3

I'm rearranging our network and putting some DHCP failover since we have a lot of machines, and even servers, getting IP addresses with DHCP.

Today we have a nice DNS topology with one master server and two slaves. The DHCP gives the slaves address to the clients, and recursion is only permitted on the slave servers. Considering this I want to do something like with DHCP.

The main ideia is have one primary DHCP server and two secondaries. But here's come the question: I don't know, and I haven't find it on the documentation if its a supported feature and if there's a way to put the massive DHCP load only on the secondaries.

Here is the documentation about ISC DHCPd failover: https://kb.isc.org/article/AA-00502/0/A-Basic-Guide-to-Configuring-DHCP-Failover.html; but it doesn't cover my usage scenario.

Thanks in advance,

Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91
  • 1
    What do you mean with `massive DHCP load`? How many million queries do you handle per second? – ott-- Aug 17 '13 at 20:19
  • I mean all my queries. I just don't want the primary server handling this. As we've done with the BIND9 servers. – Vinícius Ferrão Aug 17 '13 at 21:17
  • What is "a lot"? Help us with some specifics. – ewwhite Aug 17 '13 at 22:28
  • It's not much. I just want failover with DHCP servers and isolation with the primary one... Theres no huge DHCP traffic. I think I've used bad words to describe the problem. But speaking about numbers we have 1000 hosts in the dhcpd.conf and the max lease time is 30 minutes. – Vinícius Ferrão Aug 17 '13 at 22:39

2 Answers2

3

With DNS, there's a concept of recursive and authoritative queries, so what you're doing there - commonly called hidden master - makes sense. You have a the hidden master holding the data, the slaves copying it, and only enable recursion at the slaves.

With DHCP, there's no such concept; a DHCP server either does not reply, grants or refuses a lease. Whether it does so is based entirely on it's config and lease database, not on whether a DHCP request is "recursive" or not.

Specifically with ISC dhcpd, there's no concept of a "master". You can run two DHCP servers with the same config and failover, but you can't run a "master" server and two "slave" servers.

So - the feature you want doesn't exist. There's no such thing, so you can't do it.

If you don't want DHCP load on your hidden master, just don't run a DHCP server there.

If you want to run two servers and have one ready to take over from the other, you should run failover, but be aware it has caveats.

user53814
  • 376
  • 1
  • 9
  • Thank you. I'll keep the hidden master but will install the DHCP servers on the slave DNS servers. I think it will be ok. – Vinícius Ferrão Feb 24 '14 at 14:00
  • There is a MASTER. It's called primary and it's described in [failover section](https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcpdconf#CONFIGURING%20FAILOVER) in ISC DCHP server – ChewbaccaKL Dec 13 '19 at 13:27
1

Not sure if you still care, but I believe you can achieve what you want by adding a "dhcp relay" on the slaves and configure it to relay requests to the master.

Its a different solution to the "fail-over" you had in mind, but possible more analogous to that way you already have your DNS.

I've done this before in a large corporate - we put a small box on every LAN that did DHCP Relay + DNS Resolver and they sent all DHCP requests to one central server.

James Stevens
  • 131
  • 4
  • Is your DHCP server capable of being failover itself? E.g. if the master they relay to went down can they still serve a DHCP response? – Adambean Jul 15 '19 at 14:30