Provided by: isc-dhcp-server_4.4.3-P1-4ubuntu2_amd64 
NAME
dhcpd.conf - dhcpd configuration file
DESCRIPTION
The dhcpd.conf file contains configuration information for dhcpd, the Internet Systems Consortium DHCP
Server.
The dhcpd.conf file is a free-form ASCII text file. It is parsed by the recursive-descent parser built
into dhcpd. The file may contain extra tabs and newlines for formatting purposes. Keywords in the file
are case-insensitive. Comments may be placed anywhere within the file (except within quotes). Comments
begin with the # character and end at the end of the line.
The file essentially consists of a list of statements. Statements fall into two broad categories -
parameters and declarations.
Parameter statements either say how to do something (e.g., how long a lease to offer), whether to do
something (e.g., should dhcpd provide addresses to unknown clients), or what parameters to provide to the
client (e.g., use gateway 220.177.244.7).
Declarations are used to describe the topology of the network, to describe clients on the network, to
provide addresses that can be assigned to clients, or to apply a group of parameters to a group of
declarations. In any group of parameters and declarations, all parameters must be specified before any
declarations which depend on those parameters may be specified.
Declarations about network topology include the shared-network and the subnet declarations. If clients
on a subnet are to be assigned addresses dynamically, a range declaration must appear within the subnet
declaration. For clients with statically assigned addresses, or for installations where only known
clients will be served, each such client must have a host declaration. If parameters are to be applied
to a group of declarations which are not related strictly on a per-subnet basis, the group declaration
can be used.
For every subnet which will be served, and for every subnet to which the dhcp server is connected, there
must be one subnet declaration, which tells dhcpd how to recognize that an address is on that subnet. A
subnet declaration is required for each subnet even if no addresses will be dynamically allocated on that
subnet.
Some installations have physical networks on which more than one IP subnet operates. For example, if
there is a site-wide requirement that 8-bit subnet masks be used, but a department with a single physical
ethernet network expands to the point where it has more than 254 nodes, it may be necessary to run two
8-bit subnets on the same ethernet until such time as a new physical network can be added. In this case,
the subnet declarations for these two networks must be enclosed in a shared-network declaration.
Note that even when the shared-network declaration is absent, an empty one is created by the server to
contain the subnet (and any scoped parameters included in the subnet). For practical purposes, this
means that "stateless" DHCP clients, which are not tied to addresses (and therefore subnets) will receive
the same configuration as stateful ones.
Some sites may have departments which have clients on more than one subnet, but it may be desirable to
offer those clients a uniform set of parameters which are different than what would be offered to clients
from other departments on the same subnet. For clients which will be declared explicitly with host
declarations, these declarations can be enclosed in a group declaration along with the parameters which
are common to that department. For clients whose addresses will be dynamically assigned, class
declarations and conditional declarations may be used to group parameter assignments based on information
the client sends.
When a client is to be booted, its boot parameters are determined by consulting that client's host
declaration (if any), and then consulting any class declarations matching the client, followed by the
pool, subnet and shared-network declarations for the IP address assigned to the client. Each of these
declarations itself appears within a lexical scope, and all declarations at less specific lexical scopes
are also consulted for client option declarations. Scopes are never considered twice, and if parameters
are declared in more than one scope, the parameter declared in the most specific scope is the one that is
used.
When dhcpd tries to find a host declaration for a client, it first looks for a host declaration which has
a fixed-address declaration that lists an IP address that is valid for the subnet or shared network on
which the client is booting. If it doesn't find any such entry, it tries to find an entry which has no
fixed-address declaration.
EXAMPLES
A typical dhcpd.conf file will look something like this:
global parameters...
subnet 204.254.239.0 netmask 255.255.255.224 {
subnet-specific parameters...
range 204.254.239.10 204.254.239.30;
}
subnet 204.254.239.32 netmask 255.255.255.224 {
subnet-specific parameters...
range 204.254.239.42 204.254.239.62;
}
subnet 204.254.239.64 netmask 255.255.255.224 {
subnet-specific parameters...
range 204.254.239.74 204.254.239.94;
}
group {
group-specific parameters...
host zappo.test.isc.org {
host-specific parameters...
}
host beppo.test.isc.org {
host-specific parameters...
}
host harpo.test.isc.org {
host-specific parameters...
}
}
Figure 1
Notice that at the beginning of the file, there's a place for global parameters. These might be things
like the organization's domain name, the addresses of the name servers (if they are common to the entire
organization), and so on. So, for example:
option domain-name "isc.org";
option domain-name-servers ns1.isc.org, ns2.isc.org;
Figure 2
As you can see in Figure 2, you can specify host addresses in parameters using their domain names rather
than their numeric IP addresses. If a given hostname resolves to more than one IP address (for example,
if that host has two ethernet interfaces), then where possible, both addresses are supplied to the
client.
The most obvious reason for having subnet-specific parameters as shown in Figure 1 is that each subnet,
of necessity, has its own router. So for the first subnet, for example, there should be something like:
option routers 204.254.239.1;
Note that the address here is specified numerically. This is not required - if you have a different
domain name for each interface on your router, it's perfectly legitimate to use the domain name for that
interface instead of the numeric address. However, in many cases there may be only one domain name for
all of a router's IP addresses, and it would not be appropriate to use that name here.
In Figure 1 there is also a group statement, which provides common parameters for a set of three hosts -
zappo, beppo and harpo. As you can see, these hosts are all in the test.isc.org domain, so it might make
sense for a group-specific parameter to override the domain name supplied to these hosts:
option domain-name "test.isc.org";
Also, given the domain they're in, these are probably test machines. If we wanted to test the DHCP
leasing mechanism, we might set the lease timeout somewhat shorter than the default:
max-lease-time 120;
default-lease-time 120;
You may have noticed that while some parameters start with the option keyword, some do not. Parameters
starting with the option keyword correspond to actual DHCP options, while parameters that do not start
with the option keyword either control the behavior of the DHCP server (e.g., how long a lease dhcpd will
give out), or specify client parameters that are not optional in the DHCP protocol (for example, server-
name and filename).
In Figure 1, each host had host-specific parameters. These could include such things as the hostname
option, the name of a file to upload (the filename parameter) and the address of the server from which to
upload the file (the next-server parameter). In general, any parameter can appear anywhere that
parameters are allowed, and will be applied according to the scope in which the parameter appears.
Imagine that you have a site with a lot of NCD X-Terminals. These terminals come in a variety of models,
and you want to specify the boot files for each model. One way to do this would be to have host
declarations for each server and group them by model:
group {
filename "Xncd19r";
next-server ncd-booter;
host ncd1 { hardware ethernet 0:c0:c3:49:2b:57; }
host ncd4 { hardware ethernet 0:c0:c3:80:fc:32; }
host ncd8 { hardware ethernet 0:c0:c3:22:46:81; }
}
group {
filename "Xncd19c";
next-server ncd-booter;
host ncd2 { hardware ethernet 0:c0:c3:88:2d:81; }
host ncd3 { hardware ethernet 0:c0:c3:00:14:11; }
}
group {
filename "XncdHMX";
next-server ncd-booter;
host ncd1 { hardware ethernet 0:c0:c3:11:90:23; }
host ncd4 { hardware ethernet 0:c0:c3:91:a7:8; }
host ncd8 { hardware ethernet 0:c0:c3:cc:a:8f; }
}
ADDRESS POOLS
The pool and pool6 declarations can be used to specify a pool of addresses that will be treated
differently than another pool of addresses, even on the same network segment or subnet. For example, you
may want to provide a large set of addresses that can be assigned to DHCP clients that are registered to
your DHCP server, while providing a smaller set of addresses, possibly with short lease times, that are
available for unknown clients. If you have a firewall, you may be able to arrange for addresses from one
pool to be allowed access to the Internet, while addresses in another pool are not, thus encouraging
users to register their DHCP clients. To do this, you would set up a pair of pool declarations:
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.254;
# Unknown clients get this pool.
pool {
option domain-name-servers bogus.example.com;
max-lease-time 300;
range 10.0.0.200 10.0.0.253;
allow unknown-clients;
}
# Known clients get this pool.
pool {
option domain-name-servers ns1.example.com, ns2.example.com;
max-lease-time 28800;
range 10.0.0.5 10.0.0.199;
deny unknown-clients;
}
}
It is also possible to set up entirely different subnets for known and unknown clients - address pools
exist at the level of shared networks, so address ranges within pool declarations can be on different
subnets.
As you can see in the preceding example, pools can have permit lists that control which clients are
allowed access to the pool and which aren't. Each entry in a pool's permit list is introduced with the
allow or deny keyword. If a pool has a permit list, then only those clients that match specific entries
on the permit list will be eligible to be assigned addresses from the pool. If a pool has a deny list,
then only those clients that do not match any entries on the deny list will be eligible. If both permit
and deny lists exist for a pool, then only clients that match the permit list and do not match the deny
list will be allowed access.
The pool6 declaration is similar to the pool declaration. Currently it is only allowed within a subnet6
declaration, and may not be included directly in a shared network declaration. In addition to the range6
statement it allows the prefix6 statement to be included. You may include range6 statements for both NA
and TA and prefix6 statements in a single pool6 statement.
DYNAMIC ADDRESS ALLOCATION
Address allocation is actually only done when a client is in the INIT state and has sent a DHCPDISCOVER
message. If the client thinks it has a valid lease and sends a DHCPREQUEST to initiate or renew that
lease, the server has only three choices - it can ignore the DHCPREQUEST, send a DHCPNAK to tell the
client it should stop using the address, or send a DHCPACK, telling the client to go ahead and use the
address for a while.
If the server finds the address the client is requesting, and that address is available to the client,
the server will send a DHCPACK. If the address is no longer available, or the client isn't permitted to
have it, the server will send a DHCPNAK. If the server knows nothing about the address, it will remain
silent, unless the address is incorrect for the network segment to which the client has been attached and
the server is authoritative for that network segment, in which case the server will send a DHCPNAK even
though it doesn't know about the address.
There may be a host declaration matching the client's identification. If that host declaration contains
a fixed-address declaration that lists an IP address that is valid for the network segment to which the
client is connected, the DHCP server will never do dynamic address allocation. In this case, the client
is required to take the address specified in the host declaration. If the client sends a DHCPREQUEST for
some other address, the server will respond with a DHCPNAK.
When the DHCP server allocates a new address for a client (remember, this only happens if the client has
sent a DHCPDISCOVER), it first looks to see if the client already has a valid lease on an IP address, or
if there is an old IP address the client had before that hasn't yet been reassigned. In that case, the
server will take that address and check it to see if the client is still permitted to use it. If the
client is no longer permitted to use it, the lease is freed if the server thought it was still in use -
the fact that the client has sent a DHCPDISCOVER proves to the server that the client is no longer using
the lease.
If no existing lease is found, or if the client is forbidden to receive the existing lease, then the
server will look in the list of address pools for the network segment to which the client is attached for
a lease that is not in use and that the client is permitted to have. It looks through each pool
declaration in sequence (all range declarations that appear outside of pool declarations are grouped into
a single pool with no permit list). If the permit list for the pool allows the client to be allocated an
address from that pool, the pool is examined to see if there is an address available. If so, then the
client is tentatively assigned that address. Otherwise, the next pool is tested. If no addresses are
found that can be assigned to the client, no response is sent to the client.
If an address is found that the client is permitted to have, and that has never been assigned to any
client before, the address is immediately allocated to the client. If the address is available for
allocation but has been previously assigned to a different client, the server will keep looking in hopes
of finding an address that has never before been assigned to a client.
The DHCP server generates the list of available IP addresses from a hash table. This means that the
addresses are not sorted in any particular order, and so it is not possible to predict the order in which
the DHCP server will allocate IP addresses. Users of previous versions of the ISC DHCP server may have
become accustomed to the DHCP server allocating IP addresses in ascending order, but this is no longer
possible, and there is no way to configure this behavior with version 3 of the ISC DHCP server.
IP ADDRESS CONFLICT PREVENTION
The DHCP server checks IP addresses to see if they are in use before allocating them to clients. It does
this by sending an ICMP Echo request message to the IP address being allocated. If no ICMP Echo reply is
received within a second, the address is assumed to be free. This is only done for leases that have been
specified in range statements, and only when the lease is thought by the DHCP server to be free - i.e.,
the DHCP server or its failover peer has not listed the lease as in use.
If a response is received to an ICMP Echo request, the DHCP server assumes that there is a configuration
error - the IP address is in use by some host on the network that is not a DHCP client. It marks the
address as abandoned, and will not assign it to clients. The lease will remain abandoned for a minimum of
abandon-lease-time seconds.
If a DHCP client tries to get an IP address, but none are available, but there are abandoned IP
addresses, then the DHCP server will attempt to reclaim an abandoned IP address. It marks one IP address
as free, and then does the same ICMP Echo request check described previously. If there is no answer to
the ICMP Echo request, the address is assigned to the client.
The DHCP server does not cycle through abandoned IP addresses if the first IP address it tries to reclaim
is free. Rather, when the next DHCPDISCOVER comes in from the client, it will attempt a new allocation
using the same method described here, and will typically try a new IP address.
