On 20/01/2023 09:16, Stefan G. Weichinger via samba
wrote:> Am 20.01.23 um 09:26 schrieb Stefan G. Weichinger via samba:
>> Am 19.01.23 um 22:26 schrieb Allen Chen:
>>> To make less headache, remove vlans from DCs and create a separate
>>> DHCP proxy server instead(or use your switch DHCP forward feature).
>>
>> Something like a DHCP relay (we have a pfsense there)?
>>
>> I get the idea but I don't yet fully understand how the target DHCP
>> server would know which VLANs the requests belong to.
>
> What I don't like about that idea:
>
> I could only forward to one DHCP-Server IP ... that would make my nice
> 2-node-Kea-cluster a bit less useful. No failover then, right?
Whilst it is best to only have one active dhcp server, you can use
failover, which is easy with the now EOL isc-dhcp-server, but is
probably possible with the kea server. The problem with the kea server
is, in my opinion, it is a bit like using a sledgehammer to crack a nut,
it is just too complex.
Now that the isc-dhcp-server is EOL (it will hang about a bit in
distro's), I will have to rewrite my dhcp script and it will not be
using kea, even though the changes would be minimal to do so. In my
opinion, you would have to criminally insane to fully understand kea and
I need to understand something before I use it.
>
> Or could I simply remove the multiple DNS-records created for the DC
> after enabling it on all VLAN-interfaces, so that there is only one
> record pointing to its LAN IP?
Your DC should only have one ipaddress, it should not be multi-homed.
Rowland