NAME
dhcpd.conf - dhcpd configuration file
DESCRIPTION
The dhcpd.conf file contains configuration information for dhcpd, the
Internet Systems Consortium DHCP Server.
The dhcpd.conf file is a free-form ASCII text file. It is parsed by
the recursive-descent parser built into dhcpd. The file may contain
extra tabs and newlines for formatting purposes. Keywords in the file
are case-insensitive. Comments may be placed anywhere within the file
(except within quotes). Comments begin with the # character and end
at the end of the line.
The file essentially consists of a list of statements. Statements
fall into two broad categories - parameters and declarations.
Parameter statements either say how to do something (e.g., how long a
lease to offer), whether to do something (e.g., should dhcpd provide
addresses to unknown clients), or what parameters to provide to the
client (e.g., use gateway 220.177.244.7).
Declarations are used to describe the topology of the network, to
describe clients on the network, to provide addresses that can be
assigned to clients, or to apply a group of parameters to a group of
declarations. In any group of parameters and declarations, all
parameters must be specified before any declarations which depend on
those parameters may be specified.
Declarations about network topology include the shared-network and the
subnet declarations. If clients on a subnet are to be assigned
addresses dynamically, a range declaration must appear within the
subnet declaration. For clients with statically assigned addresses,
or for installations where only known clients will be served, each such
client must have a host declaration. If parameters are to be applied
to a group of declarations which are not related strictly on a per-
subnet basis, the group declaration can be used.
For every subnet which will be served, and for every subnet to which
the dhcp server is connected, there must be one subnet declaration,
which tells dhcpd how to recognize that an address is on that subnet.
A subnet declaration is required for each subnet even if no addresses
will be dynamically allocated on that subnet.
Some installations have physical networks on which more than one IP
subnet operates. For example, if there is a site-wide requirement
that 8-bit subnet masks be used, but a department with a single
physical ethernet network expands to the point where it has more than
254 nodes, it may be necessary to run two 8-bit subnets on the same
ethernet until such time as a new physical network can be added. In
this case, the subnet declarations for these two networks must be
enclosed in a shared-network declaration.
Some sites may have departments which have clients on more than one
subnet, but it may be desirable to offer those clients a uniform set of
parameters which are different than what would be offered to clients
from other departments on the same subnet. For clients which will be
declared explicitly with host declarations, these declarations can be
enclosed in a group declaration along with the parameters which are
common to that department. For clients whose addresses will be
dynamically assigned, class declarations and conditional declarations
may be used to group parameter assignments based on information the
client sends.
When a client is to be booted, its boot parameters are determined by
consulting that client's host declaration (if any), and then consulting
any class declarations matching the client, followed by the pool,
subnet and shared-network declarations for the IP address assigned to
the client. Each of these declarations itself appears within a
lexical scope, and all declarations at less specific lexical scopes are
also consulted for client option declarations. Scopes are never
considered twice, and if parameters are declared in more than one
scope, the parameter declared in the most specific scope is the one
that is used.
When dhcpd tries to find a host declaration for a client, it first
looks for a host declaration which has a fixed-address declaration that
lists an IP address that is valid for the subnet or shared network on
which the client is booting. If it doesn't find any such entry, it
tries to find an entry which has no fixed-address declaration.
EXAMPLES
A typical dhcpd.conf file will look something like this:
global parameters...
subnet 204.254.239.0 netmask 255.255.255.224 {
subnet-specific parameters...
range 204.254.239.10 204.254.239.30;
}
subnet 204.254.239.32 netmask 255.255.255.224 {
subnet-specific parameters...
range 204.254.239.42 204.254.239.62;
}
subnet 204.254.239.64 netmask 255.255.255.224 {
subnet-specific parameters...
range 204.254.239.74 204.254.239.94;
}
group {
group-specific parameters...
host zappo.test.isc.org {
host-specific parameters...
}
host beppo.test.isc.org {
host-specific parameters...
}
host harpo.test.isc.org {
host-specific parameters...
}
}
Figure 1
Notice that at the beginning of the file, there's a place for global
parameters. These might be things like the organization's domain
name, the addresses of the name servers (if they are common to the
entire organization), and so on. So, for example:
option domain-name "isc.org";
option domain-name-servers ns1.isc.org, ns2.isc.org;
Figure 2
As you can see in Figure 2, you can specify host addresses in
parameters using their domain names rather than their numeric IP
addresses. If a given hostname resolves to more than one IP address
(for example, if that host has two ethernet interfaces), then where
possible, both addresses are supplied to the client.
The most obvious reason for having subnet-specific parameters as shown
in Figure 1 is that each subnet, of necessity, has its own router. So
for the first subnet, for example, there should be something like:
option routers 204.254.239.1;
Note that the address here is specified numerically. This is not
required - if you have a different domain name for each interface on
your router, it's perfectly legitimate to use the domain name for that
interface instead of the numeric address. However, in many cases
there may be only one domain name for all of a router's IP addresses,
and it would not be appropriate to use that name here.
In Figure 1 there is also a group statement, which provides common
parameters for a set of three hosts - zappo, beppo and harpo. As you
can see, these hosts are all in the test.isc.org domain, so it might
make sense for a group-specific parameter to override the domain name
supplied to these hosts:
option domain-name "test.isc.org";
Also, given the domain they're in, these are probably test machines.
If we wanted to test the DHCP leasing mechanism, we might set the lease
timeout somewhat shorter than the default:
max-lease-time 120;
default-lease-time 120;
You may have noticed that while some parameters start with the option
keyword, some do not. Parameters starting with the option keyword
correspond to actual DHCP options, while parameters that do not start
with the option keyword either control the behavior of the DHCP server
(e.g., how long a lease dhcpd will give out), or specify client
parameters that are not optional in the DHCP protocol (for example,
server-name and filename).
In Figure 1, each host had host-specific parameters. These could
include such things as the hostname option, the name of a file to
upload (the filename parameter) and the address of the server from
which to upload the file (the next-server parameter). In general, any
parameter can appear anywhere that parameters are allowed, and will be
applied according to the scope in which the parameter appears.
Imagine that you have a site with a lot of NCD X-Terminals. These
terminals come in a variety of models, and you want to specify the boot
files for each model. One way to do this would be to have host
declarations for each server and group them by model:
group {
filename "Xncd19r";
next-server ncd-booter;
host ncd1 { hardware ethernet 0:c0:c3:49:2b:57; }
host ncd4 { hardware ethernet 0:c0:c3:80:fc:32; }
host ncd8 { hardware ethernet 0:c0:c3:22:46:81; }
}
group {
filename "Xncd19c";
next-server ncd-booter;
host ncd2 { hardware ethernet 0:c0:c3:88:2d:81; }
host ncd3 { hardware ethernet 0:c0:c3:00:14:11; }
}
group {
filename "XncdHMX";
next-server ncd-booter;
host ncd1 { hardware ethernet 0:c0:c3:11:90:23; }
host ncd4 { hardware ethernet 0:c0:c3:91:a7:8; }
host ncd8 { hardware ethernet 0:c0:c3:cc:a:8f; }
}
ADDRESS POOLS
The pool declaration can be used to specify a pool of addresses that
will be treated differently than another pool of addresses, even on the
same network segment or subnet. For example, you may want to provide
a large set of addresses that can be assigned to DHCP clients that are
registered to your DHCP server, while providing a smaller set of
addresses, possibly with short lease times, that are available for
unknown clients. If you have a firewall, you may be able to arrange
for addresses from one pool to be allowed access to the Internet, while
addresses in another pool are not, thus encouraging users to register
their DHCP clients. To do this, you would set up a pair of pool
declarations:
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.254;
# Unknown clients get this pool.
pool {
option domain-name-servers bogus.example.com;
max-lease-time 300;
range 10.0.0.200 10.0.0.253;
allow unknown-clients;
}
# Known clients get this pool.
pool {
option domain-name-servers ns1.example.com, ns2.example.com;
max-lease-time 28800;
range 10.0.0.5 10.0.0.199;
deny unknown-clients;
}
}
It is also possible to set up entirely different subnets for known and
unknown clients - address pools exist at the level of shared networks,
so address ranges within pool declarations can be on different subnets.
As you can see in the preceding example, pools can have permit lists
that control which clients are allowed access to the pool and which
aren't. Each entry in a pool's permit list is introduced with the
allow or deny keyword. If a pool has a permit list, then only those
clients that match specific entries on the permit list will be eligible
to be assigned addresses from the pool. If a pool has a deny list,
then only those clients that do not match any entries on the deny list
will be eligible. If both permit and deny lists exist for a pool,
then only clients that match the permit list and do not match the deny
list will be allowed access.
DYNAMIC ADDRESS ALLOCATION
Address allocation is actually only done when a client is in the INIT
state and has sent a DHCPDISCOVER message. If the client thinks it has
a valid lease and sends a DHCPREQUEST to initiate or renew that lease,
the server has only three choices - it can ignore the DHCPREQUEST, send
a DHCPNAK to tell the client it should stop using the address, or send
a DHCPACK, telling the client to go ahead and use the address for a
while.
If the server finds the address the client is requesting, and that
address is available to the client, the server will send a DHCPACK. If
the address is no longer available, or the client isn't permitted to
have it, the server will send a DHCPNAK. If the server knows nothing
about the address, it will remain silent, unless the address is
incorrect for the network segment to which the client has been attached
and the server is authoritative for that network segment, in which case
the server will send a DHCPNAK even though it doesn't know about the
address.
There may be a host declaration matching the client's identification.
