DHCP

Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables

a server to automatically assign an IP address to an individual computer's
TCP/IP stack software. DHCP assigns a number dynamically from a defined
range of numbers (i.e., a scope) configured for a given network.

Almost all wireless access points, many wired Ethernet routers, and computers
running Internet Connection Sharing have built-in DHCP servers. While this
makes configuration of a small network easier, it can cause problems when the
DHCP servers are used in larger networks. For this reason, Indiana University
prohibits individuals and departments from setting up local DHCP servers on the
IU network; see What are the DHCP operational policies at IU?

Client computers configured to use DHCP for IP assignment do not need to have
a statically assigned IP address. In addition, they generally do not need to have
addresses configured for DNS servers or WINS servers, as these are also set by
the DHCP server.

DHCP assigns a TCP/IP address when a system is started. Typically, it works

like this:

1. A user turns on a computer with a DHCP client.

2. The client computer sends a broadcast request (called a DISCOVER or

DHCPDISCOVER), looking for a DHCP server to answer.

3. The router directs the DISCOVER packet to the correct DHCP server.

4. The server receives the DISCOVER packet. Based on availability and

usage policies set on the server, the server determines an appropriate address
(if any) to give to the client. The server then temporarily reserves that address
for the client and sends back to the client an OFFER (or DHCPOFFER) packet,
with that address information. The server also configures the client's DNS
servers, WINS servers, NTP servers, and sometimes other services as well.

5. The client sends a REQUEST (or DHCPREQUEST) packet, letting the

server know that it intends to use the address.

6. The server sends an ACK (or DHCPACK) packet, confirming that the
client has a been given a lease on the address for a server-specified period of
time.
When a computer uses a static IP address, it means that the computer is
manually configured to use a specific IP address. One problem with static
assignment, which can result from user error or inattention to detail, occurs when
two computers are configured with the same IP address. This creates a conflict
that results in loss of service. Using DHCP to dynamically assign IP addresses
minimizes these conflicts.

Installing the DHCP Service

You can install DHCP either during or after the initial installation of Windows 2000
Server or Advanced Server, although there must be a working DNS in the
environment. To validate your DNS server, click Start, click Run, type cmd, press
ENTER, type ping friendly name of an existing DNS server in your
environment, and then press ENTER. An unsuccessful reply generates an "Unknown
Host My DNS server name" message.

To install the DHCP Service on an existing Windows 2000 Server:

1. Click Start, click Settings, and then click Control Panel.

2. Double-click Add/Remove Programs, and then click Add/Remove
Windows Components.
3. In the Windows Component Wizard, click Networking Services in
the Components box, and then click Details.
4. Click to select the Dynamic Host Configuration Protocol (DHCP)
check box if it is not already selected, and then click OK.
5. In the Windows Components Wizard, click Next to start Windows
2000 Setup. Insert the Windows 2000 Advanced Server CD-ROM into the CD-
ROM drive if you are prompted to do so. Setup copies the DHCP server and
tool files to your computer.
6. When Setup is complete, click Finish.

Configuring the DHCP Service

After you install and start the DHCP service, you must create a scope (a range of
valid IP addresses that are available for lease to the DHCP clients). Each DHCP
server in your environment should have at least one scope that does not overlap
with any other DHCP server scope in your environment. In Windows 2000, DHCP
servers within an Active Directory domain environment must be authorized to
prevent rogue DHCP servers from coming online and authorizing a DHCP Server.

When you install and configure the DHCP service on a domain controller, the server
is typically authorized the first time that you add the server to the DHCP console.
However, when you install and configure the DHCP service on a member server, you
need to authorize the DHCP server.

Note A stand-alone DHCP server cannot be authorized against an existing Windows

Active Directory.

To authorize a DHCP server:

1. Click Start, click Programs, click Administrative Tools, and then

click DHCP.

Note You must be logged on to the server with an account that is a member
of the Enterprise Administrators group.
2. In the console tree of the DHCP snap-in, select the new DHCP server.
If there is a red arrow in the bottom-right corner of the server object, the
server has not yet been authorized.
3. Right-click the server, and then click Authorize.
4. After a few moments, right-click the server again and then click
Refresh. The server should display a green arrow in the bottom-right corner
to indicate that the server has been authorized.

