Professional Documents
Culture Documents
DNS, DHCP and IP Address Management
DNS, DHCP and IP Address Management
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 2
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 1
DNS and DHCP Challenges
Manual
Processes
Public Policies
Domain Based on
Software IP Addresses
Intelligent
Network
Users Applications
User
Provisioning User-Based
Scalable Automated Policy
Reliable Network Networking
DNS/DHCP Addressing
Services
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 3
Custom
Edit by Hand Spreadsheet
Application
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 4
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 2
Migrating to Directories
Etc. Many
Users DNS
DNS Firewall
Firewall
1990’s
DHCP
PC
PC Inventory
Inventory
Multiple Single
Sources Source
of Data 1980’s of Data
Dial-In
1970’s
E-Mail
Few
Users
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 5
Protocol Overview
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 6
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 3
How DNS Works
DNS Namespace
cisco.com zone
• Hierarchical name space (root)
• Each node in tree represents COM
domain/subdomain
CISCO
CISCO
• Some subdomains are defined
as zones
WWW
WWW TIMSPC
TIMSPC RTP
RTP
• Each zone has a “primary”
name server responsible for
all lower nodes
• Resource records (RR) are defined
for each node
• Example RRs are: Address (A),
pointer (PTR), mail exchange (MX),
timspc.cisco.com
name server (NS), start of
authority (SOA)
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 7
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 4
DNS Redundancy
Primary Name Server
• Redundancy is built into DNS for CISCO.COM
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 10
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 5
How DHCP Works
DHCP Discover Process
Server 1 Client Server 2
R DIS
• DHCP client broadcasts VE COV
ISCO t) (Br
oad ER
D s cas
DHCP DISCOVER packet (Br
oad
ca t)
on local subnet ER
OF OFF
FE t)
(U icas
• DHCP servers send nic
as t)
R ( Un
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 11
Filename—128 bytes
DHCP Options
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 12
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 6
How DHCP Works
DHCP Options
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 13
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 7
Dynamic DNS Updates, Notify, and
Incremental Zone Transfers
Cisco Network Cisco Network
sbombay-
sbombay-
Registrar DHCP pc.cisco.com
pc.cisco.com IP:
IP:
Registrar Primary
Server 172.16.18.74
172.16.18.74
DNS Server
Host:
Host: Notify
Notify
sbombay-pc
sbombay-pc Message
Message
IP
IP Address:
Address:
172.16.18.74
172.16.18.74 IXFR
IXFR
Only
Only changed
changed information
information is
is sent
sent
sbombay-pc.cisco.com
sbombay-pc.cisco.com Request
Request
172.16.18.74
172.16.18.74 WAN
DHCP
Client
• Dramatically reduces propagation delay
• Dramatically reduces WAN bandwidth utilization
• Integrates DHCP and DNS Secondary
806 DNS Server
0963_05F9_c3 © 1999, Cisco Systems, Inc. 15
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 16
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 8
DNS Issues
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 17
Split DNS
External www.cisco.com
• Two “primary” DNS Internet DNS mail.cisco.com
servers for the domain Server ftp.cisco.com
• Hides the structure of
the internal network
• Internal clients point to
internal DNS servers
• External server www.cisco.com
publishes web, mail, mail.cisco.com
ftp and other external Internal
ftp.cisco.com
servers Network
wwwin.cisco.com
• Internet DNS servers
delegate to external callmanager.cisco.com
primary DNS server erpserver.cisco.com Internal
timspc.cisco.com DNS
eng-web.cisco.com Server
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 18
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 9
Selective Forwarders
Root
DNS Server
External External
DNS Internet DNS
Server
Server
Big.com Small.com
Connect to
erp.small.com
Internal
Internal erp.small.com DNS Server
DNS Server
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 19
WINS
• Windows Internet
Names Service (WINS)
NetBIOS Names
Service (NBNS)
Windows NT file and
print services
Flat name space
• Coexists with DNS
• Scaling problems in
large networks
• Going away with
Windows 2000!
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 20
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 10
Windows 2000 and
Active Directory
• Coming soon!