DHCP FAILOVER
This version of the ISC DHCP server supports the DHCP failover protocol as documented in draft-ietf-dhc-
failover-12.txt. This is not a final protocol document, and we have not done interoperability testing
with other vendors' implementations of this protocol, so you must not assume that this implementation
conforms to the standard. If you wish to use the failover protocol, make sure that both failover peers
are running the same version of the ISC DHCP server.
The failover protocol allows two DHCP servers (and no more than two) to share a common address pool.
Each server will have about half of the available IP addresses in the pool at any given time for
allocation. If one server fails, the other server will continue to renew leases out of the pool, and
will allocate new addresses out of the roughly half of available addresses that it had when
communications with the other server were lost.
It is possible during a prolonged failure to tell the remaining server that the other server is down, in
which case the remaining server will (over time) reclaim all the addresses the other server had available
for allocation, and begin to reuse them. This is called putting the server into the PARTNER-DOWN state.
You can put the server into the PARTNER-DOWN state either by using the omshell (1) command or by stopping
the server, editing the last failover state declaration in the lease file, and restarting the server. If
you use this last method, change the "my state" line to:
failover peer name state {
my state partner-down;.
peer state state at date;
}
It is only required to change "my state" as shown above.
When the other server comes back online, it should automatically detect that it has been offline and
request a complete update from the server that was running in the PARTNER-DOWN state, and then both
servers will resume processing together.
It is possible to get into a dangerous situation: if you put one server into the PARTNER-DOWN state, and
then *that* server goes down, and the other server comes back up, the other server will not know that the
first server was in the PARTNER-DOWN state, and may issue addresses previously issued by the other server
to different clients, resulting in IP address conflicts. Before putting a server into PARTNER-DOWN
state, therefore, make sure that the other server will not restart automatically.
The failover protocol defines a primary server role and a secondary server role. There are some
differences in how primaries and secondaries act, but most of the differences simply have to do with
providing a way for each peer to behave in the opposite way from the other. So one server must be
configured as primary, and the other must be configured as secondary, and it doesn't matter too much
which one is which.
FAILOVER STARTUP
When a server starts that has not previously communicated with its failover peer, it must establish
communications with its failover peer and synchronize with it before it can serve clients. This can
happen either because you have just configured your DHCP servers to perform failover for the first time,
or because one of your failover servers has failed catastrophically and lost its database.
The initial recovery process is designed to ensure that when one failover peer loses its database and
then resynchronizes, any leases that the failed server gave out before it failed will be honored. When
the failed server starts up, it notices that it has no saved failover state, and attempts to contact its
peer.
When it has established contact, it asks the peer for a complete copy its peer's lease database. The
peer then sends its complete database, and sends a message indicating that it is done. The failed server
then waits until MCLT has passed, and once MCLT has passed both servers make the transition back into
normal operation. This waiting period ensures that any leases the failed server may have given out while
out of contact with its partner will have expired.
While the failed server is recovering, its partner remains in the partner-down state, which means that it
is serving all clients. The failed server provides no service at all to DHCP clients until it has made
the transition into normal operation.
In the case where both servers detect that they have never before communicated with their partner, they
both come up in this recovery state and follow the procedure we have just described. In this case, no
service will be provided to DHCP clients until MCLT has expired.
CONFIGURING FAILOVER
In order to configure failover, you need to write a peer declaration that configures the failover
protocol, and you need to write peer references in each pool declaration for which you want to do
failover. You do not have to do failover for all pools on a given network segment. You must not tell
one server it's doing failover on a particular address pool and tell the other it is not. You must not
have any common address pools on which you are not doing failover. A pool declaration that utilizes
failover would look like this:
pool {
failover peer "foo";
pool specific parameters
};
The server currently does very little sanity checking, so if you configure it wrong, it will just
fail in odd ways. I would recommend therefore that you either do failover or don't do failover, but
don't do any mixed pools. Also, use the same master configuration file for both servers, and have a
separate file that contains the peer declaration and includes the master file. This will help you to
avoid configuration mismatches. As our implementation evolves, this will become less of a problem.
A basic sample dhcpd.conf file for a primary server might look like this:
failover peer "foo" {
primary;
address anthrax.rc.example.com;
port 519;
peer address trantor.rc.example.com;
peer port 520;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 3;
}
include "/etc/dhcpd.master";
The statements in the peer declaration are as follows:
The primary and secondary statements
[ primary | secondary ];
This determines whether the server is primary or secondary, as described earlier under DHCP FAILOVER.
The address statement
address address;
The address statement declares the IP address or DNS name on which the server should listen for
connections from its failover peer, and also the value to use for the DHCP Failover Protocol server
identifier. Because this value is used as an identifier, it may not be omitted.
The peer address statement
peer address address;
The peer address statement declares the IP address or DNS name to which the server should connect to
reach its failover peer for failover messages.
The port statement
port port-number;
The port statement declares the TCP port on which the server should listen for connections from its
failover peer. This statement may be omitted, in which case the IANA assigned port number 647 will be
used by default.
The peer port statement
peer port port-number;
The peer port statement declares the TCP port to which the server should connect to reach its failover
peer for failover messages. This statement may be omitted, in which case the IANA assigned port number
647 will be used by default.
The max-response-delay statement
max-response-delay seconds;
The max-response-delay statement tells the DHCP server how many seconds may pass without receiving a
message from its failover peer before it assumes that connection has failed. This number should be
small enough that a transient network failure that breaks the connection will not result in the servers
being out of communication for a long time, but large enough that the server isn't constantly making
and breaking connections. This parameter must be specified.
The max-unacked-updates statement
max-unacked-updates count;
The max-unacked-updates statement tells the remote DHCP server how many BNDUPD messages it can send
before it receives a BNDACK from the local system. We don't have enough operational experience to say
what a good value for this is, but 10 seems to work. This parameter must be specified.
The mclt statement
mclt seconds;
The mclt statement defines the Maximum Client Lead Time. It must be specified on the primary, and may
not be specified on the secondary. This is the length of time for which a lease may be renewed by
either failover peer without contacting the other. The longer you set this, the longer it will take
for the running server to recover IP addresses after moving into PARTNER-DOWN state. The shorter you
set it, the more load your servers will experience when they are not communicating. A value of
something like 3600 is probably reasonable, but again bear in mind that we have no real operational
experience with this.
The split statement
split bits;
The split statement specifies the split between the primary and secondary for the purposes of load
balancing. Whenever a client makes a DHCP request, the DHCP server runs a hash on the client
identification, resulting in value from 0 to 255. This is used as an index into a 256 bit field. If
the bit at that index is set, the primary is responsible. If the bit at that index is not set, the
secondary is responsible. The split value determines how many of the leading bits are set to one. So,
in practice, higher split values will cause the primary to serve more clients than the secondary.
Lower split values, the converse. Legal values are between 0 and 256 inclusive, of which the most
reasonable is 128. Note that a value of 0 makes the secondary responsible for all clients and a value
of 256 makes the primary responsible for all clients.
The hba statement
hba colon-separated-hex-list;
The hba statement specifies the split between the primary and secondary as a bitmap rather than a
cutoff, which theoretically allows for finer-grained control. In practice, there is probably no need
for such fine-grained control, however. An example hba statement:
hba ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00;
This is equivalent to a split 128; statement, and identical. The following two examples are also
equivalent to a split of 128, but are not identical:
hba aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:
aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa;
hba 55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:
55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55;
They are equivalent, because half the bits are set to 0, half are set to 1 (0xa and 0x5 are 1010 and
0101 binary respectively) and consequently this would roughly divide the clients equally between the
servers. They are not identical, because the actual peers this would load balance to each server are
different for each example.
You must only have split or hba defined, never both. For most cases, the fine-grained control that hba
offers isn't necessary, and split should be used.
The load balance max seconds statement
load balance max seconds seconds;
This statement allows you to configure a cutoff after which load balancing is disabled. The cutoff is
based on the number of seconds since the client sent its first DHCPDISCOVER or DHCPREQUEST message, and
only works with clients that correctly implement the secs field - fortunately most clients do. We
recommend setting this to something like 3 or 5. The effect of this is that if one of the failover
peers gets into a state where it is responding to failover messages but not responding to some client
requests, the other failover peer will take over its client load automatically as the clients retry.
It is possible to disable load balancing between peers by setting this value to 0 on both peers. Bear
in mind that this means both peers will respond to all DHCPDISCOVERs or DHCPREQUESTs.
The auto-partner-down statement
auto-partner-down seconds;
This statement instructs the server to initiate a timed delay upon entering the communications-
interrupted state (any situation of being out-of-contact with the remote failover peer). At the
conclusion of the timer, the server will automatically enter the partner-down state. This permits the
server to allocate leases from the partner's free lease pool after an STOS+MCLT timer expires, which
can be dangerous if the partner is in fact operating at the time (the two servers will give conflicting
bindings).
Think very carefully before enabling this feature. The partner-down and communications-interrupted
states are intentionally segregated because there do exist situations where a failover server can fail
to communicate with its peer, but still has the ability to receive and reply to requests from DHCP
clients. In general, this feature should only be used in those deployments where the failover servers
are directly connected to one another, such as by a dedicated hardwired link ("a heartbeat cable").
A zero value disables the auto-partner-down feature (also the default), and any positive value
indicates the time in seconds to wait before automatically entering partner-down.
The Failover pool balance statements.
max-lease-misbalance percentage;
max-lease-ownership percentage;
min-balance seconds;
max-balance seconds;
This version of the DHCP Server evaluates pool balance on a schedule, rather than on demand as leases
are allocated. The latter approach proved to be slightly klunky when pool misbalanced reach total
saturation — when any server ran out of leases to assign, it also lost its ability to notice it had run
dry.
In order to understand pool balance, some elements of its operation first need to be defined. First,
there are ´free´ and ´backup´ leases. Both of these are referred to as ´free state leases´. ´free´
and ´backup´ are ´the free states´ for the purpose of this document. The difference is that only the
primary may allocate from ´free´ leases unless under special circumstances, and only the secondary may
allocate ´backup´ leases.
When pool balance is performed, the only plausible expectation is to provide a 50/50 split of the free
state leases between the two servers. This is because no one can predict which server will fail,
regardless of the relative load placed upon the two servers, so giving each server half the leases
gives both servers the same amount of ´failure endurance´. Therefore, there is no way to configure any
different behaviour, outside of some very small windows we will describe shortly.
The first thing calculated on any pool balance run is a value referred to as ´lts´, or "Leases To
Send". This, simply, is the difference in the count of free and backup leases, divided by two. For
the secondary, it is the difference in the backup and free leases, divided by two. The resulting value
is signed: if it is positive, the local server is expected to hand out leases to retain a 50/50
balance. If it is negative, the remote server would need to send leases to balance the pool. Once the
lts value reaches zero, the pool is perfectly balanced (give or take one lease in the case of an odd
number of total free state leases).
The current approach is still something of a hybrid of the old approach, marked by the presence of the
max-lease-misbalance statement. This parameter configures what used to be a 10% fixed value in
previous versions: if lts is less than free+backup * max-lease-misbalance percent, then the server will
skip balancing a given pool (it won't bother moving any leases, even if some leases "should" be moved).
The meaning of this value is also somewhat overloaded, however, in that it also governs the estimation
of when to attempt to balance the pool (which may then also be skipped over). The oldest leases in the
free and backup states are examined. The time they have resided in their respective queues is used as
an estimate to indicate how much time it is probable it would take before the leases at the top of the
list would be consumed (and thus, how long it would take to use all leases in that state). This
percentage is directly multiplied by this time, and fit into the schedule if it falls within the min-
balance and max-balance configured values. The scheduled pool check time is only moved in a downwards
direction, it is never increased. Lastly, if the lts is more than double this number in the negative
direction, the local server will ´panic´ and transmit a Failover protocol POOLREQ message, in the hopes
that the remote system will be woken up into action.
Once the lts value exceeds the max-lease-misbalance percentage of total free state leases as described
above, leases are moved to the remote server. This is done in two passes.
In the first pass, only leases whose most recent bound client would have been served by the remote
server - according to the Load Balance Algorithm (see above split and hba configuration statements) -
are given away to the peer. This first pass will happily continue to give away leases, decrementing
the lts value by one for each, until the lts value has reached the negative of the total number of
leases multiplied by the max-lease-ownership percentage. So it is through this value that you can
permit a small misbalance of the lease pools - for the purpose of giving the peer more than a 50/50
share of leases in the hopes that their clients might some day return and be allocated by the peer
(operating normally). This process is referred to as ´MAC Address Affinity´, but this is somewhat
misnamed: it applies equally to DHCP Client Identifier options. Note also that affinity is applied to
leases when they enter the state ´free´ from ´expired´ or ´released´. In this case also, leases will
not be moved from free to backup if the secondary already has more than its share.
