We're implementing a new IPAM solution across all our campuses and are using bind with anycast to provide 8-way resiliency for all our DNS servers. I would like to be able to do the same with our DHCP servers and chance the IP helper addresses on our router interfaces to the single anycast address, however I can't see how to make this work with sharing the leases file, etc. Putting the same config on each server is pretty easy however. Is anyone else doing anything similar? I'd love to hear about your solutions.
N-way DHCP redundancy with ISC dhcpd and anycast ip helpers
anycastdhcpdomain-name-system
Related Solutions
Bravo on deciding to get rid of static IP assignments (except where absolutely necessary). I'd tell you to use the DHCP database as your "IP address list" documentation, too. Put in reservations for devices with static IP addresses assigned, as well. Make the DHCP database be the authoritative "IP address list" instead of having spreadsheets, etc, that fall out of date.
Here's some background re: DNS and DHCP in Windows. It sounds like you may not be aware that the client computer performs half of the registration (the "A" record), and can also perform the "PTR" record registration, too. This allows you to use virtually any DHCP server you want, so long as it hands out addresses of DNS servers that can accept dynamic registrations.
The Windows DHCP server performs backups of the DHCP database to the local hard disk drive periodcially. You can also export the database with "netsh" (W2K3 or newer) such that restore it to another server easily. Restoring an ISC DHCPd scope to another server is a matter of copying the relevant portions of the dhcpd.leases file and the dhcpd.conf file. Embedded DHCP servers may be more problematic in a restore scenario.
As stated above, your Cisco routers can hand out DHCP to Windows PCs, but the PCs can register their own "PTR" and "A" records. Have a look at the Group Policy setting "Register PTR Records" located under "Comptuer Settings", "Administrative Templates", "Network", and "DNS Client". The client will register the "A" record itself by default.
I wouldn't got with a roll-your-own Linux DNS deployment for this application. You're going to put a lot of time in it, and it will always be the source of "Gee, will this work with Windows Server 2029..." type of musings. If not for Active Directory, I might think differently. Since you've got AD in your environment, and since Microsoft tests AD on Microsoft DNS, I'd use Microsoft DNS.
Windows Server does not have the capability to sync DHCP server databases so that you can have multiple authoritative servers for the same subnet. This continues to be decidedly sub-optimal in Windows DHCP. This might be a "win" for ISC DHCPd on Linux. I haven't got any experience with this capability to share a DHCP lease database across multiple DHCP server, but it certainly sounds sweet. I am not aware of any capability in Cisco routers to do this. Again, you can have your PCs register themselves in DNS regardless of what DHCP server you use.
You could rig up active / passive DHCP on multiple Windows Server computers with some scripting and the native database export functionality, as well.
Personally, I'd go for the option of using Windows DNS everywhere, Windows DHCP everywhere where you can have a Windows DHCP server on the same LAN as the clients, and your Cisco routers handing out DHCP everywhere that you can't have a Windows Server computer. The Linux ISC DHCPd solution might be a "win", too, but I'd stick with Windows DNS.
Woah, there. What you're saying contradicts itself. You say "single subnet" in one point, but then "VLAN each site" in the second point. Then you say "the networks will NOT be routed". Are you sure you know what you're saying here?
Typically 802.1q VLANs are deployed in a one-to-one relationship with IP subnets. Each 802.1q VLAN acts as an independent Ethernet broadcast domain and, as such, broadcasts from one VLAN (like, say, a machine ARP'ing for another machine in the local subnet) won't be forwarded between the VLANs. Splitting a single IP subnet across multiple VLANs requires a "smart" bridge that can do proxy ARP.
How are you planning to get ARP to work between these various VLANs?
If you really want to eliminate "cross-site 'chatter'" then what you really want is a subnet for each physical location, a router at each location connected to the "MAN" to route traffic to the other locations, and "ip-helper" functionality in each router to forward DHCP requests from the various locations to the central DHCP server.
What it sounds like you don't want is a single big subnet with a bunch of bridges running proxy ARP, in my opinion. Your DHCP inquiry really, really speaks to an underlying desire (though you don't know it) to have per-location subnets with DHCP scopes for each.
To speak to your question specifically re: DHCP: A DHCP "scope" is a range of IP addresses and options that a DHCP server will "hand out". The DHCP server chooses the scope to choose an address based on either the network interface the request is received from (if it's a broadcast request) or the address of the DHCP relay agent (if it's a relayed request).
Some background: Best way to segment traffic, VLAN or subnet?
Best Answer
ISC DHCP has its own built in failover mechanisms, which includes a method of keeping the leases synced between servers - the docs aren't amazing but this is a pretty good guide.