Jordi's picture

Hello, I have been using the TurnKey Linux Domain Controller appliance for a short time although it seems fantastic to me.

My goal is to replace (and turn off) an old Windows 2008R2 server that manages our domain.

So far I have been able to install a machine with Turnkey DC, join it to the current domain and make it DC. It seems that everything is correct up to here.

Now, I wonder how to configure a DNS and DHCP server on the same machine so that I can finally do without the W2008R2 server. I don't know if I'm missing anything else. The only function of this server is to authenticate users and computers within the domain.

The first question is: is this possible? If yes, what steps should I take? (documentation/tutorials)

If not, how can the current PDC be dispensed with?

Thanks in advance.

Forum: 
Jeremy Davis's picture

Apologies on my slow response, but welcome to TurnKey! :)

I'm glad to hear that your testing and experience is going well.

Your question about DNS/DHCP is a good one, so thanks for asking. We probably really need to provide a DNS/DHCP appliance and/or a DC app with them included. In the meantime, you'll need to do that yourself... Not very "turnkey" I know, but unfortunately, that's where we are.

So you have 2 "meta" options to consider:

  • installing DHCP and DNS on your current TurnKey DC
  • create your own "stand alone" DHCP/DNS server

Then there is the software to use. If your organisation is relatively small, then the handy dnsmasq software should be plenty robust (and should also be easy to get started with). That provides DHCP and DNS. You'll need to configure it to forward DNS requests to your DC. TBH, I've never tested it, but AFAIK it should work fine.

Another option would be to use "more serious" software, such as those provided by ISC, namely BIND9 (DNS) and ISC DHCP (aka 'dhcpd'). These pieces of software are used by the big boys and are designed for enterprise use (AFAIK BIND9 is what provides the internet backbone DNS).

If you assign static IPs to your Win PCs, that will make it much simpler (as you won't need to update the DNS records relevant to the DC).

As for specific documentation on the process, unfortunately we don't have any. But I'll provide a few random links below. It's worth being aware that TurnKey is based on Debian (v16.x = Debian 10/Buster; the upcoming v17.x = Debian 11/Bullseye). So any docs you find related to Debian should "just work". Ubuntu is also based on Debian, so will often also be relevant. The only thing to keep in mind when following Ubuntu tutorials is that you shouldn't mix Ubuntu repos with Debian ones (Ubuntu and Debian aren't binary compatible). Other Linux distros will also often have some relevance, although package install methods, software versions available and even sometimes the name of packages will be different (so whilst a CentOS tutorial will be roughly relevant, specific software install and config notes may not exactly match.

So here are a few random links (in no particular order) I found online that hopefully might be of some assistance:

Assuming that you are running your AD DC as a VM I'd personally recommend a separate server for DHCP/DNS. The beauty of going that way is that you can try both options without any risk to your DC. And when running in production, you can maintain the additional servers (and upgrade and/or replace them separately).

I haven't asked how experienced you are. So there is a risk that this has mostly gone over your head. If my post is raising more questions that it's answering, please post back asking for further clarification. I'll try to respond ASAP, although I'm pretty snowed under ATM and will be taking a few days off over Easter.

Regardless, please post back whatever your experience. I'd love to hear how you go and perhaps I might even learn something in the process...! :)

Jordi's picture

Thank you very much for your kind response, for taking your time to respond and providing me with material to continue testing. I am grateful to you.

As soon as I have time (...), I will do some tests and come back here to explain my experience (probably with more issues :)

Jeremy Davis's picture

That sounds like a good plan. Please don't hesitate to post back when you have some progress news, regardless of whether it's good, bad or ugly! :)

Add new comment