Send dhcp-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. help me explain (Cuttler, Brian R (HEALTH))
2. Re: help me explain (Simon Hobson)
3. Re: help me explain (Cuttler, Brian R (HEALTH))
4. Re: help me explain (Simon Hobson)
5. RE: help me explain (Cuttler, Brian R (HEALTH))
----------------------------------------------------------------------
Message: 1
Date: Mon, 17 Oct 2016 15:54:44 +0000
From: "Cuttler, Brian R (HEALTH)" <[email protected]>
To: Users of ISC DHCP <[email protected]>
Cc: "Muller, Daniel V (HEALTH)" <[email protected]>
Subject: help me explain
Message-ID:
<by1pr09mb060001cb42cb08753b9b9513ba...@by1pr09mb0600.namprd09.prod.outlook.com>
Content-Type: text/plain; charset="us-ascii"
Please help me to explain to another admin at my site, or tell me that I'm
wrong and what I need to do in this case.
We are in process of restructuring our network in one of our buildings. There
are good aspects of this, better redundancy, dual paths from each switch to the
primary router on site, etc, and there are parts of this that are not strictly
necessary and will in some ways make more work.
We are dividing the 6 floor building from a /21 network and creating a new /24
on each floor, we are for the first time in this building enabling DDNS. (yes,
we have a net of two /24 networks free when we are done)
The positives are that the printers will now provide an identifier (string
matching their inventory tag) to DHCP then to DNS, and we will be able to
create DNS short names pointing to their FQDN, so we don't need to remap
anything from either the print servers or directly mapped printers - well, for
printers mapped by ID rather than IP.
I know from when we did something similar at the first building which is using
a /22 network for the entire building (regardless of floor) that I can use a
single subnet name, and can have one named Forward table but needed 4 Reverse
tables. No problem there. (Is there a better/easier way)?
The issue in question is that while it is only a /24 on each floor and I can
use one Forward and one Reverse table FQDN (I believe) needs to be unique by
floor. IE if a printer moves I don't need to lock it down, never need to enter
it in DHCP, but do need to change its CNAME to point to the new FQDN since each
floor requires a different subnet name.
Am I correct in my understanding, or is there a way to maintain unique address
ranges by floor but use a single subnet name for the entire building?
Many thanks,
Brian
------------------------------
Message: 2
Date: Mon, 17 Oct 2016 19:31:53 +0100
From: Simon Hobson <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: Re: help me explain
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On 17 Oct 2016, at 16:54, "Cuttler, Brian R (HEALTH)"
<[email protected]> wrote:
> We are in process of restructuring our network in one of our buildings. There
> are good aspects of this, better redundancy, dual paths from each switch to
> the primary router on site, etc, and there are parts of this that are not
> strictly necessary and will in some ways make more work.
It's always "work", but if you do it right it's usually worth it eventually.
> We are dividing the 6 floor building from a /21 network and creating a new
> /24 on each floor, we are for the first time in this building enabling DDNS.
> (yes, we have a net of two /24 networks free when we are done)
>
> The positives are that the printers will now provide an identifier (string
> matching their inventory tag) to DHCP then to DNS, and we will be able to
> create DNS short names pointing to their FQDN, so we don't need to remap
> anything from either the print servers or directly mapped printers - well,
> for printers mapped by ID rather than IP.
>
> I know from when we did something similar at the first building which is
> using a /22 network for the entire building (regardless of floor) that I can
> use a single subnet name, and can have one named Forward table but needed 4
> Reverse tables. No problem there. (Is there a better/easier way)?
Yes, that's correct.
All the DHCP subnets can share a single forward DNS zone. If they were smaller
than /24 subnets then you'd also find that some of them would be sharing
reverse DNS zone as well. The only reason you need separate DNS reverse zones
is that you can only split the URL at a "dot" - so for example if you were
using 172.16.0.0/21, you'd have to use 0.16.172.in-addr.arpa,
1.16.172.in-addr.arpa, and so on.
You don't need to specify the reverse zone within the subnet declarations in
DHCP - the server will figure that out automgically, as in a client with IP
address 172.16.1.57 would automatically trigger a reverse pointer update for
57.1.16.172.in-addr.arpa and if your DNS is correctly setup then the DHCP
server will automagically figure out the zone to update.
The main reason for specifying DDNS zones in DHCP is to assign an update key
for secured updates.
> The issue in question is that while it is only a /24 on each floor and I can
> use one Forward and one Reverse table FQDN (I believe) needs to be unique by
> floor. IE if a printer moves I don't need to lock it down, never need to
> enter it in DHCP, but do need to change its CNAME to point to the new FQDN
> since each floor requires a different subnet name.
You don't have to use different forward zones per floor - they can all use
(say) "magabuildingone.mycompany.com" and moving a device around will not
change it's DNS name. Or, you can choose to use different names, eg
floor1.magabuildingone.mycompany.com, floor2.magabuildingone.mycompany.com, and
so on. Some people go further and have different DNS names for different
departments (even if they are on the same subnet (eg
accounts.magabuildingone.mycompany.com, sales.magabuildingone.mycompany.com,
...)
