• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1662
  • Last Modified:

DHCP on Multiple domains

Hi All

I have recently joined a new place and found that they are NOT running DHCP .
Around 600 users, yes I know :-).

I've decided to setup DHCP.

We have 5 domains 3 of which is on a separate subnet BUT 2 of them is sharing a subnet.
We also running exchange 2007 and all domain controllers are Windows Server 2008.

Whats the best way of going about this with regards to the 2 domains that is sharing a subnet?
What should I take into consideration?
What are the risks?

please let me know should you need additional information.


Your assistance is greatly appreciated.

regards
Eugene
0
eugene20022002
Asked:
eugene20022002
  • 8
  • 6
  • 4
  • +2
3 Solutions
 
AkhaterCommented:
There is no risk or consideration at all, the client asks for an IP before it "knows" if it is connected to a domain or not.

so you can only put one DHCP server to server this shared subnet irrespectively if it is hosting one or 10 domains

Hope it helps
0
 
AsrCommented:
what do you mean not runing dhcp. Do you mean firewall stand for it. or what?
0
 
Glen KnightCommented:
The only think you need to make sure is that there is a DHCP Helper service configured on the router/switch that is routing traffic for the second subnet.

There are no real risks.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Glen KnightCommented:
@Asr > Perhaps you should think about monitoring a different zone?
0
 
eugene20022002Author Commented:
@Akhater: Are you sure there is no risk? Its going to be a Windows DHCP server not unix or linux. So it will be in AD. Also Each of the 2 domains has their own DCs with AD intergrated DNS. If I setup a new DHCP server i will need to give client in the subnet a specific primary and dns server ? Does it matter which? I dont think it does tho.

@Asr:  Not running DHCP meaning they using static IP addresses for clients. not sure Y tho but they are.


0
 
Glen KnightCommented:
You have a couple of options, you could either setup seperate scopes for each subnet on a single DHCP server and let the DHCP Helper service sort out the rest for you.

Or if there are already seperate servers in the subnets simply install the DHCP Service/Role (depending on which version of Windows) and they will then issue their own IP addresses.
This takes the complication of the DHCP Helper service away.
0
 
eugene20022002Author Commented:
@Demazter > I dont think I need to configure a helper service because i dont want broadcast traffic to cross any routers. I also wont need to because Both domains is using the same subnet range. If they both were on separate subnet I would simply create 2 dhcp servers seeing that a dhcp server doesnt take up much resources.
0
 
Chris DentPowerShell DeveloperCommented:

As long as all DNS servers on that single subnet can resolve names for both domains there's little problem. Clients need to find their own domains, it doesn't matter where the DNS servers live, as long as they can provided the necessary answers.

The only other issue is Dynamic Updates. If DHCP updates DNS you may run into problems. Are there trusts between the domains? Or would you prefer clients update DNS directly (not via DHCP)?

Chris
0
 
eugene20022002Author Commented:
yes there is trust between the domains and I would like DNS to be automatically updated by DHCP because there is sooo much static records, old records that I want to avoid that from happening.
0
 
Chris DentPowerShell DeveloperCommented:

Okay, well it should work. You will need to configure DHCP with specific credentials to update. And you will need to grant that account permission on the zone in the remote domain (otherwise the update will fail).

Do note that clients can update without the help of DHCP, that doesn't mean manually maintaining records, that would be no fun :) Just something to consider, that's all.

Chris
0
 
AkhaterCommented:
don't worry about the trust or anything the integration between DHCP and AD is just for DHCP server between each others, any DHCP server in a subnet will server any client on this subnet irrespectively if he is joined to a domain or not and to which domain it is joined to.

If you want ONE DHCP server to handle all the subnets then you will need to configure a relay agent or ip helper for each subnet but I don't think that's your question
0
 
eugene20022002Author Commented:
@Akhater > I dont want just one DHCP server and especially dont want DHCP broadcasts to cross routers. Its there essentially to split the broadcast domains. Anyway one DHCP per subnet is what Im aiming for.

