1dhcpd.conf(5) File Formats Manual dhcpd.conf(5)
2
6 dhcpd.conf - dhcpd configuration file
7
9 The dhcpd.conf file contains configuration information for dhcpd, the
10 Internet Systems Consortium DHCP Server.
11 The dhcpd.conf file is a free-form ASCII text file. It is parsed by
13 the recursive-descent parser built into dhcpd. The file may contain
14 extra tabs and newlines for formatting purposes. Keywords in the file
15 are case-insensitive. Comments may be placed anywhere within the file
16 (except within quotes). Comments begin with the # character and end
17 at the end of the line.
18 The file essentially consists of a list of statements. Statements
20 fall into two broad categories - parameters and declarations.
21 Parameter statements either say how to do something (e.g., how long a
23 lease to offer), whether to do something (e.g., should dhcpd provide
24 addresses to unknown clients), or what parameters to provide to the
25 client (e.g., use gateway 220.177.244.7).
26 Declarations are used to describe the topology of the network, to
28 describe clients on the network, to provide addresses that can be
29 assigned to clients, or to apply a group of parameters to a group of
30 declarations. In any group of parameters and declarations, all param‐
31 eters must be specified before any declarations which depend on those
32 parameters may be specified.
33 Declarations about network topology include the shared-network and the
35 subnet declarations. If clients on a subnet are to be assigned
36 addresses dynamically, a range declaration must appear within the sub‐
37 net declaration. For clients with statically assigned addresses, or
38 for installations where only known clients will be served, each such
39 client must have a host declaration. If parameters are to be applied
40 to a group of declarations which are not related strictly on a per-sub‐
41 net basis, the group declaration can be used.
42 For every subnet which will be served, and for every subnet to which
44 the dhcp server is connected, there must be one subnet declaration,
45 which tells dhcpd how to recognize that an address is on that subnet.
46 A subnet declaration is required for each subnet even if no addresses
47 will be dynamically allocated on that subnet.
48 Some installations have physical networks on which more than one IP
50 subnet operates. For example, if there is a site-wide requirement
51 that 8-bit subnet masks be used, but a department with a single physi‐
52 cal ethernet network expands to the point where it has more than 254
53 nodes, it may be necessary to run two 8-bit subnets on the same ether‐
54 net until such time as a new physical network can be added. In this
55 case, the subnet declarations for these two networks must be enclosed
56 in a shared-network declaration.
57 Note that even when the shared-network declaration is absent, an empty
59 one is created by the server to contain the subnet (and any scoped
60 parameters included in the subnet). For practical purposes, this means
61 that "stateless" DHCP clients, which are not tied to addresses (and
62 therefore subnets) will receive the same configuration as stateful
63 ones.
64 Some sites may have departments which have clients on more than one
66 subnet, but it may be desirable to offer those clients a uniform set of
67 parameters which are different than what would be offered to clients
68 from other departments on the same subnet. For clients which will be
69 declared explicitly with host declarations, these declarations can be
70 enclosed in a group declaration along with the parameters which are
71 common to that department. For clients whose addresses will be dynam‐
72 ically assigned, class declarations and conditional declarations may be
73 used to group parameter assignments based on information the client
74 sends.
75 When a client is to be booted, its boot parameters are determined by
77 consulting that client's host declaration (if any), and then consulting
78 any class declarations matching the client, followed by the pool, sub‐
79 net and shared-network declarations for the IP address assigned to the
80 client. Each of these declarations itself appears within a lexical
81 scope, and all declarations at less specific lexical scopes are also
82 consulted for client option declarations. Scopes are never considered
83 twice, and if parameters are declared in more than one scope, the
84 parameter declared in the most specific scope is the one that is used.
85 When dhcpd tries to find a host declaration for a client, it first
87 looks for a host declaration which has a fixed-address declaration that
88 lists an IP address that is valid for the subnet or shared network on
89 which the client is booting. If it doesn't find any such entry, it
90 tries to find an entry which has no fixed-address declaration.
91
93 A typical dhcpd.conf file will look something like this:
94 global parameters...
96 subnet 204.254.239.0 netmask 255.255.255.224 {
98 subnet-specific parameters...
99 range 204.254.239.10 204.254.239.30;
100 }
101 subnet 204.254.239.32 netmask 255.255.255.224 {
103 subnet-specific parameters...
104 range 204.254.239.42 204.254.239.62;
105 }
106 subnet 204.254.239.64 netmask 255.255.255.224 {
108 subnet-specific parameters...
109 range 204.254.239.74 204.254.239.94;
110 }
111 group {
113 group-specific parameters...
114 host zappo.test.isc.org {
115 host-specific parameters...
116 }
117 host beppo.test.isc.org {
118 host-specific parameters...
119 }
120 host harpo.test.isc.org {
121 host-specific parameters...
122 }
123 }
124 Figure 1
126 Notice that at the beginning of the file, there's a place for global
129 parameters. These might be things like the organization's domain
130 name, the addresses of the name servers (if they are common to the
131 entire organization), and so on. So, for example:
132 option domain-name "isc.org";
134 option domain-name-servers ns1.isc.org, ns2.isc.org;
135 Figure 2
137 As you can see in Figure 2, you can specify host addresses in parame‐
139 ters using their domain names rather than their numeric IP addresses.
140 If a given hostname resolves to more than one IP address (for example,
141 if that host has two ethernet interfaces), then where possible, both
142 addresses are supplied to the client.
143 The most obvious reason for having subnet-specific parameters as shown
145 in Figure 1 is that each subnet, of necessity, has its own router. So
146 for the first subnet, for example, there should be something like:
147 option routers 204.254.239.1;
149 Note that the address here is specified numerically. This is not
151 required - if you have a different domain name for each interface on
152 your router, it's perfectly legitimate to use the domain name for that
153 interface instead of the numeric address. However, in many cases
154 there may be only one domain name for all of a router's IP addresses,
155 and it would not be appropriate to use that name here.
156 In Figure 1 there is also a group statement, which provides common
158 parameters for a set of three hosts - zappo, beppo and harpo. As you
159 can see, these hosts are all in the test.isc.org domain, so it might
160 make sense for a group-specific parameter to override the domain name
161 supplied to these hosts:
162 option domain-name "test.isc.org";
164 Also, given the domain they're in, these are probably test machines.
166 If we wanted to test the DHCP leasing mechanism, we might set the lease
167 timeout somewhat shorter than the default:
168 max-lease-time 120;
170 default-lease-time 120;
171 You may have noticed that while some parameters start with the option
173 keyword, some do not. Parameters starting with the option keyword
174 correspond to actual DHCP options, while parameters that do not start
175 with the option keyword either control the behavior of the DHCP server
176 (e.g., how long a lease dhcpd will give out), or specify client parame‐
177 ters that are not optional in the DHCP protocol (for example, server-
178 name and filename).
179 In Figure 1, each host had host-specific parameters. These could
181 include such things as the hostname option, the name of a file to
182 upload (the filename parameter) and the address of the server from
183 which to upload the file (the next-server parameter). In general, any
184 parameter can appear anywhere that parameters are allowed, and will be
185 applied according to the scope in which the parameter appears.
186 Imagine that you have a site with a lot of NCD X-Terminals. These
188 terminals come in a variety of models, and you want to specify the boot
189 files for each model. One way to do this would be to have host decla‐
190 rations for each server and group them by model:
191 group {
193 filename "Xncd19r";
194 next-server ncd-booter;
195 host ncd1 { hardware ethernet 0:c0:c3:49:2b:57; }
197 host ncd4 { hardware ethernet 0:c0:c3:80:fc:32; }
198 host ncd8 { hardware ethernet 0:c0:c3:22:46:81; }
199 }
200 group {
202 filename "Xncd19c";
203 next-server ncd-booter;
204 host ncd2 { hardware ethernet 0:c0:c3:88:2d:81; }
206 host ncd3 { hardware ethernet 0:c0:c3:00:14:11; }
207 }
208 group {
210 filename "XncdHMX";
211 next-server ncd-booter;
212 host ncd1 { hardware ethernet 0:c0:c3:11:90:23; }
214 host ncd4 { hardware ethernet 0:c0:c3:91:a7:8; }
215 host ncd8 { hardware ethernet 0:c0:c3:cc:a:8f; }
216 }
217
219 The pool declaration can be used to specify a pool of addresses that
220 will be treated differently than another pool of addresses, even on the
221 same network segment or subnet. For example, you may want to provide
222 a large set of addresses that can be assigned to DHCP clients that are
223 registered to your DHCP server, while providing a smaller set of
224 addresses, possibly with short lease times, that are available for
225 unknown clients. If you have a firewall, you may be able to arrange
226 for addresses from one pool to be allowed access to the Internet, while
227 addresses in another pool are not, thus encouraging users to register
228 their DHCP clients. To do this, you would set up a pair of pool dec‐
229 larations:
230 subnet 10.0.0.0 netmask 255.255.255.0 {
232 option routers 10.0.0.254;
233 # Unknown clients get this pool.
235 pool {
236 option domain-name-servers bogus.example.com;
237 max-lease-time 300;
238 range 10.0.0.200 10.0.0.253;
239 allow unknown-clients;
240 }
241 # Known clients get this pool.
243 pool {
244 option domain-name-servers ns1.example.com, ns2.example.com;
245 max-lease-time 28800;
246 range 10.0.0.5 10.0.0.199;
247 deny unknown-clients;
248 }
249 }
250 It is also possible to set up entirely different subnets for known and
252 unknown clients - address pools exist at the level of shared networks,
253 so address ranges within pool declarations can be on different subnets.
254 As you can see in the preceding example, pools can have permit lists
256 that control which clients are allowed access to the pool and which
257 aren't. Each entry in a pool's permit list is introduced with the
258 allow or deny keyword. If a pool has a permit list, then only those
259 clients that match specific entries on the permit list will be eligible
260 to be assigned addresses from the pool. If a pool has a deny list,
261 then only those clients that do not match any entries on the deny list
262 will be eligible. If both permit and deny lists exist for a pool,
263 then only clients that match the permit list and do not match the deny
264 list will be allowed access.
265
267 Address allocation is actually only done when a client is in the INIT
268 state and has sent a DHCPDISCOVER message. If the client thinks it has
269 a valid lease and sends a DHCPREQUEST to initiate or renew that lease,
270 the server has only three choices - it can ignore the DHCPREQUEST, send
271 a DHCPNAK to tell the client it should stop using the address, or send
272 a DHCPACK, telling the client to go ahead and use the address for a
273 while.
274 If the server finds the address the client is requesting, and that
276 address is available to the client, the server will send a DHCPACK. If
277 the address is no longer available, or the client isn't permitted to
278 have it, the server will send a DHCPNAK. If the server knows nothing
279 about the address, it will remain silent, unless the address is incor‐
280 rect for the network segment to which the client has been attached and
281 the server is authoritative for that network segment, in which case the
282 server will send a DHCPNAK even though it doesn't know about the
283 address.
284 There may be a host declaration matching the client's identification.
286 If that host declaration contains a fixed-address declaration that
287 lists an IP address that is valid for the network segment to which the
288 client is connected. In this case, the DHCP server will never do
289 dynamic address allocation. In this case, the client is required to
290 take the address specified in the host declaration. If the client
291 sends a DHCPREQUEST for some other address, the server will respond
292 with a DHCPNAK.
293 When the DHCP server allocates a new address for a client (remember,
295 this only happens if the client has sent a DHCPDISCOVER), it first
296 looks to see if the client already has a valid lease on an IP address,
297 or if there is an old IP address the client had before that hasn't yet
298 been reassigned. In that case, the server will take that address and
299 check it to see if the client is still permitted to use it. If the
300 client is no longer permitted to use it, the lease is freed if the
301 server thought it was still in use - the fact that the client has sent
302 a DHCPDISCOVER proves to the server that the client is no longer using
303 the lease.
304 If no existing lease is found, or if the client is forbidden to receive
306 the existing lease, then the server will look in the list of address
307 pools for the network segment to which the client is attached for a
308 lease that is not in use and that the client is permitted to have. It
309 looks through each pool declaration in sequence (all range declarations
310 that appear outside of pool declarations are grouped into a single pool
311 with no permit list). If the permit list for the pool allows the
312 client to be allocated an address from that pool, the pool is examined
313 to see if there is an address available. If so, then the client is
314 tentatively assigned that address. Otherwise, the next pool is
315 tested. If no addresses are found that can be assigned to the client,
316 no response is sent to the client.
