| 1 |
Old, Gregory wrote: |
| 2 |
> Hello All, |
| 3 |
> |
| 4 |
> I have a question, has anybody on the list setup a Dynamic DNS server to |
| 5 |
> replace WINS, DHCP setup. We have a lot of issues with IP conflicts, |
| 6 |
> because admins are not excluding IPs and Techs are not assigning printers |
| 7 |
> IPs in the static range. To eliminate this possibility I would like to |
| 8 |
> setup a Dynamic DNS server, so if someone can provide a good source of |
| 9 |
> information or if anyone has knowledge of setting this up please post |
| 10 |
> information. |
| 11 |
|
| 12 |
I don't think the solution is going to be so much technical, but rather |
| 13 |
managerial. From experience adding DNS isn't much of a deterrent for |
| 14 |
idiots who don't want to assign IP's properly. Someone is going to have |
| 15 |
to force people to adhere to a policy. |
| 16 |
|
| 17 |
I've had to force this type of thing at a few companies. First change |
| 18 |
the general DHCP pool to a specific range. Usually you have to move a |
| 19 |
couple of idiots out that range so it's clear. Once that's done change |
| 20 |
the printers to DHCP and statically assign them IP's via DHCP based on |
| 21 |
their MAC. The printers usually take the longest because you may need to |
| 22 |
re-map them on users computers. Same with any workstations that *need* |
| 23 |
static IPs, which is probably 1% of the ones that currently have a |
| 24 |
static IP. The rationalizations for why someone's desktop needs a static |
| 25 |
IP are always... creative. |
| 26 |
|
| 27 |
I usually end up with something like this. |
| 28 |
.1-20 routers, vpn, switches, etc |
| 29 |
.21-40 servers |
| 30 |
.41-60 static IP's reserved for testing/temp machines |
| 31 |
.61-80 DHCP assigned printers |
| 32 |
.81-99 DHCP assigned static IP'ed work stations |
| 33 |
.100-254 general DHCP pool |
| 34 |
|
| 35 |
You can do Dynamic DNS if you'd like, but I kept it simple and added |
| 36 |
DNS for all the static devices like admin-printer01.domain.com, |
| 37 |
video-toaster01.domain.com and then made dhcp-pool-100.domain.com, |
| 38 |
dhcp-pool-101.domain.com, etc for the dhcp pool. |
| 39 |
|
| 40 |
Once things are organized and you have a written policy you tend not to |
| 41 |
have many problems unless you've got a couple of admins that think |
| 42 |
requesting an IP and/or accurate reverse DNS is some sort mark against |
| 43 |
their manhood. In the past I've had to resort to comparing IP's that |
| 44 |
respond to pings to IP's in dhcp.lease and kick any unknown IP's off the |
| 45 |
network, filter them at the firewall as possible "security intrusions", |
| 46 |
or create your own IP conflict at the switch. That last is especially |
| 47 |
fun because then you get to yell at admin/tech for breaking policy *and* |
| 48 |
not being smart enough to pick an open IP. |
| 49 |
You really shouldn't have to pull stunts like that if you've got a |
| 50 |
halfway decent shop that's willing to back sane procedures. |
| 51 |
|
| 52 |
kashani |
| 53 |
-- |
| 54 |
gentoo-server@g.o mailing list |
Archives