The second pass is only entered into if the first pass fails to reduce the lts underneath the total
number of free state leases multiplied by the max-lease-ownership percentage. In this pass, the oldest
leases are given over to the peer without second thought about the Load Balance Algorithm, and this
continues until the lts falls under this value. In this way, the local server will also happily keep a
small percentage of the leases that would normally load balance to itself.
So, the max-lease-misbalance value acts as a behavioural gate. Smaller values will cause more leases
to transition states to balance the pools over time, higher values will decrease the amount of change
(but may lead to pool starvation if there's a run on leases).
The max-lease-ownership value permits a small (percentage) skew in the lease balance of a percentage of
the total number of free state leases.
Finally, the min-balance and max-balance make certain that a scheduled rebalance event happens within a
reasonable timeframe (not to be thrown off by, for example, a 7 year old free lease).
Plausible values for the percentages lie between 0 and 100, inclusive, but values over 50 are
indistinguishable from one another (once lts exceeds 50% of the free state leases, one server must
therefore have 100% of the leases in its respective free state). It is recommended to select a max-
lease-ownership value that is lower than the value selected for the max-lease-misbalance value. max-
lease-ownership defaults to 10, and max-lease-misbalance defaults to 15.
Plausible values for the min-balance and max-balance times also range from 0 to (2^32)-1 (or the limit
of your local time_t value), but default to values 60 and 3600 respectively (to place balance events
between 1 minute and 1 hour).
CLIENT CLASSING
Clients can be separated into classes, and treated differently depending on what class they are in. This
separation can be done either with a conditional statement, or with a match statement within the class
declaration. It is possible to specify a limit on the total number of clients within a particular class
or subclass that may hold leases at one time, and it is possible to specify automatic subclassing based
on the contents of the client packet.
Classing support for DHCPv6 clients was added in 4.3.0. It follows the same rules as for DHCPv4 except
that support for billing classes has not been added yet.
To add clients to classes based on conditional evaluation, you can specify a matching expression in the
class statement:
class "ras-clients" {
match if substring (option dhcp-client-identifier, 1, 3) = "RAS";
}
Please note that the values used in match expressions may only come from data or options that are part of
the client packet. It is not possible to use values constructed through one or more executable
statements. This stems from the fact that client classification occurs before any statements are
executed. Attempting to do so will yield indeterminate results.
Note that whether you use matching expressions or add statements (or both) to classify clients, you must
always write a class declaration for any class that you use. If there will be no match statement and no
in-scope statements for a class, the declaration should look like this:
class "ras-clients" {
}
SUBCLASSES
In addition to classes, it is possible to declare subclasses. A subclass is a class with the same name
as a regular class, but with a specific submatch expression which is hashed for quick matching. This is
essentially a speed hack - the main difference between five classes with match expressions and one class
with five subclasses is that it will be quicker to find the subclasses. Subclasses work as follows:
class "allocation-class-1" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
class "allocation-class-2" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
subclass "allocation-class-2" 1:8:0:2b:a9:cc:e3;
subclass "allocation-class-1" 1:0:0:c4:aa:29:44;
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
allow members of "allocation-class-1";
range 10.0.0.11 10.0.0.50;
}
pool {
allow members of "allocation-class-2";
range 10.0.0.51 10.0.0.100;
}
}
The data following the class name in the subclass declaration is a constant value to use in matching the
match expression for the class. When class matching is done, the server will evaluate the match
expression and then look the result up in the hash table. If it finds a match, the client is considered
a member of both the class and the subclass.
Subclasses can be declared with or without scope. In the above example, the sole purpose of the subclass
is to allow some clients access to one address pool, while other clients are given access to the other
pool, so these subclasses are declared without scopes. If part of the purpose of the subclass were to
define different parameter values for some clients, you might want to declare some subclasses with
scopes.
In the above example, if you had a single client that needed some configuration parameters, while most
didn't, you might write the following subclass declaration for that client:
subclass "allocation-class-2" 1:08:00:2b:a1:11:31 {
option root-path "samsara:/var/diskless/alphapc";
filename "/tftpboot/netbsd.alphapc-diskless";
}
In this example, we've used subclassing as a way to control address allocation on a per-client basis.
However, it's also possible to use subclassing in ways that are not specific to clients - for example, to
use the value of the vendor-class-identifier option to determine what values to send in the vendor-
encapsulated-options option. An example of this is shown under the VENDOR ENCAPSULATED OPTIONS head in
the dhcp-options(5) manual page.
PER-CLASS LIMITS ON DYNAMIC ADDRESS ALLOCATION
You may specify a limit to the number of clients in a class that can be assigned leases. The effect of
this will be to make it difficult for a new client in a class to get an address. Once a class with such
a limit has reached its limit, the only way a new client in that class can get a lease is for an existing
client to relinquish its lease, either by letting it expire, or by sending a DHCPRELEASE packet. Classes
with lease limits are specified as follows:
class "limited-1" {
lease limit 4;
}
This will produce a class in which a maximum of four members may hold a lease at one time.
SPAWNING CLASSES
It is possible to declare a spawning class. A spawning class is a class that automatically produces
subclasses based on what the client sends. The reason that spawning classes were created was to make it
possible to create lease-limited classes on the fly. The envisioned application is a cable-modem
environment where the ISP wishes to provide clients at a particular site with more than one IP address,
but does not wish to provide such clients with their own subnet, nor give them an unlimited number of IP
addresses from the network segment to which they are connected.
Many cable modem head-end systems can be configured to add a Relay Agent Information option to DHCP
packets when relaying them to the DHCP server. These systems typically add a circuit ID or remote ID
option that uniquely identifies the customer site. To take advantage of this, you can write a class
declaration as follows:
class "customer" {
spawn with option agent.circuit-id;
lease limit 4;
}
Now whenever a request comes in from a customer site, the circuit ID option will be checked against the
class´s hash table. If a subclass is found that matches the circuit ID, the client will be classified in
that subclass and treated accordingly. If no subclass is found matching the circuit ID, a new one will
be created and logged in the dhcpd.leases file, and the client will be classified in this new class.
Once the client has been classified, it will be treated according to the rules of the class, including,
in this case, being subject to the per-site limit of four leases.
The use of the subclass spawning mechanism is not restricted to relay agent options - this particular
example is given only because it is a fairly straightforward one.
COMBINING MATCH, MATCH IF AND SPAWN WITH
In some cases, it may be useful to use one expression to assign a client to a particular class, and a
second expression to put it into a subclass of that class. This can be done by combining the match if
and spawn with statements, or the match if and match statements. For example:
class "jr-cable-modems" {
match if option dhcp-vendor-identifier = "jrcm";
spawn with option agent.circuit-id;
lease limit 4;
}
class "dv-dsl-modems" {
match if option dhcp-vendor-identifier = "dvdsl";
spawn with option agent.circuit-id;
lease limit 16;
}
This allows you to have two classes that both have the same spawn with expression without getting the
clients in the two classes confused with each other.
DYNAMIC DNS UPDATES
The DHCP server has the ability to dynamically update the Domain Name System. Within the configuration
files, you can define how you want the Domain Name System to be updated. These updates are RFC 2136
compliant so any DNS server supporting RFC 2136 should be able to accept updates from the DHCP server.
There are two DNS schemes implemented. The interim option is based on draft revisions of the DDNS
documents while the standard option is based on the RFCs for DHCP-DNS interaction and DHCIDs. A third
option, ad-hoc, was deprecated and has now been removed from the code base. The DHCP server must be
configured to use one of the two currently-supported methods, or not to do DNS updates.
New installations should use the standard option. Older installations may want to continue using the
interim option for backwards compatibility with the DNS database until the database can be updated. This
can be done with the ddns-update-style configuration parameter.
THE DNS UPDATE SCHEME
the interim and standard DNS update schemes operate mostly according to work from the IETF. The interim
version was based on the drafts in progress at the time while the standard is based on the completed
RFCs. The standard RFCs are:
RFC 4701 (updated by RF5494)
RFC 4702
RFC 4703
And the corresponding drafts were:
draft-ietf-dnsext-dhcid-rr-??.txt
draft-ietf-dhc-fqdn-option-??.txt
draft-ietf-dhc-ddns-resolution-??.txt
The basic framework for the two schemes is similar with the main material difference being that a DHCID
RR is used in the standard version while the interim versions uses a TXT RR. The format of the TXT
record bears a resemblance to the DHCID RR but it is not equivalent (MD5 vs SHA2, field length
differences etc).
In these two schemes the DHCP server does not necessarily always update both the A and the PTR records.
The FQDN option includes a flag which, when sent by the client, indicates that the client wishes to
update its own A record. In that case, the server can be configured either to honor the client´s
intentions or ignore them. This is done with the statement allow client-updates; or the statement ignore
client-updates;. By default, client updates are allowed.
If the server is configured to allow client updates, then if the client sends a fully-qualified domain
name in the FQDN option, the server will use that name the client sent in the FQDN option to update the
PTR record. For example, let us say that the client is a visitor from the "radish.org" domain, whose
hostname is "jschmoe". The server is for the "example.org" domain. The DHCP client indicates in the
FQDN option that its FQDN is "jschmoe.radish.org.". It also indicates that it wants to update its own A
record. The DHCP server therefore does not attempt to set up an A record for the client, but does set up
a PTR record for the IP address that it assigns the client, pointing at jschmoe.radish.org. Once the
DHCP client has an IP address, it can update its own A record, assuming that the "radish.org" DNS server
will allow it to do so.
If the server is configured not to allow client updates, or if the client doesn´t want to do its own
update, the server will simply choose a name for the client. By default, the server will choose from the
following three values:
1. fqdn option (if present)
2. hostname option (if present)
3. Configured hostname option (if defined).
If these defaults for choosing the host name are not appropriate you can write your own statement to set
the ddns-hostname variable as you wish. If none of the above are found the server will use the host
declaration name (if one) and use-host-decl-names is on.
It will use its own domain name for the client. It will then update both the A and PTR record, using the
name that it chose for the client. If the client sends a fully-qualified domain name in the fqdn option,
the server uses only the leftmost part of the domain name - in the example above, "jschmoe" instead of
"jschmoe.radish.org".
Further, if the ignore client-updates; directive is used, then the server will in addition send a
response in the DHCP packet, using the FQDN Option, that implies to the client that it should perform its
own updates if it chooses to do so. With deny client-updates;, a response is sent which indicates the
client may not perform updates.
Both the standard and interim options also include a method to allow more than one DHCP server to update
the DNS database without accidentally deleting A records that shouldn´t be deleted nor failing to add A
records that should be added. For the standard option the method works as follows:
When the DHCP server issues a client a new lease, it creates a text string that is an SHA hash over the
DHCP client´s identification (see RFCs 4701 & 4702 for details). The update attempts to add an A record
with the name the server chose and a DHCID record containing the hashed identifier string (hashid). If
this update succeeds, the server is done.
If the update fails because the A record already exists, then the DHCP server attempts to add the A
record with the prerequisite that there must be a DHCID record in the same name as the new A record, and
that DHCID record´s contents must be equal to hashid. If this update succeeds, then the client has its A
record and PTR record. If it fails, then the name the client has been assigned (or requested) is in use,
and can´t be used by the client. At this point the DHCP server gives up trying to do a DNS update for
the client until the client chooses a new name.
The server also does not update very aggressively. Because each DNS update involves a round trip to the
DNS server, there is a cost associated with doing updates even if they do not actually modify the DNS
database. So the DHCP server tracks whether or not it has updated the record in the past (this
information is stored on the lease) and does not attempt to update records that it thinks it has already
updated.
This can lead to cases where the DHCP server adds a record, and then the record is deleted through some
other mechanism, but the server never again updates the DNS because it thinks the data is already there.
In this case the data can be removed from the lease through operator intervention, and once this has been
done, the DNS will be updated the next time the client renews.
The interim DNS update scheme was written before the RFCs were finalized and does not quite follow them.
The RFCs call for a new DHCID RRtype while the interim DNS update scheme uses a TXT record. In addition
the ddns-resolution draft called for the DHCP server to put a DHCID RR on the PTR record, but the interim
update method does not do this. In the final RFC this requirement was relaxed such that a server may add
a DHCID RR to the PTR record.
DDNS IN DUAL STACK ENVIRONMENTS
As described in RFC 4703, section 5.2, in order to perform DDNS in dual stack environments, both IPv4 and
IPv6 servers would need to be configured to use the standard update style and participating IPv4 clients
MUST convey DUIDs as described in RFC 4361, section 6.1., in their dhcp-client-identifiers.
In a nutshell, this mechanism is intended to use globally unique DUIDs to idenfity both IPv4 and IPv6
clients, and where a device has both IPv4 and IPv6 leases it is identified by the same DUID. This allows
a dual stack client to use the same FQDN for both mappings, while being protected from updates for other
clients by the rules of conflict detection.
However, not all IPv4 clients implement this behavior which makes supporting them dual stack environments
problematic. In order to address this issue ISC DHCP (as of 4.4.0) supports a new mode of DDNS conflict
resolution referred to as Dual Stack Mixed Mode (DSMM).
