IP Address: Dynamic or Static
-
In my old environment we were 95% static because of the nature of the business. 40 locations with 4-10 systems each. It was nice to be able to see a single IP, and know City, Store, and physical location within store based off of simply an IP. Doesn't scale well, but nice if you can manage it.
-
I think you've hit the nail on the head there: static is nice but doesn't scale.
-
@Carnival-Boy said:
I think you've hit the nail on the head there: static is nice but doesn't scale.
A properly working DNS structure shouldn't require static IP install. The names of the machines can serve this purpose while making installing new machine that much easier.
-
What about applications that won't query DNS for whatever reason? Two that I've had issues with are Squid and our Smoothwall firewall. Sometimes I want to query old logs, but I can't accurately match the IP address to machine as the IP address might have changed since the log was written (or at least, I don't know a way to do it)
-
Yeah, apps, etc that don't use DNS definitely present a problem.
As for tracking what has what IP from DHCP, what about DHCP logs?
-
At least here, the DHCP logs aren't the greatest.. Due to not having AD. There are a few issues I run into, HOWEVER they are temporary and I know this.
Case in point: I have install software, drivers, and such on my computer. Ideally they would be on a network share on the server. However since I haven't gotten that far, when my desktop cycles the IP, I have to get it again.. I suppose for the time being I could set my desktop with a static.. but..why.
In time, this will all sort itself out.
-
Is your pool of IPs so small that your IP would need to change?
Some of my machines have received the same IP for years, I wonder what is causing yours to change?
Of course I understand they can change, but if you're machine is online at least daily (save weekends maybe) and your DHCP leases are the more normally seen 3-8 days, why would it be changing?
-
@Dashrender said:
Is your pool of IPs so small that your IP would need to change?
Some of my machines have received the same IP for years, I wonder what is causing yours to change?
Of course I understand they can change, but if you're machine is online at least daily (save weekends maybe) and your DHCP leases are the more normally seen 3-8 days, why would it be changing?
No - the Pool isn't small.. we are running 10.0.0.x for the IP schema.. however the changes occur since I have been swapping Firewalls and making changes. Again - since I don't have the AD / DHCP server running (yet), DHCP is handled by the Firewall... Which will change.
But I have gone from a SonicWall to Untangle FW (which had throughput issues), to a Ubiquiti Lite to a (new) Untangle FW. And am about to replace it (using the Ubiguiti) with pfSense....
so some changes occur.
-
When it comes to dynamic vs static, you have to ask yourself why you are doing either. Static is because devices point to this as a resource and it needs to remain constant at all times. So, as you said, servers, switches, routers, etc. However, workstations are, as a rule, only accessing resources and aren't serving up content to other computers unless you have a hodgepodge environment. Therefore, these devices need an IP address to get on the network and that's it. If you have a device that needs to serve up content, add it as a reservation. Think about this: if you make all workstations static, you run the risk of missing something and causing an IP conflict, or making more work for yourself if you ever change your network scheme. What do you gain? Nothing!
-
I wouldn't say you gain nothing. There are plenty of places like firewall logs, where you may only get an IP. In that case there is no need to look somewhere else for the name. If it is manageable, why not? I agree that it is rarely manageable.
-
I'm not aware of there being a static versus dynamic question here. AFAIK, everyone is in favour of dynamic. Dynamic has been the standard best practice for more than two decades. Before TCP/IP took over as the dominant protocol its predecessors NetBEUI and IPX/SPX were dynamic (NetBEUI had no other option.)
Unless you are treating your workstations as servers, they should exclusively be dynamic.
-
@s.hackleman said:
I wouldn't say you gain nothing. There are plenty of places like firewall logs, where you may only get an IP. In that case there is no need to look somewhere else for the name. If it is manageable, why not? I agree that it is rarely manageable.
You can get non-changing IPs with dynamic too.
-
Also, when it comes to IP blocks, no, I don't block things off just for the sake of it. If you are making blocks of IPs for end use devices you should rethink how you look at IPs. Don't make the mistake of thinking of an IP address as anything but an address - a computer artifact used under the hood to locate a device. It is not meant to be human readable or to provide insight into the use of a device. Use hostnames to convey human meaning, use IP addresses as addresses.
-
@scottalanmiller said:
Dynamic has been the standard best practice for more than two decades.
Last week, at a client where I am not the networking consultant, I had a networking consultant tell me that they use static IP on EVERYTHING because it makes DNS better.
I tried to get that part of the contract a year ago and was shot down
-
@JaredBusch said:
@scottalanmiller said:
Dynamic has been the standard best practice for more than two decades.
Last week, at a client where I am not the networking consultant, I had a networking consultant tell me that they use static IP on EVERYTHING because it makes DNS better.
I tried to get that part of the contract a year ago and was shot down
One could argue, I suppose, that in a non-AD environment that that might be true. Can still be done, but isn't quite so obviously easy and transparent. But that would just be people being lazy.
And why does one need DNS references to workstations in those cases anyway?
-
@scottalanmiller said:
One could argue, I suppose, that in a non-AD environment that that might be true. Can still be done, but isn't quite so obviously easy and transparent. But that would just be people being lazy.
Except this was a discussion about workstations in an AD (SBS2008) environment
@scottalanmiller said:
And why does one need DNS references to workstations in those cases anyway?
No idea.
