Topic goal
This This topic’s goal is to give you the essential knowledge of DNS and DHCP. I will not only show you how to install and config those services, but also show how they are used and some example issue/troubleshooting you might run if there are issue with DNS and DHCP not configured properly (It’s a bit of a long topic)
Quick Overview of DNS and DHCP.
I put DNS and DHCP in the same topic, since you need both of them together for your IT environment’s network to run properly. DNS is a way to resolve a name into an IP Address and an IP into a name (more on this later). DHCP on the other hand lease (assign for a period of time) IP address automatically (with other essential network config) to devices on the network so they can connect to internet, server, etc..
These two are necessary to have on your network for your devices to be able to connect with the necessary resources they need. Your devices (computers, etc..) needs an IP to be able to do anything at all, and they get that from the DHCP server. And your DHCP server need to assign a proper DNS server to the client devices so they can connect to the resources properly.
Part 1 – DNS Server – How to Setup and how it works + a bunch of good to know stuff about DNS
Installing DNS
It’s actually super simple to install DNS. You can check out this blog if you need the visuals (https://infrasos.com/install-and-configure-dns-server-on-windows-server/) Just scroll down till u get to the Installing the DNS Server Role. And it also have some cool info on there. (No video cuz the videos about DNS I found were too long and full of fluff, but feel free to watch some on YT for reference if you need more help)
Here’s the no visual guide (it’s the same as when you installed Active Directory, just different Role) > In Server Manager, Click on Add roles and features > In Add roles and Features Wizard, Before You Begin, click Next > Installation Type, click Next > Server Selection, select your server and click Next > Server Roles, check on DNS Server and make sure to check Include management tools and click on add features and then click Next > in Features, just go Next > in DNS Server, Next > in Confirmation, check Restart the destination if needed (for convenience in lab), and then click on Install. After the Server restart, just check that DNS is in the Tools list and you’re good.
The essentials stuff you need to know in DNS Manager
These are the things that you mostly need to care about in the DNS settings. Yes, there are other things you can do and stuff, but I will only mention things that you will be using/working with for the majority of the work you’ll be doing with DNS.
This is what it looks like when you open the DNS manager, which is where you do all your DNS config stuff. You do have to expand the thingies to get to be able to see these records > Expand your server name (in my case TUTOSERV), then Expand Forward Lookup Zones > then Expand your domain name (HomelabExp.net for me) > and then on the left, that’s where all your DNS records for the forward lookup zones for your domain.
I have added 2 more records here for explanation but the 4 Static records here are what comes in by default.
What the stuff you see here means (only essential stuff)
1- Forward Lookup zones is when the names gets resolved (associated) with an IP address, and Reverse Lookup Zones is where the IP gets associated with a name (just the opposite). We will only talk about Forward lookup zones here since it’s rare that you need to add a Reverse Lookup DNS record. (you usually can connect to the thing if you know its IP, but for example, there are firewall authentication stuff that look for the reverse lookup records to confirm identity of devices -which is not something you and me need to care about for now)
2- There are a lot Records Type in DNS, but the 2 I will talk about here are Host (A or AAA) records and Alias (CNAME). (MX records are also kinda used, but we’re not gonna use MX records in the lab, sooo yeahhhh XD -maybe on a later Topic)
Anyway –Host records or A records, are the main record that links a name to an IP. As you can see above, they link – the server (tutoserv) has an IP linked to it (192.168.69.252) and it’s a Host or A record.
Alias or CNAME on the other hand are just like the name suggest, an Alias. So it actually does not associate an IP to a name, but rather, it associate the FQDN (Fully Qualified Domain Name), to a name you create (so like a nickname). FQDN btw are just the name of the device + the domain name (ex: tutoserv.homelabexp.net.)
How to use (read/edit) the DNS records
1- Host records. Whenever a new device is joined to the domain, it automatically create a new Host (A) record in the DNS server (there are exception but we don’t care about that). For example, when I added HomelabExp-PC1 to the domain, it created a record with its IP on the server. (we will be doing an experiment on joining PC to your domain on another Topic soon). You can also pre-create a Host record with a name and IP and then assign those to a new device, but no need to do this.
2- Alias (CNAME) are records you create to make your life easier. It’s really good to have if you use multiple terminal Servers or if you’re an admin that often use RDP (remote Desktop) for your devices (Desktops and Servers).
