1dhcpd.conf(5)                 File Formats Manual                dhcpd.conf(5)
2
3
4

NAME

6       dhcpd.conf - dhcpd configuration file
7

DESCRIPTION

9       The  dhcpd.conf  file contains configuration information for dhcpd, the
10       Internet Systems Consortium DHCP Server.
11
12       The dhcpd.conf file is a free-form ASCII text file.  It  is  parsed  by
13       the  recursive-descent  parser  built into dhcpd.  The file may contain
14       extra tabs and newlines for formatting purposes.  Keywords in the  file
15       are  case-insensitive.  Comments may be placed anywhere within the file
16       (except within quotes).  Comments begin with the # character and end at
17       the end of the line.
18
19       The file essentially consists of a list of statements.  Statements fall
20       into two broad categories - parameters and declarations.
21
22       Parameter statements either say how to do something (e.g., how  long  a
23       lease  to  offer),  whether to do something (e.g., should dhcpd provide
24       addresses to unknown clients), or what parameters  to  provide  to  the
25       client (e.g., use gateway 220.177.244.7).
26
27       Declarations  are  used  to  describe  the  topology of the network, to
28       describe clients on the network,  to  provide  addresses  that  can  be
29       assigned  to  clients,  or to apply a group of parameters to a group of
30       declarations.  In any group of parameters and declarations, all parame‐
31       ters  must  be  specified before any declarations which depend on those
32       parameters may be specified.
33
34       Declarations about network topology include the shared-network and  the
35       subnet  declarations.   If  clients  on  a  subnet  are  to be assigned
36       addresses dynamically, a range declaration must appear within the  sub‐
37       net  declaration.   For  clients with statically assigned addresses, or
38       for installations where only known clients will be  served,  each  such
39       client  must  have a host declaration.  If parameters are to be applied
40       to a group of declarations which are not related strictly on a per-sub‐
41       net basis, the group declaration can be used.
42
43       For  every  subnet  which will be served, and for every subnet to which
44       the dhcp server is connected, there must  be  one  subnet  declaration,
45       which  tells  dhcpd how to recognize that an address is on that subnet.
46       A subnet declaration is required for each subnet even if  no  addresses
47       will be dynamically allocated on that subnet.
48
49       Some  installations  have  physical  networks on which more than one IP
50       subnet operates.  For example, if there is a site-wide requirement that
51       8-bit  subnet  masks  be  used, but a department with a single physical
52       ethernet network expands to the point where it has more than 254 nodes,
53       it may be necessary to run two 8-bit subnets on the same ethernet until
54       such time as a new physical network can be added.  In  this  case,  the
55       subnet  declarations  for  these  two  networks  must  be enclosed in a
56       shared-network declaration.
57
58       Note that even when the shared-network declaration is absent, an  empty
59       one  is  created  by  the  server to contain the subnet (and any scoped
60       parameters included in the subnet).  For practical purposes, this means
61       that  "stateless"  DHCP  clients,  which are not tied to addresses (and
62       therefore subnets) will receive  the  same  configuration  as  stateful
63       ones.
64
65       Some  sites  may  have  departments which have clients on more than one
66       subnet, but it may be desirable to offer those clients a uniform set of
67       parameters  which  are  different than what would be offered to clients
68       from other departments on the same subnet.  For clients which  will  be
69       declared  explicitly  with host declarations, these declarations can be
70       enclosed in a group declaration along with  the  parameters  which  are
71       common to that department.  For clients whose addresses will be dynami‐
72       cally assigned, class declarations and conditional declarations may  be
73       used  to  group  parameter  assignments based on information the client
74       sends.
75
76       When a client is to be booted, its boot parameters  are  determined  by
77       consulting that client's host declaration (if any), and then consulting
78       any class declarations matching the client, followed by the pool,  sub‐
79       net  and shared-network declarations for the IP address assigned to the
80       client.  Each of these declarations itself  appears  within  a  lexical
81       scope,  and  all  declarations at less specific lexical scopes are also
82       consulted for client option declarations.  Scopes are never  considered
83       twice,  and  if  parameters  are  declared  in more than one scope, the
84       parameter declared in the most specific scope is the one that is used.
85
86       When dhcpd tries to find a host declaration  for  a  client,  it  first
87       looks for a host declaration which has a fixed-address declaration that
88       lists an IP address that is valid for the subnet or shared  network  on
89       which  the  client  is  booting.  If it doesn't find any such entry, it
90       tries to find an entry which has no fixed-address declaration.
91

EXAMPLES

93       A typical dhcpd.conf file will look something like this:
94
95       global parameters...
96
97       subnet 204.254.239.0 netmask 255.255.255.224 {
98         subnet-specific parameters...
99         range 204.254.239.10 204.254.239.30;
100       }
101
102       subnet 204.254.239.32 netmask 255.255.255.224 {
103         subnet-specific parameters...
104         range 204.254.239.42 204.254.239.62;
105       }
106
107       subnet 204.254.239.64 netmask 255.255.255.224 {
108         subnet-specific parameters...
109         range 204.254.239.74 204.254.239.94;
110       }
111
112       group {
113         group-specific parameters...
114         host zappo.test.isc.org {
115           host-specific parameters...
116         }
117         host beppo.test.isc.org {
118           host-specific parameters...
119         }
120         host harpo.test.isc.org {
121           host-specific parameters...
122         }
123       }
124
125                                      Figure 1
126
127
128       Notice that at the beginning of the file, there's a  place  for  global
129       parameters.  These might be things like the organization's domain name,
130       the addresses of the name servers (if they are  common  to  the  entire
131       organization), and so on.  So, for example:
132
133            option domain-name "isc.org";
134            option domain-name-servers ns1.isc.org, ns2.isc.org;
135
136                                      Figure 2
137
138       As  you  can see in Figure 2, you can specify host addresses in parame‐
139       ters using their domain names rather than their numeric  IP  addresses.
140       If  a given hostname resolves to more than one IP address (for example,
141       if that host has two ethernet interfaces), then  where  possible,  both
142       addresses are supplied to the client.
143
144       The  most obvious reason for having subnet-specific parameters as shown
145       in Figure 1 is that each subnet, of necessity, has its own router.   So
146       for the first subnet, for example, there should be something like:
147
148            option routers 204.254.239.1;
149
150       Note  that  the  address  here  is  specified numerically.  This is not
151       required - if you have a different domain name for  each  interface  on
152       your  router, it's perfectly legitimate to use the domain name for that
153       interface instead of the numeric address.  However, in many cases there
154       may  be only one domain name for all of a router's IP addresses, and it
155       would not be appropriate to use that name here.
156
157       In Figure 1 there is also a  group  statement,  which  provides  common
158       parameters  for  a set of three hosts - zappo, beppo and harpo.  As you
159       can see, these hosts are all in the test.isc.org domain,  so  it  might
160       make  sense  for a group-specific parameter to override the domain name
161       supplied to these hosts:
162
163            option domain-name "test.isc.org";
164
165       Also, given the domain they're in, these are  probably  test  machines.
166       If we wanted to test the DHCP leasing mechanism, we might set the lease
167       timeout somewhat shorter than the default:
168
169            max-lease-time 120;
170            default-lease-time 120;
171
172       You may have noticed that while some parameters start with  the  option
173       keyword, some do not.  Parameters starting with the option keyword cor‐
174       respond to actual DHCP options, while parameters that do not start with
175       the  option  keyword  either  control  the  behavior of the DHCP server
176       (e.g., how long a lease dhcpd will give out), or specify client parame‐
177       ters  that  are not optional in the DHCP protocol (for example, server-
178       name and filename).
179
180       In Figure 1, each  host  had  host-specific  parameters.   These  could
181       include  such  things  as  the  hostname  option, the name of a file to
182       upload (the filename parameter) and the  address  of  the  server  from
183       which  to upload the file (the next-server parameter).  In general, any
184       parameter can appear anywhere that parameters are allowed, and will  be
185       applied according to the scope in which the parameter appears.
186
187       Imagine that you have a site with a lot of NCD X-Terminals.  These ter‐
188       minals come in a variety of models, and you want to  specify  the  boot
189       files  for each model.  One way to do this would be to have host decla‐
190       rations for each server and group them by model:
191
192       group {
193         filename "Xncd19r";
194         next-server ncd-booter;
195
196         host ncd1 { hardware ethernet 0:c0:c3:49:2b:57; }
197         host ncd4 { hardware ethernet 0:c0:c3:80:fc:32; }
198         host ncd8 { hardware ethernet 0:c0:c3:22:46:81; }
199       }
200
201       group {
202         filename "Xncd19c";
203         next-server ncd-booter;
204
205         host ncd2 { hardware ethernet 0:c0:c3:88:2d:81; }
206         host ncd3 { hardware ethernet 0:c0:c3:00:14:11; }
207       }
208
209       group {
210         filename "XncdHMX";
211         next-server ncd-booter;
212
213         host ncd1 { hardware ethernet 0:c0:c3:11:90:23; }
214         host ncd4 { hardware ethernet 0:c0:c3:91:a7:8; }
215         host ncd8 { hardware ethernet 0:c0:c3:cc:a:8f; }
216       }
217

ADDRESS POOLS

219       The pool and pool6 declarations can  be  used  to  specify  a  pool  of
220       addresses  that  will  be  treated  differently  than  another  pool of
221       addresses, even on the same network segment or  subnet.   For  example,
222       you  may  want to provide a large set of addresses that can be assigned
223       to DHCP clients that are registered to your DHCP server, while  provid‐
224       ing  a  smaller set of addresses, possibly with short lease times, that
225       are available for unknown clients.  If you have a firewall, you may  be
226       able to arrange for addresses from one pool to be allowed access to the
227       Internet, while addresses in another pool  are  not,  thus  encouraging
228       users  to  register their DHCP clients.  To do this, you would set up a
229       pair of pool declarations:
230
231       subnet 10.0.0.0 netmask 255.255.255.0 {
232         option routers 10.0.0.254;
233
234         # Unknown clients get this pool.
235         pool {
236           option domain-name-servers bogus.example.com;
237           max-lease-time 300;
238           range 10.0.0.200 10.0.0.253;
239           allow unknown-clients;
240         }
241
242         # Known clients get this pool.
243         pool {
244           option domain-name-servers ns1.example.com, ns2.example.com;
245           max-lease-time 28800;
246           range 10.0.0.5 10.0.0.199;
247           deny unknown-clients;
248         }
249       }
250
251       It is also possible to set up entirely different subnets for known  and
252       unknown  clients - address pools exist at the level of shared networks,
253       so address ranges within pool declarations can be on different subnets.
254
255       As you can see in the preceding example, pools can  have  permit  lists
256       that  control  which  clients  are allowed access to the pool and which
257       aren't.  Each entry in a pool's permit  list  is  introduced  with  the
258       allow  or  deny  keyword.  If a pool has a permit list, then only those
259       clients that match specific entries on the permit list will be eligible
260       to  be  assigned  addresses  from the pool.  If a pool has a deny list,
261       then only those clients that do not match any entries on the deny  list
262       will  be  eligible.    If  both permit and deny lists exist for a pool,
263       then only clients that match the permit list and do not match the  deny
264       list will be allowed access.
265
266       The pool6 declaration is similar to the pool declaration.  Currently it
267       is only allowed within a subnet6 declaration, and may not  be  included
268       directly  in  a  shared network declaration.  In addition to the range6
269       statement it allows the prefix6 statement  to  be  included.   You  may
270       include range6 statements for both NA and TA and prefixy6 statements in
271       a single pool6 statement.
272

DYNAMIC ADDRESS ALLOCATION

274       Address allocation is actually only done when a client is in  the  INIT
275       state and has sent a DHCPDISCOVER message.  If the client thinks it has
276       a valid lease and sends a DHCPREQUEST to initiate or renew that  lease,
277       the server has only three choices - it can ignore the DHCPREQUEST, send
278       a DHCPNAK to tell the client it should stop using the address, or  send
279       a  DHCPACK,  telling  the  client to go ahead and use the address for a
280       while.
281
282       If the server finds the address the  client  is  requesting,  and  that
283       address is available to the client, the server will send a DHCPACK.  If
284       the address is no longer available, or the client  isn't  permitted  to
285       have  it,  the server will send a DHCPNAK.  If the server knows nothing
286       about the address, it will remain silent, unless the address is  incor‐
287       rect  for the network segment to which the client has been attached and
288       the server is authoritative for that network segment, in which case the
289       server  will  send  a  DHCPNAK  even  though  it doesn't know about the
290       address.
291
292       There may be a host declaration matching the  client's  identification.
293       If  that  host  declaration  contains  a fixed-address declaration that
294       lists an IP address that is valid for the network segment to which  the
295       client  is  connected.   In  this  case,  the DHCP server will never do
296       dynamic address allocation.  In this case, the client  is  required  to
297       take  the  address  specified  in  the host declaration.  If the client
298       sends a DHCPREQUEST for some other address,  the  server  will  respond
299       with a DHCPNAK.
300
301       When  the  DHCP  server allocates a new address for a client (remember,
302       this only happens if the client has  sent  a  DHCPDISCOVER),  it  first
303       looks  to see if the client already has a valid lease on an IP address,
304       or if there is an old IP address the client had before that hasn't  yet
305       been  reassigned.   In that case, the server will take that address and
306       check it to see if the client is still permitted to  use  it.   If  the
307       client  is  no  longer  permitted  to use it, the lease is freed if the
308       server thought it was still in use - the fact that the client has  sent
309       a  DHCPDISCOVER proves to the server that the client is no longer using
310       the lease.
311
312       If no existing lease is found, or if the client is forbidden to receive
313       the  existing  lease,  then the server will look in the list of address
314       pools for the network segment to which the client  is  attached  for  a
315       lease  that is not in use and that the client is permitted to have.  It
316       looks through each pool declaration in sequence (all range declarations
317       that appear outside of pool declarations are grouped into a single pool
318       with no permit list).  If the permit  list  for  the  pool  allows  the
319       client  to be allocated an address from that pool, the pool is examined
320       to see if there is an address available.  If so,  then  the  client  is
321       tentatively assigned that address.  Otherwise, the next pool is tested.
322       If no addresses are found that  can  be  assigned  to  the  client,  no
323       response is sent to the client.
324
325       If  an  address is found that the client is permitted to have, and that
326       has never been assigned to any client before, the  address  is  immedi‐
327       ately allocated to the client.  If the address is available for alloca‐
328       tion but has been previously assigned to a different client, the server
329       will  keep looking in hopes of finding an address that has never before
330       been assigned to a client.
331
332       The DHCP server generates the list of available  IP  addresses  from  a
333       hash  table.   This means that the addresses are not sorted in any par‐
334       ticular order, and so it is not possible to predict the order in  which
335       the DHCP server will allocate IP addresses.  Users of previous versions
336       of the ISC DHCP server may have become accustomed to  the  DHCP  server
337       allocating  IP addresses in ascending order, but this is no longer pos‐
338       sible, and there is no way to configure this behavior with version 3 of
339       the ISC DHCP server.
340

