Cisco DHCP, MS DNS
-
https://community.spiceworks.com/topic/398670-cisco-dhcp-windows-dns
We have a few sites that we cant justify a server for DHCP/DNS on, so we have the cisco device do the DHCP and then point the DNS to our datacenter.
We have all of the Windows DNS/DHCP zones on Secure only, and dynamic updating.
How do we set it up so that DNS can be dynamically updated? Can we make the cisco device somehow secure so that we can have secure zones?
I had a couple ideas, tell me how bad they are:
- Use group policy to force dns updates:
-
Computer Configuration\Policies\Administrative Templates\Network\DNS Client\Register DNS records with connection-specific DNS suffix > Enabled
-
Computer Configuration\Policies\Administrative Templates\Network\DNS Client\Register PTR Records > Register if A record registration succeeds
- Use ip helper to point those dhcp/dns request to the datacenter, which would therefore make them secure since the DHCP server would do the DNS parts
-
Either way is really fine. Using centralized DHCP is nice for central control and monitoring. But requiring remote sites to get DHCP from a distant location means that if those helpers fail that DHCP is gone and your desktops go down if they don't have an active lease.
-
So in nearly all cases, I would go with option 1, use Group Policy to push updates to DNS and use local DHCP from your networking gear at the branch offices.
-
@scottalanmiller which is true, however if the link goes down there isnt much they can do anyways as most of our stuff is desktop->datacenter and not peer to peer
Right? The only thing I can think of that is LAN would be printing but if the printer is static it would still work?
-
@cteneyck said in Cisco DHCP, MS DNS:
@scottalanmiller which is true, however if the link goes down there isnt much they can do anyways as most of our stuff is desktop->datacenter and not peer to peer
Right? The only thing I can think of that is LAN would be printing but if the printer is static it would still work?
Can they not keep working on open documents? Not check email? Nothing? Do all services come from the central office, or just some? If it is just some and/or there is any ability to work on local stuff, I'd consider that carefully.
-
@scottalanmiller we have an ERP system that MOST of the companies work is done in.
They could still use office and such, but without the link the ERP stuff is useless. Production could continue on paper, it would just slow down
Email isnt local either, we use cloud based email which is stemmed from the datacenter.
That is a good point thank you for mentioning that