317 If an address is found that the client is permitted to have, and that
319 has never been assigned to any client before, the address is immedi‐
320 ately allocated to the client. If the address is available for allo‐
321 cation but has been previously assigned to a different client, the
322 server will keep looking in hopes of finding an address that has never
323 before been assigned to a client.
324 The DHCP server generates the list of available IP addresses from a
326 hash table. This means that the addresses are not sorted in any par‐
327 ticular order, and so it is not possible to predict the order in which
328 the DHCP server will allocate IP addresses. Users of previous ver‐
329 sions of the ISC DHCP server may have become accustomed to the DHCP
330 server allocating IP addresses in ascending order, but this is no
331 longer possible, and there is no way to configure this behavior with
332 version 3 of the ISC DHCP server.
333
335 The DHCP server checks IP addresses to see if they are in use before
336 allocating them to clients. It does this by sending an ICMP Echo
337 request message to the IP address being allocated. If no ICMP Echo
338 reply is received within a second, the address is assumed to be free.
339 This is only done for leases that have been specified in range state‐
340 ments, and only when the lease is thought by the DHCP server to be free
341 - i.e., the DHCP server or its failover peer has not listed the lease
342 as in use.
343 If a response is received to an ICMP Echo request, the DHCP server
345 assumes that there is a configuration error - the IP address is in use
346 by some host on the network that is not a DHCP client. It marks the
347 address as abandoned, and will not assign it to clients.
348 If a DHCP client tries to get an IP address, but none are available,
350 but there are abandoned IP addresses, then the DHCP server will attempt
351 to reclaim an abandoned IP address. It marks one IP address as free,
352 and then does the same ICMP Echo request check described previously.
353 If there is no answer to the ICMP Echo request, the address is assigned
354 to the client.
355 The DHCP server does not cycle through abandoned IP addresses if the
357 first IP address it tries to reclaim is free. Rather, when the next
358 DHCPDISCOVER comes in from the client, it will attempt a new allocation
359 using the same method described here, and will typically try a new IP
360 address.
361
363 This version of the ISC DHCP server supports the DHCP failover protocol
364 as documented in draft-ietf-dhc-failover-12.txt. This is not a final
365 protocol document, and we have not done interoperability testing with
366 other vendors' implementations of this protocol, so you must not assume
367 that this implementation conforms to the standard. If you wish to use
368 the failover protocol, make sure that both failover peers are running
369 the same version of the ISC DHCP server.
370 The failover protocol allows two DHCP servers (and no more than two) to
372 share a common address pool. Each server will have about half of the
373 available IP addresses in the pool at any given time for allocation.
374 If one server fails, the other server will continue to renew leases out
375 of the pool, and will allocate new addresses out of the roughly half of
376 available addresses that it had when communications with the other
377 server were lost.
378 It is possible during a prolonged failure to tell the remaining server
380 that the other server is down, in which case the remaining server will
381 (over time) reclaim all the addresses the other server had available
382 for allocation, and begin to reuse them. This is called putting the
383 server into the PARTNER-DOWN state.
384 You can put the server into the PARTNER-DOWN state either by using the
386 omshell (1) command or by stopping the server, editing the last
387 failover state declaration in the lease file, and restarting the
388 server. If you use this last method, change the "my state" line to:
389 failover peer name state {
391 my state partner-down;
392 peer state state at date;
393 }
394 It is only required to change "my state" as shown above.
396 When the other server comes back online, it should automatically detect
398 that it has been offline and request a complete update from the server
399 that was running in the PARTNER-DOWN state, and then both servers will
400 resume processing together.
401 It is possible to get into a dangerous situation: if you put one server
403 into the PARTNER-DOWN state, and then *that* server goes down, and the
404 other server comes back up, the other server will not know that the
405 first server was in the PARTNER-DOWN state, and may issue addresses
406 previously issued by the other server to different clients, resulting
407 in IP address conflicts. Before putting a server into PARTNER-DOWN
408 state, therefore, make sure that the other server will not restart
409 automatically.
410 The failover protocol defines a primary server role and a secondary
412 server role. There are some differences in how primaries and secon‐
413 daries act, but most of the differences simply have to do with provid‐
414 ing a way for each peer to behave in the opposite way from the other.
415 So one server must be configured as primary, and the other must be con‐
416 figured as secondary, and it doesn't matter too much which one is
417 which.
418
420 When a server starts that has not previously communicated with its
421 failover peer, it must establish communications with its failover peer
422 and synchronize with it before it can serve clients. This can happen
423 either because you have just configured your DHCP servers to perform
424 failover for the first time, or because one of your failover servers
425 has failed catastrophically and lost its database.
426 The initial recovery process is designed to ensure that when one
428 failover peer loses its database and then resynchronizes, any leases
429 that the failed server gave out before it failed will be honored. When
430 the failed server starts up, it notices that it has no saved failover
431 state, and attempts to contact its peer.
432 When it has established contact, it asks the peer for a complete copy
434 its peer's lease database. The peer then sends its complete database,
435 and sends a message indicating that it is done. The failed server then
436 waits until MCLT has passed, and once MCLT has passed both servers make
437 the transition back into normal operation. This waiting period ensures
438 that any leases the failed server may have given out while out of con‐
439 tact with its partner will have expired.
440 While the failed server is recovering, its partner remains in the part‐
442 ner-down state, which means that it is serving all clients. The failed
443 server provides no service at all to DHCP clients until it has made the
444 transition into normal operation.
445 In the case where both servers detect that they have never before com‐
447 municated with their partner, they both come up in this recovery state
448 and follow the procedure we have just described. In this case, no
449 service will be provided to DHCP clients until MCLT has expired.
450
452 In order to configure failover, you need to write a peer declaration
453 that configures the failover protocol, and you need to write peer ref‐
454 erences in each pool declaration for which you want to do failover.
455 You do not have to do failover for all pools on a given network seg‐
456 ment. You must not tell one server it's doing failover on a particu‐
457 lar address pool and tell the other it is not. You must not have any
458 common address pools on which you are not doing failover. A pool dec‐
459 laration that utilizes failover would look like this:
460 pool {
462 failover peer "foo";
463 pool specific parameters
464 };
465 Dynamic BOOTP leases are not compatible with failover, and, as such,
467 you need to disallow BOOTP in pools that you are using failover for.
468 The server currently does very little sanity checking, so if you
470 configure it wrong, it will just fail in odd ways. I would recommend
471 therefore that you either do failover or don't do failover, but don't
472 do any mixed pools. Also, use the same master configuration file for
473 both servers, and have a separate file that contains the peer
474 declaration and includes the master file. This will help you to avoid
475 configuration mismatches. As our implementation evolves, this will
476 become less of a problem. A basic sample dhcpd.conf file for a
477 primary server might look like this:
478 failover peer "foo" {
480 primary;
481 address anthrax.rc.vix.com;
482 port 647;
483 peer address trantor.rc.vix.com;
484 peer port 847;
485 max-response-delay 60;
486 max-unacked-updates 10;
487 mclt 3600;
488 split 128;
489 load balance max seconds 3;
490 }
491 include "/etc/dhcpd.master";
493 The statements in the peer declaration are as follows:
495 The primary and secondary statements
497 [ primary | secondary ];
499 This determines whether the server is primary or secondary, as
501 described earlier under DHCP FAILOVER.
502 The address statement
504 address address;
506 The address statement declares the IP address or DNS name on which
508 the server should listen for connections from its failover peer, and
509 also the value to use for the DHCP Failover Protocol server identi‐
510 fier. Because this value is used as an identifier, it may not be
511 omitted.
512 The peer address statement
514 peer address address;
516 The peer address statement declares the IP address or DNS name to
518 which the server should connect to reach its failover peer for
519 failover messages.
520 The port statement
522 port port-number;
524 The port statement declares the TCP port on which the server should
526 listen for connections from its failover peer. This statement may be
527 omitted, in which case the IANA assigned port number 647 will be used
528 by default.
529 The peer port statement
531 peer port port-number;
533 The peer port statement declares the TCP port to which the server
535 should connect to reach its failover peer for failover messages.
536 This statement may be omitted, in which case the IANA assigned port
537 number 647 will be used by default.
538 The max-response-delay statement
540 max-response-delay seconds;
542 The max-response-delay statement tells the DHCP server how many sec‐
544 onds may pass without receiving a message from its failover peer
545 before it assumes that connection has failed. This number should be
546 small enough that a transient network failure that breaks the connec‐
547 tion will not result in the servers being out of communication for a
548 long time, but large enough that the server isn't constantly making
549 and breaking connections. This parameter must be specified.
550 The max-unacked-updates statement
552 max-unacked-updates count;
554 The max-unacked-updates statement tells the remote DHCP server how
556 many BNDUPD messages it can send before it receives a BNDACK from the
557 local system. We don't have enough operational experience to say
558 what a good value for this is, but 10 seems to work. This parameter
559 must be specified.
560 The mclt statement
562 mclt seconds;
564 The mclt statement defines the Maximum Client Lead Time. It must be
566 specified on the primary, and may not be specified on the secondary.
567 This is the length of time for which a lease may be renewed by either
568 failover peer without contacting the other. The longer you set
569 this, the longer it will take for the running server to recover IP
570 addresses after moving into PARTNER-DOWN state. The shorter you set
571 it, the more load your servers will experience when they are not com‐
572 municating. A value of something like 3600 is probably reasonable,
573 but again bear in mind that we have no real operational experience
574 with this.
575 The split statement
577 split index;
579 The split statement specifies the split between the primary and sec‐
581 ondary for the purposes of load balancing. Whenever a client makes
582 a DHCP request, the DHCP server runs a hash on the client identifica‐
583 tion, resulting in value from 0 to 255. This is used as an index
584 into a 256 bit field. If the bit at that index is set, the primary
585 is responsible. If the bit at that index is not set, the secondary
586 is responsible. The split value determines how many of the leading
587 bits are set to one. So, in practice, higher split values will cause
588 the primary to serve more clients than the secondary. Lower split
589 values, the converse. Legal values are between 0 and 255, of which
590 the most reasonable is 128.
591 The hba statement
593 hba colon-separated-hex-list;
595 The hba statement specifies the split between the primary and sec‐
597 ondary as a bitmap rather than a cutoff, which theoretically allows
598 for finer-grained control. In practice, there is probably no need
599 for such fine-grained control, however. An example hba statement:
600 hba ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
602 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00;
603 This is equivalent to a split 128; statement, and identical. The
605 following two examples are also equivalent to a split of 128, but are
606 not identical:
607 hba aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:
609 aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa;
610 hba 55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:
612 55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55;
613 They are equivalent, because half the bits are set to 0, half are set
615 to 1 (0xa and 0x5 are 1010 and 0101 binary respectively) and conse‐
616 quently this would roughly divide the clients equally between the
617 servers. They are not identical, because the actual peers this would
618 load balance to each server are different for each example.
619 You must only have split or hba defined, never both. For most cases,
621 the fine-grained control that hba offers isn't necessary, and split
622 should be used.
623 The load balance max seconds statement
625 load balance max seconds seconds;
627 This statement allows you to configure a cutoff after which load bal‐
629 ancing is disabled. The cutoff is based on the number of seconds
630 since the client sent its first DHCPDISCOVER or DHCPREQUEST message,
631 and only works with clients that correctly implement the secs field -
632 fortunately most clients do. We recommend setting this to something
633 like 3 or 5. The effect of this is that if one of the failover peers
634 gets into a state where it is responding to failover messages but not
635 responding to some client requests, the other failover peer will take
636 over its client load automatically as the clients retry.
637 The auto-partner-down statement
639 auto-partner-down seconds;
641 This statement instructs the server to initiate a timed delay upon
643 entering the communications-interrupted state (any situation of being
644 out-of-contact with the remote failover peer). At the conclusion of
645 the timer, the server will automatically enter the partner-down
646 state. This permits the server to allocate leases from the partner's
647 free lease pool after an STOS+MCLT timer expires, which can be dan‐
648 gerous if the partner is in fact operating at the time (the two
649 servers will give conflicting bindings).
