Old, Gregory wrote:
Hello All,
I have a question, has anybody on the list setup a Dynamic DNS server to
replace WINS, DHCP setup. We have a lot of issues with IP conflicts,
because admins are not excluding IPs and Techs are not assigning printers
IPs in the static range. To eliminate this possibility I would like to
setup a Dynamic DNS server, so if someone can provide a good source of
information or if anyone has knowledge of setting this up please post
information.
I don't think the solution is going to be so much technical, but rather
managerial. From experience adding DNS isn't much of a deterrent for
idiots who don't want to assign IP's properly. Someone is going to have
to force people to adhere to a policy.
I've had to force this type of thing at a few companies. First change
the general DHCP pool to a specific range. Usually you have to move a
couple of idiots out that range so it's clear. Once that's done change
the printers to DHCP and statically assign them IP's via DHCP based on
their MAC. The printers usually take the longest because you may need to
re-map them on users computers. Same with any workstations that *need*
static IPs, which is probably 1% of the ones that currently have a
static IP. The rationalizations for why someone's desktop needs a static
IP are always... creative.
I usually end up with something like this.
.1-20 routers, vpn, switches, etc
.21-40 servers
.41-60 static IP's reserved for testing/temp machines
.61-80 DHCP assigned printers
.81-99 DHCP assigned static IP'ed work stations
.100-254 general DHCP pool
You can do Dynamic DNS if you'd like, but I kept it simple and added
DNS for all the static devices like admin-printer01.domain.com,
video-toaster01.domain.com and then made dhcp-pool-100.domain.com,
dhcp-pool-101.domain.com, etc for the dhcp pool.
Once things are organized and you have a written policy you tend not to
have many problems unless you've got a couple of admins that think
requesting an IP and/or accurate reverse DNS is some sort mark against
their manhood. In the past I've had to resort to comparing IP's that
respond to pings to IP's in dhcp.lease and kick any unknown IP's off the
network, filter them at the firewall as possible "security intrusions",
or create your own IP conflict at the switch. That last is especially
fun because then you get to yell at admin/tech for breaking policy *and*
not being smart enough to pick an open IP.
You really shouldn't have to pull stunts like that if you've got a
halfway decent shop that's willing to back sane procedures.
kashani
--
[email protected] mailing list