The concept behind DSMM is relatively simple. All dhcp servers of one protocol (IPv4 or v6) use one
ddns-update-style (interim or standard) while all servers of the "other" protocol will use the "other"
ddns-udpate-style. In this way, all servers of a given protocol are using the same record type (TXT or
DHCID) for their DHCID RR entries. This allows conflict detection to be enforced within each protocol
without interferring with the other's entries.
DSMM modifications now ensure that IPv4 DSMM servers only ever modify A records, their associated PTR
records and DHCID records, while DSMM IPv6 severs only modify AAAA records, their associated PTR records,
and DHCID records.
Note that DSMM is not a perfect solution, it is a compromise that can work well provided all
participating DNS updaters play by DSMM rules. As with anything else in life, it only works as well as
those who particpate behave.
While conflict detection is enabled by default, DSMM is not. To enable DSMM, both update-conflict-
detection and ddns-dual-stack-mixed-mode must be true.
PROTECTING DNS ENTRIES FOR STATIC CLIENTS
Built into conflict resolution is the protection of manually made entries for static clients. Per the
rules of conflict resolution, a DNS updater may not alter forward DNS entries unless there is a DHCID RR
which matches for whom the update is being made. Therefore, any forward DNS entries without a
corresponding DHCID RR cannot be altered by such an updater.
In some environments, it may be desirable to use only this aspect of conflict resolution and allow DNS
updaters to overwrite entries for dynamic clients regardless of what client owns them. In other words,
the presence or lack of a DHCID RR is used to determine whether entries may or may not be overwritten.
Whether or not the client matches the data value of the DHCID RR is irrelevant. This behavior, off by
default, can be configured through the parameter, ddns-guard-id-must-match. As with DSMM, this behavior
is can only be enabled if conflict resolution is enabled. This behavior should be considered carefully
before electing to use it.
There is an additional parameter that can be used with DSMM ddns-other-guard-is-dynamic. When enabled
along with DSMM, a server will regard the presence of a DHCID RR of the other style type as indicating
that the forward DNS entries for that FQDN should be dynamic and may be overwritten. For example, such a
server using interim style could overwrite the DNS entries for an FQDN if there is only a DHDID type
DHDID RR for the FQDN. Essentially, if there are dynamic entries for one protocol, that is enough to
overcome the static protection of entries for the other protocol. This behavior warrants careful
consideration before electing to use it.
DYNAMIC DNS UPDATE SECURITY
When you set your DNS server up to allow updates from the DHCP server, you may be exposing it to
unauthorized updates. To avoid this, you should use TSIG signatures - a method of cryptographically
signing updates using a shared secret key. As long as you protect the secrecy of this key, your updates
should also be secure. Note, however, that the DHCP protocol itself provides no security, and that
clients can therefore provide information to the DHCP server which the DHCP server will then use in its
updates, with the constraints described previously.
The DNS server must be configured to allow updates for any zone that the DHCP server will be updating.
For example, let us say that clients in the sneedville.edu domain will be assigned addresses on the
10.10.17.0/24 subnet. In that case, you will need a key declaration for the TSIG key you will be using,
and also two zone declarations - one for the zone containing A records that will be updates and one for
the zone containing PTR records - for ISC BIND, something like this:
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
zone "example.org" {
type master;
file "example.org.db";
allow-update { key DHCP_UPDATER; };
};
zone "17.10.10.in-addr.arpa" {
type master;
file "10.10.17.db";
allow-update { key DHCP_UPDATER; };
};
You will also have to configure your DHCP server to do updates to these zones. To do so, you need to add
something like this to your dhcpd.conf file:
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret pRP5FapFoJ95JEL06sv4PQ==;
};
zone EXAMPLE.ORG. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
zone 17.127.10.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
The primary statement specifies the IP address of the name server whose zone information is to be
updated. In addition to the primary statement there are also the primary6 , secondary and secondary6
statements. The primary6 statement specifies an IPv6 address for the name server. The secondaries
provide for additional addresses for name servers to be used if the primary does not respond. The number
of name servers the DDNS code will attempt to use before giving up is limited and is currently set to
three.
Note that the zone declarations have to correspond to authority records in your name server - in the
above example, there must be an SOA record for "example.org." and for "17.10.10.in-addr.arpa.". For
example, if there were a subdomain "foo.example.org" with no separate SOA, you could not write a zone
declaration for "foo.example.org." Also keep in mind that zone names in your DHCP configuration should
end in a "."; this is the preferred syntax. If you do not end your zone name in a ".", the DHCP server
will figure it out. Also note that in the DHCP configuration, zone names are not encapsulated in quotes
where there are in the DNS configuration.
You should choose your own secret key, of course. The ISC BIND 9 distribution comes with a program for
generating secret keys called dnssec-keygen. If you are using BIND 9´s dnssec-keygen, the above key
would be created as follows:
dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
The key name, algorithm, and secret must match that being used by the DNS server. The DHCP server
currently supports the following algorithms:
HMAC-MD5
HMAC-SHA1
HMAC-SHA224
HMAC-SHA256
HMAC-SHA384
HMAC-SHA512
You may wish to enable logging of DNS updates on your DNS server. To do so, you might write a logging
statement like the following:
logging {
channel update_debug {
file "/var/log/update-debug.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.info";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
};
You must create the /var/log/named-auth.info and /var/log/update-debug.log files before starting the name
server. For more information on configuring ISC BIND, consult the documentation that accompanies it.
REFERENCE: EVENTS
There are three kinds of events that can happen regarding a lease, and it is possible to declare
statements that occur when any of these events happen. These events are the commit event, when the
server has made a commitment of a certain lease to a client, the release event, when the client has
released the server from its commitment, and the expiry event, when the commitment expires.
To declare a set of statements to execute when an event happens, you must use the on statement, followed
by the name of the event, followed by a series of statements to execute when the event happens, enclosed
in braces.
REFERENCE: DECLARATIONS
The include statement
include "filename";
The include statement is used to read in a named file, and process the contents of that file as though it
were entered in place of the include statement.
The shared-network statement
shared-network name {
[ parameters ]
[ declarations ]
}
The shared-network statement is used to inform the DHCP server that some IP subnets actually share the
same physical network. Any subnets in a shared network should be declared within a shared-network
statement. Parameters specified in the shared-network statement will be used when booting clients on
those subnets unless parameters provided at the subnet or host level override them. If any subnet in a
shared network has addresses available for dynamic allocation, those addresses are collected into a
common pool for that shared network and assigned to clients as needed. There is no way to distinguish on
which subnet of a shared network a client should boot.
Name should be the name of the shared network. This name is used when printing debugging messages, so it
should be descriptive for the shared network. The name may have the syntax of a valid domain name
(although it will never be used as such), or it may be any arbitrary name, enclosed in quotes.
The subnet statement
subnet subnet-number netmask netmask {
[ parameters ]
[ declarations ]
}
The subnet statement is used to provide dhcpd with enough information to tell whether or not an IP
address is on that subnet. It may also be used to provide subnet-specific parameters and to specify what
addresses may be dynamically allocated to clients booting on that subnet. Such addresses are specified
using the range declaration.
The subnet-number should be an IP address or domain name which resolves to the subnet number of the
subnet being described. The netmask should be an IP address or domain name which resolves to the subnet
mask of the subnet being described. The subnet number, together with the netmask, are sufficient to
determine whether any given IP address is on the specified subnet.
Although a netmask must be given with every subnet declaration, it is recommended that if there is any
variance in subnet masks at a site, a subnet-mask option statement be used in each subnet declaration to
set the desired subnet mask, since any subnet-mask option statement will override the subnet mask
declared in the subnet statement.
The subnet6 statement
subnet6 subnet6-number {
[ parameters ]
[ declarations ]
}
The subnet6 statement is used to provide dhcpd with enough information to tell whether or not an IPv6
address is on that subnet6. It may also be used to provide subnet-specific parameters and to specify
what addresses may be dynamically allocated to clients booting on that subnet.
The subnet6-number should be an IPv6 network identifier, specified as ip6-address/bits.
The range statement
range [ dynamic-bootp ] low-address [ high-address];
For any subnet on which addresses will be assigned dynamically, there must be at least one range
statement. The range statement gives the lowest and highest IP addresses in a range. All IP addresses
in the range should be in the subnet in which the range statement is declared. The dynamic-bootp flag
may be specified if addresses in the specified range may be dynamically assigned to BOOTP clients as well
as DHCP clients. When specifying a single address, high-address can be omitted.
The range6 statement
range6 low-address high-address;
range6 subnet6-number;
range6 subnet6-number temporary;
range6 address temporary;
For any IPv6 subnet6 on which addresses will be assigned dynamically, there must be at least one range6
statement. The range6 statement can either be the lowest and highest IPv6 addresses in a range6, or use
CIDR notation, specified as ip6-address/bits. All IP addresses in the range6 should be in the subnet6 in
which the range6 statement is declared.
The temporary variant makes the prefix (by default on 64 bits) available for temporary (RFC 4941)
addresses. A new address per prefix in the shared network is computed at each request with an IA_TA
option. Release and Confirm ignores temporary addresses.
Any IPv6 addresses given to hosts with fixed-address6 are excluded from the range6, as are IPv6 addresses
on the server itself.
The prefix6 statement
prefix6 low-address high-address / bits;
The prefix6 is the range6 equivalent for Prefix Delegation (RFC 3633). Prefixes of bits length are
assigned between low-address and high-address.
Any IPv6 prefixes given to static entries (hosts) with fixed-prefix6 are excluded from the prefix6.
This statement is currently global but it should have a shared-network scope.
The host statement
host hostname {
[ parameters ]
[ declarations ]
}
The host declaration provides a way for the DHCP server to identify a DHCP or BOOTP client. This allows
the server to provide configuration information including fixed addresses or, in DHCPv6, fixed prefixes
for a specific client.
If it is desirable to be able to boot a DHCP or BOOTP client on more than one subnet with fixed v4
addresses, more than one address may be specified in the fixed-address declaration, or more than one host
statement may be specified matching the same client.
The fixed-address6 declaration is used for v6 addresses. At this time it only works with a single
address. For multiple addresses specify multiple host statements.
If client-specific boot parameters must change based on the network to which the client is attached, then
multiple host declarations should be used. The host declarations will only match a client if one of
their fixed-address statements is viable on the subnet (or shared network) where the client is attached.
Conversely, for a host declaration to match a client being allocated a dynamic address, it must not have
any fixed-address statements. You may therefore need a mixture of host declarations for any given
client...some having fixed-address statements, others without.
hostname should be a name identifying the host. If a hostname option is not specified for the host,
hostname is used.
Host declarations are matched to actual DHCP or BOOTP clients by matching the dhcp-client-identifier
option specified in the host declaration to the one supplied by the client, or, if the host declaration
or the client does not provide a dhcp-client-identifier option, by matching the hardware parameter in the
host declaration to the network hardware address supplied by the client. BOOTP clients do not normally
provide a dhcp-client-identifier, so the hardware address must be used for all clients that may boot
using the BOOTP protocol.
DHCPv6 servers can use the host-identifier option parameter in the host declaration, and specify any
option with a fixed value to identify hosts.
Please be aware that only the dhcp-client-identifier option and the hardware address can be used to match
a host declaration, or the host-identifier option parameter for DHCPv6 servers. For example, it is not
possible to match a host declaration to a host-name option. This is because the host-name option cannot
be guaranteed to be unique for any given client, whereas both the hardware address and dhcp-client-
identifier option are at least theoretically guaranteed to be unique to a given client.
The group statement
group {
[ parameters ]
[ declarations ]
}
The group statement is used simply to apply one or more parameters to a group of declarations. It can be
used to group hosts, shared networks, subnets, or even other groups.
REFERENCE: ALLOW AND DENY
The allow and deny statements can be used to control the response of the DHCP server to various sorts of
requests. The allow and deny keywords actually have different meanings depending on the context. In a
pool context, these keywords can be used to set up access lists for address allocation pools. In other
contexts, the keywords simply control general server behavior with respect to clients based on scope. In
a non-pool context, the ignore keyword can be used in place of the deny keyword to prevent logging of
denied requests.
ALLOW DENY AND IGNORE IN SCOPE
The following usages of allow and deny will work in any scope, although it is not recommended that they
be used in pool declarations.
The unknown-clients keyword
allow unknown-clients;
deny unknown-clients;
ignore unknown-clients;
The unknown-clients flag is used to tell dhcpd whether or not to dynamically assign addresses to unknown
clients. Dynamic address assignment to unknown clients is allowed by default. An unknown client is
simply a client that has no host declaration.
The use of this option is now deprecated. If you are trying to restrict access on your network to known
clients, you should use deny unknown-clients; inside of your address pool, as described under the heading
ALLOW AND DENY WITHIN POOL DECLARATIONS.
The bootp keyword
allow bootp;
deny bootp;
ignore bootp;
The bootp flag is used to tell dhcpd whether or not to respond to bootp queries. Bootp queries are
allowed by default.
The booting keyword
allow booting;
deny booting;
ignore booting;
The booting flag is used to tell dhcpd whether or not to respond to queries from a particular client.
