Re: DHCP keeping host names unique
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Fri, 20 Jan 2006 22:23:11 -0600
"mmccaws2" <mmccaws@xxxxxxxxxxx> wrote in message
news:1137805768.975104.72570@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Actually, that was one of the issues I've been trying to tease out of
> all that documentation. If a desktop has the check box set on the DNS
> tab of IP properties for it to register the desktop with DNS then I
> believe that DHCP server could literally register each name in some
> central dns-domain.
That check box is about the CLIENT doing 'extra registrations'
(or supposedly defeating registrations) rather than the DHCP.
I get reports that seem to indicate that those boxes are EITHER
somewhat buggy (inconsistent) OR confusing (don't necessarily
say what they mean, or at least what people THINK they mean)
but generally the work as advertised for me.
At least in theory a client could use that to "ask the DHCP" to do
the registration, but this may be where people see the discrepancies.
[I have never done exhaustive tests on this area -- I just get mine
to work by approaching it in the intended, semi-default, correct
manner.]
> Say the central domain is central.local, and the
> DHCP server would check each host (preferably netbios name) to ensure
> that the host has a unique name and IP address.
It doesn't work that way and the NetBIOS name is
not something the DHCP server cares about.
If you want it dependent on the NetBIOS name you
can just use DNS->WINS Server integration; the
DNS server is perfectly willing to USE the NetBIOS
name if the requested machine doesn't appear.
Each zone, (whatever.com, and somethingelse.local) can
be kept seperate in DNS-WINS if you have different WINS
servers for each zone/domain name (but not sure how the
resulting list will work if you replicate them as you should.)
> Then have the host login with it's primary domain, say AD1.biz.com.
There is no such thing as "primary domain" -- machines belong
to ONE domain. The System Control panel lists this AND SHOULD
also show the DNS name for that machine.
Set this correctly if you want things to work (as designed.)
> That login process would apply GPO s to assign primary domain name,
> AD1.biz.com, a list of search suffixs, say AD2.biz.com ( a different AD
> forest same company, we have more than two AD forests), fin.AD1.biz.com
> (subdomain), update WINS server search list, update name server search
> list. I believe you can do all this with GPO?
If you don't set the DOMAIN name correctly in the System Control
panel the results may not be reliable.
The additional suffixes are largely irrelevant.
> I believe that the end result would be that each host would update it's
> own DDNS with it's assigned primary AD DNS.
It will update it's name IF IT KNOWS the full name (machine +
domain.name) with the Dynamic DNS server for that domain;
while this is USUALLY going to be the DC that is actually not
the rule -- the RULE is with the DNS server(s) that is(are) the
masters of the zone.
> The central DHCP server
> would ensure unique names, All hosts are ensured to be in WINS.
If the workstation registers itself in DNS, the DHCP server cannot really
do anything about the name that gets registered.
> We've had problems where someone has a server registered not by it's
> netbios name but some other name in DNS in the other AD forest.
Sounds like due to having the WRONG Domain name DNS version
listed in the System Control Panel.
> Then
> when another server administrator properly assigns that other domains
> server, netbios name as a DNS entry, WINS will see one, DNS will see
> the other, and depending upon which domain the desktop is assign to and
> if it has a suffix search list or not, the target name may or may not
> be seen.
Suffix search lists are irrelevant. (They are only about
helping the client find OTHER MACHINES without typing
full DNS names.)
> I'd like to run a central dns/dhcp server to get a flat host name out
> there, have the AD DDNS update itself from the login process. Then
> have AD DNS domain use my central dns as a secondary name server,
All internal clients much use STRICTLY the DNS Server (set)
that can resolve ALL names they may need, especially their
own DOMAIN DNS resources such as DCs.
If the above is true, then clients can use any (such) DNS server but
they must NOT MIX in one that knows "different stuff".
DNS clients ASSUME that ALL DNS servers (which they use)
have EXACTLY the same info, and have the CORRECT info.