To create a new scope:

1. Click Start, click Programs, point to Administrative Tools, and then

click DHCP.

Note In the console tree, select the DHCP server on which you want to create
the new DHCP scope.
2. Right-click the server, and then click New Scope. In the New Scope
Wizard, click Next, and then type a name and description for the scope. This
can be any name that you choose, but it should be descriptive enough to
identify the purpose of the scope on your network. For example, you might
use Administration Building Client Addresses.
3. Type the range of addresses that can be leased as part of this scope,
for example, a starting IP address of 192.168.100.1 to an ending address of
192.168.100.100. Because these addresses are given to clients, they should
all be valid addresses for your network and not currently in use. If you want
to use a different subnet mask, type the new subnet mask. Click Next.
4. Type any IP addresses that you want to exclude from the range you
entered. This includes any addresses that may have already been statically
assigned to various computers in your organization. Click Next.
5. Type the number of days, hours, and minutes before an IP address
lease from this scope expires. This determines the length of time that a client
can hold a leased address without renewing it. Click Next to select Yes, I
want to configure these options now, and then extend the wizard to
include settings for the most common DHCP options. Click Next.
6. Type the IP address for the default gateway that should be used by
clients that obtain an IP address from this scope. Click Add to place the
default gateway address into the list, and then click Next.

Note When DNS servers already exist on your network, type your
organization's domain name in Parent domain. Type the name of your DNS
server, and then click Resolve to ensure that your DHCP server can contact
the DNS server and determine its address. Then click Add to include that
server in the list of DNS servers that are assigned to the DHCP clients. Click
Next.
7. Click Yes, I want to activate this scope now, to activate the scope
and allow clients to obtain leases from it, and then click Next. Click Finish.
 DNS

How to Start with a Stand-Alone Server Running Windows Server 2003

The stand-alone server running Windows Server 2003 becomes a DNS server for
your network. In the first step, you assign this server a static Internet Protocol (IP)
address. DNS servers must not use dynamically assigned IP addresses because a
dynamic change of address could cause clients to lose contact with the DNS server.

Step 1: Configure TCP/IP

1. Click Start, point to Control Panel, point to Network

Connections, and then click Local Area Connection.
2. Click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. Click the General tab.
5. Click Use the following IP address, and then type the IP address,
subnet mask, and default gateway address in the appropriate boxes.
6. Click Advanced, and then click the DNS tab.
7. Click Append primary and connection specific DNS suffixes.
8. Click to select the Append parent suffixes of the primary DNS
suffix check box.
9. Click to select the Register this connection's addresses in DNS
check box.

Note that DNS servers running Windows Server 2003 must point to
themselves for DNS. If this server needs to resolve names from its Internet
service provider (ISP), you must configure a forwarder. Forwarders are
discussed in the How to Configure Forwarders section later in this article.
10. Click OK three times.
NOTE: If you receive a warning from the DNS Caching Resolver service, click
OK to dismiss the warning. The caching resolver is trying to contact the DNS
server, but you have not finished configuring the server.
Step 2: Install Microsoft DNS Server

1. Click Start, point to Control Panel, and then click Add or

Remove Programs.
2. Click Add or Remove Windows Components.
3. In the Components list, click Networking Services (but do not
select or clear the check box), and then click Details.
4. Click to select the Domain Name System (DNS) check box, and
then click OK.
5. Click Next.
6. When you are prompted, insert the Windows Server 2003 CD-ROM
into the computer's CD-ROM or DVD-ROM drive.
7. On the Completing the Windows Components Wizard page, click
Finish when Setup is complete.
8. Click Close to close the Add or Remove Programs window.

Step 3: Configure the DNS Server

To configure DNS by using the DNS snap-in in Microsoft Management Console
(MMC), follow these steps:

1. Click Start, point to Programs, point to Administrative Tools, and

then click DNS.
2. Right-click Forward lookup zones, and then click New Zone
3. When the New Zone Wizard starts, click Next.

