1dhcpd.conf(5) File Formats Manual dhcpd.conf(5)
2
3
4
6 dhcpd.conf - dhcpd configuration file
7
9 The dhcpd.conf file contains configuration information for dhcpd, the
10 Internet Systems Consortium DHCP Server.
11
12 The dhcpd.conf file is a free-form ASCII text file. It is parsed by
13 the recursive-descent parser built into dhcpd. The file may contain
14 extra tabs and newlines for formatting purposes. Keywords in the file
15 are case-insensitive. Comments may be placed anywhere within the file
16 (except within quotes). Comments begin with the # character and end at
17 the end of the line.
18
19 The file essentially consists of a list of statements. Statements fall
20 into two broad categories - parameters and declarations.
21
22 Parameter statements either say how to do something (e.g., how long a
23 lease to offer), whether to do something (e.g., should dhcpd provide
24 addresses to unknown clients), or what parameters to provide to the
25 client (e.g., use gateway 220.177.244.7).
26
27 Declarations are used to describe the topology of the network, to
28 describe clients on the network, to provide addresses that can be
29 assigned to clients, or to apply a group of parameters to a group of
30 declarations. In any group of parameters and declarations, all parame‐
31 ters must be specified before any declarations which depend on those
32 parameters may be specified.
33
34 Declarations about network topology include the shared-network and the
35 subnet declarations. If clients on a subnet are to be assigned
36 addresses dynamically, a range declaration must appear within the sub‐
37 net declaration. For clients with statically assigned addresses, or
38 for installations where only known clients will be served, each such
39 client must have a host declaration. If parameters are to be applied
40 to a group of declarations which are not related strictly on a per-sub‐
41 net basis, the group declaration can be used.
42
43 For every subnet which will be served, and for every subnet to which
44 the dhcp server is connected, there must be one subnet declaration,
45 which tells dhcpd how to recognize that an address is on that subnet.
46 A subnet declaration is required for each subnet even if no addresses
47 will be dynamically allocated on that subnet.
48
49 Some installations have physical networks on which more than one IP
50 subnet operates. For example, if there is a site-wide requirement that
51 8-bit subnet masks be used, but a department with a single physical
52 ethernet network expands to the point where it has more than 254 nodes,
53 it may be necessary to run two 8-bit subnets on the same ethernet until
54 such time as a new physical network can be added. In this case, the
55 subnet declarations for these two networks must be enclosed in a
56 shared-network declaration.
57
58 Note that even when the shared-network declaration is absent, an empty
59 one is created by the server to contain the subnet (and any scoped
60 parameters included in the subnet). For practical purposes, this means
61 that "stateless" DHCP clients, which are not tied to addresses (and
62 therefore subnets) will receive the same configuration as stateful
63 ones.
64
65 Some sites may have departments which have clients on more than one
66 subnet, but it may be desirable to offer those clients a uniform set of
67 parameters which are different than what would be offered to clients
68 from other departments on the same subnet. For clients which will be
69 declared explicitly with host declarations, these declarations can be
70 enclosed in a group declaration along with the parameters which are
71 common to that department. For clients whose addresses will be dynami‐
72 cally assigned, class declarations and conditional declarations may be
73 used to group parameter assignments based on information the client
74 sends.
75
76 When a client is to be booted, its boot parameters are determined by
77 consulting that client's host declaration (if any), and then consulting
78 any class declarations matching the client, followed by the pool, sub‐
79 net and shared-network declarations for the IP address assigned to the
80 client. Each of these declarations itself appears within a lexical
81 scope, and all declarations at less specific lexical scopes are also
82 consulted for client option declarations. Scopes are never considered
83 twice, and if parameters are declared in more than one scope, the
84 parameter declared in the most specific scope is the one that is used.
85
86 When dhcpd tries to find a host declaration for a client, it first
87 looks for a host declaration which has a fixed-address declaration that
88 lists an IP address that is valid for the subnet or shared network on
89 which the client is booting. If it doesn't find any such entry, it
90 tries to find an entry which has no fixed-address declaration.
91
93 A typical dhcpd.conf file will look something like this:
94
95 global parameters...
96
97 subnet 204.254.239.0 netmask 255.255.255.224 {
98 subnet-specific parameters...
99 range 204.254.239.10 204.254.239.30;
100 }
101
102 subnet 204.254.239.32 netmask 255.255.255.224 {
103 subnet-specific parameters...
104 range 204.254.239.42 204.254.239.62;
105 }
106
107 subnet 204.254.239.64 netmask 255.255.255.224 {
108 subnet-specific parameters...
109 range 204.254.239.74 204.254.239.94;
110 }
111
112 group {
113 group-specific parameters...
114 host zappo.test.isc.org {
115 host-specific parameters...
116 }
117 host beppo.test.isc.org {
118 host-specific parameters...
119 }
120 host harpo.test.isc.org {
121 host-specific parameters...
122 }
123 }
124
125 Figure 1
126
127
128 Notice that at the beginning of the file, there's a place for global
129 parameters. These might be things like the organization's domain name,
130 the addresses of the name servers (if they are common to the entire
131 organization), and so on. So, for example:
132
133 option domain-name "isc.org";
134 option domain-name-servers ns1.isc.org, ns2.isc.org;
135
136 Figure 2
137
138 As you can see in Figure 2, you can specify host addresses in parame‐
139 ters using their domain names rather than their numeric IP addresses.
140 If a given hostname resolves to more than one IP address (for example,
141 if that host has two ethernet interfaces), then where possible, both
142 addresses are supplied to the client.
143
144 The most obvious reason for having subnet-specific parameters as shown
145 in Figure 1 is that each subnet, of necessity, has its own router. So
146 for the first subnet, for example, there should be something like:
147
148 option routers 204.254.239.1;
149
150 Note that the address here is specified numerically. This is not
151 required - if you have a different domain name for each interface on
152 your router, it's perfectly legitimate to use the domain name for that
153 interface instead of the numeric address. However, in many cases there
154 may be only one domain name for all of a router's IP addresses, and it
155 would not be appropriate to use that name here.
156
157 In Figure 1 there is also a group statement, which provides common
158 parameters for a set of three hosts - zappo, beppo and harpo. As you
159 can see, these hosts are all in the test.isc.org domain, so it might
160 make sense for a group-specific parameter to override the domain name
161 supplied to these hosts:
162
163 option domain-name "test.isc.org";
164
165 Also, given the domain they're in, these are probably test machines.
166 If we wanted to test the DHCP leasing mechanism, we might set the lease
167 timeout somewhat shorter than the default:
168
169 max-lease-time 120;
170 default-lease-time 120;
171
172 You may have noticed that while some parameters start with the option
173 keyword, some do not. Parameters starting with the option keyword cor‐
174 respond to actual DHCP options, while parameters that do not start with
175 the option keyword either control the behavior of the DHCP server
176 (e.g., how long a lease dhcpd will give out), or specify client parame‐
177 ters that are not optional in the DHCP protocol (for example, server-
178 name and filename).
179
180 In Figure 1, each host had host-specific parameters. These could
181 include such things as the hostname option, the name of a file to
182 upload (the filename parameter) and the address of the server from
183 which to upload the file (the next-server parameter). In general, any
184 parameter can appear anywhere that parameters are allowed, and will be
185 applied according to the scope in which the parameter appears.
186
187 Imagine that you have a site with a lot of NCD X-Terminals. These ter‐
188 minals come in a variety of models, and you want to specify the boot
189 files for each model. One way to do this would be to have host decla‐
190 rations for each server and group them by model:
191
192 group {
193 filename "Xncd19r";
194 next-server ncd-booter;
195
196 host ncd1 { hardware ethernet 0:c0:c3:49:2b:57; }
197 host ncd4 { hardware ethernet 0:c0:c3:80:fc:32; }
198 host ncd8 { hardware ethernet 0:c0:c3:22:46:81; }
199 }
200
201 group {
202 filename "Xncd19c";
203 next-server ncd-booter;
204
205 host ncd2 { hardware ethernet 0:c0:c3:88:2d:81; }
206 host ncd3 { hardware ethernet 0:c0:c3:00:14:11; }
207 }
208
209 group {
210 filename "XncdHMX";
211 next-server ncd-booter;
212
213 host ncd1 { hardware ethernet 0:c0:c3:11:90:23; }
214 host ncd4 { hardware ethernet 0:c0:c3:91:a7:8; }
215 host ncd8 { hardware ethernet 0:c0:c3:cc:a:8f; }
216 }
217
219 The pool declaration can be used to specify a pool of addresses that
220 will be treated differently than another pool of addresses, even on the
221 same network segment or subnet. For example, you may want to provide a
222 large set of addresses that can be assigned to DHCP clients that are
223 registered to your DHCP server, while providing a smaller set of
224 addresses, possibly with short lease times, that are available for
225 unknown clients. If you have a firewall, you may be able to arrange
226 for addresses from one pool to be allowed access to the Internet, while
227 addresses in another pool are not, thus encouraging users to register
228 their DHCP clients. To do this, you would set up a pair of pool decla‐
229 rations:
230
231 subnet 10.0.0.0 netmask 255.255.255.0 {
232 option routers 10.0.0.254;
233
234 # Unknown clients get this pool.
235 pool {
236 option domain-name-servers bogus.example.com;
237 max-lease-time 300;
238 range 10.0.0.200 10.0.0.253;
239 allow unknown-clients;
240 }
241
242 # Known clients get this pool.
243 pool {
244 option domain-name-servers ns1.example.com, ns2.example.com;
245 max-lease-time 28800;
246 range 10.0.0.5 10.0.0.199;
247 deny unknown-clients;
248 }
249 }
250
251 It is also possible to set up entirely different subnets for known and
252 unknown clients - address pools exist at the level of shared networks,
253 so address ranges within pool declarations can be on different subnets.
254
255 As you can see in the preceding example, pools can have permit lists
256 that control which clients are allowed access to the pool and which
257 aren't. Each entry in a pool's permit list is introduced with the
258 allow or deny keyword. If a pool has a permit list, then only those
259 clients that match specific entries on the permit list will be eligible
260 to be assigned addresses from the pool. If a pool has a deny list,
261 then only those clients that do not match any entries on the deny list
262 will be eligible. If both permit and deny lists exist for a pool,
263 then only clients that match the permit list and do not match the deny
264 list will be allowed access.
265
267 Address allocation is actually only done when a client is in the INIT
268 state and has sent a DHCPDISCOVER message. If the client thinks it has
269 a valid lease and sends a DHCPREQUEST to initiate or renew that lease,
270 the server has only three choices - it can ignore the DHCPREQUEST, send
271 a DHCPNAK to tell the client it should stop using the address, or send
272 a DHCPACK, telling the client to go ahead and use the address for a
273 while.
274
275 If the server finds the address the client is requesting, and that
276 address is available to the client, the server will send a DHCPACK. If
277 the address is no longer available, or the client isn't permitted to
278 have it, the server will send a DHCPNAK. If the server knows nothing
279 about the address, it will remain silent, unless the address is incor‐
280 rect for the network segment to which the client has been attached and
281 the server is authoritative for that network segment, in which case the
282 server will send a DHCPNAK even though it doesn't know about the
283 address.
284
285 There may be a host declaration matching the client's identification.
286 If that host declaration contains a fixed-address declaration that
287 lists an IP address that is valid for the network segment to which the
288 client is connected. In this case, the DHCP server will never do
289 dynamic address allocation. In this case, the client is required to
290 take the address specified in the host declaration. If the client
291 sends a DHCPREQUEST for some other address, the server will respond
292 with a DHCPNAK.
293
294 When the DHCP server allocates a new address for a client (remember,
295 this only happens if the client has sent a DHCPDISCOVER), it first
296 looks to see if the client already has a valid lease on an IP address,
297 or if there is an old IP address the client had before that hasn't yet
298 been reassigned. In that case, the server will take that address and
299 check it to see if the client is still permitted to use it. If the
300 client is no longer permitted to use it, the lease is freed if the
301 server thought it was still in use - the fact that the client has sent
302 a DHCPDISCOVER proves to the server that the client is no longer using
303 the lease.
