Running DHCP and DNS on the Same server

[Moderator]

Before I start I must say this is novice level question.

Is it good practice (or indeed possible) to setup and run DHCP and DNS services from the same Windows 2000 or 2003 server?

 

[Davetoo]

It's quite common.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[pagy]

Yes they can run on the same server - if the server running DNS is also a domain controller then from a security point of view DHCP should not be on it;

http://windowsecurity.com/articles/DHCP-Security-Part1.html

Paul
MCSE 2003
MCSA 2003
MCITP Enterprise Administrator

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams

 

[Rockstar101]

Pagy is correct! I've done it on my test servers to run some practice scenarios.

From what I can remember the reason being is that if you have scope created on the dhcp server to dynamically update dns records on your clients then the dhcp server needs to belong to a group that allows it to update the dsn record without taking ownership or assigning any permissions to it so that next time the client calls for a dns update it can update itself.

So you can see the security hole which is why it's not a good idea to put them on the same server because your dns server becomes open.

If I have this wrong please correct me anyone. Thanks.

 

[Moderator]

Thanks guys,
Most informative!

 

[GrimR]

Rockstar101 is this what you mean add the DHCP server to the DnsUpdateProxy group. Would that not resolve that issue.