DHCP Usages

Chris Cox chris_cox at stercomm.com
Mon Dec 10 22:28:30 UTC 2007

On Fri, 2007-12-07 at 11:20 -0600, Edward Mann wrote:
> Hello everyone,
> I am wanting to request information on the different enviroments that dhcp
> and dns has been used. And if anyone has a location that is the size or
> larger then mine.
> We are looking at updating or systems, and some of the people in the group
> want to use Windows dns/dhcp. Another co-worker and myself have been
> pushing for the Linux option with ISC Bind9 and dhcp. But my boss wants to
> know if there is anyone using this setup in an environment like ours.
> We have about 2.5K workstations, we are going to be deploying VOIP phones,
> and about 225 servers 1K printers, and wireless devices.. which i don't
> know the full number.
> We want to use DDNS and failover dhcp. Also has anyone broke the systems
> into sub domains? The plan they have now is to leave everything in one
> master domain. I think it should be broken into sub-domains. As an
> administrator what do you feel are the pros/cons of doing it one way or
> the other?
> I wanted to get this from administrators that have deployed these systems.
> I appreciate your time in reading my e-mail.

My personal opinion on subdomains is that they are useful if delegating
out and allowing for something like separate site autonomy.

Thus each site (or delegated autonomous area) manages their own dhcp and
dns space.

Right now, the zone I mainly admin only has 1819 A records (2111 total
records).  Not quite your 2.5K.  And only a few hundred are dhcp ddns,
though we manage all of our records via ddns.  DHCP only on about 20
/24 nets.  We run fairly short lease times to handle situations where
dhcp'd hosts move around the site a bit (e.g. a laptop user).

We use ISC DHCP and BIND running SUSE Linux Enterprise Server boxes.
We've been running this way for almost 5 years now.  2 servers,
a master and a slave.

We do not use ISC dhcp failover.... we handle that independently.
There has been a lot of advancements in ISC's failover handling,
we may revisit this, but see no need at the moment.

We run about 4 Windows 2K3 AD Domains, the primary one uses the
ISC DHCP and BIND.  We only allow the AD servers to update the
_tcp, _sites, _msdcs, _udp, etc zones and we do that by IP.
The rest of the zones are only updatable by IP + TSIG (we
don't allow the Windows dhcp clients to update their own names, that's
the job of the dhcp server).

The converse, allowing Windows to own DHCP and DNS is fraught with
problems.  Windows really only likes doing dhcp for Windows boxes...
otherwise you end up with a lot more trash (more than usual) inside
of DNS (esp. the in-addr.arpa zones).

We also handle IPv6 records... but haven't deployed ISC DHCP 4.x yet
for testing IPv6 DHCP.

More information about the dhcp-users mailing list