304
305 If no existing lease is found, or if the client is forbidden to receive
306 the existing lease, then the server will look in the list of address
307 pools for the network segment to which the client is attached for a
308 lease that is not in use and that the client is permitted to have. It
309 looks through each pool declaration in sequence (all range declarations
310 that appear outside of pool declarations are grouped into a single pool
311 with no permit list). If the permit list for the pool allows the
312 client to be allocated an address from that pool, the pool is examined
313 to see if there is an address available. If so, then the client is
314 tentatively assigned that address. Otherwise, the next pool is tested.
315 If no addresses are found that can be assigned to the client, no
316 response is sent to the client.
317
318 If an address is found that the client is permitted to have, and that
319 has never been assigned to any client before, the address is immedi‐
320 ately allocated to the client. If the address is available for alloca‐
321 tion but has been previously assigned to a different client, the server
322 will keep looking in hopes of finding an address that has never before
323 been assigned to a client.
324
325 The DHCP server generates the list of available IP addresses from a
326 hash table. This means that the addresses are not sorted in any par‐
327 ticular order, and so it is not possible to predict the order in which
328 the DHCP server will allocate IP addresses. Users of previous versions
329 of the ISC DHCP server may have become accustomed to the DHCP server
330 allocating IP addresses in ascending order, but this is no longer pos‐
331 sible, and there is no way to configure this behavior with version 3 of
332 the ISC DHCP server.
333
335 The DHCP server checks IP addresses to see if they are in use before
336 allocating them to clients. It does this by sending an ICMP Echo
337 request message to the IP address being allocated. If no ICMP Echo
338 reply is received within a second, the address is assumed to be free.
339 This is only done for leases that have been specified in range state‐
340 ments, and only when the lease is thought by the DHCP server to be free
341 - i.e., the DHCP server or its failover peer has not listed the lease
342 as in use.
343
344 If a response is received to an ICMP Echo request, the DHCP server
345 assumes that there is a configuration error - the IP address is in use
346 by some host on the network that is not a DHCP client. It marks the
347 address as abandoned, and will not assign it to clients.
348
349 If a DHCP client tries to get an IP address, but none are available,
350 but there are abandoned IP addresses, then the DHCP server will attempt
351 to reclaim an abandoned IP address. It marks one IP address as free,
352 and then does the same ICMP Echo request check described previously.
353 If there is no answer to the ICMP Echo request, the address is assigned
354 to the client.
355
356 The DHCP server does not cycle through abandoned IP addresses if the
357 first IP address it tries to reclaim is free. Rather, when the next
358 DHCPDISCOVER comes in from the client, it will attempt a new allocation
359 using the same method described here, and will typically try a new IP
360 address.
361
363 This version of the ISC DHCP server supports the DHCP failover protocol
364 as documented in draft-ietf-dhc-failover-12.txt. This is not a final
365 protocol document, and we have not done interoperability testing with
366 other vendors' implementations of this protocol, so you must not assume
367 that this implementation conforms to the standard. If you wish to use
368 the failover protocol, make sure that both failover peers are running
369 the same version of the ISC DHCP server.
370
371 The failover protocol allows two DHCP servers (and no more than two) to
372 share a common address pool. Each server will have about half of the
373 available IP addresses in the pool at any given time for allocation.
374 If one server fails, the other server will continue to renew leases out
375 of the pool, and will allocate new addresses out of the roughly half of
376 available addresses that it had when communications with the other
377 server were lost.
378
379 It is possible during a prolonged failure to tell the remaining server
380 that the other server is down, in which case the remaining server will
381 (over time) reclaim all the addresses the other server had available
382 for allocation, and begin to reuse them. This is called putting the
383 server into the PARTNER-DOWN state.
384
385 You can put the server into the PARTNER-DOWN state either by using the
386 omshell (1) command or by stopping the server, editing the last
387 failover state declaration in the lease file, and restarting the
388 server. If you use this last method, change the "my state" line to:
389
390 failover peer name state {
391 my state partner-down;
392 peer state state at date;
393 }
394
395 It is only required to change "my state" as shown above.
396
397 When the other server comes back online, it should automatically detect
398 that it has been offline and request a complete update from the server
399 that was running in the PARTNER-DOWN state, and then both servers will
400 resume processing together.
401
402 It is possible to get into a dangerous situation: if you put one server
403 into the PARTNER-DOWN state, and then *that* server goes down, and the
404 other server comes back up, the other server will not know that the
405 first server was in the PARTNER-DOWN state, and may issue addresses
406 previously issued by the other server to different clients, resulting
407 in IP address conflicts. Before putting a server into PARTNER-DOWN
408 state, therefore, make sure that the other server will not restart
409 automatically.
410
411 The failover protocol defines a primary server role and a secondary
412 server role. There are some differences in how primaries and secon‐
413 daries act, but most of the differences simply have to do with provid‐
414 ing a way for each peer to behave in the opposite way from the other.
415 So one server must be configured as primary, and the other must be con‐
416 figured as secondary, and it doesn't matter too much which one is
417 which.
418
420 When a server starts that has not previously communicated with its
421 failover peer, it must establish communications with its failover peer
422 and synchronize with it before it can serve clients. This can happen
423 either because you have just configured your DHCP servers to perform
424 failover for the first time, or because one of your failover servers
425 has failed catastrophically and lost its database.
426
427 The initial recovery process is designed to ensure that when one
428 failover peer loses its database and then resynchronizes, any leases
429 that the failed server gave out before it failed will be honored. When
430 the failed server starts up, it notices that it has no saved failover
431 state, and attempts to contact its peer.
432
433 When it has established contact, it asks the peer for a complete copy
434 its peer's lease database. The peer then sends its complete database,
435 and sends a message indicating that it is done. The failed server then
436 waits until MCLT has passed, and once MCLT has passed both servers make
437 the transition back into normal operation. This waiting period ensures
438 that any leases the failed server may have given out while out of con‐
439 tact with its partner will have expired.
440
441 While the failed server is recovering, its partner remains in the part‐
442 ner-down state, which means that it is serving all clients. The failed
443 server provides no service at all to DHCP clients until it has made the
444 transition into normal operation.
445
446 In the case where both servers detect that they have never before com‐
447 municated with their partner, they both come up in this recovery state
448 and follow the procedure we have just described. In this case, no ser‐
449 vice will be provided to DHCP clients until MCLT has expired.
450
452 In order to configure failover, you need to write a peer declaration
453 that configures the failover protocol, and you need to write peer ref‐
454 erences in each pool declaration for which you want to do failover.
455 You do not have to do failover for all pools on a given network seg‐
456 ment. You must not tell one server it's doing failover on a particu‐
457 lar address pool and tell the other it is not. You must not have any
458 common address pools on which you are not doing failover. A pool dec‐
459 laration that utilizes failover would look like this:
460
461 pool {
462 failover peer "foo";
463 pool specific parameters
464 };
465
466 Dynamic BOOTP leases are not compatible with failover, and, as such,
467 you need to disallow BOOTP in pools that you are using failover for.
468
469 The server currently does very little sanity checking, so if you
470 configure it wrong, it will just fail in odd ways. I would recommend
471 therefore that you either do failover or don't do failover, but don't
472 do any mixed pools. Also, use the same master configuration file for
473 both servers, and have a separate file that contains the peer
474 declaration and includes the master file. This will help you to avoid
475 configuration mismatches. As our implementation evolves, this will
476 become less of a problem. A basic sample dhcpd.conf file for a
477 primary server might look like this:
478
479 failover peer "foo" {
480 primary;
481 address anthrax.rc.vix.com;
482 port 647;
483 peer address trantor.rc.vix.com;
484 peer port 847;
485 max-response-delay 60;
486 max-unacked-updates 10;
487 mclt 3600;
488 split 128;
489 load balance max seconds 3;
490 }
491
492 include "/etc/dhcpd.master";
493
494 The statements in the peer declaration are as follows:
495
496 The primary and secondary statements
497
498 [ primary | secondary ];
499
500 This determines whether the server is primary or secondary, as
501 described earlier under DHCP FAILOVER.
502
503 The address statement
504
505 address address;
506
507 The address statement declares the IP address or DNS name on which
508 the server should listen for connections from its failover peer, and
509 also the value to use for the DHCP Failover Protocol server identi‐
510 fier. Because this value is used as an identifier, it may not be
511 omitted.
512
513 The peer address statement
514
515 peer address address;
516
517 The peer address statement declares the IP address or DNS name to
518 which the server should connect to reach its failover peer for
519 failover messages.
520
521 The port statement
522
523 port port-number;
524
525 The port statement declares the TCP port on which the server should
526 listen for connections from its failover peer. This statement may be
527 omitted, in which case the IANA assigned port number 647 will be used
528 by default.
529
530 The peer port statement
531
532 peer port port-number;
533
534 The peer port statement declares the TCP port to which the server
535 should connect to reach its failover peer for failover messages.
536 This statement may be omitted, in which case the IANA assigned port
537 number 647 will be used by default.
538
539 The max-response-delay statement
540
541 max-response-delay seconds;
542
543 The max-response-delay statement tells the DHCP server how many sec‐
544 onds may pass without receiving a message from its failover peer
545 before it assumes that connection has failed. This number should be
546 small enough that a transient network failure that breaks the connec‐
547 tion will not result in the servers being out of communication for a
548 long time, but large enough that the server isn't constantly making
549 and breaking connections. This parameter must be specified.
550
551 The max-unacked-updates statement
552
553 max-unacked-updates count;
554
555 The max-unacked-updates statement tells the remote DHCP server how
556 many BNDUPD messages it can send before it receives a BNDACK from the
557 local system. We don't have enough operational experience to say
558 what a good value for this is, but 10 seems to work. This parameter
559 must be specified.
560
561 The mclt statement
562
563 mclt seconds;
564
565 The mclt statement defines the Maximum Client Lead Time. It must be
566 specified on the primary, and may not be specified on the secondary.
567 This is the length of time for which a lease may be renewed by either
568 failover peer without contacting the other. The longer you set this,
569 the longer it will take for the running server to recover IP
570 addresses after moving into PARTNER-DOWN state. The shorter you set
571 it, the more load your servers will experience when they are not com‐
572 municating. A value of something like 3600 is probably reasonable,
573 but again bear in mind that we have no real operational experience
574 with this.
575
576 The split statement
577
578 split index;
579
580 The split statement specifies the split between the primary and sec‐
581 ondary for the purposes of load balancing. Whenever a client makes a
582 DHCP request, the DHCP server runs a hash on the client identifica‐
583 tion, resulting in value from 0 to 255. This is used as an index
584 into a 256 bit field. If the bit at that index is set, the primary
585 is responsible. If the bit at that index is not set, the secondary
586 is responsible. The split value determines how many of the leading
587 bits are set to one. So, in practice, higher split values will cause
588 the primary to serve more clients than the secondary. Lower split
589 values, the converse. Legal values are between 0 and 255, of which
590 the most reasonable is 128.
591
592 The hba statement
593
594 hba colon-separated-hex-list;
595
596 The hba statement specifies the split between the primary and sec‐
597 ondary as a bitmap rather than a cutoff, which theoretically allows
598 for finer-grained control. In practice, there is probably no need
599 for such fine-grained control, however. An example hba statement:
600
601 hba ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
602 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00;
603
604 This is equivalent to a split 128; statement, and identical. The
605 following two examples are also equivalent to a split of 128, but are
606 not identical:
607
608 hba aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:
609 aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa;
610
611 hba 55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:
612 55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55;
613
614 They are equivalent, because half the bits are set to 0, half are set
615 to 1 (0xa and 0x5 are 1010 and 0101 binary respectively) and conse‐
616 quently this would roughly divide the clients equally between the
617 servers. They are not identical, because the actual peers this would
618 load balance to each server are different for each example.
619
620 You must only have split or hba defined, never both. For most cases,
621 the fine-grained control that hba offers isn't necessary, and split
622 should be used.
623
624 The load balance max seconds statement
625
626 load balance max seconds seconds;
627
628 This statement allows you to configure a cutoff after which load bal‐
629 ancing is disabled. The cutoff is based on the number of seconds
630 since the client sent its first DHCPDISCOVER or DHCPREQUEST message,
631 and only works with clients that correctly implement the secs field -
632 fortunately most clients do. We recommend setting this to something
633 like 3 or 5. The effect of this is that if one of the failover peers
634 gets into a state where it is responding to failover messages but not
635 responding to some client requests, the other failover peer will take
636 over its client load automatically as the clients retry.