• DNS requirements
Dynamic DNS updates
(RFC 2136)
SRV records
• Active directory is
dependent on DNS
• WINS is phased out
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 21
DHCP Issues
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 22
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 11
DHCP in a Routed Network
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 23
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 12
DHCP Security
IP Address
Management Issues
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 26
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 13
Private Network
Numbers (RFC 1918)
• Difficult to obtain new
network numbers Internet
• Unlimited addresses with
private network numbers
• Allows for flexible
addressing schemes Private
Network
• Requires NAT/PAT to 10.0.0.0/8
access Internet
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 27
Private Network
10.0.0.0/8
10.0.0.7 172.16.0.0/12 Internet
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 14
NAT in PIX, and Cisco IOS
Packet with Embedded IP Address Translated Packet
Cisco
Translation Applications PIX
IOS
Easy Telnet, FTP, HTTP, Simple C/S Apps Yes Yes
Multimedia, H.323, NetBIOS, DNS, Dual NAT,
Difficult Yes Most
SQL*NET, Dynamic Port Negotiation
Impossible SNMP - -
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 29
Directory Services
Standard Schemas
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 15
Server Sizing
(100K, 10K, 1K, 100 Clients)
Nodes Minimum Server Configuration
Redundant
Redundant DHCP
DHCP Server
Server (Mid-Range
(Mid-Range UNIX
UNIX Servers—Sun
Servers—Sun Ultra
Ultra 250E,
250E,
Raid
Raid Disks,
Disks, 512
512 MB
MB RAM)
RAM)
100K Primary
Primary DNS
DNS Server
Server (Mid-Range
(Mid-Range UNIX
UNIX Server—Sun
Server—Sun Ultra
Ultra 250E,
250E, Raid
Raid Disks,
Disks, 512
512 MB
MB
RAM)Distribute
RAM)Distribute Secondary
Secondary andand Caching
Caching DNS
DNS Servers
Servers Throughout
Throughout Network
Network
Option
Option 1:
1: Redundant
Redundant DHCP
DHCP Servers
Servers (Mid-Range
(Mid-Range UNIX
UNIX Servers,
Servers, 384
384 MB
MB RAM)
RAM)
10K Option
Option 2:
2: Redundant
Redundant DHCP
DHCP Servers
Servers (High-End
(High-End NT
NT Servers,
Servers, 384
384 MB
MB RAM)
RAM)
Primary
Primary DNS
DNS Server
Server (Mid-range
(Mid-range UNIX
UNIX Server—Sun
Server—Sun Ultra
Ultra 250E,
250E, Raid
Raid Disks,512
Disks,512 MB
MB
RAM)
RAM) Distribute
Distribute Secondary
Secondary and
and Caching
Caching DNS
DNS Servers
Servers Throughout
Throughout Network
Network
1K Option
Option 1:
1: Two
Two Servers
Servers Running
Running DNS/DHCP
DNS/DHCP (Low-end
(Low-end UNIX
UNIX Servers—Raid
Servers—Raid Disks,
Disks, 256
256 MB
MB RAM)
RAM)
Option
Option 2:
2: Two
Two Servers
Servers Running
Running DNS/DHCP
DNS/DHCP (Mid-range
(Mid-range NT
NT Servers—Raid
Servers—Raid Disks,
Disks, 256
256 MB
MB RAM)
RAM)
Distribute
Distribute Secondary
Secondary and
and Caching
Caching DNS
DNS Servers
Servers Throughout
Throughout Network
Network
100 Option
Option 1:
1: Cisco
Cisco IOS
IOS DHCP
DHCP Server
Server on
on Any
Any Platform
Platform 1600,
1600, 2500,
2500, 3600,
3600, Etc.
Etc.
