Monday, April 19, 2010

Disable NETBIOS with dhcpd

This was a difficult item to find...thanks to the dd-wrt wiki for the proper vendor string!!

NETBIOS is ancient...disabling NETBIOS altogether on networks(provided you are sure you want to do this) can be a good thing for both your network and your windows workstations.

For those of you using the default node-type, you will basically eliminate all netbios broadcasts on your network,and your workstations will ONLY use DNS for resolution, instead of DNS then WINS then NBT broadcasts.

Disadvantage is that you can no longer use tools like nbtstat to query machines on your network for their hostname (shouldn't you be using DDNS?) and connectivity using some 'short names' may be lost...but you should be using FQDNs whenever/wherever possible.

DHCP Option 43, value is "01:04:00:00:00:02"

The line in your ISC dhcpd config should be:

option vendor-encapsulated-options 01:04:00:00:00:02;

Tuesday, April 13, 2010

Infoblox API Scripting

Infoblox makes a pretty sweet little appliance, providing DNS(ISC BIND), DHCP(ISC DHCPD), TFTP/HTTP File distribution for your enterprise. More or less its a Linux appliance with a decent GUI on top of it for the aforementioned features.

One of my favorite features about it is its API, and I wanted to share some of my experience with it. Its entirely Perl based, and getting it setup was painful with me with CPAN, but their binary package on my CentOS box worked a treat. While (in my opinion) the API's documentation isn't the best, it has some very vague descriptions of many of the functions, and the examples they give aren't much for mass-modification purposes, but for creating new networks/ranges.

I'm not going to do a starter guide, you'll have to read their docs for that....I'll just provide some of my coding to supplement their existing documentation.

First of all, check out "ibcli", I used it as MY supplement to figure out the right data structure/method to use when writing this script.

The purpose of my script was to help facilitate moving from a single Infoblox HA pair to a failover set of geographically separated "Grid Member" HA pairs for even more DHCP fault-tolerance for our WAN users in case of a large network outage.

When moving to this setup, you must reconfigure every network and every DHCP range to "point" to the "failover set" consisting of a pairing between the two failover Infoblox Grid Members.
Since we have several hundred, DHCP Networks, my script was designed to dump to STDOUT all Networks and Ranges on the appliance before the change, then change all Networks/Ranges (save a few special setups I exempted) to point to the failover set, and then dump the "post operation" configuration to STDOUT for verification.

Please keep in mind that this script could definitely use a lot more catch statements for error handling, but I kept this pretty lean just to do this one job for me.

Without further adieu, see attached. Rename it from the .txt extension to .pl.

IBConvert Script