IP ADDRESS CONFLICT PREVENTION

342       The  DHCP  server  checks IP addresses to see if they are in use before
343       allocating them to clients.  It does  this  by  sending  an  ICMP  Echo
344       request  message  to  the  IP address being allocated.  If no ICMP Echo
345       reply is received within a second, the address is assumed to  be  free.
346       This  is  only done for leases that have been specified in range state‐
347       ments, and only when the lease is thought by the DHCP server to be free
348       -  i.e.,  the DHCP server or its failover peer has not listed the lease
349       as in use.
350
351       If a response is received to an ICMP  Echo  request,  the  DHCP  server
352       assumes  that there is a configuration error - the IP address is in use
353       by some host on the network that is not a DHCP client.   It  marks  the
354       address as abandoned, and will not assign it to clients. The lease will
355       remain abandoned for a minimum of abandon-lease-time seconds.
356
357       If a DHCP client tries to get an IP address, but  none  are  available,
358       but there are abandoned IP addresses, then the DHCP server will attempt
359       to reclaim an abandoned IP address.  It marks one IP address  as  free,
360       and  then  does  the same ICMP Echo request check described previously.
361       If there is no answer to the ICMP Echo request, the address is assigned
362       to the client.
363
364       The  DHCP  server  does not cycle through abandoned IP addresses if the
365       first IP address it tries to reclaim is free.  Rather,  when  the  next
366       DHCPDISCOVER comes in from the client, it will attempt a new allocation
367       using the same method described here, and will typically try a  new  IP
368       address.
369

DHCP FAILOVER

371       This version of the ISC DHCP server supports the DHCP failover protocol
372       as documented in draft-ietf-dhc-failover-12.txt.  This is not  a  final
373       protocol  document,  and we have not done interoperability testing with
374       other vendors' implementations of this protocol, so you must not assume
375       that  this implementation conforms to the standard.  If you wish to use
376       the failover protocol, make sure that both failover peers  are  running
377       the same version of the ISC DHCP server.
378
379       The failover protocol allows two DHCP servers (and no more than two) to
380       share a common address pool.  Each server will have about half  of  the
381       available  IP  addresses  in the pool at any given time for allocation.
382       If one server fails, the other server will continue to renew leases out
383       of the pool, and will allocate new addresses out of the roughly half of
384       available addresses that it had  when  communications  with  the  other
385       server were lost.
386
387       It  is possible during a prolonged failure to tell the remaining server
388       that the other server is down, in which case the remaining server  will
389       (over  time)  reclaim  all the addresses the other server had available
390       for allocation, and begin to reuse them.  This is  called  putting  the
391       server into the PARTNER-DOWN state.
392
393       You  can put the server into the PARTNER-DOWN state either by using the
394       omshell (1) command  or  by  stopping  the  server,  editing  the  last
395       failover  state  declaration  in  the  lease  file,  and restarting the
396       server.  If you use this last method, change the "my state" line to:
397
398       failover peer name state {
399       my state partner-down;.
400       peer state state at date;
401       }
402
403       It is only required to change "my state" as shown above.
404
405       When the other server comes back online, it should automatically detect
406       that  it has been offline and request a complete update from the server
407       that was running in the PARTNER-DOWN state, and then both servers  will
408       resume processing together.
409
410       It is possible to get into a dangerous situation: if you put one server
411       into the PARTNER-DOWN state, and then *that* server goes down, and  the
412       other  server  comes  back  up, the other server will not know that the
413       first server was in the PARTNER-DOWN state,  and  may  issue  addresses
414       previously  issued  by the other server to different clients, resulting
415       in IP address conflicts.  Before putting  a  server  into  PARTNER-DOWN
416       state,  therefore,  make  sure  that  the other server will not restart
417       automatically.
418
419       The failover protocol defines a primary server  role  and  a  secondary
420       server  role.   There  are some differences in how primaries and secon‐
421       daries act, but most of the differences simply have to do with  provid‐
422       ing  a  way for each peer to behave in the opposite way from the other.
423       So one server must be configured as primary, and the other must be con‐
424       figured  as  secondary,  and  it  doesn't  matter too much which one is
425       which.
426

FAILOVER STARTUP

428       When a server starts that has  not  previously  communicated  with  its
429       failover  peer, it must establish communications with its failover peer
430       and synchronize with it before it can serve clients.  This  can  happen
431       either  because  you  have just configured your DHCP servers to perform
432       failover for the first time, or because one of  your  failover  servers
433       has failed catastrophically and lost its database.
434
435       The  initial  recovery  process  is  designed  to  ensure that when one
436       failover peer loses its database and then  resynchronizes,  any  leases
437       that the failed server gave out before it failed will be honored.  When
438       the failed server starts up, it notices that it has no  saved  failover
439       state, and attempts to contact its peer.
440
441       When  it  has established contact, it asks the peer for a complete copy
442       its peer's lease database.  The peer then sends its complete  database,
443       and sends a message indicating that it is done.  The failed server then
444       waits until MCLT has passed, and once MCLT has passed both servers make
445       the transition back into normal operation.  This waiting period ensures
446       that any leases the failed server may have given out while out of  con‐
447       tact with its partner will have expired.
448
449       While the failed server is recovering, its partner remains in the part‐
450       ner-down state, which means that it is serving all clients.  The failed
451       server provides no service at all to DHCP clients until it has made the
452       transition into normal operation.
453
454       In the case where both servers detect that they have never before  com‐
455       municated  with their partner, they both come up in this recovery state
456       and follow the procedure we have just described.  In this case, no ser‐
457       vice will be provided to DHCP clients until MCLT has expired.
458

CONFIGURING FAILOVER

460       In  order  to  configure failover, you need to write a peer declaration
461       that configures the failover protocol, and you need to write peer  ref‐
462       erences  in  each  pool  declaration for which you want to do failover.
463       You do not have to do failover for all pools on a  given  network  seg‐
464       ment.    You must not tell one server it's doing failover on a particu‐
465       lar address pool and tell the other it is not.  You must not  have  any
466       common  address pools on which you are not doing failover.  A pool dec‐
467       laration that utilizes failover would look like this:
468
469       pool {
470            failover peer "foo";
471            pool specific parameters
472       };
473
474       Dynamic BOOTP leases are not compatible with failover,  and,  as  such,
475       you need to disallow BOOTP in pools that you are using failover for.
476
477       The   server currently  does very  little  sanity checking,  so if  you
478       configure it wrong, it will just  fail in odd ways.  I would  recommend
479       therefore  that you either do  failover or don't do failover, but don't
480       do any mixed pools.  Also,  use the same master configuration file  for
481       both   servers,  and  have  a  separate file  that  contains  the  peer
482       declaration and includes the master file.  This will help you to  avoid
483       configuration   mismatches.  As our  implementation evolves,  this will
484       become  less of  a  problem.  A  basic  sample dhcpd.conf  file for   a
485       primary server might look like this:
486
487       failover peer "foo" {
488         primary;
489         address anthrax.rc.example.com;
490         port 647;
491         peer address trantor.rc.example.com;
492         peer port 847;
493         max-response-delay 60;
494         max-unacked-updates 10;
495         mclt 3600;
496         split 128;
497         load balance max seconds 3;
498       }
499
500       include "/etc/dhcpd.master";
501
502       The statements in the peer declaration are as follows:
503
504       The primary and secondary statements
505
506         [ primary | secondary ];
507
508         This  determines  whether  the  server  is  primary  or secondary, as
509         described earlier under DHCP FAILOVER.
510
511       The address statement
512
513         address address;
514
515         The address statement declares the IP address or DNS  name  on  which
516         the  server should listen for connections from its failover peer, and
517         also the value to use for the DHCP Failover Protocol  server  identi‐
518         fier.   Because  this  value  is used as an identifier, it may not be
519         omitted.
520
521       The peer address statement
522
523         peer address address;
524
525         The peer address statement declares the IP address  or  DNS  name  to
526         which  the  server  should  connect  to  reach  its failover peer for
527         failover messages.
528
529       The port statement
530
531         port port-number;
532
533         The port statement declares the TCP port on which the  server  should
534         listen for connections from its failover peer.  This statement may be
535         omitted, in which case the IANA assigned port number 647 will be used
536         by default.
537
538       The peer port statement
539
540         peer port port-number;
541
542         The  peer  port  statement  declares the TCP port to which the server
543         should connect to reach its  failover  peer  for  failover  messages.
544         This  statement  may be omitted, in which case the IANA assigned port
545         number 647 will be used by default.
546
547       The max-response-delay statement
548
549         max-response-delay seconds;
550
551         The max-response-delay statement tells the DHCP server how many  sec‐
552         onds  may  pass  without  receiving  a message from its failover peer
553         before it assumes that connection has failed.  This number should  be
554         small enough that a transient network failure that breaks the connec‐
555         tion will not result in the servers being out of communication for  a
556         long  time,  but large enough that the server isn't constantly making
557         and breaking connections.  This parameter must be specified.
558
559       The max-unacked-updates statement
560
561         max-unacked-updates count;
562
563         The max-unacked-updates statement tells the remote  DHCP  server  how
564         many BNDUPD messages it can send before it receives a BNDACK from the
565         local system.  We don't have enough  operational  experience  to  say
566         what  a good value for this is, but 10 seems to work.  This parameter
567         must be specified.
568
569       The mclt statement
570
571         mclt seconds;
572
573         The mclt statement defines the Maximum Client Lead Time.  It must  be
574         specified  on the primary, and may not be specified on the secondary.
575         This is the length of time for which a lease may be renewed by either
576         failover peer without contacting the other.  The longer you set this,
577         the longer it  will  take  for  the  running  server  to  recover  IP
578         addresses  after moving into PARTNER-DOWN state.  The shorter you set
579         it, the more load your servers will experience when they are not com‐
580         municating.   A  value of something like 3600 is probably reasonable,
581         but again bear in mind that we have no  real  operational  experience
582         with this.
583
584       The split statement
585
586         split bits;
587
588         The  split statement specifies the split between the primary and sec‐
589         ondary for the purposes of load balancing.  Whenever a client makes a
590         DHCP  request,  the DHCP server runs a hash on the client identifica‐
591         tion, resulting in value from 0 to 255.  This is  used  as  an  index
592         into  a  256 bit field.  If the bit at that index is set, the primary
593         is responsible.  If the bit at that index is not set,  the  secondary
594         is  responsible.   The split value determines how many of the leading
595         bits are set to one.  So, in practice, higher split values will cause
596         the  primary  to  serve more clients than the secondary.  Lower split
597         values, the converse.  Legal values are between 0 and 256  inclusive,
598         of  which  the  most reasonable is 128.  Note that a value of 0 makes
599         the secondary responsible for all clients and a value  of  256  makes
600         the primary responsible for all clients.
601
602       The hba statement
603
604         hba colon-separated-hex-list;
605
606         The  hba  statement  specifies the split between the primary and sec‐
607         ondary as a bitmap rather than a cutoff, which  theoretically  allows
608         for  finer-grained  control.   In practice, there is probably no need
609         for such fine-grained control, however.  An example hba statement:
610
611           hba ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
612               00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00;
613
614         This is equivalent to a split 128;  statement,  and  identical.   The
615         following two examples are also equivalent to a split of 128, but are
616         not identical:
617
618           hba aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:
619               aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa;
620
621           hba 55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:
622               55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55;
623
624         They are equivalent, because half the bits are set to 0, half are set
625         to  1  (0xa and 0x5 are 1010 and 0101 binary respectively) and conse‐
626         quently this would roughly divide the  clients  equally  between  the
627         servers.  They are not identical, because the actual peers this would
628         load balance to each server are different for each example.
629
630         You must only have split or hba defined, never both.  For most cases,
631         the  fine-grained  control that hba offers isn't necessary, and split
632         should be used.
633
634       The load balance max seconds statement
635
636         load balance max seconds seconds;
637
638         This statement allows you to configure a cutoff after which load bal‐
639         ancing  is  disabled.   The  cutoff is based on the number of seconds
640         since the client sent its first DHCPDISCOVER or DHCPREQUEST  message,
641         and only works with clients that correctly implement the secs field -
642         fortunately most clients do.  We recommend setting this to  something
643         like 3 or 5.  The effect of this is that if one of the failover peers
644         gets into a state where it is responding to failover messages but not
645         responding to some client requests, the other failover peer will take
646         over its client load automatically as the clients retry.
647
648       The auto-partner-down statement
649
650         auto-partner-down seconds;
651
652         This statement instructs the server to initiate a  timed  delay  upon
653         entering the communications-interrupted state (any situation of being
654         out-of-contact with the remote failover peer).  At the conclusion  of
655         the  timer,  the  server  will  automatically  enter the partner-down
656         state.  This permits the server to allocate leases from the partner's
657         free  lease  pool after an STOS+MCLT timer expires, which can be dan‐
658         gerous if the partner is in fact  operating  at  the  time  (the  two
659         servers will give conflicting bindings).
660
661         Think  very carefully before enabling this feature.  The partner-down
662         and communications-interrupted states  are  intentionally  segregated
663         because there do exist situations where a failover server can fail to
664         communicate with its peer, but still has the ability to  receive  and
665         reply to requests from DHCP clients.  In general, this feature should
666         only be used in those deployments  where  the  failover  servers  are
667         directly  connected  to one another, such as by a dedicated hardwired
668         link ("a heartbeat cable").
669
670         A  zero  value  disables  the  auto-partner-down  feature  (also  the
671         default),  and  any  positive  value indicates the time in seconds to
672         wait before automatically entering partner-down.
673
674       The Failover pool balance statements.
675
676          max-lease-misbalance percentage;
677          max-lease-ownership percentage;
678          min-balance seconds;
679          max-balance seconds;
680
681         This version of the DHCP Server evaluates pool balance on a schedule,
682         rather  than  on demand as leases are allocated.  The latter approach
683         proved to be slightly klunky when pool misbalanced reach total  satu‐
684         ration  —  when  any server ran out of leases to assign, it also lost
685         its ability to notice it had run dry.
686
687         In order to understand pool balance, some elements of  its  operation
688         first  need  to  be  defined.   First,  there are ´free´ and ´backup´
689         leases.  Both of these  are  referred  to  as  ´free  state  leases´.
690         ´free´  and  ´backup´  are  ´the free states´ for the purpose of this
691         document.  The difference is that only the primary may allocate  from
692         ´free´  leases  unless under special circumstances, and only the sec‐
693         ondary may allocate ´backup´ leases.
694
695         When pool balance is performed, the only plausible expectation is  to
696         provide  a  50/50  split  of  the  free  state leases between the two
697         servers.  This is because no one can predict which server will  fail,
698         regardless  of the relative load placed upon the two servers, so giv‐
699         ing each server half the leases gives both servers the same amount of
700         ´failure  endurance´.   Therefore,  there  is no way to configure any
701         different behaviour, outside of  some  very  small  windows  we  will
702         describe shortly.
703
704         The  first  thing  calculated  on  any  pool  balance  run is a value
705         referred to as ´lts´, or "Leases To Send".  This, simply, is the dif‐
706         ference  in the count of free and backup leases, divided by two.  For
707         the secondary, it is the difference in the backup  and  free  leases,
708         divided  by  two.   The resulting value is signed: if it is positive,
709         the local server is expected to hand out leases  to  retain  a  50/50
710         balance.   If  it  is  negative, the remote server would need to send
711         leases to balance the pool.  Once the lts  value  reaches  zero,  the
712         pool  is perfectly balanced (give or take one lease in the case of an
713         odd number of total free state leases).
714
715         The current approach is still  something  of  a  hybrid  of  the  old
716         approach,  marked  by the presence of the max-lease-misbalance state‐
717         ment.  This parameter configures what used to be a 10% fixed value in
718         previous  versions:  if lts is less than free+backup * max-lease-mis‐
719         balance percent, then the server will skip balancing a given pool (it
720         won't  bother  moving  any  leases,  even  if some leases "should" be
721         moved).  The meaning of this value is also somewhat overloaded,  how‐
722         ever,  in  that  it also governs the estimation of when to attempt to
723         balance the pool (which may then also be skipped over).   The  oldest
724         leases  in  the  free  and backup states are examined.  The time they
725         have resided in their respective queues is used  as  an  estimate  to
726         indicate how much time it is probable it would take before the leases
727         at the top of the list would be consumed (and thus, how long it would
728         take  to  use all leases in that state).  This percentage is directly
729         multiplied by this time, and fit into the schedule if it falls within
730         the  min-balance  and  max-balance  configured values.  The scheduled
731         pool check time is only moved in a downwards direction, it  is  never
732         increased.  Lastly, if the lts is more than double this number in the
733         negative direction, the local server  will  ´panic´  and  transmit  a
734         Failover  protocol POOLREQ message, in the hopes that the remote sys‐
735         tem will be woken up into action.
736
737         Once the lts value exceeds  the  max-lease-misbalance  percentage  of
738         total  free  state leases as described above, leases are moved to the
739         remote server.  This is done in two passes.
740
741         In the first pass, only leases whose most recent bound  client  would
742         have been served by the remote server - according to the Load Balance
743         Algorithm (see above split and hba configuration  statements)  -  are
744         given  away  to  the  peer.  This first pass will happily continue to
745         give away leases, decrementing the lts value by one for  each,  until
746         the  lts value has reached the negative of the total number of leases
747         multiplied by the max-lease-ownership percentage.  So it  is  through
748         this  value that you can permit a small misbalance of the lease pools
749         - for the purpose of giving the peer  more  than  a  50/50  share  of
750         leases  in  the hopes that their clients might some day return and be
751         allocated by the peer (operating normally).  This process is referred
752         to  as  ´MAC  Address  Affinity´,  but  this is somewhat misnamed: it
753         applies equally to DHCP Client Identifier options.   Note  also  that
754         affinity  is  applied to leases when they enter the state ´free´ from
755         ´expired´ or ´released´.  In this case also, leases will not be moved
756         from free to backup if the secondary already has more than its share.
757
758         The  second  pass  is  only  entered  into if the first pass fails to
759         reduce the lts underneath the total number of free state leases  mul‐
760         tiplied  by  the  max-lease-ownership  percentage.  In this pass, the
761         oldest leases are given over to the peer without second thought about
762         the  Load  Balance  Algorithm, and this continues until the lts falls
763         under this value.  In this way, the local server  will  also  happily
764         keep  a  small percentage of the leases that would normally load bal‐
765         ance to itself.
766
767         So, the  max-lease-misbalance  value  acts  as  a  behavioural  gate.
768         Smaller values will cause more leases to transition states to balance
769         the pools over time, higher values will decrease the amount of change
770         (but may lead to pool starvation if there's a run on leases).
771
772         The  max-lease-ownership  value  permits a small (percentage) skew in
773         the lease balance of a percentage of the total number of  free  state
774         leases.
775
776         Finally,  the  min-balance and max-balance make certain that a sched‐
777         uled rebalance event happens within a reasonable timeframe (not to be
778         thrown off by, for example, a 7 year old free lease).
779
780         Plausible  values  for  the percentages lie between 0 and 100, inclu‐
781         sive, but values over 50 are indistinguishable from one another (once
782         lts  exceeds  50% of the free state leases, one server must therefore
783         have 100% of the leases in its respective free state).  It is  recom‐
784         mended  to  select a max-lease-ownership value that is lower than the
785         value selected for the max-lease-misbalance value.   max-lease-owner‐
786         ship defaults to 10, and max-lease-misbalance defaults to 15.
787
788         Plausible values for the min-balance and max-balance times also range
789         from 0 to (2^32)-1 (or the limit of your  local  time_t  value),  but
790         default  to  values 60 and 3600 respectively (to place balance events
791         between 1 minute and 1 hour).
792