3-To create a new Alias > Right click anywhere in the white space on DNS records > Select New Alias > in the New Resource Record, Type the Alias name (what you gonna use to RDP or link). The FQDN will autofill itself. After that, click on Browse to look for the Host Record to associate with the name you created. To find the Records, you just need to navigate the menu, like when you expanded the containers in DNS Manager. Once you find the Host name and click on OK and that’s it!
4- To check if the Alias worked, you can just ping the new name in cmd and check to make sure it’s giving a response with the correct IP like the one I did bellow. And as you can see, instead of pinging the actual server name (tutoserv), I can just ping the Alias (dc1). This is just for testing, but having Alias will really save you a lot of time and headache (as you will see more use for it on following Topics)
Typical Troubleshoot for your DNS settings breaking stuff (Typical problem #1 -Client Side)
DNS is one of the suspect when your client (devices on network) can’t reach a particular server/resource (printer, etc…). I purposefully gave the wrong DNS server IP to this PC to show you an example of what it would cause if the DNS is not properly configured. (This PC is already domain joined as you can see here, and it’s on the same network as the Server DC1). Because the DNS Server is not the right one, it cannot find the Server DC1.
FYI, a problem like this could cause AD Authentication and File on the Server (clients’ Network Drives) to not sync properly. This wrong DNS config problem can happen if the DHCP Server on your Network is not configured correctly (which I will talk more about in part 2 of this Topic).
Because I made it obvious here, you can tell that the problem is the DNS and you just need to change the DNS Server IP to the right one and it will fix the issue. > You just need to go to your network property > Change adapter options > IPV4 > and give the correct DNS IP (192.168.69.252, the IP of the server with DNS installed on)
If you give the right DNS, the device should be able to reach the server without issue. As you can see on the test here, we can now ping the server. (This shows that the device can find and access it)
Troubleshoot and Fix for Typical DNS problem #2 -Server Side config change
Another issue that could happen (rarely) with devices on your Network that causes you to not be able to access them is their IP changing and DNS record not updating correctly.
The IP could change cuz of bad IP renewal timing (if it wasn’t set to static), or some network issue. This will make the device inaccessible (printer/server/RDP host device). The other way I suspect you would most likely run into this issue when you do server maintenance or there are network changes (or problems), which cause the static IP on the server to change, the DNS record will break. So you would need to either update the A records or recreate one with the correct name and updated IP. (I had this issue on a ticket at work + one of my server’s DNS records broke when I was moving it around different subnets).
This is how you change the DNS record of the device to the correct one> Just double click on the Host record and check/edit the property to make sure it’s the right one. After you made sure everything is in line with the info of the said device, the devices on your network should be able to find their way to this resource again.
More about how DNS works (not relevant to lab work, but good info!)
You can do an “nslookup” in cmd, you can get the IP of a website/service. If you do it for google.com, the DNS server (in this case, my home router -192.168.1.1 -the default gateway setting XD), will resolve that name into one of google server’s public IP (142.251.40.142 -ipv4 and 2607:f8b0:4006:81c::200e for ipv6) -Just for random info btw, you can use google’s DNS server (8.8.8.8), or Cloudflare’s awesome (1.1.1.1) for secondary DNS on your network -the primary gotta always be the on-prem DNS server so your devices can find the resources on the network.
Same concept applies to your servers. If you nslookup dc1, it will give you the IP of the DNS Server (the one you configured) and then the IP and info about the device you checked. This is good for troubleshooting stuff, or just for finding the IP of a server is correct (for maintenance and troubleshooting purpose).
DNS is a pretty essential, especially when it comes to website stuff (I broke my website DNS records twice so I know the fear and pain of troubleshooting it ;-; but the best way to learn is to do it yourself!). We might cover more about web DNS stuff in a topic later.
Part 2 – DCHP Server – How to Setup and Use it + some stuff about DHCP for actual network
Installing DHCP Service (The easy part)
The install for DHCP is almost the exact same as all the previous Windows Server Services > In Server Manager > Add roles and features > Next > Next > Next, till you get in Server Roles > in Server Roles, check DHCP Server and include management tools > and then Next > Next > Next, till in Confirmation > in Confirmation, click on Install (It shouldn’t ask for a restart)> Then in Results, click on Complete DHCP configuration (Just Next > and Confirm -should have no block since we singed in as admin).
If you accidentally closed after Install, you can find the post-deployment thingy in the notifications.
You can watch this YouTube video for how to install if you need the visual + he also shows some easy basics stuff, which you can refer to if you need more visual help, but for your actual config + tips, you can read the rest of the topic.
