DNS and DHCP -> using different domains for each network - Bug #1819 - $150
-
still not working... i have several sub-domains on my vlans and need a working reverse-lookup.. right now reverse-lookup returns general domain-name from settings..
-
+1 here.... I just want to have a subdomain for my VLAN, and even specified in the DHCP, it still only resolve as the primary domain in general setting.
I checked
/var/dhcpd/etc/dhcpd.conf, it has my subdomain specified under the subnet group.[ADDED]
I just tested by specifying a static IP/MAC mapping with the subdomain. Doing nslookup now report correctly...
-
- No go in 2.6, old guy still hoping for a solution
-
I wonder what that $150 should be now after inflation
Either way, also not having any luck with this. I'd love to see this as it'd be a big boon to treating servers as cattle rather than pets, which DHCP enables. and appropriately accessing servers that need interfaces in multiple networks for network segmentation.
-
Since ISC-DHCP Server is EOL , i'd not expect Netgate to spend a lot of time o adapt it to "multi domains".
The "obvious" replacement would be ISC KEA, and probably what Netgate would implement in a future release.Maybe they'll look at "multi domain", when implementing the new DHCP server.
/Bingo
-
@andrewcz said in DNS and DHCP -> using different domains for each network - Bug #1819 - $150:
servers that need interfaces in multiple networks for network segmentation.
That is almost always a bad idea. Unless this other network on the multihomed server is just a SAN network.
Servers with legs in multiple segments pretty much defeat the whole purpose of firewall between your segments.
-
@bingo600 said in DNS and DHCP -> using different domains for each network - Bug #1819 - $150:
Maybe they'll look at "multi domain", when implementing the new DHCP server.
I hope that it taken into consideration when ISC-DHCP is replaced. ISC-DHCP in it self, has been able to handle multiple domain all the time.
Anyway, all my SG-1100 boxes are nearing end off life to, so I maybe I should look into alternatives. -
@johnpoz said in DNS and DHCP -> using different domains for each network - Bug #1819 - $150:
That is almost always a bad idea. Unless this other network on the multihomed server is just a SAN network.
Well I see several relevant use cases:
- subdomains: Say in a branch office you would like to name technical equipment in one subdomain, office PC's in another and public guest equipment in another.
- multi DMZ: if I have a duplicates of webserver and database in small dmz zones, I think it is convenient to have names reflecting there purpose, like wwww.somesite.dk, db.somesite.dk and in another zone www.anothersite.net and db.anothersite.net
-
@MrManor Not saying subdomains are a bad idea.. What I was saying is a bad idea is multihoming some box.
If I have network A for servers, and network B for user pcs.. Why for example would my server have an interface in both A and B. This leads to asymmetrical traffic flow. And you pretty much makes any rules you put on the firewall between networks A and B useless.
You can for sure have different subdomains for your different networks.
Here I have entries on my different interfaces in pfsense - so I can just easy do a ptr query and know what "network" that is by my naming of them..
$ dig -x 192.168.9.253 +short sg4860.local.lan. $ dig -x 192.168.3.253 +short sg4860.dmz.local.lan. $ dig -x 192.168.2.253 +short sg4860.wlan.local.lan.
Even if the pc uses the 192.168.1.x address to talk to the server, since the server has a leg in 192.168.2 he would answer via that connection it would be asymmetrical
And since the server has an IP in 192.168.2 - the pc can just talk directly to the server without going through pfsense and bypass any firewall rules you might have set, etc..
Multihoming devices - unless you know exactly what you are doing can lead to all kinds of problems. It normally should really be avoided..
-
@johnpoz I agree on that, but multihoming is not why I have been supporting this tread. I would just like the subdomain/multible domain dns update to work.
I would like to use dhcp to assign ip to my servers, and subsequently update dns (I admit I have not testet lately, but I still don't think dhcp/dns update allows for more that one domain).