CLIENT CLASSING

794       Clients can be separated into classes, and treated differently  depend‐
795       ing on what class they are in.  This separation can be done either with
796       a conditional statement, or with a match  statement  within  the  class
797       declaration.   It is possible to specify a limit on the total number of
798       clients within a particular class or subclass that may hold  leases  at
799       one  time, and it is possible to specify automatic subclassing based on
800       the contents of the client packet.
801
802       Classing support for DHCPv6 clients was added in 4.3.0.  It follows the
803       same  rules  as  for DHCPv4 except that support for billing classes has
804       not been added yet.
805
806       To add clients to classes based  on  conditional  evaluation,  you  can
807       specify a matching expression in the class statement:
808
809       class "ras-clients" {
810         match if substring (option dhcp-client-identifier, 1, 3) = "RAS";
811       }
812
813       Note  that  whether  you use matching expressions or add statements (or
814       both) to classify clients, you must always write  a  class  declaration
815       for any class that you use.  If there will be no match statement and no
816       in-scope statements for a class, the declaration should look like this:
817
818       class "ras-clients" {
819       }
820

SUBCLASSES

822       In addition to classes, it is possible to declare subclasses.   A  sub‐
823       class is a class with the same name as a regular class, but with a spe‐
824       cific submatch expression which is hashed for quick matching.  This  is
825       essentially  a  speed  hack  - the main difference between five classes
826       with match expressions and one class with five subclasses  is  that  it
827       will be quicker to find the subclasses.  Subclasses work as follows:
828
829       class "allocation-class-1" {
830         match pick-first-value (option dhcp-client-identifier, hardware);
831       }
832
833       class "allocation-class-2" {
834         match pick-first-value (option dhcp-client-identifier, hardware);
835       }
836
837       subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
838       subclass "allocation-class-2" 1:8:0:2b:a9:cc:e3;
839       subclass "allocation-class-1" 1:0:0:c4:aa:29:44;
840
841       subnet 10.0.0.0 netmask 255.255.255.0 {
842         pool {
843           allow members of "allocation-class-1";
844           range 10.0.0.11 10.0.0.50;
845         }
846         pool {
847           allow members of "allocation-class-2";
848           range 10.0.0.51 10.0.0.100;
849         }
850       }
851
852       The data following the class name in the subclass declaration is a con‐
853       stant value to use in matching the  match  expression  for  the  class.
854       When class matching is done, the server will evaluate the match expres‐
855       sion and then look the result up in the hash  table.   If  it  finds  a
856       match, the client is considered a member of both the class and the sub‐
857       class.
858
859       Subclasses can be declared with or without scope.  In the  above  exam‐
860       ple,  the  sole purpose of the subclass is to allow some clients access
861       to one address pool, while other clients are given access to the  other
862       pool,  so these subclasses are declared without scopes.  If part of the
863       purpose of the subclass were to define different parameter  values  for
864       some clients, you might want to declare some subclasses with scopes.
865
866       In  the above example, if you had a single client that needed some con‐
867       figuration parameters, while most didn't, you might write the following
868       subclass declaration for that client:
869
870       subclass "allocation-class-2" 1:08:00:2b:a1:11:31 {
871         option root-path "samsara:/var/diskless/alphapc";
872         filename "/tftpboot/netbsd.alphapc-diskless";
873       }
874
875       In  this  example,  we've  used subclassing as a way to control address
876       allocation on a per-client basis.  However, it's also possible  to  use
877       subclassing  in ways that are not specific to clients - for example, to
878       use the value of the vendor-class-identifier option to  determine  what
879       values  to  send in the vendor-encapsulated-options option.  An example
880       of this is shown under the VENDOR  ENCAPSULATED  OPTIONS  head  in  the
881       dhcp-options(5) manual page.
882

PER-CLASS LIMITS ON DYNAMIC ADDRESS ALLOCATION

884       You may specify a limit to the number of clients in a class that can be
885       assigned leases.  The effect of this will be to make it difficult for a
886       new  client  in  a  class  to get an address.  Once a class with such a
887       limit has reached its limit, the only way a new client  in  that  class
888       can  get  a  lease  is  for an existing client to relinquish its lease,
889       either by letting it  expire,  or  by  sending  a  DHCPRELEASE  packet.
890       Classes with lease limits are specified as follows:
891
892       class "limited-1" {
893         lease limit 4;
894       }
895
896       This will produce a class in which a maximum of four members may hold a
897       lease at one time.
898

SPAWNING CLASSES

900       It is possible to declare a spawning class.   A  spawning  class  is  a
901       class  that  automatically produces subclasses based on what the client
902       sends.  The reason that spawning classes were created was  to  make  it
903       possible  to  create  lease-limited classes on the fly.  The envisioned
904       application is a cable-modem environment where the ISP wishes  to  pro‐
905       vide  clients  at  a particular site with more than one IP address, but
906       does not wish to provide such clients with their own subnet,  nor  give
907       them  an  unlimited  number of IP addresses from the network segment to
908       which they are connected.
909
910       Many cable modem head-end systems can be  configured  to  add  a  Relay
911       Agent Information option to DHCP packets when relaying them to the DHCP
912       server.  These systems typically add a circuit ID or remote  ID  option
913       that uniquely identifies the customer site.  To take advantage of this,
914       you can write a class declaration as follows:
915
916       class "customer" {
917         spawn with option agent.circuit-id;
918         lease limit 4;
919       }
920
921       Now whenever a request comes in from a customer site,  the  circuit  ID
922       option  will  be checked against the class´s hash table.  If a subclass
923       is found that matches the circuit ID, the client will be classified  in
924       that  subclass and treated accordingly.  If no subclass is found match‐
925       ing the circuit ID, a new  one  will  be  created  and  logged  in  the
926       dhcpd.leases file, and the client will be classified in this new class.
927       Once the client has been classified, it will be  treated  according  to
928       the  rules  of the class, including, in this case, being subject to the
929       per-site limit of four leases.
930
931       The use of the subclass spawning mechanism is not restricted  to  relay
932       agent  options  - this particular example is given only because it is a
933       fairly straightforward one.
934

COMBINING MATCH, MATCH IF AND SPAWN WITH

936       In some cases, it may be useful to  use  one  expression  to  assign  a
937       client  to a particular class, and a second expression to put it into a
938       subclass of that class.  This can be done by combining the match if and
939       spawn with statements, or the match if and match statements.  For exam‐
940       ple:
941
942       class "jr-cable-modems" {
943         match if option dhcp-vendor-identifier = "jrcm";
944         spawn with option agent.circuit-id;
945         lease limit 4;
946       }
947
948       class "dv-dsl-modems" {
949         match if option dhcp-vendor-identifier = "dvdsl";
950         spawn with option agent.circuit-id;
951         lease limit 16;
952       }
953
954       This allows you to have two classes that both have the same spawn  with
955       expression without getting the clients in the two classes confused with
956       each other.
957

DYNAMIC DNS UPDATES

959       The DHCP server has the ability to dynamically update the  Domain  Name
960       System.   Within  the  configuration files, you can define how you want
961       the Domain Name System to be updated.  These updates are RFC 2136  com‐
962       pliant  so  any DNS server supporting RFC 2136 should be able to accept
963       updates from the DHCP server.
964
965       There are two DNS schemes implemented.  The interim option is based  on
966       draft  revisions  of  the  DDNS  documents while the standard option is
967       based on the RFCs for DHCP-DNS interaction and DHCIDs.  A third option,
968       ad-hoc,  was  deprecated  and  has now been removed from the code base.
969       The DHCP server must be configured to use one of the two currently-sup‐
970       ported methods, or not to do DNS updates.
971
972       New  installations  should use the standard option. Older installations
973       may want to continue using the interim option for backwards compatibil‐
974       ity  with the DNS database until the database can be updated.  This can
975       be done with the ddns-update-style configuration parameter.
976

THE DNS UPDATE SCHEME

978       the interim and standard DNS update schemes operate mostly according to
979       work  from  the  IETF.   The interim version was based on the drafts in
980       progress at the time while the standard is based on the completed RFCs.
981       The standard RFCs are:
982
983                            RFC 4701 (updated by RF5494)
984                                      RFC 4702
985                                      RFC 4703
986
987       And the corresponding drafts were:
988
989                          draft-ietf-dnsext-dhcid-rr-??.txt
990                          draft-ietf-dhc-fqdn-option-??.txt
991                        draft-ietf-dhc-ddns-resolution-??.txt
992
993       The  basic framework for the two schemes is similar with the main mate‐
994       rial difference being that a DHCID RR is used in the  standard  version
995       while the interim versions uses a TXT RR.  The format of the TXT record
996       bears a resemblance to the DHCID RR but it is not  equivalent  (MD5  vs
997       SHA2, field length differences etc).
998
999       In these two schemes the DHCP server does not necessarily always update
1000       both the A and the PTR records.  The FQDN option includes a flag which,
1001       when sent by the client, indicates that the client wishes to update its
1002       own A record.  In that case, the server can  be  configured  either  to
1003       honor  the  client´s  intentions or ignore them.  This is done with the
1004       statement  allow  client-updates;  or  the  statement  ignore   client-
1005       updates;.  By default, client updates are allowed.
1006
1007       If the server is configured to allow client updates, then if the client
1008       sends a fully-qualified domain name in the FQDN option, the server will
1009       use  that  name  the  client  sent in the FQDN option to update the PTR
1010       record.  For example, let us say that the client is a visitor from  the
1011       "radish.org"  domain,  whose  hostname is "jschmoe".  The server is for
1012       the "example.org" domain.  The DHCP client indicates in the FQDN option
1013       that  its  FQDN  is  "jschmoe.radish.org.".   It also indicates that it
1014       wants to update its own A record.  The DHCP server therefore  does  not
1015       attempt  to  set  up  an A record for the client, but does set up a PTR
1016       record for the IP address that  it  assigns  the  client,  pointing  at
1017       jschmoe.radish.org.   Once  the  DHCP  client has an IP address, it can
1018       update its own A record, assuming that the "radish.org" DNS server will
1019       allow it to do so.
1020
1021       If  the  server  is  configured  not to allow client updates, or if the
1022       client doesn´t want to do its own update, the server will simply choose
1023       a name for the client. By default, the server will choose from the fol‐
1024       lowing three values:
1025
1026            1. fqdn option (if present)
1027            2. hostname option (if present)
1028            3. Configured hostname option (if defined).
1029
1030       If these defaults for choosing the host name are  not  appropriate  you
1031       can  write  your own statement to set the ddns-hostname variable as you
1032       wish.  If none of the above are found the server will use the host dec‐
1033       laration name (if one) and use-host-decl-names is on.
1034
1035       It  will  use  its own domain name for the client.  It will then update
1036       both the A and PTR record, using the name that it chose for the client.
1037       If  the  client sends a fully-qualified domain name in the fqdn option,
1038       the server uses only the leftmost part of the  domain  name  -  in  the
1039       example above, "jschmoe" instead of "jschmoe.radish.org".
1040
1041       Further,  if  the  ignore  client-updates;  directive is used, then the
1042       server will in addition send a response in the DHCP packet,  using  the
1043       FQDN  Option, that implies to the client that it should perform its own
1044       updates if it chooses to do so.  With deny client-updates;, a  response
1045       is sent which indicates the client may not perform updates.
1046
1047       Both  the  standard  and interim options also include a method to allow
1048       more than one DHCP server to update the DNS database  without  acciden‐
1049       tally deleting A records that shouldn´t be deleted nor failing to add A
1050       records that should be added.  For the standard option the method works
1051       as follows:
1052
1053       When  the  DHCP  server  issues a client a new lease, it creates a text
1054       string that is an SHA hash over the DHCP client´s  identification  (see
1055       RFCs  4701 & 4702 for details).  The update attempts to add an A record
1056       with the name the server chose and a DHCID record containing the hashed
1057       identifier  string  (hashid).   If  this update succeeds, the server is
1058       done.
1059
1060       If the update fails because the A record already exists, then the  DHCP
1061       server  attempts  to  add the A record with the prerequisite that there
1062       must be a DHCID record in the same name as the new A record,  and  that
1063       DHCID  record´s  contents must be equal to hashid.  If this update suc‐
1064       ceeds, then the client has its A record and PTR record.  If  it  fails,
1065       then  the  name  the client has been assigned (or requested) is in use,
1066       and can´t be used by the client.  At this point the DHCP  server  gives
1067       up  trying to do a DNS update for the client until the client chooses a
1068       new name.
1069
1070       The server also does not update very aggressively.   Because  each  DNS
1071       update involves a round trip to the DNS server, there is a cost associ‐
1072       ated with doing updates even if they do not  actually  modify  the  DNS
1073       database.   So the DHCP server tracks whether or not it has updated the
1074       record in the past (this information is stored on the lease)  and  does
1075       not attempt to update records that it thinks it has already updated.
1076
1077       This  can  lead  to cases where the DHCP server adds a record, and then
1078       the record is deleted through some  other  mechanism,  but  the  server
1079       never  again  updates  the  DNS  because  it thinks the data is already
1080       there.  In this case the data can be removed  from  the  lease  through
1081       operator  intervention,  and  once  this has been done, the DNS will be
1082       updated the next time the client renews.
1083
1084       The interim DNS update scheme was written before the RFCs  were  final‐
1085       ized  and  does  not  quite follow them.  The RFCs call for a new DHCID
1086       RRtype while the interim DNS update scheme uses a TXT record.  In addi‐
1087       tion  the  ddns-resolution  draft  called  for the DHCP server to put a
1088       DHCID RR on the PTR record, but the interim update method does  not  do
1089       this.  In the final RFC this requirement was relaxed such that a server
1090       may add a DHCID RR to the PTR record.
1091