If that host declaration contains a fixed-address declaration that
lists an IP address that is valid for the network segment to which the
client is connected. In this case, the DHCP server will never do
dynamic address allocation. In this case, the client is required to
take the address specified in the host declaration. If the client
sends a DHCPREQUEST for some other address, the server will respond
with a DHCPNAK.
When the DHCP server allocates a new address for a client (remember,
this only happens if the client has sent a DHCPDISCOVER), it first
looks to see if the client already has a valid lease on an IP address,
or if there is an old IP address the client had before that hasn't yet
been reassigned. In that case, the server will take that address and
check it to see if the client is still permitted to use it. If the
client is no longer permitted to use it, the lease is freed if the
server thought it was still in use - the fact that the client has sent
a DHCPDISCOVER proves to the server that the client is no longer using
the lease.
If no existing lease is found, or if the client is forbidden to receive
the existing lease, then the server will look in the list of address
pools for the network segment to which the client is attached for a
lease that is not in use and that the client is permitted to have. It
looks through each pool declaration in sequence (all range declarations
that appear outside of pool declarations are grouped into a single pool
with no permit list). If the permit list for the pool allows the
client to be allocated an address from that pool, the pool is examined
to see if there is an address available. If so, then the client is
tentatively assigned that address. Otherwise, the next pool is
tested. If no addresses are found that can be assigned to the client,
no response is sent to the client.
If an address is found that the client is permitted to have, and that
has never been assigned to any client before, the address is
immediately allocated to the client. If the address is available for
allocation but has been previously assigned to a different client, the
server will keep looking in hopes of finding an address that has never
before been assigned to a client.
The DHCP server generates the list of available IP addresses from a
hash table. This means that the addresses are not sorted in any
particular order, and so it is not possible to predict the order in
which the DHCP server will allocate IP addresses. Users of previous
versions of the ISC DHCP server may have become accustomed to the DHCP
server allocating IP addresses in ascending order, but this is no
longer possible, and there is no way to configure this behavior with
version 3 of the ISC DHCP server.
IP ADDRESS CONFLICT PREVENTION
The DHCP server checks IP addresses to see if they are in use before
allocating them to clients. It does this by sending an ICMP Echo
request message to the IP address being allocated. If no ICMP Echo
reply is received within a second, the address is assumed to be free.
This is only done for leases that have been specified in range
statements, and only when the lease is thought by the DHCP server to be
free - i.e., the DHCP server or its failover peer has not listed the
lease as in use.
If a response is received to an ICMP Echo request, the DHCP server
assumes that there is a configuration error - the IP address is in use
by some host on the network that is not a DHCP client. It marks the
address as abandoned, and will not assign it to clients.
If a DHCP client tries to get an IP address, but none are available,
but there are abandoned IP addresses, then the DHCP server will attempt
to reclaim an abandoned IP address. It marks one IP address as free,
and then does the same ICMP Echo request check described previously.
If there is no answer to the ICMP Echo request, the address is assigned
to the client.
The DHCP server does not cycle through abandoned IP addresses if the
first IP address it tries to reclaim is free. Rather, when the next
DHCPDISCOVER comes in from the client, it will attempt a new allocation
using the same method described here, and will typically try a new IP
address.
DHCP FAILOVER
This version of the ISC DHCP server supports the DHCP failover protocol
as documented in draft-ietf-dhc-failover-07.txt. This is not a final
protocol document, and we have not done interoperability testing with
other vendors' implementations of this protocol, so you must not assume
that this implementation conforms to the standard. If you wish to use
the failover protocol, make sure that both failover peers are running
the same version of the ISC DHCP server.
The failover protocol allows two DHCP servers (and no more than two) to
share a common address pool. Each server will have about half of the
available IP addresses in the pool at any given time for allocation.
If one server fails, the other server will continue to renew leases out
of the pool, and will allocate new addresses out of the roughly half of
available addresses that it had when communications with the other
server were lost.
It is possible during a prolonged failure to tell the remaining server
that the other server is down, in which case the remaining server will
(over time) reclaim all the addresses the other server had available
for allocation, and begin to reuse them. This is called putting the
server into the PARTNER-DOWN state.
You can put the server into the PARTNER-DOWN state either by using the
omshell (1) command or by stopping the server, editing the last peer
state declaration in the lease file, and restarting the server. If
you use this last method, be sure to leave the date and time of the
start of the state blank:
failover peer name state {
my state partner-down;
peer state state at date;
}
When the other server comes back online, it should automatically detect
that it has been offline and request a complete update from the server
that was running in the PARTNER-DOWN state, and then both servers will
resume processing together.
It is possible to get into a dangerous situation: if you put one server
into the PARTNER-DOWN state, and then *that* server goes down, and the
other server comes back up, the other server will not know that the
first server was in the PARTNER-DOWN state, and may issue addresses
previously issued by the other server to different clients, resulting
in IP address conflicts. Before putting a server into PARTNER-DOWN
state, therefore, make sure that the other server will not restart
automatically.
The failover protocol defines a primary server role and a secondary
server role. There are some differences in how primaries and
secondaries act, but most of the differences simply have to do with
providing a way for each peer to behave in the opposite way from the
other. So one server must be configured as primary, and the other
must be configured as secondary, and it doesn't matter too much which
one is which.
FAILOVER STARTUP
When a server starts that has not previously communicated with its
failover peer, it must establish communications with its failover peer
and synchronize with it before it can serve clients. This can happen
either because you have just configured your DHCP servers to perform
failover for the first time, or because one of your failover servers
has failed catastrophically and lost its database.
The initial recovery process is designed to ensure that when one
failover peer loses its database and then resynchronizes, any leases
that the failed server gave out before it failed will be honored. When
the failed server starts up, it notices that it has no saved failover
state, and attempts to contact its peer.
When it has established contact, it asks the peer for a complete copy
its peer's lease database. The peer then sends its complete database,
and sends a message indicating that it is done. The failed server then
waits until MCLT has passed, and once MCLT has passed both servers make
the transition back into normal operation. This waiting period ensures
that any leases the failed server may have given out while out of
contact with its partner will have expired.
While the failed server is recovering, its partner remains in the
partner-down state, which means that it is serving all clients. The
failed server provides no service at all to DHCP clients until it has
made the transition into normal operation.
In the case where both servers detect that they have never before
communicated with their partner, they both come up in this recovery
state and follow the procedure we have just described. In this case,
no service will be provided to DHCP clients until MCLT has expired.
CONFIGURING FAILOVER
In order to configure failover, you need to write a peer declaration
that configures the failover protocol, and you need to write peer
references in each pool declaration for which you want to do failover.
You do not have to do failover for all pools on a given network
segment. You must not tell one server it's doing failover on a
particular address pool and tell the other it is not. You must not
have any common address pools on which you are not doing failover. A
pool declaration that utilizes failover would look like this:
pool {
failover peer "foo";
pool specific parameters
};
The server currently does very little sanity checking, so if you
configure it wrong, it will just fail in odd ways. I would recommend
therefore that you either do failover or don't do failover, but don't
do any mixed pools. Also, use the same master configuration file for
both servers, and have a separate file that contains the peer
declaration and includes the master file. This will help you to avoid
configuration mismatches. As our implementation evolves, this will
become less of a problem. A basic sample dhcpd.conf file for a
primary server might look like this:
failover peer "foo" {
primary;
address anthrax.rc.vix.com;
port 519;
peer address trantor.rc.vix.com;
peer port 520;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 3;
}
include "/etc/dhcpd.master";
The statements in the peer declaration are as follows:
The primary and secondary statements
[ primary | secondary ];
This determines whether the server is primary or secondary, as
described earlier under DHCP FAILOVER.
The address statement
address address;
The address statement declares the IP address or DNS name on which
the server should listen for connections from its failover peer, and
also the value to use for the DHCP Failover Protocol server
identifier. Because this value is used as an identifier, it may not
be omitted.
The peer address statement
peer address address;
The peer address statement declares the IP address or DNS name to
which the server should connect to reach its failover peer for
failover messages.
The port statement
port port-number;
The port statement declares the TCP port on which the server should
listen for connections from its failover peer. This statement may
not currently be omitted, because the failover protocol does not yet
have a reserved TCP port number.
The peer port statement
peer port port-number;
The peer port statement declares the TCP port to which the server
should connect to reach its failover peer for failover messages.
This statement may not be omitted because the failover protocol does
not yet have a reserved TCP port number. The port number declared
in the peer port statement may be the same as the port number
declared in the port statement.
The max-response-delay statement
max-response-delay seconds;
The max-response-delay statement tells the DHCP server how many
seconds may pass without receiving a message from its failover peer
before it assumes that connection has failed. This number should
be small enough that a transient network failure that breaks the
connection will not result in the servers being out of communication
for a long time, but large enough that the server isn't constantly
making and breaking connections. This parameter must be specified.
The max-unacked-updates statement
max-unacked-updates count;
The max-unacked-updates statement tells the remote DHCP server how
many BNDUPD messages it can send before it receives a BNDACK from
the local system. We don't have enough operational experience to
say what a good value for this is, but 10 seems to work. This
parameter must be specified.
The mclt statement
mclt seconds;
The mclt statement defines the Maximum Client Lead Time. It must
be specified on the primary, and may not be specified on the
secondary. This is the length of time for which a lease may be
renewed by either failover peer without contacting the other. The
longer you set this, the longer it will take for the running server
to recover IP addresses after moving into PARTNER-DOWN state. The
shorter you set it, the more load your servers will experience when
they are not communicating. A value of something like 3600 is
probably reasonable, but again bear in mind that we have no real
operational experience with this.