637
638 The auto-partner-down statement
639
640 auto-partner-down seconds;
641
642 This statement instructs the server to initiate a timed delay upon
643 entering the communications-interrupted state (any situation of being
644 out-of-contact with the remote failover peer). At the conclusion of
645 the timer, the server will automatically enter the partner-down
646 state. This permits the server to allocate leases from the partner's
647 free lease pool after an STOS+MCLT timer expires, which can be dan‐
648 gerous if the partner is in fact operating at the time (the two
649 servers will give conflicting bindings).
650
651 Think very carefully before enabling this feature. The partner-down
652 and communications-interrupted states are intentionally segregated
653 because there do exist situations where a failover server can fail to
654 communicate with its peer, but still has the ability to receive and
655 reply to requests from DHCP clients. In general, this feature should
656 only be used in those deployments where the failover servers are
657 directly connected to one another, such as by a dedicated hardwired
658 link ("a heartbeat cable").
659
660 A zero value disables the auto-partner-down feature (also the
661 default), and any positive value indicates the time in seconds to
662 wait before automatically entering partner-down.
663
664 The Failover pool balance statements.
665
666 max-lease-misbalance percentage;
667 max-lease-ownership percentage;
668 min-balance seconds;
669 max-balance seconds;
670
671 This version of the DHCP Server evaluates pool balance on a schedule,
672 rather than on demand as leases are allocated. The latter approach
673 proved to be slightly klunky when pool misbalanced reach total satu‐
674 ration...when any server ran out of leases to assign, it also lost
675 its ability to notice it had run dry.
676
677 In order to understand pool balance, some elements of its operation
678 first need to be defined. First, there are ´free´ and ´backup´
679 leases. Both of these are referred to as ´free state leases´.
680 ´free´ and ´backup´ are ´the free states´ for the purpose of this
681 document. The difference is that only the primary may allocate from
682 ´free´ leases unless under special circumstances, and only the sec‐
683 ondary may allocate ´backup´ leases.
684
685 When pool balance is performed, the only plausible expectation is to
686 provide a 50/50 split of the free state leases between the two
687 servers. This is because no one can predict which server will fail,
688 regardless of the relative load placed upon the two servers, so giv‐
689 ing each server half the leases gives both servers the same amount of
690 ´failure endurance´. Therefore, there is no way to configure any
691 different behaviour, outside of some very small windows we will
692 describe shortly.
693
694 The first thing calculated on any pool balance run is a value
695 referred to as ´lts´, or "Leases To Send". This, simply, is the dif‐
696 ference in the count of free and backup leases, divided by two. For
697 the secondary, it is the difference in the backup and free leases,
698 divided by two. The resulting value is signed: if it is positive,
699 the local server is expected to hand out leases to retain a 50/50
700 balance. If it is negative, the remote server would need to send
701 leases to balance the pool. Once the lts value reaches zero, the
702 pool is perfectly balanced (give or take one lease in the case of an
703 odd number of total free state leases).
704
705 The current approach is still something of a hybrid of the old
706 approach, marked by the presence of the max-lease-misbalance state‐
707 ment. This parameter configures what used to be a 10% fixed value in
708 previous versions: if lts is less than free+backup * max-lease-mis‐
709 balance percent, then the server will skip balancing a given pool (it
710 won't bother moving any leases, even if some leases "should" be
711 moved). The meaning of this value is also somewhat overloaded, how‐
712 ever, in that it also governs the estimation of when to attempt to
713 balance the pool (which may then also be skipped over). The oldest
714 leases in the free and backup states are examined. The time they
715 have resided in their respective queues is used as an estimate to
716 indicate how much time it is probable it would take before the leases
717 at the top of the list would be consumed (and thus, how long it would
718 take to use all leases in that state). This percentage is directly
719 multiplied by this time, and fit into the schedule if it falls within
720 the min-balance and max-balance configured values. The scheduled
721 pool check time is only moved in a downwards direction, it is never
722 increased. Lastly, if the lts is more than double this number in the
723 negative direction, the local server will ´panic´ and transmit a
724 Failover protocol POOLREQ message, in the hopes that the remote sys‐
725 tem will be woken up into action.
726
727 Once the lts value exceeds the max-lease-misbalance percentage of
728 total free state leases as described above, leases are moved to the
729 remote server. This is done in two passes.
730
731 In the first pass, only leases whose most recent bound client would
732 have been served by the remote server - according to the Load Balance
733 Algorithm (see above split and hba configuration statements) - are
734 given away to the peer. This first pass will happily continue to
735 give away leases, decrementing the lts value by one for each, until
736 the lts value has reached the negative of the total number of leases
737 multiplied by the max-lease-ownership percentage. So it is through
738 this value that you can permit a small misbalance of the lease pools
739 - for the purpose of giving the peer more than a 50/50 share of
740 leases in the hopes that their clients might some day return and be
741 allocated by the peer (operating normally). This process is referred
742 to as ´MAC Address Affinity´, but this is somewhat misnamed: it
743 applies equally to DHCP Client Identifier options. Note also that
744 affinity is applied to leases when they enter the state ´free´ from
745 ´expired´ or ´released´. In this case also, leases will not be moved
746 from free to backup if the secondary already has more than its share.
747
748 The second pass is only entered into if the first pass fails to
749 reduce the lts underneath the total number of free state leases mul‐
750 tiplied by the max-lease-ownership percentage. In this pass, the
751 oldest leases are given over to the peer without second thought about
752 the Load Balance Algorithm, and this continues until the lts falls
753 under this value. In this way, the local server will also happily
754 keep a small percentage of the leases that would normally load bal‐
755 ance to itself.
756
757 So, the max-lease-misbalance value acts as a behavioural gate.
758 Smaller values will cause more leases to transition states to balance
759 the pools over time, higher values will decrease the amount of change
760 (but may lead to pool starvation if there's a run on leases).
761
762 The max-lease-ownership value permits a small (percentage) skew in
763 the lease balance of a percentage of the total number of free state
764 leases.
765
766 Finally, the min-balance and max-balance make certain that a sched‐
767 uled rebalance event happens within a reasonable timeframe (not to be
768 thrown off by, for example, a 7 year old free lease).
769
770 Plausible values for the percentages lie between 0 and 100, inclu‐
771 sive, but values over 50 are indistinguishable from one another (once
772 lts exceeds 50% of the free state leases, one server must therefore
773 have 100% of the leases in its respective free state). It is recom‐
774 mended to select a max-lease-ownership value that is lower than the
775 value selected for the max-lease-misbalance value. max-lease-owner‐
776 ship defaults to 10, and max-lease-misbalance defaults to 15.
777
778 Plausible values for the min-balance and max-balance times also range
779 from 0 to (2^32)-1 (or the limit of your local time_t value), but
780 default to values 60 and 3600 respectively (to place balance events
781 between 1 minute and 1 hour).
782
784 Clients can be separated into classes, and treated differently depend‐
785 ing on what class they are in. This separation can be done either with
786 a conditional statement, or with a match statement within the class
787 declaration. It is possible to specify a limit on the total number of
788 clients within a particular class or subclass that may hold leases at
789 one time, and it is possible to specify automatic subclassing based on
790 the contents of the client packet.
791
792 To add clients to classes based on conditional evaluation, you can
793 specify a matching expression in the class statement:
794
795 class "ras-clients" {
796 match if substring (option dhcp-client-identifier, 1, 3) = "RAS";
797 }
798
799 Note that whether you use matching expressions or add statements (or
800 both) to classify clients, you must always write a class declaration
801 for any class that you use. If there will be no match statement and no
802 in-scope statements for a class, the declaration should look like this:
803
804 class "ras-clients" {
805 }
806
808 In addition to classes, it is possible to declare subclasses. A sub‐
809 class is a class with the same name as a regular class, but with a spe‐
810 cific submatch expression which is hashed for quick matching. This is
811 essentially a speed hack - the main difference between five classes
812 with match expressions and one class with five subclasses is that it
813 will be quicker to find the subclasses. Subclasses work as follows:
814
815 class "allocation-class-1" {
816 match pick-first-value (option dhcp-client-identifier, hardware);
817 }
818
819 class "allocation-class-2" {
820 match pick-first-value (option dhcp-client-identifier, hardware);
821 }
822
823 subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
824 subclass "allocation-class-2" 1:8:0:2b:a9:cc:e3;
825 subclass "allocation-class-1" 1:0:0:c4:aa:29:44;
826
827 subnet 10.0.0.0 netmask 255.255.255.0 {
828 pool {
829 allow members of "allocation-class-1";
830 range 10.0.0.11 10.0.0.50;
831 }
832 pool {
833 allow members of "allocation-class-2";
834 range 10.0.0.51 10.0.0.100;
835 }
836 }
837
838 The data following the class name in the subclass declaration is a con‐
839 stant value to use in matching the match expression for the class.
840 When class matching is done, the server will evaluate the match expres‐
841 sion and then look the result up in the hash table. If it finds a
842 match, the client is considered a member of both the class and the sub‐
843 class.
844
845 Subclasses can be declared with or without scope. In the above exam‐
846 ple, the sole purpose of the subclass is to allow some clients access
847 to one address pool, while other clients are given access to the other
848 pool, so these subclasses are declared without scopes. If part of the
849 purpose of the subclass were to define different parameter values for
850 some clients, you might want to declare some subclasses with scopes.
851
852 In the above example, if you had a single client that needed some con‐
853 figuration parameters, while most didn't, you might write the following
854 subclass declaration for that client:
855
856 subclass "allocation-class-2" 1:08:00:2b:a1:11:31 {
857 option root-path "samsara:/var/diskless/alphapc";
858 filename "/tftpboot/netbsd.alphapc-diskless";
859 }
860
861 In this example, we've used subclassing as a way to control address
862 allocation on a per-client basis. However, it's also possible to use
863 subclassing in ways that are not specific to clients - for example, to
864 use the value of the vendor-class-identifier option to determine what
865 values to send in the vendor-encapsulated-options option. An example
866 of this is shown under the VENDOR ENCAPSULATED OPTIONS head in the
867 dhcp-options(5) manual page.
868
870 You may specify a limit to the number of clients in a class that can be
871 assigned leases. The effect of this will be to make it difficult for a
872 new client in a class to get an address. Once a class with such a
873 limit has reached its limit, the only way a new client in that class
874 can get a lease is for an existing client to relinquish its lease,
875 either by letting it expire, or by sending a DHCPRELEASE packet.
876 Classes with lease limits are specified as follows:
877
878 class "limited-1" {
879 lease limit 4;
880 }
881
882 This will produce a class in which a maximum of four members may hold a
883 lease at one time.
884
886 It is possible to declare a spawning class. A spawning class is a
887 class that automatically produces subclasses based on what the client
888 sends. The reason that spawning classes were created was to make it
889 possible to create lease-limited classes on the fly. The envisioned
890 application is a cable-modem environment where the ISP wishes to pro‐
891 vide clients at a particular site with more than one IP address, but
892 does not wish to provide such clients with their own subnet, nor give
893 them an unlimited number of IP addresses from the network segment to
894 which they are connected.
895
896 Many cable modem head-end systems can be configured to add a Relay
897 Agent Information option to DHCP packets when relaying them to the DHCP
898 server. These systems typically add a circuit ID or remote ID option
899 that uniquely identifies the customer site. To take advantage of this,
900 you can write a class declaration as follows:
901
902 class "customer" {
903 spawn with option agent.circuit-id;
904 lease limit 4;
905 }
906
907 Now whenever a request comes in from a customer site, the circuit ID
908 option will be checked against the class's hash table. If a subclass
909 is found that matches the circuit ID, the client will be classified in
910 that subclass and treated accordingly. If no subclass is found match‐
911 ing the circuit ID, a new one will be created and logged in the
912 dhcpd.leases file, and the client will be classified in this new class.
913 Once the client has been classified, it will be treated according to
914 the rules of the class, including, in this case, being subject to the
915 per-site limit of four leases.