Creating a new DHCP Scope (Guided Step by Step guide with Explanation what the config means)
To get to the DHCP config, just go to Tools > DHCP
When you’re in the DHCP thingy, it should look bland like this since there’s nothing for now. You should expand the server name
To create a new Scope (DHCP range thingy). Just Right Click on IPV4 and click on New Scope
When you Name your Scope, Make sure it’s clear what it is, and you can write what it’s going to be used for, like in this case, for our internal use in the lab.
The IP Range is the most important part. This is what’s going to be Leased to the client devices. I already talked about the /24 Subnet I’m using in Topic #2, which you can refer to if you want to know why I use this. Note that I made it the same range as the one I configured on the Host-only adapter cuz Idk if it’ll act up if I change it to another subnet XD (but feel free to try changing it and see what happens! if you do, let me know if it works or not!)
The Exclusions is straight forward. Just put a range (or individual IPs) that your server won’t give to your clients. Those are the IPs you gonna be manually assigning. For me, I already removed some IPs from the IP Range at the start so I’m just going to Skip adding Range. (One good use case for this is if you want to have your Servers/important resources be at a weird IP range, for better security or smthin’)
The other really important thingy here is the Delay -This is really important to have for when you configure a Secondary DHCP Server, which you can set a few milli seconds behind, so all your clients gets their IP on the Primary Server, but then the Secondary server will give out IPs in case the primary server is down (I might do a topic on doing secondary and backup server configs for all the server services laterr). We are only configuring one DHCP server so you can ignore the delay here as well.
For the Lease Duration, you can just leave it on Default usually. But if, for instance, your clients are typically only in office 2-3 times a week and/or they swap often, then you can lower it down. Also if you guys are a small office, with the same few network devices used, you can increase it. But the default 8 days is good. And your devices will automatically renew their IP lease with the server on certain interval (details you don’t need to care about for now)
Then on here, just click Next. We need those common options for DHCP to work properly (You can always modify these later on)
Gateway is the Gateway XD (the interface where stuff will be forwarded to) -Typically the 1st IP on your subnet
Then just need to fill the Domain and then you can either add the IP of the DNS server (In or case, the IP of the server you using right now), or you can type the name and click on resolve to get the IP and then click on add
You just can click next on the Wins Server since we don’t need and use one
And Activate the Scope now so we can test it out!
Using DHCP
Now when you expand the container thingy and go to the IPV4 DHCP, you can see that the HomelabExp DHCP Scope with a network of 192.168.69.0 is active. That means that now we can start using it!
To view the devices that are getting IP from this DHCP Server, you just need to go to Address Leases. There are some cool info that are shown here | The Address Pool is the IP Range you set(you can modify). Reservation is self explanatory (also has exclusion). Scope Options is where you find/edit the Common DHCP options (Gateway, DNS and Domain).
Configuring DHCP setting in our VirtualBox Host-Only Network
Now to Have some fun Testing our DHCP for the lab. You need to change some config on the Host-only Network Adapter you created at the beginning (Topic #2). in Network Manager > Select the Host-only Adapter you configured > at the bottom, go to DHCP Server Tab > Change the DHCP Server Address to that of the Windows Server with DHCP on it (192.168.69.252). This will make it so that all the DHCP requests from devices requesting IP on the network will be forwarded to this server. This is really important because our DHCP server have the correct DNS settings, which we want our clients to automatically obtain.
Side quest (not important for the lab) but really good to know! DHCP Relay Agent
For actual network (in production), you just need your router/firewall to forward DHCP requests to the server (making them a DHCP Relay Agent). There should be an option for DHCP server inside your router (see image bellow with Fortinet firewall) , or you can use the cmd line to config the DHCP relay agent. DHCP Relay Agent btw, is the device that forwards the DHCP request from the client device to the DHCP server/the network where it’s at, and then forward the new IP to that device (more on these later on when I talk more about Networking and router configs).
I’m more familiar with cisco commands, so I’ll give you the config for cisco IOS, but you should be able to google the other manufacturer’s if you want as well. Link to cisco stuff if you interested > (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-15-sy-book/dhcp-relay-agent.html) What we really care about is just a tiny portion of the article (for now XD)
The actual config for DHCP relay agent is literally just one line of command in the interface config > ip helper-address “and then the IP of DHCP Server, or the network where it’s located). Again more on these later, but no need to worry about them for now, just wanted to expose you to router command line config. It’s really straight forward after you use it a few times (after a lot of pain LOOOLLL)
This for the visual on how to do the DHCP relay config. The screenshot is from a Fortinet firewall GUI, but this specific DHCP server config should look the same for most routers’ GUI (https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-more-than-one-DHCP-relay-IP-on-a/ta-p/190657) Just googled this random thingy XD Thank you random forum post for this visual help ;-; (it’s always the forums… or Reddit that have the nice screenshot, and discussion!). FYI, the DHCP relay agent not configured properly could be the cause of your DNS server not being configured properly on your client devices if you ever run into that issue. (I saw this once… and I was just like -it’s just some network issue XD cuz I literally had no idea what was happening… now I know..)
