Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

What is best practice. Run DNS and DHCP on BIND product, or MS AD, or DNS MS and DHCP on BIND product?

Posted on 2008-06-09
5
590 Views
Last Modified: 2009-06-15
I am a Systems Architect and have been asked to get involve witha DNS/DHCP replacement project that has already decided to run DNS on AD and DHCP on Infoblox. We are migrating from Nortel's NETID. I feel best practice would be to run DNS and DHCP on Infoblox or IPControl and keep AD updated vai zone transfers. Opinions?
0
Comment
Question by:PMcDevitt
  • 3
  • 2
5 Comments
 
LVL 8

Expert Comment

by:Sinder255248
ID: 21746082
I'd be enclined to go with you.  I've seen the demo of infoblox (we went with bluecat), but their solution is really nice if you have the licenses for it.  It's a much more resilient DNS solution, and from what I saw DDNS worked perfectly on it.  We're much happier now we've migrated our DNS off to bluecat.  

You can host your AD zones in your infoblox boxes, and then put a secondary zone on all your AD boxes if you want too, although it isn't really necessary as long as all clients/dc's/servers are pointing to the infoblox boxes.

That being said though there are many companies running their AD's on AD Integrated zones (we did the same for 4+ years), but in the end we decided that it was best to go with DHCP and DNS serviced from one box.  

The infoblox boxes are also far easier to delegate administration for zones to less qualified engineers, or simply block the zone from manual enteries and go with DDNS only.  Logging is also a nice feature, and one that the auditors love.
0
 

Author Comment

by:PMcDevitt
ID: 21746949
Thanks Snider255248.  
I appreciate the bfeedback.

I was also hoping someone would comment on issues that could arrise if DNS is on AD and DHCP not.

BTW: Did you also look at IP Control from Diamond IP (now owned by BT/INS)?
0
 
LVL 8

Expert Comment

by:Sinder255248
ID: 21749831
Nope we only looked at Bluecat and Infoblox, the BT guys took too long and couldn't organise a time to visit so we decided it wasn't the route for us (especially as we're not a small client base).  

You'll have no problems if you want to keep the two seperate (apart from probably DDNS on AD), but I would go with everything on your Infoblox boxes for complete resilience.  DNS on AD doesn't always update DDNS etc, but other than that it's not bad for a free solution. I've never had any problems with zone replication, and it seems to hold up pretty well in an enterprise environment.
0
 

Author Comment

by:PMcDevitt
ID: 21750865
Thanks. I have heard of issues with DDNS, can you elaborate on what the issue is?
0
 
LVL 8

Accepted Solution

by:
Sinder255248 earned 250 total points
ID: 21758744
Clients don't update themselves in DNS, and you have to manually add them..  Works on some, others it doesn't.  After moving to Bluecat I've not seen this issue once so I can only assume it's a problem with the DNS server and not the clients trying to register.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question