help me explain

Cuttler, Brian R (HEALTH) brian.cuttler at health.ny.gov
Mon Oct 17 19:21:49 UTC 2016



On 10/17/16, 3:13 PM, "" <> wrote:

Simon, Bruce,
    
When I was setting up the /24 by floor I'd specified the dynamic range from 30-224 so that I could use lower numbers as fixed addresses for network infrastructure and the upper addresses for anything that wasn't amenable to dynamic addressing, old HW, devices I really needed to lock down in DHCP.
    
So my DHCP config looks like this – with one such stanza per building floor.

I am not certain how to implement this addressing structure with a single domain name, I would simply use the building name and drop the vlan id, so “dai.wadsworth.org” and maintain the addressing the way we wanted to.

Moving forward we are routing the vlan per floor to the specific floor only. These are truly separate networks.

Do we simply put the 6 subnet statements inside of a GROUP statement and move the ddns-domainname and ddns-rev-domainname statements into the outer structure?

# Subnet Declaration default_vlan for DAI 6th floor, Vlan 126 10.57.46.0/24
subnet 10.57.46.0 netmask 255.255.255.0 {
authoritative;
option routers 10.57.46.1;
update-static-leases on;
update-optimization off;
      ddns-domainname = "dai126.wadsworth.org";
      ddns-rev-domainname "in-addr.arpa.";
        option domain-name-servers admin.wadsworth.org, bionsc.wadsworth.org, ldap1.wadsworth.org, 10.50.156.21;
        pool {
              range 10.57.46.30  10.57.46.225;
              allow unknown-clients;
              allow known-clients;
              option domain-name-servers admin.wadsworth.org, bionsc.wadsworth.org, ldap1.wadsworth.org, 10.50.156.21;
        }
}

Thank you,
Brian


    
    > -----Original Message-----
    > From: dhcp-users [mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of
    > Simon Hobson
    > Sent: Monday, October 17, 2016 2:32 PM
    > To: Users of ISC DHCP <dhcp-users at lists.isc.org>
    > Subject: Re: help me explain
    > 
    > ATTENTION: This email came from an external source. Do not open
    > attachments or click on links from unknown senders or unexpected emails.
    > 
    > 
    > On 17 Oct 2016, at 16:54, "Cuttler, Brian R (HEALTH)"
    > <brian.cuttler at health.ny.gov> wrote:
    > 
    > > We are in process of restructuring our network in one of our buildings.
    > There are good aspects of this, better redundancy, dual paths from each
    > switch to the primary router on site, etc, and there are parts of this
    > that are not strictly necessary and will in some ways make more work.
    > 
    > It's always "work", but if you do it right it's usually worth it
    > eventually.
    > 
    > > We are dividing the 6 floor building from a /21 network and creating a
    > > new /24 on each floor, we are for the first time in this building
    > > enabling DDNS. (yes, we have a net of two /24 networks free when we
    > > are done)
    > >
    > > The positives are that the printers will now provide an identifier
    > (string matching their inventory tag) to DHCP then to DNS, and we will be
    > able to create DNS short names pointing to their FQDN, so we don't need to
    > remap anything from either the print servers or directly mapped printers -
    > well, for printers mapped by ID rather than IP.
    > >
    > > I know from when we did something similar at the first building which is
    > using a /22 network for the entire building (regardless of floor) that I
    > can use a single subnet name, and can have one named Forward table but
    > needed 4 Reverse tables. No problem there. (Is there a better/easier way)?
    > 
    > Yes, that's correct.
    > All the DHCP subnets can share a single forward DNS zone. If they were
    > smaller than /24 subnets then you'd also find that some of them would be
    > sharing reverse DNS zone as well. The only reason you need separate DNS
    > reverse zones is that you can only split the URL at a "dot" - so for
    > example if you were using 172.16.0.0/21, you'd have to use 0.16.172.in-
    > addr.arpa, 1.16.172.in-addr.arpa, and so on.
    > 
    > You don't need to specify the reverse zone within the subnet declarations
    > in DHCP - the server will figure that out automgically, as in a client
    > with IP address 172.16.1.57 would automatically trigger a reverse pointer
    > update for 57.1.16.172.in-addr.arpa and if your DNS is correctly setup
    > then the DHCP server will automagically figure out the zone to update.
    > The main reason for specifying DDNS zones in DHCP is to assign an update
    > key for secured updates.
    > 
    > > The issue in question is that while it is only a /24 on each floor and I
    > can use one Forward and one Reverse table FQDN (I believe) needs to be
    > unique by floor. IE if a printer moves I don't need to lock it down, never
    > need to enter it in DHCP, but do need to change its CNAME to point to the
    > new FQDN since each floor requires a different subnet name.
    > 
    > You don't have to use different forward zones per floor - they can all use
    > (say) "magabuildingone.mycompany.com" and moving a device around will not
    > change it's DNS name. Or, you can choose to use different names, eg
    > floor1.magabuildingone.mycompany.com,
    > floor2.magabuildingone.mycompany.com, and so on. Some people go further
    > and have different DNS names for different departments (even if they are
    > on the same subnet (eg accounts.magabuildingone.mycompany.com,
    > sales.magabuildingone.mycompany.com, ...) That's really a management
    > decision, though the technical issues may be part of the input to that
    > choice.
    > 
    > _______________________________________________
    > dhcp-users mailing list
    > dhcp-users at lists.isc.org
    > https://lists.isc.org/mailman/listinfo/dhcp-users
    



More information about the dhcp-users mailing list