You are prompted for a zone type. The zone types include:

o Primary zone: Creates a copy of a zone that can be updated

directly on this server. This zone information is stored in a .dns text
file.
o Secondary zone: A standard secondary zone copies all of the
information from its master DNS server. A master DNS server can be
an Active Directory, primary, or secondary zone that is configured for
zone transfers. Note that you cannot modify the zone data on a
secondary DNS server. All of its data is copied from its master DNS
server.
 o Stub zone: A Stub zone contains only those resource records
that are necessary to identify the authoritative DNS servers for that
zone. Those resource records include Name Server (NS), Start of
Authority (SOA), and possibly glue Host (A) records.

There is also an option to the store zone in Active Directory. This option is
only available if the DNS server is a Domain controller.

4. The new forward lookup zone must be a primary or an Active

Directory-integrated zone so that it can accept dynamic updates. Click
Primary, and then click Next.
5. The new zone contains the locator records for this Active Directory-
based domain. The name of the zone must be the same as the name of the
Active Directory-based domain, or be a logical DNS container for that name.
For example, if the Active Directory-based domain is named
"support.microsoft.com", valid zone names are "support.microsoft.com" only.

Accept the default name for the new zone file. Click Next.

How to Configure Forwarders

Windows Server 2003 can take advantage of DNS forwarders. This feature
forwards DNS requests to external servers. If a DNS server cannot find a resource
record in its zones, it can send the request to another DNS server for additional
attempts at resolution. A common scenario might be to configure forwarders to your
ISP's DNS servers.

1. Click Start, point to Administrative Tools, and then click DNS.

2. Right-click ServerName, where ServerName is the name of the
server, and then click the Forwarders tab.
3. Click a DNS domain in the DNS domain list. Or, click New, type the
name of the DNS domain for which you want to forward queries in the DNS
domain box, and then click OK.
4. In the Selected domain's forwarder IP address box, type the IP
address of the first DNS server to which you want to forward, and then click
Add.
5. Repeat step 4 to add the DNS servers to which you want to forward.
 6. Click OK.

Starting with a Windows 2000-based standalone server

This server becomes a DNS server for your network. In the first step, you assign
this server a static Internet Protocol (IP) address. DNS servers should not use
dynamically assigned IP addresses because a dynamic change of address could cause
clients to lose contact with the DNS server.
Step 1: Configure TCP/IP

1. Click Start, point to Settings, and then click Control Panel.

2. Double-click Network and Dial-up Connections.
3. Right-click Local Area Connection, and then click Properties.
4. Click Internet Protocol (TCP/IP), and then click Properties.
5. Assign this server a static IP address, subnet mask, and gateway
address.
6. Click Advanced, and then click the DNS tab.
7. Click Append primary and connection specific DNS suffixes.
8. Click to select the Append parent suffixes of the primary DNS
suffix check box.
9. Click to select the Register this connection's addresses in DNS
check box.

Note that Windows 2000-based DNS severs should point to themselves for
DNS. If this server needs to resolve names from its Internet service provider
(ISP), you should configure a forwarder. Forwarders are discussed later in
this article.
10. Click OK to close Advanced TCP/IP Settings properties.
11. Click OK to accept the changes to your TCP/IP configuration.
12. Click OK to close Local Area Connections properties.

Note If you receive a warning from the DNS Caching Resolver service, click
OK to dismiss the warning. The caching resolver is trying to contact the DNS
server, but you have not finished configuring the server.

Step 2: Install Microsoft DNS server

 1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Click Add and Remove Windows Components.
4. The Windows Components Wizard starts. Click Next.
5. Click Networking Services, and then click Details.
6. Click to select the Domain Name System (DNS) check box, and
then click OK.
7. Click OK to start server Setup. The DNS server and tool files are
copied to your computer.

Step 3: Configure the DNS server using DNS manager

These steps guide you through configuring DNS by using the DNS Manager snap-
in in Microsoft Management Console (MMC).

