1 |
Old, Gregory wrote: |
2 |
> Hello All, |
3 |
> |
4 |
> I have a question, has anybody on the list setup a Dynamic DNS server to |
5 |
> replace WINS, DHCP setup. We have a lot of issues with IP conflicts, |
6 |
> because admins are not excluding IPs and Techs are not assigning printers |
7 |
> IPs in the static range. To eliminate this possibility I would like to |
8 |
> setup a Dynamic DNS server, so if someone can provide a good source of |
9 |
> information or if anyone has knowledge of setting this up please post |
10 |
> information. |
11 |
|
12 |
I don't think the solution is going to be so much technical, but rather |
13 |
managerial. From experience adding DNS isn't much of a deterrent for |
14 |
idiots who don't want to assign IP's properly. Someone is going to have |
15 |
to force people to adhere to a policy. |
16 |
|
17 |
I've had to force this type of thing at a few companies. First change |
18 |
the general DHCP pool to a specific range. Usually you have to move a |
19 |
couple of idiots out that range so it's clear. Once that's done change |
20 |
the printers to DHCP and statically assign them IP's via DHCP based on |
21 |
their MAC. The printers usually take the longest because you may need to |
22 |
re-map them on users computers. Same with any workstations that *need* |
23 |
static IPs, which is probably 1% of the ones that currently have a |
24 |
static IP. The rationalizations for why someone's desktop needs a static |
25 |
IP are always... creative. |
26 |
|
27 |
I usually end up with something like this. |
28 |
.1-20 routers, vpn, switches, etc |
29 |
.21-40 servers |
30 |
.41-60 static IP's reserved for testing/temp machines |
31 |
.61-80 DHCP assigned printers |
32 |
.81-99 DHCP assigned static IP'ed work stations |
33 |
.100-254 general DHCP pool |
34 |
|
35 |
You can do Dynamic DNS if you'd like, but I kept it simple and added |
36 |
DNS for all the static devices like admin-printer01.domain.com, |
37 |
video-toaster01.domain.com and then made dhcp-pool-100.domain.com, |
38 |
dhcp-pool-101.domain.com, etc for the dhcp pool. |
39 |
|
40 |
Once things are organized and you have a written policy you tend not to |
41 |
have many problems unless you've got a couple of admins that think |
42 |
requesting an IP and/or accurate reverse DNS is some sort mark against |
43 |
their manhood. In the past I've had to resort to comparing IP's that |
44 |
respond to pings to IP's in dhcp.lease and kick any unknown IP's off the |
45 |
network, filter them at the firewall as possible "security intrusions", |
46 |
or create your own IP conflict at the switch. That last is especially |
47 |
fun because then you get to yell at admin/tech for breaking policy *and* |
48 |
not being smart enough to pick an open IP. |
49 |
You really shouldn't have to pull stunts like that if you've got a |
50 |
halfway decent shop that's willing to back sane procedures. |
51 |
|
52 |
kashani |
53 |
-- |
54 |
gentoo-server@g.o mailing list |