Solved

DHCP database

Posted on 2011-02-22
11
407 Views
Last Modified: 2012-06-27
I searched around and couldn't find exactly what i was looking for..so i want to ask.

This is really just for informational purposes, not a problem per se.
I have several dhcp reservations and such that i don't want to recreate if i have a failure, as those ip's are entered into firewalls/web filters etc....

What I am thinking is to use robobcopy to backup the dhcp database =C:\windows\system32\dhcp\backup\new\dhcp.mdb to another remote location on a regular basis.

If I only have one dhcp server and it completely fails,...and I have a backup of the database, can that be used on a new server with dhcp installed?

My other question is, what's a good/the best way to backup dhcp?
set up a batch file to export with the netsh command on a weekley basis?
Use windows backup?

just wanting some information and opinions....



0
Comment
Question by:SeaSenor
  • 6
  • 5
11 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 34956544
You can use netsh to dump the dhcp server configuration.

I think this is what you are looking for versus trying to copy/backup an MDB file which I am not sure what it has nor whether if you drop it into the location and start DHCP will do what you are looking for.
netsh dhcp server dump (for local server)
see options/examples below
http://msdn.microsoft.com/en-us/library/ms175903.aspx
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 34961579
Thanks arnold.
I have indeed used the netsh dump command from time to time.

Dhcp creates that database backup automatically from what i understand. I would assume it does so for a reason, but i haven't found any real world examples of anyone using it. Just wondered if there was a way to use it for backup.

i will likely just use a batch file to dump it into txt once a week.

What do you think of this? (my imagination at work- lookout!)
Have one authorized DHCP server running-DHCP1
Have one unauthorized DHCP server running-DHCP2
run a batch file to export/dump from DHCP1 to file
run a batch file to import to DHCP2
It all happens automatically on a nightly basis with scheduled tasks.
if DHCP1 dies, just authorize DHCP2 and go about your business.

sound feasible?
0
 
LVL 76

Accepted Solution

by:
arnold earned 50 total points
ID: 34962247
I'd suggest you limit the import to the scope/reservation definition
The allocation part should be different.
You can run dhcp1 and dhcp2 at the same time provided they do not allocate the same IPs.
i.e.
Same scope 192.168.0.0/24
DHCP1 192.168.0.2-192.168.0.254
DHCP2 192.168.0.2-192.168.0.254
Both have the identical reservation MAC-IP mappings.
DHCP1 can only allocate IPs on this range from 192.168.0.32-192.168.0.150 with the rest excluded
DHCP2 can only allocate IPS on this range from 192.168.0.151-192.168.0.220 with the rest excluded

i.e. 192.168.0.2-192.168.0.31 is reserved for static IP allocation on the system. you could use this range with DHCP reservations as well.
This way if one server becomes unavailable you will still have a DHCP in the environment to allocate IPs.
At times this type of setup is done with the 70/30 split i.e. one DHCP server has 70% of the allocatable IPs in the scope while the other has 30%.
http://oreilly.com/pub/a/windows/2004/04/13/DHCP_Server.html Setting a conflict detection properties of the DHCP server could be used if you are allocating the same IPs but is prone to issues if software firewal is enabled and ICMP(ping) is not excluded from the firewall.

Another option which I have not used, is to use superscopes with the two DHCP servers and that might make it possible to do as you are contemplating i.e. have one import the configuration from the other.
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 34962634
good advice.

I would definitely limit the export/import to the reservations.

I also use a subnet mask of 255.255.248.0 which gives me a lot of addresses.
so....I could have:
scope 192.168.0.0 on both servers
all reservations on both servers in range of 192.168.2.xxx
DHCP1 leasing out 192.168.0.1 - 192.168.1.254
DHCP2 leasing out 192.168.3.1 - 192.168.4.254

correct?
0
 
LVL 76

Expert Comment

by:arnold
ID: 34963117
In this setup, I think you should look at using super scopes versus a single contigous one.
I.e. are the segments broken up using switches where a dhcp agent can be configured such that each "location" has their own segment.  The benefit is to minimize traffic that goes within one segment being seen by all since your scope consists of eight class C networks (254*8 usable IPs)

You could use/configure it in the way you outline.  Note 192.168.0.1 is often the router's IP i.e. your allocatable range will be 192.168.0.2-192.168.7.254 based on your netmask.
 
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 8

Author Comment

by:SeaSenor
ID: 35088230
Thanks Arnold..

I think what I'll chose to do is this:

reduce the net mask to 255.255.252.0

on both DHCP servers use 192.168.2.1 - 192.168.2.254 as reservations

DHCP1  will lease 192.168.1.1 - 192.168.1.254
DHCP2 will lease 192.168.3.1 - 192.168.3.254

that should allow plenty of addresses on either server if I have under 200 devices/computers.
0
 
LVL 76

Expert Comment

by:arnold
ID: 35108724
I'm puzzled at your point assignment choice?
using netsh you can preserve the configuration.
My comment about splitting the IP scope such that one DHCP server assigns one section and the other non-overlaping seems to be the solution you are using.
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35109033
I planned on doing that for quite sometime.

My main question was to see if I could somehow use the backed up DHCP database in case of a server failure.

the other question was just wanting some varied opinions about what others use to back up their database or DHCP config.

I didn't really get an answer about the backed up database question. You did comment about splitting the IP scope....I had planned on doing that anyway.
I'll be happy to award you the points for your participation. I meant nothing by it, just didn't seem to get the main answer I was looking for.
0
 
LVL 8

Author Closing Comment

by:SeaSenor
ID: 35109046
Thanks Arnold
0
 
LVL 76

Expert Comment

by:arnold
ID: 35109903
IMHO, there is no point of backing up the DHCP database since I think it only contains info on the leased IPs as well as the netsh dhcp is the tool to use.
http://technet.microsoft.com/en-us/library/cc781140%28WS.10%29.aspx
http://support.microsoft.com/kb/325473


0
 
LVL 8

Author Comment

by:SeaSenor
ID: 35109970
I see... thank you.

When I saw that windows makes it's own backup of the database it just made me wonder if it could be used to easily transfer to another server in case of failure.






0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Ever wondered why you had to use DHCP options (dhcp opt 60, 66 or 67) in order to use PXE? Well, you don't!
Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now