On Tue, 2004-01-06 at 00:29, Emmanuel Gravel wrote:
> On Tue, 2004-01-06 at 00:12, Craig White wrote:
> > ---
> > ISC's dhcpd and bind (versions 3.0x and 9.2.x are current I think) are
> > more than capable of ddns. This isn't all that easy to set up - though
> > ddns on Active Directory is easier, it's also more costly. Other dhcp
> > servers (i.e. Linksys dsl/cable modem routers) can be configured to
> > entice the client to register ddns with dns server if you run a caching
> > dns server on your lan.
> >
> > SOME dhcp servers are very consistent about leases and most modern
> > computer OS's will try to re-lease the same ip address to prevent drift.
> > Also, a typical dhcp server will let you make 'reservations' which fix
> > the ip address 'issued' to a server based upon the MAC address of the
> > network card. This is cool...your ip address is certain not to change
> > but if you make a change in the dhcp configuration (i.e. dns server
> > address changes, netbios server changes, ntp server changes, etc. -
> > these changes are absorbed by the computer which gets its ip address
> > from the unchanging reservation).
> >
> > BUT in answer to your question - when I set up a lan...
> > typically a class C - 254 ip addresses / say 192.168.0.0
> > I will reserve 192.168.0.1 through 192.168.0.99 for fixed ip addresses
> > I will have the dhcp server issue addresses 192.168.0.100 through
> > 192.168.0.199
> > I will have the default gateway at 192.168.0.254 (internet access)
> > 192.168.0.0 is network address and no host is given that address
> > 192.168.0.1 is primary network server
> > 192.168.0.2 through 192.168.0.49 is for other servers
> > 192.168.0.50 through 192.168.0.999 is for printers
> >
> > and yes, it's a good idea to 'fix' server addresses so that they never
> > move and make entries into dns server for those servers.
> >
> > I also tend to use A records for the host names...
> > 192.168.0.1 linserv1.domain.com linserv1
> > 192.168.0.2 virtualip.domain.com virtualip #another ip from server
> >
> > and then create CNAME records for common services...
> > www.domain.com linserv1.domain.com
> > ftp.domain.com linserv1.domain.com
> > mail.domain.com linserv2.domain.com
> > so that I can change the server without going around to each machine.
> > For example, if everyone points their MUA (mail client program) to use
> > mail.domain.com and I decide to bring in a new server to handle the
> > mail, I only need to change the CNAME record and everyone finds the new
> > mail server.
> >
> > As for your analogy with windows, \\SERVER\SHARE - it's no different
> > with nfs - consider only the above information. With DNS it's actually
> > simpler when you have a plan.
> >
> > YMMV
> >
> > Craig
>
> Lots of info here :) My needs are a lot simpler though. Here's what I
> was thinking of doing in my network:
>
> 1- Firewall, FreeBSD, would also serve as DNS server, and I was
> initially thinking DHCP server as well (they use ISC's implementation of
> DHCP, so that ties in to what you were saying). Would run a SSH server
> as well, but that would be pretty much it (SSH/DNS/DHCP/ipfilter/ipnat).
> Will kill the FTP server if there's one running (don't care yet, not
> fully configured, using another Linux box as firewall right now).
>
> 2- Main Linux box, would serve as an internal mail server (still haven't
> setup postfix on it yet though) and I'd have to figure a way of
> forwarding all of FreeBSD's typical internal mail to root to that box.
> Possible, just don't know how yet. Would also serve as a SAMBA PDC for
> the WinXP boxen in my network. FTP and SSH servers would be running here
> too. And eventually, when I get around to it, fax server. Already serves
> as a scanner server (wife's pretty happy she can scan from her WinXP
> system when the scanner's connected to the Linux box). For many of these
> services, I need either a constant hostname, or IP. I'd think that DDNS
> would be overkill here, so simply reserving an IP for this box with DHCP
> should be enough, and putting a static entry in DNS for that IP should
> suffice I think.
>
> Apart from that, all other systems are Windows, and I think that the
> \\server\share\ analogy will be a constant one with or without a PDC,
> with or without static IP's or DNS entries (they already recognize each
> other and I don't have a DNS server up, so...) Since I won't have to
> access my Windows systems from the Linux system, apart from maybe using
> samba shares, and after careful consideration, I think I only need two
> static IP's, the firewall's, and the Linux box.
>
> Thanks for all the input!
---
I don't always want to go to all the effort unless I want to learn how
to use the technology before I have to learn in trial by fire - which is
how I had to learn LDAP (not the recommended way of learning LDAP I
might add)
Anyway, I didn't expect that you would jump on this as DDNS is a
complicated thing to set up - even surprisingly on Windows. It's just
that Windows makes it easier because they don't worry about security and
dns security is very much a concern for ISC.
;-)
Craig