That's really a management decision, though the technical issues may be part of
the input to that choice.
------------------------------
Message: 3
Date: Mon, 17 Oct 2016 19:21:49 +0000
From: "Cuttler, Brian R (HEALTH)" <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: Re: help me explain
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"
On 10/17/16, 3:13 PM, "" <> wrote:
Simon, Bruce,
When I was setting up the /24 by floor I'd specified the dynamic range from
30-224 so that I could use lower numbers as fixed addresses for network
infrastructure and the upper addresses for anything that wasn't amenable to
dynamic addressing, old HW, devices I really needed to lock down in DHCP.
So my DHCP config looks like this ? with one such stanza per building floor.
I am not certain how to implement this addressing structure with a single
domain name, I would simply use the building name and drop the vlan id, so
?dai.wadsworth.org? and maintain the addressing the way we wanted to.
Moving forward we are routing the vlan per floor to the specific floor only.
These are truly separate networks.
Do we simply put the 6 subnet statements inside of a GROUP statement and move
the ddns-domainname and ddns-rev-domainname statements into the outer structure?
# Subnet Declaration default_vlan for DAI 6th floor, Vlan 126 10.57.46.0/24
subnet 10.57.46.0 netmask 255.255.255.0 {
authoritative;
option routers 10.57.46.1;
update-static-leases on;
update-optimization off;
ddns-domainname = "dai126.wadsworth.org";
ddns-rev-domainname "in-addr.arpa.";
option domain-name-servers admin.wadsworth.org, bionsc.wadsworth.org,
ldap1.wadsworth.org, 10.50.156.21;
pool {
range 10.57.46.30 10.57.46.225;
allow unknown-clients;
allow known-clients;
option domain-name-servers admin.wadsworth.org,
bionsc.wadsworth.org, ldap1.wadsworth.org, 10.50.156.21;
}
}
Thank you,
Brian
> -----Original Message-----
> From: dhcp-users [mailto:[email protected]] On Behalf Of
> Simon Hobson
> Sent: Monday, October 17, 2016 2:32 PM
> To: Users of ISC DHCP <[email protected]>
> Subject: Re: help me explain
>
> ATTENTION: This email came from an external source. Do not open
> attachments or click on links from unknown senders or unexpected emails.
>
>
> On 17 Oct 2016, at 16:54, "Cuttler, Brian R (HEALTH)"
> <[email protected]> wrote:
>
> > We are in process of restructuring our network in one of our buildings.
> There are good aspects of this, better redundancy, dual paths from each
> switch to the primary router on site, etc, and there are parts of this
> that are not strictly necessary and will in some ways make more work.
>
> It's always "work", but if you do it right it's usually worth it
> eventually.
>
> > We are dividing the 6 floor building from a /21 network and creating a
> > new /24 on each floor, we are for the first time in this building
> > enabling DDNS. (yes, we have a net of two /24 networks free when we
> > are done)
> >
> > The positives are that the printers will now provide an identifier
> (string matching their inventory tag) to DHCP then to DNS, and we will be
> able to create DNS short names pointing to their FQDN, so we don't need to
> remap anything from either the print servers or directly mapped printers -
> well, for printers mapped by ID rather than IP.
> >
> > I know from when we did something similar at the first building which is
> using a /22 network for the entire building (regardless of floor) that I
> can use a single subnet name, and can have one named Forward table but
> needed 4 Reverse tables. No problem there. (Is there a better/easier way)?
>
> Yes, that's correct.
> All the DHCP subnets can share a single forward DNS zone. If they were
> smaller than /24 subnets then you'd also find that some of them would be
> sharing reverse DNS zone as well. The only reason you need separate DNS
> reverse zones is that you can only split the URL at a "dot" - so for
> example if you were using 172.16.0.0/21, you'd have to use 0.16.172.in-
> addr.arpa, 1.16.172.in-addr.arpa, and so on.
>
> You don't need to specify the reverse zone within the subnet declarations
> in DHCP - the server will figure that out automgically, as in a client
> with IP address 172.16.1.57 would automatically trigger a reverse pointer
> update for 57.1.16.172.in-addr.arpa and if your DNS is correctly setup
> then the DHCP server will automagically figure out the zone to update.
> The main reason for specifying DDNS zones in DHCP is to assign an update
> key for secured updates.
>
> > The issue in question is that while it is only a /24 on each floor and I
> can use one Forward and one Reverse table FQDN (I believe) needs to be
> unique by floor. IE if a printer moves I don't need to lock it down, never
> need to enter it in DHCP, but do need to change its CNAME to point to the
> new FQDN since each floor requires a different subnet name.