The split statement
split index;
The split statement specifies the split between the primary and
secondary for the purposes of load balancing. Whenever a client
makes a DHCP request, the DHCP server runs a hash on the client
identification, resulting in value from 0 to 255. This is used as
an index into a 256 bit field. If the bit at that index is set, the
primary is responsible. If the bit at that index is not set, the
secondary is responsible. The split value determines how many of
the leading bits are set to one. So, in practice, higher split
values will cause the primary to serve more clients than the
secondary. Lower split values, the converse. Legal values are
between 0 and 255, of which the most reasonable is 128.
The hba statement
hba colon-separated-hex-list;
The hba statement specifies the split between the primary and
secondary as a bitmap rather than a cutoff, which theoretically
allows for finer-grained control. In practice, there is probably
no need for such fine-grained control, however. An example hba
statement:
hba ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00;
This is equivalent to a split 128; statement, and identical. The
following two examples are also equivalent to a split of 128, but
are not identical:
hba aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:
aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa;
hba 55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:
55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55;
They are equivalent, because half the bits are set to 0, half are
set to 1 (0xa and 0x5 are 1010 and 0101 binary respectively) and
consequently this would roughly divide the clients equally between
the servers. They are not identical, because the actual peers this
would load balance to each server are different for each example.
You must only have split or hba defined, never both. For most
cases, the fine-grained control that hba offers isn't necessary, and
split should be used.
The load balance max seconds statement
load balance max seconds seconds;
This statement allows you to configure a cutoff after which load
balancing is disabled. The cutoff is based on the number of seconds
since the client sent its first DHCPDISCOVER or DHCPREQUEST message,
and only works with clients that correctly implement the secs field
- fortunately most clients do. We recommend setting this to
something like 3 or 5. The effect of this is that if one of the
failover peers gets into a state where it is responding to failover
messages but not responding to some client requests, the other
failover peer will take over its client load automatically as the
clients retry.
The Failover pool balance statements.
max-lease-misbalance percentage;
max-lease-ownership percentage;
min-balance seconds;
max-balance seconds;
This version of the DHCP Server evaluates pool balance on a
schedule, rather than on demand as leases are allocated. The latter
approach proved to be slightly klunky when pool misbalanced reach
total saturation...when any server ran out of leases to assign, it
also lost its ability to notice it had run dry.
In order to understand pool balance, some elements of its operation
first need to be defined. First, there are 'free' and 'backup'
leases. Both of these are referred to as 'free state leases'.
'free' and 'backup' are 'the free states' for the purpose of this
document. The difference is that only the primary may allocate from
'free' leases unless under special circumstances, and only the
secondary may allocate 'backup' leases.
When pool balance is performed, the only plausible expectation is to
provide a 50/50 split of the free state leases between the two
servers. This is because no one can predict which server will fail,
regardless of the relative load placed upon the two servers, so
giving each server half the leases gives both servers the same
amount of 'failure endurance'. Therefore, there is no way to
configure any different behaviour, outside of some very small
windows we will describe shortly.
The first thing calculated on any pool balance run is a value
referred to as 'lts', or "Leases To Send". This, simply, is the
difference in the count of free and backup leases, divided by two.
For the secondary, it is the difference in the backup and free
leases, divided by two. The resulting value is signed: if it is
positive, the local server is expected to hand out leases to retain
a 50/50 balance. If it is negative, the remote server would need to
send leases to balance the pool. Once the lts value reaches zero,
the pool is perfectly balanced (give or take one lease in the case
of an odd number of total free state leases).
The current approach is still something of a hybrid of the old
approach, marked by the presence of the max-lease-misbalance
statement. This parameter configures what used to be a 10% fixed
value in previous versions: if lts is less than free+backup * max-
lease-misbalance percent, then the server will skip balancing a
given pool (it won't bother moving any leases, even if some leases
"should" be moved). The meaning of this value is also somewhat
overloaded, however, in that it also governs the estimation of when
to attempt to balance the pool (which may then also be skipped
over). The oldest leases in the free and backup states are
examined. The time they have resided in their respective queues is
used as an estimate to indicate how much time it is probable it
would take before the leases at the top of the list would be
consumed (and thus, how long it would take to use all leases in that
state). This percentage is directly multiplied by this time, and
fit into the schedule if it falls within the min-balance and max-
balance configured values. The scheduled pool check time is only
moved in a downwards direction, it is never increased. Lastly, if
the lts is more than double this number in the negative direction,
the local server will 'panic' and transmit a Failover protocol
POOLREQ message, in the hopes that the remote system will be woken
up into action.
Once the lts value exceeds the max-lease-misbalance percentage of
total free state leases as described above, leases are moved to the
remote server. This is done in two passes.
In the first pass, only leases whose most recent bound client would
have been served by the remote server - according to the Load
Balance Algorithm (see above split and hba configuration statements)
- are given away to the peer. This first pass will happily continue
to give away leases, decrementing the lts value by one for each,
until the lts value has reached the negative of the total number of
leases multiplied by the max-lease-ownership percentage. So it is
through this value that you can permit a small misbalance of the
lease pools - for the purpose of giving the peer more than a 50/50
share of leases in the hopes that their clients might some day
return and be allocated by the peer (operating normally). This
process is referred to as 'MAC Address Affinity', but this is
somewhat misnamed: it applies equally to DHCP Client Identifier
options. Note also that affinity is applied to leases when they
enter the state be moved from free to backup if the secondary
already has more than its share.
The second pass is only entered into if the first pass fails to
reduce the lts underneath the total number of free state leases
multiplied by the max-lease-ownership percentage. In this pass, the
oldest leases are given over to the peer without second thought
about the Load Balance Algorithm, and this continues until the lts
falls under this value. In this way, the local server will also
happily keep a small percentage of the leases that would normally
load balance to itself.
So, the max-lease-misbalance value acts as a behavioural gate.
Smaller values will cause more leases to transition states to
balance the pools over time, higher values will decrease the amount
of change (but may lead to pool starvation if there's a run on
leases).
The max-lease-ownership value permits a small (percenatge) skew in
the lease balance of a percentage of the total number of free state
leases.
Finally, the min-balance and max-balance make certain that a
scheduled rebalance event happens within a reasonable timeframe (not
to be thrown off by, for example, a 7 year old free lease).
Plausible values for the percentages lie between 0 and 100,
inclusive, but values over 50 are indistinguishable from one another
(once lts exceeds 50% of the free state leases, one server must
therefore have 100% of the leases in its respective free state). It
is recommended to select a max-lease-ownership value that is lower
than the value selected for the max-lease-misbalance value. max-
lease-ownership defaults to 10, and max-lease-misbalance defaults to
15.
Plausible values for the min-balance and max-balance times also
range from 0 to (2^32)-1 (or the limit of your local time_t value),
but default to values 60 and 3600 respectively (to place balance
events between 1 minute and 1 hour).
CLIENT CLASSING
Clients can be separated into classes, and treated differently
depending on what class they are in. This separation can be done
either with a conditional statement, or with a match statement within
the class declaration. It is possible to specify a limit on the total
number of clients within a particular class or subclass that may hold
leases at one time, and it is possible to specify automatic subclassing
based on the contents of the client packet.
To add clients to classes based on conditional evaluation, you can
specify a matching expression in the class statement:
class "ras-clients" {
match if substring (option dhcp-client-identifier, 1, 3) = "RAS";
}
Note that whether you use matching expressions or add statements (or
both) to classify clients, you must always write a class declaration
for any class that you use. If there will be no match statement and
no in-scope statements for a class, the declaration should look like
this:
class "ras-clients" {
}
SUBCLASSES
In addition to classes, it is possible to declare subclasses. A
subclass is a class with the same name as a regular class, but with a
specific submatch expression which is hashed for quick matching. This
is essentially a speed hack - the main difference between five classes
with match expressions and one class with five subclasses is that it
will be quicker to find the subclasses. Subclasses work as follows:
class "allocation-class-1" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "allocation-class-2" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
subclass "allocation-class-2" 1:8:0:2b:a9:cc:e3;
subclass "allocation-class-1" 1:0:0:c4:aa:29:44;
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
allow members of "allocation-class-1";
range 10.0.0.11 10.0.0.50;
}
pool {
allow members of "allocation-class-2";
range 10.0.0.51 10.0.0.100;
}
}
The data following the class name in the subclass declaration is a
constant value to use in matching the match expression for the class.
When class matching is done, the server will evaluate the match
expression and then look the result up in the hash table. If it finds
a match, the client is considered a member of both the class and the
subclass.
Subclasses can be declared with or without scope. In the above
example, the sole purpose of the subclass is to allow some clients
access to one address pool, while other clients are given access to the
other pool, so these subclasses are declared without scopes. If part
of the purpose of the subclass were to define different parameter
values for some clients, you might want to declare some subclasses with
scopes.
In the above example, if you had a single client that needed some
configuration parameters, while most didn't, you might write the
following subclass declaration for that client:
subclass "allocation-class-2" 1:08:00:2b:a1:11:31 {
option root-path "samsara:/var/diskless/alphapc";
filename "/tftpboot/netbsd.alphapc-diskless";
}
In this example, we've used subclassing as a way to control address
allocation on a per-client basis. However, it's also possible to use
subclassing in ways that are not specific to clients - for example, to
use the value of the vendor-class-identifier option to determine what
values to send in the vendor-encapsulated-options option. An example
of this is shown under the VENDOR ENCAPSULATED OPTIONS head in the
dhcp-options(5) manual page.
PER-CLASS LIMITS ON DYNAMIC ADDRESS ALLOCATION
You may specify a limit to the number of clients in a class that can be
assigned leases. The effect of this will be to make it difficult for
a new client in a class to get an address. Once a class with such a
limit has reached its limit, the only way a new client in that class
can get a lease is for an existing client to relinquish its lease,
either by letting it expire, or by sending a DHCPRELEASE packet.
