help me explain

[Simon Hobson]

On 17 Oct 2016, at 16:54, "Cuttler, Brian R (HEALTH)" <brian.cuttler at health.ny.gov> wrote:

> We are in process of restructuring our network in one of our buildings. There are good aspects of this, better redundancy, dual paths from each switch to the primary router on site, etc, and there are parts of this that are not strictly necessary and will in some ways make more work.

It's always "work", but if you do it right it's usually worth it eventually.

> We are dividing the 6 floor building from a /21 network and creating a new /24 on each floor, we are for the first time in this building enabling DDNS. (yes, we have a net of two /24 networks free when we are done)
> 
> The positives are that the printers will now provide an identifier (string matching their inventory tag) to DHCP then to DNS, and we will be able to create DNS short names pointing to their FQDN, so we don't need to remap anything from either the print servers or directly mapped printers - well, for printers mapped by ID rather than IP.
> 
> I know from when we did something similar at the first building which is using a /22 network for the entire building (regardless of floor) that I can use a single subnet name, and can have one named Forward table but needed 4 Reverse tables. No problem there. (Is there a better/easier way)?

Yes, that's correct.
All the DHCP subnets can share a single forward DNS zone. If they were smaller than /24 subnets then you'd also find that some of them would be sharing reverse DNS zone as well. The only reason you need separate DNS reverse zones is that you can only split the URL at a "dot" - so for example if you were using 172.16.0.0/21, you'd have to use 0.16.172.in-addr.arpa, 1.16.172.in-addr.arpa, and so on.

You don't need to specify the reverse zone within the subnet declarations in DHCP - the server will figure that out automgically, as in a client with IP address 172.16.1.57 would automatically trigger a reverse pointer update for 57.1.16.172.in-addr.arpa and if your DNS is correctly setup then the DHCP server will automagically figure out the zone to update.
The main reason for specifying DDNS zones in DHCP is to assign an update key for secured updates.

> The issue in question is that while it is only a /24 on each floor and I can use one Forward and one Reverse table FQDN (I believe) needs to be unique by floor. IE if a printer moves I don't need to lock it down, never need to enter it in DHCP, but do need to change its CNAME to point to the new FQDN since each floor requires a different subnet name.

You don't have to use different forward zones per floor - they can all use (say) "magabuildingone.mycompany.com" and moving a device around will not change it's DNS name. Or, you can choose to use different names, eg floor1.magabuildingone.mycompany.com, floor2.magabuildingone.mycompany.com, and so on. Some people go further and have different DNS names for different departments (even if they are on the same subnet (eg accounts.magabuildingone.mycompany.com, sales.magabuildingone.mycompany.com, ...)
That's really a management decision, though the technical issues may be part of the input to that choice.