Announcement

Collapse
No announcement yet.

Changing IP Addressing scheme companywide

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Changing IP Addressing scheme companywide

    Hi All,

    I'm about to perform total IP Addressing reformation from my current class B (1.2.3.0-255) into class A (10.x.x.x), I've got two DNS Server:

    Server A - 1st DNS + DHCP
    Server B - 2nd DNS

    the current situation is:
    a client workstation is named uniquely then given A record for each IP address assigned to them.
    a server is given A record for each IP address and also CNAME record if necessary.

    Example:
    • Workstation name: MyLaptop
    • A record: MyLaptop.domain.com
    • IP: 1.2.3.100


    now I'd like to be creative for easy maintenance and identifying a network device for the future by doing the following changes:

    a client workstation is named uniquely in the A record for each IP address assigned to them.
    a server is given A record for each IP address and also CNAME record if necessary.

    Example:
    • Workstation name: MyLaptop
    • A record: 100-office1.domain.com
    • CNAME: MyLaptop.domain.com
    • IP: 1.2.3.100


    is there any way to make the company wide changes without affecting the Active Directory information ?

    I was thinking of going through one by one on the DNS entry in the console to make the changes but this is will be cumbersome.

    any idea would be greatly appreciated.

    Thanks.

  • #2
    Re: Changing IP Addressing scheme companywide

    Originally posted by Albertwt View Post
    I'm about to perform total IP Addressing reformation from my current class B (1.2.3.0-255) into class A (10.x.x.x)
    Hi,

    I am assuming 1.2.3.0/24 is a rapresentation of the private class B 172.16.0.0/24 you are using or do you use a public IP scheme for your clients?
    Also are you using NAT?
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Changing IP Addressing scheme companywide

      Yes L4ndy,

      The current IP Addressing scheme is a public IP addressing which i can't disclose :-0, it was the legacy when the company was in the earlier stage.

      It is going to be a major job during the weekend.

      Comment


      • #4
        Re: Changing IP Addressing scheme companywide

        Major, hardly unless you have a lot of Static IPs. Change the Servers, then change DHCP. Any printers and switches can be done though Reservations in DHCP as long as you know the MAC Address.

        Don't forget to make note of an CNAMEs in DNS that may need changing.

        Job done.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: Changing IP Addressing scheme companywide

          Are you re-addressing because you're running out of address space or because you're using publicly routable addresses internally?

          Comment


          • #6
            Re: Changing IP Addressing scheme companywide

            Originally posted by joeqwerty View Post
            Are you re-addressing because you're running out of address space or because you're using publicly routable addresses internally?
            Thanks to all for replying my thread, Joe, the reason is of course that I'm using publicly routable address in my two office location.

            I wonder if this is a good way in managing the Windows AD domain by assigning a PC descriptive A record (LSB_of_the_IP_address.officelocation.domain.com) and then creating CNAME which is the same as the current machine name.

            What I'm also worrying about is that i have to rename all of the machine company wide to become LSB_of_the_IP_address.officelocation.domain.com and then manually assigning CNAME on to it.

            Comment


            • #7
              Re: Changing IP Addressing scheme companywide

              I'll give you my opinion on your current addressing scheme:

              Using publicly routable addresses internally is neither right or wrong. In today's IT world it's currently considered "best practice" to use an ip addressing scheme that uses addresses from one of the three private ranges but before RFC1918 everyone used publicly routable addresses internally. Anyone that tells you that using private addresses internally because they're more secure is mistaken regarding the intended use of the private address ranges. The implementation of RFC1918 addresses was intended to stave off the depletion of the IPv4 address space and any incremental security benefit was an unintended side effect.

              The network I inherited 4 years ago also used publicly routable addresses and I've kept it that way. It's no more at risk than any other network. I don't allow inbound address or port space probes, I apply all applicable patches to my hosts, I monitor internet ingress and egress, I monitor my firewall, web server, ftp server, email server logs, etc. The task of readdressing my network (3 subnets) and dealing with the issues related to AD, DHCP, DNS, routing, management, NAT, etc., etc. hardly seems like an exercise I want to go through when I've got a perfectly functioning network right now. I'm not going to readdress my network just to conform to a standard that some feel is "best practice". If your current address space is sufficient for future growth and you're not experiencing any legitimate technical problems because of it my recommendation is this: if it's not broke don't fix it.

              Now that's not to say that if I was building a network from scratch that I wouldn't use RFC1918 addresses, because I would.
              Last edited by joeqwerty; 3rd June 2009, 16:41.

              Comment


              • #8
                Re: Changing IP Addressing scheme companywide

                As an addition to Joe: unless you don't own those IP addresses I would keep it as it is.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment

                Working...
                X