Classes with lease limits are specified as follows:
class "limited-1" {
lease limit 4;
}
This will produce a class in which a maximum of four members may hold a
lease at one time.
SPAWNING CLASSES
It is possible to declare a spawning class. A spawning class is a
class that automatically produces subclasses based on what the client
sends. The reason that spawning classes were created was to make it
possible to create lease-limited classes on the fly. The envisioned
application is a cable-modem environment where the ISP wishes to
provide clients at a particular site with more than one IP address, but
does not wish to provide such clients with their own subnet, nor give
them an unlimited number of IP addresses from the network segment to
which they are connected.
Many cable modem head-end systems can be configured to add a Relay
Agent Information option to DHCP packets when relaying them to the DHCP
server. These systems typically add a circuit ID or remote ID option
that uniquely identifies the customer site. To take advantage of
this, you can write a class declaration as follows:
class "customer" {
spawn with option agent.circuit-id;
lease limit 4;
}
Now whenever a request comes in from a customer site, the circuit ID
option will be checked against the class's hash table. If a subclass
is found that matches the circuit ID, the client will be classified in
that subclass and treated accordingly. If no subclass is found
matching the circuit ID, a new one will be created and logged in the
dhcpd.leases file, and the client will be classified in this new class.
Once the client has been classified, it will be treated according to
the rules of the class, including, in this case, being subject to the
per-site limit of four leases.
The use of the subclass spawning mechanism is not restricted to relay
agent options - this particular example is given only because it is a
fairly straightforward one.
COMBINING MATCH, MATCH IF AND SPAWN WITH
In some cases, it may be useful to use one expression to assign a
client to a particular class, and a second expression to put it into a
subclass of that class. This can be done by combining the match if
and spawn with statements, or the match if and match statements. For
example:
class "jr-cable-modems" {
match if option dhcp-vendor-identifier = "jrcm";
spawn with option agent.circuit-id;
lease limit 4;
}
class "dv-dsl-modems" {
match if opton dhcp-vendor-identifier = "dvdsl";
spawn with option agent.circuit-id;
lease limit 16;
}
This allows you to have two classes that both have the same spawn with
expression without getting the clients in the two classes confused with
each other.
DYNAMIC DNS UPDATES
The DHCP server has the ability to dynamically update the Domain Name
System. Within the configuration files, you can define how you want
the Domain Name System to be updated. These updates are RFC 2136
compliant so any DNS server supporting RFC 2136 should be able to
accept updates from the DHCP server.
Two DNS update schemes are currently implemented, and another is
planned. The two that are currently available are the ad-hoc DNS
update mode and the interim DHCP-DNS interaction draft update mode. If
and when the DHCP-DNS interaction draft and the DHCID draft make it
through the IETF standards process, there will be a third mode, which
will be the standard DNS update method. The DHCP server must be
configured to use one of the two currently-supported methods, or not to
do dns updates. This can be done with the ddns-update-style
configuration parameter.
THE AD-HOC DNS UPDATE SCHEME
The ad-hoc Dynamic DNS update scheme is now deprecated and does not
work. In future releases of the ISC DHCP server, this scheme will not
likely be available. The interim scheme works, allows for failover,
and should now be used. The following description is left here for
informational purposes only.
The ad-hoc Dynamic DNS update scheme implemented in this version of the
ISC DHCP server is a prototype design, which does not have much to do
with the standard update method that is being standardized in the IETF
DHC working group, but rather implements some very basic, yet useful,
update capabilities. This mode does not work with the failover
protocol because it does not account for the possibility of two
different DHCP servers updating the same set of DNS records.
For the ad-hoc DNS update method, the client's FQDN is derived in two
parts. First, the hostname is determined. Then, the domain name is
determined, and appended to the hostname.
The DHCP server determines the client's hostname by first looking for a
ddns-hostname configuration option, and using that if it is present.
If no such option is present, the server looks for a valid hostname in
the FQDN option sent by the client. If one is found, it is used;
otherwise, if the client sent a host-name option, that is used.
Otherwise, if there is a host declaration that applies to the client,
the name from that declaration will be used. If none of these applies,
the server will not have a hostname for the client, and will not be
able to do a DNS update.
The domain name is determined from the ddns-domainname configuration
option. The default configuration for this option is:
option server.ddns-domainname = config-option domain-name;
So if this configuration option is not configured to a different value
(over-riding the above default), or if a domain-name option has not
been configured for the client's scope, then the server will not
attempt to perform a DNS update.
The client's fully-qualified domain name, derived as we have described,
is used as the name on which an "A" record will be stored. The A
record will contain the IP address that the client was assigned in its
lease. If there is already an A record with the same name in the DNS
server, no update of either the A or PTR records will occur - this
prevents a client from claiming that its hostname is the name of some
network server. For example, if you have a fileserver called
"fs.sneedville.edu", and the client claims its hostname is "fs", no DNS
update will be done for that client, and an error message will be
logged.
If the A record update succeeds, a PTR record update for the assigned
IP address will be done, pointing to the A record. This update is
unconditional - it will be done even if another PTR record of the same
name exists. Since the IP address has been assigned to the DHCP
server, this should be safe.
Please note that the current implementation assumes clients only have a
single network interface. A client with two network interfaces will
see unpredictable behavior. This is considered a bug, and will be
fixed in a later release. It may be helpful to enable the one-lease-
per-client parameter so that roaming clients do not trigger this same
behavior.
The DHCP protocol normally involves a four-packet exchange - first the
client sends a DHCPDISCOVER message, then the server sends a DHCPOFFER,
then the client sends a DHCPREQUEST, then the server sends a DHCPACK.
In the current version of the server, the server will do a DNS update
after it has received the DHCPREQUEST, and before it has sent the
DHCPACK. It only sends the DNS update if it has not sent one for the
client's address before, in order to minimize the impact on the DHCP
server.
When the client's lease expires, the DHCP server (if it is operating at
the time, or when next it operates) will remove the client's A and PTR
records from the DNS database. If the client releases its lease by
sending a DHCPRELEASE message, the server will likewise remove the A
and PTR records.
THE INTERIM DNS UPDATE SCHEME
The interim DNS update scheme operates mostly according to several
drafts that are being considered by the IETF and are expected to become
standards, but are not yet standards, and may not be standardized
exactly as currently proposed. These are:
draft-ietf-dhc-ddns-resolution-??.txt
draft-ietf-dhc-fqdn-option-??.txt
draft-ietf-dnsext-dhcid-rr-??.txt
Because our implementation is slightly different than the standard, we
will briefly document the operation of this update style here.
The first point to understand about this style of DNS update is that
unlike the ad-hoc style, the DHCP server does not necessarily always
update both the A and the PTR records. The FQDN option includes a
flag which, when sent by the client, indicates that the client wishes
to update its own A record. In that case, the server can be
configured either to honor the client's intentions or ignore them.
This is done with the statement allow client-updates; or the statement
ignore client-updates;. By default, client updates are allowed.
If the server is configured to allow client updates, then if the client
sends a fully-qualified domain name in the FQDN option, the server will
use that name the client sent in the FQDN option to update the PTR
record. For example, let us say that the client is a visitor from the
"radish.org" domain, whose hostname is "jschmoe". The server is for
the "example.org" domain. The DHCP client indicates in the FQDN
option that its FQDN is "jschmoe.radish.org.". It also indicates that
it wants to update its own A record. The DHCP server therefore does
not attempt to set up an A record for the client, but does set up a PTR
record for the IP address that it assigns the client, pointing at
jschmoe.radish.org. Once the DHCP client has an IP address, it can
update its own A record, assuming that the "radish.org" DNS server will
allow it to do so.
If the server is configured not to allow client updates, or if the
client doesn't want to do its own update, the server will simply choose
a name for the client from either the fqdn option (if present) or the
hostname option (if present). It will use its own domain name for the
client, just as in the ad-hoc update scheme. It will then update both
the A and PTR record, using the name that it chose for the client. If
the client sends a fully-qualified domain name in the fqdn option, the
server uses only the leftmost part of the domain name - in the example
above, "jschmoe" instead of "jschmoe.radish.org".
Further, if the ignore client-updates; directive is used, then the
server will in addition send a response in the DHCP packet, using the
FQDN Option, that implies to the client that it should perform its own
updates if it chooses to do so. With deny client-updates;, a response
is sent which indicates the client may not perform updates.
Also, if the use-host-decl-names configuration option is enabled, then
the host declaration's hostname will be used in place of the hostname
option, and the same rules will apply as described above.
The other difference between the ad-hoc scheme and the interim scheme
is that with the interim scheme, a method is used that allows more than
one DHCP server to update the DNS database without accidentally
deleting A records that shouldn't be deleted nor failing to add A
records that should be added. The scheme works as follows:
When the DHCP server issues a client a new lease, it creates a text
string that is an MD5 hash over the DHCP client's identification (see
draft-ietf-dnsext-dhcid-rr-??.txt for details). The update adds an A
record with the name the server chose and a TXT record containing the
hashed identifier string (hashid). If this update succeeds, the
server is done.
If the update fails because the A record already exists, then the DHCP
server attempts to add the A record with the prerequisite that there
must be a TXT record in the same name as the new A record, and that TXT
record's contents must be equal to hashid. If this update succeeds,
then the client has its A record and PTR record. If it fails, then
the name the client has been assigned (or requested) is in use, and
can't be used by the client. At this point the DHCP server gives up
trying to do a DNS update for the client until the client chooses a new
name.