DYNAMIC DNS UPDATE SECURITY

1093       When you set your DNS server up to allow updates from the DHCP  server,
1094       you  may  be  exposing  it to unauthorized updates.  To avoid this, you
1095       should use TSIG signatures -  a  method  of  cryptographically  signing
1096       updates  using a shared secret key.  As long as you protect the secrecy
1097       of this key, your updates should also be secure.  Note,  however,  that
1098       the  DHCP  protocol  itself  provides no security, and that clients can
1099       therefore provide information to the DHCP server which the DHCP  server
1100       will  then  use  in  its updates, with the constraints described previ‐
1101       ously.
1102
1103       The DNS server must be configured to allow updates for  any  zone  that
1104       the DHCP server will be updating.  For example, let us say that clients
1105       in  the  sneedville.edu  domain  will  be  assigned  addresses  on  the
1106       10.10.17.0/24  subnet.   In  that case, you will need a key declaration
1107       for the TSIG key you will be using, and also two  zone  declarations  -
1108       one  for the zone containing A records that will be updates and one for
1109       the zone containing PTR records - for ISC BIND, something like this:
1110
1111       key DHCP_UPDATER {
1112         algorithm hmac-md5;
1113         secret pRP5FapFoJ95JEL06sv4PQ==;
1114       };
1115
1116       zone "example.org" {
1117            type master;
1118            file "example.org.db";
1119            allow-update { key DHCP_UPDATER; };
1120       };
1121
1122       zone "17.10.10.in-addr.arpa" {
1123            type master;
1124            file "10.10.17.db";
1125            allow-update { key DHCP_UPDATER; };
1126       };
1127
1128       You will also have to configure your DHCP server to do updates to these
1129       zones.   To  do  so,  you  need  to  add  something  like  this to your
1130       dhcpd.conf file:
1131
1132       key DHCP_UPDATER {
1133         algorithm hmac-md5;
1134         secret pRP5FapFoJ95JEL06sv4PQ==;
1135       };
1136
1137       zone EXAMPLE.ORG. {
1138         primary 127.0.0.1;
1139         key DHCP_UPDATER;
1140       }
1141
1142       zone 17.127.10.in-addr.arpa. {
1143         primary 127.0.0.1;
1144         key DHCP_UPDATER;
1145       }
1146
1147       The primary statement specifies the IP address of the name server whose
1148       zone  information  is to be updated.  In addition to the primary state‐
1149       ment there are also the primary6 , secondary and secondary6 statements.
1150       The  primary6  statement specifies an IPv6 address for the name server.
1151       The secondaries provide for additional addresses for name servers to be
1152       used  if  the primary does not respond.  The number of name servers the
1153       DDNS code will attempt to use before giving up is limited and  is  cur‐
1154       rently set to three.
1155
1156       Note that the zone declarations have to correspond to authority records
1157       in your name server - in the above example, there must be an SOA record
1158       for  "example.org."  and for "17.10.10.in-addr.arpa.".  For example, if
1159       there were a subdomain "foo.example.org"  with  no  separate  SOA,  you
1160       could not write a zone declaration for "foo.example.org."  Also keep in
1161       mind that zone names in your DHCP configuration should end  in  a  ".";
1162       this  is  the  preferred syntax.  If you do not end your zone name in a
1163       ".", the DHCP server will figure it out.  Also note that  in  the  DHCP
1164       configuration,  zone  names  are not encapsulated in quotes where there
1165       are in the DNS configuration.
1166
1167       You should choose your own secret key, of course.  The ISC BIND 9  dis‐
1168       tribution  comes  with  a  program  for  generating  secret keys called
1169       dnssec-keygen.  If you are using BIND 9´s dnssec-keygen, the above  key
1170       would be created as follows:
1171
1172            dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
1173
1174       The  key  name, algorithm, and secret must match that being used by the
1175       DNS server. The DHCP server  currently  supports  the  following  algo‐
1176       rithms:
1177
1178               HMAC-MD5
1179               HMAC-SHA1
1180               HMAC-SHA224
1181               HMAC-SHA256
1182               HMAC-SHA384
1183               HMAC-SHA512
1184
1185       You  may  wish to enable logging of DNS updates on your DNS server.  To
1186       do so, you might write a logging statement like the following:
1187
1188       logging {
1189            channel update_debug {
1190                 file "/var/log/update-debug.log";
1191                 severity  debug 3;
1192                 print-category yes;
1193                 print-severity yes;
1194                 print-time     yes;
1195            };
1196            channel security_info    {
1197                 file "/var/log/named-auth.info";
1198                 severity  info;
1199                 print-category yes;
1200                 print-severity yes;
1201                 print-time     yes;
1202            };
1203
1204            category update { update_debug; };
1205            category security { security_info; };
1206       };
1207
1208       You  must  create  the  /var/log/named-auth.info  and  /var/log/update-
1209       debug.log  files before starting the name server.  For more information
1210       on configuring ISC BIND, consult the documentation that accompanies it.
1211

REFERENCE: EVENTS

1213       There are three kinds of events that can happen regarding a lease,  and
1214       it  is  possible  to  declare  statements  that occur when any of these
1215       events happen.  These events are the commit event, when the server  has
1216       made  a  commitment  of a certain lease to a client, the release event,
1217       when the client has released the server from its  commitment,  and  the
1218       expiry event, when the commitment expires.
1219
1220       To  declare  a  set of statements to execute when an event happens, you
1221       must use the on statement, followed by the name of the event,  followed
1222       by  a  series of statements to execute when the event happens, enclosed
1223       in braces.
1224

REFERENCE: DECLARATIONS

1226       The include statement
1227
1228        include "filename";
1229
1230       The include statement is used to read in a named file, and process  the
1231       contents of that file as though it were entered in place of the include
1232       statement.
1233
1234       The shared-network statement
1235
1236        shared-network name {
1237          [ parameters ]
1238          [ declarations ]
1239        }
1240
1241       The shared-network statement is used to inform  the  DHCP  server  that
1242       some  IP subnets actually share the same physical network.  Any subnets
1243       in a shared network should be declared within a  shared-network  state‐
1244       ment.   Parameters  specified  in  the shared-network statement will be
1245       used when booting clients on those subnets unless  parameters  provided
1246       at  the  subnet or host level override them.  If any subnet in a shared
1247       network has addresses available for dynamic allocation, those addresses
1248       are  collected  into a common pool for that shared network and assigned
1249       to clients as needed.  There is no way to distinguish on  which  subnet
1250       of a shared network a client should boot.
1251
1252       Name  should be the name of the shared network.  This name is used when
1253       printing debugging messages, so it should be descriptive for the shared
1254       network.  The name may have the syntax of a valid domain name (although
1255       it will never be used as such),  or  it  may  be  any  arbitrary  name,
1256       enclosed in quotes.
1257
1258       The subnet statement
1259
1260        subnet subnet-number netmask netmask {
1261          [ parameters ]
1262          [ declarations ]
1263        }
1264
1265       The  subnet  statement is used to provide dhcpd with enough information
1266       to tell whether or not an IP address is on that subnet.  It may also be
1267       used   to  provide  subnet-specific  parameters  and  to  specify  what
1268       addresses may be dynamically allocated to clients booting on that  sub‐
1269       net.  Such addresses are specified using the range declaration.
1270
1271       The subnet-number should be an IP address or domain name which resolves
1272       to the subnet number of the subnet being described.  The netmask should
1273       be  an  IP  address or domain name which resolves to the subnet mask of
1274       the subnet being described.  The subnet number, together with the  net‐
1275       mask,  are  sufficient  to determine whether any given IP address is on
1276       the specified subnet.
1277
1278       Although a netmask must be given with every subnet declaration,  it  is
1279       recommended  that if there is any variance in subnet masks at a site, a
1280       subnet-mask option statement be used in each subnet declaration to  set
1281       the  desired  subnet  mask, since any subnet-mask option statement will
1282       override the subnet mask declared in the subnet statement.
1283
1284       The subnet6 statement
1285
1286        subnet6 subnet6-number {
1287          [ parameters ]
1288          [ declarations ]
1289        }
1290
1291       The subnet6 statement is used to provide dhcpd with enough  information
1292       to tell whether or not an IPv6 address is on that subnet6.  It may also
1293       be used to provide  subnet-specific  parameters  and  to  specify  what
1294       addresses  may be dynamically allocated to clients booting on that sub‐
1295       net.
1296
1297       The subnet6-number should be an IPv6 network identifier,  specified  as
1298       ip6-address/bits.
1299
1300       The range statement
1301
1302       range [ dynamic-bootp ] low-address [ high-address];
1303
1304       For  any  subnet on which addresses will be assigned dynamically, there
1305       must be at least one range statement.  The range  statement  gives  the
1306       lowest  and  highest  IP addresses in a range.  All IP addresses in the
1307       range should be in the subnet in which the range statement is declared.
1308       The  dynamic-bootp  flag may be specified if addresses in the specified
1309       range may be dynamically assigned to BOOTP  clients  as  well  as  DHCP
1310       clients.   When  specifying a single address, high-address can be omit‐
1311       ted.
1312
1313       The range6 statement
1314
1315       range6 low-address high-address;
1316       range6 subnet6-number;
1317       range6 subnet6-number temporary;
1318       range6 address temporary;
1319
1320       For any IPv6 subnet6 on which addresses will be  assigned  dynamically,
1321       there  must  be at least one range6 statement. The range6 statement can
1322       either be the lowest and highest IPv6 addresses in  a  range6,  or  use
1323       CIDR  notation,  specified as ip6-address/bits. All IP addresses in the
1324       range6 should be in the  subnet6  in  which  the  range6  statement  is
1325       declared.
1326
1327       The  temporary  variant makes the prefix (by default on 64 bits) avail‐
1328       able for temporary (RFC 4941) addresses. A new address  per  prefix  in
1329       the  shared  network  is computed at each request with an IA_TA option.
1330       Release and Confirm ignores temporary addresses.
1331
1332       Any IPv6 addresses given to hosts with fixed-address6 are excluded from
1333       the range6, as are IPv6 addresses on the server itself.
1334
1335       The prefix6 statement
1336
1337       prefix6 low-address high-address / bits;
1338
1339       The  prefix6 is the range6 equivalent for Prefix Delegation (RFC 3633).
1340       Prefixes of bits length are  assigned  between  low-address  and  high-
1341       address.
1342
1343       Any  IPv6  prefixes  given to static entries (hosts) with fixed-prefix6
1344       are excluded from the prefix6.
1345
1346       This statement is currently global but it should have a  shared-network
1347       scope.
1348
1349       The host statement
1350
1351        host hostname {
1352          [ parameters ]
1353          [ declarations ]
1354        }
1355
1356       The  host  declaration provides a way for the DHCP server to identify a
1357       DHCP or BOOTP client.  This allows the server to provide  configuration
1358       information including fixed addresses or, in DHCPv6, fixed prefixes for
1359       a specific client.
1360
1361       If it is desirable to be able to boot a DHCP or BOOTP  client  on  more
1362       than  one  subnet with fixed v4 addresses, more than one address may be
1363       specified in the fixed-address  declaration,  or  more  than  one  host
1364       statement may be specified matching the same client.
1365
1366       The  fixed-address6 declaration is used for v6 addresses.  At this time
1367       it only works with a single address.  For  multiple  addresses  specify
1368       multiple host statements.
1369
1370       If  client-specific boot parameters must change based on the network to
1371       which the client is attached, then multiple host declarations should be
1372       used.   The  host declarations will only match a client if one of their
1373       fixed-address statements is viable on the subnet  (or  shared  network)
1374       where  the  client  is attached.  Conversely, for a host declaration to
1375       match a client being allocated a dynamic address, it must not have  any
1376       fixed-address  statements.   You  may  therefore need a mixture of host
1377       declarations for any given client...some  having  fixed-address  state‐
1378       ments, others without.
1379
1380       hostname  should  be a name identifying the host.  If a hostname option
1381       is not specified for the host, hostname is used.
1382
1383       Host declarations are matched to actual DHCP or BOOTP clients by match‐
1384       ing  the  dhcp-client-identifier  or pxe-client-id options specified in
1385       the host declaration to the one supplied by the client, or, if the host
1386       declaration  or the client does not provide a dhcp-client-identifier or
1387       pxe-client-id options, by matching the hardware parameter in  the  host
1388       declaration  to  the  network  hardware address supplied by the client.
1389       BOOTP clients do not normally provide a dhcp-client-identifier, so  the
1390       hardware  address  must be used for all clients that may boot using the
1391       BOOTP protocol.
1392
1393       DHCPv6 servers can use the host-identifier option parameter in the host
1394       declaration,  and  specify  any  option  with a fixed value to identify
1395       hosts.
1396
1397       Please be aware that only the dhcp-client-identifier and  pxe-client-id
1398       options  and  the hardware address can be used to match a host declara‐
1399       tion, or the host-identifier option parameter for DHCPv6 servers.   For
1400       example,  it is not possible to match a host declaration to a host-name
1401       option.  This is because the host-name option cannot be  guaranteed  to
1402       be  unique  for any given client, whereas both the hardware address and
1403       dhcp-client-identifier option are at least theoretically guaranteed  to
1404       be unique to a given client.
1405
1406       The group statement
1407
1408        group {
1409          [ parameters ]
1410          [ declarations ]
1411        }
1412
1413       The group statement is used simply to apply one or more parameters to a
1414       group of declarations.  It can be used to group hosts, shared networks,
1415       subnets, or even other groups.
1416

