if the preferred dns is through the company vpn then the dual relay might be the ideal, short <5 minute leases, the primary (AD DHCP) hand out ip and AD DNS with the local failover handing out local DNS. but I dont know when you put in a second target in the relay if it is a round robin or ordered list
On Sun, Nov 22, 2015 at 8:03 PM, Josh Luthman <[email protected]> wrote: > Just monitor an IP through the VPN? > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > On Nov 22, 2015 9:01 PM, "Tyler Treat" <[email protected]> > wrote: > >> I think it's somewhere between what you wrote, and they don't trust the >> crappy temp cable connection over there at the site. >> They say what if the VPN goes down - users won't be able to get ips if a >> machine reboots! >> I say, what the hell are they going to be doing anyways if the VPN goes >> down? >> [ Drops mic, stomps off. ] >> ___________________________ >> Mangled by my iPhone. >> ___________________________ >> Tyler Treat >> ___________________________ >> >> >> On Nov 22, 2015, at 7:37 PM, That One Guy /sarcasm < >> [email protected]> wrote: >> >> I think your admins dont understand what dhcp relay is, im guessing they >> thing the relay is a weird way of saying its a l2 tunnel for dhcp or some >> dumb shit. other than the loss of dhcp when the vpn is down, relay would be >> the preferred way to do it. I dont know how mikrotik works with secondary >> relays, but you could configure the primary to point to the AD DHCP server, >> and the second being on a virtual interface of the mikrotik, since its just >> relaying to itself. >> Go online and find a 6 pack of Jolt Cola, give that to the sysadmin, he >> will let you do what you want. >> >> On Sun, Nov 22, 2015 at 6:00 PM, Tyler Treat < >> [email protected]> wrote: >> >>> Indeed, this is a corporate setup with Windows DHCP at the core. >>> This is a site on the remote end of a VPN. >>> The sysadmins were a bit on edge about sending DHCP across the VPN, so >>> they asked that we stick it local on the remote site Mikrotik >>> router....which works ok, though we hit a bit of a snag with the NAC, which >>> likes to sniff DHCP traffic to help detect and identify devices on the >>> segment, in addition to several other data sources. >>> >>> I may just nag the sysadmins to build this out in the core DHCP and this >>> will solve itself. >>> Just point DHCP Relay at both addresses and I think we'll be fine. >>> >>> ___________________________ >>> Mangled by my iPhone. >>> ___________________________ >>> >>> >>> > On Nov 22, 2015, at 5:13 PM, Paul Stewart <[email protected]> >>> wrote: >>> > >>> > Have never seen that work on any platforms I work with ... >>> Cisco/Juniper >>> > etc... >>> > >>> > -----Original Message----- >>> > From: Af [mailto:[email protected]] On Behalf Of George Skorup >>> > Sent: Sunday, November 22, 2015 1:40 PM >>> > To: [email protected] >>> > Subject: Re: [AFMUG] DHCP relay question >>> > >>> > MikroTik? So you're asking for an /ip dhcp-server and an /ip >>> dhcp-relay on >>> > the same interface? No idea if that will work, never tried it. You can >>> > certainly have multiple DHCP servers on the same broadcast domain. >>> > Never had to do that outside of a large corporate environment for >>> redundancy >>> > though, and that was just windows DHCP servers. >>> > >>> >> On 11/22/2015 11:38 AM, Tyler Treat wrote: >>> >> Have a question regarding dhcp relay function. >>> >> Say we have local dhcp configured at a remote site, yet we have a >>> network >>> > management tool that would like to see dhcp traffic for device >>> detection >>> > purposes. >>> >> My question is this: Is it possible for local dhcp to function, and >>> have >>> > dhcp relay pointing to our NAC to assist it in detecting devices?(the >>> NAC >>> > doesn't respond, just listens) >>> >> >>> >> Thoughts? >>> >> >>> >> >>> >> Thanks >>> >> Tyler >>> >> ___________________________ >>> >> Mangled by my iPhone. >>> >> ___________________________ >>> >> >>> >> Tyler Treat >>> >> Corn Belt Technologies, Inc. >>> >> >>> >> [email protected] >>> >> ___________________________ >>> >> >>> > >>> > >>> >> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
