Sorry. I must of explained it badly.
We ARE using DHCP for registration of PTR records in DNS.
A records are left up to the host.
I assume Bluecat can't do secure updates of DDNS on an AD intergrated DNS server?
It only seems to support TSIG....
Currently our dhcp solution is decentralized-
Solaris dhcp support the unix boxes on their own vlan(s) and WIndows dhcp supports WIndows boxes and DDNS reg of PTR records.
What they have in mind is consolidating everything DHCP related to the Network Infra group on Bluecat servers in an effort to centralize management of network infra services like DHCP.
Windows DNS would still be there for windows clients and AD.
Bind is used for unix clients and public DNS space.
Our AD namespace is completly seperate from out unix/public namespace.
I'm just trying to talk these guys out of using Bluecat DHCP to replace Windows DHCP.
I'm not even sure how Bluecat will handle DDNS registration on behalf of clients in an AD intergrated DNS senario.
Or if it can.
thanks
On 12/19/05, Al Mulnick <[EMAIL PROTECTED]> wrote:
Ah. Must have misunderstood.So the situation is that they don't have a single solution now that they want to get rid of in favor of a new shiny solution then? Rather, this is possibly seen as a "Windows isn't stable enough so we need a *nix solution for centralized control of DHCP" ?Some things to consider about DHCP:If you control it on the Windows platform, you'll want to ensure you can properly delegate the responsibilities to those that need to do the administrivia. You don't need to be caught up in that.If they control it on the *nix platform, they'll need to provide the same or better service. i.e. you'll have to define what they need to provide and they'll just have to meet that.If you're not using DHCP to register DNS records, then it's a moot point and the DHCP provider would be a toss-up in my mind. One's freely included in the current architecture of course :)Sorry for the confusion earlier. It can be hard to get the full scope of the issue via a listserv sometimes.-al
On 12/19/05, Tom Kern <[EMAIL PROTECTED] > wrote:They just want control over DHCP NOT DNS.Our public external DNS is BIND but our AD DNS is Windows.Thats not going to change.The thinking is, right now we have a "Network Infra" group and a "Unix" and "Windows" group and each group(Unix,windows) manages their own dhcp servers.I think they want to consolidate all this to the "Network Infra" group to be more manageable.But since linux dhcp can't do secure DDNS updates to AD, that would be a good argument against this.Though it can use TSISG. Not sure if Windows DNS can use this or what it would take.Bluecat claims their DDNS/DHCP can play with AD but i'm not sure what they mean by that.
On 12/19/05, Za Vue <[EMAIL PROTECTED]> wrote:Sounds like a squabble between Unix and Windows gurus. Who wants to control what service. If you will not be responsible for it than let them do.
-Za
Tom Kern wrote:Thanks.I think it has something to do with the "Network Group" wanting to have more control and central management over "Network Services" while the "Windows Group" manages "Windows" related stuff.They seem to make an artifical distinction(to me) between "Windows" stuff and "Network Infra" stuff.Also, they probably will make the argument that having this centrally managed in this manner will be more secure and managable.In addition, they wrongly think that because Bluecat has an embedded linux kernel and thus fewer "moving parts", its somehow more secure.At least thats my interpetation.To counter, I think DHCP is so intergrated with DDNS and thus AD, that you shouldn't make that seperation in this case.Also, I don't think less moving parts makes something automatically more secure.But thats just my uninformed opinion.Any other more informed ideas would be great.Thanks again
On 12/19/05, Al Mulnick <[EMAIL PROTECTED] > wrote:I can honestly second that suggestion as the best advice. There are few technical reasons to make somebody want to purchase a third party DHCP server. I've seen some organizations spend big money (better than .5 million USD) on DNS solutions for no relevant technical reason, so I would not be surprised to see somebody want a third party DHCP solution for similar reasons.There are a few features that thirdparty DHCP vendors can implement that might be required by your company. I'd be surprised though to hear that your company suddenly has that set of requirements.Other reasons not to change? Added complexity that translate into added return to service times in the event of outages. Often solutions like this come with added learning and added processes that you otherwise wouldn't need/want. Lots of hidden costs in that sense.hope this helps,al
On 12/19/05, Coleman, Hunter <[EMAIL PROTECTED]> wrote:Ask your company what problem they hope to solve, or what added functionality they hope to get, by going with a 3rd party product. Then ask them if that problem/functionality is worth the purchase and implementation cost.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Monday, December 19, 2005 8:08 AM
To: activedirectory
Subject: [ActiveDir] DHCP(ot)
My company wants to use 3rd party dhcp product like Bluecat's Adonis 500 or 1000 instead of Windows DHCP.Is there really any compelling reason to dump or not dump Windows DHCP?We are running a Win2k3 Forest FFL Win2k3 with all our clients Win2k pro at the moment and Exchange 2k3.We do have a lot of Solaris servers running Sybase and other backend network services as well.I'm just wondering why the pros or cons are of moving away from Windows DHCP in this area.I think the pros of WIN DHCP is its free and the abilty to prevent rouge DHCP servers(if they're running win2k and above, of course).I think most DHCP servers can do DDNS these days on behalf of the client so that's probably not an issue.Most can also give clients additionally info in the scope options like dns ip,domain name,etc.So, i was wondering if i'm missing anything.Also, has anyone used Bluecat's DHCP product in their network?Thanks alotList info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