REFERENCE: ALLOW AND DENY

1418       The  allow  and  deny statements can be used to control the response of
1419       the DHCP server to various sorts of requests.  The allow and deny  key‐
1420       words  actually have different meanings depending on the context.  In a
1421       pool context, these keywords can be used to set  up  access  lists  for
1422       address  allocation pools.  In other contexts, the keywords simply con‐
1423       trol general server behavior with respect to clients  based  on  scope.
1424       In  a  non-pool context, the ignore keyword can be used in place of the
1425       deny keyword to prevent logging of denied requests.
1426

ALLOW DENY AND IGNORE IN SCOPE

1428       The following usages of allow and deny will work in any scope, although
1429       it is not recommended that they be used in pool declarations.
1430
1431       The unknown-clients keyword
1432
1433        allow unknown-clients;
1434        deny unknown-clients;
1435        ignore unknown-clients;
1436
1437       The unknown-clients flag is used to tell dhcpd whether or not to dynam‐
1438       ically assign addresses to unknown clients.  Dynamic address assignment
1439       to  unknown clients is allowed by default.  An unknown client is simply
1440       a client that has no host declaration.
1441
1442       The use of this option  is  now  deprecated.   If  you  are  trying  to
1443       restrict  access  on your network to known clients, you should use deny
1444       unknown-clients; inside of your address pool, as  described  under  the
1445       heading ALLOW AND DENY WITHIN POOL DECLARATIONS.
1446
1447       The bootp keyword
1448
1449        allow bootp;
1450        deny bootp;
1451        ignore bootp;
1452
1453       The bootp flag is used to tell dhcpd whether or not to respond to bootp
1454       queries.  Bootp queries are allowed by default.
1455
1456       The booting keyword
1457
1458        allow booting;
1459        deny booting;
1460        ignore booting;
1461
1462       The booting flag is used to tell dhcpd whether or  not  to  respond  to
1463       queries  from  a particular client.  This keyword only has meaning when
1464       it appears in a host declaration.  By default, booting is allowed,  but
1465       if it is disabled for a particular client, then that client will not be
1466       able to get an address from the DHCP server.
1467
1468       The duplicates keyword
1469
1470        allow duplicates;
1471        deny duplicates;
1472
1473       Host declarations can match client messages based on  the  DHCP  Client
1474       Identifier  option  or  based on the client's network hardware type and
1475       MAC address.  If the MAC address is used,  the  host  declaration  will
1476       match  any  client  with that MAC address - even clients with different
1477       client identifiers.  This doesn't normally happen, but is possible when
1478       one  computer  has more than one operating system installed on it - for
1479       example, Microsoft Windows and NetBSD or Linux.
1480
1481       The duplicates flag tells the DHCP server that if a request is received
1482       from  a  client that matches the MAC address of a host declaration, any
1483       other leases matching that MAC  address  should  be  discarded  by  the
1484       server,  even  if  the UID is not the same.  This is a violation of the
1485       DHCP protocol, but can prevent clients whose client identifiers  change
1486       regularly  from  holding  many  leases  at  the same time.  By default,
1487       duplicates are allowed.
1488
1489       The declines keyword
1490
1491        allow declines;
1492        deny declines;
1493        ignore declines;
1494
1495       The DHCPDECLINE message is used by DHCP clients to  indicate  that  the
1496       lease  the server has offered is not valid.  When the server receives a
1497       DHCPDECLINE  for  a  particular  address,  it  normally  abandons  that
1498       address,  assuming that some unauthorized system is using it.  Unfortu‐
1499       nately, a malicious or buggy client can,  using  DHCPDECLINE  messages,
1500       completely  exhaust the DHCP server's allocation pool.  The server will
1501       eventually reclaim these leases, but not while the  client  is  running
1502       through  the  pool. This may cause serious thrashing in the DNS, and it
1503       will also cause the DHCP server to forget old DHCP client address allo‐
1504       cations.
1505
1506       The declines flag tells the DHCP server whether or not to honor DHCPDE‐
1507       CLINE messages.  If it is set to deny or ignore in a particular  scope,
1508       the DHCP server will not respond to DHCPDECLINE messages.
1509
1510       The declines flag is only supported by DHCPv4 servers.  Given the large
1511       IPv6 address space and the internal  limits  imposed  by  the  server's
1512       address  generation mechanism we don't think it is necessary for DHCPv6
1513       servers at this time.
1514
1515       Currently, abandoned IPv6 addresses are reclaimed in one of two ways:
1516           a) Client renews a specific address:
1517           If a client using a given DUID submits a DHCP REQUEST containing
1518           the last address abandoned by that DUID, the address will be
1519           reassigned to that client.
1520
1521           b) Upon the second restart following an address abandonment.  When
1522           an address is abandoned it is both recorded as such in the lease
1523           file and retained as abandoned in server memory until the server
1524           is restarted. Upon restart, the server will process the lease file
1525           and all addresses whose last known state is abandoned will be
1526           retained as such in memory but not rewritten to the lease file.
1527           This means that a subsequent restart of the server will not see the
1528           abandoned addresses in the lease file and therefore have no record
1529           of them as abandoned in memory and as such perceive them as free
1530           for assignment.
1531
1532       The total number addresses in a pool, available for a given DUID value,
1533       is internally limited by the server's address generation mechanism.  If
1534       through mistaken configuration, multiple clients  are  using  the  same
1535       DUID  they  will competing for the same addresses causing the server to
1536       reach this internal limit rather quickly.  The internal limit  isolates
1537       this  type  of  activity  such  that address range is not exhausted for
1538       other DUID values.  The appearance of the following error log,  can  be
1539       an indication of this condition:
1540
1541           "Best match for DUID <XX> is an abandoned address, This may be a
1542            result of multiple clients attempting to use this DUID"
1543
1544           where <XX> is an actual DUID value depicted as colon separated
1545           string of bytes in hexadecimal values.
1546
1547       The client-updates keyword
1548
1549        allow client-updates;
1550        deny client-updates;
1551
1552       The  client-updates  flag tells the DHCP server whether or not to honor
1553       the client's intention to do its own update of its A record.   See  the
1554       documentation under the heading THE DNS UPDATE SCHEME for details.
1555
1556       The leasequery keyword
1557
1558        allow leasequery;
1559        deny leasequery;
1560
1561       The leasequery flag tells the DHCP server whether or not to answer DHC‐
1562       PLEASEQUERY packets. The answer to  a  DHCPLEASEQUERY  packet  includes
1563       information about a specific lease, such as when it was issued and when
1564       it will expire. By default, the server will not respond to these  pack‐
1565       ets.
1566

ALLOW AND DENY WITHIN POOL DECLARATIONS

1568       The  uses  of the allow and deny keywords shown in the previous section
1569       work pretty much the same way whether the client is sending a  DHCPDIS‐
1570       COVER  or  a  DHCPREQUEST message - an address will be allocated to the
1571       client (either the old address it's requesting, or a new  address)  and
1572       then  that address will be tested to see if it's okay to let the client
1573       have it.  If the client requested it, and it's  not  okay,  the  server
1574       will  send  a  DHCPNAK  message.  Otherwise, the server will simply not
1575       respond to the client.  If it is  okay  to  give  the  address  to  the
1576       client, the server will send a DHCPACK message.
1577
1578       The  primary  motivation  behind  pool  declarations is to have address
1579       allocation pools whose allocation policies are different.  A client may
1580       be denied access to one pool, but allowed access to another pool on the
1581       same network segment.  In order for this to work, access control has to
1582       be  done  during  address  allocation,  not after address allocation is
1583       done.
1584
1585       When a DHCPREQUEST message is processed, address allocation simply con‐
1586       sists  of looking up the address the client is requesting and seeing if
1587       it's still available for the client.  If it is, then  the  DHCP  server
1588       checks  both  the  address  pool permit lists and the relevant in-scope
1589       allow and deny statements to see if it's okay to give the lease to  the
1590       client.   In the case of a DHCPDISCOVER message, the allocation process
1591       is done as described previously in the ADDRESS ALLOCATION section.
1592
1593       When declaring permit lists for address allocation pools, the following
1594       syntaxes are recognized following the allow or deny keywords:
1595
1596        known-clients;
1597
1598       If  specified, this statement either allows or prevents allocation from
1599       this pool to any client that has a host declaration (i.e.,  is  known).
1600       A  client  is known if it has a host declaration in any scope, not just
1601       the current scope.
1602
1603        unknown-clients;
1604
1605       If specified, this statement either allows or prevents allocation  from
1606       this  pool  to  any  client  that has no host declaration (i.e., is not
1607       known).
1608
1609        members of "class";
1610
1611       If specified, this statement either allows or prevents allocation  from
1612       this pool to any client that is a member of the named class.
1613
1614        dynamic bootp clients;
1615
1616       If  specified, this statement either allows or prevents allocation from
1617       this pool to any bootp client.
1618
1619        authenticated clients;
1620
1621       If specified, this statement either allows or prevents allocation  from
1622       this  pool  to  any  client  that has been authenticated using the DHCP
1623       authentication protocol.  This is not yet supported.
1624
1625        unauthenticated clients;
1626
1627       If specified, this statement either allows or prevents allocation  from
1628       this  pool to any client that has not been authenticated using the DHCP
1629       authentication protocol.  This is not yet supported.
1630
1631        all clients;
1632
1633       If specified, this statement either allows or prevents allocation  from
1634       this  pool  to  all clients.  This can be used when you want to write a
1635       pool declaration for some reason, but hold it in reserve, or  when  you
1636       want  to  renumber  your  network  quickly, and thus want the server to
1637       force all clients that have been allocated addresses from this pool  to
1638       obtain new addresses immediately when they next renew.
1639
1640        after time;
1641
1642       If  specified, this statement either allows or prevents allocation from
1643       this pool after a given date. This can be used when you  want  to  move
1644       clients  from one pool to another. The server adjusts the regular lease
1645       time so that the latest expiry time is  at  the  given  time+min-lease-
1646       time.   A short min-lease-time enforces a step change, whereas a longer
1647       min-lease-time allows for a gradual  change.   time  is  either  second
1648       since  epoch,  or  a  UTC  time string e.g.  4 2007/08/24 09:14:32 or a
1649       string with time zone offset in  seconds  e.g.  4  2007/08/24  11:14:32
1650       -7200
1651