>
> You don't have to use different forward zones per floor - they can all use
> (say) "magabuildingone.mycompany.com" and moving a device around will not
> change it's DNS name. Or, you can choose to use different names, eg
> floor1.magabuildingone.mycompany.com,
> floor2.magabuildingone.mycompany.com, and so on. Some people go further
> and have different DNS names for different departments (even if they are
> on the same subnet (eg accounts.magabuildingone.mycompany.com,
> sales.magabuildingone.mycompany.com, ...) That's really a management
> decision, though the technical issues may be part of the input to that
> choice.
>
> _______________________________________________
> dhcp-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 4
Date: Mon, 17 Oct 2016 21:13:35 +0100
From: Simon Hobson <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: Re: help me explain
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252
"Cuttler, Brian R (HEALTH)" <[email protected]> wrote:
> So my DHCP config looks like this ? with one such stanza per building floor.
>
> I am not certain how to implement this addressing structure with a single
> domain name
The domain name is irrelevant - it does NOT affect your addressing structure
> Do we simply put the 6 subnet statements inside of a GROUP statement and move
> the ddns-domainname and ddns-rev-domainname statements into the outer
> structure?
That's one way to do it, or you can just use the same domain name statement in
each one. YOu can omit ddns-rev-domainname as it works out of the box with
defaults - you only need to specify it if doing things like bodging around
doing dynamic DNS on a reverse zone that's not on a /24 boundary.
subnet 10.57.46.0 netmask 255.255.255.0 {
ddns-domainname = "dai.wadsworth.org";
...
}
subnet 10.57.47.0 netmask 255.255.255.0 {
ddns-domainname = "dai.wadsworth.org";
...
}
subnet 10.57.48.0 netmask 255.255.255.0 {
ddns-domainname = "dai.wadsworth.org";
...
}
and so on
it really is that simple !
BTW - you have a few redundancies in your config :
option domain-name-servers admin.wadsworth.org, bionsc.wadsworth.org,
ldap1.wadsworth.org, 10.50.156.21;
pool {
range 10.57.46.30 10.57.46.225;
allow unknown-clients;
allow known-clients;
option domain-name-servers admin.wadsworth.org,
bionsc.wadsworth.org, ldap1.wadsworth.org, 10.50.156.21;
You've duplicated domain-name-servers and your allow statements (unless you
have something at a higher inheritance level to override) simply implement the
defaults.
------------------------------
Message: 5
Date: Mon, 17 Oct 2016 20:20:53 +0000
From: "Cuttler, Brian R (HEALTH)" <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: RE: help me explain
Message-ID:
<by1pr09mb0600ef7d9c2c72627166bce1ba...@by1pr09mb0600.namprd09.prod.outlook.com>
Content-Type: text/plain; charset="us-ascii"
Simon,
Thank you, I will put these changes into the config, immediately.
Thank you very much,
Brian
> -----Original Message-----
> From: dhcp-users [mailto:[email protected]] On Behalf Of
> Simon Hobson
> Sent: Monday, October 17, 2016 4:14 PM
> To: Users of ISC DHCP <[email protected]>
> Subject: Re: help me explain
>
> ATTENTION: This email came from an external source. Do not open
> attachments or click on links from unknown senders or unexpected emails.
>
>
> "Cuttler, Brian R (HEALTH)" <[email protected]> wrote:
>
> > So my DHCP config looks like this - with one such stanza per building
> floor.
> >
> > I am not certain how to implement this addressing structure with a
> > single domain name
>
> The domain name is irrelevant - it does NOT affect your addressing
> structure
>
> > Do we simply put the 6 subnet statements inside of a GROUP statement and
> move the ddns-domainname and ddns-rev-domainname statements into the outer
> structure?
>
> That's one way to do it, or you can just use the same domain name
> statement in each one. YOu can omit ddns-rev-domainname as it works out of
> the box with defaults - you only need to specify it if doing things like
> bodging around doing dynamic DNS on a reverse zone that's not on a /24
> boundary.
>
>
> subnet 10.57.46.0 netmask 255.255.255.0 {
> ddns-domainname = "dai.wadsworth.org"; ...
> }
>
> subnet 10.57.47.0 netmask 255.255.255.0 {
> ddns-domainname = "dai.wadsworth.org"; ...
> }
>
> subnet 10.57.48.0 netmask 255.255.255.0 {
> ddns-domainname = "dai.wadsworth.org"; ...
> }
>
> and so on
>
> it really is that simple !
>
>
> BTW - you have a few redundancies in your config :
>
> option domain-name-servers admin.wadsworth.org,
> bionsc.wadsworth.org, ldap1.wadsworth.org, 10.50.156.21;
> pool {
> range 10.57.46.30 10.57.46.225;
> allow unknown-clients;
> allow known-clients;
> option domain-name-servers admin.wadsworth.org,
> bionsc.wadsworth.org, ldap1.wadsworth.org, 10.50.156.21;
>
> You've duplicated domain-name-servers and your allow statements (unless
> you have something at a higher inheritance level to override) simply
> implement the defaults.
>
> _______________________________________________
> dhcp-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 96, Issue 20
******************************************