This keyword only has meaning when it appears in a host declaration. By default, booting is allowed, but
if it is disabled for a particular client, then that client will not be able to get an address from the
DHCP server.
The duplicates keyword
allow duplicates;
deny duplicates;
Host declarations can match client messages based on the DHCP Client Identifier option or based on the
client's network hardware type and MAC address. If the MAC address is used, the host declaration will
match any client with that MAC address - even clients with different client identifiers. This doesn't
normally happen, but is possible when one computer has more than one operating system installed on it -
for example, Microsoft Windows and NetBSD or Linux.
The duplicates flag tells the DHCP server that if a request is received from a client that matches the
MAC address of a host declaration, any other leases matching that MAC address should be discarded by the
server, even if the UID is not the same. This is a violation of the DHCP protocol, but can prevent
clients whose client identifiers change regularly from holding many leases at the same time. By default,
duplicates are allowed.
The declines keyword
allow declines;
deny declines;
ignore declines;
The DHCPDECLINE message is used by DHCP clients to indicate that the lease the server has offered is not
valid. When the server receives a DHCPDECLINE for a particular address, it normally abandons that
address, assuming that some unauthorized system is using it. Unfortunately, a malicious or buggy client
can, using DHCPDECLINE messages, completely exhaust the DHCP server's allocation pool. The server will
eventually reclaim these leases, but not while the client is running through the pool. This may cause
serious thrashing in the DNS, and it will also cause the DHCP server to forget old DHCP client address
allocations.
The declines flag tells the DHCP server whether or not to honor DHCPDECLINE messages. If it is set to
deny or ignore in a particular scope, the DHCP server will not respond to DHCPDECLINE messages.
The declines flag is only supported by DHCPv4 servers. Given the large IPv6 address space and the
internal limits imposed by the server's address generation mechanism we don't think it is necessary for
DHCPv6 servers at this time.
Currently, abandoned IPv6 addresses are reclaimed in one of two ways:
a) Client renews a specific address:
If a client using a given DUID submits a DHCP REQUEST containing
the last address abandoned by that DUID, the address will be
reassigned to that client.
b) Upon the second restart following an address abandonment. When
an address is abandoned it is both recorded as such in the lease
file and retained as abandoned in server memory until the server
is restarted. Upon restart, the server will process the lease file
and all addresses whose last known state is abandoned will be
retained as such in memory but not rewritten to the lease file.
This means that a subsequent restart of the server will not see the
abandoned addresses in the lease file and therefore have no record
of them as abandoned in memory and as such perceive them as free
for assignment.
The total number addresses in a pool, available for a given DUID value, is internally limited by the
server's address generation mechanism. If through mistaken configuration, multiple clients are using the
same DUID they will competing for the same addresses causing the server to reach this internal limit
rather quickly. The internal limit isolates this type of activity such that address range is not
exhausted for other DUID values. The appearance of the following error log, can be an indication of this
condition:
"Best match for DUID <XX> is an abandoned address, This may be a
result of multiple clients attempting to use this DUID"
where <XX> is an actual DUID value depicted as colon separated
string of bytes in hexadecimal values.
The client-updates keyword
allow client-updates;
deny client-updates;
The client-updates flag tells the DHCP server whether or not to honor the client's intention to do its
own update of its A record. See the documentation under the heading THE DNS UPDATE SCHEME for details.
The leasequery keyword
allow leasequery;
deny leasequery;
The leasequery flag tells the DHCP server whether or not to answer DHCPLEASEQUERY packets. The answer to
a DHCPLEASEQUERY packet includes information about a specific lease, such as when it was issued and when
it will expire. By default, the server will not respond to these packets.
ALLOW AND DENY WITHIN POOL DECLARATIONS
The uses of the allow and deny keywords shown in the previous section work pretty much the same way
whether the client is sending a DHCPDISCOVER or a DHCPREQUEST message - an address will be allocated to
the client (either the old address it's requesting, or a new address) and then that address will be
tested to see if it's okay to let the client have it. If the client requested it, and it's not okay, the
server will send a DHCPNAK message. Otherwise, the server will simply not respond to the client. If it
is okay to give the address to the client, the server will send a DHCPACK message.
The primary motivation behind pool declarations is to have address allocation pools whose allocation
policies are different. A client may be denied access to one pool, but allowed access to another pool on
the same network segment. In order for this to work, access control has to be done during address
allocation, not after address allocation is done.
When a DHCPREQUEST message is processed, address allocation simply consists of looking up the address the
client is requesting and seeing if it's still available for the client. If it is, then the DHCP server
checks both the address pool permit lists and the relevant in-scope allow and deny statements to see if
it's okay to give the lease to the client. In the case of a DHCPDISCOVER message, the allocation process
is done as described previously in the ADDRESS ALLOCATION section.
When declaring permit lists for address allocation pools, the following syntaxes are recognized following
the allow or deny keywords:
known-clients;
If specified, this statement either allows or prevents allocation from this pool to any client that has a
host declaration (i.e., is known). A client is known if it has a host declaration in any scope, not just
the current scope.
unknown-clients;
If specified, this statement either allows or prevents allocation from this pool to any client that has
no host declaration (i.e., is not known).
members of "class";
If specified, this statement either allows or prevents allocation from this pool to any client that is a
member of the named class.
dynamic bootp clients;
If specified, this statement either allows or prevents allocation from this pool to any bootp client.
authenticated clients;
If specified, this statement either allows or prevents allocation from this pool to any client that has
been authenticated using the DHCP authentication protocol. This is not yet supported.
unauthenticated clients;
If specified, this statement either allows or prevents allocation from this pool to any client that has
not been authenticated using the DHCP authentication protocol. This is not yet supported.
all clients;
If specified, this statement either allows or prevents allocation from this pool to all clients. This
can be used when you want to write a pool declaration for some reason, but hold it in reserve, or when
you want to renumber your network quickly, and thus want the server to force all clients that have been
allocated addresses from this pool to obtain new addresses immediately when they next renew.
after time;
If specified, this statement either allows or prevents allocation from this pool after a given date. This
can be used when you want to move clients from one pool to another. The server adjusts the regular lease
time so that the latest expiry time is at the given time+min-lease-time. A short min-lease-time enforces
a step change, whereas a longer min-lease-time allows for a gradual change. time is either second since
epoch, or a UTC time string e.g. 4 2007/08/24 09:14:32 or a string with time zone offset in seconds e.g.
4 2007/08/24 11:14:32 -7200
REFERENCE: PARAMETERS
The abandon-lease-time statement
abandon-lease-time time;
Time should be the maximum amount of time (in seconds) that an abandoned IPv4 lease remains unavailable
for assignment to a client. Abandoned leases will only be offered to clients if there are no free
leases. If not defined, the default abandon lease time is 86400 seconds (24 hours). Note the
abandoned lease time for a given lease is preserved across server restarts. The parameter may only be
set at the global scope and is evaluated only once during server startup.
Values less than sixty seconds are not recommended as this is below the ping check threshold and can
cause leases once abandoned but since returned to the free state to not be pinged before being offered.
If the requested time is larger than 0x7FFFFFFF - 1 or the sum of the current time plus the abandoned
time isgreater than 0x7FFFFFFF it is treated as infinite.
The adaptive-lease-time-threshold statement
adaptive-lease-time-threshold percentage;
When the number of allocated leases within a pool rises above the percentage given in this statement,
the DHCP server decreases the lease length for new clients within this pool to min-lease-time seconds.
Clients renewing an already valid (long) leases get at least the remaining time from the current lease.
Since the leases expire faster, the server may either recover more quickly or avoid pool exhaustion
entirely. Once the number of allocated leases drop below the threshold, the server reverts back to
normal lease times. Valid percentages are between 1 and 99.
The always-broadcast statement
always-broadcast flag;
The DHCP and BOOTP protocols both require DHCP and BOOTP clients to set the broadcast bit in the flags
field of the BOOTP message header. Unfortunately, some DHCP and BOOTP clients do not do this, and
therefore may not receive responses from the DHCP server. The DHCP server can be made to always
broadcast its responses to clients by setting this flag to ´on´ for the relevant scope; relevant scopes
would be inside a conditional statement, as a parameter for a class, or as a parameter for a host
declaration. To avoid creating excess broadcast traffic on your network, we recommend that you
restrict the use of this option to as few clients as possible. For example, the Microsoft DHCP client
is known not to have this problem, as are the OpenTransport and ISC DHCP clients.
The always-reply-rfc1048 statement
always-reply-rfc1048 flag;
Some BOOTP clients expect RFC1048-style responses, but do not follow RFC1048 when sending their
requests. You can tell that a client is having this problem if it is not getting the options you have
configured for it and if you see in the server log the message "(non-rfc1048)" printed with each
BOOTREQUEST that is logged.
If you want to send rfc1048 options to such a client, you can set the always-reply-rfc1048 option in
that client's host declaration, and the DHCP server will respond with an RFC-1048-style vendor options
field. This flag can be set in any scope, and will affect all clients covered by that scope.
The authoritative statement
authoritative;
not authoritative;
The DHCP server will normally assume that the configuration information about a given network segment
is not known to be correct and is not authoritative. This is so that if a naive user installs a DHCP
server not fully understanding how to configure it, it does not send spurious DHCPNAK messages to
clients that have obtained addresses from a legitimate DHCP server on the network.
Network administrators setting up authoritative DHCP servers for their networks should always write
authoritative; at the top of their configuration file to indicate that the DHCP server should send
DHCPNAK messages to misconfigured clients. If this is not done, clients will be unable to get a
correct IP address after changing subnets until their old lease has expired, which could take quite a
long time.
Usually, writing authoritative; at the top level of the file should be sufficient. However, if a DHCP
server is to be set up so that it is aware of some networks for which it is authoritative and some
networks for which it is not, it may be more appropriate to declare authority on a per-network-segment
basis.
Note that the most specific scope for which the concept of authority makes any sense is the physical
network segment - either a shared-network statement or a subnet statement that is not contained within
a shared-network statement. It is not meaningful to specify that the server is authoritative for some
subnets within a shared network, but not authoritative for others, nor is it meaningful to specify that
the server is authoritative for some host declarations and not others.
In order for DHCPINFORMs to be responded to by the server, they must match to subnets over which the
server has authority; otherwise they will be ignored and logged. To minimize the impact on logging
volume, only the first and every subsequent 100th occurrence of an ignored DHCPINFORM is logged.
The boot-unknown-clients statement
boot-unknown-clients flag;
If the boot-unknown-clients statement is present and has a value of false or off, then clients for
which there is no host declaration will not be allowed to obtain IP addresses. If this statement is
not present or has a value of true or on, then clients without host declarations will be allowed to
obtain IP addresses, as long as those addresses are not restricted by allow and deny statements within
their pool declarations.
The check-secs-byte-order statement
check-secs-byte-order flag;
When check-secs-byte-order is enabled, the server will check for DHCPv4 clients that do the byte
ordering on the secs field incorrectly. This field should be in network byte order but some clients get
it wrong. When this parameter is enabled the server will examine the secs field and if it looks wrong
(high byte non zero and low byte zero) swap the bytes. The default is disabled. This parameter is only
useful when doing load balancing within failover. (Formerly, this behavior had to be enabled during
compilation configuration via --enable-secs-byteorder).
The db-time-format statement
db-time-format [ default | local ] ;
The DHCP server software outputs several timestamps when writing leases to persistent storage. This
configuration parameter selects one of two output formats. The default format prints the day, date,
and time in UTC, while the local format prints the system seconds-since-epoch, and helpfully
provides the day and time in the system timezone in a comment. The time formats are described in
detail in the dhcpd.leases(5) manpage.
The ddns-hostname statement
ddns-hostname name;
The name parameter should be the hostname that will be used in setting up the client's A and PTR
records. If no ddns-hostname is specified in scope, then the server will derive the hostname
automatically, using an algorithm that varies for each of the different update methods.
The ddns-domainname statement
ddns-domainname name;
The name parameter should be the domain name that will be appended to the client's hostname to form
a fully-qualified domain-name (FQDN).
The ddns-dual-stack-mixed-mode statement
ddns-dual-stack-mixed-mode flag;
The ddns-dual-stack-mixed-mode parameter controls whether or not the server applies Dual Stack Mixed
Mode rules during DDNS conflict resolution. This parameter is off by default, has no effect unless
update-conflict-detection is enabled, and may only be specified at the global scope.
The ddns-guard-id-must-match statement
ddns-guard-id-must-match flag;
The ddns-guard-id-must-match parameter controls whether or not a the client id within a DHCID RR
must match that of the DNS update's client to permit DNS entries associated with that DHCID RR to be
ovewritten. Proper conflict resolution requires ID matching and should only be disabled after
careful consideration. When disabled, it is allows any DNS updater to replace DNS entries that have
an associated DHCID RR, regardless of client identity. This parameter is on by default, has no
effect unless update-conflict-detection is enabled, and may only be specified at the global scope.
The dns-local-address4 and dns-local-address6 statements
ddns-local-address4 address;
ddns-local-address6 address;
The address parameter should be the local IPv4 or IPv6 address the server should use as the from
address when sending DDNS update requests.
