DDI (DNS+DHCP+IPAM) Solutions

Måns Nilsson mansaxel at besserwisser.org
Wed Jun 27 06:45:59 UTC 2012


Subject: DDI (DNS+DHCP+IPAM) Solutions Date: Tue, Jun 26, 2012 at 07:37:36PM -0700 Quoting Eric Cables (ecables at gmail.com):
> I'm looking to consolidate DNS/DHCP/IPAM into a single tool.  Today I use
> IPPlan for IPAM, and have been reasonably happy with it over the last 5+
> years, but I'd like to leverage the benefits of integrating DNS and DHCP
> for real-time information, along with a more supportable solution for my
> staff.  It seems that InfoBlox and BlueCat are the top players, but maybe
> I'm being fooled by the hype.
> 
> Can anyone respond with their experience with DDI in an Enterprise
> environment?  Have the tools been useful/reliable?  What is the pricing
> model?Replies can be on, or off, list.

We've been happy with InfoBlox. Big plusses are the AD integration
and the do-everything-in-one-place solution. Not so happy about price,
but it is hard to compete with free.

InfoBlox is ISC daemons which means that you know what to expect. Most
knobs in named.conf are available from the UI, although I sometimes have
wished for QIP's  freetext in named.conf feature.

We run a non-HA pair of 1050 units as DHCP servers (using ISC-style
fallover), and two HA pairs of 1050 as name servers and management node /
backup management node.

HA pairs is mostly overrated in name service, DNS being fault-tolerant
as is, but the management interface is an exception where it is nice to
have HA.

To get economical scalability from relatively few hardware units we
disable recursion and put OpenBSD servers with unbound as resolvers in
front. The first entry in /etc/resolv.conf is anycasted from a number
of such resolver hosts, using OpenOSPFd.

I can not enough emphasize the goodness resulting from strict separation
of resolvers and name servers. And anycasting means that I can gracefully
remove a busy resolver from operation without anyone noticing since the
next one will take over.

The best part is that I got to PROVE to the Windows admins that Windows
IS RFC-compliant wrt dynamic updates. Hilarious. Broke the bubble of
Arthur C Clarke -compliant magic for many of them.

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
If Robert Di Niro assassinates Walter Slezak, will Jodie Foster marry Bonzo??
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120627/94cd13e1/attachment.sig>


More information about the NANOG mailing list