DNS/DHCP Replication

[pronet74]

I have two Windows 2000 Servers, one as a backup. Both are in the same AD. Is there a way for the backup to 'pull' information from the main server in terms of DHCP and DNS information?

Or what can I use to make this happen? In case the main server went down I want my clients to still be able to get an IP and still have the same IPs associated with the same names.

 

[kmkeshav]

Are the two Windows 2000 Servers are Domain Controllers?

 

[pronet74]

Yes they are.

 

[kmkeshav]

Do you want to make one server as your main DNS and DHCP server and the other as the secondary DNS and DHCP server?

 

[kmcferrin]

If they are both domain controllers, then they are by default both DNS servers. There's no way to prevent that since Active Directory relies on DNS so heavily.

The only real question is how to have a second DNS server that manages the same scopes as the primary DNS server. I'm not sure if there is a good/easy way to do that, but you could set up both servers with the same scope and manually keep them in sync, but leave one of the servers as unauthorized. Then it wouldn't pass out IP addresses until you authorize it. In the event that one of them went down you would just need to activate the other.

The other thing that you could do is specify identical scopes for both servers, but set an exclusion range on the first server for one half of the IP addresses, and then on the second server set an exclusion range for the other half of the IP addresses. This way both servers would be able to pass out IP addresses on the same subnet without passing out duplicate addresses. Then if one of the servers went down there would still be a DHCP server to pass out addresses on that subnet. If your leases are long enough (say a week) then your clients would still continue to use the IP address leased from the downed server until they expired, and they could potentially avoid ever "seeing" the outage at all.

Of course, if you have a large number of DHCP clients (i.e., your scopes are almost entirely leased at any given time) then this could cause problems.

 

[pronet74]

Thanks for your help so far. I noticed in the DHCP servers that there are different IPs for some machines between the main server and the backup server. I thought AD would make a replication between the two servers so that both DHCP servers had the same set of leased IPs.

I think what I might do is set the IP length to something like a week or two weeks, however that won't prevent problems if some of the machines are due for a renewel and goes to look for the DHCP server when it's down.

I'm basically looking for a replication DNS and DHCP server wise.

 

[kmcferrin]

My second paragraph above references DNS servers, but I meant to say DHCP servers. DNS is a non-issue in your case since both servers are DCs, they will always run DNS and pretty much always be in sync (minus some offset for replication timing).

DHCP doesn't sync (at least not DHCP servers running on Windows), and has nothing to do really with DNS. DHCP works like this:

1. PC boots up, sends out a broadcast saying 'I need an IP address'.
2. A DHCP server hears the broadcast and says 'I can give you an address.' (called a DHCP Offer)
3. The PC says 'OK, give it to me.'
4. The DHCP server allocates an IP address and sends it to the PC.
5. The PC gets the IP address and says 'OK, thanks!'

Now, if the PC in question already has an IP address leased from that DHCP server, the server will not allocate a new IP address. It will just say 'Go ahead and use this IP address, the lease is still good on it.'

So what happens if you have two DHCP servers passing out IPs on the same subnet (let's call them DHCP1 and DHCP2)?

1. PC boots up, sends out a broadcast saying 'I need an IP address'.
2. DHCP1 and DHCP2 both hear the broadcast and issue DHCP Offers to the PC.
3. The PC picks one of the offers, usually the first one to come in, and accepts it. ('OK, give it to me.')
4. The DHCP server whose offer was accepted allocates an IP address and sends it to the PC.
5. The PC gets the IP address and says 'OK, thanks!'
6. The DHCP server whose offer was not accepted eventually expires the offer after a timeout.

So what if the PC still has a valid lease from DHCP1, but the DHCP Offer that comes in first is from DHCP2? Well, the PC will take the offer from DHCP2 and lease a new IP from DHCP2 instead of re-using the IP address that was leased to it by DHCP1. But since DHCP1 knows nothing about the offer from DHCP2, it doesn't expire the lease. Therefore this single PC can be leased two different IP addresses from two different servers on the same subnet.

There are undoubtedly third party DHCP servers that are designed to be clustered and service the same IP scopes using multiple servers for redundancy. But AFAIK Windows DHCP server doesn't do this.

 

[pronet74]

Thanks.. you confirmed from what I was thinking. My question is then, what do large corporations do in this type of scenario? I would think if you have thousands of clients and even if you divided the scope among multiple DHCP servers that during a crisis the backup DHCP servers would not have a large enough scope to handle this automatically.

 

[kmcferrin]

Everywhere I have worked they have used a single Windows DHCP server or multiple 3-rd party DHCP servers. Or they didn't use DHCP at all (or used DHCP with reservations for every device, which is almost the same thing).