The ddns-other-guard-is-dynamic statement
ddns-other-guard-is-dynamic flag;
The ddns-other-guard-is-dynamic parameter controls whether or not a a server running DSMM will
consider the presence of the other update style DHCID RR as an indcation that a DNS entries may be
overwritten. It should only be enabled after careful study as it allows DNS entries that would
otherwise be protected as static, to be overwritten in certain cases. This paramater is off by
default, has no effect unless ddns-dual-stack-mixed-mode is enabled, and may only be specified at
the global scope.
The ddns-rev-domainname statement
ddns-rev-domainname name;
The name parameter should be the domain name that will be appended to the client's reversed IP
address to produce a name for use in the client's PTR record. By default, this is "in-addr.arpa.",
but the default can be overridden here.
The reversed IP address to which this domain name is appended is always the IP address of the
client, in dotted quad notation, reversed - for example, if the IP address assigned to the client is
10.17.92.74, then the reversed IP address is 74.92.17.10. So a client with that IP address would,
by default, be given a PTR record of 10.17.92.74.in-addr.arpa.
The ddns-update-style parameter
ddns-update-style style;
The style parameter must be one of standard, interim or none. The ddns-update-style statement is
only meaningful in the outer scope - it is evaluated once after reading the dhcpd.conf file, rather
than each time a client is assigned an IP address, so there is no way to use different DNS update
styles for different clients. The default is none.
The ddns-updates statement
ddns-updates flag;
The ddns-updates parameter controls whether or not the server will attempt to do a DNS update when a
lease is confirmed. Set this to off if the server should not attempt to do updates within a certain
scope. The ddns-updates parameter is on by default. To disable DNS updates in all scopes, it is
preferable to use the ddns-update-style statement, setting the style to none.
The default-lease-time statement
default-lease-time time;
Time should be the length in seconds that will be assigned to a lease if the client requesting the
lease does not ask for a specific expiration time. This is used for both DHCPv4 and DHCPv6 leases
(it is also known as the "valid lifetime" in DHCPv6). The default is 43200 seconds.
The delayed-ack and max-ack-delay statements
delayed-ack count;
max-ack-delay microseconds;
Count should be an integer value from zero to 2^16-1 and defaults to 0, which means that the feature
is disabled. Otherwise, 28 may be a sensible starting point for many configurations (SO_SNDBUF size
/ 576 bytes.) The count represents how many DHCPv4 replies maximum will be queued pending
transmission until after a database commit event. If this number is reached, a database commit
event (commonly resulting in fsync() and representing a performance penalty) will be made, and the
reply packets will be transmitted in a batch afterwards. This preserves the RFC2131 direction that
"stable storage" be updated prior to replying to clients. Should the DHCPv4 sockets "go dry"
(select() returns immediately with no read sockets), the commit is made and any queued packets are
transmitted.
Similarly, microseconds indicates how many microseconds are permitted to pass inbetween queuing a
packet pending an fsync, and performing the fsync. Valid values range from 0 to 2^32-1, and
defaults to 250,000 (1/4 of a second).
The delayed-ack feature is compiled in by default, but can be disabled at compile time with
´./configure --disable-delayed-ack´. Please note that the delayed-ack feature is not currently
compatible with support for DHPCv4-over-DHCPv6 so when a 4to6 port ommand line argument enables this
in the server the delayed-ack value is reset to 0.
The dhcp-cache-threshold statement
dhcp-cache-threshold percentage;
The dhcp-cache-threshold statement takes one integer parameter with allowed values between 0 and
100. The default value is 25 (25% of the lease time). This parameter expresses the percentage of the
total lease time, measured from the beginning, during which a client's attempt to renew its lease
will result in getting the already assigned lease, rather than an extended lease. This feature is
supported for both IPv4 and IPv6 and down to the pool level and for IPv6 all three pool types: NA,
TA and PD.
Clients that attempt renewal frequently can cause the server to update and write the database
frequently resulting in a performance impact on the server. The dhcp-cache-threshold statement
instructs the DHCP server to avoid updating leases too frequently thus avoiding this behavior.
Instead the server replies with the same lease (i.e. reuses it) with no modifications except for
CLTT (Client Last Transmission Time) and for IPv4:
the lease time sent to the client is shortened by the age of
the lease
while for IPv6:
the preferred and valid lifetimes sent to the client are
shortened by the age of the lease.
None of these changes require writing the lease to disk.
When an existing lease is matched to a renewing client, it will be reused if all of the following
conditions are true:
1. The dhcp-cache-threshold is larger than zero
2. The current lease is active
3. The percentage of the lease time that has elapsed is less than
dhcp-cache-threshold
4. The client information provided in the renewal does not alter
any of the following:
a. DNS information and DNS updates are enabled
b. Billing class to which the lease is associated (IPv4 only)
c. The host declaration associated with the lease (IPv4 only)
d. The client id - this may happen if a client boots without
a client id and then starts using one in subsequent
requests. (IPv4 only)
While lease data is not written to disk when a lease is reused, the server will still execute any
on-commit statements.
Note that the lease can be reused if the options the client or relay agent sends are changed. These
changes will not be recorded in the in-memory or on-disk databases until the client renews after the
threshold time is reached.
The do-forward-updates statement
do-forward-updates flag;
The do-forward-updates statement instructs the DHCP server as to whether it should attempt to update
a DHCP client´s A record when the client acquires or renews a lease. This statement has no effect
unless DNS updates are enabled. Forward updates are enabled by default. If this statement is used
to disable forward updates, the DHCP server will never attempt to update the client´s A record, and
will only ever attempt to update the client´s PTR record if the client supplies an FQDN that should
be placed in the PTR record using the fqdn option. If forward updates are enabled, the DHCP server
will still honor the setting of the client-updates flag.
The dont-use-fsync statement
dont-use-fsync flag;
The dont-use-fsync statement instructs the DHCP server if it should call fsync() when writing leases
to the lease file. By default and if the flag is set to false the server will call fsync().
Suppressing the call to fsync() may increase the performance of the server but it also adds a risk
that a lease will not be properly written to the disk after it has been issued to a client and
before the server stops. This can lead to duplicate leases being issued to different clients.
Using this option is not recommended.
The dynamic-bootp-lease-cutoff statement
dynamic-bootp-lease-cutoff date;
The dynamic-bootp-lease-cutoff statement sets the ending time for all leases assigned dynamically to
BOOTP clients. Because BOOTP clients do not have any way of renewing leases, and don't know that
their leases could expire, by default dhcpd assigns infinite leases to all BOOTP clients. However,
it may make sense in some situations to set a cutoff date for all BOOTP leases - for example, the
end of a school term, or the time at night when a facility is closed and all machines are required
to be powered off.
Date should be the date on which all assigned BOOTP leases will end. The date is specified in the
form:
W YYYY/MM/DD HH:MM:SS
W is the day of the week expressed as a number from zero (Sunday) to six (Saturday). YYYY is the
year, including the century. MM is the month expressed as a number from 1 to 12. DD is the day of
the month, counting from 1. HH is the hour, from zero to 23. MM is the minute and SS is the
second. The time is always in Coordinated Universal Time (UTC), not local time.
The dynamic-bootp-lease-length statement
dynamic-bootp-lease-length length;
The dynamic-bootp-lease-length statement is used to set the length of leases dynamically assigned to
BOOTP clients. At some sites, it may be possible to assume that a lease is no longer in use if its
holder has not used BOOTP or DHCP to get its address within a certain time period. The period is
specified in length as a number of seconds. If a client reboots using BOOTP during the timeout
period, the lease duration is reset to length, so a BOOTP client that boots frequently enough will
never lose its lease. Needless to say, this parameter should be adjusted with extreme caution.
The echo-client-id statement
echo-client-id flag;
The echo-client-id statement is used to enable or disable RFC 6842 compliant behavior. If the echo-
client-id statement is present and has a value of true or on, and a DHCP DISCOVER or REQUEST is
received which contains the client identifier option (Option code 61), the server will copy the
option into its response (DHCP ACK or NAK) per RFC 6842. In other words if the client sends the
option it will receive it back. By default, this flag is off and client identifiers will not echoed
back to the client.
The filename statement
filename "filename";
The filename statement can be used to specify the name of the initial boot file which is to be
loaded by a client. The filename should be a filename recognizable to whatever file transfer
protocol the client can be expected to use to load the file.
The fixed-address declaration
fixed-address address [, address ... ];
The fixed-address declaration is used to assign one or more fixed IP addresses to a client. It
should only appear in a host declaration. If more than one address is supplied, then when the
client boots, it will be assigned the address that corresponds to the network on which it is
booting. If none of the addresses in the fixed-address statement are valid for the network to which
the client is connected, that client will not match the host declaration containing that fixed-
address declaration. Each address in the fixed-address declaration should be either an IP address
or a domain name that resolves to one or more IP addresses.
The fixed-address6 declaration
fixed-address6 ip6-address ;
The fixed-address6 declaration is used to assign a fixed IPv6 addresses to a client. It should only
appear in a host declaration.
The fixed-prefix6 declaration
fixed-prefix6 low-address / bits;
The fixed-prefix6 declaration is used to assign a fixed IPv6 prefix to a client. It should only
appear in a host declaration, but multiple fixed-prefix6 statements may appear in a single host
declaration.
The low-address specifies the start of the prefix and the bits specifies the size of the prefix in
bits.
If there are multiple prefixes for a given host entry the server will choose one that matches the
requested prefix size or, if none match, the first one.
If there are multiple host declarations the server will try to choose a declaration where the fixed-
address6 matches the client's subnet. If none match it will choose one that doesn't have a fixed-
address6 statement.
Note Well: Unlike the fixed address the fixed prefix does not need to match a subnet in order to be
served. This allows you to provide a prefix to a client that is outside of the subnet on which the
client makes the request to the the server.
The get-lease-hostnames statement
get-lease-hostnames flag;
The get-lease-hostnames statement is used to tell dhcpd whether or not to look up the domain name
corresponding to the IP address of each address in the lease pool and use that address for the DHCP
hostname option. If flag is true, then this lookup is done for all addresses in the current scope.
By default, or if flag is false, no lookups are done.
The hardware statement
hardware hardware-type hardware-address;
In order for a BOOTP client to be recognized, its network hardware address must be declared using a
hardware clause in the host statement. hardware-type must be the name of a physical hardware
interface type. Currently, only the ethernet and token-ring types are recognized, although support
for a fddi hardware type (and others) would also be desirable. The hardware-address should be a set
of hexadecimal octets (numbers from 0 through ff) separated by colons. The hardware statement may
also be used for DHCP clients.
The host-identifier option statement
host-identifier option option-name option-data;
or
host-identifier v6relopt number option-name option-data;
This identifies a DHCPv6 client in a host statement. option-name is any option, and option-data is
the value for the option that the client will send. The option-data must be a constant value. In
the v6relopts case the additional number is the relay to examine for the specified option name and
value. The values are the same as for the v6relay option. 0 is a no-op, 1 is the relay closest to
the client, 2 the next one in and so on. Values that are larger than the maximum number of relays
(currently 32) indicate the relay closest to the server independent of number.
The ignore-client-uids statement
ignore-client-uids flag;
If the ignore-client-uids statement is present and has a value of true or on, the UID for clients
will not be recorded. If this statement is not present or has a value of false or off, then client
UIDs will be recorded.
The infinite-is-reserved statement
infinite-is-reserved flag;
ISC DHCP now supports ´reserved´ leases. See the section on RESERVED LEASES below. If this flag is
on, the server will automatically reserve leases allocated to clients which requested an infinite
(0xffffffff) lease-time.
The default is off.
The lease-file-name statement
lease-file-name name;
Name Where name is the name of the DHCP server's lease file. By default, this is
/var/lib/dhcp/dhcpd.leases. This statement must appear in the outer scope of the configuration file
- if it appears in some other scope, it will have no effect. The value must be the absolute path of
the file to use. The order of precedence the server uses for the lease file name is:
1. lease-file-name configuration file statement.
2. -lf command line flag.
3. PATH_DHCPD_DB environment variable.
The dhcpv6-lease-file-name statement
dhcpv6-lease-file-name name;
Where name is the name of the DHCP server's lease file when the server is running DHCPv6. By
default, this is /var/lib/dhcp/dhcpd6.leases. This statement must appear in the outer scope of the
configuration file - if it appears in some other scope, it will have no effect. The value must be
the absolute path of the file to use. The order of precedence the server uses for the lease file
name is:
1. dhcpv6-lease-file-name configuration file statement.
2. -lf command line flag.
3. PATH_DHCPD6_DB environment variable.
The lease-id-format parameter
lease-id-format format;
The format parameter must be either octal or hex. This parameter governs the format used to write
certain values to lease files. With the default format, octal, values are written as quoted strings
in which non-printable characters are represented as octal escapes - a backslash character followed
by three octal digits. When the hex format is specified, values are written as an unquoted series
of pairs of hexadecimal digits, separated by colons.
Currently, the values written out based on lease-id-format are the server-duid, the uid (DHCPv4
leases), and the IAID_DUID (DHCPv6 leases). Note the server automatically reads the values in
either format.
