Three databases drifting is three different answers to one question.
In legacy stacks, IPAM, DNS, and DHCP each have their own record set. They sync via cron jobs, scripts, or operator copy-paste — and drift the moment one side changes faster than the other can catch up.
Three drifting records
Each system tells a slightly different story about the same address.
One record, three views
A single record of truth. DNS, DHCP, and IPAM are projections.
Six capabilities. One control plane.
Authoritative DNS
Zones, records, AXFR import, DNSSEC signing — managed natively with audit lineage to the source IP allocation.
DHCPv4
Scopes, leases, fingerprinting, static reservations. Bidirectional sync with upstream ISC, Kea, or Microsoft DHCP servers.
DHCPv6 & Prefix Delegation
PD pools with configurable lifetimes. Renewal handling. /48, /56, /64 delegation chains tracked across hierarchy.
Lease Archival
Cold-storage retention for regulatory compliance. Searchable lease history with full handoff lineage.
Server Federation
Upstream DNS and DHCP server registry. Push-only or bidirectional sync per server policy.
Reverse DNS Automation
PTR records created and updated automatically on every IP assignment. Zero operator intervention.
Chain of trust, fully managed.
Key signing keys (KSK) and zone signing keys (ZSK) are generated, rotated, and signed automatically. NSEC3 supports authenticated denial. DS records propagate to parent registries without manual intervention.
- Automated KSK / ZSK lifecycle (RFC 6781)
- NSEC3 with opt-out for large zones
- HSM-backed key storage option