Back on topic – Testing the DHCP server is working properly in our lab Network
In one of the Domain Joined Windows 10pro VM that I have set up on the lab. I had to manually configure the DNS network setting (In order to domain Join -more on this on another Topic XD), because the DHCP server used at the start (with Host-Only Network config in VirtualBox), did not have the option for DNS server configuration. And this is what those settings looks like. This PC was able to automatically get an IP in the right Network Subnet, with the old Host-Only Adapter settings, but I had to manually configure the DNS settings.
Now, since I have Host-Only Adapter set with the correct DHCP server settings, I’m going to reset the Network settings, so I can get test the DHCP Server > In Adapter Settings for IPV4, Set the DNS server to automatic, and then release the current IP with the “ipconfig /release” in cmd
After you finished resetting the configs on the client PC and the server should look like this >
In the PC IP settings > When you do “ipconfig /renew” in cmd, you should get all the settings you configured on your DHCP server assigned automatically. That means > Get IP in the range you set in the scope, get the correct gateway, have the right Lease time (8 days), and most importantly, get the correct DHCP and DNS server IP!
On the server > in your DHCP management > In the Scope you created > In Address Leases, the PC name and IP should be here. This is to further confirm that the PC is getting its IP from the server and things are working as intended.
Before I close this Topic > Some real and freaking random Network troubleshoot XD > I almost freaking deleted my tutorial server..
Right after I configured the DHCP server, things went REAL BAD with my server network settings and it took a 4 hours (2h+ late night + 2hours early morning Sunday) and I only solve the thing after I got the senior consultant (my dad XD) to help me troubleshoot the thing (I was desperate lol)… I was out watching so many videos, reading lots of Microsoft documentations and reddit, then applying the changes on the server (from reinstalling dns, dhcp, resetting adapters and a couple PowerShell and cmd stuff -I even dupped my server, ready to start over…). Nothing I tried could solve the issue of having a dup IP on the server and dns and dhcp services breaking…
Anywayyyy -what actually caused the issue on the server in the first place, was the DHCP client service on the server somehow got activated and auto assigned another IP (which should not be possible since I assigned a static IP XD -right? that didn’t happen on the 2 other servers I did the same!). The problem was that I could not see the DHCP the network settings. But in ipconfig /all, it was showing that there’s a dup IP (but not what it is LOL) and DNS + DHCP servers were showing 2 IPs for the server, one of which from god knows where… (you could only see the double IP on the SAME adapter in PowerShell and not cmd btw, and that was causing all sorts of problems)
Annnnnd the Fix was to disable DHCP client Services (which should not have ever activated).
If you ever get a random IP from god knows where (which will break a lot of things) > make sure to set DHCP client to disabled and reboot the server (you cannot Stop it, can only disable and reboot). Anyway, with this thingy disabled, everything worked normally like on my main test server XD…
These random unexpected issue btw are the absolute worst kind of problem that will make you want to give up, but it’s also the kind of problem that will teach you the most (if you can get to the other side alive… ;-;). And I’m sure there’ll be more of these problems along the way, but that’s the best part of doing things yourself! >Having to take care of making sure everything works, and solving all the problems >You’re in charge!
Closing words
This was a a lot longer of a Topic than I thought it would be. I wanted to make sure everything is easy to understand to make sure you guys can do things on your own (with as little issue as possible XD). That way, when it’s time to troubleshoot things not working as intended, or when some of your config breaks because of a network issue, you have a better fighting chance solving it (or at least know how to rebuild everything from scratch XD).
I hope you now have a better understand on how DNS and DHCP server works, and how it affect the devices on your network! You can always refer back to this Topic if you need help for the fundamentals on those.
Btw, If you’re having issue trying to do the things I share on here on your PC/Server, that’s completely normal. Working on solving the problem is actually what will get you more familiar with the tech, and the troubleshooting process in general.
PS. Writing this topic took days and hours y’all… and a lot of coffee and energy drinks, to keep me in the zone longer when writing things out, but really happy I finally made it ;-; (the last network problem at end was so terrible, but was good learning…)
-Nyght Signing out..