REFERENCE: PARAMETERS

1653       The abandon-lease-time statement
1654
1655         adandon-lease-time time;
1656
1657         Time  should be the maximum amount of time (in seconds) that an aban‐
1658         doned IPv4 lease remains unavailable  for  assignment  to  a  client.
1659         Abandoned leases will only be offered to clients if there are no free
1660         leases.  If not defined, the default abandon lease time is 86400 sec‐
1661         onds  (24 hours).  Note the abandoned lease time for a given lease is
1662         preserved across server restarts.  The parameter may only be  set  at
1663         the global scope and is evaluated only once during server startup.
1664
1665         Values  less  than sixty seconds are not recommended as this is below
1666         the ping check threshold and can  cause  leases  once  abandoned  but
1667         since  returned  to  the  free  state  to  not be pinged before being
1668         offered.  If the requested time is larger than 0x7FFFFFFF - 1 or  the
1669         sum  of  the  current  time  plus  the  abandoned time isgreater than
1670         0x7FFFFFFF it is treated as infinite.
1671
1672       The adaptive-lease-time-threshold statement
1673
1674         adaptive-lease-time-threshold percentage;
1675
1676         When the number of allocated leases within a  pool  rises  above  the
1677         percentage  given  in  this  statement, the DHCP server decreases the
1678         lease length for new clients within this pool to min-lease-time  sec‐
1679         onds.  Clients  renewing  an already valid (long) leases get at least
1680         the remaining time from the current lease. Since  the  leases  expire
1681         faster,  the  server  may  either  recover more quickly or avoid pool
1682         exhaustion entirely.  Once the number of allocated leases drop  below
1683         the  threshold, the server reverts back to normal lease times.  Valid
1684         percentages are between 1 and 99.
1685
1686       The always-broadcast statement
1687
1688         always-broadcast flag;
1689
1690         The DHCP and BOOTP protocols both require DHCP and BOOTP  clients  to
1691         set the broadcast bit in the flags field of the BOOTP message header.
1692         Unfortunately, some DHCP and BOOTP clients do not do this, and there‐
1693         fore may not receive responses from the DHCP server.  The DHCP server
1694         can be made to always broadcast its responses to clients  by  setting
1695         this  flag  to  ´on´ for the relevant scope; relevant scopes would be
1696         inside a conditional statement, as a parameter for a class, or  as  a
1697         parameter for a host declaration.  To avoid creating excess broadcast
1698         traffic on your network, we recommend that you restrict  the  use  of
1699         this  option  to as few clients as possible.  For example, the Micro‐
1700         soft DHCP client is known not to have this problem, as are the  Open‐
1701         Transport and ISC DHCP clients.
1702
1703       The always-reply-rfc1048 statement
1704
1705         always-reply-rfc1048 flag;
1706
1707         Some  BOOTP clients expect RFC1048-style responses, but do not follow
1708         RFC1048 when sending their requests.  You can tell that a  client  is
1709         having this problem if it is not getting the options you have config‐
1710         ured for it and if you see in  the  server  log  the  message  "(non-
1711         rfc1048)" printed with each BOOTREQUEST that is logged.
1712
1713         If you want to send rfc1048 options to such a client, you can set the
1714         always-reply-rfc1048 option in that client's  host  declaration,  and
1715         the  DHCP  server  will respond with an RFC-1048-style vendor options
1716         field.  This flag can be set  in  any  scope,  and  will  affect  all
1717         clients covered by that scope.
1718
1719       The authoritative statement
1720
1721         authoritative;
1722
1723         not authoritative;
1724
1725         The  DHCP server will normally assume that the configuration informa‐
1726         tion about a given network segment is not known to be correct and  is
1727         not  authoritative.   This is so that if a naive user installs a DHCP
1728         server not fully understanding how to configure it, it does not  send
1729         spurious  DHCPNAK  messages  to  clients that have obtained addresses
1730         from a legitimate DHCP server on the network.
1731
1732         Network administrators setting  up  authoritative  DHCP  servers  for
1733         their networks should always write authoritative; at the top of their
1734         configuration file to indicate that the DHCP server should send DHCP‐
1735         NAK  messages to misconfigured clients.  If this is not done, clients
1736         will be unable to get a correct IP  address  after  changing  subnets
1737         until  their  old  lease  has  expired, which could take quite a long
1738         time.
1739
1740         Usually, writing authoritative; at the top level of the  file  should
1741         be  sufficient.  However, if a DHCP server is to be set up so that it
1742         is aware of some networks for which it is authoritative and some net‐
1743         works  for  which  it  is  not, it may be more appropriate to declare
1744         authority on a per-network-segment basis.
1745
1746         Note that the most specific scope for which the concept of  authority
1747         makes  any  sense  is the physical network segment - either a shared-
1748         network statement or a subnet statement that is not contained  within
1749         a shared-network statement.  It is not meaningful to specify that the
1750         server is authoritative for some subnets within a shared network, but
1751         not  authoritative  for  others, nor is it meaningful to specify that
1752         the server is authoritative for some host declarations and  not  oth‐
1753         ers.
1754
1755       The boot-unknown-clients statement
1756
1757         boot-unknown-clients flag;
1758
1759         If  the  boot-unknown-clients statement is present and has a value of
1760         false or off, then clients for which there  is  no  host  declaration
1761         will not be allowed to obtain IP addresses.  If this statement is not
1762         present or has a value of true or on, then clients without host  dec‐
1763         larations  will  be  allowed to obtain IP addresses, as long as those
1764         addresses are not restricted by  allow  and  deny  statements  within
1765         their pool declarations.
1766
1767       The db-time-format statement
1768
1769         db-time-format [ default | local ] ;
1770
1771         The  DHCP  server  software  outputs  several timestamps when writing
1772         leases to persistent storage.  This configuration  parameter  selects
1773         one  of two output formats.  The default format prints the day, date,
1774         and time in UTC, while the local format prints  the  system  seconds-
1775         since-epoch,  and  helpfully  provides the day and time in the system
1776         timezone in a comment.  The time formats are described in  detail  in
1777         the dhcpd.leases(5) manpage.
1778
1779       The ddns-hostname statement
1780
1781         ddns-hostname name;
1782
1783         The  name  parameter should be the hostname that will be used in set‐
1784         ting up the client's A and PTR records.  If no ddns-hostname is spec‐
1785         ified  in  scope,  then the server will derive the hostname automati‐
1786         cally, using an algorithm that  varies  for  each  of  the  different
1787         update methods.
1788
1789       The ddns-domainname statement
1790
1791         ddns-domainname name;
1792
1793         The name parameter should be the domain name that will be appended to
1794         the client's hostname to form a fully-qualified domain-name (FQDN).
1795
1796       The dns-local-address4 and dns-local-address6 statements
1797
1798         ddns-local-address4 address;
1799
1800         ddns-local-address6 address;
1801
1802         The address parameter should be the local IPv4 or  IPv6  address  the
1803         server  should  use  as  the  from  address  when sending DDNS update
1804         requests.
1805
1806       The ddns-rev-domainname statement
1807
1808         ddns-rev-domainname name;
1809
1810         The name parameter should be the domain name that will be appended to
1811         the  client's  reversed  IP  address to produce a name for use in the
1812         client's PTR record.  By default, this is  "in-addr.arpa.",  but  the
1813         default can be overridden here.
1814
1815         The  reversed  IP  address  to  which this domain name is appended is
1816         always the IP  address  of  the  client,  in  dotted  quad  notation,
1817         reversed  -  for example, if the IP address assigned to the client is
1818         10.17.92.74, then the reversed  IP  address  is  74.92.17.10.   So  a
1819         client  with that IP address would, by default, be given a PTR record
1820         of 10.17.92.74.in-addr.arpa.
1821
1822       The ddns-update-style parameter
1823
1824         ddns-update-style style;
1825
1826         The style parameter must be one of standard, interim  or  none.   The
1827         ddns-update-style  statement  is only meaningful in the outer scope -
1828         it is evaluated once after reading the dhcpd.conf file,  rather  than
1829         each  time  a client is assigned an IP address, so there is no way to
1830         use different DNS update styles for different clients. The default is
1831         none.
1832
1833       The ddns-updates statement
1834
1835          ddns-updates flag;
1836
1837         The  ddns-updates  parameter  controls whether or not the server will
1838         attempt to do a DNS update when a lease is confirmed.   Set  this  to
1839         off  if  the server should not attempt to do updates within a certain
1840         scope.  The ddns-updates parameter is on by default.  To disable  DNS
1841         updates  in all scopes, it is preferable to use the ddns-update-style
1842         statement, setting the style to none.
1843
1844       The default-lease-time statement
1845
1846         default-lease-time time;
1847
1848         Time should be the length in seconds that will be assigned to a lease
1849         if  the client requesting the lease does not ask for a specific expi‐
1850         ration time.  This is used for both DHCPv4 and DHCPv6 leases  (it  is
1851         also  known as the "valid lifetime" in DHCPv6).  The default is 43200
1852         seconds.
1853
1854       The delayed-ack and max-ack-delay statements
1855
1856         delayed-ack count;
1857
1858         max-ack-delay microseconds;
1859
1860         Count should be an integer value from zero to 2^16-1, and defaults to
1861         28.   The  count  represents  how many DHCPv4 replies maximum will be
1862         queued pending transmission until after a database commit event.   If
1863         this  number  is reached, a database commit event (commonly resulting
1864         in fsync() and representing a performance penalty) will be made,  and
1865         the  reply  packets  will be transmitted in a batch afterwards.  This
1866         preserves the RFC2131 direction  that  "stable  storage"  be  updated
1867         prior  to  replying  to  clients.  Should the DHCPv4 sockets "go dry"
1868         (select() returns immediately with no read sockets),  the  commit  is
1869         made and any queued packets are transmitted.
1870
1871         Similarly, microseconds indicates how many microseconds are permitted
1872         to pass inbetween queuing a packet pending an fsync,  and  performing
1873         the  fsync.   Valid  values  range  from 0 to 2^32-1, and defaults to
1874         250,000 (1/4 of a second).
1875
1876         The delayed-ack feature is not compiled in by default,  but  must  be
1877         enabled  at  compile  time  with  ´./configure --enable-delayed-ack´.
1878         While we no longer consider it experimental and we don't know of  any
1879         issues  with it, in order to minimize problems with existing configu‐
1880         ration files we have left it disabled by default.
1881
1882       The dhcp-cache-threshold statement
1883
1884         dhcp-cache-threshold percentage;
1885
1886         The dhcp-cache-threshold statement takes one integer  parameter  with
1887         allowed values between 0 and 100. The default value is 25 (25% of the
1888         lease time). This parameter expresses the  percentage  of  the  total
1889         lease  time,  measured  from  the  beginning, during which a client's
1890         attempt to renew  its  lease  will  result  in  getting  the  already
1891         assigned lease, rather than an extended lease.
1892
1893         Clients  that  attempt  renewal  frequently  can  cause the server to
1894         update and write the database frequently resulting in  a  performance
1895         impact  on  the server.  The dhcp-cache-threshold statement instructs
1896         the DHCP server to avoid updating leases too frequently thus avoiding
1897         this  behavior.   Instead  the  server  assigns  the same lease (i.e.
1898         reuses it) with no modifications except for CLTT (Client Last  Trans‐
1899         mission  Time)  which  does not require disk operations. This feature
1900         applies to IPv4 only.
1901
1902         When an existing lease is matched to a renewing client,  it  will  be
1903         reused if all of the following conditions are true:
1904             1. The dhcp-cache-threshold is larger than zero
1905             2. The current lease is active
1906             3. The percentage of the lease time that has elapsed is less than
1907             dhcp-cache-threshold
1908             4. The client information provided in the renewal does not alter
1909             any of the following:
1910                a. DNS information and DNS updates are enabled
1911                b. Billing class to which the lease is associated
1912                c. The host declaration associated with the lease
1913                d. The client id - this may happen if a client boots without
1914                a client id and then starts using one in subsequent requests.
1915
1916         Note  that the lease can be reused if the options the client or relay
1917         agent sends are changed.  These changes will not be recorded  in  the
1918         in-memory  or  on-disk  databases  until  the client renews after the
1919         threshold time is reached.
1920
1921       The do-forward-updates statement
1922
1923         do-forward-updates flag;
1924
1925         The do-forward-updates statement instructs  the  DHCP  server  as  to
1926         whether it should attempt to update a DHCP client´s A record when the
1927         client acquires or renews a lease.   This  statement  has  no  effect
1928         unless  DNS  updates  are  enabled.   Forward  updates are enabled by
1929         default.  If this statement is used to disable forward  updates,  the
1930         DHCP  server  will never attempt to update the client´s A record, and
1931         will only ever attempt to update  the  client´s  PTR  record  if  the
1932         client supplies an FQDN that should be placed in the PTR record using
1933         the fqdn option.  If forward updates are  enabled,  the  DHCP  server
1934         will still honor the setting of the client-updates flag.
1935
1936       The dont-use-fsync statement
1937
1938         dont-use-fsync flag;
1939
1940         The  dont-use-fsync  statement instructs the DHCP server if it should
1941         call fsync() when writing leases to the lease file.  By  default  and
1942         if  the flag is set to false the server will call fsync().  Suppress‐
1943         ing the call to fsync() may increase the performance  of  the  server
1944         but  it also adds a risk that a lease will not be properly written to
1945         the disk after it has been issued to a client and before  the  server
1946         stops.   This  can lead to duplicate leases being issued to different
1947         clients.  Using this option is not recommended.
1948
1949       The dynamic-bootp-lease-cutoff statement
1950
1951         dynamic-bootp-lease-cutoff date;
1952
1953         The dynamic-bootp-lease-cutoff statement sets the ending time for all
1954         leases  assigned dynamically to BOOTP clients.  Because BOOTP clients
1955         do not have any way of renewing leases, and  don't  know  that  their
1956         leases  could expire, by default dhcpd assigns infinite leases to all
1957         BOOTP clients.  However, it may make sense in some situations to  set
1958         a cutoff date for all BOOTP leases - for example, the end of a school
1959         term, or the time at night when a facility is closed and all machines
1960         are required to be powered off.
1961
1962         Date  should be the date on which all assigned BOOTP leases will end.
1963         The date is specified in the form:
1964
1965                                 W YYYY/MM/DD HH:MM:SS
1966
1967         W is the day of the week expressed as a number from zero (Sunday)  to
1968         six  (Saturday).  YYYY is the year, including the century.  MM is the
1969         month expressed as a number from 1 to 12.   DD  is  the  day  of  the
1970         month,  counting from 1.  HH is the hour, from zero to 23.  MM is the
1971         minute and SS is the second.  The time is always in Coordinated  Uni‐
1972         versal Time (UTC), not local time.
1973
1974       The dynamic-bootp-lease-length statement
1975
1976         dynamic-bootp-lease-length length;
1977
1978         The dynamic-bootp-lease-length statement is used to set the length of
1979         leases dynamically assigned to BOOTP clients.  At some sites, it  may
1980         be  possible to assume that a lease is no longer in use if its holder
1981         has not used BOOTP or DHCP to get its address within a  certain  time
1982         period.   The  period  is specified in length as a number of seconds.
1983         If a client reboots using BOOTP during the timeout period, the  lease
1984         duration  is reset to length, so a BOOTP client that boots frequently
1985         enough will never lose its lease.  Needless to  say,  this  parameter
1986         should be adjusted with extreme caution.
1987
1988       The echo-client-id statement
1989
1990         echo-client-id flag;
1991
1992         The  echo-client-id  statement  is used to enable or disable RFC 6842
1993         compliant behavior.  If the echo-client-id statement is  present  and
1994         has a value of true or on, and a DHCP DISCOVER or REQUEST is received
1995         which contains the client identifier option  (Option  code  61),  the
1996         server  will  copy the option into its response (DHCP ACK or NAK) per
1997         RFC 6842.  In other words if the client  sends  the  option  it  will
1998         receive  it back. By default, this flag is off and client identifiers
1999         will not echoed back to the client.
2000
2001       The filename statement
2002
2003         filename "filename";
2004
2005         The filename statement can be used to specify the name of the initial
2006         boot  file which is to be loaded by a client.  The filename should be
2007         a filename recognizable to whatever file transfer protocol the client
2008         can be expected to use to load the file.
2009
2010       The fixed-address declaration
2011
2012         fixed-address address [, address ... ];
2013
2014         The  fixed-address declaration is used to assign one or more fixed IP
2015         addresses to a client.  It should only appear in a host  declaration.
2016         If  more than one address is supplied, then when the client boots, it
2017         will be assigned the address that corresponds to the network on which
2018         it  is booting.  If none of the addresses in the fixed-address state‐
2019         ment are valid for the network to which the client is connected, that
2020         client  will  not  match  the host declaration containing that fixed-
2021         address declaration.  Each address in the  fixed-address  declaration
2022         should  be either an IP address or a domain name that resolves to one
2023         or more IP addresses.
2024
2025       The fixed-address6 declaration
2026
2027         fixed-address6 ip6-address ;
2028
2029         The fixed-address6  declaration  is  used  to  assign  a  fixed  IPv6
2030         addresses to a client.  It should only appear in a host declaration.
2031
2032       The fixed-prefix6 declaration
2033
2034         fixed-prefix6 low-address / bits;
2035
2036         The  fixed-prefix6  declaration is used to assign a fixed IPv6 prefix
2037         to a client.  It should only appear in a host declaration, but multi‐
2038         ple fixed-prefix6 statements may appear in a single host declaration.
2039
2040         The low-address specifies the start of the prefix and the bits speci‐
2041         fies the size of the prefix in bits.
2042
2043         If there are multiple prefixes for a given host entry the server will
2044         choose  one that matches the requested prefix size or, if none match,
2045         the first one.
2046
2047         If there are multiple host declarations the server will try to choose
2048         a  declaration  where the fixed-address6 matches the client's subnet.
2049         If none match it will choose one that doesn't have  a  fixed-address6
2050         statement.
2051
2052         Note Well: Unlike the fixed address the fixed prefix does not need to
2053         match a subnet in order to be served.  This allows you to  provide  a
2054         prefix  to a client that is outside of the subnet on which the client
2055         makes the request to the the server.
2056
2057       The get-lease-hostnames statement
2058
2059         get-lease-hostnames flag;
2060
2061         The get-lease-hostnames statement is used to tell  dhcpd  whether  or
2062         not  to  look  up  the domain name corresponding to the IP address of
2063         each address in the lease pool and use  that  address  for  the  DHCP
2064         hostname  option.   If flag is true, then this lookup is done for all
2065         addresses in the current scope.  By default, or if flag is false,  no
2066         lookups are done.
2067
2068       The hardware statement
2069
2070         hardware hardware-type hardware-address;
2071
2072         In  order  for  a BOOTP client to be recognized, its network hardware
2073         address must be declared using a hardware clause in the  host  state‐
2074         ment.   hardware-type  must be the name of a physical hardware inter‐
2075         face type.  Currently, only the ethernet  and  token-ring  types  are
2076         recognized,  although  support  for a fddi hardware type (and others)
2077         would also be desirable.  The hardware-address should  be  a  set  of
2078         hexadecimal  octets  (numbers from 0 through ff) separated by colons.
2079         The hardware statement may also be used for DHCP clients.
2080
2081       The host-identifier option statement
2082
2083         host-identifier option option-name option-data;
2084
2085         or
2086
2087         host-identifier v6relopt number option-name option-data;
2088
2089         This identifies a DHCPv6 client in a host statement.  option-name  is
2090         any  option,  and  option-data  is  the value for the option that the
2091         client will send. The option-data must be a constant value.   In  the
2092         v6relopts  case the additional number is the relay to examine for the
2093         specified option name and value.  The values are the same as for  the
2094         v6relay  option.  0 is a no-op, 1 is the relay closest to the client,
2095         2 the next one in and so on.  Values that are larger than the maximum
2096         number  of  relays  (currently  32) indicate the relay closest to the
2097         server independent of number.
2098
2099       The ignore-client-uids statement
2100
2101         ignore-client-uids flag;
2102
2103         If the ignore-client-uids statement is present and  has  a  value  of
2104         true or on, the UID for clients will not be recorded.  If this state‐
2105         ment is not present or has a value of false or off, then client  UIDs
2106         will be recorded.
2107
2108       The infinite-is-reserved statement
2109
2110         infinite-is-reserved flag;
2111
2112         ISC DHCP now supports ´reserved´ leases.  See the section on RESERVED
2113         LEASES below.  If this flag is  on,  the  server  will  automatically
2114         reserve  leases  allocated  to  clients  which  requested an infinite
2115         (0xffffffff) lease-time.
2116
2117         The default is off.
2118
2119       The lease-file-name statement
2120
2121         lease-file-name name;
2122
2123         Name should be the name of the DHCP server's lease file.  By default,
2124         this  is  /var/lib/dhcpd/dhcpd.leases.  This statement must appear in
2125         the outer scope of the configuration file - if  it  appears  in  some
2126         other  scope,  it will have no effect.  Furthermore, it has no effect
2127         if overridden by the -lf flag or the PATH_DHCPD_DB environment  vari‐
2128         able.
2129
2130       The limit-addrs-per-ia statement
2131
2132         limit-addrs-per-ia number;
2133
2134         By default, the DHCPv6 server will limit clients to one IAADDR per IA
2135         option, meaning one address.  If you wish to permit clients  to  hang
2136         onto multiple addresses at a time, configure a larger number here.
2137
2138         Note  that  there  is  no  present  method to configure the server to
2139         forcibly configure the client with one IP address per each subnet  on
2140         a shared network.  This is left to future work.
2141
2142       The dhcpv6-lease-file-name statement
2143
2144         dhcpv6-lease-file-name name;
2145
2146         Name  is  the name of the lease file to use if and only if the server
2147         is   running   in    DHCPv6    mode.     By    default,    this    is
2148         /var/lib/dhcpd/dhcpd6.leases.   This statement, like lease-file-name,
2149         must appear in the outer scope of the configuration file.  It has  no
2150         effect  if  overridden by the -lf flag or the PATH_DHCPD6_DB environ‐
2151         ment variable.   If  dhcpv6-lease-file-name  is  not  specified,  but
2152         lease-file-name is, the latter value will be used.
2153
2154       The lease-id-format parameter
2155
2156         lease-id-format format;
2157
2158         The  format  parameter  must  be either octal or hex.  This parameter
2159         governs the format used to write certain values to lease files.  With
2160         the  default  format,  octal, values are written as quoted strings in
2161         which non-printable characters are represented as octal escapes  -  a
2162         backslash  character  followed  by  three octal digits.  When the hex
2163         format is specified, values are written  as  an  unquoted  series  of
2164         pairs of hexadecimal digits, separated by colons.
2165
2166         Currently,  the  values  written out based on lease-id-format are the
2167         server-duid, the uid  (DHCPv4  leases),  and  the  IAID_DUID  (DHCPv6
2168         leases).   Note  the  server automatically reads the values in either
2169         format.
2170
2171       The local-port statement
2172
2173         local-port port;
2174
2175         This statement causes the DHCP server to listen for DHCP requests  on
2176         the UDP port specified in port, rather than on port 67.
2177
2178       The local-address statement
2179
2180         local-address address;
2181
2182         This  statement  causes  the  DHCP server to listen for DHCP requests
2183         sent to the specified address,  rather  than  requests  sent  to  all
2184         addresses.  Since serving directly attached DHCP clients implies that
2185         the server must respond to requests sent to the all-ones IP  address,
2186         this  option  cannot be used if clients are on directly attached net‐
2187         works; it is only  realistically  useful  for  a  server  whose  only
2188         clients are reached via unicasts, such as via DHCP relay agents.
2189
2190         Note:   This  statement  is only effective if the server was compiled
2191         using the USE_SOCKETS #define statement, which is default on a  small
2192         number  of  operating  systems, and must be explicitly chosen at com‐
2193         pile-time for all others.  You can be sure if your server is compiled
2194         with USE_SOCKETS if you see lines of this format at startup:
2195
2196          Listening on Socket/eth0
2197
2198         Note  also  that since this bind()s all DHCP sockets to the specified
2199         address, that only one address may be supported  in  a  daemon  at  a
2200         given time.
2201
2202       The log-facility statement
2203
2204         log-facility facility;
2205
2206         This statement causes the DHCP server to do all of its logging on the
2207         specified log facility once the dhcpd.conf file has  been  read.   By
2208         default  the  DHCP  server logs to the daemon facility.  Possible log
2209         facilities include auth, authpriv,  cron,  daemon,  ftp,  kern,  lpr,
2210         mail,  mark,  news,  ntp,  security,  syslog,  user, uucp, and local0
2211         through local7.  Not all of these facilities  are  available  on  all
2212         systems,  and  there  may be other facilities available on other sys‐
2213         tems.
2214
