[Samba] DCs in multiple VLANs

Rowland Penny rpenny at samba.org
Fri Jan 20 09:34:50 UTC 2023

On 20/01/2023 09:16, Stefan G. Weichinger via samba wrote:
> Am 20.01.23 um 09:26 schrieb Stefan G. Weichinger via samba:
>> Am 19.01.23 um 22:26 schrieb Allen Chen:
>>> To make less headache, remove vlans from DCs and create a separate 
>>> DHCP proxy server instead(or use your switch DHCP forward feature).
>> Something like a DHCP relay (we have a pfsense there)?
>> I get the idea but I don't yet fully understand how the target DHCP 
>> server would know which VLANs the requests belong to.
> What I don't like about that idea:
> I could only forward to one DHCP-Server IP ... that would make my nice 
> 2-node-Kea-cluster a bit less useful. No failover then, right?

Whilst it is best to only have one active dhcp server, you can use 
failover, which is easy with the now EOL isc-dhcp-server, but is 
probably possible with the kea server. The problem with the kea server 
is, in my opinion, it is a bit like using a sledgehammer to crack a nut, 
it is just too complex.

Now that the isc-dhcp-server is EOL (it will hang about a bit in 
distro's), I will have to rewrite my dhcp script and it will not be 
using kea, even though the changes would be minimal to do so. In my 
opinion, you would have to criminally insane to fully understand kea and 
I need to understand something before I use it.

> Or could I simply remove the multiple DNS-records created for the DC 
> after enabling it on all VLAN-interfaces, so that there is only one 
> record pointing to its LAN IP?

Your DC should only have one ipaddress, it should not be multi-homed.


More information about the samba mailing list