Dynamic DNS redhat

I recently started a new job where they do some wierd DNS. The manually update reservations for machines that move around from building to building.  Each building has its own subnet.  Each machine MUST have a reservation in each of these subnets.
All the servers run redhat (DHCP and DNS - BIND)

My question:
Is it possible to use the DHCP server to update DNS when a person moves their machine from one building to another?  If so can someone point me to some documentation?

I know this is very little bit of information, if you need anything else from me to help answer my question please let me know.

LVL 23
Steven VonaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
savone,

OK, let me see if I get this right...

 - In an effort to be more "secure", the "rule" is that there must be a DHCP "reservation" for each machine
 - There are multiple buildings, each of which has its own subnet (an example would be nice... as in building A is 192.168.1.0/24, building B is 192.168.2.0/24, etc)
 - Despite the need for some kind of security, it is requested that hosts be able to move from building A to building B and so forth and successfully get a DHCP address from each.
 - When Host A moves from Building A (and a 192.168.1.0/24 address) to Building B (and gets a 192.168.2.0/24 address), you want DNS to be updated so that someone LOOKING for Host A will find it at whatever address it may be actually located.

To look further into this, I would need a few more pieces of the puzzle:
 1) Is there a separate DHCP server for each subnet?
 2) Is there a separate DNS server for each subnet?
 3) Is there some kind of super-net (like a campus network that each of these building subnets ties into)?

The yes/no answers on these will direct my answer, so to avoid writing a book, I'll await your response.

Dan
IT4SOHO
Chris DentPowerShell DeveloperCommented:

> Is it possible to use the DHCP server to update DNS when a person moves their machine from one building to another?

Not securely between MS DHCP and BIND. The secure update mechanisms for each are mutually exclusive. You could suggest non-secure updates, but I doubt that'll go down well.

You could also do it outside of those, with a script perhaps, it's only within that you have trouble.

Chris
Chris DentPowerShell DeveloperCommented:

I take it back, it looks like you can make it permit secure updates:

http://www.netlinxinc.com/netlinx-blog/45-dns/136-how-to-implement-gss-tsig-on-isc-bind.html

With a fair bit of work, but... :)

Chris
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Chris-Dent -- I may have misunderstood, but I thought the original post implied only RHEL servers, not MS... thus, the DHCP involved should be the ISC DHCP server...

If this is true, then the article (HOWTO) found here:
  http://sipx-wiki.calivia.com/index.php/HowTo_Configure_DHCP_and_DNS_Servers
should be of help... ignore the fact that the target audience is not RHEL, the configuration examples are spot-on for RHEL.

That being said, you still need to have a common "super LAN" that is shared among the buildings that the DHCP servers can update!

Dan
IT4SOHO

PS: A final thought -- if it was me, I'd keep one master "list" of available hosts & populate ALL of the dhcp server's config files with it... thus, mac address 00:11:22:33:44:55 would ALWAYS be host 100 (or whatever) -- whether on 192.168.0, 192.168.1, or wherever....

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steven VonaAuthor Commented:
@it4soho

 1) Is there a separate DHCP server for each subnet?
No its one redhat box.

 2) Is there a separate DNS server for each subnet?
No, there are 5 DNS servers, 1 hidden master, 2 slaves and 2 external slaves.  All running BIND 9

 3) Is there some kind of super-net (like a campus network that each of these building subnets ties into)?
Yes for example:
Building 1:
172.16.43.x

Building 2:
172.16.47.x

Building 3:
172.16.47.x

Chris DentPowerShell DeveloperCommented:

I must have imagined MS DHCP then, sorry about that.

Chris
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Ahh.... more light = more understanding...

Since there is but one DHCP server, you are being told that you need to manually reset its DHCP reservation whenever it moves from building A (172.16.43) to building B (172.16.47)... is there a REASON for this?

Since this is all coming from one DHCP server, switching from one subnet to another is very easy -- just update the dhcpd.conf file & restart dhcpd...

BUT... since you're CORRECTLY using the Class B RFC 1918 address range, you should be able to actually create a "static" IP that will work for each system regardless of the building it is in...

Which takes me back to the question of WHY there are individual subnets...

Dan
IT4SOHO



Steven VonaAuthor Commented:
Dan,
First off thanks for your patience... I am yet to understand WHY they are doing things the way they are.  

But one extra point... Each client (PC) should have a reservation in each subnet.  For example lets say a PC named JOESPC comes online. It should have a reservation in each of the subnets.

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
savone,

You indicated that there is only ONE DHCP server... to my knowledge, there is no way for you to maintain separate DHCP responses depending on which subnet they are connected on -- unless you have multi-homed the DHCP server on each subnet and have configured DHCP in some very unusual way.

I did a little research on the idea of trying to use ISC DHCP (the "standard" DHCP for Linux and UNIX) and found general consensus on multi-homed DHCP servers: one camp suggests "JUST SAY NO" while the other says "DON'T DO IT" -- so there is agreement there.

Now I can see there being some use to having each building a separate subnet, with a separate DNS -- especially if each building has a similar environment (like a similar set of printers available locally or something). But since they have to route to the "outer LAN" for Internet access, I've yet to imagine a reason for keeping them segregated that doesn't get blown away by the "mobile system" requirement.

Finally, just so you understand about DHCP -- there is no reservation for a computer named JOESPC -- instead, there is a reservation for MAC address 01:23:45:67:89:01 -- which happens to be installed on the system named JOESPC. (In other words, the mapping is done by MAC address, not by system name).

Dan
IT4SOHO
Chris DentPowerShell DeveloperCommented:

> there is no way for you to maintain separate DHCP responses depending on which
> subnet they are connected on

There is :)

The source subnet is stored in the GIADDR field of the DHCP request, it's added by a DHCP relay. The server makes an offer to the client based on that field.

Chris
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
OK, let me be more careful in my wording...

You cannot maintain separate DHCP resoponses depending on which subnet they are connected on USING THE ISC DHCP SERVER software.

At least not to my knowledge -- and there have admittedly been a few updates released since I last looked closely at the newer releases... DHCP is such a basic functionality, that I haven't changed my "base" DHCP setups in probably 5 or 6 years!

I do know that there are more advanced DHCP services -- some of which can provide very "programmable" responses -- like using the GIADDR field in the request, or binding separately to different interfaces and providing different responses on each interface (e.g.: multi-homing)... but not the free ISC version.

Dan
IT4SOHO
Steven VonaAuthor Commented:
Sorry, this question is not abandoned.  I have some other stuff that came up with a higher priority.  I will revisit this shortly.
Steven VonaAuthor Commented:
It looks like this problem we are having is on the back burner for now as more important things have come up.  Can someone just point me to some reading material so I can learn about all the inner workings of DHCP?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.