Router DNS settings on a Windows domain

[Chris K.]

I recently had to make some changes to my network. I have a rt-ac5300 that was in AP mode for wireless on a Windows domain network but I needed to put it into router mode and it is now the domain gateway. Since then, my internet has been sluggish at times and when accessing the internet, pages are slow to pull up initially and I'm frequently seeing a lot of "resolving host" messages. Internally, everything seems to be running normally. Long story short, I think its a DNS issue and I'm just looking to find out what the correct WAN/LAN DNS setting on the router should be when used as the gateway on a windows domain. if I can eliminate the router settings as the problem I can move on the other trouble shooting.

I'm running Windows Server 2008 r2. It is a AD DC running DNS and DHCP (I know this is not a best practice but it is what it is). ISP's DNS servers are set as the forwarders under DNS. WINS is not running. On the RT -AC5300 I'm running Merlin's firmware version 384.6, on the WAN page, I have a static ip from my isp and their dns servers entered in. On the LAN dhcp page, I have dhcp off and everything else left blank/default values. All network devices (including the server) connect through the router to the modem. Modem dhcp is off and firewall is disabled on static ip subnet. I have tried pointing both the router WAN DNS and the servers forwarders to other DNS servers but no difference.

Should the WAN DNS on the router continue to point to my isp or should I change that to my internal server ip address? (I'm thinking isp but saw the "forward local domain queries to upstream dns " setting on lan dhcp page and just want to be sure). Do I need to put ANYTHING in on the LAN DHCP page considering it's turned off and my server is handling dhcp/dns and network devices are already getting ip address, dns and gateway info from the server?
Any help or advice would be appreciated. Thanks.

 

[coxhaus]

I think Windows Domains run best if you run DNS on Microsoft which you are doing. You need to point(forward) your Microsoft DNS to your router DNS. You need to make sure all your local devices are using your Microsoft DNS except your router which will contain the outside DNS servers. You do this by using your Microsoft DHCP and supplying your Microsoft DNS. Turn DHCP off on your router as you do not want to run 2 DHCP servers in the same domain.

 

[Chris K.]

I think Windows Domains run best if you run DNS on Microsoft which you are doing. You need to point(forward) your Microsoft DNS to your router DNS. You need to make sure all your local devices are using your Microsoft DNS except your router which will contain the outside DNS servers. You do this by using your Microsoft DHCP and supplying your Microsoft DNS. Turn DHCP off on your router as you do not want to run 2 DHCP servers in the same domain.

Thanks for the quick response. To make sure I understand, the Windows DNS server should use the router's Lan ip address as the forwarder and the router WAN dns should point to the ips dns server?

 

[ColinTaylor]

Thanks for the quick response. To make sure I understand, the Windows DNS server should use the router's Lan ip address as the forwarder and the router WAN dns should point to the ips dns server?

No I think he's describing the same setup that you currently have. The only difference perhaps is that he's suggesting that you forward MS DNS server to the router's DNS server. Personally I can't see the point of this as your MS DNS server should be a far superior caching server.

One thing that I noticed; what you refer to as a "modem" obviously isn't just a modem. It sounds like it's router (possibly wireless?) with a built in cable modem. It has it's own firewall, DHCP server and who-knows-what. So unless you have bridged this "modem" it sounds like you're running one router behind another router?

Perhaps you can describe the setup of the modem a bit more and how your network was previously setup to use it. Also, why you "needed" to put the Asus into router mode.

 

[Chris K.]

Gotcha. sorry been a long day. Thanks. My isp is Comcast and the modem they gave me a gateway modem with routing and wireless. Its wireless isn't that great which along with where they installed it, is why I'm using the rt-ac5300. I have a static ip with Comcast but can't use it when the modem is in bridge mode. All I can can do is "passthough" mode which basically means disabling its dhcp server and the firewall on the true static ip address on the modem. Just to be clear, the windows server is handling dns and dhcp for all network devices, not the router so, would it make any sense to use the server ip as the routers wan dns and on the lan dhcp server page on the router, turn on the "forward local domain queries to upstream dns "option but leave the lan dns server blank? Or would it even make a difference. I'm thinking that pointing the wan to an internal ip would cause some issues. Would just keeping things as they are, server forwarders and router wan dns both set to Comcast dns servers, and leave everything blank or on default setting on router lan dhcp server page with the exception that dhcp is turned off, be best? Suggestions?

 

[coxhaus]

I would use your ISP DNS servers. There is nothing wrong with going straight to Comcast DNS from your Microsoft DNS. If you need DNS on your router you can forward to it and let the router forward to Comcast. Either will work. I was covering all cases.

You need to make sure your Microsoft DHCP server is your servers IP. And I would let it hand out all the DNS servers using DHCP.

 

[Chris K.]

I would use your ISP DNS servers. There is nothing wrong with going straight to Comcast DNS from your Microsoft DNS. If you need DNS on your router you can forward to it and let the router forward to Comcast. Either will work. I was covering all cases.

You need to make sure your Microsoft DHCP server is your servers IP. And I would let it hand out all the DNS servers using DHCP.

Thanks. Sorry about the delayed response. I have the server side of things working well, dhcp is handing out the correct dns and gateway info. Forwarders are going to Comcast on dns.
Out of curiosity, I'm wondering if the router is handling/capable of doing this like a 2 nic ms server would, with the server's external nic having a public static ip but pointing to the internal nic for dns. Would that type of setup work with the router, the external (wan) having the public static ip and dns pointing to the internal nic (or lan ip of the router) but, since the lan ip nic isn't doing dns, would any one of the following router settings make any sense or is it possible, excessive and/or inefficient?:
1. router wan dns points directly to ms server's ip address, on router lan dhcp page: dhcp server off, everything else blank or on defaults
2. router wan dns points directly to ms server's ip address, on router lan dhcp page: dhcp server off, forward local domain queries to upstream dns turned on
3. router's wan dns points to its own lan ip, on lan dhcp page: dhcp server off, ms server's ip entered in dns

 

[coxhaus]

I think you are mixing up routing WAN DNS traffic and the internal router using DNS.

To really understand what you want I would need a diagram.

If you need your router involved in DNS then add it to the DNS chain like stated above.

 

[Chris K.]

I think you are mixing up routing WAN DNS traffic and the internal router using DNS.

To really understand what you want I would need a diagram.

If you need your router involved in DNS then add it to the DNS chain like stated above.

Got it. Thanks for your help on this. It has been MANY years since I've done anything more than setting up a simple home network.My IT guy is out on vacation and on the first day he was gone, the router that was being used, died. I had to put in the rt-ac5300 and having the ms server in the mix just got me confused.Thanks again!