I have existing network with two subnets – one is the main company subnet (192.168.1.0/24), the other is completely separate VLAN for Guest Wireless and BYOD devices (192.168.2.0/24). There's Windows 2012 R2 DC in main subnet, with DNS and DHCP server, of course (192.168.1.254). DHCP server and DNS forwarders for Guest Wireless are set up on ASA firewall's (wannabe router) VLAN interface (192.168.2.1).
Now we want to expand the network by adding 2 additional subnets (192.168.3.0/24 and 192.168.4.0/24) to separate our end-product devices during Production testing procedures. Ideally, I could use existing DHCP server from main subnet and set up DHCP relay on ASA; but since ASA is acting as a DHCP server for Guest Wireless it cannot assume role of DHCP relay. So I'd like to set up ASA to act as DHCP server for new subnets, too.
New subnets are going to have full access to primary subnet and vice versa. I'd like to have devices from new subnets (192.168.3.0/24 and 192.168.4.0/24) registering to DNS server in main subnet (192.168.1.254). Or, if we place a company computer in one of this subnets, I want them to be able to authenticate to DC.
Is this setup going to work with the main DNS server in terms of registering clients?
Best Answer
Why the "of course"? The DHCP server doesn't have to be on the DC - in fact, I would argue that if you have other servers available, it shouldn't be running on the DC.
To answer your actual question: You can have the clients themselves perform the dynamic DNS registration which will update the DNS servers with the IP address obtained from the DHCP server running on your ASA.
However, if you have a switch capable of running VLAN's, why not setup the switch to do the DHCP forwarding/relay to your Windows DHCP server so you can manage the scopes from a single mgmt interface for your internal network?