dhcpd(8)

1dhcpd(8)                    System Manager's Manual                   dhcpd(8)
2
3
4

NAME

6       dhcpd - Dynamic Host Configuration Protocol Server
7

SYNOPSIS

9       dhcpd  [  -p  port  ] [ -f ] [ -d ] [ -q ] [ -t | -T ] [ -4 | -6 ] [ -s
10       server ] [ -cf config-file ] [ -lf lease-file ]  [  -pf  pid-file  ]  [
11       --no-pid  ] [ -tf trace-output-file ] [ -user user ] [ -group group ] [
12       -chroot dir ] [ -play trace-playback-file ] [ if0 [ ...ifN ] ]
13
14       dhcpd --version
15

DESCRIPTION

17       The Internet Systems Consortium  DHCP  Server,  dhcpd,  implements  the
18       Dynamic  Host  Configuration Protocol (DHCP) and the Internet Bootstrap
19       Protocol (BOOTP).  DHCP allows hosts on a TCP/IP network to request and
20       be  assigned  IP  addresses, and also to discover information about the
21       network to which they are attached.  BOOTP provides similar functional‐
22       ity, with certain restrictions.
23

OPERATION

25       The  DHCP protocol allows a host which is unknown to the network admin‐
26       istrator to be automatically assigned a new IP address out of a pool of
27       IP  addresses  for its network.  In order for this to work, the network
28       administrator allocates address pools in each subnet  and  enters  them
29       into the dhcpd.conf(5) file.
30
31       There  are  two  versions  of  the DHCP protocol DHCPv4 and DHCPv6.  At
32       startup the server  may be started for one or the other via the  -4  or
33       -6 arguments.
34
35       On startup, dhcpd reads the dhcpd.conf file and stores a list of avail‐
36       able addresses on each subnet in memory.  When  a  client  requests  an
37       address  using  the  DHCP  protocol, dhcpd allocates an address for it.
38       Each client is assigned a lease, which expires after an amount of  time
39       chosen  by  the  administrator  (by  default,  one day).  Before leases
40       expire, the clients to which leases are assigned are expected to  renew
41       them  in  order  to  continue  to  use the addresses.  Once a lease has
42       expired, the client to which that lease was assigned is no longer  per‐
43       mitted to use the leased IP address.
44
45       In  order  to  keep  track  of  leases across system reboots and server
46       restarts, dhcpd  keeps  a  list  of  leases  it  has  assigned  in  the
47       dhcpd.leases(5)  file.   Before  dhcpd  grants  a  lease  to a host, it
48       records the lease in this file and makes sure that the contents of  the
49       file  are  flushed  to  disk.  This ensures that even in the event of a
50       system crash, dhcpd will not forget about a lease that it has assigned.
51       On  startup,  after  reading  the  dhcpd.conf  file,  dhcpd  reads  the
52       dhcpd.leases file to refresh its memory about  what  leases  have  been
53       assigned.
54
55       New  leases are appended to the end of the dhcpd.leases file.  In order
56       to prevent the file from becoming arbitrarily large, from time to  time
57       dhcpd  creates a new dhcpd.leases file from its in-core lease database.
58       Once this file has been written  to  disk,  the  old  file  is  renamed
59       dhcpd.leases~, and the new file is renamed dhcpd.leases.  If the system
60       crashes in the middle of  this  process,  whichever  dhcpd.leases  file
61       remains will contain all the lease information, so there is no need for
62       a special crash recovery process.
63
64       BOOTP support is also provided by this server.  Unlike DHCP, the  BOOTP
65       protocol  does  not  provide  a  protocol  for  recovering dynamically-
66       assigned addresses once they are no longer needed.  It is still  possi‐
67       ble to dynamically assign addresses to BOOTP clients, but some adminis‐
68       trative process for reclaiming  addresses  is  required.   By  default,
69       leases are granted to BOOTP clients in perpetuity, although the network
70       administrator may set an earlier cutoff date or a shorter lease  length
71       for BOOTP leases if that makes sense.
72
73       BOOTP  clients  may also be served in the old standard way, which is to
74       simply provide a declaration in the  dhcpd.conf  file  for  each  BOOTP
75       client, permanently assigning an address to each client.
76
77       Whenever  changes  are  made  to  the  dhcpd.conf  file,  dhcpd must be
78       restarted.  To restart dhcpd, send a SIGTERM (signal 15) to the process
79       ID  contained in /var/run/dhcpd.pid, and then re-invoke dhcpd.  Because
80       the DHCP server database is not as lightweight  as  a  BOOTP  database,
81       dhcpd  does  not  automatically restart itself when it sees a change to
82       the dhcpd.conf file.
83
84       Note: We get a lot of complaints about this.  We realize that it  would
85       be nice if one could send a SIGHUP to the server and have it reload the
86       database.  This is not technically impossible, but it would  require  a
87       great  deal  of work, our resources are extremely limited, and they can
88       be better spent elsewhere.  So please don't complain about this on  the
89       mailing list unless you're prepared to fund a project to implement this
90       feature, or prepared to do it yourself.
91

