Thanks for the advice, but it'd be nice to know why this would be best practice. From the little that I've found, it's possible to have a separate DNS server (e.g. pfSense, if that can even be done - I'm not too familiar with it). – Marc05 – 2014-07-23T04:41:23.227

1Well when put AD and DHCP and DNS together on one server, they all automatically interoperate together. You can get much of the same functionality with external DNS and DHCP, but you'd have to do some additional configuration. And given that MS's DHCP and DNS are free and does everything most people need, it makes it an easy solution for them. – DarkMoon – 2014-07-23T06:48:09.387

Thanks, this led me to find another post:

"You can achieve the goal by setting DNS forwarder on all your AD integrated DNS servers, so that the DNS queries that can’t be resolved by your AD DNS server will be forwarded to this separate server."

I'll probably have Windows Server 2012 R2 do all of it though. – Marc05 – 2014-07-24T01:41:36.553

Well, DNS forwarders are what most companies use. For instance, we have our internal DNS server that takes care of our internal domains, but we don't setup and maintain DNS entries for every domain on the Internet. We set up our DNS server to "forward" requests to an external server for non-internal domains, so we only have to worry about the internal ones. Our DNS server then caches the reply for a while, so if someone else requests the same DNS entry, it doesn't have to go out and get it again. – DarkMoon – 2014-07-24T02:32:13.013

As someone trying things out for the first time, how difficult would it be to have a separate DNS Server set up and Server 2012 R2 just act as a DNS forwarder? – Marc05 – 2014-07-25T03:28:27.953

1Well, it looks like mainly, you need to ensure that you add a few SRV records for service location. If you Google "pfsense dns active directory", you should find a few posts explaining what's needed to make this work. – DarkMoon – 2014-07-25T04:04:29.930