We help IT Professionals succeed at work.

DHCP with multiple subnets -single domain

mbudman
mbudman used Ask the Experts™
on
Hello,

I have two trusted zones on my firewall. Firewall rules / policies allow full communication between the trusted zones. both zones are in the same domain and both zones are physically located in the same building (on different floors).

Each zone has its own domain controller (DC), which is also the DNS server, WINS server and DHCP server.

I would like to implement redundancy with DHCP in case one of the DC's fails.

My  understanding is  that using DHCP relay agent will solve this problem.

What I don't understand is how each zone knows which ip addresses to use.

For instance, zone 1 uses 10.0.0.0 / 255.255.255.0; zone 2 uses 10.0.1.0 / 255.255.255.0

If the Scope of the DC in zone 1 is defined as 10.0.0.100.. .10.0.0.254 / 10.0.1.0..10.0.1.100 and scope of Dc in zone 2 is defined as 10.0.1.100..10.0.1.254 / 10.0.0.0..10.0.0.100, how does the DHCP server know which scope to use in its own zone? What prevents DHCP server from assigning ip addresses from the second zone within its own zone?

Any insight would be appreciated.

Thanks in advance.

Mark


Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014

Commented:
The DHCP servers know which scope to assign addresses from using something called the giaddr value.  When a client sends a DHCP request, the router will tell the DHCP server the giaddr (the IP of the interface on the router on which the request was received) so the DHCP server will know to allocate an IP address from that range.

Author

Commented:
OK, but what if the DHCP server does not have ot go through the router as in the case when it is giving out ip addresses to the subnet for which it is connected?
Top Expert 2014
Commented:
It gives out IP addresses on whichever IP address range is on the NIC on which it received the request.  If a NIC had 2 IP addresses on different ranges the server would usually give an address from the scope which matches its primary IP address.

The theory is that it didn't receive a request containing a giaddr value, so the request came from the same subnet.

Author

Commented:
Thanks for your assistance.

Cheers!

Mark