COMMAND LINE

93       The names of the network interfaces on which dhcpd  should  listen  for
94       broadcasts  may  be specified on the command line.  This should be done
95       on systems where dhcpd is unable to identify non-broadcast  interfaces,
96       but should not be required on other systems.  If no interface names are
97       specified on the command line dhcpd will identify  all  network  inter‐
98       faces  which  are up, eliminating non-broadcast interfaces if possible,
99       and listen for DHCP broadcasts on each interface.
100

COMMAND LINE OPTIONS

102       -4     Run as a DHCP server. This is the default and cannot be combined
103              with -6.
104
105       -6     Run as a DHCPv6 server. This cannot be combined with -4.
106
107       -p port
108              The  udp  port number on which dhcpd should listen.  If unspeci‐
109              fied dhcpd uses the default port of 67.  This is  mostly  useful
110              for debugging purposes.
111
112       -s address
113              Specify  an  address  or  host  name  to which dhcpd should send
114              replies rather than  the  broadcast  address  (255.255.255.255).
115              This option is only supported in IPv4.
116
117       -f     Force  dhcpd to run as a foreground process instead of as a dae‐
118              mon in the background.  This is useful when running dhcpd  under
119              a  debugger,  or when running it out of inittab on System V sys‐
120              tems.
121
122       -d     Send log messages to the standard error descriptor.  This can be
123              useful  for debugging, and also at sites where a complete log of
124              all dhcp activity must be kept but syslogd is  not  reliable  or
125              otherwise  cannot  be used.  Normally, dhcpd will log all output
126              using the syslog(3)  function  with  the  log  facility  set  to
127              LOG_DAEMON.   Note  that -d implies -f (the daemon will not fork
128              itself into the background).
129
130       -q     Be quiet at startup.  This suppresses the printing of the entire
131              copyright  message during startup.  This might be desirable when
132              starting dhcpd from a system startup script (e.g., /etc/rc).
133
134       -t     Test the configuration file.  The server tests the configuration
135              file  for  correct  syntax,  but will not attempt to perform any
136              network operations.  This can be used to test a  new  configura‐
137              tion file automatically before installing it.
138
139       -T     Test  the  lease file.  The server tests the lease file for cor‐
140              rect syntax, but will not attempt to perform any network  opera‐
141              tions.   This can be used to test a new leaes file automatically
142              before installing it.
143
144       -tf tracefile
145              Specify a file into which the entire startup state of the server
146              and  all  the transactions it processes are logged.  This can be
147              useful in submitting bug reports - if you  are  getting  a  core
148              dump  every  so  often,  you  can  start the server with the -tf
149              option and then, when the server dumps core, the trace file will
150              contain  all the transactions that led up to it dumping core, so
151              that the problem can be easily debugged with -play.
152
153       -play playfile
154              Specify a file from which the entire startup state of the server
155              and  all  the  transactions  it  processed  are read.  The -play
156              option must be specified with an alternate lease file, using the
157              -lf switch, so that the DHCP server doesn't wipe out your exist‐
158              ing lease file with its test data.  The DHCP server will  refuse
159              to  operate  in  playback  mode  unless you specify an alternate
160              lease file.
161
162       --version
163              Print version number and exit.
164
165       -user user
166              Setuid to user after completing privileged operations,  such  as
167              creating sockets that listen on privileged ports.
168
169       -group group
170              Setgid  to group after completing privileged operations, such as
171              creating sockets that listen on privileged ports.
172
173       -chroot dir
174              Chroot to directory after processing the command line arguments,
175              but before reading the configuration file.
176
177       Modifying  default file locations: The following options can be used to
178       modify the locations dhcpd uses for it's files.  Because of the  impor‐
179       tance  of using the same lease database at all times when running dhcpd
180       in production, these options should be  used  only  for  testing  lease
181       files or database files in a non-production environment.
182
183       -cf config-file
184              Path to alternate configuration file.
185
186       -lf lease-file
187              Path to alternate lease file.
188
189       -pf pid-file
190              Path to alternate pid file.
191
192       --no-pid
193              Option  to  disable  writing  pid files.  By default the program
194              will write a pid file.  If the  program  is  invoked  with  this
195              option it will not check for an existing server process.
196