916
917 The use of the subclass spawning mechanism is not restricted to relay
918 agent options - this particular example is given only because it is a
919 fairly straightforward one.
920
922 In some cases, it may be useful to use one expression to assign a
923 client to a particular class, and a second expression to put it into a
924 subclass of that class. This can be done by combining the match if and
925 spawn with statements, or the match if and match statements. For exam‐
926 ple:
927
928 class "jr-cable-modems" {
929 match if option dhcp-vendor-identifier = "jrcm";
930 spawn with option agent.circuit-id;
931 lease limit 4;
932 }
933
934 class "dv-dsl-modems" {
935 match if option dhcp-vendor-identifier = "dvdsl";
936 spawn with option agent.circuit-id;
937 lease limit 16;
938 }
939
940 This allows you to have two classes that both have the same spawn with
941 expression without getting the clients in the two classes confused with
942 each other.
943
945 The DHCP server has the ability to dynamically update the Domain Name
946 System. Within the configuration files, you can define how you want
947 the Domain Name System to be updated. These updates are RFC 2136 com‐
948 pliant so any DNS server supporting RFC 2136 should be able to accept
949 updates from the DHCP server.
950
951 There are two DNS schemes implemented. The interim option is based on
952 draft revisions of the DDNS documents while the standard option is
953 based on the RFCs for DHCP-DNS interaction and DHCIDs. A third option,
954 ad-hoc, was deprecated and has now been removed from the code base.
955 The DHCP server must be configured to use one of the two currently-sup‐
956 ported methods, or not to do DNS updates.
957
958 New installations should use the standard option. Older installations
959 may want to continue using the interim option for backwards compatibil‐
960 ity with the DNS database until the database can be updated. This can
961 be done with the ddns-update-style configuration parameter.
962
964 the interim and standard DNS update schemes operate mostly according to
965 work from the IETF. The interim version was based on the drafts in
966 progress at the time while the standard is based on the completed RFCs.
967 The standard RFCs are:
968
969 RFC 4701 (updated by RF5494)
970 RFC 4702
971 RFC 4703
972
973 And the corresponding drafts were:
974
975 draft-ietf-dnsext-dhcid-rr-??.txt
976 draft-ietf-dhc-fqdn-option-??.txt
977 draft-ietf-dhc-ddns-resolution-??.txt
978
979 The basic framework for the two schemes is similar with the main mate‐
980 rial difference being that a DHCID RR is used in the standard version
981 while the interim versions uses a TXT RR. The format of the TXT record
982 bears a resemblance to the DHCID RR but it is not equivalent (MD5 vs
983 SHA2, field length differences etc).
984
985 In these two schemes the DHCP server does not necessarily always update
986 both the A and the PTR records. The FQDN option includes a flag which,
987 when sent by the client, indicates that the client wishes to update its
988 own A record. In that case, the server can be configured either to
989 honor the client´s intentions or ignore them. This is done with the
990 statement allow client-updates; or the statement ignore client-
991 updates;. By default, client updates are allowed.
992
993 If the server is configured to allow client updates, then if the client
994 sends a fully-qualified domain name in the FQDN option, the server will
995 use that name the client sent in the FQDN option to update the PTR
996 record. For example, let us say that the client is a visitor from the
997 "radish.org" domain, whose hostname is "jschmoe". The server is for
998 the "example.org" domain. The DHCP client indicates in the FQDN option
999 that its FQDN is "jschmoe.radish.org.". It also indicates that it
1000 wants to update its own A record. The DHCP server therefore does not
1001 attempt to set up an A record for the client, but does set up a PTR
1002 record for the IP address that it assigns the client, pointing at
1003 jschmoe.radish.org. Once the DHCP client has an IP address, it can
1004 update its own A record, assuming that the "radish.org" DNS server will
1005 allow it to do so.
1006
1007 If the server is configured not to allow client updates, or if the
1008 client doesn´t want to do its own update, the server will simply choose
1009 a name for the client from either the fqdn option (if present) or the
1010 hostname option (if present). It will use its own domain name for the
1011 client. It will then update both the A and PTR record, using the name
1012 that it chose for the client. If the client sends a fully-qualified
1013 domain name in the fqdn option, the server uses only the leftmost part
1014 of the domain name - in the example above, "jschmoe" instead of
1015 "jschmoe.radish.org".
1016
1017 Further, if the ignore client-updates; directive is used, then the
1018 server will in addition send a response in the DHCP packet, using the
1019 FQDN Option, that implies to the client that it should perform its own
1020 updates if it chooses to do so. With deny client-updates;, a response
1021 is sent which indicates the client may not perform updates.
1022
1023 Also, if the use-host-decl-names configuration option is enabled, then
1024 the host declaration´s hostname will be used in place of the hostname
1025 option, and the same rules will apply as described above.
1026
1027 Both the standard and interim options also include a method to allow
1028 more than one DHCP server to update the DNS database without acciden‐
1029 tally deleting A records that shouldn´t be deleted nor failing to add A
1030 records that should be added. For the standard option the method works
1031 as follows:
1032
1033 When the DHCP server issues a client a new lease, it creates a text
1034 string that is an SHA hash over the DHCP client´s identification (see
1035 RFCs 4701 & 4702 for details). The update attempts to add an A record
1036 with the name the server chose and a DHCID record containing the hashed
1037 identifier string (hashid). If this update succeeds, the server is
1038 done.
1039
1040 If the update fails because the A record already exists, then the DHCP
1041 server attempts to add the A record with the prerequisite that there
1042 must be a DHCID record in the same name as the new A record, and that
1043 DHCID record´s contents must be equal to hashid. If this update suc‐
1044 ceeds, then the client has its A record and PTR record. If it fails,
1045 then the name the client has been assigned (or requested) is in use,
1046 and can´t be used by the client. At this point the DHCP server gives
1047 up trying to do a DNS update for the client until the client chooses a
1048 new name.
1049
1050 The server also does not update very aggressively. Because each DNS
1051 update involves a round trip to the DNS server, there is a cost associ‐
1052 ated with doing updates even if they do not actually modify the DNS
1053 database. So the DHCP server tracks whether or not it has updated the
1054 record in the past (this information is stored on the lease) and does
1055 not attempt to update records that it thinks it has already updated.
1056
1057 This can lead to cases where the DHCP server adds a record, and then
1058 the record is deleted through some other mechanism, but the server
1059 never again updates the DNS because it thinks the data is already
1060 there. In this case the data can be removed from the lease through
1061 operator intervention, and once this has been done, the DNS will be
1062 updated the next time the client renews.
1063
1064 The interim DNS update scheme was written before the RFCs were final‐
1065 ized and does not quite follow them. The RFCs call for a new DHCID
1066 RRtype while he interim DNS update scheme uses a TXT record. In addi‐
1067 tion the ddns-resolution draft called for the DHCP server to put a
1068 DHCID RR on the PTR record, but the interim update method does not do
1069 this. In the final RFC this requirement was relaxed such that a server
1070 may add a DHCID RR to the PTR record.
1071
1073 When you set your DNS server up to allow updates from the DHCP server,
1074 you may be exposing it to unauthorized updates. To avoid this, you
1075 should use TSIG signatures - a method of cryptographically signing
1076 updates using a shared secret key. As long as you protect the secrecy
1077 of this key, your updates should also be secure. Note, however, that
1078 the DHCP protocol itself provides no security, and that clients can
1079 therefore provide information to the DHCP server which the DHCP server
1080 will then use in its updates, with the constraints described previ‐
1081 ously.
1082
1083 The DNS server must be configured to allow updates for any zone that
1084 the DHCP server will be updating. For example, let us say that clients
1085 in the sneedville.edu domain will be assigned addresses on the
1086 10.10.17.0/24 subnet. In that case, you will need a key declaration
1087 for the TSIG key you will be using, and also two zone declarations -
1088 one for the zone containing A records that will be updates and one for
1089 the zone containing PTR records - for ISC BIND, something like this:
1090
1091 key DHCP_UPDATER {
1092 algorithm hmac-md5;
1093 secret pRP5FapFoJ95JEL06sv4PQ==;
1094 };
1095
1096 zone "example.org" {
1097 type master;
1098 file "example.org.db";
1099 allow-update { key DHCP_UPDATER; };
1100 };
1101
1102 zone "17.10.10.in-addr.arpa" {
1103 type master;
1104 file "10.10.17.db";
1105 allow-update { key DHCP_UPDATER; };
1106 };
1107
1108 You will also have to configure your DHCP server to do updates to these
1109 zones. To do so, you need to add something like this to your
1110 dhcpd.conf file:
1111
1112 key DHCP_UPDATER {
1113 algorithm hmac-md5;
1114 secret pRP5FapFoJ95JEL06sv4PQ==;
1115 };
1116
1117 zone EXAMPLE.ORG. {
1118 primary 127.0.0.1;
1119 key DHCP_UPDATER;
1120 }
1121
1122 zone 17.127.10.in-addr.arpa. {
1123 primary 127.0.0.1;
1124 key DHCP_UPDATER;
1125 }
1126
1127 The primary statement specifies the IP address of the name server whose
1128 zone information is to be updated. In addition to the primary state‐
1129 ment there are also the primary6 , secondary and secondary6 statements.
1130 The primary6 statement specifies an IPv6 address for the name server.
1131 The secondaries provide for additional addresses for name servers to be
1132 used if the primary does not respond. The number of name servers the
1133 DDNS code will attempt to use before giving up is limited and is cur‐
1134 rently set to three.
1135
1136 Note that the zone declarations have to correspond to authority records
1137 in your name server - in the above example, there must be an SOA record
1138 for "example.org." and for "17.10.10.in-addr.arpa.". For example, if
1139 there were a subdomain "foo.example.org" with no separate SOA, you
1140 could not write a zone declaration for "foo.example.org." Also keep in
1141 mind that zone names in your DHCP configuration should end in a ".";
1142 this is the preferred syntax. If you do not end your zone name in a
1143 ".", the DHCP server will figure it out. Also note that in the DHCP
1144 configuration, zone names are not encapsulated in quotes where there
1145 are in the DNS configuration.
1146
1147 You should choose your own secret key, of course. The ISC BIND 9 dis‐
1148 tribution comes with a program for generating secret keys called
1149 dnssec-keygen. If you are using BIND 9´s dnssec-keygen, the above key
1150 would be created as follows:
1151
1152 dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
1153
1154 The key name, algorithm, and secret must match that being used by the
1155 DNS server. The DHCP server currently supports the following algo‐
1156 rithms:
1157
1158 HMAC-MD5
1159 HMAC-SHA1
1160 HMAC-SHA224
1161 HMAC-SHA256
1162 HMAC-SHA384
1163 HMAC-SHA512
1164
1165 You may wish to enable logging of DNS updates on your DNS server. To
1166 do so, you might write a logging statement like the following:
1167
1168 logging {
1169 channel update_debug {
1170 file "/var/log/update-debug.log";
1171 severity debug 3;
1172 print-category yes;
1173 print-severity yes;
1174 print-time yes;
1175 };
1176 channel security_info {
1177 file "/var/log/named-auth.info";
1178 severity info;
1179 print-category yes;
1180 print-severity yes;
1181 print-time yes;
1182 };
1183
1184 category update { update_debug; };
1185 category security { security_info; };
1186 };
1187
1188 You must create the /var/log/named-auth.info and /var/log/update-
1189 debug.log files before starting the name server. For more information
1190 on configuring ISC BIND, consult the documentation that accompanies it.
1191
1193 There are three kinds of events that can happen regarding a lease, and
1194 it is possible to declare statements that occur when any of these
1195 events happen. These events are the commit event, when the server has
1196 made a commitment of a certain lease to a client, the release event,
1197 when the client has released the server from its commitment, and the
1198 expiry event, when the commitment expires.
1199
1200 To declare a set of statements to execute when an event happens, you
1201 must use the on statement, followed by the name of the event, followed
1202 by a series of statements to execute when the event happens, enclosed
1203 in braces.
1204
1206 The include statement
1207
1208 include "filename";
1209
1210 The include statement is used to read in a named file, and process the
1211 contents of that file as though it were entered in place of the include
1212 statement.