The limit-addrs-per-ia statement
limit-addrs-per-ia number;
By default, the DHCPv6 server will limit clients to one IAADDR per IA option, meaning one address.
If you wish to permit clients to hang onto multiple addresses at a time, configure a larger number
here.
Note that there is no present method to configure the server to forcibly configure the client with
one IP address per each subnet on a shared network. This is left to future work.
The local-port statement
local-port port;
This statement causes the DHCP server to listen for DHCP requests on the UDP port specified in port,
rather than on port 67.
The local-address statement
local-address address;
This statement causes the DHCP server to listen for DHCP requests sent to the specified address,
rather than requests sent to all addresses. Since serving directly attached DHCP clients implies
that the server must respond to requests sent to the all-ones IP address, this option cannot be used
if clients are on directly attached networks; it is only realistically useful for a server whose
only clients are reached via unicasts, such as via DHCP relay agents.
Note: This statement is only effective if the server was compiled using the USE_SOCKETS #define
statement, which is default on a small number of operating systems, and must be explicitly chosen at
compile-time for all others. You can be sure if your server is compiled with USE_SOCKETS if you see
lines of this format at startup:
Listening on Socket/eth0
Note also that since this bind()s all DHCP sockets to the specified address, that only one address
may be supported in a daemon at a given time.
The local-address6 and bind-local-address6 statements
local-address6 address;
bind-local-address6 flag;
The local-address6 statement causes the DHCP server to send IPv6 packets as originating from the
specified IPv6 address, rather than leaving the kernel to fill in the source address field.
When bind-local-address6 is present and has a value of true or on, service sockets are bound to
address too.
By default address is the undefined address and the bind-local-address6 is disabled, both may only
be set at the global scope.
The log-facility statement
log-facility facility;
This statement causes the DHCP server to do all of its logging on the specified log facility once
the dhcpd.conf file has been read. By default the DHCP server logs to the daemon facility.
Possible log facilities include auth, authpriv, cron, daemon, ftp, kern, lpr, mail, mark, news, ntp,
security, syslog, user, uucp, and local0 through local7. Not all of these facilities are available
on all systems, and there may be other facilities available on other systems.
In addition to setting this value, you may need to modify your syslog.conf file to configure logging
of the DHCP server. For example, you might add a line like this:
local7.debug /var/log/dhcpd.log
The syntax of the syslog.conf file may be different on some operating systems - consult the
syslog.conf manual page to be sure. To get syslog to start logging to the new file, you must first
create the file with correct ownership and permissions (usually, the same owner and permissions of
your /var/log/messages or /usr/adm/messages file should be fine) and send a SIGHUP to syslogd. Some
systems support log rollover using a shell script or program called newsyslog or logrotate, and you
may be able to configure this as well so that your log file doesn't grow uncontrollably.
Because the log-facility setting is controlled by the dhcpd.conf file, log messages printed while
parsing the dhcpd.conf file or before parsing it are logged to the default log facility. To prevent
this, see the README file included with this distribution, which describes BUG: where is that
mentioned in README? how to change the default log facility. When this parameter is used, the DHCP
server prints its startup message a second time after parsing the configuration file, so that the
log will be as complete as possible.
The log-threshold-high and log-threshold-low statements
log-threshold-high percentage;
log-threshold-low percentage;
The log-threshold-low and log-threshold-high statements are used to control when a message is output
about pool usage. The value for both of them is the percentage of the pool in use. If the high
threshold is 0 or has not been specified, no messages will be produced. If a high threshold is
given, a message is output once the pool usage passes that level. After that, no more messages will
be output until the pool usage falls below the low threshold. If the low threshold is not given, it
default to a value of zero.
A special case occurs when the low threshold is set to be higher than the high threshold. In this
case, a message will be generated each time a lease is acknowledged when the pool usage is above the
high threshold.
Note that threshold logging will be automatically disabled for shared subnets whose total number of
addresses is larger than (2^64)-1. The server will emit a log statement at startup when threshold
logging is disabled as shown below:
"Threshold logging disabled for shared subnet of ranges: <addresses>"
This is likely to have no practical runtime effect as CPUs are unlikely to support a server actually
reaching such a large number of leases.
The max-lease-time statement
max-lease-time time;
Time should be the maximum length in seconds that will be assigned to a lease. If not defined, the
default maximum lease time is 86400. The only exception to this is that Dynamic BOOTP lease
lengths, which are not specified by the client, are not limited by this maximum.
The min-lease-time statement
min-lease-time time;
Time should be the minimum length in seconds that will be assigned to a lease. The default is the
minimum of 300 seconds or max-lease-time.
The min-secs statement
min-secs seconds;
Seconds should be the minimum number of seconds since a client began trying to acquire a new lease
before the DHCP server will respond to its request. The number of seconds is based on what the
client reports, and the maximum value that the client can report is 255 seconds. Generally, setting
this to one will result in the DHCP server not responding to the client's first request, but always
responding to its second request.
This can be used to set up a secondary DHCP server which never offers an address to a client until
the primary server has been given a chance to do so. If the primary server is down, the client will
bind to the secondary server, but otherwise clients should always bind to the primary. Note that
this does not, by itself, permit a primary server and a secondary server to share a pool of
dynamically-allocatable addresses.
The next-server statement
next-server server-name;
The next-server statement is used to specify the host address of the server from which the initial
boot file (specified in the filename statement) is to be loaded. Server-name should be a numeric IP
address or a domain name.
The omapi-port statement
omapi-port port;
The omapi-port statement causes the DHCP server to listen for OMAPI connections on the specified
port. This statement is required to enable the OMAPI protocol, which is used to examine and modify
the state of the DHCP server as it is running.
The one-lease-per-client statement
one-lease-per-client flag;
If this flag is enabled, whenever a client sends a DHCPREQUEST for a particular lease, the server
will automatically free any other leases the client holds. This presumes that when the client sends
a DHCPREQUEST, it has forgotten any lease not mentioned in the DHCPREQUEST - i.e., the client has
only a single network interface and it does not remember leases it's holding on networks to which it
is not currently attached. Neither of these assumptions are guaranteed or provable, so we urge
caution in the use of this statement.
The persist-eui-64-leases statement
persist-eui-64-leases flag;
When this flag is enabled, the server will write EUI-64 based leases to the leases file. Since such
leases can only, ever be valid for a single DUID value it can be argued that writing them to the
leases file isn't essential and not doing so may have perfomance advantages. See use-eui-64
statement for more details on EUI-64 based address allocation. The flag is enabled by default and
may only be set at the global scope.
The pid-file-name statement
pid-file-name name;
Name should be the name of the DHCP server's process ID file. This is the file in which the DHCP
server's process ID is stored when the server starts. By default, this is /var/run/dhcpd.pid. Like
the lease-file-name statement, this statement must appear in the outer scope of the configuration
file. The order of precedence used by the server is:
1. pid-file-name configuration file statement.
2. -lf command line flag.
3. PATH_DHCPD_PID environment variable.
The dhcpv6-pid-file-name statement
dhcpv6-pid-file-name name;
Name is the name of the pid file to use if and only if the server is running in DHCPv6 mode. By
default, this is /var/lib/dhcp/dhcpd6.pid. This statement, like pid-file-name, must appear in the
outer scope of the configuration file. The order of precedence used by the server is:
1. dhcpv6-pid-file-name configuration file statement.
2. -lf command line flag.
3. PATH_DHCPD6_PID environment variable.
The ping-check statement
ping-check flag;
When the DHCP server is considering dynamically allocating an IP address to a client, it first
sends an ICMP Echo request (a ping) to the address being assigned. It waits for a second, and if
no ICMP Echo response has been heard, it assigns the address. If a response is heard, the lease
is abandoned, and the server does not respond to the client. The lease will remain abandoned for
a minimum of abandon-lease-time seconds.
If a there are no free addresses but there are abandoned IP addresses, the DHCP server will
attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time.
This ping check introduces a default one-second delay in responding to DHCPDISCOVER messages,
which can be a problem for some clients. The default delay of one second may be configured using
the ping-timeout parameter. The ping-check configuration parameter can be used to control
checking - if its value is false, no ping check is done.
The ping-cltt-secs statement
ping-cltt-secs seconds;
The server will conduct a ping check if all the following conditions are true:
1. Ping checking is enabled.
2. The server is responding to a DISCOVER.
3. The lease to be offered is neither static nor active (i.e. still a valid lease).
4. And any of the following are true:
a. This will be the first offer of this lease (CLTT is 0).
b. The lease is being offered to a client other than its previous owner
c. The lease is being offered to its previous owner and more than
ping-cltt-secs have elapsed since CLTT of the original lease.
d. The lease was abandoned and the server is attempting to reclaim it.
The ping-cltt-secs statement allows the user to specify the amount of time that must elaspe after
CLTT before a ping check will be conducted. The default value is sixty seconds.
The ping-timeout statement
ping-timeout seconds;
If the DHCP server determined it should send an ICMP echo request (a ping) because the ping-check
statement is true, ping-timeout allows you to configure how many seconds the DHCP server should
wait for an ICMP Echo response to be heard, if no ICMP Echo response has been received before the
timeout expires, it assigns the address. If a response is heard, the lease is abandoned, and the
server does not respond to the client. If no value is set, ping-timeout defaults to 1 second.
(See also ping-timeout-ms below)
The ping-timeout-ms statement
ping-timeout-ms milliseconds;
Allows you to specify the ping timeout in milliseconds rather than seconds. If this value is
greater than zero, the server will use it in place of ping-timeout. The default value is zero.
The preferred-lifetime statement
preferred-lifetime seconds;
IPv6 addresses have ´valid´ and ´preferred´ lifetimes. The valid lifetime determines at what
point a lease might be said to have expired, and is no longer useable. A preferred lifetime is an
advisory condition to help applications move off of the address and onto currently valid addresses
(should there still be any open TCP sockets or similar).
The preferred lifetime defaults to 5/8 the default lease time.
The prefix-length-mode statement
prefix-length-mode mode;
According to RFC 3633, DHCPv6 clients may specify preferences when soliciting prefixes by
including an IA_PD Prefix option within the IA_PD option. Among the preferences that may be
conveyed is the "prefix-length". When non-zero it indicates a client's desired length for offered
prefixes. The RFC states that servers "MAY choose to use the information...to select prefix(es)"
but does not specify any particular rules for doing so. The prefix-length-mode statement can be
used to set the prefix selection rules employed by the server, when clients send a non-zero
prefix-length value. The mode parameter must be one of ignore, prefer, exact, minimum, or maximum
where:
1. ignore - The requested length is ignored. The server will offer the first available prefix.
2. prefer - The server will offer the first available prefix with the same length as the requested
length. If none are found then it will offer the first available prefix of any length. This is
the default behavior.
3. exact - The server will offer the first available prefix with the same length as the requested
length. If none are found, it will return a status indicating no prefixes available.
4. minimum - The server will offer the first available prefix with the same length as the
requested length. If none are found, it will return the first available prefix whose length is
greater than (e.g. longer than), the requested value. If none of those are found, it will return
a status indicating no prefixes available. For example, if client requests a length of /60, and
the server has available prefixes of lengths /56 and /64, it will offer prefix of length /64.
5. maximum - The server will offer the first available prefix with the same length as the
requested length. If none are found, it will return the first available prefix whose length is
less than (e.g. shorter than), the requested value. If none of those are found, it will return a
status indicating no prefixes available. For example, if client requests a length of /60, and the
server has available prefixes of lengths /56 and /64, it will offer a prefix of length /56.
In general "first available" is determined by the order in which pools are defined in the server's
configuration. For example, if a subnet is defined with three prefix pools A,B, and C:
subnet 3000::/64 {
# pool A
pool6 {
:
}
# pool B
pool6 {
:
}
# pool C
pool6 {
:
}
}
then the pools will be checked in the order A, B, C. For modes prefer, minimum, and maximum this
may mean checking the pools in that order twice. A first pass through is made looking for an
available prefix of exactly the preferred length. If none are found, then a second pass is
performed starting with pool A but with appropriately adjusted length criteria.
The release-on-roam statement
release-on-roam flag;
When enabled and the dhcpd server detects that a DHCPv6 client (IAID+DUID) has roamed to a new
network, it will release the pre-existing leases on the old network and emit a log statement
similiar to the following:
"Client: <id> roamed to new network, releasing lease: <address>"
The server will carry out all of the same steps that would normally occur when a client explicitly
releases a lease. When release-on-roam is disabled (the default) the server makes such leases
unavailable until they expire or the server is restarted. Clients that need leases in multiple
networks must supply a unique IAID in each IA. This parameter may only be specified at the global
level.
The remote-port statement
remote-port port;
This statement causes the DHCP server to transmit DHCP responses to DHCP clients upon the UDP port
specified in port, rather than on port 68. In the event that the UDP response is transmitted to a
DHCP Relay, the server generally uses the local-port configuration value. Should the DHCP Relay
happen to be addressed as 127.0.0.1, however, the DHCP Server transmits its response to the
remote-port configuration value. This is generally only useful for testing purposes, and this
configuration value should generally not be used.