@Chris > What permissions would this account need in order to do the DNS updates.
 How can the clients update automatically without DHCP and what method would you use in this situation?
0
 
AkhaterCommented:
Clients can update their own records in the DNS you don't need DHCP to do that.

DHCP can do that for clients that cannot update DNS themselves like windows 95/98 for example
0
 
Chris DentPowerShell DeveloperCommented:

> What permissions would this account need in order to do the DNS updates.

Nothing more than a standard user account. You'll be manually setting the rights in needs on the DNS Zone (Create Child Objects). It really needs very little.

> How can the clients update automatically without DHCP and what method would you
> use in this situation?

Nothing, the functionality is built in. They lookup the SOA, then send an update request there. If they use a DNS server on Domain A, but are a member of Domain B they will request the SOA for Domain B, then send the update there directly, bypassing the normal DNS server they use.

Essentially, it'll work without you doing more than unticking the box telling DHCP to update (in the DHCP server console).

Chris
0
 
eugene20022002Author Commented:
If the clients IP address change, will the A and PTR records automatically be updated in DNS without DHCP? Because at the moment its not and the clients are set to register in dns in the tcpip settings
0
 
AkhaterCommented:
well you need to enable "automatic updates" and the DNS zone that's all what is required
0
 
Chris DentPowerShell DeveloperCommented:

> If the clients IP address change, will the A and PTR records automatically be updated
> in DNS without DHCP?

Yes, provided they have permission to do so (if records exist that they do not have permission to modify the update will fail) and provided DHCP has *not* been set to do it for them (because that prevents the client from performing the update).

Akhater is right about the need to enable Dynamic Update in the DNS zone.

Chris
0
 
eugene20022002Author Commented:
Thanks guys. I have Dynamic updates enabled (secure)
0
 
Chris DentPowerShell DeveloperCommented:

If updates are failing it would be a good idea to see what has permission on the record in DNS. If DHCP is updating, DHCP, or the credentials set in DHCP, need rights over the record. If the client is updating then the client does.

If neither has rights the update will fail, and you'd have to remove the record. Or, if you use Scavenging, wait until it becomes stale and is automatically removed.

Chris
0
 
eugene20022002Author Commented:
So to sum it all up:

  • Basically go ahead with the deploying of the DHCP server.
  • Use any of the DNS servers on the subnet( Seeing that it is AD intergrated) for both the server and clients.
  • Use DHCP to automatically update the records in DNS.
  • DHCP clients wont have problems finding domain controllers etc and will look at the SOA of the domain they belong to?? Not 100% about this just clarify for me please?
  • Make sure dynamic updates is enabled. (It is on all zones)
What else am I missing?

Does that all seem alright?

Thanks again guys for your help.
Will award points soon.

Last question, off topic.
How do I get points without buying them? If I am an expert and the points I gain from answering, Can I use that to ask myself?

Thanks again
Eugene



0
 
Chris DentPowerShell DeveloperCommented:

> and will look at the SOA of the domain they belong to??

They'll only need that if they're updating DNS directly, not via DHCP.

They'll need to be able to resolve host names and service records for the "other" domain via the DNS servers they use. If a trust is in place that kind of name resolution is already likely to be functional.

You can test that:

nslookup -q=srv _gc._tcp.domain.com

Should give you a list of Global Catalog servers for domain.com.

You're not really missing anything other than testing to make sure. It's quite a simple system really :)

> How do I get points without buying them? If I am an expert and the
> points I gain from answering, Can I use that to ask myself?

If you gain expert status you get unlimited points with which you can ask questions. Expert points are used for little more than ranking / status / self-satisfaction.

To earn expert status you will need to earn a total of 10000 points, and 3000 points a month to maintain that. Check the Help pages under Answering Questions for more details.

Chris
0
 
eugene20022002Author Commented:
Thanks Guys
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 8
  • 6
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now