Solved

DHCP OPENBSD to Windows 2012 R2

Posted on 2014-01-17
6
861 Views
Last Modified: 2014-02-03
Hello,

I want move Linux DHCP server to Windows 2012 DHCP server . Previous system admin just left a guide for us and now we are stuck. Noone got the knowledge of this openbsd DHCP except the below documentation.

Can someone please help us here?

The servers that provide DHCP are virtual machines running OpenBSD. Login as root and the usual root password (no AD integration here). The VMTools integration isn't great so rebooting has to happen on the commandline.

DHCP has a couple of pieces:

a) the DHCP servers themselves and their conf files
b) the “DHCP Helper” configuration on our switches, to allow DHCP broadcasts
c) the interaction between DHCP and DNS zones

The servers dhcp-01 and dhcp-02 are complementary to each other. Each has two conf files relevant to the ISC dhcpd daemon. We run version 4.2.3.2

/etc/dhcpd.conf is the conf file that explains the peer relationship between the two dhcp servers.

/etc/dhcpd.master is the conf file that sets DHCP options for various pools.



















Here's a cut and paste of the dhcpd.conf file on dhcp-02:

#
# Failover DHCPD (ISCv4) config
#
one-lease-per-client true;
authoritative;
failover peer "dhcp-failover" {
        secondary; # call ourselves secondary
        address 10.10.198.71;
        port 520;
        peer address 10.10.198.70;
        peer port 519;
        max-response-delay 60;
        max-unacked-updates 10;
        load balance max seconds 3;
}

# the rest of the actual dhcp config

include "/etc/dhcpd.master";


This file enumerates the peer server, its address, ports to talk on, and how long before the secondary considers that the peer is no longer alive. Then, it includes the rest of the configuration which describes the various DHCP pools in use.


#       $OpenBSD: dhcpd.conf,v 1.2 2008/10/03 11:41:21 sthen Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#

option  domain-search "son.ca", "network.son.ca", "ee2.local";
default-lease-time      28800;
max-lease-time          86400;
authoritative;
ddns-updates            on;
ddns-update-style       interim;
ignore                  client-updates;
update-static-leases    on;
update-conflict-detection       false;
option  domain-name     "son.ca";

zone son.ca. {
        primary 10.10.198.6;
}

zone 116.10.10.in-addr.arpa. {
        primary 10.10.198.6;
}

zone 117.10.10.in-addr.arpa. {
        primary 10.10.198.6;
}

zone 109.10.10.in-addr.arpa. {
        primary 10.10.198.6;
}

zone 120.10.10.in-addr.arpa. {
        primary 10.10.198.6;
}

subnet 10.10.116.0 netmask 255.255.252.0 {
        option routers                  10.10.119.254;
        option time-servers             10.10.198.6;
        option ntp-servers              10.10.198.6;
        option netbios-name-servers     10.10.12.245, 10.10.198.6, 10.10.198.7;
        option netbios-node-type        8;
        option domain-name-servers      10.10.12.245, 10.10.198.6, 10.10.198.7;
        pool {
                failover peer "dhcp-failover";
                deny dynamic bootp clients;
                range 10.10.117.1 10.10.117.254;
        }
}

subnet 10.10.198.0 netmask 255.255.252.0 {
        option routers                  10.10.119.254;
        option time-servers             10.10.198.6;
        option ntp-servers              10.10.198.6;
        option netbios-name-servers     10.10.12.245, 10.10.198.6, 10.10.198.7;
        option netbios-node-type        8;
        option domain-name-servers      10.10.12.245, 10.10.198.6, 10.10.198.7;
        pool {
                failover peer "dhcp-failover";
                deny dynamic bootp clients;
                range 10.10.109.1 10.10.109.99;
        }
}

subnet 10.10.120.0 netmask 255.255.255.0 {
        option routers                  10.10.120.254;
        option domain-name-servers      10.10.198.6, 10.10.198.7;
        option time-servers             10.10.198.6;
        option ntp-servers              10.10.198.6;
        pool {
                failover peer "dhcp-failover";
                deny dynamic bootp clients;
                range 10.10.120.1 10.10.120.30;
        }
}

subnet 10.10.122.0 netmask 255.255.255.0 {
        option routers                  10.10.122.254;
        option time-servers             10.10.198.6;
        option ntp-servers              10.10.198.6;
        option netbios-name-servers     10.10.12.245, 10.10.198.6, 10.10.198.7;
        option netbios-node-type        8;
        option domain-name-servers      10.10.12.245, 10.10.198.6, 10.10.198.7;
        pool {
                failover peer "dhcp-failover";
                deny dynamic bootp clients;
                range 10.10.122.1 10.10.122.253;
        }
}

This sets the global lease options, as well as options specific to each zone. It also sets the DNS server for each zone so that dynamic DNS updates may be issued to the DNS server.

Our primary DNS server (for each zone) is configured to allow dynamic updates from the DHCP servers. Without this, client machines will never get an A or PTR record in DNS, which is “not good”. Allowing dynamic updates is complementary to the “zone” statements in the above conf file. DNS servers handle the zone transfers and replication between themselves.

Lastly the DHCP helper config is enabled on our switches, to forward DHCP broadcasts and allow them across routed subnets (for example, from the server segment to the office-user segment).

