DHCP on Multiple domains

There is no risk or consideration at all, the client asks for an IP before it "knows" if it is connected to a domain or not.

so you can only put one DHCP server to server this shared subnet irrespectively if it is hosting one or 10 domains

Hope it helps

what do you mean not runing dhcp. Do you mean firewall stand for it. or what?

The only think you need to make sure is that there is a DHCP Helper service configured on the router/switch that is routing traffic for the second subnet.

There are no real risks.

@Asr > Perhaps you should think about monitoring a different zone?

@Akhater: Are you sure there is no risk? Its going to be a Windows DHCP server not unix or linux. So it will be in AD. Also Each of the 2 domains has their own DCs with AD intergrated DNS. If I setup a new DHCP server i will need to give client in the subnet a specific primary and dns server ? Does it matter which? I dont think it does tho.

@Asr:  Not running DHCP meaning they using static IP addresses for clients. not sure Y tho but they are.

You have a couple of options, you could either setup seperate scopes for each subnet on a single DHCP server and let the DHCP Helper service sort out the rest for you.

Or if there are already seperate servers in the subnets simply install the DHCP Service/Role (depending on which version of Windows) and they will then issue their own IP addresses.
This takes the complication of the DHCP Helper service away.

@Demazter > I dont think I need to configure a helper service because i dont want broadcast traffic to cross any routers. I also wont need to because Both domains is using the same subnet range. If they both were on separate subnet I would simply create 2 dhcp servers seeing that a dhcp server doesnt take up much resources.

As long as all DNS servers on that single subnet can resolve names for both domains there's little problem. Clients need to find their own domains, it doesn't matter where the DNS servers live, as long as they can provided the necessary answers.

The only other issue is Dynamic Updates. If DHCP updates DNS you may run into problems. Are there trusts between the domains? Or would you prefer clients update DNS directly (not via DHCP)?

Chris

yes there is trust between the domains and I would like DNS to be automatically updated by DHCP because there is sooo much static records, old records that I want to avoid that from happening.

Okay, well it should work. You will need to configure DHCP with specific credentials to update. And you will need to grant that account permission on the zone in the remote domain (otherwise the update will fail).

Do note that clients can update without the help of DHCP, that doesn't mean manually maintaining records, that would be no fun :) Just something to consider, that's all.

Chris

don't worry about the trust or anything the integration between DHCP and AD is just for DHCP server between each others, any DHCP server in a subnet will server any client on this subnet irrespectively if he is joined to a domain or not and to which domain it is joined to.

If you want ONE DHCP server to handle all the subnets then you will need to configure a relay agent or ip helper for each subnet but I don't think that's your question

@Akhater > I dont want just one DHCP server and especially dont want DHCP broadcasts to cross routers. Its there essentially to split the broadcast domains. Anyway one DHCP per subnet is what Im aiming for.

@Chris > What permissions would this account need in order to do the DNS updates.
 How can the clients update automatically without DHCP and what method would you use in this situation?

> What permissions would this account need in order to do the DNS updates.

Nothing more than a standard user account. You'll be manually setting the rights in needs on the DNS Zone (Create Child Objects). It really needs very little.

> How can the clients update automatically without DHCP and what method would you
> use in this situation?

Nothing, the functionality is built in. They lookup the SOA, then send an update request there. If they use a DNS server on Domain A, but are a member of Domain B they will request the SOA for Domain B, then send the update there directly, bypassing the normal DNS server they use.

Essentially, it'll work without you doing more than unticking the box telling DHCP to update (in the DHCP server console).

Chris

If the clients IP address change, will the A and PTR records automatically be updated in DNS without DHCP? Because at the moment its not and the clients are set to register in dns in the tcpip settings

> If the clients IP address change, will the A and PTR records automatically be updated
> in DNS without DHCP?

Yes, provided they have permission to do so (if records exist that they do not have permission to modify the update will fail) and provided DHCP has *not* been set to do it for them (because that prevents the client from performing the update).

Akhater is right about the need to enable Dynamic Update in the DNS zone.

Chris

Thanks guys. I have Dynamic updates enabled (secure)

If updates are failing it would be a good idea to see what has permission on the record in DNS. If DHCP is updating, DHCP, or the credentials set in DHCP, need rights over the record. If the client is updating then the client does.

If neither has rights the update will fail, and you'd have to remove the record. Or, if you use Scavenging, wait until it becomes stale and is automatically removed.

Chris

So to sum it all up:

• Basically go ahead with the deploying of the DHCP server.

• Use any of the DNS servers on the subnet( Seeing that it is AD intergrated) for both the server and clients.

• Use DHCP to automatically update the records in DNS.
• DHCP clients wont have problems finding domain controllers etc and will look at the SOA of the domain they belong to?? Not 100% about this just clarify for me please?
• Make sure dynamic updates is enabled. (It is on all zones)

What else am I missing?

Does that all seem alright?

Thanks again guys for your help.
Will award points soon.

Last question, off topic.
How do I get points without buying them? If I am an expert and the points I gain from answering, Can I use that to ask myself?

Thanks again
Eugene

Thanks Guys