Announcement

Collapse
No announcement yet.

DHCP 80/20 Rule

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DHCP 80/20 Rule

    Is this the correct configuration?

    Say I have one domain with two sites.
    Each site has a DC which is also a DNS and DHCP server.
    If DC1 goes down, I want the users to be getting their IP from DC2 at the other site.

    DC1
    I would create the local scope and then scope of DC2. Configure the exclusions correctly on each scope. I would then use the superscope option to combine them?

    DC2
    I would create the local scope and then scope of DC1. Configure the exclusions correctly on each scope. I would then use the superscope option to combine them?

    If my router is correctly configured for DHCP relay agent then this should work correct?
    Does scope option 249 need configured on each DHCP server?
    Anything else that I'm missing?

    Thanks
    Brandon

  • #2
    Re: DHCP 80/20 Rule

    I did not find any problems in your configuration it should work. The only problem is it is not recomended to host dhcp and dc on same machine. It is security risk. If you can shift dhcp role to diffrent machine.

    Comment


    • #3
      Re: DHCP 80/20 Rule

      Ahmer,
      Can you give a reference to your above -- I have never heard it before and find that very often "background" roles like DHCP, DNS, WINS get put on a DC
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: DHCP 80/20 Rule

        Agreed - DNS in particular as I don't believe DNS zones on member servers can be AD-integrated...

        It is however recommended to configure credentials for dynamic DNS registrations by DHCP - and this is reflected in the System log on DHCP servers (source DHCP-Server, event ID 1056). Is this what you're referring to?
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: DHCP 80/20 Rule

          Ossian, I have also heard thats it's a Microsoft best practice to deploy DHCP servers and DCs on separate machines. I don't follow this practice but this is what Microsoft says about it in its MCSA/MCSE 70-291 book:

          For Windows 2003, the use of secure dynamic updates can be compromised by running a DHCP server on a DC when the Windows 2003 DHCP service is configured to perform registration of DNS records on behalf of DHCP clients. To avoid this problem, deploy DHCP servers and DCs on separate computers.


          Back to my original question, do I have to configure scope option 249 on both DHCP servers for this to work?

          Thanks

          Comment


          • #6
            Re: DHCP 80/20 Rule

            I messed up my original question. Here is what I would like to do:

            We have one domain with 2 sites. Each site has a DC which is also a DNS and DHCP server.

            I would only like failover from DC2. If DC2 goes down, I would like the clients to be able to get their addresses from DC1. If DC1 goes down, I don't want anything to happen. Is this how I should configure it?

            DC1
            IP address range 192.164.1.1 - 192.164.1.254
            Exclude 192.164.1.1 - 192.164.1.50 (Reserved for static routes on printers)
            Exclude 192.164.1.200 - 192.164.1.254.

            Backup Scope For DC2 on DC1
            IP address range 192.164.2.1 - 192.164.2.254
            Exclude 192.164.2.1 - 192.164.2.199.

            DC2
            IP address range 192.164.2.1 - 192.164.1.254
            Exclude 192.164.2.1 - 192.164.2.50 (Reserved for static IPs on printers)
            Exclude 192.164.2.200 - 192.164.2.254.


            On DC1, after I configure my router with the proper dhcp relay agent, I would then combine those 2 scopes into a superscope?

            Thanks

            Comment


            • #7
              Re: DHCP 80/20 Rule

              As I said Brendon , there is nothing wrong in your config it will work. But if you ask about best practise donot host dhcp on dc. I found one MS link, explaining this concept.
              http://support.microsoft.com/kb/255134
              it is also secuity issue in win 2003 if you have dhcp and dc on same machine

              Comment


              • #8
                Re: DHCP 80/20 Rule

                Thanks for the link, Ahmer

                I note here that there is an easy workaround, useful since not everyone lives in the Microsoft Exam world where you have
                "2 Domain Controllers, 2 DNS servers, 1 DHCP server, 5 WINS servers.... and 10 clients"
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: DHCP 80/20 Rule

                  Originally posted by Ossian View Post
                  not everyone lives in the Microsoft Exam world where you have "2 Domain Controllers, 2 DNS servers, 1 DHCP server, 5 WINS servers.... and 10 clients"
                  They don't? Guess I'll go back to the sister company then, with their 10 servers and 30 users

                  Thanks for the TS link
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment


                  • #10
                    Re: DHCP 80/20 Rule

                    Originally posted by gforceindustries View Post
                    They don't? Guess I'll go back to the sister company then, with their 10 servers and 30 users

                    Thanks for the TS link
                    Sure they do. If you have 3 domain controllers then technically you do have 2. Just forget about that other one sitting there. It's always been a bit of a slacker anyway, right?

                    Comment


                    • #11
                      Re: DHCP 80/20 Rule

                      The domain controller? Or the manager who told us to buy it
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment


                      • #12
                        Re: DHCP 80/20 Rule

                        Either? Both? Whichever works for you.

                        Comment

                        Working...
                        X