Provide
Provide DNS
DNS Service
Service Remotely
Remotely Across
Across WAN
WAN
Option
Option 2:
2: CNR
CNR on
on aa Small
Small Windows
Windows NT
NT System
System to
to Provide
Provide DNS
DNS && DHCP
DHCP
Performance Factors
Number of Nodes, Number of Queries, DHCP Lease Time, and Disk I/O Performance
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 31
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 32
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 16
Large Campus
Corporate
• Large campus networks require
high-performance, redundant DNS Data Center
and DHCP servers to support Primary
multiple 10,000s of nodes
DNS
• The server functions need to be Server
split across multiple servers in
a cluster
• Build a cluster with at least three
servers, one primary DNS and two
redundant DHCP servers. An
additional DNS server can used to
provide secondary DNS service
DHCP DHCP
• DNS servers need high Server 1 Server 1
performance disk I/O (preferably a
RAID system) to keep up with
dynamic DNS updates
Secondary
• Each major location around the DNS
world—U.S., Europe and Asia Server
needs a cluster
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 33
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 17
Small Branch Offices
• Organization has a large
number of remote sites and
less than 20 nodes per site. Primary DNS Redundant
Remote sites should have Server for DHCP
dial-backup connections for Store Zones Servers
redundancy. DHCP/Bootp
relay is enabled on router
Corporate Headquarters
• At HQ deploy cluster of
redundant DNS and DHCP DHCP/Bootp Relay
servers to provide service
to remote sites (aka IP Helper)
• Each location could have a Corporate
separate domain. Primary WAN
DNS server for each remote
DNS and
site zone is in HQ. If
available, run a secondary DHCP Servers
DNS server in the remote
site for the remote site zone
using IXFR and NOTIFY Secondary Store
Store Number:
Number: 1007
1007
DNS Zone:
Zone: st1007.bigco.com
st1007.bigco.com
Server
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 35
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 18
Provisioning IP Phones
DHCP Extension
Point Script
Custom Application
User Registration
• Boston College (BC)
EagleNet activation
• Users must “activate”
Minimal documentation
Enter name and BC PIN
Activation
• Four activated classes
Web Page Other BC
Student, staff Network
Guest, device Resources
• Existing DB updated
User name/MAC
• Help desk load User DB
60% fewer calls
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 38
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 19
Cisco IOS DHCP
Server Configuration
! Start DHCP Server
service dhcp
!
! Store DHCP Lease database on tftp server
ip dhcp database tftp://tftp.cisco.com/dhcp. db
!
!
! Create DHCP address pool for the 10.0.0.0/28 network
ip dhcp pool subnet-10
lease 3 0 0 <-- lease time of 3 days 0 hours 0 minutes
network 10.0.0.0 255.255.255.240 <-- Defines address pool with addresses 10.0.0.1 - 10.0.0.14
dns-server 171.68.10.70 171.68.10.140
domain-name cisco.com
netbios-name-server 171.68.235.228 171.68.235.229
netbios-node-type h-node
option 150 ip 172.16.24.12 <-- Defines custom option with IP address
default-router 10.0.0.1
!
! Create static mapping for the 10.0.0.5 address - i.e. BootP
ip dhcp pool manual
host 10.0.0.5
client-identifier 010a.1211.2e3c.4a
!
! Exclude 10.0.0.1 - 10.0.0.5 from DHCP pool
ip dhcp excluded-address 10.0.0.1 10.0.0.5
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 39
Product Update
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 40
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 20
Cisco Network Registrar 3.0
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 41
Secondary
DNS Server
Web- DHCP Primary
Server DHCP DNS
Based Server
Server
Reports
WAN
Network BootP
Management Client
DHCP
Station Secondary
Client
DNS Server
• Redundant DHCP and DNS services
• Integration with Network Management Systems
• Web-based reporting tools
806
• High-performance, multithreaded servers
0963_05F9_c3 © 1999, Cisco Systems, Inc. 42
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 21
Integrating CNR with Existing
Management Applications
LDAP Client
• Integrated with
directory services
Router Multilayer Multiservice
• Integrate third Client Switch Switch
party applications Application
Application Signaling
Server
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 44
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 22
Directory-Based Management
of Names and Addresses
in
Coming
rly CY 2000
Ea
IPAM
Web App
DNS
DNS
DHCP DNS DNS DHCP
Server DHCP DHCP Server
Server Server
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 23
Summary
Secondary
DNS Server
DHCP Primary
Custom Server DHCP DNS
Server Server
Extension
BootP WAN
IP Phone
DHCP with DHCP Client
Client Secondary DNS Server
• Large networks require reliable and sophisticated DNS
and DHCP services
• Cisco has software to meet the DNS/DHCP requirements
for large networks
• Cisco is developing directory-based tools for managing
806 IP addresses and DNS/DHCP
0963_05F9_c3 © 1999, Cisco Systems, Inc. 47
Resources and
References
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 48
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 24
Cisco Information
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 49
Books
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 50
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 25
Web Sites
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 51
Mailing Lists
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 52
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 26
DHCP RFCs and Internet Drafts
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 53
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 27
Utilities
• NSLOOKUP
Command line DNS client for querying DNS servers
Available for UNIX and Windows NT
• DIG
Another command line DNS tool
• WINIPCFG
Admin UI for Windows 95/98 DHCP Client. Windows NT
version available on Windows NT Resource Kit
• Perl modules for DNS
Develop applications that talk to BIND
http://www.cpan.org
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 55
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 56
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 28
806
0963_05F9_c3 © 1999, Cisco Systems, Inc. 57
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 29