CONFIGURATION

198       The  syntax  of  the  dhcpd.conf(5) file is discussed separately.  This
199       section should be used as an overview of the configuration process, and
200       the dhcpd.conf(5) documentation should be consulted for detailed refer‐
201       ence information.
202

Subnets

204       dhcpd needs to know the subnet numbers and netmasks of all subnets  for
205       which  it  will be providing service.  In addition, in order to dynami‐
206       cally allocate addresses, it must be assigned one  or  more  ranges  of
207       addresses on each subnet which it can in turn assign to client hosts as
208       they boot.  Thus, a very simple configuration  providing  DHCP  support
209       might look like this:
210
211            subnet 239.252.197.0 netmask 255.255.255.0 {
212              range 239.252.197.10 239.252.197.250;
213            }
214
215       Multiple address ranges may be specified like this:
216
217            subnet 239.252.197.0 netmask 255.255.255.0 {
218              range 239.252.197.10 239.252.197.107;
219              range 239.252.197.113 239.252.197.250;
220            }
221
222       If  a  subnet  will  only be provided with BOOTP service and no dynamic
223       address assignment, the range clause can be left out entirely, but  the
224       subnet statement must appear.
225

Lease Lengths

227       DHCP  leases  can  be  assigned  almost any length from zero seconds to
228       infinity.  What lease length makes sense for any given subnet,  or  for
229       any given installation, will vary depending on the kinds of hosts being
230       served.
231
232       For example, in an office environment where systems are added from time
233       to  time  and  removed  from  time  to time, but move relatively infre‐
234       quently, it might make sense to allow lease times of a month  or  more.
235       In  a final test environment on a manufacturing floor, it may make more
236       sense to assign a maximum lease length of 30 minutes - enough  time  to
237       go  through a simple test procedure on a network appliance before pack‐
238       aging it up for delivery.
239
240       It is possible to specify two lease lengths: the  default  length  that
241       will  be  assigned  if  a  client  doesn't ask for any particular lease
242       length, and a maximum lease length.  These are specified as clauses  to
243       the subnet command:
244
245            subnet 239.252.197.0 netmask 255.255.255.0 {
246              range 239.252.197.10 239.252.197.107;
247              default-lease-time 600;
248              max-lease-time 7200;
249            }
250
251       This  particular  subnet  declaration specifies a default lease time of
252       600 seconds (ten minutes), and a maximum lease  time  of  7200  seconds
253       (two hours).  Other common values would be 86400 (one day), 604800 (one
254       week) and 2592000 (30 days).
255
256       Each subnet need not have the same lease—in the case of an office envi‐
257       ronment and a manufacturing environment served by the same DHCP server,
258       it might make sense to have widely disparate  values  for  default  and
259       maximum lease times on each subnet.
260

BOOTP Support

262       Each  BOOTP  client must be explicitly declared in the dhcpd.conf file.
263       A very basic client declaration will specify the client network  inter‐
264       face's  hardware  address  and the IP address to assign to that client.
265       If the client needs to be able to load a boot  file  from  the  server,
266       that  file's name must be specified.  A simple bootp client declaration
267       might look like this:
268
269            host haagen {
270              hardware ethernet 08:00:2b:4c:59:23;
271              fixed-address 239.252.197.9;
272              filename "/tftpboot/haagen.boot";
273            }
274