1213
1214 The shared-network statement
1215
1216 shared-network name {
1217 [ parameters ]
1218 [ declarations ]
1219 }
1220
1221 The shared-network statement is used to inform the DHCP server that
1222 some IP subnets actually share the same physical network. Any subnets
1223 in a shared network should be declared within a shared-network state‐
1224 ment. Parameters specified in the shared-network statement will be
1225 used when booting clients on those subnets unless parameters provided
1226 at the subnet or host level override them. If any subnet in a shared
1227 network has addresses available for dynamic allocation, those addresses
1228 are collected into a common pool for that shared network and assigned
1229 to clients as needed. There is no way to distinguish on which subnet
1230 of a shared network a client should boot.
1231
1232 Name should be the name of the shared network. This name is used when
1233 printing debugging messages, so it should be descriptive for the shared
1234 network. The name may have the syntax of a valid domain name (although
1235 it will never be used as such), or it may be any arbitrary name,
1236 enclosed in quotes.
1237
1238 The subnet statement
1239
1240 subnet subnet-number netmask netmask {
1241 [ parameters ]
1242 [ declarations ]
1243 }
1244
1245 The subnet statement is used to provide dhcpd with enough information
1246 to tell whether or not an IP address is on that subnet. It may also be
1247 used to provide subnet-specific parameters and to specify what
1248 addresses may be dynamically allocated to clients booting on that sub‐
1249 net. Such addresses are specified using the range declaration.
1250
1251 The subnet-number should be an IP address or domain name which resolves
1252 to the subnet number of the subnet being described. The netmask should
1253 be an IP address or domain name which resolves to the subnet mask of
1254 the subnet being described. The subnet number, together with the net‐
1255 mask, are sufficient to determine whether any given IP address is on
1256 the specified subnet.
1257
1258 Although a netmask must be given with every subnet declaration, it is
1259 recommended that if there is any variance in subnet masks at a site, a
1260 subnet-mask option statement be used in each subnet declaration to set
1261 the desired subnet mask, since any subnet-mask option statement will
1262 override the subnet mask declared in the subnet statement.
1263
1264 The subnet6 statement
1265
1266 subnet6 subnet6-number {
1267 [ parameters ]
1268 [ declarations ]
1269 }
1270
1271 The subnet6 statement is used to provide dhcpd with enough information
1272 to tell whether or not an IPv6 address is on that subnet6. It may also
1273 be used to provide subnet-specific parameters and to specify what
1274 addresses may be dynamically allocated to clients booting on that sub‐
1275 net.
1276
1277 The subnet6-number should be an IPv6 network identifier, specified as
1278 ip6-address/bits.
1279
1280 The range statement
1281
1282 range [ dynamic-bootp ] low-address [ high-address];
1283
1284 For any subnet on which addresses will be assigned dynamically, there
1285 must be at least one range statement. The range statement gives the
1286 lowest and highest IP addresses in a range. All IP addresses in the
1287 range should be in the subnet in which the range statement is declared.
1288 The dynamic-bootp flag may be specified if addresses in the specified
1289 range may be dynamically assigned to BOOTP clients as well as DHCP
1290 clients. When specifying a single address, high-address can be omit‐
1291 ted.
1292
1293 The range6 statement
1294
1295 range6 low-address high-address;
1296 range6 subnet6-number;
1297 range6 subnet6-number temporary;
1298 range6 address temporary;
1299
1300 For any IPv6 subnet6 on which addresses will be assigned dynamically,
1301 there must be at least one range6 statement. The range6 statement can
1302 either be the lowest and highest IPv6 addresses in a range6, or use
1303 CIDR notation, specified as ip6-address/bits. All IP addresses in the
1304 range6 should be in the subnet6 in which the range6 statement is
1305 declared.
1306
1307 The temporary variant makes the prefix (by default on 64 bits) avail‐
1308 able for temporary (RFC 4941) addresses. A new address per prefix in
1309 the shared network is computed at each request with an IA_TA option.
1310 Release and Confirm ignores temporary addresses.
1311
1312 Any IPv6 addresses given to hosts with fixed-address6 are excluded from
1313 the range6, as are IPv6 addresses on the server itself.
1314
1315 The prefix6 statement
1316
1317 prefix6 low-address high-address / bits;
1318
1319 The prefix6 is the range6 equivalent for Prefix Delegation (RFC 3633).
1320 Prefixes of bits length are assigned between low-address and high-
1321 address.
1322
1323 Any IPv6 prefixes given to static entries (hosts) with fixed-prefix6
1324 are excluded from the prefix6.
1325
1326 This statement is currently global but it should have a shared-network
1327 scope.
1328
1329 The host statement
1330
1331 host hostname {
1332 [ parameters ]
1333 [ declarations ]
1334 }
1335
1336 The host declaration provides a scope in which to provide configuration
1337 information about a specific client, and also provides a way to assign
1338 a client a fixed address. The host declaration provides a way for the
1339 DHCP server to identify a DHCP or BOOTP client, and also a way to
1340 assign the client a static IP address.
1341
1342 If it is desirable to be able to boot a DHCP or BOOTP client on more
1343 than one subnet with fixed addresses, more than one address may be
1344 specified in the fixed-address declaration, or more than one host
1345 statement may be specified matching the same client.
1346
1347 If client-specific boot parameters must change based on the network to
1348 which the client is attached, then multiple host declarations should be
1349 used. The host declarations will only match a client if one of their
1350 fixed-address statements is viable on the subnet (or shared network)
1351 where the client is attached. Conversely, for a host declaration to
1352 match a client being allocated a dynamic address, it must not have any
1353 fixed-address statements. You may therefore need a mixture of host
1354 declarations for any given client...some having fixed-address state‐
1355 ments, others without.
1356
1357 hostname should be a name identifying the host. If a hostname option
1358 is not specified for the host, hostname is used.
1359
1360 Host declarations are matched to actual DHCP or BOOTP clients by match‐
1361 ing the dhcp-client-identifier or pxe-client-id options specified in
1362 the host declaration to the one supplied by the client, or, if the host
1363 declaration or the client does not provide a dhcp-client-identifier or
1364 pxe-client-id options, by matching the hardware parameter in the host
1365 declaration to the network hardware address supplied by the client.
1366 BOOTP clients do not normally provide a dhcp-client-identifier, so the
1367 hardware address must be used for all clients that may boot using the
1368 BOOTP protocol.
1369
1370 DHCPv6 servers can use the host-identifier option parameter in the host
1371 declaration, and specify any option with a fixed value to identify
1372 hosts.
1373
1374 Please be aware that only the dhcp-client-identifier and pxe-client-id
1375 options and the hardware address can be used to match a host declara‐
1376 tion, or the host-identifier option parameter for DHCPv6 servers. For
1377 example, it is not possible to match a host declaration to a host-name
1378 option. This is because the host-name option cannot be guaranteed to
1379 be unique for any given client, whereas both the hardware address and
1380 dhcp-client-identifier option are at least theoretically guaranteed to
1381 be unique to a given client.
1382
1383 The group statement
1384
1385 group {
1386 [ parameters ]
1387 [ declarations ]
1388 }
1389
1390 The group statement is used simply to apply one or more parameters to a
1391 group of declarations. It can be used to group hosts, shared networks,
1392 subnets, or even other groups.
1393
1395 The allow and deny statements can be used to control the response of
1396 the DHCP server to various sorts of requests. The allow and deny key‐
1397 words actually have different meanings depending on the context. In a
1398 pool context, these keywords can be used to set up access lists for
1399 address allocation pools. In other contexts, the keywords simply con‐
1400 trol general server behavior with respect to clients based on scope.
1401 In a non-pool context, the ignore keyword can be used in place of the
1402 deny keyword to prevent logging of denied requests.
1403
1405 The following usages of allow and deny will work in any scope, although
1406 it is not recommended that they be used in pool declarations.
1407
1408 The unknown-clients keyword
1409
1410 allow unknown-clients;
1411 deny unknown-clients;
1412 ignore unknown-clients;
1413
1414 The unknown-clients flag is used to tell dhcpd whether or not to dynam‐
1415 ically assign addresses to unknown clients. Dynamic address assignment
1416 to unknown clients is allowed by default. An unknown client is simply
1417 a client that has no host declaration.
1418
1419 The use of this option is now deprecated. If you are trying to
1420 restrict access on your network to known clients, you should use deny
1421 unknown-clients; inside of your address pool, as described under the
1422 heading ALLOW AND DENY WITHIN POOL DECLARATIONS.
1423
1424 The bootp keyword
1425
1426 allow bootp;
1427 deny bootp;
1428 ignore bootp;
1429
1430 The bootp flag is used to tell dhcpd whether or not to respond to bootp
1431 queries. Bootp queries are allowed by default.
1432
1433 The booting keyword
1434
1435 allow booting;
1436 deny booting;
1437 ignore booting;
1438
1439 The booting flag is used to tell dhcpd whether or not to respond to
1440 queries from a particular client. This keyword only has meaning when
1441 it appears in a host declaration. By default, booting is allowed, but
1442 if it is disabled for a particular client, then that client will not be
1443 able to get an address from the DHCP server.
1444
1445 The duplicates keyword
1446
1447 allow duplicates;
1448 deny duplicates;
1449
1450 Host declarations can match client messages based on the DHCP Client
1451 Identifier option or based on the client's network hardware type and
1452 MAC address. If the MAC address is used, the host declaration will
1453 match any client with that MAC address - even clients with different
1454 client identifiers. This doesn't normally happen, but is possible when
1455 one computer has more than one operating system installed on it - for
1456 example, Microsoft Windows and NetBSD or Linux.
1457
1458 The duplicates flag tells the DHCP server that if a request is received
1459 from a client that matches the MAC address of a host declaration, any
1460 other leases matching that MAC address should be discarded by the
1461 server, even if the UID is not the same. This is a violation of the
1462 DHCP protocol, but can prevent clients whose client identifiers change
1463 regularly from holding many leases at the same time. By default,
1464 duplicates are allowed.
1465
1466 The declines keyword
1467
1468 allow declines;
1469 deny declines;
1470 ignore declines;
1471
1472 The DHCPDECLINE message is used by DHCP clients to indicate that the
1473 lease the server has offered is not valid. When the server receives a
1474 DHCPDECLINE for a particular address, it normally abandons that
1475 address, assuming that some unauthorized system is using it. Unfortu‐
1476 nately, a malicious or buggy client can, using DHCPDECLINE messages,
1477 completely exhaust the DHCP server's allocation pool. The server will
1478 reclaim these leases, but while the client is running through the pool,
1479 it may cause serious thrashing in the DNS, and it will also cause the
1480 DHCP server to forget old DHCP client address allocations.
1481
1482 The declines flag tells the DHCP server whether or not to honor DHCPDE‐
1483 CLINE messages. If it is set to deny or ignore in a particular scope,
1484 the DHCP server will not respond to DHCPDECLINE messages.
1485
1486 The client-updates keyword
1487
1488 allow client-updates;
1489 deny client-updates;
1490
1491 The client-updates flag tells the DHCP server whether or not to honor
1492 the client's intention to do its own update of its A record. This is
1493 only relevant when doing interim DNS updates. See the documentation
1494 under the heading THE INTERIM DNS UPDATE SCHEME for details.
1495
1496 The leasequery keyword
1497
1498 allow leasequery;
1499 deny leasequery;
1500
1501 The leasequery flag tells the DHCP server whether or not to answer DHC‐
1502 PLEASEQUERY packets. The answer to a DHCPLEASEQUERY packet includes
1503 information about a specific lease, such as when it was issued and when
1504 it will expire. By default, the server will not respond to these pack‐
1505 ets.
1506
1508 The uses of the allow and deny keywords shown in the previous section
1509 work pretty much the same way whether the client is sending a DHCPDIS‐
1510 COVER or a DHCPREQUEST message - an address will be allocated to the
1511 client (either the old address it's requesting, or a new address) and
1512 then that address will be tested to see if it's okay to let the client
1513 have it. If the client requested it, and it's not okay, the server
1514 will send a DHCPNAK message. Otherwise, the server will simply not
1515 respond to the client. If it is okay to give the address to the
1516 client, the server will send a DHCPACK message.
