, and the servers are configured to listen on their IPv6 addresses in the DNS server properties, then they're going to return IPv6 addresses when resolving DNS queries. If you want them to return only IPv4 addresses then configure the DNS server properties not to listen on any IPv6 addresses and then delete any IPv6 records that have been created.

Answer 2

If your Windows DNS server(s) are setup to forward and cache DNS querries as well (where they also have access to the DNS root hints), then you just need to point all your systems to your DNS - not the router, ISP or anything outside of your environment.

Answer 3

Depending on how integrated you want your home computers to be with your new domain controllers, you should consider installing the DHCP service on one of the servers and disabling the DHCP service on your router. When you decommission or turn off your DCs, you can then just re-enable the DHCP service on your router without fiddling with any computers. They would simply need to be rebooted or reconnected to the LAN.

Remember that if this were a true domain environment, you would always point your workstations to your DC for DNS resolution so, when you configure the DHCP pool on your DC, set your DNS option to the IP address of the DC.

When your workstations obtain an IP, they will do so from the DC and it will tell the workstations to use the DC as their DNS server. All DNS queries will be sent to the DC at this point.

(You don't have to but) you should probably configure a forwarder to send all upstream DNS queries to the same DNS server on the internet that you configured in your router. Open the DNS management console on the DC, right-click the server node and click properties. Click the forwarders tab. Add the IP address of the DNS server in here.

Now, to rectify your other issue of being able to resolve the other domain, open the DNS management console, expand the server node, right-click the conditional forwarders node and select add new conditional forwarder. Type the domain name of the zone you want to resolve to (bravo.com) and provide the IP address of the DNS server responsible for bravo.com.

Repeat the creation of the conditional forwarder on server2.bravo.com but so that requests for hosts on alpha.com are forwarded to server1.alpha.com.

Now, when your computers request an address on the internet, the DNS server defined for the client (alpha.com) will (unless it has it cached) forward the request to the server you defined in the forwarders tab. If they request a local address in their domain (alpha.com) the DNS server will answer directly. If they request a host on bravo.com, the DNS request will be forwarded to the DNS server responsible for bravo.com.

I hope this makes sense. Very texty and probably easier to draw a diagram but it should get you thinking in the right way.

-Lewis