1. Click Start, point to Programs, point to Administrative Tools, and

then click DNS.
2. Right-click Forward lookup zones, and then click New Zone.
3. When the New Zone Wizard starts, click Next. You are then prompted
for a zone type. The zone types include:
o Active Directory-integrated: An Active Directory-integrated
zone stores the DNS zone information in Active Directory instead of in
a .dns file.
o Standard primary: A standard primary zone stores the DNS
zone information a .dns text file instead of in Active Directory.
o Standard secondary: A standard secondary zone copies all of
the information from its master DNS server. A master DNS server can
be an Active Directory, primary, or secondary zone that is configured
for zone transfers. Note that you cannot modify the zone data on a
secondary DNS server. All of its data is copied from its master DNS
server.
4. The new forward lookup zone must be a primary or an Active
Directory-integrated zone so that it can accept dynamic updates. Click
Primary, and then click Next.
5. The new zone contains the locator records for this Active Directory-
based domain. The name of the zone must be the same as the name of the
Active Directory-based domain, or be a logical DNS container for that name.
 For example, if the Active Directory-based domain is named
"support.microsoft.com", valid zone names are "support.microsoft.com" only.
6. Accept the default name for the new zone file. Click Next.

Note Experienced DNS administrators may want to create a reverse lookup

zone, and are encouraged to explore this branch of the wizard. A DNS server
can resolve two basic requests: a forward lookup and a reverse lookup. A
forward lookup is more common. A forward lookup resolves a host name to
an IP address with an "A" or Host Resource record. A reverse lookup resolves
an IP address to a host name with a PTR or Pointer Resource record. If you
have your reverse DNS zones configured, you can automatically create
associated reverse records when you create your original forward record. For
additional information about reverse DNS configuration, click the following
article number to view the article in the Microsoft Knowledge Base:

174419 How to configure a subnetted reverse lookup zone on Windows NT,

Windows 2000, or Windows Server 2003

A Windows 2000-based DNS server follows specific steps in its name-resolution

process. A DNS server first queries its cache, then it checks its zone records, then it
sends requests to forwarders, and finally it tries resolution by using root servers.

Note An authoritative server never caches its zone records. Therefore, an

authoritative server always checks its zone records before it checks its cache.

By default, a Microsoft DNS server connects to the Internet to further process DNS
requests with root hints. When you use the Dcpromo tool to promote a server to a
domain controller, the domain controller requires DNS. If you install DNS during the
promotion process, you get a root zone. This root zone indicates to your DNS server
that it is a root Internet server. Therefore, your DNS server does not use forwarders
or root hints in the name-resolution process.
To remove the root DNS zone

1. In DNS Manager, expand the DNS Server object. Expand the

Forward Lookup Zones folder.
2. Right-click the "." zone, and then click Delete.
Windows 2000 can take advantage of DNS forwarders. This feature forwards DNS
requests to external servers. If a DNS server cannot find a resource record in its
zones, it can send the request to another DNS server for additional attempts at
resolution. A common scenario might be to configure forwarders to your ISP's DNS
servers.
To configure forwarders

1. In DNS Manager, right-click the DNS Server object, and then click
Properties.
2. Click the Forwarders tab.
3. Click to select the Enable Forwarders check box.
4. In the IP address box, type the first DNS server to which you want to
forward, and then click Add.
5. Repeat step 4 until you have added all the DNS servers to which you
want to forward.

To configure root hints

Windows includes the ability to use root hints. The Root Hints resource records
can be stored in either Active Directory or text files (%SystemRoot
%\System32\DNS\Cache.dns files). Windows uses the standard InterNIC root server.
Also, when a Windows 2000-based server queries a root server, it updates itself with
the most recent list of root servers.

1. Click Start, point to Programs, point to Administrative Tools, and

then click DNS.
2. In the DNS Management console, right-click the server name, and
then click Properties.
3. Click the Root Hints tab. Your DNS server's root servers are listed on
this tab.

If the Root Hints tab is unavailable, your server is still configured as a root
server. See the "To Remove the Root DNS Zone" section in this article. You
may need to use custom root hints that are different from the default.
However, a configuration that points to the same server for root hints is
always incorrect. You should not modify your root hints. If your root hints are
incorrect and need to be replaced, see the following Microsoft Knowledge
Base article:

249868 Replacing root hints with the Cache.dns file