The server-identifier statement
server-identifier hostname;
The server-identifier statement can be used to define the value that is sent in the DHCP Server
Identifier option for a given scope. The value specified must be an IP address for the DHCP
server, and must be reachable by all clients served by a particular scope.
The use of the server-identifier statement is not recommended - the only reason to use it is to
force a value other than the default value to be sent on occasions where the default value would
be incorrect. The default value is the first IP address associated with the physical network
interface on which the request arrived.
The usual case where the server-identifier statement needs to be sent is when a physical interface
has more than one IP address, and the one being sent by default isn't appropriate for some or all
clients served by that interface. Another common case is when an alias is defined for the purpose
of having a consistent IP address for the DHCP server, and it is desired that the clients use this
IP address when contacting the server.
Supplying a value for the dhcp-server-identifier option is equivalent to using the server-
identifier statement.
The server-id-check statement
server-id-check flag;
The server-id-check statement is used to control whether or not a server, participating in
failover, verifies that the value of the dhcp-server-identifier option in received DHCP REQUESTs
match the server's id before processing the request. Server id checking is disabled by default.
Setting this flag enables id checking and thereafter the server will only process requests that
match. Note the flag setting should be consistent between failover partners.
Unless overridden by use of the server-identifier statement, the value the server uses as its id
will be the first IP address associated with the physical network interface on which the request
arrived.
In order to reduce runtime overhead the server only checks for a server id option in the global
and subnet scopes. Complicated configurations may result in different server ids for this check
and when the server id for a reply packet is determined, which would prohibit the server from
responding.
The primary use for this option is when a client broadcasts a request but requires that the
response come from a specific failover peer. An example of this would be when a client reboots
while its lease is still active - in this case both servers will normally respond. Most of the
time the client won't check the server id and can use either of the responses. However if the
client does check the server id it may reject the response if it came from the wrong peer. If the
timing is such that the "wrong" peer responds first most of the time the client may not get an
address for some time.
Care should be taken before enabling this option.
The server-duid statement
server-duid LLT [ hardware-type timestamp hardware-address ] ;
server-duid EN enterprise-number enterprise-identifier ;
server-duid LL [ hardware-type hardware-address ] ;
The server-duid statement configures the server DUID. You may pick either LLT (link local address
plus time), EN (enterprise), or LL (link local).
If you choose LLT or LL, you may specify the exact contents of the DUID. Otherwise the server
will generate a DUID of the specified type.
If you choose EN, you must include the enterprise number and the enterprise-identifier.
If there is a server-duid statement in the lease file it will take precedence over the server-duid
statement from the config file and a dhcp6.server-id option in the config file will override both.
The default server-duid type is LLT.
The server-name statement
server-name name ;
The server-name statement can be used to inform the client of the name of the server from which it
is booting. Name should be the name that will be provided to the client.
The dhcpv6-set-tee-times statement
dhcpv6-set-tee-times flag;
The dhcpv6-set-tee-times statement enables setting T1 and T2 to the values recommended in RFC 3315
(Section 22.4). When setting T1 and T2, the server will use dhcp-renewal-time and dhcp-rebinding-
time, respectively. A value of zero tells the client it may choose its own value.
When those options are not defined then values will be set to zero unless the global dhcpv6-set-
tee-times is enabled. When this option is enabled the times are calculated as recommended by RFC
3315, Section 22.4:
T1 will be set to 0.5 times the shortest preferred lifetime
in the reply. If the "shortest" preferred lifetime is
0xFFFFFFFF, T1 will set to 0xFFFFFFFF.
T2 will be set to 0.8 times the shortest preferred lifetime
in the reply. If the "shortest" preferred lifetime is
0xFFFFFFFF, T2 will set to 0xFFFFFFFF.
Keep in mind that given sufficiently small lease lifetimes, the above calculations will result in
the two values being equal. For example, a 9 second lease lifetime would yield T1 = T2 = 4
seconds, which would cause clients to issue rebinds only. In such a case it would likely be
better to explicitly define the values.
Note that dhcpv6-set-tee-times is intended to be transitional and will likely be removed in a
future release. Once removed the behavior will be to use the configured values when present or
calculate them per the RFC. If you want zeros, define them as zeros.
The site-option-space statement
site-option-space name ;
The site-option-space statement can be used to determine from what option space site-local options
will be taken. This can be used in much the same way as the vendor-option-space statement. Site-
local options in DHCP are those options whose numeric codes are greater than 224. These options
are intended for site-specific uses, but are frequently used by vendors of embedded hardware that
contains DHCP clients. Because site-specific options are allocated on an ad hoc basis, it is
quite possible that one vendor's DHCP client might use the same option code that another vendor's
client uses, for different purposes. The site-option-space option can be used to assign a
different set of site-specific options for each such vendor, using conditional evaluation (see
dhcp-eval (5) for details).
The stash-agent-options statement
stash-agent-options flag;
If the stash-agent-options parameter is true for a given client, the server will record the relay
agent information options sent during the client's initial DHCPREQUEST message when the client was
in the SELECTING state and behave as if those options are included in all subsequent DHCPREQUEST
messages sent in the RENEWING state. This works around a problem with relay agent information
options, which is that they usually not appear in DHCPREQUEST messages sent by the client in the
RENEWING state, because such messages are unicast directly to the server and not sent through a
relay agent.
The update-conflict-detection statement
update-conflict-detection flag;
If the update-conflict-detection parameter is true, the server will perform standard DHCID
multiple-client, one-name conflict detection. If the parameter has been set false, the server
will skip this check and instead simply tear down any previous bindings to install the new binding
without question. The default is true and this parameter may only be specified at the global
scope.
The update-optimization statement
update-optimization flag;
If the update-optimization parameter is false for a given client, the server will attempt a DNS
update for that client each time the client renews its lease, rather than only attempting an
update when it appears to be necessary. This will allow the DNS to heal from database
inconsistencies more easily, but the cost is that the DHCP server must do many more DNS updates.
We recommend leaving this option enabled, which is the default. If this parameter is not
specified, or is true, the DHCP server will only update when the client information changes, the
client gets a different lease, or the client's lease expires.
The update-static-leases statement
update-static-leases flag;
The update-static-leases flag, if enabled, causes the DHCP server to do DNS updates for clients
even if those clients are being assigned their IP address using a fixed-address or fixed-address6
statement - that is, the client is being given a static assignment. It is not recommended because
the DHCP server has no way to tell that the update has been done, and therefore will not delete
the record when it is not in use. Also, the server must attempt the update each time the client
renews its lease, which could have a significant performance impact in environments that place
heavy demands on the DHCP server. This feature is supported for both DHCPv4 and DHCPv6, and
update modes standard or interim. It is disabled by default.
The use-eui-64 statement
use-eui-64 flag;
(Support for this must be enabled at compile time, see EUI_64 in
includes/site.h)
The use-eui-64 flag, if enabled, instructs the server to construct an address using the client's
EUI-64 DUID (Type 3, HW Type EUI-64), rather than creating an address using the dynamic algorithm.
This means that a given DUID will always generate the same address for a given pool and further
that the address is guaranteed to be unique to that DUID. The IPv6 address will be calculated
from the EUI-64 link layer address, conforming to RFC 2373, unless there is a host declaration for
the client-id.
The range6 statement for EUI-64 must define full /64 bit ranges. Invalid ranges will be flagged
during configuration parsing as errors. See the following example:
subnet6 fc00:e4::/64 {
use-eui-64 true;
range6 fc00:e4::/64;
}
The statement may be specified down to the pool level, allowing a mixture of dynamic and EUI-64
based pools.
During lease file parsing, any leases which map to an EUI-64 pool, that have a non-EUI-64 DUID or
for which the lease address is not the EUI-64 address for that DUID in that pool, will be
discarded.
If a host declaration exists for the DUID, the server grants the address (fixed-prefix6, fixed-
address6) according to the host declaration, regardless of the DUID type of the client (even for
EUI-64 DUIDs).
If a client request's an EUI-64 lease for a given network, and the resultant address conflicts
with a fixed address reservation, the server will send the client a "no addresses available"
response.
Any client with a non-conforming DUID (not type 3 or not hw type EUI-64) that is not linked to a
host declaration, which requests an address from an EUI-64 enabled pool will be ignored and the
event will be logged.
Pools that are configured for EUI-64 will be skipped for dynamic allocation. If there are no
pools in the shared network from which to allocate, the client will get back a no addresses
available status.
On an EUI-64 enabled pool, any client with a DUID 3, HW Type EUI-64, requesting a solicit/renew
and including IA_NA that do not match the EUI-64 policy, they will be treated as though they are
"outside" the subnet for a given client message:
Solicit - Server will advertise with EUI-64 ia suboption, but with rapid
commit off
Request - Server will send "an address not on link status", and no ia
suboption Renew/Rebind - Server will send the requested address ia
suboption with lifetimes of 0, plus an EUI-64 ia
Whether or not EUI-64 based leases are written out to the lease database may be controlled by
persist-eui-64-leases statement.
The use-host-decl-names statement
use-host-decl-names flag;
If the use-host-decl-names parameter is true in a given scope, then for every host declaration
within that scope, the name provided for the host declaration will be supplied to the client as
its hostname. So, for example,
group {
use-host-decl-names on;
host joe {
hardware ethernet 08:00:2b:4c:29:32;
fixed-address joe.example.com;
}
}
is equivalent to
host joe {
hardware ethernet 08:00:2b:4c:29:32;
fixed-address joe.example.com;
option host-name "joe";
}
Additionally, enabling use-host-decl-names instructs the server to use the host declaration name
in the the forward DNS name, if no other values are available. This value selection process is
discussed in more detail under DNS updates.
An option host-name statement within a host declaration will override the use of the name in the
host declaration.
It should be noted here that most DHCP clients completely ignore the host-name option sent by the
DHCP server, and there is no way to configure them not to do this. So you generally have a choice
of either not having any hostname to client IP address mapping that the client will recognize, or
doing DNS updates. It is beyond the scope of this document to describe how to make this
determination.
The use-lease-addr-for-default-route statement
use-lease-addr-for-default-route flag;
If the use-lease-addr-for-default-route parameter is true in a given scope, then instead of
sending the value specified in the routers option (or sending no value at all), the IP address of
the lease being assigned is sent to the client. This supposedly causes Win95 machines to ARP for
all IP addresses, which can be helpful if your router is configured for proxy ARP. The use of
this feature is not recommended, because it won't work for many DHCP clients.
The vendor-option-space statement
vendor-option-space string;
The vendor-option-space parameter determines from what option space vendor options are taken. The
use of this configuration parameter is illustrated in the dhcp-options(5) manual page, in the
VENDOR ENCAPSULATED OPTIONS section.
SETTING PARAMETER VALUES USING EXPRESSIONS
Sometimes it's helpful to be able to set the value of a DHCP server parameter based on some value that
the client has sent. To do this, you can use expression evaluation. The dhcp-eval(5) manual page
describes how to write expressions. To assign the result of an evaluation to an option, define the
option as follows:
my-parameter = expression ;
For example:
ddns-hostname = binary-to-ascii (16, 8, "-",
substring (hardware, 1, 6));
RESERVED LEASES
It's often useful to allocate a single address to a single client, in approximate perpetuity. Host
statements with fixed-address clauses exist to a certain extent to serve this purpose, but because host
statements are intended to approximate ´static configuration´, they suffer from not being referenced in a
littany of other Server Services, such as dynamic DNS, failover, ´on events´ and so forth.
If a standard dynamic lease, as from any range statement, is marked ´reserved´, then the server will only
allocate this lease to the client it is identified by (be that by client identifier or hardware address).
In practice, this means that the lease follows the normal state engine, enters ACTIVE state when the
client is bound to it, expires, or is released, and any events or services that would normally be
supplied during these events are processed normally, as with any other dynamic lease. The only
difference is that failover servers treat reserved leases as special when they enter the FREE or BACKUP
states - each server applies the lease into the state it may allocate from - and the leases are not
placed on the queue for allocation to other clients. Instead they may only be ´found´ by client
identity. The result is that the lease is only offered to the returning client.
Care should probably be taken to ensure that the client only has one lease within a given subnet that it
is identified by.
Leases may be set ´reserved´ either through OMAPI, or through the ´infinite-is-reserved´ configuration
option (if this is applicable to your environment and mixture of clients).
It should also be noted that leases marked ´reserved´ are effectively treated the same as leases marked
´bootp´.
REFERENCE: OPTION STATEMENTS
DHCP option statements are documented in the dhcp-options(5) manual page.
REFERENCE: EXPRESSIONS
Expressions used in DHCP option statements and elsewhere are documented in the dhcp-eval(5) manual page.
SEE ALSO
dhcpd(8), dhcpd.leases(5), dhcp-options(5), dhcp-eval(5), RFC2132, RFC2131.
AUTHOR
dhcpd.conf(5) is maintained by ISC. Information about Internet Systems Consortium can be found at
https://www.isc.org.
dhcpd.conf(5)