650 Think very carefully before enabling this feature. The partner-down
652 and communications-interrupted states are intentionally segregated
653 because there do exist situations where a failover server can fail to
654 communicate with its peer, but still has the ability to receive and
655 reply to requests from DHCP clients. In general, this feature should
656 only be used in those deployments where the failover servers are
657 directly connected to one another, such as by a dedicated hardwired
658 link ("a heartbeat cable").
659 A zero value disables the auto-partner-down feature (also the
661 default), and any positive value indicates the time in seconds to
662 wait before automatically entering partner-down.
663 The Failover pool balance statements.
665 max-lease-misbalance percentage;
667 max-lease-ownership percentage;
668 min-balance seconds;
669 max-balance seconds;
670 This version of the DHCP Server evaluates pool balance on a schedule,
672 rather than on demand as leases are allocated. The latter approach
673 proved to be slightly klunky when pool misbalanced reach total satu‐
674 ration...when any server ran out of leases to assign, it also lost
675 its ability to notice it had run dry.
676 In order to understand pool balance, some elements of its operation
678 first need to be defined. First, there are ´free´ and ´backup´
679 leases. Both of these are referred to as ´free state leases´.
680 ´free´ and ´backup´ are ´the free states´ for the purpose of this
681 document. The difference is that only the primary may allocate from
682 ´free´ leases unless under special circumstances, and only the sec‐
683 ondary may allocate ´backup´ leases.
684 When pool balance is performed, the only plausible expectation is to
686 provide a 50/50 split of the free state leases between the two
687 servers. This is because no one can predict which server will fail,
688 regardless of the relative load placed upon the two servers, so giv‐
689 ing each server half the leases gives both servers the same amount of
690 ´failure endurance´. Therefore, there is no way to configure any
691 different behaviour, outside of some very small windows we will
692 describe shortly.
693 The first thing calculated on any pool balance run is a value
695 referred to as ´lts´, or "Leases To Send". This, simply, is the dif‐
696 ference in the count of free and backup leases, divided by two. For
697 the secondary, it is the difference in the backup and free leases,
698 divided by two. The resulting value is signed: if it is positive,
699 the local server is expected to hand out leases to retain a 50/50
700 balance. If it is negative, the remote server would need to send
701 leases to balance the pool. Once the lts value reaches zero, the
702 pool is perfectly balanced (give or take one lease in the case of an
703 odd number of total free state leases).
704 The current approach is still something of a hybrid of the old
706 approach, marked by the presence of the max-lease-misbalance state‐
707 ment. This parameter configures what used to be a 10% fixed value in
708 previous versions: if lts is less than free+backup * max-lease-mis‐
709 balance percent, then the server will skip balancing a given pool (it
710 won't bother moving any leases, even if some leases "should" be
711 moved). The meaning of this value is also somewhat overloaded, how‐
712 ever, in that it also governs the estimation of when to attempt to
713 balance the pool (which may then also be skipped over). The oldest
714 leases in the free and backup states are examined. The time they
715 have resided in their respective queues is used as an estimate to
716 indicate how much time it is probable it would take before the leases
717 at the top of the list would be consumed (and thus, how long it would
718 take to use all leases in that state). This percentage is directly
719 multiplied by this time, and fit into the schedule if it falls within
720 the min-balance and max-balance configured values. The scheduled
721 pool check time is only moved in a downwards direction, it is never
722 increased. Lastly, if the lts is more than double this number in the
723 negative direction, the local server will ´panic´ and transmit a
724 Failover protocol POOLREQ message, in the hopes that the remote sys‐
725 tem will be woken up into action.
726 Once the lts value exceeds the max-lease-misbalance percentage of
728 total free state leases as described above, leases are moved to the
729 remote server. This is done in two passes.
730 In the first pass, only leases whose most recent bound client would
732 have been served by the remote server - according to the Load Balance
733 Algorithm (see above split and hba configuration statements) - are
734 given away to the peer. This first pass will happily continue to
735 give away leases, decrementing the lts value by one for each, until
736 the lts value has reached the negative of the total number of leases
737 multiplied by the max-lease-ownership percentage. So it is through
738 this value that you can permit a small misbalance of the lease pools
739 - for the purpose of giving the peer more than a 50/50 share of
740 leases in the hopes that their clients might some day return and be
741 allocated by the peer (operating normally). This process is referred
742 to as ´MAC Address Affinity´, but this is somewhat misnamed: it
743 applies equally to DHCP Client Identifier options. Note also that
744 affinity is applied to leases when they enter the state ´free´ from
745 ´expired´ or ´released´. In this case also, leases will not be moved
746 from free to backup if the secondary already has more than its share.
747 The second pass is only entered into if the first pass fails to
749 reduce the lts underneath the total number of free state leases mul‐
750 tiplied by the max-lease-ownership percentage. In this pass, the
751 oldest leases are given over to the peer without second thought about
752 the Load Balance Algorithm, and this continues until the lts falls
753 under this value. In this way, the local server will also happily
754 keep a small percentage of the leases that would normally load bal‐
755 ance to itself.
756 So, the max-lease-misbalance value acts as a behavioural gate.
758 Smaller values will cause more leases to transition states to balance
759 the pools over time, higher values will decrease the amount of change
760 (but may lead to pool starvation if there's a run on leases).
761 The max-lease-ownership value permits a small (percentage) skew in
763 the lease balance of a percentage of the total number of free state
764 leases.
765 Finally, the min-balance and max-balance make certain that a sched‐
767 uled rebalance event happens within a reasonable timeframe (not to be
768 thrown off by, for example, a 7 year old free lease).
769 Plausible values for the percentages lie between 0 and 100, inclu‐
771 sive, but values over 50 are indistinguishable from one another (once
772 lts exceeds 50% of the free state leases, one server must therefore
773 have 100% of the leases in its respective free state). It is recom‐
774 mended to select a max-lease-ownership value that is lower than the
775 value selected for the max-lease-misbalance value. max-lease-owner‐
776 ship defaults to 10, and max-lease-misbalance defaults to 15.
777 Plausible values for the min-balance and max-balance times also range
779 from 0 to (2^32)-1 (or the limit of your local time_t value), but
780 default to values 60 and 3600 respectively (to place balance events
781 between 1 minute and 1 hour).
782
784 Clients can be separated into classes, and treated differently depend‐
785 ing on what class they are in. This separation can be done either
786 with a conditional statement, or with a match statement within the
787 class declaration. It is possible to specify a limit on the total
788 number of clients within a particular class or subclass that may hold
789 leases at one time, and it is possible to specify automatic subclassing
790 based on the contents of the client packet.
791 To add clients to classes based on conditional evaluation, you can
793 specify a matching expression in the class statement:
794 class "ras-clients" {
796 match if substring (option dhcp-client-identifier, 1, 3) = "RAS";
797 }
798 Note that whether you use matching expressions or add statements (or
800 both) to classify clients, you must always write a class declaration
801 for any class that you use. If there will be no match statement and
802 no in-scope statements for a class, the declaration should look like
803 this:
804 class "ras-clients" {
806 }
807
809 In addition to classes, it is possible to declare subclasses. A sub‐
810 class is a class with the same name as a regular class, but with a spe‐
811 cific submatch expression which is hashed for quick matching. This is
812 essentially a speed hack - the main difference between five classes
813 with match expressions and one class with five subclasses is that it
814 will be quicker to find the subclasses. Subclasses work as follows:
815 class "allocation-class-1" {
817 match pick-first-value (option dhcp-client-identifier, hardware);
818 }
819 class "allocation-class-2" {
821 match pick-first-value (option dhcp-client-identifier, hardware);
822 }
823 subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
825 subclass "allocation-class-2" 1:8:0:2b:a9:cc:e3;
826 subclass "allocation-class-1" 1:0:0:c4:aa:29:44;
827 subnet 10.0.0.0 netmask 255.255.255.0 {
829 pool {
830 allow members of "allocation-class-1";
831 range 10.0.0.11 10.0.0.50;
832 }
833 pool {
834 allow members of "allocation-class-2";
835 range 10.0.0.51 10.0.0.100;
836 }
837 }
838 The data following the class name in the subclass declaration is a con‐
840 stant value to use in matching the match expression for the class.
841 When class matching is done, the server will evaluate the match expres‐
842 sion and then look the result up in the hash table. If it finds a
843 match, the client is considered a member of both the class and the sub‐
844 class.
845 Subclasses can be declared with or without scope. In the above exam‐
847 ple, the sole purpose of the subclass is to allow some clients access
848 to one address pool, while other clients are given access to the other
849 pool, so these subclasses are declared without scopes. If part of the
850 purpose of the subclass were to define different parameter values for
851 some clients, you might want to declare some subclasses with scopes.
852 In the above example, if you had a single client that needed some con‐
854 figuration parameters, while most didn't, you might write the following
855 subclass declaration for that client:
856 subclass "allocation-class-2" 1:08:00:2b:a1:11:31 {
858 option root-path "samsara:/var/diskless/alphapc";
859 filename "/tftpboot/netbsd.alphapc-diskless";
860 }
861 In this example, we've used subclassing as a way to control address
863 allocation on a per-client basis. However, it's also possible to use
864 subclassing in ways that are not specific to clients - for example, to
865 use the value of the vendor-class-identifier option to determine what
866 values to send in the vendor-encapsulated-options option. An example
867 of this is shown under the VENDOR ENCAPSULATED OPTIONS head in the
868 dhcp-options(5) manual page.
869
871 You may specify a limit to the number of clients in a class that can be
872 assigned leases. The effect of this will be to make it difficult for
873 a new client in a class to get an address. Once a class with such a
874 limit has reached its limit, the only way a new client in that class
875 can get a lease is for an existing client to relinquish its lease,
876 either by letting it expire, or by sending a DHCPRELEASE packet.
877 Classes with lease limits are specified as follows:
878 class "limited-1" {
880 lease limit 4;
881 }
882 This will produce a class in which a maximum of four members may hold a
884 lease at one time.
885
887 It is possible to declare a spawning class. A spawning class is a
888 class that automatically produces subclasses based on what the client
889 sends. The reason that spawning classes were created was to make it
890 possible to create lease-limited classes on the fly. The envisioned
891 application is a cable-modem environment where the ISP wishes to pro‐
892 vide clients at a particular site with more than one IP address, but
893 does not wish to provide such clients with their own subnet, nor give
894 them an unlimited number of IP addresses from the network segment to
895 which they are connected.
896 Many cable modem head-end systems can be configured to add a Relay
898 Agent Information option to DHCP packets when relaying them to the DHCP
899 server. These systems typically add a circuit ID or remote ID option
900 that uniquely identifies the customer site. To take advantage of
901 this, you can write a class declaration as follows:
902 class "customer" {
904 spawn with option agent.circuit-id;
905 lease limit 4;
906 }
907 Now whenever a request comes in from a customer site, the circuit ID
909 option will be checked against the class's hash table. If a subclass
910 is found that matches the circuit ID, the client will be classified in
911 that subclass and treated accordingly. If no subclass is found match‐
912 ing the circuit ID, a new one will be created and logged in the
913 dhcpd.leases file, and the client will be classified in this new class.
914 Once the client has been classified, it will be treated according to
915 the rules of the class, including, in this case, being subject to the
916 per-site limit of four leases.
917 The use of the subclass spawning mechanism is not restricted to relay
919 agent options - this particular example is given only because it is a
920 fairly straightforward one.
921
923 In some cases, it may be useful to use one expression to assign a
924 client to a particular class, and a second expression to put it into a
925 subclass of that class. This can be done by combining the match if
926 and spawn with statements, or the match if and match statements. For
927 example:
928 class "jr-cable-modems" {
930 match if option dhcp-vendor-identifier = "jrcm";
931 spawn with option agent.circuit-id;
932 lease limit 4;
933 }
934 class "dv-dsl-modems" {
936 match if option dhcp-vendor-identifier = "dvdsl";
937 spawn with option agent.circuit-id;
938 lease limit 16;
939 }
940 This allows you to have two classes that both have the same spawn with
942 expression without getting the clients in the two classes confused with
943 each other.
944
946 The DHCP server has the ability to dynamically update the Domain Name
947 System. Within the configuration files, you can define how you want
948 the Domain Name System to be updated. These updates are RFC 2136 com‐
949 pliant so any DNS server supporting RFC 2136 should be able to accept
950 updates from the DHCP server.