1517
1518 The primary motivation behind pool declarations is to have address
1519 allocation pools whose allocation policies are different. A client may
1520 be denied access to one pool, but allowed access to another pool on the
1521 same network segment. In order for this to work, access control has to
1522 be done during address allocation, not after address allocation is
1523 done.
1524
1525 When a DHCPREQUEST message is processed, address allocation simply con‐
1526 sists of looking up the address the client is requesting and seeing if
1527 it's still available for the client. If it is, then the DHCP server
1528 checks both the address pool permit lists and the relevant in-scope
1529 allow and deny statements to see if it's okay to give the lease to the
1530 client. In the case of a DHCPDISCOVER message, the allocation process
1531 is done as described previously in the ADDRESS ALLOCATION section.
1532
1533 When declaring permit lists for address allocation pools, the following
1534 syntaxes are recognized following the allow or deny keywords:
1535
1536 known-clients;
1537
1538 If specified, this statement either allows or prevents allocation from
1539 this pool to any client that has a host declaration (i.e., is known).
1540 A client is known if it has a host declaration in any scope, not just
1541 the current scope.
1542
1543 unknown-clients;
1544
1545 If specified, this statement either allows or prevents allocation from
1546 this pool to any client that has no host declaration (i.e., is not
1547 known).
1548
1549 members of "class";
1550
1551 If specified, this statement either allows or prevents allocation from
1552 this pool to any client that is a member of the named class.
1553
1554 dynamic bootp clients;
1555
1556 If specified, this statement either allows or prevents allocation from
1557 this pool to any bootp client.
1558
1559 authenticated clients;
1560
1561 If specified, this statement either allows or prevents allocation from
1562 this pool to any client that has been authenticated using the DHCP
1563 authentication protocol. This is not yet supported.
1564
1565 unauthenticated clients;
1566
1567 If specified, this statement either allows or prevents allocation from
1568 this pool to any client that has not been authenticated using the DHCP
1569 authentication protocol. This is not yet supported.
1570
1571 all clients;
1572
1573 If specified, this statement either allows or prevents allocation from
1574 this pool to all clients. This can be used when you want to write a
1575 pool declaration for some reason, but hold it in reserve, or when you
1576 want to renumber your network quickly, and thus want the server to
1577 force all clients that have been allocated addresses from this pool to
1578 obtain new addresses immediately when they next renew.
1579
1580 after time;
1581
1582 If specified, this statement either allows or prevents allocation from
1583 this pool after a given date. This can be used when you want to move
1584 clients from one pool to another. The server adjusts the regular lease
1585 time so that the latest expiry time is at the given time+min-lease-
1586 time. A short min-lease-time enforces a step change, whereas a longer
1587 min-lease-time allows for a gradual change. time is either second
1588 since epoch, or a UTC time string e.g. 4 2007/08/24 09:14:32 or a
1589 string with time zone offset in seconds e.g. 4 2007/08/24 11:14:32
1590 -7200
1591
1593 The adaptive-lease-time-threshold statement
1594
1595 adaptive-lease-time-threshold percentage;
1596
1597 When the number of allocated leases within a pool rises above the
1598 percentage given in this statement, the DHCP server decreases the
1599 lease length for new clients within this pool to min-lease-time sec‐
1600 onds. Clients renewing an already valid (long) leases get at least
1601 the remaining time from the current lease. Since the leases expire
1602 faster, the server may either recover more quickly or avoid pool
1603 exhaustion entirely. Once the number of allocated leases drop below
1604 the threshold, the server reverts back to normal lease times. Valid
1605 percentages are between 1 and 99.
1606
1607 The always-broadcast statement
1608
1609 always-broadcast flag;
1610
1611 The DHCP and BOOTP protocols both require DHCP and BOOTP clients to
1612 set the broadcast bit in the flags field of the BOOTP message header.
1613 Unfortunately, some DHCP and BOOTP clients do not do this, and there‐
1614 fore may not receive responses from the DHCP server. The DHCP server
1615 can be made to always broadcast its responses to clients by setting
1616 this flag to ´on´ for the relevant scope; relevant scopes would be
1617 inside a conditional statement, as a parameter for a class, or as a
1618 parameter for a host declaration. To avoid creating excess broadcast
1619 traffic on your network, we recommend that you restrict the use of
1620 this option to as few clients as possible. For example, the Micro‐
1621 soft DHCP client is known not to have this problem, as are the Open‐
1622 Transport and ISC DHCP clients.
1623
1624 The always-reply-rfc1048 statement
1625
1626 always-reply-rfc1048 flag;
1627
1628 Some BOOTP clients expect RFC1048-style responses, but do not follow
1629 RFC1048 when sending their requests. You can tell that a client is
1630 having this problem if it is not getting the options you have config‐
1631 ured for it and if you see in the server log the message "(non-
1632 rfc1048)" printed with each BOOTREQUEST that is logged.
1633
1634 If you want to send rfc1048 options to such a client, you can set the
1635 always-reply-rfc1048 option in that client's host declaration, and
1636 the DHCP server will respond with an RFC-1048-style vendor options
1637 field. This flag can be set in any scope, and will affect all
1638 clients covered by that scope.
1639
1640 The authoritative statement
1641
1642 authoritative;
1643
1644 not authoritative;
1645
1646 The DHCP server will normally assume that the configuration informa‐
1647 tion about a given network segment is not known to be correct and is
1648 not authoritative. This is so that if a naive user installs a DHCP
1649 server not fully understanding how to configure it, it does not send
1650 spurious DHCPNAK messages to clients that have obtained addresses
1651 from a legitimate DHCP server on the network.
1652
1653 Network administrators setting up authoritative DHCP servers for
1654 their networks should always write authoritative; at the top of their
1655 configuration file to indicate that the DHCP server should send DHCP‐
1656 NAK messages to misconfigured clients. If this is not done, clients
1657 will be unable to get a correct IP address after changing subnets
1658 until their old lease has expired, which could take quite a long
1659 time.
1660
1661 Usually, writing authoritative; at the top level of the file should
1662 be sufficient. However, if a DHCP server is to be set up so that it
1663 is aware of some networks for which it is authoritative and some net‐
1664 works for which it is not, it may be more appropriate to declare
1665 authority on a per-network-segment basis.
1666
1667 Note that the most specific scope for which the concept of authority
1668 makes any sense is the physical network segment - either a shared-
1669 network statement or a subnet statement that is not contained within
1670 a shared-network statement. It is not meaningful to specify that the
1671 server is authoritative for some subnets within a shared network, but
1672 not authoritative for others, nor is it meaningful to specify that
1673 the server is authoritative for some host declarations and not oth‐
1674 ers.
1675
1676 The boot-unknown-clients statement
1677
1678 boot-unknown-clients flag;
1679
1680 If the boot-unknown-clients statement is present and has a value of
1681 false or off, then clients for which there is no host declaration
1682 will not be allowed to obtain IP addresses. If this statement is not
1683 present or has a value of true or on, then clients without host dec‐
1684 larations will be allowed to obtain IP addresses, as long as those
1685 addresses are not restricted by allow and deny statements within
1686 their pool declarations.
1687
1688 The db-time-format statement
1689
1690 db-time-format [ default | local ] ;
1691
1692 The DHCP server software outputs several timestamps when writing
1693 leases to persistent storage. This configuration parameter selects
1694 one of two output formats. The default format prints the day, date,
1695 and time in UTC, while the local format prints the system seconds-
1696 since-epoch, and helpfully provides the day and time in the system
1697 timezone in a comment. The time formats are described in detail in
1698 the dhcpd.leases(5) manpage.
1699
1700 The ddns-hostname statement
1701
1702 ddns-hostname name;
1703
1704 The name parameter should be the hostname that will be used in set‐
1705 ting up the client's A and PTR records. If no ddns-hostname is spec‐
1706 ified in scope, then the server will derive the hostname automati‐
1707 cally, using an algorithm that varies for each of the different
1708 update methods.
1709
1710 The ddns-domainname statement
1711
1712 ddns-domainname name;
1713
1714 The name parameter should be the domain name that will be appended to
1715 the client's hostname to form a fully-qualified domain-name (FQDN).
1716
1717 The ddns-rev-domainname statement
1718
1719 ddns-rev-domainname name; The name parameter should be the domain
1720 name that will be appended to the client's reversed IP address to
1721 produce a name for use in the client's PTR record. By default, this
1722 is "in-addr.arpa.", but the default can be overridden here.
1723
1724 The reversed IP address to which this domain name is appended is
1725 always the IP address of the client, in dotted quad notation,
1726 reversed - for example, if the IP address assigned to the client is
1727 10.17.92.74, then the reversed IP address is 74.92.17.10. So a
1728 client with that IP address would, by default, be given a PTR record
1729 of 10.17.92.74.in-addr.arpa.
1730
1731 The ddns-update-style parameter
1732
1733 ddns-update-style style;
1734
1735 The style parameter must be one of standard, interim or none. The
1736 ddns-update-style statement is only meaningful in the outer scope -
1737 it is evaluated once after reading the dhcpd.conf file, rather than
1738 each time a client is assigned an IP address, so there is no way to
1739 use different DNS update styles for different clients. The default is
1740 none.
1741
1742 The ddns-updates statement
1743
1744 ddns-updates flag;
1745
1746 The ddns-updates parameter controls whether or not the server will
1747 attempt to do a DNS update when a lease is confirmed. Set this to
1748 off if the server should not attempt to do updates within a certain
1749 scope. The ddns-updates parameter is on by default. To disable DNS
1750 updates in all scopes, it is preferable to use the ddns-update-style
1751 statement, setting the style to none.
1752
1753 The default-lease-time statement
1754
1755 default-lease-time time;
1756
1757 Time should be the length in seconds that will be assigned to a lease
1758 if the client requesting the lease does not ask for a specific expi‐
1759 ration time. This is used for both DHCPv4 and DHCPv6 leases (it is
1760 also known as the "valid lifetime" in DHCPv6). The default is 43200
1761 seconds.
1762
1763 The delayed-ack and max-ack-delay statements
1764
1765 delayed-ack count; max-ack-delay microseconds;
1766
1767 Count should be an integer value from zero to 2^16-1, and defaults to
1768 28. The count represents how many DHCPv4 replies maximum will be
1769 queued pending transmission until after a database commit event. If
1770 this number is reached, a database commit event (commonly resulting
1771 in fsync() and representing a performance penalty) will be made, and
1772 the reply packets will be transmitted in a batch afterwards. This
1773 preserves the RFC2131 direction that "stable storage" be updated
1774 prior to replying to clients. Should the DHCPv4 sockets "go dry"
1775 (select() returns immediately with no read sockets), the commit is
1776 made and any queued packets are transmitted.
1777
1778 Similarly, microseconds indicates how many microseconds are permitted
1779 to pass inbetween queuing a packet pending an fsync, and performing
1780 the fsync. Valid values range from 0 to 2^32-1, and defaults to
1781 250,000 (1/4 of a second).
1782
1783 Please note that as delayed-ack is currently experimental, the
1784 delayed-ack feature is not compiled in by default, but must be
1785 enabled at compile time with ´./configure --enable-delayed-ack´.
1786
1787 The do-forward-updates statement
1788
1789 do-forward-updates flag;
1790
1791 The do-forward-updates statement instructs the DHCP server as to
1792 whether it should attempt to update a DHCP client´s A record when the
1793 client acquires or renews a lease. This statement has no effect
1794 unless DNS updates are enabled. Forward updates are enabled by
1795 default. If this statement is used to disable forward updates, the
1796 DHCP server will never attempt to update the client´s A record, and
1797 will only ever attempt to update the client´s PTR record if the
1798 client supplies an FQDN that should be placed in the PTR record using
1799 the fqdn option. If forward updates are enabled, the DHCP server
1800 will still honor the setting of the client-updates flag.
1801
1802 The dynamic-bootp-lease-cutoff statement
1803
1804 dynamic-bootp-lease-cutoff date;
1805
1806 The dynamic-bootp-lease-cutoff statement sets the ending time for all
1807 leases assigned dynamically to BOOTP clients. Because BOOTP clients
1808 do not have any way of renewing leases, and don't know that their
1809 leases could expire, by default dhcpd assigns infinite leases to all
1810 BOOTP clients. However, it may make sense in some situations to set
1811 a cutoff date for all BOOTP leases - for example, the end of a school
1812 term, or the time at night when a facility is closed and all machines
1813 are required to be powered off.