The interim DNS update scheme is called interim for two reasons.
First, it does not quite follow the drafts. The current versions of
the drafts call for a new DHCID RRtype, but this is not yet available.
The interim DNS update scheme uses a TXT record instead. Also, the
existing ddns-resolution draft calls for the DHCP server to put a DHCID
RR on the PTR record, but the interim update method does not do this.
It is our position that this is not useful, and we are working with the
author in hopes of removing it from the next version of the draft, or
better understanding why it is considered useful.
In addition to these differences, the server also does not update very
aggressively. Because each DNS update involves a round trip to the DNS
server, there is a cost associated with doing updates even if they do
not actually modify the DNS database. So the DHCP server tracks
whether or not it has updated the record in the past (this information
is stored on the lease) and does not attempt to update records that it
thinks it has already updated.
This can lead to cases where the DHCP server adds a record, and then
the record is deleted through some other mechanism, but the server
never again updates the DNS because it thinks the data is already
there. In this case the data can be removed from the lease through
operator intervention, and once this has been done, the DNS will be
updated the next time the client renews.
DYNAMIC DNS UPDATE SECURITY
When you set your DNS server up to allow updates from the DHCP server,
you may be exposing it to unauthorized updates. To avoid this, you
should use TSIG signatures - a method of cryptographically signing
updates using a shared secret key. As long as you protect the secrecy
of this key, your updates should also be secure. Note, however, that
the DHCP protocol itself provides no security, and that clients can
therefore provide information to the DHCP server which the DHCP server
will then use in its updates, with the constraints described
previously.
The DNS server must be configured to allow updates for any zone that
the DHCP server will be updating. For example, let us say that clients
in the sneedville.edu domain will be assigned addresses on the
10.10.17.0/24 subnet. In that case, you will need a key declaration
for the TSIG key you will be using, and also two zone declarations -
one for the zone containing A records that will be updates and one for
the zone containing PTR records - for ISC BIND, something like this:
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
zone "example.org" {
type master;
file "example.org.db";
allow-update { key DHCP_UPDATER; };
};
zone "17.10.10.in-addr.arpa" {
type master;
file "10.10.17.db";
allow-update { key DHCP_UPDATER; };
};
You will also have to configure your DHCP server to do updates to these
zones. To do so, you need to add something like this to your
dhcpd.conf file:
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
zone EXAMPLE.ORG. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
zone 17.127.10.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
The primary statement specifies the IP address of the name server whose
zone information is to be updated.
Note that the zone declarations have to correspond to authority records
in your name server - in the above example, there must be an SOA record
for "example.org." and for "17.10.10.in-addr.arpa.". For example, if
there were a subdomain "foo.example.org" with no separate SOA, you
could not write a zone declaration for "foo.example.org." Also keep in
mind that zone names in your DHCP configuration should end in a ".";
this is the preferred syntax. If you do not end your zone name in a
".", the DHCP server will figure it out. Also note that in the DHCP
configuration, zone names are not encapsulated in quotes where there
are in the DNS configuration.
You should choose your own secret key, of course. The ISC BIND 8 and 9
distributions come with a program for generating secret keys called
dnssec-keygen. The version that comes with BIND 9 is likely to produce
a substantially more random key, so we recommend you use that one even
if you are not using BIND 9 as your DNS server. If you are using BIND
9's dnssec-keygen, the above key would be created as follows:
dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
If you are using the BIND 8 dnskeygen program, the following command
will generate a key as seen above:
dnskeygen -H 128 -u -c -n DHCP_UPDATER
You may wish to enable logging of DNS updates on your DNS server. To
do so, you might write a logging statement like the following:
logging {
channel update_debug {
file "/var/log/update-debug.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.info";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
};
You must create the /var/log/named-auth.info and /var/log/update-
debug.log files before starting the name server. For more information
on configuring ISC BIND, consult the documentation that accompanies it.
REFERENCE: EVENTS
There are three kinds of events that can happen regarding a lease, and
it is possible to declare statements that occur when any of these
events happen. These events are the commit event, when the server has
made a commitment of a certain lease to a client, the release event,
when the client has released the server from its commitment, and the
expiry event, when the commitment expires.
To declare a set of statements to execute when an event happens, you
must use the on statement, followed by the name of the event, followed
by a series of statements to execute when the event happens, enclosed
in braces. Events are used to implement DNS updates, so you should
not define your own event handlers if you are using the built-in DNS
update mechanism.
The built-in version of the DNS update mechanism is in a text string
towards the top of server/dhcpd.c. If you want to use events for
things other than DNS updates, and you also want DNS updates, you will
have to start out by copying this code into your dhcpd.conf file and
modifying it.
REFERENCE: DECLARATIONS
The include statement
include "filename";
The include statement is used to read in a named file, and process the
contents of that file as though it were entered in place of the include
statement.
The shared-network statement
shared-network name {
[ parameters ]
[ declarations ]
}
The shared-network statement is used to inform the DHCP server that
some IP subnets actually share the same physical network. Any subnets
in a shared network should be declared within a shared-network
statement. Parameters specified in the shared-network statement will
be used when booting clients on those subnets unless parameters
provided at the subnet or host level override them. If any subnet in a
shared network has addresses available for dynamic allocation, those
addresses are collected into a common pool for that shared network and
assigned to clients as needed. There is no way to distinguish on which
subnet of a shared network a client should boot.
Name should be the name of the shared network. This name is used when
printing debugging messages, so it should be descriptive for the shared
network. The name may have the syntax of a valid domain name
(although it will never be used as such), or it may be any arbitrary
name, enclosed in quotes.
The subnet statement
subnet subnet-number netmask netmask {
[ parameters ]
[ declarations ]
}
The subnet statement is used to provide dhcpd with enough information
to tell whether or not an IP address is on that subnet. It may also be
used to provide subnet-specific parameters and to specify what
addresses may be dynamically allocated to clients booting on that
subnet. Such addresses are specified using the range declaration.
The subnet-number should be an IP address or domain name which resolves
to the subnet number of the subnet being described. The netmask
should be an IP address or domain name which resolves to the subnet
mask of the subnet being described. The subnet number, together with
the netmask, are sufficient to determine whether any given IP address
is on the specified subnet.
Although a netmask must be given with every subnet declaration, it is
recommended that if there is any variance in subnet masks at a site, a
subnet-mask option statement be used in each subnet declaration to set
the desired subnet mask, since any subnet-mask option statement will
override the subnet mask declared in the subnet statement.
The range statement
range [ dynamic-bootp ] low-address [ high-address];
For any subnet on which addresses will be assigned dynamically, there
must be at least one range statement. The range statement gives the
lowest and highest IP addresses in a range. All IP addresses in the
range should be in the subnet in which the range statement is declared.
The dynamic-bootp flag may be specified if addresses in the specified
range may be dynamically assigned to BOOTP clients as well as DHCP
clients. When specifying a single address, high-address can be
omitted.
The host statement
host hostname {
[ parameters ]
[ declarations ]
}
The host declaration provides a scope in which to provide configuration
information about a specific client, and also provides a way to assign
a client a fixed address. The host declaration provides a way for the
DHCP server to identify a DHCP or BOOTP client, and also a way to
assign the client a static IP address.
If it is desirable to be able to boot a DHCP or BOOTP client on more
than one subnet with fixed addresses, more than one address may be
specified in the fixed-address declaration, or more than one host
statement may be specified matching the same client.
If client-specific boot parameters must change based on the network to
which the client is attached, then multiple host declarations should be
used. The host declarations will only match a client if one of their
fixed-address statements is viable on the subnet (or shared network)
where the client is attached. Conversely, for a host declaration to
match a client being allocated a dynamic address, it must not have any
fixed-address statements. You may therefore need a mixture of host
declarations for any given client...some having fixed-address
statements, others without.
hostname should be a name identifying the host. If a hostname option
is not specified for the host, hostname is used.
Host declarations are matched to actual DHCP or BOOTP clients by
matching the dhcp-client-identifier option specified in the host
declaration to the one supplied by the client, or, if the host
declaration or the client does not provide a dhcp-client-identifier
option, by matching the hardware parameter in the host declaration to
the network hardware address supplied by the client. BOOTP clients do
not normally provide a dhcp-client-identifier, so the hardware address
must be used for all clients that may boot using the BOOTP protocol.
Please be aware that only the dhcp-client-identifier option and the
hardware address can be used to match a host declaration. For
example, it is not possible to match a host declaration to a host-name
option. This is because the host-name option cannot be guaranteed to
be unique for any given client, whereas both the hardware address and
dhcp-client-identifier option are at least theoretically guaranteed to
be unique to a given client.
The group statement
group {
[ parameters ]
[ declarations ]
}
The group statement is used simply to apply one or more parameters to a
group of declarations. It can be used to group hosts, shared
networks, subnets, or even other groups.
REFERENCE: ALLOW AND DENY
The allow and deny statements can be used to control the response of
the DHCP server to various sorts of requests. The allow and deny
keywords actually have different meanings depending on the context. In
a pool context, these keywords can be used to set up access lists for
address allocation pools. In other contexts, the keywords simply
control general server behavior with respect to clients based on scope.
In a non-pool context, the ignore keyword can be used in place of the
deny keyword to prevent logging of denied requests.
ALLOW DENY AND IGNORE IN SCOPE
The following usages of allow and deny will work in any scope, although
it is not recommended that they be used in pool declarations.
The unknown-clients keyword
allow unknown-clients;
deny unknown-clients;
ignore unknown-clients;
The unknown-clients flag is used to tell dhcpd whether or not to
dynamically assign addresses to unknown clients. Dynamic address
assignment to unknown clients is allowed by default. An unknown client
is simply a client that has no host declaration.