951 Two DNS update schemes are currently implemented, and another is
953 planned. The two that are currently available are the ad-hoc DNS
954 update mode and the interim DHCP-DNS interaction draft update mode. If
955 and when the DHCP-DNS interaction draft and the DHCID draft make it
956 through the IETF standards process, there will be a third mode, which
957 will be the standard DNS update method. The DHCP server must be con‐
958 figured to use one of the two currently-supported methods, or not to do
959 dns updates. This can be done with the ddns-update-style configura‐
960 tion parameter.
961
963 The ad-hoc Dynamic DNS update scheme is now deprecated and does not
964 work. In future releases of the ISC DHCP server, this scheme will not
965 likely be available. The interim scheme works, allows for failover,
966 and should now be used. The following description is left here for
967 informational purposes only.
968 The ad-hoc Dynamic DNS update scheme implemented in this version of the
970 ISC DHCP server is a prototype design, which does not have much to do
971 with the standard update method that is being standardized in the IETF
972 DHC working group, but rather implements some very basic, yet useful,
973 update capabilities. This mode does not work with the failover proto‐
974 col because it does not account for the possibility of two different
975 DHCP servers updating the same set of DNS records.
976 For the ad-hoc DNS update method, the client's FQDN is derived in two
978 parts. First, the hostname is determined. Then, the domain name is
979 determined, and appended to the hostname.
980 The DHCP server determines the client's hostname by first looking for a
982 ddns-hostname configuration option, and using that if it is present.
983 If no such option is present, the server looks for a valid hostname in
984 the FQDN option sent by the client. If one is found, it is used; oth‐
985 erwise, if the client sent a host-name option, that is used. Other‐
986 wise, if there is a host declaration that applies to the client, the
987 name from that declaration will be used. If none of these applies, the
988 server will not have a hostname for the client, and will not be able to
989 do a DNS update.
990 The domain name is determined from the ddns-domainname configuration
992 option. The default configuration for this option is:
993 option server.ddns-domainname = config-option domain-name;
995 So if this configuration option is not configured to a different value
997 (over-riding the above default), or if a domain-name option has not
998 been configured for the client's scope, then the server will not
999 attempt to perform a DNS update.
1000 The client's fully-qualified domain name, derived as we have described,
1002 is used as the name on which an "A" record will be stored. The A
1003 record will contain the IP address that the client was assigned in its
1004 lease. If there is already an A record with the same name in the DNS
1005 server, no update of either the A or PTR records will occur - this pre‐
1006 vents a client from claiming that its hostname is the name of some net‐
1007 work server. For example, if you have a fileserver called
1008 "fs.sneedville.edu", and the client claims its hostname is "fs", no DNS
1009 update will be done for that client, and an error message will be
1010 logged.
1011 If the A record update succeeds, a PTR record update for the assigned
1013 IP address will be done, pointing to the A record. This update is
1014 unconditional - it will be done even if another PTR record of the same
1015 name exists. Since the IP address has been assigned to the DHCP
1016 server, this should be safe.
1017 Please note that the current implementation assumes clients only have a
1019 single network interface. A client with two network interfaces will
1020 see unpredictable behavior. This is considered a bug, and will be
1021 fixed in a later release. It may be helpful to enable the one-lease-
1022 per-client parameter so that roaming clients do not trigger this same
1023 behavior.
1024 The DHCP protocol normally involves a four-packet exchange - first the
1026 client sends a DHCPDISCOVER message, then the server sends a DHCPOFFER,
1027 then the client sends a DHCPREQUEST, then the server sends a DHCPACK.
1028 In the current version of the server, the server will do a DNS update
1029 after it has received the DHCPREQUEST, and before it has sent the DHC‐
1030 PACK. It only sends the DNS update if it has not sent one for the
1031 client's address before, in order to minimize the impact on the DHCP
1032 server.
1033 When the client's lease expires, the DHCP server (if it is operating at
1035 the time, or when next it operates) will remove the client's A and PTR
1036 records from the DNS database. If the client releases its lease by
1037 sending a DHCPRELEASE message, the server will likewise remove the A
1038 and PTR records.
1039
1041 The interim DNS update scheme operates mostly according to several
1042 drafts that are being considered by the IETF and are expected to become
1043 standards, but are not yet standards, and may not be standardized
1044 exactly as currently proposed. These are:
1045 draft-ietf-dhc-ddns-resolution-??.txt
1047 draft-ietf-dhc-fqdn-option-??.txt
1048 draft-ietf-dnsext-dhcid-rr-??.txt
1049 Because our implementation is slightly different than the standard, we
1051 will briefly document the operation of this update style here.
1052 The first point to understand about this style of DNS update is that
1054 unlike the ad-hoc style, the DHCP server does not necessarily always
1055 update both the A and the PTR records. The FQDN option includes a
1056 flag which, when sent by the client, indicates that the client wishes
1057 to update its own A record. In that case, the server can be config‐
1058 ured either to honor the client's intentions or ignore them. This is
1059 done with the statement allow client-updates; or the statement ignore
1060 client-updates;. By default, client updates are allowed.
1061 If the server is configured to allow client updates, then if the client
1063 sends a fully-qualified domain name in the FQDN option, the server will
1064 use that name the client sent in the FQDN option to update the PTR
1065 record. For example, let us say that the client is a visitor from the
1066 "radish.org" domain, whose hostname is "jschmoe". The server is for
1067 the "example.org" domain. The DHCP client indicates in the FQDN
1068 option that its FQDN is "jschmoe.radish.org.". It also indicates that
1069 it wants to update its own A record. The DHCP server therefore does
1070 not attempt to set up an A record for the client, but does set up a PTR
1071 record for the IP address that it assigns the client, pointing at
1072 jschmoe.radish.org. Once the DHCP client has an IP address, it can
1073 update its own A record, assuming that the "radish.org" DNS server will
1074 allow it to do so.
1075 If the server is configured not to allow client updates, or if the
1077 client doesn't want to do its own update, the server will simply choose
1078 a name for the client from either the fqdn option (if present) or the
1079 hostname option (if present). It will use its own domain name for the
1080 client, just as in the ad-hoc update scheme. It will then update both
1081 the A and PTR record, using the name that it chose for the client. If
1082 the client sends a fully-qualified domain name in the fqdn option, the
1083 server uses only the leftmost part of the domain name - in the example
1084 above, "jschmoe" instead of "jschmoe.radish.org".
1085 Further, if the ignore client-updates; directive is used, then the
1087 server will in addition send a response in the DHCP packet, using the
1088 FQDN Option, that implies to the client that it should perform its own
1089 updates if it chooses to do so. With deny client-updates;, a response
1090 is sent which indicates the client may not perform updates.
1091 Also, if the use-host-decl-names configuration option is enabled, then
1093 the host declaration's hostname will be used in place of the hostname
1094 option, and the same rules will apply as described above.
1095 The other difference between the ad-hoc scheme and the interim scheme
1097 is that with the interim scheme, a method is used that allows more than
1098 one DHCP server to update the DNS database without accidentally delet‐
1099 ing A records that shouldn't be deleted nor failing to add A records
1100 that should be added. The scheme works as follows:
1101 When the DHCP server issues a client a new lease, it creates a text
1103 string that is an MD5 hash over the DHCP client's identification (see
1104 draft-ietf-dnsext-dhcid-rr-??.txt for details). The update adds an A
1105 record with the name the server chose and a TXT record containing the
1106 hashed identifier string (hashid). If this update succeeds, the
1107 server is done.
1108 If the update fails because the A record already exists, then the DHCP
1110 server attempts to add the A record with the prerequisite that there
1111 must be a TXT record in the same name as the new A record, and that TXT
1112 record's contents must be equal to hashid. If this update succeeds,
1113 then the client has its A record and PTR record. If it fails, then
1114 the name the client has been assigned (or requested) is in use, and
1115 can't be used by the client. At this point the DHCP server gives up
1116 trying to do a DNS update for the client until the client chooses a new
1117 name.
1118 The interim DNS update scheme is called interim for two reasons.
1120 First, it does not quite follow the drafts. The current versions of
1121 the drafts call for a new DHCID RRtype, but this is not yet available.
1122 The interim DNS update scheme uses a TXT record instead. Also, the
1123 existing ddns-resolution draft calls for the DHCP server to put a DHCID
1124 RR on the PTR record, but the interim update method does not do this.
1125 It is our position that this is not useful, and we are working with the
1126 author in hopes of removing it from the next version of the draft, or
1127 better understanding why it is considered useful.
1128 In addition to these differences, the server also does not update very
1130 aggressively. Because each DNS update involves a round trip to the DNS
1131 server, there is a cost associated with doing updates even if they do
1132 not actually modify the DNS database. So the DHCP server tracks
1133 whether or not it has updated the record in the past (this information
1134 is stored on the lease) and does not attempt to update records that it
1135 thinks it has already updated.
1136 This can lead to cases where the DHCP server adds a record, and then
1138 the record is deleted through some other mechanism, but the server
1139 never again updates the DNS because it thinks the data is already
1140 there. In this case the data can be removed from the lease through
1141 operator intervention, and once this has been done, the DNS will be
1142 updated the next time the client renews.
1143
1145 When you set your DNS server up to allow updates from the DHCP server,
1146 you may be exposing it to unauthorized updates. To avoid this, you
1147 should use TSIG signatures - a method of cryptographically signing
1148 updates using a shared secret key. As long as you protect the secrecy
1149 of this key, your updates should also be secure. Note, however, that
1150 the DHCP protocol itself provides no security, and that clients can
1151 therefore provide information to the DHCP server which the DHCP server
1152 will then use in its updates, with the constraints described previ‐
1153 ously.
1154 The DNS server must be configured to allow updates for any zone that
1156 the DHCP server will be updating. For example, let us say that clients
1157 in the sneedville.edu domain will be assigned addresses on the
1158 10.10.17.0/24 subnet. In that case, you will need a key declaration
1159 for the TSIG key you will be using, and also two zone declarations -
1160 one for the zone containing A records that will be updates and one for
1161 the zone containing PTR records - for ISC BIND, something like this:
1162 key DHCP_UPDATER {
1164 algorithm hmac-md5;
1165 secret pRP5FapFoJ95JEL06sv4PQ==;
1166 };
1167 zone "example.org" {
1169 type master;
1170 file "example.org.db";
1171 allow-update { key DHCP_UPDATER; };
1172 };
1173 zone "17.10.10.in-addr.arpa" {
1175 type master;
1176 file "10.10.17.db";
1177 allow-update { key DHCP_UPDATER; };
1178 };
1179 You will also have to configure your DHCP server to do updates to these
1181 zones. To do so, you need to add something like this to your
1182 dhcpd.conf file:
1183 key DHCP_UPDATER {
1185 algorithm hmac-md5;
1186 secret pRP5FapFoJ95JEL06sv4PQ==;
1187 };
1188 zone EXAMPLE.ORG. {
1190 primary 127.0.0.1;
1191 key DHCP_UPDATER;
1192 }
1193 zone 17.127.10.in-addr.arpa. {
1195 primary 127.0.0.1;
1196 key DHCP_UPDATER;
1197 }
1198 The primary statement specifies the IP address of the name server whose
1200 zone information is to be updated.
1201 Note that the zone declarations have to correspond to authority records
1203 in your name server - in the above example, there must be an SOA record
1204 for "example.org." and for "17.10.10.in-addr.arpa.". For example, if
1205 there were a subdomain "foo.example.org" with no separate SOA, you
1206 could not write a zone declaration for "foo.example.org." Also keep in
1207 mind that zone names in your DHCP configuration should end in a ".";
1208 this is the preferred syntax. If you do not end your zone name in a
1209 ".", the DHCP server will figure it out. Also note that in the DHCP
1210 configuration, zone names are not encapsulated in quotes where there
1211 are in the DNS configuration.