Options

276       DHCP (and also  BOOTP  with  Vendor  Extensions)  provide  a  mechanism
277       whereby the server can provide the client with information about how to
278       configure its network interface (e.g., subnet mask), and also  how  the
279       client  can access various network services (e.g., DNS, IP routers, and
280       so on).
281
282       These options can be specified on a per-subnet basis,  and,  for  BOOTP
283       clients,  also on a per-client basis.  In the event that a BOOTP client
284       declaration specifies options that are also  specified  in  its  subnet
285       declaration,  the  options  specified  in  the  client declaration take
286       precedence.  A reasonably complete DHCP configuration might look  some‐
287       thing like this:
288
289            subnet 239.252.197.0 netmask 255.255.255.0 {
290              range 239.252.197.10 239.252.197.250;
291              default-lease-time 600 max-lease-time 7200;
292              option subnet-mask 255.255.255.0;
293              option broadcast-address 239.252.197.255;
294              option routers 239.252.197.1;
295              option domain-name-servers 239.252.197.2, 239.252.197.3;
296              option domain-name "isc.org";
297            }
298
299       A  bootp host on that subnet that needs to be in a different domain and
300       use a different name server might be declared as follows:
301
302            host haagen {
303              hardware ethernet 08:00:2b:4c:59:23;
304              fixed-address 239.252.197.9;
305              filename "/tftpboot/haagen.boot";
306              option domain-name-servers 192.5.5.1;
307              option domain-name "vix.com";
308            }
309
310       A more complete description of the dhcpd.conf file syntax  is  provided
311       in dhcpd.conf(5).
312

OMAPI

314       The  DHCP server provides the capability to modify some of its configu‐
315       ration while it is running, without stopping it, modifying its database
316       files,  and restarting it.  This capability is currently provided using
317       OMAPI - an API for manipulating remote objects.  OMAPI clients  connect
318       to  the  server  using  TCP/IP,  authenticate, and can then examine the
319       server's current status and make changes to it.
320
321       Rather than implementing the underlying OMAPI protocol  directly,  user
322       programs  should  use  the  dhcpctl  API or OMAPI itself.  Dhcpctl is a
323       wrapper that handles some of the housekeeping chores  that  OMAPI  does
324       not  do  automatically.  Dhcpctl and OMAPI are documented in dhcpctl(3)
325       and omapi(3).
326
327       OMAPI exports objects, which can then be examined  and  modified.   The
328       DHCP  server exports the following objects: lease, host, failover-state
329       and group.  Each object has a number  of  methods  that  are  provided:
330       lookup,  create,  and  destroy.  In addition, it is possible to look at
331       attributes that are stored on objects, and  in  some  cases  to  modify
332       those attributes.
333

THE LEASE OBJECT

335       Leases  can't currently be created or destroyed, but they can be looked
336       up to examine and modify their state.
337
338       Leases have the following attributes:
339
340       state integer lookup, examine
341            1 = free
342            2 = active
343            3 = expired
344            4 = released
345            5 = abandoned
346            6 = reset
347            7 = backup
348            8 = reserved
349            9 = bootp
350
351       ip-address data lookup, examine
352            The IP address of the lease.
353
354       dhcp-client-identifier data lookup, examine, update
355            The client identifier that the client used when  it  acquired  the
356            lease.   Not  all  clients send client identifiers, so this may be
357            empty.
358
359       client-hostname data examine, update
360            The value the client sent in the host-name option.
361
362       host handle examine
363            the host declaration associated with this lease, if any.
364
365       subnet handle examine
366            the subnet object associated with this lease (the subnet object is
367            not currently supported).
368
369       pool handle examine
370            the pool object associated with this lease (the pool object is not
371            currently supported).
372
373       billing-class handle examine
374            the handle to the class to which this lease is  currently  billed,
375            if any (the class object is not currently supported).
376
377       hardware-address data examine, update
378            the  hardware  address  (chaddr)  field sent by the client when it
379            acquired its lease.
380
381       hardware-type integer examine, update
382            the type of the network interface that the client reported when it
383            acquired its lease.
384
385       ends time examine
386            the time when the lease's current state ends, as understood by the
387            client.
388
389       tstp time examine
390            the time when the lease's current state ends, as understood by the
391            server.
392       tsfp time examine
393            the  adjusted  time when the lease's current state ends, as under‐
394            stood by the failover peer (if there is  no  failover  peer,  this
395            value  is  undefined).   Generally this value is only adjusted for
396            expired, released, or reset leases while the server  is  operating
397            in  partner-down state, and otherwise is simply the value supplied
398            by the peer.
399       atsfp time examine
400            the actual tsfp value sent from the peer.  This value is forgotten
401            when  a lease binding state change is made, to facilitate retrans‐
402            mission logic.
403
404       cltt time examine
405            The time of the last transaction with the client on this lease.
406

