RE: [ActiveDir] DHCP(ot)

Mon, 19 Dec 2005 09:43:19 -0800

Title: Message
By default a Windows 2000/XP client will register its A record and the DHCP server will register the clients PTR record.  This can be changed so by using the 3rd party DHCP server you won't lose DDNS, you would configure your clients to register both A and PTR records.  Configuring this depends on your environment, Windows  client versions and overall requirements.  Not that I am saying the 3rd party DHCP server is the one to go for, especially if you're in the Windows team ;-)
 
 
 
 
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: 19 Dec 2005 17:16
To: [email protected]
Subject: Re: [ActiveDir] DHCP(ot)

They just want control over DHCP NOT DNS.
 
Our public external DNS is BIND but our AD DNS is Windows.
Thats not going to change.
 
The thinking is, right now we have a "Network Infra" group and a "Unix" and "Windows" group and each group(Unix,windows) manages their own dhcp servers.
 
I think they want to consolidate all this to the "Network Infra" group to be more manageable.
 
But since linux dhcp can't do secure DDNS updates to AD, that would be a good argument against this.
Though it can use TSISG. Not sure if Windows DNS can use this or what it would take.
Bluecat claims their DDNS/DHCP can play with AD but i'm not sure what they mean by that.

 
On 12/19/05, Za Vue <[EMAIL PROTECTED]> wrote:
Sounds like a squabble between Unix and Windows gurus. Who wants to control what service. If you will not be responsible for it than let them do.

-Za



Tom Kern wrote:
Thanks.
 
I think it has something to do with the "Network Group" wanting to have more control and central management over "Network Services" while the "Windows Group" manages "Windows" related stuff.
 
They seem to make an artifical distinction(to me) between "Windows" stuff and "Network Infra" stuff.
 
Also, they probably will make the argument that having this centrally managed in this manner will be more secure and managable.
In addition, they wrongly think that because Bluecat has an embedded linux kernel and thus fewer "moving parts", its somehow more secure.
 
 
At least thats my interpetation.
 
To counter, I think DHCP is so intergrated with DDNS and thus AD, that you shouldn't make that seperation in this case.
 
Also, I don't think less moving parts makes something automatically more secure.
 
But thats just my uninformed opinion.
 
Any other more informed ideas would be great.
 
Thanks again

 
On 12/19/05, Al Mulnick <[EMAIL PROTECTED] > wrote:
I can honestly second that suggestion as the best advice.  There are few technical reasons to make somebody want to purchase a third party DHCP server. I've seen some organizations spend big money (better than .5 million USD) on DNS solutions for no relevant technical reason, so I would not be surprised to see somebody want a third party DHCP solution for similar reasons. 
 
There are a few features that thirdparty DHCP vendors can implement that might be required by your company.  I'd be surprised though to hear that your company suddenly has that set of requirements.
 
Other reasons not to change?  Added complexity that translate into added return to service times in the event of outages.  Often solutions like this come with added learning and added processes that you otherwise wouldn't need/want. Lots of hidden costs in that sense.
 
hope this helps,
 
al

 
On 12/19/05, Coleman, Hunter <[EMAIL PROTECTED]> wrote:
Ask your company what problem they hope to solve, or what added functionality they hope to get, by going with a 3rd party product. Then ask them if that problem/functionality is worth the purchase and implementation cost.

From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Monday, December 19, 2005 8:08 AM
To: activedirectory
Subject: [ActiveDir] DHCP(ot)

 
My company wants to use 3rd party dhcp product like Bluecat's Adonis 500 or 1000 instead of Windows DHCP.
 
Is there really any compelling reason to dump or not dump Windows DHCP?
 
We are running a Win2k3 Forest FFL Win2k3 with all our clients Win2k pro at the moment and Exchange 2k3.
 
We do have a lot of Solaris servers running Sybase and other backend network services as well.
 
I'm just wondering why the pros or cons are of moving away from Windows DHCP in this area.
 
I think the pros of WIN DHCP is its free and the abilty to prevent rouge DHCP servers(if they're running win2k and above, of course).
 
I think most DHCP servers can do DDNS these days on behalf of the client so that's probably not an issue.
Most can also give clients additionally info in the scope options like dns ip,domain name,etc.
 
So, i was wondering if i'm missing anything.
 
Also, has anyone used Bluecat's DHCP product in their network?
 
Thanks alot





****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************

Reply via email to