2215         In addition to setting this value, you may need to modify  your  sys‐
2216         log.conf  file to configure logging of the DHCP server.  For example,
2217         you might add a line like this:
2218
2219              local7.debug /var/log/dhcpd.log
2220
2221         The syntax of the syslog.conf file may be different on some operating
2222         systems  -  consult  the  syslog.conf manual page to be sure.  To get
2223         syslog to start logging to the new file, you must  first  create  the
2224         file  with correct ownership and permissions (usually, the same owner
2225         and permissions of your /var/log/messages or  /usr/adm/messages  file
2226         should  be  fine) and send a SIGHUP to syslogd.  Some systems support
2227         log rollover using a shell script  or  program  called  newsyslog  or
2228         logrotate, and you may be able to configure this as well so that your
2229         log file doesn't grow uncontrollably.
2230
2231         Because the log-facility setting  is  controlled  by  the  dhcpd.conf
2232         file,  log  messages  printed  while  parsing  the dhcpd.conf file or
2233         before parsing it are logged to the default log facility.  To prevent
2234         this,  see  the  README  file  included with this distribution, which
2235         describes BUG: where is that mentioned in README?  how to change  the
2236         default  log  facility.  When this parameter is used, the DHCP server
2237         prints its startup message a second time after parsing the configura‐
2238         tion file, so that the log will be as complete as possible.
2239
2240       The log-threshold-high and log-threshold-low statements
2241
2242         log-threshold-high percentage;
2243
2244         log-threshold-low percentage;
2245
2246         The  log-threshold-low  and log-threshold-high statements are used to
2247         control when a message is output about pool  usage.   The  value  for
2248         both  of  them  is  the  percentage  of the pool in use.  If the high
2249         threshold is 0 or has not been specified, no messages  will  be  pro‐
2250         duced.   If  a  high threshold is given, a message is output once the
2251         pool usage passes that level.  After that, no more messages  will  be
2252         output  until  the  pool usage falls below the low threshold.  If the
2253         low threshold is not given, it default to a value of zero.
2254
2255         A special case occurs when the low threshold is set to be higer  than
2256         the  high  threshold.  In this case, a message will be generated each
2257         time a lease is acknowledged when the pool usage is  above  the  high
2258         threshold.
2259
2260         Note that threshold logging will be automatically disabled for shared
2261         subnets whose total number of addresses is larger than (2^64)-1.  The
2262         server will emit a log statement at startup when threshold logging is
2263         disabled as shown below:
2264
2265             "Threshold  logging  disabled  for  shared  subnet   of   ranges:
2266         <addresses>"
2267
2268         This  is  likely  to  have  no  practical  runtime effect as CPUs are
2269         unlikely to support a server actually reaching such a large number of
2270         leases.
2271
2272       The max-lease-time statement
2273
2274         max-lease-time time;
2275
2276         Time should be the maximum length in seconds that will be assigned to
2277         a lease.  If not defined, the default maximum lease  time  is  86400.
2278         The only exception to this is that Dynamic BOOTP lease lengths, which
2279         are not specified by the client, are not limited by this maximum.
2280
2281       The min-lease-time statement
2282
2283         min-lease-time time;
2284
2285         Time should be the minimum length in seconds that will be assigned to
2286         a  lease.   The  default  is the minimum of 300 seconds or max-lease-
2287         time.
2288
2289       The min-secs statement
2290
2291         min-secs seconds;
2292
2293         Seconds should be the minimum number of seconds since a client  began
2294         trying  to acquire a new lease before the DHCP server will respond to
2295         its request.  The number of seconds  is  based  on  what  the  client
2296         reports, and the maximum value that the client can report is 255 sec‐
2297         onds.  Generally, setting this to one will result in the DHCP  server
2298         not  responding  to the client's first request, but always responding
2299         to its second request.
2300
2301         This can be used to set up a secondary DHCP server which never offers
2302         an  address  to  a  client  until the primary server has been given a
2303         chance to do so.  If the primary server is down, the client will bind
2304         to  the secondary server, but otherwise clients should always bind to
2305         the primary.  Note that this does not, by itself,  permit  a  primary
2306         server and a secondary server to share a pool of dynamically-allocat‐
2307         able addresses.
2308
2309       The next-server statement
2310
2311         next-server server-name;
2312
2313         The next-server statement is used to specify the host address of  the
2314         server  from  which  the initial boot file (specified in the filename
2315         statement) is to be loaded.   Server-name  should  be  a  numeric  IP
2316         address  or  a domain name.  If no next-server statement applies to a
2317         given client, the address 0.0.0.0 is used.
2318
2319       The omapi-port statement
2320
2321         omapi-port port;
2322
2323         The omapi-port statement causes the DHCP server to listen  for  OMAPI
2324         connections  on  the  specified  port.  This statement is required to
2325         enable the OMAPI protocol, which is used to examine  and  modify  the
2326         state of the DHCP server as it is running.
2327
2328       The one-lease-per-client statement
2329
2330         one-lease-per-client flag;
2331
2332         If  this flag is enabled, whenever a client sends a DHCPREQUEST for a
2333         particular lease, the server will automatically free any other leases
2334         the client holds.  This presumes that when the client sends a DHCPRE‐
2335         QUEST, it has forgotten any lease not mentioned in the DHCPREQUEST  -
2336         i.e.,  the client has only a single network interface and it does not
2337         remember leases it's holding on networks to which it is not currently
2338         attached.   Neither  of these assumptions are guaranteed or provable,
2339         so we urge caution in the use of this statement.
2340
2341       The pid-file-name statement
2342
2343         pid-file-name name;
2344
2345         Name should be the name of the DHCP server's process ID  file.   This
2346         is  the file in which the DHCP server's process ID is stored when the
2347         server starts.  By default, this  is  /var/run/dhcpd.pid.   Like  the
2348         lease-file-name  statement,  this  statement must appear in the outer
2349         scope of the configuration file.  It has no effect if  overridden  by
2350         the -pf flag or the PATH_DHCPD_PID environment variable.
2351
2352         The dhcpv6-pid-file-name statement
2353
2354            dhcpv6-pid-file-name name;
2355
2356            Name  is the name of the pid file to use if and only if the server
2357            is   running   in   DHCPv6   mode.    By    default,    this    is
2358            /var/lib/dhcpd/dhcpd6.pid.   This  statement,  like pid-file-name,
2359            must appear in the outer scope of the configuration file.  It  has
2360            no  effect  if  overridden  by the -pf flag or the PATH_DHCPD6_PID
2361            environment variable.  If dhcpv6-pid-file-name is  not  specified,
2362            but pid-file-name is, the latter value will be used.
2363
2364         The ping-check statement
2365
2366            ping-check flag;
2367
2368            When  the  DHCP server is considering dynamically allocating an IP
2369            address to a client, it first sends an ICMP Echo request (a  ping)
2370            to  the  address being assigned.  It waits for a second, and if no
2371            ICMP Echo response has been heard, it assigns the address.   If  a
2372            response is heard, the lease is abandoned, and the server does not
2373            respond to the client.  The lease will remain abandoned for a min‐
2374            imum of abandon-lease-time seconds.
2375
2376            If  a  there  are  no  free  addressses but there are abandoned IP
2377            addresses, the DHCP server will attempt to reclaim an abandoned IP
2378            address regardless of the value of abandon-lease-time.
2379
2380            This  ping check introduces a default one-second delay in respond‐
2381            ing to DHCPDISCOVER messages, which can  be  a  problem  for  some
2382            clients.   The default delay of one second may be configured using
2383            the ping-timeout parameter.  The ping-check configuration  parame‐
2384            ter  can  be  used to control checking - if its value is false, no
2385            ping check is done.
2386
2387         The ping-timeout statement
2388
2389            ping-timeout seconds;
2390
2391            If the DHCP server determined it should send an ICMP echo  request
2392            (a  ping)  because  the ping-check statement is true, ping-timeout
2393            allows you to configure how many seconds the  DHCP  server  should
2394            wait  for  an  ICMP  Echo  response  to  be heard, if no ICMP Echo
2395            response has been received before the timeout expires, it  assigns
2396            the  address.  If a response is heard, the lease is abandoned, and
2397            the server does not respond to the client.  If no  value  is  set,
2398            ping-timeout defaults to 1 second.
2399
2400         The preferred-lifetime statement
2401
2402            preferred-lifetime seconds;
2403
2404            IPv6  addresses have ´valid´ and ´preferred´ lifetimes.  The valid
2405            lifetime determines at what point at lease might be said  to  have
2406            expired,  and  is  no  longer useable.  A preferred lifetime is an
2407            advisory condition to help applications move off  of  the  address
2408            and onto currently valid addresses (should there still be any open
2409            TCP sockets or similar).
2410
2411            The preferred lifetime defaults to 5/8 the default lease time.
2412
2413         The prefix-length-mode statement
2414
2415            prefix-length-mode mode;
2416
2417            According to RFC 3633, DHCPv6 clients may specify preferences when
2418            soliciting prefixes by including an IA_PD Prefix option within the
2419            IA_PD option. Among the preferences that may be  conveyed  is  the
2420            "prefix-length".  When  non-zero  it  indicates a client's desired
2421            length for offered prefixes.  The RFC  states  that  servers  "MAY
2422            choose to use the information...to select prefix(es)" but does not
2423            specify any particular rules for doing so. The  prefix-length-mode
2424            statement  can  be used to set the prefix selection rules employed
2425            by the server, when clients send a non-zero  prefix-length  value.
2426            The  mode parameter must be one of ignore, prefer, exact, minimum,
2427            or maximum where:
2428
2429            1. ignore - The requested length is ignored. The server will offer
2430            the first available prefix.
2431
2432            2.  prefer - The server will offer the first available prefix with
2433            the same length as the requested length.  If none are  found  then
2434            it will offer the first available prefix of any length.
2435
2436            3.  exact  - The server will offer the first available prefix with
2437            the same length as the requested length.  If none  are  found,  it
2438            will  return  a  status indicating no prefixes available.  This is
2439            the default behavior.
2440
2441            4. minimum - The server will offer the first available prefix with
2442            the  same  length  as the requested length.  If none are found, it
2443            will return the first available prefix  whose  length  is  greater
2444            than  (e.g.  longer  than), the requested value.  If none of those
2445            are found, it will return a status indicating no  prefixes  avail‐
2446            able.   For  example,  if client requests a length of /60, and the
2447            server has available prefixes of lengths  /56  and  /64,  it  will
2448            offer prefix of length /64.
2449
2450            5. maximum - The server will offer the first available prefix with
2451            the same length as the requested length.  If none  are  found,  it
2452            will  return  the first available prefix whose length is less than
2453            (e.g. shorter than), the requested value.  If none  of  those  are
2454            found,  it  will return a status indicating no prefixes available.
2455            For example, if client requests a length of /60,  and  the  server
2456            has  available  prefixes  of  lengths /56 and /64, it will offer a
2457            prefix of length /56.
2458
2459            In general "first available" is determined by the order  in  which
2460            pools  are defined in the server's configuration.  For example, if
2461            a subnet is defined with three prefix pools A,B, and C:
2462
2463            subnet 3000::/64 {
2464                 # pool A
2465                 pool6 {
2466                      :
2467                 }
2468                 # pool B
2469                 pool6 {
2470                      :
2471                 }
2472                 # pool C
2473                 pool6 {
2474                      :
2475                 }
2476            }
2477
2478            then the pools will be checked in the order A,  B,  C.  For  modes
2479            prefer,  minimum,  and maximum this may mean checking the pools in
2480            that order twice.  A first pass through is  made  looking  for  an
2481            available  prefix  of  exactly  the preferred length.  If none are
2482            found, then a second pass is performed starting with  pool  A  but
2483            with appropriately adjusted length criteria.
2484
2485         The remote-port statement
2486
2487            remote-port port;
2488
2489            This  statement  causes the DHCP server to transmit DHCP responses
2490            to DHCP clients upon the UDP port specified in port,  rather  than
2491            on  port 68.  In the event that the UDP response is transmitted to
2492            a DHCP Relay, the server generally uses the local-port  configura‐
2493            tion  value.   Should  the  DHCP  Relay  happen to be addressed as
2494            127.0.0.1, however, the DHCP Server transmits its response to  the
2495            remote-port  configuration  value.   This is generally only useful
2496            for testing purposes, and this configuration value  should  gener‐
2497            ally not be used.
2498
2499         The server-identifier statement
2500
2501            server-identifier hostname;
2502
2503            The  server-identifier  statement  can be used to define the value
2504            that is sent in the DHCP Server  Identifier  option  for  a  given
2505            scope.   The  value  specified  must be an IP address for the DHCP
2506            server, and must be reachable by all clients served by a  particu‐
2507            lar scope.
2508
2509            The  use  of  the server-identifier statement is not recommended -
2510            the only reason to use it is to  force  a  value  other  than  the
2511            default  value  to  be  sent  on occasions where the default value
2512            would be incorrect.  The default value is  the  first  IP  address
2513            associated  with  the  physical  network  interface  on  which the
2514            request arrived.
2515
2516            The usual case where the server-identifier statement needs  to  be
2517            sent  is  when  a physical interface has more than one IP address,
2518            and the one being sent by default isn't appropriate  for  some  or
2519            all clients served by that interface.  Another common case is when
2520            an alias is defined for the purpose  of  having  a  consistent  IP
2521            address  for  the  DHCP server, and it is desired that the clients
2522            use this IP address when contacting the server.
2523
2524            Supplying a value for the dhcp-server-identifier option is equiva‐
2525            lent to using the server-identifier statement.
2526
2527         The server-id-check statement
2528
2529            server-id-check flag;
2530
2531            The  server-id-check statement is used to control whether or not a
2532            server, participating in failover, verifies that the value of  the
2533            dhcp-server-identifier  option in received DHCP REQUESTs match the
2534            server's id before processing the request. Server id  checking  is
2535            disabled  by  default.   Setting this flag enables id checking and
2536            thereafter the server will only process requests that match.  Note
2537            the flag setting should be consistent between failover partners.
2538
2539            Unless  overridden  by use of the server-identifier statement, the
2540            value the server uses as its id will be the first IP address asso‐
2541            ciated  with  the  physical network interface on which the request
2542            arrived.
2543
2544            In order to reduce runtime overhead the server only checks  for  a
2545            server  id  option  in  the global and subnet scopes.  Complicated
2546            configurations may result in different server ids for  this  check
2547            and  when  the  server  id for a reply packet is determined, which
2548            would prohibit the server from responding.
2549
2550            The primary use for this option is  when  a  client  broadcasts  a
2551            request  but  requires  that  the  response  come  from a specific
2552            failover peer.  An example of this would be when a client  reboots
2553            while  its  lease is still active - in this case both servers will
2554            normally respond.  Most of the time the  client  won't  check  the
2555            server  id  and  can  use either of the responses.  However if the
2556            client does check the server id it may reject the response  if  it
2557            came  from the wrong peer.  If the timing is such that the "wrong"
2558            peer responds first most of the time the client  may  not  get  an
2559            address for some time.
2560
2561            Care should be taken before enabling this option.
2562
2563         The server-duid statement
2564
2565            server-duid LLT [ hardware-type timestamp hardware-address ] ;
2566
2567            server-duid EN enterprise-number enterprise-identifier ;
2568
2569            server-duid LL [ hardware-type hardware-address ] ;
2570
2571            The server-duid statement configures the server DUID. You may pick
2572            either LLT (link local address plus time), EN (enterprise), or  LL
2573            (link local).
2574
2575            If you choose LLT or LL, you may specify the exact contents of the
2576            DUID.  Otherwise the server will generate a DUID of the  specified
2577            type.
2578
2579            If  you  choose EN, you must include the enterprise number and the
2580            enterprise-identifier.
2581
2582            If there is a server-duid statement in the lease file it will take
2583            precedence over the server-duid statement from the config file and
2584            a dhcp6.server-id option in the config file will override both.
2585
2586            The default server-duid type is LLT.
2587
2588         The server-name statement
2589
2590            server-name name ;
2591
2592            The server-name statement can be used to inform the client of  the
2593            name  of  the server from which it is booting.  Name should be the
2594            name that will be provided to the client.
2595
2596         The dhcpv6-set-tee-times statement
2597
2598            dhcpv6-set-tee-times flag;
2599
2600            The dhcpv6-set-tee-times statement enables setting T1  and  T2  to
2601            the  values  recommended in RFC 3315 (Section 22.4).  When setting
2602            T1 and T2, the server will use dhcp-renewal-time and  dhcp-rebind‐
2603            ing-time,  respectively.   A value of zero tells the client it may
2604            choose its own value.
2605
2606            When those options are not defined then values will be set to zero
2607            unless  the  global  dhcpv6-set-tee-timesis  enabled.   When  this
2608            option is enabled the times are calculated as recommended  by  RFC
2609            3315, Section 22.4:
2610
2611                  T1 will be set to 0.5 times the shortest preferred lifetime
2612                  in the reply.  If the "shortest" preferred lifetime is
2613                  0xFFFFFFFF,  T1 will set to 0xFFFFFFFF.
2614
2615                  T2 will be set to 0.8 times the shortest preferred lifetime
2616                  in the reply.  If the "shortest" preferred lifetime is
2617                  0xFFFFFFFF,  T2 will set to 0xFFFFFFFF.
2618
2619            Keep  in  mind  that given sufficiently small lease lifetimes, the
2620            above calculations will result in the two values being equal.  For
2621            example,  a  9  second lease lifetime would yield T1 = T2 = 4 sec‐
2622            onds, which would cause clients to issue rebinds only.  In such  a
2623            case it would likely be better to explicitly define the values.
2624
2625            Note  that dhcpv6-set-tee-times is intended to be transitional and
2626            will likely be removed in  a  future  release.  Once  removed  the
2627            behavior will be to use the configured values when present or cal‐
2628            culate them per the RFC. If you want zeros, define them as zeros.
2629
2630         The site-option-space statement
2631
2632            site-option-space name ;
2633
2634            The site-option-space statement can be used to determine from what
2635            option  space  site-local options will be taken.  This can be used
2636            in much the same way as the vendor-option-space statement.   Site-
2637            local  options  in  DHCP are those options whose numeric codes are
2638            greater than 224.  These options are  intended  for  site-specific
2639            uses, but are frequently used by vendors of embedded hardware that
2640            contains DHCP clients.  Because site-specific  options  are  allo‐
2641            cated  on  an ad hoc basis, it is quite possible that one vendor's
2642            DHCP client might use the same option code that  another  vendor's
2643            client uses, for different purposes.  The site-option-space option
2644            can be used to assign a different set of site-specific options for
2645            each  such vendor, using conditional evaluation (see dhcp-eval (5)
2646            for details).
2647
2648         The stash-agent-options statement
2649
2650            stash-agent-options flag;
2651
2652            If the stash-agent-options parameter is true for a  given  client,
2653            the  server  will  record the relay agent information options sent
2654            during the client's initial DHCPREQUEST message  when  the  client
2655            was  in  the  SELECTING  state  and behave as if those options are
2656            included in all subsequent DHCPREQUEST messages sent in the RENEW‐
2657            ING  state.  This works around a problem with relay agent informa‐
2658            tion options, which is that they usually not appear in DHCPREQUEST
2659            messages  sent  by  the client in the RENEWING state, because such
2660            messages are unicast directly to the server and not sent through a
2661            relay agent.
2662
2663         The update-conflict-detection statement
2664
2665            update-conflict-detection flag;
2666
2667            If  the  update-conflict-detection  parameter  is true, the server
2668            will perform standard  DHCID  multiple-client,  one-name  conflict
2669            detection.   If  the parameter has been set false, the server will
2670            skip this check and instead simply tear down any previous bindings
2671            to install the new binding without question.  The default is true.
2672
2673         The update-optimization statement
2674
2675            update-optimization flag;
2676
2677            If  the update-optimization parameter is false for a given client,
2678            the server will attempt a DNS update for that client each time the
2679            client  renews  its  lease,  rather than only attempting an update
2680            when it appears to be necessary.  This will allow the DNS to  heal
2681            from  database  inconsistencies  more easily, but the cost is that
2682            the DHCP server must do many more DNS updates.  We recommend leav‐
2683            ing  this  option enabled, which is the default. If this parameter
2684            is not specified, or is true, the DHCP  server  will  only  update
2685            when  the  client information changes, the client gets a different
2686            lease, or the client's lease expires.
2687
2688         The update-static-leases statement
2689
2690            update-static-leases flag;
2691
2692            The update-static-leases flag, if enabled, causes the DHCP  server
2693            to  do  DNS  updates  for  clients even if those clients are being
2694            assigned their IP address using a fixed-address statement  -  that
2695            is, the client is being given a static assignment.  It is not rec‐
2696            ommended because the DHCP server has  no  way  to  tell  that  the
2697            update  has  been  done,  and therefore will not delete the record
2698            when it is not in use.  Also, the server must attempt  the  update
2699            each time the client renews its lease, which could have a signifi‐
2700            cant performance impact in environments that place  heavy  demands
2701            on the DHCP server.
2702
2703         The use-host-decl-names statement
2704
2705            use-host-decl-names flag;
2706
2707            If  the  use-host-decl-names  parameter  is true in a given scope,
2708            then for every host declaration within that scope, the  name  pro‐
2709            vided  for  the host declaration will be supplied to the client as
2710            its hostname.  So, for example,
2711
2712                group {
2713                  use-host-decl-names on;
2714
2715                  host joe {
2716                    hardware ethernet 08:00:2b:4c:29:32;
2717                    fixed-address joe.example.com;
2718                  }
2719                }
2720
2721            is equivalent to
2722
2723                  host joe {
2724                    hardware ethernet 08:00:2b:4c:29:32;
2725                    fixed-address joe.example.com;
2726                    option host-name "joe";
2727                  }
2728
2729            Additionally, enabling use-host-decl-names instructs the server to
2730            use  the  host declaration name in the the forward DNS name, if no
2731            other values are available.  This value selection process is  dis‐
2732            cussed in more detail under DNS updates.
2733
2734            An option host-name statement within a host declaration will over‐
2735            ride the use of the name in the host declaration.
2736
2737            It should be noted here that most DHCP clients  completely  ignore
2738            the  host-name option sent by the DHCP server, and there is no way
2739            to configure them not to do this.  So you generally have a  choice
2740            of  either  not  having  any hostname to client IP address mapping
2741            that the client will recognize,  or  doing  DNS  updates.   It  is
2742            beyond  the  scope  of  this document to describe how to make this
2743            determination.
2744
2745         The use-lease-addr-for-default-route statement
2746
2747            use-lease-addr-for-default-route flag;
2748
2749            If the use-lease-addr-for-default-route parameter  is  true  in  a
2750            given  scope,  then  instead of sending the value specified in the
2751            routers option (or sending no value at all), the IP address of the
2752            lease  being  assigned  is  sent  to  the client.  This supposedly
2753            causes Win95 machines to ARP for all IP addresses,  which  can  be
2754            helpful  if  your  router is configured for proxy ARP.  The use of
2755            this feature is not recommended, because it won't  work  for  many
2756            DHCP clients.
2757
2758         The vendor-option-space statement
2759
2760            vendor-option-space string;
2761
2762            The  vendor-option-space  parameter  determines  from  what option
2763            space vendor options are taken.  The  use  of  this  configuration
2764            parameter  is  illustrated  in the dhcp-options(5) manual page, in
2765            the VENDOR ENCAPSULATED OPTIONS section.
2766