THE HOST OBJECT

408       Hosts can be created, destroyed, looked up, examined and modified.   If
409       a  host declaration is created or deleted using OMAPI, that information
410       will be recorded in the dhcpd.leases file.  It is permissible to delete
411       host declarations that are declared in the dhcpd.conf file.
412
413       Hosts have the following attributes:
414
415       name data lookup, examine, modify
416            the  name of the host declaration.  This name must be unique among
417            all host declarations.
418
419       group handle examine, modify
420            the named group associated with the host declaration, if there  is
421            one.
422
423       hardware-address data lookup, examine, modify
424            the  link-layer  address that will be used to match the client, if
425            any.  Only valid if hardware-type is also present.
426
427       hardware-type integer lookup, examine, modify
428            the type of the network interface that will be used to  match  the
429            client, if any.  Only valid if hardware-address is also present.
430
431       dhcp-client-identifier data lookup, examine, modify
432            the  dhcp-client-identifier  option that will be used to match the
433            client, if any.
434
435       ip-address data examine, modify
436            a fixed IP address which  is  reserved  for  a  DHCP  client  that
437            matches  this  host  declaration.   The  IP  address  will only be
438            assigned to the client if it is valid for the network  segment  to
439            which the client is connected.
440
441       statements data modify
442            a  list  of  statements  in the format of the dhcpd.conf file that
443            will be executed whenever a message from the client is being  pro‐
444            cessed.
445
446       known integer examine, modify
447            if nonzero, indicates that a client matching this host declaration
448            will be treated as known in  pool  permit  lists.   If  zero,  the
449            client will not be treated as known.
450

THE GROUP OBJECT

452       Named  groups  can be created, destroyed, looked up, examined and modi‐
453       fied.  If a group declaration is created or deleted using  OMAPI,  that
454       information will be recorded in the dhcpd.leases file.  It is permissi‐
455       ble to delete group declarations that are declared  in  the  dhcpd.conf
456       file.
457
458       Named  groups currently can only be associated with hosts - this allows
459       one set of statements to be efficiently attached to more than one  host
460       declaration.
461
462       Groups have the following attributes:
463
464       name data
465            the  name  of  the group.  All groups that are created using OMAPI
466            must have names, and the names must be unique among all groups.
467
468       statements data
469            a list of statements in the format of  the  dhcpd.conf  file  that
470            will  be executed whenever a message from a client whose host dec‐
471            laration references this group is processed.
472

THE CONTROL OBJECT

474       The control object allows you to shut the server down.  If  the  server
475       is  doing  failover  with another peer, it will make a clean transition
476       into the shutdown state and notify its peer, so that the  peer  can  go
477       into  partner  down,  and  then record the "recover" state in the lease
478       file so that when the server is restarted, it will automatically resyn‐
479       chronize with its peer.
480
481       On shutdown the server will also attempt to cleanly shut down all OMAPI
482       connections.  If these connections do not go down  cleanly  after  five
483       seconds,  they  are  shut down preemptively.  It can take as much as 25
484       seconds from the beginning of the shutdown process to the time that the
485       server actually exits.
486
487       To  shut  the  server  down,  open its control object and set the state
488       attribute to 2.
489

