Home / Blogs

DDI Integration: We Need IPAM

Chris Buijs

An observation…

I am a big fan of DDI (DNS, DHCP and IPAM) as magical trio to manage all transactions on network infrastructures… Or to say the least: make it possible.

Basically it makes these "Core Network Services" concise, manageable and integrated. It basically makes the network infrastructures of today and the future possible.

There is however one thing that continuously seems to irritate when talking about integrating these services on networks.

Let's have a look at the Microsoft DNS and DHCP, it's the most used, and has by far the largest footprint of them all. But is it "Integrated"? Seems to be with "Active Directory", but not so with IPAM as there is no real administration of "content" on Microsoft DNS/DHCP (just config and "records"). And Excel really doesn't count! :-).

If we look at Non-Microsoft DNS and DHCP, it seems to be more network/unix territory, and administering and configuring IP-Addresses seems to be more embedded due to historical reasons (maybe). IPAM is more of a common cause here.

So it would be logical, if one wants to apply the magical trio, to replace Microsoft DNS/DHCP, de-integrated it from Active Directory and put it closer to the network, right? (well, I would say yes, but lots of peoples are not convinced).

Actually there are a couple of scenario's that seems to appeal, but get little to no attention, let alone implemented.

Scenario 1: Let's replace the lot

Disable Microsoft DNS/DHCP and let Active Directory use the company wide DDI solution. This is actually no problem at all, and give lots of benefits. In most cases it actually gives Active Directory a boost in performance and all kinds of extra logging and statistical information. And of course integrated IPAM, which is key for any IP based network infrastructure and it's services nowadays.

Scenario 2: Delegate a Domain

Have a company wide DDI solution, but just delegate a domain to the Active Directory domain which will run on Microsoft DNS/DHCP services. So the "connection" is just DNS. You will loose some oversight (feedback) from the services. As long as there are procedures from the DDI team on handing out IP's and Names, it is a workable situation. Not perfect in my opinion.

Scenario 3: Integrate with the MS Services

Have a company wide DDI solution, have an Active Directory with their own Microsoft DNS/DHCP services, but manage both with the same DDI solution. This is very flexible and best of both worlds. It will have an added bonus: IPAM.

Scenario 4: No integration

Let everyone have their own island. Prone to lots of political and technical discussions. The biggest question here will be "Reverse Zones", who will own them… Good luck!

And there are many more, but I keep it by these 4 which seems to be most common.

There seems to be two camps revolving around this:

Camp 1: The Network / System Guys

They want an integral DDI solution, providing DHCP and DNS to the whole world, including Active Directory. Strong users of IPAM want all kind of neat features for failover, redundancy and disaster-recover. DNS and DHCP is a "Network Component".

Camp 2: The Microsoft Guys

They just want to do their own DNS and DHCP for Active Directory and really don't want to do anything else. Redundancy is fine (multiple servers, multi-master, etc). DNS and DHCP is an "Application".

There seems to be a lot at stake for both camps. Both will touch the core of networks. One from the bottom-up and the other top-down and can "boss around" when needed. It's a responsibility with power!

Both camps are also guilty (mostly because of knowledge shortage) by not understanding each other requirements and forgetting about the complete picture, trying to cover their own requirements. Making no decision seems to be more common in these cases. "Let it be" is mostly the outcome.

I think either scenario works, at least if integrated IPAM is part of it. IPAM is in most cases a missing part, out-of-date and disciplinary. Integrating all three components (DNS, DHCP and IPAM), respecting the infrastructure and requirements is the way forward and the way to build future proof networks.

And I have not even thrown in IPv6 and DNSSEC for added complexity! :-)

As said… An observation…

By Chris Buijs, Head of Delivery. More blog posts from Chris Buijs can also be read here.

Related topics: DNS, Domain Names, Internet Protocol, IP Addressing

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

General Availability Period for New .RED Top-Level Domain Opens

General Availability Period for New .BLUE Top-Level Domain Opens

General Availability Period for New .PINK Top-Level Domain Opens

New Chinese "Mobile" Top-Level Domain Now Available

New .KIM Domain Goes Live

Welcome .SHIKSHA! General Availability Now Open

Adrian Kinderis Appointed as Chair of Domain Name Association

Internet Reaches 271 Million Domain Names in the Fourth Quarter of 2013

Why We Decided to Stop Offering Free Accounts

The Future of Chinese Domain Names (a Panel Discussion)

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

Tony Kirsch Announced As Head of Global Consulting of ARI Registry Services

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Afilias Chairman Appointed to Domain Name Association Board

.BUILD Enters Landrush with Support of ARI Registry Services

Dyn Acquires Managed DNS Provider Nettica

Radix Awards Contracts for .website, .host, .space, and .press to CentralNic plc

Afilias Welcomes "Dot Chinese Online" and "Dot Chinese Website" Top-Level Domains to the Internet

Afilias Welcomes .ONL and .RICH to the Internet

Why Managed DNS Means Secure DNS

Sponsored Topics