Thanks
J
0
Comment
Question by:jasmanes
6 Comments
 
LVL 87

Expert Comment

by:rindi
ID: 39790559
If you are moving to Windows 2012 as DHCP server, there isn't much you need to know about the old one, except maybe the dhcp scopes which you have to setup on the new servers, and maybe any reservations, which you will also have to setup again on the new Servers.

Generally, just shut your old servers down and enable the dhcp service on your 2012 servers.
0
 
LVL 39

Expert Comment

by:noci
ID: 39790870
From this config there are no visible reservations on leases.
You will need to define the scopes, with their options.

Also this DHCP server does update the DNS servers with info.
You will need to accomodate for that too. (Best would be to trust the DHCP server to update DNS, not your average client system, as any record may be entered into the DNS through a client update tool.)

Also you will need to
either:  update all  network equipment helpers to point to the new DHCP server
Or:       set your new DHCP servers to the same addresses as the current ones.
Or:    Alias the current dhcp servers ip address on the new dhcp ones.

So it's slightly more work then the previous poster mentioned.
0
 

Author Comment

by:jasmanes
ID: 39795049
Thanks Noci and Rindi,

Can you please do me one more favor ?and define me the scope's/setting's  that i have to create on DC 2012 R2 that i just added into my existing Network that matches the config with my Linux dhcp. Here's the config.

Sorry for this but i am not good with linux ,so i just don't want to miss anything here....


DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#

option  domain-search "xxxxx.ca", "network.xxxxx.ca", "elite2.local";
default-lease-time      28800;
max-lease-time          86400;
authoritative;
ddns-updates            on;
ddns-update-style       interim;
ignore                  client-updates;
update-static-leases    on;
update-conflict-detection       false;
option  domain-name     "xxxxx.ca";

zone xxxxx.ca. {
        primary 10.10.108.6;
}

zone 116.10.10.in-addr.arpa. {
        primary 10.10.108.6;
}

zone 117.10.10.in-addr.arpa. {
        primary 10.10.108.6;
}

zone 109.10.10.in-addr.arpa. {
        primary 10.10.108.6;
}

zone 120.10.10.in-addr.arpa. {
        primary 10.10.108.6;
}

subnet 10.10.116.0 netmask 255.255.252.0 {
        option routers                  10.10.119.254;
        option time-servers             10.10.108.6;
        option ntp-servers              10.10.108.6;
        option netbios-name-servers     10.10.12.245, 10.10.108.6, 10.10.108.7;
        option netbios-node-type        8;
        option domain-name-servers      10.10.12.245, 10.10.108.6, 10.10.108.7;
        pool {
                failover peer "dhcp-failover";
                deny dynamic bootp clients;
                range 10.10.117.1 10.10.117.254;
        }
}

subnet 10.10.108.0 netmask 255.255.252.0 {
        option routers                  10.10.119.254;
        option time-servers             10.10.108.6;
        option ntp-servers              10.10.108.6;
        option netbios-name-servers     10.10.12.245, 10.10.108.6, 10.10.108.7;
        option netbios-node-type        8;
        option domain-name-servers      10.10.12.245, 10.10.108.6, 10.10.108.7;
        pool {
                failover peer "dhcp-failover";
                deny dynamic bootp clients;
                range 10.10.109.1 10.10.109.99;
        }
}

subnet 10.10.120.0 netmask 255.255.255.0 {
        option routers                  10.10.120.254;
        option domain-name-servers      10.10.108.6, 10.10.108.7;
        option time-servers             10.10.108.6;
        option ntp-servers              10.10.108.6;
        pool {
                failover peer "dhcp-failover";
                deny dynamic bootp clients;
                range 10.10.120.1 10.10.120.30;
        }
}

subnet 10.10.122.0 netmask 255.255.255.0 {
        option routers                  10.10.122.254;
        option time-servers             10.10.108.6;
        option ntp-servers              10.10.108.6;
        option netbios-name-servers     10.10.12.245, 10.10.108.6, 10.10.108.7;
        option netbios-node-type        8;
        option domain-name-servers      10.10.12.245, 10.10.108.6, 10.10.108.7;
        pool {
                failover peer "dhcp-failover";
                deny dynamic bootp clients;
                range 10.10.122.1 10.10.122.253;
        }
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 39

Expert Comment

by:noci
ID: 39795915
You need the option statement and add them to a scope.
A scope is the address range you want to give out.

So from above, The zones are for communicating with DNS (no equivalent).
The subnets are scopes,
the options need to be copied.
The range the the range of addresses you want to supply from a scope.
The failover declaration can be dropped there is no equivalent.

The global options like default & max lease time should be copied to the global settings for your DHCP server.
0
 
LVL 5

Accepted Solution

by:
piwowarc earned 500 total points
ID: 39801562
And another rather important thing. ISC based DHCP has ability to run in failover configuration (a little buggy but gives sort of survaivibility). Both of them listen and sync active leases. If one goes down, other takes over. Windows does not have that feature (they only offer split scope). Take that into consideration as well.

http://technet.microsoft.com/en-us/library/ee405264(v=ws.10).aspx
0
 
LVL 39

Expert Comment

by:noci
ID: 39801880
then there is that too.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now