1212 You should choose your own secret key, of course. The ISC BIND 8 and 9
1214 distributions come with a program for generating secret keys called
1215 dnssec-keygen. The version that comes with BIND 9 is likely to produce
1216 a substantially more random key, so we recommend you use that one even
1217 if you are not using BIND 9 as your DNS server. If you are using BIND
1218 9's dnssec-keygen, the above key would be created as follows:
1219 dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
1221 If you are using the BIND 8 dnskeygen program, the following command
1223 will generate a key as seen above:
1224 dnskeygen -H 128 -u -c -n DHCP_UPDATER
1226 You may wish to enable logging of DNS updates on your DNS server. To
1228 do so, you might write a logging statement like the following:
1229 logging {
1231 channel update_debug {
1232 file "/var/log/update-debug.log";
1233 severity debug 3;
1234 print-category yes;
1235 print-severity yes;
1236 print-time yes;
1237 };
1238 channel security_info {
1239 file "/var/log/named-auth.info";
1240 severity info;
1241 print-category yes;
1242 print-severity yes;
1243 print-time yes;
1244 };
1245 category update { update_debug; };
1247 category security { security_info; };
1248 };
1249 You must create the /var/log/named-auth.info and /var/log/update-
1251 debug.log files before starting the name server. For more information
1252 on configuring ISC BIND, consult the documentation that accompanies it.
1253
1255 There are three kinds of events that can happen regarding a lease, and
1256 it is possible to declare statements that occur when any of these
1257 events happen. These events are the commit event, when the server has
1258 made a commitment of a certain lease to a client, the release event,
1259 when the client has released the server from its commitment, and the
1260 expiry event, when the commitment expires.
1261 To declare a set of statements to execute when an event happens, you
1263 must use the on statement, followed by the name of the event, followed
1264 by a series of statements to execute when the event happens, enclosed
1265 in braces. Events are used to implement DNS updates, so you should
1266 not define your own event handlers if you are using the built-in DNS
1267 update mechanism.
1268 The built-in version of the DNS update mechanism is in a text string
1270 towards the top of server/dhcpd.c. If you want to use events for
1271 things other than DNS updates, and you also want DNS updates, you will
1272 have to start out by copying this code into your dhcpd.conf file and
1273 modifying it.
1274
1276 The include statement
1277 include "filename";
1279 The include statement is used to read in a named file, and process the
1281 contents of that file as though it were entered in place of the include
1282 statement.
1283 The shared-network statement
1285 shared-network name {
1287 [ parameters ]
1288 [ declarations ]
1289 }
1290 The shared-network statement is used to inform the DHCP server that
1292 some IP subnets actually share the same physical network. Any subnets
1293 in a shared network should be declared within a shared-network state‐
1294 ment. Parameters specified in the shared-network statement will be
1295 used when booting clients on those subnets unless parameters provided
1296 at the subnet or host level override them. If any subnet in a shared
1297 network has addresses available for dynamic allocation, those addresses
1298 are collected into a common pool for that shared network and assigned
1299 to clients as needed. There is no way to distinguish on which subnet
1300 of a shared network a client should boot.
1301 Name should be the name of the shared network. This name is used when
1303 printing debugging messages, so it should be descriptive for the shared
1304 network. The name may have the syntax of a valid domain name
1305 (although it will never be used as such), or it may be any arbitrary
1306 name, enclosed in quotes.
1307 The subnet statement
1309 subnet subnet-number netmask netmask {
1311 [ parameters ]
1312 [ declarations ]
1313 }
1314 The subnet statement is used to provide dhcpd with enough information
1316 to tell whether or not an IP address is on that subnet. It may also be
1317 used to provide subnet-specific parameters and to specify what
1318 addresses may be dynamically allocated to clients booting on that sub‐
1319 net. Such addresses are specified using the range declaration.
1320 The subnet-number should be an IP address or domain name which resolves
1322 to the subnet number of the subnet being described. The netmask
1323 should be an IP address or domain name which resolves to the subnet
1324 mask of the subnet being described. The subnet number, together with
1325 the netmask, are sufficient to determine whether any given IP address
1326 is on the specified subnet.
1327 Although a netmask must be given with every subnet declaration, it is
1329 recommended that if there is any variance in subnet masks at a site, a
1330 subnet-mask option statement be used in each subnet declaration to set
1331 the desired subnet mask, since any subnet-mask option statement will
1332 override the subnet mask declared in the subnet statement.
1333 The subnet6 statement
1335 subnet6 subnet6-number {
1337 [ parameters ]
1338 [ declarations ]
1339 }
1340 The subnet6 statement is used to provide dhcpd with enough information
1342 to tell whether or not an IPv6 address is on that subnet6. It may also
1343 be used to provide subnet-specific parameters and to specify what
1344 addresses may be dynamically allocated to clients booting on that sub‐
1345 net.
1346 The subnet6-number should be an IPv6 network identifier, specified as
1348 ip6-address/bits.
1349 The range statement
1351 range [ dynamic-bootp ] low-address [ high-address];
1353 For any subnet on which addresses will be assigned dynamically, there
1355 must be at least one range statement. The range statement gives the
1356 lowest and highest IP addresses in a range. All IP addresses in the
1357 range should be in the subnet in which the range statement is declared.
1358 The dynamic-bootp flag may be specified if addresses in the specified
1359 range may be dynamically assigned to BOOTP clients as well as DHCP
1360 clients. When specifying a single address, high-address can be omit‐
1361 ted.
1362 The range6 statement
1364 range6 low-address high-address;
1366 range6 subnet6-number;
1367 range6 subnet6-number temporary;
1368 range6 address temporary;
1369 For any IPv6 subnet6 on which addresses will be assigned dynamically,
1371 there must be at least one range6 statement. The range6 statement can
1372 either be the lowest and highest IPv6 addresses in a range6, or use
1373 CIDR notation, specified as ip6-address/bits. All IP addresses in the
1374 range6 should be in the subnet6 in which the range6 statement is
1375 declared.
1376 The temporary variant makes the prefix (by default on 64 bits) avail‐
1378 able for temporary (RFC 4941) addresses. A new address per prefix in
1379 the shared network is computed at each request with an IA_TA option.
1380 Release and Confirm ignores temporary addresses.
1381 Any IPv6 addresses given to hosts with fixed-address6 are excluded from
1383 the range6, as are IPv6 addresses on the server itself.
1384 The prefix6 statement
1386 prefix6 low-address high-address / bits;
1388 The prefix6 is the range6 equivalent for Prefix Delegation (RFC 3633).
1390 Prefixes of bits length are assigned between low-address and high-
1391 address.
1392 Any IPv6 prefixes given to static entries (hosts) with fixed-prefix6
1394 are excluded from the prefix6.
1395 This statement is currently global but it should have a shared-network
1397 scope.
1398 The host statement
1400 host hostname {
1402 [ parameters ]
1403 [ declarations ]
1404 }
1405 The host declaration provides a scope in which to provide configuration
1407 information about a specific client, and also provides a way to assign
1408 a client a fixed address. The host declaration provides a way for the
1409 DHCP server to identify a DHCP or BOOTP client, and also a way to
1410 assign the client a static IP address.
1411 If it is desirable to be able to boot a DHCP or BOOTP client on more
1413 than one subnet with fixed addresses, more than one address may be
1414 specified in the fixed-address declaration, or more than one host
1415 statement may be specified matching the same client.
1416 If client-specific boot parameters must change based on the network to
1418 which the client is attached, then multiple host declarations should be
1419 used. The host declarations will only match a client if one of their
1420 fixed-address statements is viable on the subnet (or shared network)
1421 where the client is attached. Conversely, for a host declaration to
1422 match a client being allocated a dynamic address, it must not have any
1423 fixed-address statements. You may therefore need a mixture of host
1424 declarations for any given client...some having fixed-address state‐
1425 ments, others without.
1426 hostname should be a name identifying the host. If a hostname option
1428 is not specified for the host, hostname is used.
1429 Host declarations are matched to actual DHCP or BOOTP clients by match‐
1431 ing the dhcp-client-identifier option specified in the host declaration
1432 to the one supplied by the client, or, if the host declaration or the
1433 client does not provide a dhcp-client-identifier option, by matching
1434 the hardware parameter in the host declaration to the network hardware
1435 address supplied by the client. BOOTP clients do not normally provide
1436 a dhcp-client-identifier, so the hardware address must be used for all
1437 clients that may boot using the BOOTP protocol.
1438 DHCPv6 servers can use the host-identifier option parameter in the host
1440 declaration, and specify any option with a fixed value to identify
1441 hosts.
1442 Please be aware that only the dhcp-client-identifier option and the
1444 hardware address can be used to match a host declaration, or the host-
1445 identifier option parameter for DHCPv6 servers. For example, it is
1446 not possible to match a host declaration to a host-name option. This
1447 is because the host-name option cannot be guaranteed to be unique for
1448 any given client, whereas both the hardware address and dhcp-client-
1449 identifier option are at least theoretically guaranteed to be unique to
1450 a given client.
1451 The group statement
1453 group {
1455 [ parameters ]
1456 [ declarations ]
1457 }
1458 The group statement is used simply to apply one or more parameters to a
1460 group of declarations. It can be used to group hosts, shared net‐
1461 works, subnets, or even other groups.
1462
1464 The allow and deny statements can be used to control the response of
1465 the DHCP server to various sorts of requests. The allow and deny key‐
1466 words actually have different meanings depending on the context. In a
1467 pool context, these keywords can be used to set up access lists for
1468 address allocation pools. In other contexts, the keywords simply con‐
1469 trol general server behavior with respect to clients based on scope.
1470 In a non-pool context, the ignore keyword can be used in place of the
1471 deny keyword to prevent logging of denied requests.
1472
1474 The following usages of allow and deny will work in any scope, although
1475 it is not recommended that they be used in pool declarations.
1476 The unknown-clients keyword
1478 allow unknown-clients;
1480 deny unknown-clients;
1481 ignore unknown-clients;
1482 The unknown-clients flag is used to tell dhcpd whether or not to dynam‐
1484 ically assign addresses to unknown clients. Dynamic address assign‐
1485 ment to unknown clients is allowed by default. An unknown client is
1486 simply a client that has no host declaration.
1487 The use of this option is now deprecated. If you are trying to
1489 restrict access on your network to known clients, you should use deny
1490 unknown-clients; inside of your address pool, as described under the
1491 heading ALLOW AND DENY WITHIN POOL DECLARATIONS.
1492 The bootp keyword
1494 allow bootp;
1496 deny bootp;
1497 ignore bootp;
1498 The bootp flag is used to tell dhcpd whether or not to respond to bootp
1500 queries. Bootp queries are allowed by default.
1501 This option does not satisfy the requirement of failover peers for
1503 denying dynamic bootp clients. The deny dynamic bootp clients; option
1504 should be used instead. See the ALLOW AND DENY WITHIN POOL DECLARATIONS
1505 section of this man page for more details.
1506 The booting keyword
1508 allow booting;
1510 deny booting;
1511 ignore booting;
1512 The booting flag is used to tell dhcpd whether or not to respond to
1514 queries from a particular client. This keyword only has meaning when
1515 it appears in a host declaration. By default, booting is allowed, but
1516 if it is disabled for a particular client, then that client will not be
1517 able to get an address from the DHCP server.
1518 The duplicates keyword
1520 allow duplicates;
1522 deny duplicates;
1523 Host declarations can match client messages based on the DHCP Client
1525 Identifier option or based on the client's network hardware type and
1526 MAC address. If the MAC address is used, the host declaration will
1527 match any client with that MAC address - even clients with different
1528 client identifiers. This doesn't normally happen, but is possible
1529 when one computer has more than one operating system installed on it -
1530 for example, Microsoft Windows and NetBSD or Linux.
1531 The duplicates flag tells the DHCP server that if a request is received
1533 from a client that matches the MAC address of a host declaration, any
1534 other leases matching that MAC address should be discarded by the
1535 server, even if the UID is not the same. This is a violation of the
1536 DHCP protocol, but can prevent clients whose client identifiers change
1537 regularly from holding many leases at the same time. By default,
1538 duplicates are allowed.