The use of this option is now deprecated. If you are trying to
restrict access on your network to known clients, you should use deny
unknown-clients; inside of your address pool, as described under the
heading ALLOW AND DENY WITHIN POOL DECLARAIONS.
The bootp keyword
allow bootp;
deny bootp;
ignore bootp;
The bootp flag is used to tell dhcpd whether or not to respond to bootp
queries. Bootp queries are allowed by default.
This option does not satisfy the requirement of failover peers for
denying dynamic bootp clients. The deny dynamic bootp clients; option
should be used instead. See the ALLOW AND DENY WITHIN POOL DECLARATIONS
section of this man page for more details.
The booting keyword
allow booting;
deny booting;
ignore booting;
The booting flag is used to tell dhcpd whether or not to respond to
queries from a particular client. This keyword only has meaning when
it appears in a host declaration. By default, booting is allowed, but
if it is disabled for a particular client, then that client will not be
able to get an address from the DHCP server.
The duplicates keyword
allow duplicates;
deny duplicates;
Host declarations can match client messages based on the DHCP Client
Identifier option or based on the client's network hardware type and
MAC address. If the MAC address is used, the host declaration will
match any client with that MAC address - even clients with different
client identifiers. This doesn't normally happen, but is possible
when one computer has more than one operating system installed on it -
for example, Microsoft Windows and NetBSD or Linux.
The duplicates flag tells the DHCP server that if a request is received
from a client that matches the MAC address of a host declaration, any
other leases matching that MAC address should be discarded by the
server, even if the UID is not the same. This is a violation of the
DHCP protocol, but can prevent clients whose client identifiers change
regularly from holding many leases at the same time. By default,
duplicates are allowed.
The declines keyword
allow declines;
deny declines;
ignore declines;
The DHCPDECLINE message is used by DHCP clients to indicate that the
lease the server has offered is not valid. When the server receives a
DHCPDECLINE for a particular address, it normally abandons that
address, assuming that some unauthorized system is using it.
Unfortunately, a malicious or buggy client can, using DHCPDECLINE
messages, completely exhaust the DHCP server's allocation pool. The
server will reclaim these leases, but while the client is running
through the pool, it may cause serious thrashing in the DNS, and it
will also cause the DHCP server to forget old DHCP client address
allocations.
The declines flag tells the DHCP server whether or not to honor
DHCPDECLINE messages. If it is set to deny or ignore in a particular
scope, the DHCP server will not respond to DHCPDECLINE messages.
The client-updates keyword
allow client-updates;
deny client-updates;
The client-updates flag tells the DHCP server whether or not to honor
the client's intention to do its own update of its A record. This is
only relevant when doing interim DNS updates. See the documentation
under the heading THE INTERIM DNS UPDATE SCHEME for details.
The leasequery keyword
allow leasequery;
deny leasequery;
The leasequery flag tells the DHCP server whether or not to answer
DHCPLEASEQUERY packets. The answer to a DHCPLEASEQUERY packet includes
information about a specific lease, such as when it was issued and when
it will expire. By default, the server will not respond to these
packets.
ALLOW AND DENY WITHIN POOL DECLARATIONS
The uses of the allow and deny keywords shown in the previous section
work pretty much the same way whether the client is sending a
DHCPDISCOVER or a DHCPREQUEST message - an address will be allocated to
the client (either the old address it's requesting, or a new address)
and then that address will be tested to see if it's okay to let the
client have it. If the client requested it, and it's not okay, the
server will send a DHCPNAK message. Otherwise, the server will simply
not respond to the client. If it is okay to give the address to the
client, the server will send a DHCPACK message.
The primary motivation behind pool declarations is to have address
allocation pools whose allocation policies are different. A client
may be denied access to one pool, but allowed access to another pool on
the same network segment. In order for this to work, access control
has to be done during address allocation, not after address allocation
is done.
When a DHCPREQUEST message is processed, address allocation simply
consists of looking up the address the client is requesting and seeing
if it's still available for the client. If it is, then the DHCP server
checks both the address pool permit lists and the relevant in-scope
allow and deny statements to see if it's okay to give the lease to the
client. In the case of a DHCPDISCOVER message, the allocation process
is done as described previously in the ADDRESS ALLOCATION section.
When declaring permit lists for address allocation pools, the following
syntaxes are recognized following the allow or deny keywords:
known-clients;
If specified, this statement either allows or prevents allocation from
this pool to any client that has a host declaration (i.e., is known).
A client is known if it has a host declaration in any scope, not just
the current scope.
unknown-clients;
If specified, this statement either allows or prevents allocation from
this pool to any client that has no host declaration (i.e., is not
known).
members of "class";
If specified, this statement either allows or prevents allocation from
this pool to any client that is a member of the named class.
dynamic bootp clients;
If specified, this statement either allows or prevents allocation from
this pool to any bootp client.
authenticated clients;
If specified, this statement either allows or prevents allocation from
this pool to any client that has been authenticated using the DHCP
authentication protocol. This is not yet supported.
unauthenticated clients;
If specified, this statement either allows or prevents allocation from
this pool to any client that has not been authenticated using the DHCP
authentication protocol. This is not yet supported.
all clients;
If specified, this statement either allows or prevents allocation from
this pool to all clients. This can be used when you want to write a
pool declaration for some reason, but hold it in reserve, or when you
want to renumber your network quickly, and thus want the server to
force all clients that have been allocated addresses from this pool to
obtain new addresses immediately when they next renew.
REFERENCE: PARAMETERS
The adaptive-lease-time-threshold statement
adaptive-lease-time-threshold percentage;
When the number of allocated leases within a pool rises above the
percentage given in this statement, the DHCP server decreases the
lease length for new clients within this pool to min-lease-time
seconds. Clients renewing an already valid (long) leases get at
least the remaining time from the current lease. Since the leases
expire faster, the server may either recover more quickly or avoid
pool exhaustion entirely. Once the number of allocated leases drop
below the threshold, the server reverts back to normal lease times.
Valid percentages are between 1 and 99.
The always-broadcast statement
always-broadcast flag;
The DHCP and BOOTP protocols both require DHCP and BOOTP clients to
set the broadcast bit in the flags field of the BOOTP message
header. Unfortunately, some DHCP and BOOTP clients do not do this,
and therefore may not receive responses from the DHCP server. The
DHCP server can be made to always broadcast its responses to clients
by setting this flag to 'on' for the relevant scope; relevant scopes
would be inside a conditional statement, as a parameter for a class,
or as a parameter for a host declaration. To avoid creating excess
broadcast traffic on your network, we recommend that you restrict
the use of this option to as few clients as possible. For example,
the Microsoft DHCP client is known not to have this problem, as are
the OpenTransport and ISC DHCP clients.
The always-reply-rfc1048 statement
always-reply-rfc1048 flag;
Some BOOTP clients expect RFC1048-style responses, but do not follow
RFC1048 when sending their requests. You can tell that a client is
having this problem if it is not getting the options you have
configured for it and if you see in the server log the message
"(non-rfc1048)" printed with each BOOTREQUEST that is logged.
If you want to send rfc1048 options to such a client, you can set
the always-reply-rfc1048 option in that client's host declaration,
and the DHCP server will respond with an RFC-1048-style vendor
options field. This flag can be set in any scope, and will affect
all clients covered by that scope.
The authoritative statement
authoritative;
not authoritative;
The DHCP server will normally assume that the configuration
information about a given network segment is not known to be correct
and is not authoritative. This is so that if a naive user installs
a DHCP server not fully understanding how to configure it, it does
not send spurious DHCPNAK messages to clients that have obtained
addresses from a legitimate DHCP server on the network.
Network administrators setting up authoritative DHCP servers for
their networks should always write authoritative; at the top of
their configuration file to indicate that the DHCP server should
send DHCPNAK messages to misconfigured clients. If this is not
done, clients will be unable to get a correct IP address after
changing subnets until their old lease has expired, which could take
quite a long time.
Usually, writing authoritative; at the top level of the file should
be sufficient. However, if a DHCP server is to be set up so that
it is aware of some networks for which it is authoritative and some
networks for which it is not, it may be more appropriate to declare
authority on a per-network-segment basis.
Note that the most specific scope for which the concept of authority
makes any sense is the physical network segment - either a shared-
network statement or a subnet statement that is not contained within
a shared-network statement. It is not meaningful to specify that
the server is authoritative for some subnets within a shared
network, but not authoritative for others, nor is it meaningful to
specify that the server is authoritative for some host declarations
and not others.
The boot-unknown-clients statement
boot-unknown-clients flag;
If the boot-unknown-clients statement is present and has a value of
false or off, then clients for which there is no host declaration
will not be allowed to obtain IP addresses. If this statement is
not present or has a value of true or on, then clients without host
declarations will be allowed to obtain IP addresses, as long as
those addresses are not restricted by allow and deny statements
within their pool declarations.
The db-time-format statement
db-time-format [ default | local ] ;
The DHCP server software outputs several timestamps when writing
leases to persistent storage. This configuration parameter selects
one of two output formats. The default format prints the day, date,
and time in UTC, while the local format prints the system seconds-
since-epoch, and helpfully provides the day and time in the system
timezone in a comment. The time formats are described in detail in
the dhcpd.leases(5) manpage.
The ddns-hostname statement
ddns-hostname name;
The name parameter should be the hostname that will be used in
setting up the client's A and PTR records. If no ddns-hostname is
specified in scope, then the server will derive the hostname
automatically, using an algorithm that varies for each of the
different update methods.
