Configuration question on Automating DNS entries on Nic of New Clients


  • I am studying for my MSCTS, i work at a small private school with 3 servers a phone system and about 75 users. The Nework layout like this:

    Cable Modem >
                Nortel Contivity
                400 Router
                ( >
                                Cisco PIX
                                515E Firewall
                                ( > Netgear switch > Server 1 Win 2003 Primary Domain Con./DNS/File (
                                                               > Server 2 Win 2008R2 Secondary Domain Con./DNS/File (
                                                               > Server 3 Win 2008R2 File server (
                                                               > Server 4 Console Server (
                                                                                                     > Multiple Netgear switches

    This layout is the result of many years and many 3rd party vendors (which for monetary purposes Network responsiblities have now been given to me)

    Up until last week I had no Access to the Nortel Router, I found out that it was depolyed by our ISP years ago, they just gave me access to it. The Cisco PIX 515E is a Mystery to me as I have no way to access neither does the lastest Vendor who worked here (maybe via telnet - not my strong suit)

    Here's my problems: The Nortel router needs to be replaced as we just upgraded our Cable service from a 30Mbps to 50Mbps and the ISP just pointed out that the Nortel only has a 10Mbps Wan port so it has been a bottle neck for years.

    I will be ordering a new router but I'm concerned about trying to simulate the new router into this setup without screwing up the school.

    The Nortel has a really basic setup (it makes home versions look complex) The IP Address go from 192.168.1.x to 192.168.0.x (as far as I understand via the Cisco PIX 515E)

    I'd like to keep the Cisco PIX 515E but if its only converting the IP Address from 192.168.1.x to 192.168.0.x I can use the New router for that. (like i said I can't do much with it as it is)

    The Bigger problem is this: When I deploy a new system it gets its Primary ( and Secondary ( DNS addresses automatically from the Domain. How can I keep this condition after deploying the new Router? Is this automated from the Nortel Router or Cisco PIX 515E or are there Forward Lookup records on one of the servers doing this?


    Tuesday, February 12, 2013 7:39 AM

All replies

  • It is very unlikely that the DHCP role is hosted on the Nortel router. Most likely it is a role on the DC, but it can also be provided by the PIX.

    Under normal circumstances, changing the Nortel should be no trouble as long as the internal interface still has as the ip address. Access rules are most likely defined in the PIX, why else should it be there?

    Removing the PIX when getting a new router is a bigger risk since you obviously have no idea of what rules exist on the PIX.

    Tuesday, February 12, 2013 9:34 AM
  • Wouldn't the New Router allow me to keep the convert the public IP to same  Lan IP scheme 192.168.0.x?

    But do you Ciso think it also also applies the DNS addresses to the clients?

    Tuesday, February 12, 2013 2:44 PM
  • The PIX is a security appliance/firewall, not just a router. In addition to routing incoming traffic it also provides the possibility to create fine grained security policies, NAT rules, VPN et.c. If your new router will provide the same is hard to tell without knowing which it is.

    The DNS is hosted on the DC according to your initial post. The address to the DNS server is most likely provided by the DHCP server. Run ipconfig /all to see if it is the server or the PIX that runs the DHCP service.

    Wednesday, February 13, 2013 12:32 PM
  • Yea did some digging around as you suggested and the DHCP is - which would be the PIX.

    Now I need to find out if the PIX is automatically assigning the Primary and Secondary DNS address ( & 5) to all the clients or if the Servers are covering that, from what I can tell from checking the DNS setting on all the servers DHCP is no enabled on any of them and there are no DNS forwarders specifying our Public IP address from the ISP.

    Wednesday, February 13, 2013 5:40 PM
  • If it's not hard coded into the nics' ip settings then it comes from DHCP, and if the DHCP server is the PIX then that is where you have to look.

    Tuesday, February 19, 2013 11:57 AM