1539 The declines keyword
1541 allow declines;
1543 deny declines;
1544 ignore declines;
1545 The DHCPDECLINE message is used by DHCP clients to indicate that the
1547 lease the server has offered is not valid. When the server receives a
1548 DHCPDECLINE for a particular address, it normally abandons that
1549 address, assuming that some unauthorized system is using it. Unfortu‐
1550 nately, a malicious or buggy client can, using DHCPDECLINE messages,
1551 completely exhaust the DHCP server's allocation pool. The server will
1552 reclaim these leases, but while the client is running through the pool,
1553 it may cause serious thrashing in the DNS, and it will also cause the
1554 DHCP server to forget old DHCP client address allocations.
1555 The declines flag tells the DHCP server whether or not to honor DHCPDE‐
1557 CLINE messages. If it is set to deny or ignore in a particular scope,
1558 the DHCP server will not respond to DHCPDECLINE messages.
1559 The client-updates keyword
1561 allow client-updates;
1563 deny client-updates;
1564 The client-updates flag tells the DHCP server whether or not to honor
1566 the client's intention to do its own update of its A record. This is
1567 only relevant when doing interim DNS updates. See the documentation
1568 under the heading THE INTERIM DNS UPDATE SCHEME for details.
1569 The leasequery keyword
1571 allow leasequery;
1573 deny leasequery;
1574 The leasequery flag tells the DHCP server whether or not to answer DHC‐
1576 PLEASEQUERY packets. The answer to a DHCPLEASEQUERY packet includes
1577 information about a specific lease, such as when it was issued and when
1578 it will expire. By default, the server will not respond to these pack‐
1579 ets.
1580
1582 The uses of the allow and deny keywords shown in the previous section
1583 work pretty much the same way whether the client is sending a DHCPDIS‐
1584 COVER or a DHCPREQUEST message - an address will be allocated to the
1585 client (either the old address it's requesting, or a new address) and
1586 then that address will be tested to see if it's okay to let the client
1587 have it. If the client requested it, and it's not okay, the server
1588 will send a DHCPNAK message. Otherwise, the server will simply not
1589 respond to the client. If it is okay to give the address to the
1590 client, the server will send a DHCPACK message.
1591 The primary motivation behind pool declarations is to have address
1593 allocation pools whose allocation policies are different. A client
1594 may be denied access to one pool, but allowed access to another pool on
1595 the same network segment. In order for this to work, access control
1596 has to be done during address allocation, not after address allocation
1597 is done.
1598 When a DHCPREQUEST message is processed, address allocation simply con‐
1600 sists of looking up the address the client is requesting and seeing if
1601 it's still available for the client. If it is, then the DHCP server
1602 checks both the address pool permit lists and the relevant in-scope
1603 allow and deny statements to see if it's okay to give the lease to the
1604 client. In the case of a DHCPDISCOVER message, the allocation process
1605 is done as described previously in the ADDRESS ALLOCATION section.
1606 When declaring permit lists for address allocation pools, the following
1608 syntaxes are recognized following the allow or deny keywords:
1609 known-clients;
1611 If specified, this statement either allows or prevents allocation from
1613 this pool to any client that has a host declaration (i.e., is known).
1614 A client is known if it has a host declaration in any scope, not just
1615 the current scope.
1616 unknown-clients;
1618 If specified, this statement either allows or prevents allocation from
1620 this pool to any client that has no host declaration (i.e., is not
1621 known).
1622 members of "class";
1624 If specified, this statement either allows or prevents allocation from
1626 this pool to any client that is a member of the named class.
1627 dynamic bootp clients;
1629 If specified, this statement either allows or prevents allocation from
1631 this pool to any bootp client.
1632 authenticated clients;
1634 If specified, this statement either allows or prevents allocation from
1636 this pool to any client that has been authenticated using the DHCP
1637 authentication protocol. This is not yet supported.
1638 unauthenticated clients;
1640 If specified, this statement either allows or prevents allocation from
1642 this pool to any client that has not been authenticated using the DHCP
1643 authentication protocol. This is not yet supported.
1644 all clients;
1646 If specified, this statement either allows or prevents allocation from
1648 this pool to all clients. This can be used when you want to write a
1649 pool declaration for some reason, but hold it in reserve, or when you
1650 want to renumber your network quickly, and thus want the server to
1651 force all clients that have been allocated addresses from this pool to
1652 obtain new addresses immediately when they next renew.
1653 after time;
1655 If specified, this statement either allows or prevents allocation from
1657 this pool after a given date. This can be used when you want to move
1658 clients from one pool to another. The server adjusts the regular lease
1659 time so that the latest expiry time is at the given time+min-lease-
1660 time. A short min-lease-time enforces a step change, whereas a longer
1661 min-lease-time allows for a gradual change. time is either second
1662 since epoch, or a UTC time string e.g. 4 2007/08/24 09:14:32 or a
1663 string with time zone offset in seconds e.g. 4 2007/08/24 11:14:32
1664 -7200
1665
1667 The adaptive-lease-time-threshold statement
1668 adaptive-lease-time-threshold percentage;
1670 When the number of allocated leases within a pool rises above the
1672 percentage given in this statement, the DHCP server decreases the
1673 lease length for new clients within this pool to min-lease-time sec‐
1674 onds. Clients renewing an already valid (long) leases get at least
1675 the remaining time from the current lease. Since the leases expire
1676 faster, the server may either recover more quickly or avoid pool
1677 exhaustion entirely. Once the number of allocated leases drop below
1678 the threshold, the server reverts back to normal lease times. Valid
1679 percentages are between 1 and 99.
1680 The always-broadcast statement
1682 always-broadcast flag;
1684 The DHCP and BOOTP protocols both require DHCP and BOOTP clients to
1686 set the broadcast bit in the flags field of the BOOTP message header.
1687 Unfortunately, some DHCP and BOOTP clients do not do this, and there‐
1688 fore may not receive responses from the DHCP server. The DHCP
1689 server can be made to always broadcast its responses to clients by
1690 setting this flag to ´on´ for the relevant scope; relevant scopes
1691 would be inside a conditional statement, as a parameter for a class,
1692 or as a parameter for a host declaration. To avoid creating excess
1693 broadcast traffic on your network, we recommend that you restrict the
1694 use of this option to as few clients as possible. For example, the
1695 Microsoft DHCP client is known not to have this problem, as are the
1696 OpenTransport and ISC DHCP clients.
1697 The always-reply-rfc1048 statement
1699 always-reply-rfc1048 flag;
1701 Some BOOTP clients expect RFC1048-style responses, but do not follow
1703 RFC1048 when sending their requests. You can tell that a client is
1704 having this problem if it is not getting the options you have config‐
1705 ured for it and if you see in the server log the message "(non-
1706 rfc1048)" printed with each BOOTREQUEST that is logged.
1707 If you want to send rfc1048 options to such a client, you can set the
1709 always-reply-rfc1048 option in that client's host declaration, and
1710 the DHCP server will respond with an RFC-1048-style vendor options
1711 field. This flag can be set in any scope, and will affect all
1712 clients covered by that scope.
1713 The authoritative statement
1715 authoritative;
1717 not authoritative;
1719 The DHCP server will normally assume that the configuration informa‐
1721 tion about a given network segment is not known to be correct and is
1722 not authoritative. This is so that if a naive user installs a DHCP
1723 server not fully understanding how to configure it, it does not send
1724 spurious DHCPNAK messages to clients that have obtained addresses
1725 from a legitimate DHCP server on the network.
1726 Network administrators setting up authoritative DHCP servers for
1728 their networks should always write authoritative; at the top of their
1729 configuration file to indicate that the DHCP server should send DHCP‐
1730 NAK messages to misconfigured clients. If this is not done, clients
1731 will be unable to get a correct IP address after changing subnets
1732 until their old lease has expired, which could take quite a long
1733 time.
1734 Usually, writing authoritative; at the top level of the file should
1736 be sufficient. However, if a DHCP server is to be set up so that it
1737 is aware of some networks for which it is authoritative and some net‐
1738 works for which it is not, it may be more appropriate to declare
1739 authority on a per-network-segment basis.
1740 Note that the most specific scope for which the concept of authority
1742 makes any sense is the physical network segment - either a shared-
1743 network statement or a subnet statement that is not contained within
1744 a shared-network statement. It is not meaningful to specify that the
1745 server is authoritative for some subnets within a shared network, but
1746 not authoritative for others, nor is it meaningful to specify that
1747 the server is authoritative for some host declarations and not oth‐
1748 ers.
1749 The boot-unknown-clients statement
1751 boot-unknown-clients flag;
1753 If the boot-unknown-clients statement is present and has a value of
1755 false or off, then clients for which there is no host declaration
1756 will not be allowed to obtain IP addresses. If this statement is
1757 not present or has a value of true or on, then clients without host
1758 declarations will be allowed to obtain IP addresses, as long as those
1759 addresses are not restricted by allow and deny statements within
1760 their pool declarations.
1761 The db-time-format statement
1763 db-time-format [ default | local ] ;
1765 The DHCP server software outputs several timestamps when writing
1767 leases to persistent storage. This configuration parameter selects
1768 one of two output formats. The default format prints the day, date,
1769 and time in UTC, while the local format prints the system seconds-
1770 since-epoch, and helpfully provides the day and time in the system
1771 timezone in a comment. The time formats are described in detail in
1772 the dhcpd.leases(5) manpage.
1773 The ddns-hostname statement
1775 ddns-hostname name;
1777 The name parameter should be the hostname that will be used in set‐
1779 ting up the client's A and PTR records. If no ddns-hostname is
1780 specified in scope, then the server will derive the hostname automat‐
1781 ically, using an algorithm that varies for each of the different
1782 update methods.
1783 The ddns-domainname statement
1785 ddns-domainname name;
1787 The name parameter should be the domain name that will be appended to
1789 the client's hostname to form a fully-qualified domain-name (FQDN).
1790 The ddns-rev-domainname statement
1792 ddns-rev-domainname name; The name parameter should be the domain
1794 name that will be appended to the client's reversed IP address to
1795 produce a name for use in the client's PTR record. By default, this
1796 is "in-addr.arpa.", but the default can be overridden here.
1797 The reversed IP address to which this domain name is appended is
1799 always the IP address of the client, in dotted quad notation,
1800 reversed - for example, if the IP address assigned to the client is
1801 10.17.92.74, then the reversed IP address is 74.92.17.10. So a
1802 client with that IP address would, by default, be given a PTR record
1803 of 10.17.92.74.in-addr.arpa.
1804 The ddns-update-style parameter
1806 ddns-update-style style;
1808 The style parameter must be one of ad-hoc, interim or none. The
1810 ddns-update-style statement is only meaningful in the outer scope -
1811 it is evaluated once after reading the dhcpd.conf file, rather than
1812 each time a client is assigned an IP address, so there is no way to
1813 use different DNS update styles for different clients. The default is
1814 none.
1815 The ddns-updates statement
1817 ddns-updates flag;
1819 The ddns-updates parameter controls whether or not the server will
1821 attempt to do a DNS update when a lease is confirmed. Set this to
1822 off if the server should not attempt to do updates within a certain
1823 scope. The ddns-updates parameter is on by default. To disable DNS
1824 updates in all scopes, it is preferable to use the ddns-update-style
1825 statement, setting the style to none.
1826 The default-lease-time statement
1828 default-lease-time time;
1830 Time should be the length in seconds that will be assigned to a lease
1832 if the client requesting the lease does not ask for a specific expi‐
1833 ration time. This is used for both DHCPv4 and DHCPv6 leases (it is
1834 also known as the "valid lifetime" in DHCPv6). The default is 43200
1835 seconds.
1836 The delayed-ack and max-ack-delay statements
1838 delayed-ack count; max-ack-delay microseconds;
1840 Count should be an integer value from zero to 2^16-1, and defaults to
1842 28. The count represents how many DHCPv4 replies maximum will be
1843 queued pending transmission until after a database commit event. If
1844 this number is reached, a database commit event (commonly resulting
1845 in fsync() and representing a performance penalty) will be made, and
1846 the reply packets will be transmitted in a batch afterwards. This
1847 preserves the RFC2131 direction that "stable storage" be updated
1848 prior to replying to clients. Should the DHCPv4 sockets "go dry"
1849 (select() returns immediately with no read sockets), the commit is
1850 made and any queued packets are transmitted.
1851 Similarly, microseconds indicates how many microseconds are permitted
1853 to pass inbetween queuing a packet pending an fsync, and performing
1854 the fsync. Valid values range from 0 to 2^32-1, and defaults to
1855 250,000 (1/4 of a second).