1814
1815 Date should be the date on which all assigned BOOTP leases will end.
1816 The date is specified in the form:
1817
1818 W YYYY/MM/DD HH:MM:SS
1819
1820 W is the day of the week expressed as a number from zero (Sunday) to
1821 six (Saturday). YYYY is the year, including the century. MM is the
1822 month expressed as a number from 1 to 12. DD is the day of the
1823 month, counting from 1. HH is the hour, from zero to 23. MM is the
1824 minute and SS is the second. The time is always in Coordinated Uni‐
1825 versal Time (UTC), not local time.
1826
1827 The dynamic-bootp-lease-length statement
1828
1829 dynamic-bootp-lease-length length;
1830
1831 The dynamic-bootp-lease-length statement is used to set the length of
1832 leases dynamically assigned to BOOTP clients. At some sites, it may
1833 be possible to assume that a lease is no longer in use if its holder
1834 has not used BOOTP or DHCP to get its address within a certain time
1835 period. The period is specified in length as a number of seconds.
1836 If a client reboots using BOOTP during the timeout period, the lease
1837 duration is reset to length, so a BOOTP client that boots frequently
1838 enough will never lose its lease. Needless to say, this parameter
1839 should be adjusted with extreme caution.
1840
1841 The filename statement
1842
1843 filename "filename";
1844
1845 The filename statement can be used to specify the name of the initial
1846 boot file which is to be loaded by a client. The filename should be
1847 a filename recognizable to whatever file transfer protocol the client
1848 can be expected to use to load the file.
1849
1850 The fixed-address declaration
1851
1852 fixed-address address [, address ... ];
1853
1854 The fixed-address declaration is used to assign one or more fixed IP
1855 addresses to a client. It should only appear in a host declaration.
1856 If more than one address is supplied, then when the client boots, it
1857 will be assigned the address that corresponds to the network on which
1858 it is booting. If none of the addresses in the fixed-address state‐
1859 ment are valid for the network to which the client is connected, that
1860 client will not match the host declaration containing that fixed-
1861 address declaration. Each address in the fixed-address declaration
1862 should be either an IP address or a domain name that resolves to one
1863 or more IP addresses.
1864
1865 The fixed-address6 declaration
1866
1867 fixed-address6 ip6-address ;
1868
1869 The fixed-address6 declaration is used to assign a fixed IPv6
1870 addresses to a client. It should only appear in a host declaration.
1871
1872 The get-lease-hostnames statement
1873
1874 get-lease-hostnames flag;
1875
1876 The get-lease-hostnames statement is used to tell dhcpd whether or
1877 not to look up the domain name corresponding to the IP address of
1878 each address in the lease pool and use that address for the DHCP
1879 hostname option. If flag is true, then this lookup is done for all
1880 addresses in the current scope. By default, or if flag is false, no
1881 lookups are done.
1882
1883 The hardware statement
1884
1885 hardware hardware-type hardware-address;
1886
1887 In order for a BOOTP client to be recognized, its network hardware
1888 address must be declared using a hardware clause in the host state‐
1889 ment. hardware-type must be the name of a physical hardware inter‐
1890 face type. Currently, only the ethernet and token-ring types are
1891 recognized, although support for a fddi hardware type (and others)
1892 would also be desirable. The hardware-address should be a set of
1893 hexadecimal octets (numbers from 0 through ff) separated by colons.
1894 The hardware statement may also be used for DHCP clients.
1895
1896 The host-identifier option statement
1897
1898 host-identifier option option-name option-data;
1899
1900 This identifies a DHCPv6 client in a host statement. option-name is
1901 any option, and option-data is the value for the option that the
1902 client will send. The option-data must be a constant value.
1903
1904 The infinite-is-reserved statement
1905
1906 infinite-is-reserved flag;
1907
1908 ISC DHCP now supports ´reserved´ leases. See the section on RESERVED
1909 LEASES below. If this flag is on, the server will automatically
1910 reserve leases allocated to clients which requested an infinite
1911 (0xffffffff) lease-time.
1912
1913 The default is off.
1914
1915 The lease-file-name statement
1916
1917 lease-file-name name;
1918
1919 Name should be the name of the DHCP server's lease file. By default,
1920 this is /var/lib/dhcpd/dhcpd.leases. This statement must appear in
1921 the outer scope of the configuration file - if it appears in some
1922 other scope, it will have no effect. Furthermore, it has no effect
1923 if overridden by the -lf flag or the PATH_DHCPD_DB environment vari‐
1924 able.
1925
1926 The limit-addrs-per-ia statement
1927
1928 limit-addrs-per-ia number;
1929
1930 By default, the DHCPv6 server will limit clients to one IAADDR per IA
1931 option, meaning one address. If you wish to permit clients to hang
1932 onto multiple addresses at a time, configure a larger number here.
1933
1934 Note that there is no present method to configure the server to
1935 forcibly configure the client with one IP address per each subnet on
1936 a shared network. This is left to future work.
1937
1938 The dhcpv6-lease-file-name statement
1939
1940 dhcpv6-lease-file-name name;
1941
1942 Name is the name of the lease file to use if and only if the server
1943 is running in DHCPv6 mode. By default, this is
1944 /var/lib/dhcpd/dhcpd6.leases. This statement, like lease-file-name,
1945 must appear in the outer scope of the configuration file. It has no
1946 effect if overridden by the -lf flag or the PATH_DHCPD6_DB environ‐
1947 ment variable. If dhcpv6-lease-file-name is not specified, but
1948 lease-file-name is, the latter value will be used.
1949
1950 The local-port statement
1951
1952 local-port port;
1953
1954 This statement causes the DHCP server to listen for DHCP requests on
1955 the UDP port specified in port, rather than on port 67.
1956
1957 The local-address statement
1958
1959 local-address address;
1960
1961 This statement causes the DHCP server to listen for DHCP requests
1962 sent to the specified address, rather than requests sent to all
1963 addresses. Since serving directly attached DHCP clients implies that
1964 the server must respond to requests sent to the all-ones IP address,
1965 this option cannot be used if clients are on directly attached net‐
1966 works...it is only realistically useful for a server whose only
1967 clients are reached via unicasts, such as via DHCP relay agents.
1968
1969 Note: This statement is only effective if the server was compiled
1970 using the USE_SOCKETS #define statement, which is default on a small
1971 number of operating systems, and must be explicitly chosen at com‐
1972 pile-time for all others. You can be sure if your server is compiled
1973 with USE_SOCKETS if you see lines of this format at startup:
1974
1975 Listening on Socket/eth0
1976
1977 Note also that since this bind()s all DHCP sockets to the specified
1978 address, that only one address may be supported in a daemon at a
1979 given time.
1980
1981 The log-facility statement
1982
1983 log-facility facility;
1984
1985 This statement causes the DHCP server to do all of its logging on the
1986 specified log facility once the dhcpd.conf file has been read. By
1987 default the DHCP server logs to the daemon facility. Possible log
1988 facilities include auth, authpriv, cron, daemon, ftp, kern, lpr,
1989 mail, mark, news, ntp, security, syslog, user, uucp, and local0
1990 through local7. Not all of these facilities are available on all
1991 systems, and there may be other facilities available on other sys‐
1992 tems.
1993
1994 In addition to setting this value, you may need to modify your sys‐
1995 log.conf file to configure logging of the DHCP server. For example,
1996 you might add a line like this:
1997
1998 local7.debug /var/log/dhcpd.log
1999
2000 The syntax of the syslog.conf file may be different on some operating
2001 systems - consult the syslog.conf manual page to be sure. To get
2002 syslog to start logging to the new file, you must first create the
2003 file with correct ownership and permissions (usually, the same owner
2004 and permissions of your /var/log/messages or /usr/adm/messages file
2005 should be fine) and send a SIGHUP to syslogd. Some systems support
2006 log rollover using a shell script or program called newsyslog or
2007 logrotate, and you may be able to configure this as well so that your
2008 log file doesn't grow uncontrollably.
2009
2010 Because the log-facility setting is controlled by the dhcpd.conf
2011 file, log messages printed while parsing the dhcpd.conf file or
2012 before parsing it are logged to the default log facility. To prevent
2013 this, see the README file included with this distribution, which
2014 describes how to change the default log facility. When this parame‐
2015 ter is used, the DHCP server prints its startup message a second time
2016 after parsing the configuration file, so that the log will be as com‐
2017 plete as possible.
2018
2019 The max-lease-time statement
2020
2021 max-lease-time time;
2022
2023 Time should be the maximum length in seconds that will be assigned to
2024 a lease. If not defined, the default maximum lease time is 86400.
2025 The only exception to this is that Dynamic BOOTP lease lengths, which
2026 are not specified by the client, are not limited by this maximum.
2027
2028 The min-lease-time statement
2029
2030 min-lease-time time;
2031
2032 Time should be the minimum length in seconds that will be assigned to
2033 a lease. The default is the minimum of 300 seconds or max-lease-
2034 time.
2035
2036 The min-secs statement
2037
2038 min-secs seconds;
2039
2040 Seconds should be the minimum number of seconds since a client began
2041 trying to acquire a new lease before the DHCP server will respond to
2042 its request. The number of seconds is based on what the client
2043 reports, and the maximum value that the client can report is 255 sec‐
2044 onds. Generally, setting this to one will result in the DHCP server
2045 not responding to the client's first request, but always responding
2046 to its second request.
2047
2048 This can be used to set up a secondary DHCP server which never offers
2049 an address to a client until the primary server has been given a
2050 chance to do so. If the primary server is down, the client will bind
2051 to the secondary server, but otherwise clients should always bind to
2052 the primary. Note that this does not, by itself, permit a primary
2053 server and a secondary server to share a pool of dynamically-allocat‐
2054 able addresses.
2055
2056 The next-server statement
2057
2058 next-server server-name;
2059
2060 The next-server statement is used to specify the host address of the
2061 server from which the initial boot file (specified in the filename
2062 statement) is to be loaded. Server-name should be a numeric IP
2063 address or a domain name. If no next-server statement applies to a
2064 given client, the address 0.0.0.0 is used.
2065
2066 The omapi-port statement
2067
2068 omapi-port port;
2069
2070 The omapi-port statement causes the DHCP server to listen for OMAPI
2071 connections on the specified port. This statement is required to
2072 enable the OMAPI protocol, which is used to examine and modify the
2073 state of the DHCP server as it is running.
2074
2075 The one-lease-per-client statement
2076
2077 one-lease-per-client flag;
2078
2079 If this flag is enabled, whenever a client sends a DHCPREQUEST for a
2080 particular lease, the server will automatically free any other leases
2081 the client holds. This presumes that when the client sends a DHCPRE‐
2082 QUEST, it has forgotten any lease not mentioned in the DHCPREQUEST -
2083 i.e., the client has only a single network interface and it does not
2084 remember leases it's holding on networks to which it is not currently
2085 attached. Neither of these assumptions are guaranteed or provable,
2086 so we urge caution in the use of this statement.
2087
2088 The pid-file-name statement
2089
2090 pid-file-name name;
2091
2092 Name should be the name of the DHCP server's process ID file. This
2093 is the file in which the DHCP server's process ID is stored when the
2094 server starts. By default, this is /var/run/dhcpd.pid. Like the
2095 lease-file-name statement, this statement must appear in the outer
2096 scope of the configuration file. It has no effect if overridden by
2097 the -pf flag or the PATH_DHCPD_PID environment variable.
2098
2099 The dhcpv6-pid-file-name statement
2100
2101 dhcpv6-pid-file-name name;
2102
2103 Name is the name of the pid file to use if and only if the server
2104 is running in DHCPv6 mode. By default, this is
2105 /var/lib/dhcpd/dhcpd6.pid. This statement, like pid-file-name,
2106 must appear in the outer scope of the configuration file. It has
2107 no effect if overridden by the -pf flag or the PATH_DHCPD6_PID
2108 environment variable. If dhcpv6-pid-file-name is not specified,
2109 but pid-file-name is, the latter value will be used.