THE FAILOVER-STATE OBJECT

491       The failover-state object is the object that tracks the  state  of  the
492       failover  protocol  as  it  is being managed for a given failover peer.
493       The failover object has the following attributes (please see dhcpd.conf
494       [1m(5) for explanations about what these attributes mean):
495
496       name data examine
497            Indicates the name of the failover peer relationship, as described
498            in the server's dhcpd.conf file.
499
500       partner-address data examine
501            Indicates the failover partner's IP address.
502
503       local-address data examine
504            Indicates the IP address that is being used by the DHCP server for
505            this failover pair.
506
507       partner-port data examine
508            Indicates  the TCP port on which the failover partner is listening
509            for failover protocol connections.
510
511       local-port data examine
512            Indicates the TCP port on which the DHCP server is  listening  for
513            failover protocol connections for this failover pair.
514
515       max-outstanding-updates integer examine
516            Indicates  the number of updates that can be outstanding and unac‐
517            knowledged at any given time, in this failover relationship.
518
519       mclt integer examine
520            Indicates the maximum client lead time in this failover  relation‐
521            ship.
522
523       load-balance-max-secs integer examine
524            Indicates the maximum value for the secs field in a client request
525            before load balancing is bypassed.
526
527       load-balance-hba data examine
528            Indicates the load balancing hash bucket array for  this  failover
529            relationship.
530
531       local-state integer examine, modify
532            Indicates  the  present  state of the DHCP server in this failover
533            relationship.  Possible values for state are:
534
535                 1   - startup
536                 2   - normal
537                 3   - communications interrupted
538                 4   - partner down
539                 5   - potential conflict
540                 6   - recover
541                 7   - paused
542                 8   - shutdown
543                 9   - recover done
544                 10  - resolution interrupted
545                 11  - conflict done
546                 254 - recover wait
547
548            (Note that some of  the  above  values  have  changed  since  DHCP
549            3.0.x.)
550
551            In  general  it  is not a good idea to make changes to this state.
552            However, in the case that the failover  partner  is  known  to  be
553            down,  it can be useful to set the DHCP server's failover state to
554            partner down.  At this point the DHCP server will take  over  ser‐
555            vice  of  the  failover  partner's leases as soon as possible, and
556            will give out normal leases, not leases  that  are  restricted  by
557            MCLT.   If  you  do put the DHCP server into the partner-down when
558            the other DHCP server is not in the partner-down state, but is not
559            reachable,  IP  address  assignment  conflicts  are possible, even
560            likely.  Once a server has been put into  partner-down  mode,  its
561            failover  partner must not be brought back online until communica‐
562            tion is possible between the two servers.
563
564       partner-state integer examine
565            Indicates the present state of the failover partner.
566
567       local-stos integer examine
568            Indicates the time at which the DHCP server  entered  its  present
569            state in this failover relationship.
570
571       partner-stos integer examine
572            Indicates  the  time  at  which  the  failover partner entered its
573            present state.
574
575       hierarchy integer examine
576            Indicates whether the DHCP server is primary (0) or secondary  (1)
577            in this failover relationship.
578
579       last-packet-sent integer examine
580            Indicates  the  time  at which the most recent failover packet was
581            sent by this DHCP server to its failover partner.
582
583       last-timestamp-received integer examine
584            Indicates the timestamp that was  on  the  failover  message  most
585            recently received from the failover partner.
586
587       skew integer examine
588            Indicates  the  skew between the failover partner's clock and this
589            DHCP server's clock
590
591       max-response-delay integer examine
592            Indicates the time in  seconds  after  which,  if  no  message  is
593            received  from  the failover partner, the partner is assumed to be
594            out of communication.
595
596       cur-unacked-updates integer examine
597            Indicates the number of update messages that  have  been  received
598            from the failover partner but not yet processed.
599

FILES

601       /etc/dhcp/dhcpd.conf,  /var/lib/dhcpd/dhcpd.leases, /var/run/dhcpd.pid,
602       /var/lib/dhcpd/dhcpd.leases~.
603

AUTHOR

608       dhcpd(8) was originally written by Ted  Lemon  under  a  contract  with
609       Vixie  Labs.  Funding for this project was provided by Internet Systems
610       Consortium.  Version 3 of the DHCP server was funded by  Nominum,  Inc.
611       Information   about   Internet   Systems  Consortium  is  available  at
612       https://www.isc.org/.
613
614
615
616                                                                      dhcpd(8)