1856 Please note that as delayed-ack is currently experimental, the
1858 delayed-ack feature is not compiled in by default, but must be
1859 enabled at compile time with ´./configure --enable-delayed-ack´.
1860 The do-forward-updates statement
1862 do-forward-updates flag;
1864 The do-forward-updates statement instructs the DHCP server as to
1866 whether it should attempt to update a DHCP client's A record when the
1867 client acquires or renews a lease. This statement has no effect
1868 unless DNS updates are enabled and ddns-update-style is set to
1869 interim. Forward updates are enabled by default. If this state‐
1870 ment is used to disable forward updates, the DHCP server will never
1871 attempt to update the client's A record, and will only ever attempt
1872 to update the client's PTR record if the client supplies an FQDN that
1873 should be placed in the PTR record using the fqdn option. If forward
1874 updates are enabled, the DHCP server will still honor the setting of
1875 the client-updates flag.
1876 The dynamic-bootp-lease-cutoff statement
1878 dynamic-bootp-lease-cutoff date;
1880 The dynamic-bootp-lease-cutoff statement sets the ending time for all
1882 leases assigned dynamically to BOOTP clients. Because BOOTP clients
1883 do not have any way of renewing leases, and don't know that their
1884 leases could expire, by default dhcpd assigns infinite leases to all
1885 BOOTP clients. However, it may make sense in some situations to set
1886 a cutoff date for all BOOTP leases - for example, the end of a school
1887 term, or the time at night when a facility is closed and all machines
1888 are required to be powered off.
1889 Date should be the date on which all assigned BOOTP leases will end.
1891 The date is specified in the form:
1892 W YYYY/MM/DD HH:MM:SS
1894 W is the day of the week expressed as a number from zero (Sunday) to
1896 six (Saturday). YYYY is the year, including the century. MM is the
1897 month expressed as a number from 1 to 12. DD is the day of the
1898 month, counting from 1. HH is the hour, from zero to 23. MM is the
1899 minute and SS is the second. The time is always in Coordinated Uni‐
1900 versal Time (UTC), not local time.
1901 The dynamic-bootp-lease-length statement
1903 dynamic-bootp-lease-length length;
1905 The dynamic-bootp-lease-length statement is used to set the length of
1907 leases dynamically assigned to BOOTP clients. At some sites, it may
1908 be possible to assume that a lease is no longer in use if its holder
1909 has not used BOOTP or DHCP to get its address within a certain time
1910 period. The period is specified in length as a number of seconds.
1911 If a client reboots using BOOTP during the timeout period, the lease
1912 duration is reset to length, so a BOOTP client that boots frequently
1913 enough will never lose its lease. Needless to say, this parameter
1914 should be adjusted with extreme caution.
1915 The filename statement
1917 filename "filename";
1919 The filename statement can be used to specify the name of the initial
1921 boot file which is to be loaded by a client. The filename should be
1922 a filename recognizable to whatever file transfer protocol the client
1923 can be expected to use to load the file.
1924 The fixed-address declaration
1926 fixed-address address [, address ... ];
1928 The fixed-address declaration is used to assign one or more fixed IP
1930 addresses to a client. It should only appear in a host declaration.
1931 If more than one address is supplied, then when the client boots, it
1932 will be assigned the address that corresponds to the network on which
1933 it is booting. If none of the addresses in the fixed-address state‐
1934 ment are valid for the network to which the client is connected, that
1935 client will not match the host declaration containing that fixed-
1936 address declaration. Each address in the fixed-address declaration
1937 should be either an IP address or a domain name that resolves to one
1938 or more IP addresses.
1939 The fixed-address6 declaration
1941 fixed-address6 ip6-address ;
1943 The fixed-address6 declaration is used to assign a fixed IPv6
1945 addresses to a client. It should only appear in a host declaration.
1946 The get-lease-hostnames statement
1948 get-lease-hostnames flag;
1950 The get-lease-hostnames statement is used to tell dhcpd whether or
1952 not to look up the domain name corresponding to the IP address of
1953 each address in the lease pool and use that address for the DHCP
1954 hostname option. If flag is true, then this lookup is done for all
1955 addresses in the current scope. By default, or if flag is false, no
1956 lookups are done.
1957 The hardware statement
1959 hardware hardware-type hardware-address;
1961 In order for a BOOTP client to be recognized, its network hardware
1963 address must be declared using a hardware clause in the host state‐
1964 ment. hardware-type must be the name of a physical hardware inter‐
1965 face type. Currently, only the ethernet and token-ring types are
1966 recognized, although support for a fddi hardware type (and others)
1967 would also be desirable. The hardware-address should be a set of
1968 hexadecimal octets (numbers from 0 through ff) separated by colons.
1969 The hardware statement may also be used for DHCP clients.
1970 The host-identifier option statement
1972 host-identifier option option-name option-data;
1974 This identifies a DHCPv6 client in a host statement. option-name is
1976 any option, and option-data is the value for the option that the
1977 client will send. The option-data must be a constant value.
1978 The infinite-is-reserved statement
1980 infinite-is-reserved flag;
1982 ISC DHCP now supports ´reserved´ leases. See the section on RESERVED
1984 LEASES below. If this flag is on, the server will automatically
1985 reserve leases allocated to clients which requested an infinite
1986 (0xffffffff) lease-time.
1987 The default is off.
1989 The lease-file-name statement
1991 lease-file-name name;
1993 Name should be the name of the DHCP server's lease file. By
1995 default, this is /var/lib/dhcpd/dhcpd.leases. This statement must
1996 appear in the outer scope of the configuration file - if it appears
1997 in some other scope, it will have no effect. Furthermore, it has no
1998 effect if overridden by the -lf flag or the PATH_DHCPD_DB environment
1999 variable.
2000 The limit-addrs-per-ia statement
2002 limit-addrs-per-ia number;
2004 By default, the DHCPv6 server will limit clients to one IAADDR per IA
2006 option, meaning one address. If you wish to permit clients to hang
2007 onto multiple addresses at a time, configure a larger number here.
2008 Note that there is no present method to configure the server to
2010 forcibly configure the client with one IP address per each subnet on
2011 a shared network. This is left to future work.
2012 The dhcpv6-lease-file-name statement
2014 dhcpv6-lease-file-name name;
2016 Name is the name of the lease file to use if and only if the server
2018 is running in DHCPv6 mode. By default, this is
2019 /var/lib/dhcpd/dhcpd6.leases. This statement, like lease-file-name,
2020 must appear in the outer scope of the configuration file. It has no
2021 effect if overridden by the -lf flag or the PATH_DHCPD6_DB environ‐
2022 ment variable. If dhcpv6-lease-file-name is not specified, but
2023 lease-file-name is, the latter value will be used.
2024 The local-port statement
2026 local-port port;
2028 This statement causes the DHCP server to listen for DHCP requests on
2030 the UDP port specified in port, rather than on port 67.
2031 The local-address statement
2033 local-address address;
2035 This statement causes the DHCP server to listen for DHCP requests
2037 sent to the specified address, rather than requests sent to all
2038 addresses. Since serving directly attached DHCP clients implies that
2039 the server must respond to requests sent to the all-ones IP address,
2040 this option cannot be used if clients are on directly attached net‐
2041 works...it is only realistically useful for a server whose only
2042 clients are reached via unicasts, such as via DHCP relay agents.
2043 Note: This statement is only effective if the server was compiled
2045 using the USE_SOCKETS #define statement, which is default on a small
2046 number of operating systems, and must be explicitly chosen at com‐
2047 pile-time for all others. You can be sure if your server is compiled
2048 with USE_SOCKETS if you see lines of this format at startup:
2049 Listening on Socket/eth0
2051 Note also that since this bind()s all DHCP sockets to the specified
2053 address, that only one address may be supported in a daemon at a
2054 given time.
2055 The log-facility statement
2057 log-facility facility;
2059 This statement causes the DHCP server to do all of its logging on the
2061 specified log facility once the dhcpd.conf file has been read. By
2062 default the DHCP server logs to the daemon facility. Possible log
2063 facilities include auth, authpriv, cron, daemon, ftp, kern, lpr,
2064 mail, mark, news, ntp, security, syslog, user, uucp, and local0
2065 through local7. Not all of these facilities are available on all
2066 systems, and there may be other facilities available on other sys‐
2067 tems.
2068 In addition to setting this value, you may need to modify your sys‐
2070 log.conf file to configure logging of the DHCP server. For example,
2071 you might add a line like this:
2072 local7.debug /var/log/dhcpd.log
2074 The syntax of the syslog.conf file may be different on some operating
2076 systems - consult the syslog.conf manual page to be sure. To get
2077 syslog to start logging to the new file, you must first create the
2078 file with correct ownership and permissions (usually, the same owner
2079 and permissions of your /var/log/messages or /usr/adm/messages file
2080 should be fine) and send a SIGHUP to syslogd. Some systems support
2081 log rollover using a shell script or program called newsyslog or
2082 logrotate, and you may be able to configure this as well so that your
2083 log file doesn't grow uncontrollably.
2084 Because the log-facility setting is controlled by the dhcpd.conf
2086 file, log messages printed while parsing the dhcpd.conf file or
2087 before parsing it are logged to the default log facility. To prevent
2088 this, see the README file included with this distribution, which
2089 describes how to change the default log facility. When this parame‐
2090 ter is used, the DHCP server prints its startup message a second time
2091 after parsing the configuration file, so that the log will be as com‐
2092 plete as possible.
2093 The max-lease-time statement
2095 max-lease-time time;
2097 Time should be the maximum length in seconds that will be assigned to
2099 a lease. If not defined, the default maximum lease time is 86400.
2100 The only exception to this is that Dynamic BOOTP lease lengths, which
2101 are not specified by the client, are not limited by this maximum.
2102 The min-lease-time statement
2104 min-lease-time time;
2106 Time should be the minimum length in seconds that will be assigned to
2108 a lease. The default is the minimum of 300 seconds or max-lease-
2109 time.
2110 The min-secs statement
2112 min-secs seconds;
2114 Seconds should be the minimum number of seconds since a client began
2116 trying to acquire a new lease before the DHCP server will respond to
2117 its request. The number of seconds is based on what the client
2118 reports, and the maximum value that the client can report is 255 sec‐
2119 onds. Generally, setting this to one will result in the DHCP server
2120 not responding to the client's first request, but always responding
2121 to its second request.
2122 This can be used to set up a secondary DHCP server which never offers
2124 an address to a client until the primary server has been given a
2125 chance to do so. If the primary server is down, the client will
2126 bind to the secondary server, but otherwise clients should always
2127 bind to the primary. Note that this does not, by itself, permit a
2128 primary server and a secondary server to share a pool of dynamically-
2129 allocatable addresses.
2130 The next-server statement
2132 next-server server-name;
2134 The next-server statement is used to specify the host address of the
2136 server from which the initial boot file (specified in the filename
2137 statement) is to be loaded. Server-name should be a numeric IP
2138 address or a domain name. If no next-server statement applies to a
2139 given client, the address 0.0.0.0 is used.
2140 The omapi-port statement
2142 omapi-port port;
2144 The omapi-port statement causes the DHCP server to listen for OMAPI
2146 connections on the specified port. This statement is required to
2147 enable the OMAPI protocol, which is used to examine and modify the
2148 state of the DHCP server as it is running.
2149 The one-lease-per-client statement
2151 one-lease-per-client flag;
2153 If this flag is enabled, whenever a client sends a DHCPREQUEST for a
2155 particular lease, the server will automatically free any other leases
2156 the client holds. This presumes that when the client sends a
2157 DHCPREQUEST, it has forgotten any lease not mentioned in the DHCPRE‐
2158 QUEST - i.e., the client has only a single network interface and it
2159 does not remember leases it's holding on networks to which it is not
2160 currently attached. Neither of these assumptions are guaranteed or
2161 provable, so we urge caution in the use of this statement.
2162 The pid-file-name statement
2164 pid-file-name name;
2166 Name should be the name of the DHCP server's process ID file. This
2168 is the file in which the DHCP server's process ID is stored when the
2169 server starts. By default, this is /var/run/dhcpd.pid. Like the
2170 lease-file-name statement, this statement must appear in the outer
2171 scope of the configuration file. It has no effect if overridden by
2172 the -pf flag or the PATH_DHCPD_PID environment variable.