The ddns-domainname statement
ddns-domainname name;
The name parameter should be the domain name that will be appended
to the client's hostname to form a fully-qualified domain-name
(FQDN).
The ddns-rev-domainname statement
ddns-rev-domainname name; The name parameter should be the domain
name that will be appended to the client's reversed IP address to
produce a name for use in the client's PTR record. By default,
this is "in-addr.arpa.", but the default can be overridden here.
The reversed IP address to which this domain name is appended is
always the IP address of the client, in dotted quad notation,
reversed - for example, if the IP address assigned to the client is
10.17.92.74, then the reversed IP address is 74.92.17.10. So a
client with that IP address would, by default, be given a PTR record
of 10.17.92.74.in-addr.arpa.
The ddns-update-style parameter
ddns-update-style style;
The style parameter must be one of ad-hoc, interim or none. The
ddns-update-style statement is only meaningful in the outer scope -
it is evaluated once after reading the dhcpd.conf file, rather than
each time a client is assigned an IP address, so there is no way to
use different DNS update styles for different clients.
The ddns-updates statement
ddns-updates flag;
The ddns-updates parameter controls whether or not the server will
attempt to do a DNS update when a lease is confirmed. Set this to
off if the server should not attempt to do updates within a certain
scope. The ddns-updates parameter is on by default. To disable
DNS updates in all scopes, it is preferable to use the ddns-update-
style statement, setting the style to none.
The default-lease-time statement
default-lease-time time;
Time should be the length in seconds that will be assigned to a
lease if the client requesting the lease does not ask for a specific
expiration time.
The do-forward-updates statement
do-forward-updates flag;
The do-forward-updates statement instructs the DHCP server as to
whether it should attempt to update a DHCP client's A record when
the client acquires or renews a lease. This statement has no
effect unless DNS updates are enabled and ddns-update-style is set
to interim. Forward updates are enabled by default. If this
statement is used to disable forward updates, the DHCP server will
never attempt to update the client's A record, and will only ever
attempt to update the client's PTR record if the client supplies an
FQDN that should be placed in the PTR record using the fqdn option.
If forward updates are enabled, the DHCP server will still honor the
setting of the client-updates flag.
The dynamic-bootp-lease-cutoff statement
dynamic-bootp-lease-cutoff date;
The dynamic-bootp-lease-cutoff statement sets the ending time for
all leases assigned dynamically to BOOTP clients. Because BOOTP
clients do not have any way of renewing leases, and don't know that
their leases could expire, by default dhcpd assigns infinite leases
to all BOOTP clients. However, it may make sense in some situations
to set a cutoff date for all BOOTP leases - for example, the end of
a school term, or the time at night when a facility is closed and
all machines are required to be powered off.
Date should be the date on which all assigned BOOTP leases will end.
The date is specified in the form:
W YYYY/MM/DD HH:MM:SS
W is the day of the week expressed as a number from zero (Sunday) to
six (Saturday). YYYY is the year, including the century. MM is the
month expressed as a number from 1 to 12. DD is the day of the
month, counting from 1. HH is the hour, from zero to 23. MM is the
minute and SS is the second. The time is always in Coordinated
Universal Time (UTC), not local time.
The dynamic-bootp-lease-length statement
dynamic-bootp-lease-length length;
The dynamic-bootp-lease-length statement is used to set the length
of leases dynamically assigned to BOOTP clients. At some sites, it
may be possible to assume that a lease is no longer in use if its
holder has not used BOOTP or DHCP to get its address within a
certain time period. The period is specified in length as a number
of seconds. If a client reboots using BOOTP during the timeout
period, the lease duration is reset to length, so a BOOTP client
that boots frequently enough will never lose its lease. Needless to
say, this parameter should be adjusted with extreme caution.
The filename statement
filename "filename";
The filename statement can be used to specify the name of the
initial boot file which is to be loaded by a client. The filename
should be a filename recognizable to whatever file transfer protocol
the client can be expected to use to load the file.
The fixed-address declaration
fixed-address address [, address ... ];
The fixed-address declaration is used to assign one or more fixed IP
addresses to a client. It should only appear in a host declaration.
If more than one address is supplied, then when the client boots, it
will be assigned the address that corresponds to the network on
which it is booting. If none of the addresses in the fixed-address
statement are valid for the network to which the client is
connected, that client will not match the host declaration
containing that fixed-address declaration. Each address in the
fixed-address declaration should be either an IP address or a domain
name that resolves to one or more IP addresses.
The get-lease-hostnames statement
get-lease-hostnames flag;
The get-lease-hostnames statement is used to tell dhcpd whether or
not to look up the domain name corresponding to the IP address of
each address in the lease pool and use that address for the DHCP
hostname option. If flag is true, then this lookup is done for all
addresses in the current scope. By default, or if flag is false,
no lookups are done.
The hardware statement
hardware hardware-type hardware-address;
In order for a BOOTP client to be recognized, its network hardware
address must be declared using a hardware clause in the host
statement. hardware-type must be the name of a physical hardware
interface type. Currently, only the ethernet and token-ring types
are recognized, although support for a fddi hardware type (and
others) would also be desirable. The hardware-address should be a
set of hexadecimal octets (numbers from 0 through ff) separated by
colons. The hardware statement may also be used for DHCP clients.
The infinite-is-reserved statement
infinite-is-reserved flag;
ISC DHCP now supports 'reserved' leases. See the section on
RESERVED LEASES below. If this flag is on, the server will
automatically reserve leases allocated to clients which requested an
infinite (0xffffffff) lease-time.
The default is off.
The lease-file-name statement
lease-file-name name;
Name should be the name of the DHCP server's lease file. By
default, this is /var/lib/dhcp3/dhcpd.leases. This statement must
appear in the outer scope of the configuration file - if it appears
in some other scope, it will have no effect.
The local-port statement
local-port port;
This statement causes the DHCP server to listen for DHCP requests on
the UDP port specified in port, rather than on port 67.
The local-address statement
local-address address;
This statement causes the DHCP server to listen for DHCP requests
sent to the specified address, rather than requests sent to all
addresses. Since serving directly attached DHCP clients implies
that the server must respond to requests sent to the all-ones IP
address, this option cannot be used if clients are on directly
attached networks...it is only realistically useful for a server
whose only clients are reached via unicasts, such as via DHCP relay
agents.
Note: This statement is only effective if the server was compiled
using the USE_SOCKETS #define statement, which is default on a small
number of operating systems, and must be explicitly chosen at
compile-time for all others. You can be sure if your server is
compiled with USE_SOCKETS if you see lines of this format at
startup:
Listening on Socket/eth0
Note also that since this bind()s all DHCP sockets to the specified
address, that only one address may be supported in a daemon at a
given time.
The log-facility statement
log-facility facility;
This statement causes the DHCP server to do all of its logging on
the specified log facility once the dhcpd.conf file has been read.
By default the DHCP server logs to the daemon facility. Possible
log facilities include auth, authpriv, cron, daemon, ftp, kern, lpr,
mail, mark, news, ntp, security, syslog, user, uucp, and local0
through local7. Not all of these facilities are available on all
systems, and there may be other facilities available on other
systems.
In addition to setting this value, you may need to modify your
syslog.conf file to configure logging of the DHCP server. For
example, you might add a line like this:
local7.debug /var/log/dhcpd.log
The syntax of the syslog.conf file may be different on some
operating systems - consult the syslog.conf manual page to be sure.
To get syslog to start logging to the new file, you must first
create the file with correct ownership and permissions (usually, the
same owner and permissions of your /var/log/messages or
/usr/adm/messages file should be fine) and send a SIGHUP to syslogd.
Some systems support log rollover using a shell script or program
called newsyslog or logrotate, and you may be able to configure this
as well so that your log file doesn't grow uncontrollably.
Because the log-facility setting is controlled by the dhcpd.conf
file, log messages printed while parsing the dhcpd.conf file or
before parsing it are logged to the default log facility. To
prevent this, see the README file included with this distribution,
which describes how to change the default log facility. When this
parameter is used, the DHCP server prints its startup message a
second time after parsing the configuration file, so that the log
will be as complete as possible.
The max-lease-time statement
max-lease-time time;
Time should be the maximum length in seconds that will be assigned
to a lease. The only exception to this is that Dynamic BOOTP lease
lengths, which are not specified by the client, are not limited by
this maximum.
The min-lease-time statement
min-lease-time time;
Time should be the minimum length in seconds that will be assigned
to a lease.
The min-secs statement
min-secs seconds;
Seconds should be the minimum number of seconds since a client began
trying to acquire a new lease before the DHCP server will respond to
its request. The number of seconds is based on what the client
reports, and the maximum value that the client can report is 255
seconds. Generally, setting this to one will result in the DHCP
server not responding to the client's first request, but always
responding to its second request.
This can be used to set up a secondary DHCP server which never
offers an address to a client until the primary server has been
given a chance to do so. If the primary server is down, the client
will bind to the secondary server, but otherwise clients should
always bind to the primary. Note that this does not, by itself,
permit a primary server and a secondary server to share a pool of
dynamically-allocatable addresses.
The next-server statement
next-server server-name;
The next-server statement is used to specify the host address of the
server from which the initial boot file (specified in the filename
statement) is to be loaded. Server-name should be a numeric IP
address or a domain name.
The omapi-port statement
omapi-port port;
The omapi-port statement causes the DHCP server to listen for OMAPI
connections on the specified port. This statement is required to
enable the OMAPI protocol, which is used to examine and modify the
state of the DHCP server as it is running.
