I am not sure this was clear, but are you talking about DNS/DHCP for internal computers or trying to DNS for both internal and external, DHCP for internal. As mentioned below, your load (QPS) will probably determine may determine if you can support a single server. A small network supplying internal hosts of < a couple hundred hosts it would be fine. I assume at least a primary and secondary for each service.
I don't think anyone will recommend servicing external DNS and internal services like DHCP on the same box... That is just an accident waiting to happen. Also think about the Confidentiality, Integrity and Availability triad. A large network may also have separation of duties and you may have different admins for each service (they don't want to reboot the other's services). A DNS server may require high uptime, but a DHCP server should be able to sustain a little downtime. Good luck, RW ________________________________ From: bind-users <bind-users-boun...@lists.isc.org> on behalf of Fred Morris <m3...@m3047.net> Sent: Wednesday, January 8, 2025 2:11 PM To: Bind-users <bind-users@lists.isc.org> Subject: Re: Bind and DHCP This email originated from outside of TESLA Do not click links or open attachments unless you recognize the sender and know the content is safe. Good operational network design calls for network segmentation; proper segmentation implies the functions of DDI to be technically (as opposed to organizationally) managed by segment. This would include actual recursing resolvers and DHCP services, not forwarders, at the segment edge. A lot of people are invested in solutionism via centralization so this is inherently controversial. On Wed, 8 Jan 2025, Karol Nowicki via bind-users wrote: > Does a good practice recommend to split running ISC Bind and DHCP into > two different machines or make DNS+DHCP running on same server is > allowed ? What allows you do to the best job with logging, according to your policies on observability? -- Fred Morris -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