2110
2111 The ping-check statement
2112
2113 ping-check flag;
2114
2115 When the DHCP server is considering dynamically allocating an IP
2116 address to a client, it first sends an ICMP Echo request (a ping)
2117 to the address being assigned. It waits for a second, and if no
2118 ICMP Echo response has been heard, it assigns the address. If a
2119 response is heard, the lease is abandoned, and the server does not
2120 respond to the client.
2121
2122 This ping check introduces a default one-second delay in respond‐
2123 ing to DHCPDISCOVER messages, which can be a problem for some
2124 clients. The default delay of one second may be configured using
2125 the ping-timeout parameter. The ping-check configuration parame‐
2126 ter can be used to control checking - if its value is false, no
2127 ping check is done.
2128
2129 The ping-timeout statement
2130
2131 ping-timeout seconds;
2132
2133 If the DHCP server determined it should send an ICMP echo request
2134 (a ping) because the ping-check statement is true, ping-timeout
2135 allows you to configure how many seconds the DHCP server should
2136 wait for an ICMP Echo response to be heard, if no ICMP Echo
2137 response has been received before the timeout expires, it assigns
2138 the address. If a response is heard, the lease is abandoned, and
2139 the server does not respond to the client. If no value is set,
2140 ping-timeout defaults to 1 second.
2141
2142 The preferred-lifetime statement
2143
2144 preferred-lifetime seconds;
2145
2146 IPv6 addresses have ´valid´ and ´preferred´ lifetimes. The valid
2147 lifetime determines at what point at lease might be said to have
2148 expired, and is no longer useable. A preferred lifetime is an
2149 advisory condition to help applications move off of the address
2150 and onto currently valid addresses (should there still be any open
2151 TCP sockets or similar).
2152
2153 The preferred lifetime defaults to the renew+rebind timers, or 3/4
2154 the default lease time if none were specified.
2155
2156 The remote-port statement
2157
2158 remote-port port;
2159
2160 This statement causes the DHCP server to transmit DHCP responses
2161 to DHCP clients upon the UDP port specified in port, rather than
2162 on port 68. In the event that the UDP response is transmitted to
2163 a DHCP Relay, the server generally uses the local-port configura‐
2164 tion value. Should the DHCP Relay happen to be addressed as
2165 127.0.0.1, however, the DHCP Server transmits its response to the
2166 remote-port configuration value. This is generally only useful
2167 for testing purposes, and this configuration value should gener‐
2168 ally not be used.
2169
2170 The server-identifier statement
2171
2172 server-identifier hostname;
2173
2174 The server-identifier statement can be used to define the value
2175 that is sent in the DHCP Server Identifier option for a given
2176 scope. The value specified must be an IP address for the DHCP
2177 server, and must be reachable by all clients served by a particu‐
2178 lar scope.
2179
2180 The use of the server-identifier statement is not recommended -
2181 the only reason to use it is to force a value other than the
2182 default value to be sent on occasions where the default value
2183 would be incorrect. The default value is the first IP address
2184 associated with the physical network interface on which the
2185 request arrived.
2186
2187 The usual case where the server-identifier statement needs to be
2188 sent is when a physical interface has more than one IP address,
2189 and the one being sent by default isn´t appropriate for some or
2190 all clients served by that interface. Another common case is when
2191 an alias is defined for the purpose of having a consistent IP
2192 address for the DHCP server, and it is desired that the clients
2193 use this IP address when contacting the server.
2194
2195 Supplying a value for the dhcp-server-identifier option is equiva‐
2196 lent to using the server-identifier statement.
2197
2198 The server-duid statement
2199
2200 server-duid LLT [ hardware-type timestamp hardware-address ] ;
2201
2202 server-duid EN enterprise-number enterprise-identifier ;
2203
2204 server-duid LL [ hardware-type hardware-address ] ;
2205
2206 The server-duid statement configures the server DUID. You may pick
2207 either LLT (link local address plus time), EN (enterprise), or LL
2208 (link local).
2209
2210 If you choose LLT or LL, you may specify the exact contents of the
2211 DUID. Otherwise the server will generate a DUID of the specified
2212 type.
2213
2214 If you choose EN, you must include the enterprise number and the
2215 enterprise-identifier.
2216
2217 The default server-duid type is LLT.
2218
2219 The server-name statement
2220
2221 server-name name ;
2222
2223 The server-name statement can be used to inform the client of the
2224 name of the server from which it is booting. Name should be the
2225 name that will be provided to the client.
2226
2227 The site-option-space statement
2228
2229 site-option-space name ;
2230
2231 The site-option-space statement can be used to determine from what
2232 option space site-local options will be taken. This can be used
2233 in much the same way as the vendor-option-space statement. Site-
2234 local options in DHCP are those options whose numeric codes are
2235 greater than 224. These options are intended for site-specific
2236 uses, but are frequently used by vendors of embedded hardware that
2237 contains DHCP clients. Because site-specific options are allo‐
2238 cated on an ad hoc basis, it is quite possible that one vendor's
2239 DHCP client might use the same option code that another vendor's
2240 client uses, for different purposes. The site-option-space option
2241 can be used to assign a different set of site-specific options for
2242 each such vendor, using conditional evaluation (see dhcp-eval (5)
2243 for details).
2244
2245 The stash-agent-options statement
2246
2247 stash-agent-options flag;
2248
2249 If the stash-agent-options parameter is true for a given client,
2250 the server will record the relay agent information options sent
2251 during the client's initial DHCPREQUEST message when the client
2252 was in the SELECTING state and behave as if those options are
2253 included in all subsequent DHCPREQUEST messages sent in the RENEW‐
2254 ING state. This works around a problem with relay agent informa‐
2255 tion options, which is that they usually not appear in DHCPREQUEST
2256 messages sent by the client in the RENEWING state, because such
2257 messages are unicast directly to the server and not sent through a
2258 relay agent.
2259
2260 The update-conflict-detection statement
2261
2262 update-conflict-detection flag;
2263
2264 If the update-conflict-detection parameter is true, the server
2265 will perform standard DHCID multiple-client, one-name conflict
2266 detection. If the parameter has been set false, the server will
2267 skip this check and instead simply tear down any previous bindings
2268 to install the new binding without question. The default is true.
2269
2270 The update-optimization statement
2271
2272 update-optimization flag;
2273
2274 If the update-optimization parameter is false for a given client,
2275 the server will attempt a DNS update for that client each time the
2276 client renews its lease, rather than only attempting an update
2277 when it appears to be necessary. This will allow the DNS to heal
2278 from database inconsistencies more easily, but the cost is that
2279 the DHCP server must do many more DNS updates. We recommend leav‐
2280 ing this option enabled, which is the default. This option only
2281 affects the behavior of the interim DNS update scheme, and has no
2282 effect on the ad-hoc DNS update scheme. If this parameter is not
2283 specified, or is true, the DHCP server will only update when the
2284 client information changes, the client gets a different lease, or
2285 the client's lease expires.
2286
2287 The update-static-leases statement
2288
2289 update-static-leases flag;
2290
2291 The update-static-leases flag, if enabled, causes the DHCP server
2292 to do DNS updates for clients even if those clients are being
2293 assigned their IP address using a fixed-address statement - that
2294 is, the client is being given a static assignment. This can only
2295 work with the interim DNS update scheme. It is not recommended
2296 because the DHCP server has no way to tell that the update has
2297 been done, and therefore will not delete the record when it is not
2298 in use. Also, the server must attempt the update each time the
2299 client renews its lease, which could have a significant perfor‐
2300 mance impact in environments that place heavy demands on the DHCP
2301 server.
2302
2303 The use-host-decl-names statement
2304
2305 use-host-decl-names flag;
2306
2307 If the use-host-decl-names parameter is true in a given scope,
2308 then for every host declaration within that scope, the name pro‐
2309 vided for the host declaration will be supplied to the client as
2310 its hostname. So, for example,
2311
2312 group {
2313 use-host-decl-names on;
2314
2315 host joe {
2316 hardware ethernet 08:00:2b:4c:29:32;
2317 fixed-address joe.fugue.com;
2318 }
2319 }
2320
2321 is equivalent to
2322
2323 host joe {
2324 hardware ethernet 08:00:2b:4c:29:32;
2325 fixed-address joe.fugue.com;
2326 option host-name "joe";
2327 }
2328
2329 An option host-name statement within a host declaration will over‐
2330 ride the use of the name in the host declaration.
2331
2332 It should be noted here that most DHCP clients completely ignore
2333 the host-name option sent by the DHCP server, and there is no way
2334 to configure them not to do this. So you generally have a choice
2335 of either not having any hostname to client IP address mapping
2336 that the client will recognize, or doing DNS updates. It is
2337 beyond the scope of this document to describe how to make this
2338 determination.
2339
2340 The use-lease-addr-for-default-route statement
2341
2342 use-lease-addr-for-default-route flag;
2343
2344 If the use-lease-addr-for-default-route parameter is true in a
2345 given scope, then instead of sending the value specified in the
2346 routers option (or sending no value at all), the IP address of the
2347 lease being assigned is sent to the client. This supposedly
2348 causes Win95 machines to ARP for all IP addresses, which can be
2349 helpful if your router is configured for proxy ARP. The use of
2350 this feature is not recommended, because it won't work for many
2351 DHCP clients.
2352
2353 The vendor-option-space statement
2354
2355 vendor-option-space string;
2356
2357 The vendor-option-space parameter determines from what option
2358 space vendor options are taken. The use of this configuration
2359 parameter is illustrated in the dhcp-options(5) manual page, in
2360 the VENDOR ENCAPSULATED OPTIONS section.
2361
2363 Sometimes it's helpful to be able to set the value of a DHCP server
2364 parameter based on some value that the client has sent. To do this,
2365 you can use expression evaluation. The dhcp-eval(5) manual page
2366 describes how to write expressions. To assign the result of an evalua‐
2367 tion to an option, define the option as follows:
2368
2369 my-parameter = expression ;
2370
2371 For example:
2372
2373 ddns-hostname = binary-to-ascii (16, 8, "-",
2374 substring (hardware, 1, 6));
2375
2377 It's often useful to allocate a single address to a single client, in
2378 approximate perpetuity. Host statements with fixed-address clauses
2379 exist to a certain extent to serve this purpose, but because host
2380 statements are intended to approximate ´static configuration´, they
2381 suffer from not being referenced in a littany of other Server Services,
2382 such as dynamic DNS, failover, ´on events´ and so forth.
2383
2384 If a standard dynamic lease, as from any range statement, is marked
2385 ´reserved´, then the server will only allocate this lease to the client
2386 it is identified by (be that by client identifier or hardware address).
2387
2388 In practice, this means that the lease follows the normal state engine,
2389 enters ACTIVE state when the client is bound to it, expires, or is
2390 released, and any events or services that would normally be supplied
2391 during these events are processed normally, as with any other dynamic
2392 lease. The only difference is that failover servers treat reserved
2393 leases as special when they enter the FREE or BACKUP states - each
2394 server applies the lease into the state it may allocate from - and the
2395 leases are not placed on the queue for allocation to other clients.
2396 Instead they may only be ´found´ by client identity. The result is
2397 that the lease is only offered to the returning client.
2398
2399 Care should probably be taken to ensure that the client only has one
2400 lease within a given subnet that it is identified by.
2401
2402 Leases may be set ´reserved´ either through OMAPI, or through the
2403 ´infinite-is-reserved´ configuration option (if this is applicable to
2404 your environment and mixture of clients).
2405
2406 It should also be noted that leases marked ´reserved´ are effectively
2407 treated the same as leases marked ´bootp´.
2408
2410 DHCP option statements are documented in the dhcp-options(5) manual
2411 page.
2412
2414 Expressions used in DHCP option statements and elsewhere are documented
2415 in the dhcp-eval(5) manual page.
2416
2418 dhcpd(8), dhcpd.leases(5), dhcp-options(5), dhcp-eval(5), RFC2132,
2419 RFC2131.
2420
2422 dhcpd.conf(5) was written by Ted Lemon under a contract with Vixie
2423 Labs. Funding for this project was provided by Internet Systems Con‐
2424 sortium. Information about Internet Systems Consortium can be found at
2425 https://www.isc.org.
2426
2427
2428
2429 dhcpd.conf(5)