IP Address: Dynamic or Static

Dashrender

Is your pool of IPs so small that your IP would need to change?

Some of my machines have received the same IP for years, I wonder what is causing yours to change?

Of course I understand they can change, but if you're machine is online at least daily (save weekends maybe) and your DHCP leases are the more normally seen 3-8 days, why would it be changing?

gjacobse

@Dashrender said:

Is your pool of IPs so small that your IP would need to change?

Some of my machines have received the same IP for years, I wonder what is causing yours to change?

Of course I understand they can change, but if you're machine is online at least daily (save weekends maybe) and your DHCP leases are the more normally seen 3-8 days, why would it be changing?

No - the Pool isn't small.. we are running 10.0.0.x for the IP schema.. however the changes occur since I have been swapping Firewalls and making changes. Again - since I don't have the AD / DHCP server running (yet), DHCP is handled by the Firewall... Which will change.

But I have gone from a SonicWall to Untangle FW (which had throughput issues), to a Ubiquiti Lite to a (new) Untangle FW. And am about to replace it (using the Ubiguiti) with pfSense....

so some changes occur.

thanksajdotcom

When it comes to dynamic vs static, you have to ask yourself why you are doing either. Static is because devices point to this as a resource and it needs to remain constant at all times. So, as you said, servers, switches, routers, etc. However, workstations are, as a rule, only accessing resources and aren't serving up content to other computers unless you have a hodgepodge environment. Therefore, these devices need an IP address to get on the network and that's it. If you have a device that needs to serve up content, add it as a reservation. Think about this: if you make all workstations static, you run the risk of missing something and causing an IP conflict, or making more work for yourself if you ever change your network scheme. What do you gain? Nothing!

s.hackleman

I wouldn't say you gain nothing. There are plenty of places like firewall logs, where you may only get an IP. In that case there is no need to look somewhere else for the name. If it is manageable, why not? I agree that it is rarely manageable.

scottalanmiller

I'm not aware of there being a static versus dynamic question here. AFAIK, everyone is in favour of dynamic. Dynamic has been the standard best practice for more than two decades. Before TCP/IP took over as the dominant protocol its predecessors NetBEUI and IPX/SPX were dynamic (NetBEUI had no other option.)

Unless you are treating your workstations as servers, they should exclusively be dynamic.

scottalanmiller

@s.hackleman said:

I wouldn't say you gain nothing. There are plenty of places like firewall logs, where you may only get an IP. In that case there is no need to look somewhere else for the name. If it is manageable, why not? I agree that it is rarely manageable.

You can get non-changing IPs with dynamic too.

scottalanmiller

Also, when it comes to IP blocks, no, I don't block things off just for the sake of it. If you are making blocks of IPs for end use devices you should rethink how you look at IPs. Don't make the mistake of thinking of an IP address as anything but an address - a computer artifact used under the hood to locate a device. It is not meant to be human readable or to provide insight into the use of a device. Use hostnames to convey human meaning, use IP addresses as addresses.

JaredBusch

@scottalanmiller said:

Dynamic has been the standard best practice for more than two decades.

Last week, at a client where I am not the networking consultant, I had a networking consultant tell me that they use static IP on EVERYTHING because it makes DNS better.

I tried to get that part of the contract a year ago and was shot down

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

Dynamic has been the standard best practice for more than two decades.

Last week, at a client where I am not the networking consultant, I had a networking consultant tell me that they use static IP on EVERYTHING because it makes DNS better.

I tried to get that part of the contract a year ago and was shot down

One could argue, I suppose, that in a non-AD environment that that might be true. Can still be done, but isn't quite so obviously easy and transparent. But that would just be people being lazy.

And why does one need DNS references to workstations in those cases anyway?

JaredBusch

@scottalanmiller said:

One could argue, I suppose, that in a non-AD environment that that might be true. Can still be done, but isn't quite so obviously easy and transparent. But that would just be people being lazy.

Except this was a discussion about workstations in an AD (SBS2008) environment

@scottalanmiller said:

And why does one need DNS references to workstations in those cases anyway?

No idea.