2173 The dhcpv6-pid-file-name statement
2175 dhcpv6-pid-file-name name;
2177 Name is the name of the pid file to use if and only if the server
2179 is running in DHCPv6 mode. By default, this is
2180 /var/lib/dhcpd/dhcpd6.pid. This statement, like pid-file-name,
2181 must appear in the outer scope of the configuration file. It has
2182 no effect if overridden by the -pf flag or the PATH_DHCPD6_PID
2183 environment variable. If dhcpv6-pid-file-name is not specified,
2184 but pid-file-name is, the latter value will be used.
2185 The ping-check statement
2187 ping-check flag;
2189 When the DHCP server is considering dynamically allocating an IP
2191 address to a client, it first sends an ICMP Echo request (a ping)
2192 to the address being assigned. It waits for a second, and if no
2193 ICMP Echo response has been heard, it assigns the address. If a
2194 response is heard, the lease is abandoned, and the server does not
2195 respond to the client.
2196 This ping check introduces a default one-second delay in respond‐
2198 ing to DHCPDISCOVER messages, which can be a problem for some
2199 clients. The default delay of one second may be configured using
2200 the ping-timeout parameter. The ping-check configuration parame‐
2201 ter can be used to control checking - if its value is false, no
2202 ping check is done.
2203 The ping-timeout statement
2205 ping-timeout seconds;
2207 If the DHCP server determined it should send an ICMP echo request
2209 (a ping) because the ping-check statement is true, ping-timeout
2210 allows you to configure how many seconds the DHCP server should
2211 wait for an ICMP Echo response to be heard, if no ICMP Echo
2212 response has been received before the timeout expires, it assigns
2213 the address. If a response is heard, the lease is abandoned, and
2214 the server does not respond to the client. If no value is set,
2215 ping-timeout defaults to 1 second.
2216 The preferred-lifetime statement
2218 preferred-lifetime seconds;
2220 IPv6 addresses have ´valid´ and ´preferred´ lifetimes. The valid
2222 lifetime determines at what point at lease might be said to have
2223 expired, and is no longer useable. A preferred lifetime is an
2224 advisory condition to help applications move off of the address
2225 and onto currently valid addresses (should there still be any open
2226 TCP sockets or similar).
2227 The preferred lifetime defaults to the renew+rebind timers, or 3/4
2229 the default lease time if none were specified.
2230 The remote-port statement
2232 remote-port port;
2234 This statement causes the DHCP server to transmit DHCP responses
2236 to DHCP clients upon the UDP port specified in port, rather than
2237 on port 68. In the event that the UDP response is transmitted to
2238 a DHCP Relay, the server generally uses the local-port configura‐
2239 tion value. Should the DHCP Relay happen to be addressed as
2240 127.0.0.1, however, the DHCP Server transmits its response to the
2241 remote-port configuration value. This is generally only useful
2242 for testing purposes, and this configuration value should gener‐
2243 ally not be used.
2244 The server-identifier statement
2246 server-identifier hostname;
2248 The server-identifier statement can be used to define the value
2250 that is sent in the DHCP Server Identifier option for a given
2251 scope. The value specified must be an IP address for the DHCP
2252 server, and must be reachable by all clients served by a particu‐
2253 lar scope.
2254 The use of the server-identifier statement is not recommended -
2256 the only reason to use it is to force a value other than the
2257 default value to be sent on occasions where the default value
2258 would be incorrect. The default value is the first IP address
2259 associated with the physical network interface on which the
2260 request arrived.
2261 The usual case where the server-identifier statement needs to be
2263 sent is when a physical interface has more than one IP address,
2264 and the one being sent by default isn't appropriate for some or
2265 all clients served by that interface. Another common case is when
2266 an alias is defined for the purpose of having a consistent IP
2267 address for the DHCP server, and it is desired that the clients
2268 use this IP address when contacting the server.
2269 Supplying a value for the dhcp-server-identifier option is equiva‐
2271 lent to using the server-identifier statement.
2272 The server-duid statement
2274 server-duid LLT [ hardware-type timestamp hardware-address ] ;
2276 server-duid EN enterprise-number enterprise-identifier ;
2278 server-duid LL [ hardware-type hardware-address ] ;
2280 The server-duid statement configures the server DUID. You may pick
2282 either LLT (link local address plus time), EN (enterprise), or LL
2283 (link local).
2284 If you choose LLT or LL, you may specify the exact contents of the
2286 DUID. Otherwise the server will generate a DUID of the specified
2287 type.
2288 If you choose EN, you must include the enterprise number and the
2290 enterprise-identifier.
2291 The default server-duid type is LLT.
2293 The server-name statement
2295 server-name name ;
2297 The server-name statement can be used to inform the client of the
2299 name of the server from which it is booting. Name should be the
2300 name that will be provided to the client.
2301 The site-option-space statement
2303 site-option-space name ;
2305 The site-option-space statement can be used to determine from what
2307 option space site-local options will be taken. This can be used
2308 in much the same way as the vendor-option-space statement. Site-
2309 local options in DHCP are those options whose numeric codes are
2310 greater than 224. These options are intended for site-specific
2311 uses, but are frequently used by vendors of embedded hardware that
2312 contains DHCP clients. Because site-specific options are allo‐
2313 cated on an ad hoc basis, it is quite possible that one vendor's
2314 DHCP client might use the same option code that another vendor's
2315 client uses, for different purposes. The site-option-space
2316 option can be used to assign a different set of site-specific
2317 options for each such vendor, using conditional evaluation (see
2318 dhcp-eval (5) for details).
2319 The stash-agent-options statement
2321 stash-agent-options flag;
2323 If the stash-agent-options parameter is true for a given client,
2325 the server will record the relay agent information options sent
2326 during the client's initial DHCPREQUEST message when the client
2327 was in the SELECTING state and behave as if those options are
2328 included in all subsequent DHCPREQUEST messages sent in the RENEW‐
2329 ING state. This works around a problem with relay agent informa‐
2330 tion options, which is that they usually not appear in DHCPREQUEST
2331 messages sent by the client in the RENEWING state, because such
2332 messages are unicast directly to the server and not sent through a
2333 relay agent.
2334 The update-conflict-detection statement
2336 update-conflict-detection flag;
2338 If the update-conflict-detection parameter is true, the server
2340 will perform standard DHCID multiple-client, one-name conflict
2341 detection. If the parameter has been set false, the server will
2342 skip this check and instead simply tear down any previous bindings
2343 to install the new binding without question. The default is true.
2344 The update-optimization statement
2346 update-optimization flag;
2348 If the update-optimization parameter is false for a given client,
2350 the server will attempt a DNS update for that client each time the
2351 client renews its lease, rather than only attempting an update
2352 when it appears to be necessary. This will allow the DNS to heal
2353 from database inconsistencies more easily, but the cost is that
2354 the DHCP server must do many more DNS updates. We recommend
2355 leaving this option enabled, which is the default. This option
2356 only affects the behavior of the interim DNS update scheme, and
2357 has no effect on the ad-hoc DNS update scheme. If this parameter
2358 is not specified, or is true, the DHCP server will only update
2359 when the client information changes, the client gets a different
2360 lease, or the client's lease expires.
2361 The update-static-leases statement
2363 update-static-leases flag;
2365 The update-static-leases flag, if enabled, causes the DHCP server
2367 to do DNS updates for clients even if those clients are being
2368 assigned their IP address using a fixed-address statement - that
2369 is, the client is being given a static assignment. This can only
2370 work with the interim DNS update scheme. It is not recommended
2371 because the DHCP server has no way to tell that the update has
2372 been done, and therefore will not delete the record when it is not
2373 in use. Also, the server must attempt the update each time the
2374 client renews its lease, which could have a significant perfor‐
2375 mance impact in environments that place heavy demands on the DHCP
2376 server.
2377 The use-host-decl-names statement
2379 use-host-decl-names flag;
2381 If the use-host-decl-names parameter is true in a given scope,
2383 then for every host declaration within that scope, the name pro‐
2384 vided for the host declaration will be supplied to the client as
2385 its hostname. So, for example,
2386 group {
2388 use-host-decl-names on;
2389 host joe {
2391 hardware ethernet 08:00:2b:4c:29:32;
2392 fixed-address joe.fugue.com;
2393 }
2394 }
2395 is equivalent to
2397 host joe {
2399 hardware ethernet 08:00:2b:4c:29:32;
2400 fixed-address joe.fugue.com;
2401 option host-name "joe";
2402 }
2403 An option host-name statement within a host declaration will over‐
2405 ride the use of the name in the host declaration.
2406 It should be noted here that most DHCP clients completely ignore
2408 the host-name option sent by the DHCP server, and there is no way
2409 to configure them not to do this. So you generally have a choice
2410 of either not having any hostname to client IP address mapping
2411 that the client will recognize, or doing DNS updates. It is
2412 beyond the scope of this document to describe how to make this
2413 determination.
2414 The use-lease-addr-for-default-route statement
2416 use-lease-addr-for-default-route flag;
2418 If the use-lease-addr-for-default-route parameter is true in a
2420 given scope, then instead of sending the value specified in the
2421 routers option (or sending no value at all), the IP address of the
2422 lease being assigned is sent to the client. This supposedly
2423 causes Win95 machines to ARP for all IP addresses, which can be
2424 helpful if your router is configured for proxy ARP. The use of
2425 this feature is not recommended, because it won't work for many
2426 DHCP clients.
2427 The vendor-option-space statement
2429 vendor-option-space string;
2431 The vendor-option-space parameter determines from what option
2433 space vendor options are taken. The use of this configuration
2434 parameter is illustrated in the dhcp-options(5) manual page, in
2435 the VENDOR ENCAPSULATED OPTIONS section.
2436
2438 Sometimes it's helpful to be able to set the value of a DHCP server
2439 parameter based on some value that the client has sent. To do this,
2440 you can use expression evaluation. The dhcp-eval(5) manual page
2441 describes how to write expressions. To assign the result of an evalu‐
2442 ation to an option, define the option as follows:
2443 my-parameter = expression ;
2445 For example:
2447 ddns-hostname = binary-to-ascii (16, 8, "-",
2449 substring (hardware, 1, 6));
2450
2452 It's often useful to allocate a single address to a single client, in
2453 approximate perpetuity. Host statements with fixed-address clauses
2454 exist to a certain extent to serve this purpose, but because host
2455 statements are intended to approximate ´static configuration´, they
2456 suffer from not being referenced in a littany of other Server Services,
2457 such as dynamic DNS, failover, ´on events´ and so forth.
2458 If a standard dynamic lease, as from any range statement, is marked
2460 ´reserved´, then the server will only allocate this lease to the client
2461 it is identified by (be that by client identifier or hardware address).
2462 In practice, this means that the lease follows the normal state engine,
2464 enters ACTIVE state when the client is bound to it, expires, or is
2465 released, and any events or services that would normally be supplied
2466 during these events are processed normally, as with any other dynamic
2467 lease. The only difference is that failover servers treat reserved
2468 leases as special when they enter the FREE or BACKUP states - each
2469 server applies the lease into the state it may allocate from - and the
2470 leases are not placed on the queue for allocation to other clients.
2471 Instead they may only be ´found´ by client identity. The result is
2472 that the lease is only offered to the returning client.
2473 Care should probably be taken to ensure that the client only has one
2475 lease within a given subnet that it is identified by.
2476 Leases may be set ´reserved´ either through OMAPI, or through the
2478 ´infinite-is-reserved´ configuration option (if this is applicable to
2479 your environment and mixture of clients).
2480 It should also be noted that leases marked ´reserved´ are effectively
2482 treated the same as leases marked ´bootp´.
2483
2485 DHCP option statements are documented in the dhcp-options(5) manual
2486 page.
2487
2489 Expressions used in DHCP option statements and elsewhere are documented
2490 in the dhcp-eval(5) manual page.
2491
2493 dhcpd(8), dhcpd.leases(5), dhcp-options(5), dhcp-eval(5), RFC2132,
2494 RFC2131.
2495
2497 dhcpd.conf(5) was written by Ted Lemon under a contract with Vixie
2498 Labs. Funding for this project was provided by Internet Systems Con‐
2499 sortium. Information about Internet Systems Consortium can be found at
2500 https://www.isc.org.
2501 dhcpd.conf(5)