Cisco DDM, Checkpoint Meta-IP, Dynamic DNS, DHCP, and Bind compatability

[Jesse Whyte]

Wow, had to cover a lot of area in the subject line, but I think that it is all relevant.  Some of this may be slightly off-topic due to the vendor-specific reference, but my issue has to do with BIND interoperability and not support for the Cisco project.

Scope:  We're looking to upgrade our DHCP solution.  We currently handle about 10,000 - 12,000 users via DHCP,and this number will increase to about 60,000 over the next year.  We currently use Sun's bundled DHCP server, but our unsatisfied that it will scale to meet this increased workload.  Therefore, we're looking at two other commercial products to do this, hence the references to CDDM and Meta-IP.  DDNS is extremely important to us for security and usability reasons.  We would love to be able to migrate our servers, workstations, printers, etc. to DNS and DDNS deals with many of our outstanding issues. However...

Concern:  We currently use the patched BIND 8.2.2 release for our primary and secondary DNS servers.  I do NOT want to migrate this to the Cisco or Checkpoint products for a variety of reasons, most of them having to do with security and some functionality available within the BIND release that is not available in the other products.

Question:  Can I use just the DHCP/DDNS portion of these products, allowing these services to "securely" use DDNS to update the zone files of a seperate instance of BIND/named?  Ultimately, I would imagine that there will be at least 4 physically and logically seperate DHCP servers, and a fifth Windows 2000 server handling its unique concerns.  In turn, they will be updating four BIND DNS servers.  Or does the functionality of these two products require complete integration?

TIA,
Jesse Whyte
Office of Information Resources
State of Tennessee