The one-lease-per-client statement
one-lease-per-client flag;
If this flag is enabled, whenever a client sends a DHCPREQUEST for a
particular lease, the server will automatically free any other
leases the client holds. This presumes that when the client sends
a DHCPREQUEST, it has forgotten any lease not mentioned in the
DHCPREQUEST - i.e., the client has only a single network interface
and it does not remember leases it's holding on networks to which it
is not currently attached. Neither of these assumptions are
guaranteed or provable, so we urge caution in the use of this
statement.
The pid-file-name statement
pid-file-name name;
Name should be the name of the DHCP server's process ID file. This
is the file in which the DHCP server's process ID is stored when the
server starts. By default, this is /var/run/dhcpd.pid. Like the
lease-file-name statement, this statement must appear in the outer
scope of the configuration file.
The ping-check statement
ping-check flag;
When the DHCP server is considering dynamically allocating an IP
address to a client, it first sends an ICMP Echo request (a ping) to
the address being assigned. It waits for a second, and if no ICMP
Echo response has been heard, it assigns the address. If a
response is heard, the lease is abandoned, and the server does not
respond to the client.
This ping check introduces a default one-second delay in responding
to DHCPDISCOVER messages, which can be a problem for some clients.
The default delay of one second may be configured using the ping-
timeout parameter. The ping-check configuration parameter can be
used to control checking - if its value is false, no ping check is
done.
The ping-timeout statement
ping-timeout seconds;
If the DHCP server determined it should send an ICMP echo request (a
ping) because the ping-check statement is true, ping-timeout allows
you to configure how many seconds the DHCP server should wait for an
ICMP Echo response to be heard, if no ICMP Echo response has been
received before the timeout expires, it assigns the address. If a
response is heard, the lease is abandoned, and the server does not
respond to the client. If no value is set, ping-timeout defaults to
1 second.
The remote-port statement
remote-port port;
This statement causes the DHCP server to transmit DHCP responses to
DHCP clients upon the UDP port specified in port, rather than on
port 68. In the event that the UDP response is transmitted to a
DHCP Relay, the server generally uses the local-port configuration
value. Should the DHCP Relay happen to be addressed as 127.0.0.1,
however, the DHCP Server transmits its response to the remote-port
configuration value. This is generally only useful for testing
purposes, and this configuration value should generally not be used.
The server-identifier statement
server-identifier hostname;
The server-identifier statement can be used to define the value that
is sent in the DHCP Server Identifier option for a given scope.
The value specified must be an IP address for the DHCP server, and
must be reachable by all clients served by a particular scope.
The use of the server-identifier statement is not recommended - the
only reason to use it is to force a value other than the default
value to be sent on occasions where the default value would be
incorrect. The default value is the first IP address associated
with the physical network interface on which the request arrived.
The usual case where the server-identifier statement needs to be
sent is when a physical interface has more than one IP address, and
the one being sent by default isn't appropriate for some or all
clients served by that interface. Another common case is when an
alias is defined for the purpose of having a consistent IP address
for the DHCP server, and it is desired that the clients use this IP
address when contacting the server.
Supplying a value for the dhcp-server-identifier option is
equivalent to using the server-identifier statement.
The server-name statement
server-name name ;
The server-name statement can be used to inform the client of the
name of the server from which it is booting. Name should be the
name that will be provided to the client.
The site-option-space statement
site-option-space name ;
The site-option-space statement can be used to determine from what
option space site-local options will be taken. This can be used in
much the same way as the vendor-option-space statement. Site-local
options in DHCP are those options whose numeric codes are greater
than 224. These options are intended for site-specific uses, but
are frequently used by vendors of embedded hardware that contains
DHCP clients. Because site-specific options are allocated on an ad
hoc basis, it is quite possible that one vendor's DHCP client might
use the same option code that another vendor's client uses, for
different purposes. The site-option-space option can be used to
assign a different set of site-specific options for each such
vendor, using conditional evaluation (see dhcp-eval (5) for
details).
The stash-agent-options statement
stash-agent-options flag;
If the stash-agent-options parameter is true for a given client, the
server will record the relay agent information options sent during
the client's initial DHCPREQUEST message when the client was in the
SELECTING state and behave as if those options are included in all
subsequent DHCPREQUEST messages sent in the RENEWING state. This
works around a problem with relay agent information options, which
is that they usually not appear in DHCPREQUEST messages sent by the
client in the RENEWING state, because such messages are unicast
directly to the server and not sent through a relay agent.
The update-conflict-detection statement
update-conflict-detection flag;
If the update-conflict-detection parameter is true, the server will
perform standard DHCID multiple-client, one-name conflict detection.
If the parameter has been set false, the server will skip this check
and instead simply tear down any previous bindings to install the
new binding without question. The default is true.
The update-optimization statement
update-optimization flag;
If the update-optimization parameter is false for a given client,
the server will attempt a DNS update for that client each time the
client renews its lease, rather than only attempting an update when
it appears to be necessary. This will allow the DNS to heal from
database inconsistencies more easily, but the cost is that the DHCP
server must do many more DNS updates. We recommend leaving this
option enabled, which is the default. This option only affects the
behavior of the interim DNS update scheme, and has no effect on the
ad-hoc DNS update scheme. If this parameter is not specified, or
is true, the DHCP server will only update when the client
information changes, the client gets a different lease, or the
client's lease expires.
The update-static-leases statement
update-static-leases flag;
The update-static-leases flag, if enabled, causes the DHCP server to
do DNS updates for clients even if those clients are being assigned
their IP address using a fixed-address statement - that is, the
client is being given a static assignment. This can only work with
the interim DNS update scheme. It is not recommended because the
DHCP server has no way to tell that the update has been done, and
therefore will not delete the record when it is not in use. Also,
the server must attempt the update each time the client renews its
lease, which could have a significant performance impact in
environments that place heavy demands on the DHCP server.
The use-host-decl-names statement
use-host-decl-names flag;
If the use-host-decl-names parameter is true in a given scope, then
for every host declaration within that scope, the name provided for
the host declaration will be supplied to the client as its hostname.
So, for example,
group {
use-host-decl-names on;
host joe {
hardware ethernet 08:00:2b:4c:29:32;
fixed-address joe.fugue.com;
}
}
is equivalent to
host joe {
hardware ethernet 08:00:2b:4c:29:32;
fixed-address joe.fugue.com;
option host-name "joe";
}
An option host-name statement within a host declaration will
override the use of the name in the host declaration.
It should be noted here that most DHCP clients completely ignore the
host-name option sent by the DHCP server, and there is no way to
configure them not to do this. So you generally have a choice of
either not having any hostname to client IP address mapping that the
client will recognize, or doing DNS updates. It is beyond the
scope of this document to describe how to make this determination.
The use-lease-addr-for-default-route statement
use-lease-addr-for-default-route flag;
If the use-lease-addr-for-default-route parameter is true in a given
scope, then instead of sending the value specified in the routers
option (or sending no value at all), the IP address of the lease
being assigned is sent to the client. This supposedly causes Win95
machines to ARP for all IP addresses, which can be helpful if your
router is configured for proxy ARP. The use of this feature is not
recommended, because it won't work for many DHCP clients.
The vendor-option-space statement
vendor-option-space string;
The vendor-option-space parameter determines from what option space
vendor options are taken. The use of this configuration parameter
is illustrated in the dhcp-options(5) manual page, in the VENDOR
ENCAPSULATED OPTIONS section.
SETTING PARAMETER VALUES USING EXPRESSIONS
Sometimes it's helpful to be able to set the value of a DHCP server
parameter based on some value that the client has sent. To do this,
you can use expression evaluation. The dhcp-eval(5) manual page
describes how to write expressions. To assign the result of an
evaluation to an option, define the option as follows:
my-parameter = expression ;
For example:
ddns-hostname = binary-to-ascii (16, 8, "-",
substring (hardware, 1, 6));
RESERVED LEASES
It's often useful to allocate a single address to a single client, in
approximate perpetuity. Host statements with fixed-address clauses
exist to a certain extent to serve this purpose, but because host
statements are intended to approximate 'static configuration', they
suffer from not being referenced in a littany of other Server Services,
such as dynamic DNS, failover, 'on events' and so forth.
If a standard dynamic lease, as from any range statement, is marked
'reserved', then the server will only allocate this lease to the client
it is identified by (be that by client identifier or hardware address).
In practice, this means that the lease follows the normal state engine,
enters ACTIVE state when the client is bound to it, expires, or is
released, and any events or services that would normally be supplied
during these events are processed normally, as with any other dynamic
lease. The only difference is that failover servers treat reserved
leases as special when they enter the FREE or BACKUP states - each
server applies the lease into the state it may allocate from - and the
leases are not placed on the queue for allocation to other clients.
Instead they may only be 'found' by client identity. The result is
that the lease is only offered to the returning client.
Care should probably be taken to ensure that the client only has one
lease within a given subnet that it is identified by.
Leases may be set 'reserved' either through OMAPI, or through the
'infinite-is-reserved' configuration option (if this is applicable to
your environment and mixture of clients).
It should also be noted that leases marked 'reserved' are effectively
treated the same as leases marked 'bootp'.
REFERENCE: OPTION STATEMENTS
DHCP option statements are documented in the dhcp-options(5) manual
page.
REFERENCE: EXPRESSIONS
Expressions used in DHCP option statements and elsewhere are documented
in the dhcp-eval(5) manual page.
SEE ALSO
dhcpd(8), dhcpd.leases(5), dhcp-options(5), dhcp-eval(5), RFC2132,
RFC2131.
AUTHOR
dhcpd.conf(5) was written by Ted Lemon under a contract with Vixie
Labs. Funding for this project was provided by Internet Systems
Consortium. Information about Internet Systems Consortium can be found
at https://www.isc.org.
dhcpd.conf(5)