Remember that DCs (and even DNS servers) are also DNS clients
so this rule applies to them too.
(While we are on the subject: This also generally applies to WINS,
DCs and WINS server as well as other servers must be WINS
clients if you use WINS.)
> if
> they're not paranoid about the resources being 'available' on the
> central dns . If they are cautious, I'll forward the queries to their
> DNS and they may apply their own ACLs. Have all the AD DNS servers
> load the central (or buisness) zone, it's just host names. ( security
> is in the authentication process, right)
Right.
AND Internal machines must use a DNS server (set) that resolve
EVERY name they might ever need. So if you have multiple "Sets"
of DNS server it is the responsiblity of the DNS server (set) used
by the clients to resolve both the LOCAL names and ANY OTHER
(e.g., other domains or Internet names) that the clients may need.
> Have each host of AD point to
> it's own DNS. It'll see at one server the host names available. Other
> domain's resources will be available through trusts and privledges.
The above is normal but not technically required as long as whatever
DNS they actually point to can "Find" the right ones to resolve all
the records the client needs and to send them their for dynamic
registration.
Usually it is simplest and safest though just to do the obvious, and
let clients use "their own domain" DNS but technically servicing
the clients and holding the domain names in zones is TWO
SEPARATE jobs (most of the time the same server "set" does this
however.)
> Or did I interpret your answere correctly
I don't know for sure, but I tried to clarify.
If it is up to me, I set each client correctly NetBIOS name ==
DNS machine part, and DNS domain name (also set to change
if domain changes) set to AD Domain Name, and I do this
manually in the System Control Panel because that way works.
I do NOT try to override this in the NIC settings (it is not
necessary if you do the above correctly) except in really odd
cases with multiple NICs. (e.g., I use it for routers somethings
to differentiate external NICs IP registrations from the normal
machines own internal IP registration based on the System
Control panel name.)
Note: There is really no extra work involve (if you do it
initially) since at some point every machine gets joined to the
domain manually -- the trick is to get all local admins/installers
to do it right up front (and use that check box so it will likely
stay correct if the machine get transferred to another domain.)
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
>
> Herb Martin wrote:
>> "mmccaws2" <mmccaws@xxxxxxxxxxx> wrote in message
>> news:1137774853.362525.66080@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> > Because of Exchange and it's WINS dependancy is it possible of setting
>> > the DHCP server to only provide addresses to hosts with unique netbios
>> > names. WINS is a flat file system that does not understand subdomains.
>> > So the objective is to ensure that the host names are unique. However
>> > there are multiple domains. Is there a setting to test the uniqueness
>> > of the host name?
>>
>> No. Not unless you can isolate the clients to different
>> subnets and thereby to different scopes and perhaps even
>> different DHCP servers.
>>
>> If the machines are all set to properly use their DNS-domain
>> name (in the SYSTEM CONTROL panel), which they should
>> be, then you can have the clients register themselves rather
>> than the DHCP server do it.
>>
>> Start with getting the domain name correct on each machine
>> (preferable AS it joins the domain but do it now if you must.)
>>
>> Usually the check box that have the name "follow" or "change"
>> when the domain is changed should be checked to do that.
>> (So if a machine leaves one domain and joins another the
>> full name changes automatically whether you remember or not.)
>>
>> Also note that this is important to get right in the SYSTEM
>> CONTROL panel (and that the NIC suffixes settings are not
>> nearly as critical or useful on getting this right.)
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>
.
- References:
- DHCP keeping host names unique
- From: mmccaws2
- Re: DHCP keeping host names unique
- From: Herb Martin
- Re: DHCP keeping host names unique
- From: mmccaws2
- DHCP keeping host names unique
- Prev by Date: Re: DHCP keeping host names unique
- Next by Date: Re: Scavenging
- Previous by thread: Re: DHCP keeping host names unique
- Next by thread: Re: setup DNS server for WWW website
- Index(es):
Relevant Pages
|
Loading
