DHCP or fixed IPs for servers ????

[Craig White]

On Mon, 2011-09-19 at 16:25 +0200, Stefan Held wrote:
> Am Montag, den 19.09.2011, 08:09 -0600 schrieb linux guy: 
> > Thanks.
> > 
> > I'll continue to statically assign the server ips.
> 
> Depends on how many server you have, this is the thing i would not do ;)
> 
> If you are responsible for a large number of boxes you have a
> significant problem after changing something in your infrastructure.
> 
> 1.) change of Network Range 
> 2.) change of DNS/Gateway/Ldap IP Adresses.
> 
> With a manual solution you have to fix every damn box after changing
> something. If you do use your dhcp server to assign static adresses,
> there is only a single configuration file where you have to change
> entries.
> 
> If you use a DHCP Server driven solution you can have pxe boot for
> rescue systems, kickstart installations and so on. 
> 
> Have fun thinking about it ;)
----
I'm sitting here and laughing at the stupidity of this suggestion. 

Considering that one of the primary elements of security is IP
Addresses, you are leaving the determination of this security to the
whim of some moron who plugs in a wireless router or worse yet, someone
with intent to assume control over your network and made it as simple as
setting up a DHCP server - something you can easily do on a Windows
workstation.

If you actually have enough servers that it becomes a chore to maintain
their network configuration because you are incapable of any reasonable
long term planning of private IP LAN space where there is hardly any
limitations, you should be using puppet or chef or cfengine or something
that is capable of doing configuration management for a wide range of
networked systems.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.