SETTING PARAMETER VALUES USING EXPRESSIONS

2768       Sometimes it's helpful to be able to set the value  of  a  DHCP  server
2769       parameter  based  on  some value that the client has sent.  To do this,
2770       you can  use  expression  evaluation.   The  dhcp-eval(5)  manual  page
2771       describes how to write expressions.  To assign the result of an evalua‐
2772       tion to an option, define the option as follows:
2773
2774         my-parameter = expression ;
2775
2776       For example:
2777
2778         ddns-hostname = binary-to-ascii (16, 8, "-",
2779                                          substring (hardware, 1, 6));
2780

RESERVED LEASES

2782       It's often useful to allocate a single address to a single  client,  in
2783       approximate  perpetuity.   Host  statements  with fixed-address clauses
2784       exist to a certain extent to  serve  this  purpose,  but  because  host
2785       statements  are  intended  to  approximate ´static configuration´, they
2786       suffer from not being referenced in a littany of other Server Services,
2787       such as dynamic DNS, failover, ´on events´ and so forth.
2788
2789       If  a  standard  dynamic  lease, as from any range statement, is marked
2790       ´reserved´, then the server will only allocate this lease to the client
2791       it is identified by (be that by client identifier or hardware address).
2792
2793       In practice, this means that the lease follows the normal state engine,
2794       enters ACTIVE state when the client is bound  to  it,  expires,  or  is
2795       released,  and  any  events or services that would normally be supplied
2796       during these events are processed normally, as with any  other  dynamic
2797       lease.   The  only  difference  is that failover servers treat reserved
2798       leases as special when they enter the FREE  or  BACKUP  states  -  each
2799       server  applies the lease into the state it may allocate from - and the
2800       leases are not placed on the queue for  allocation  to  other  clients.
2801       Instead  they  may  only  be ´found´ by client identity.  The result is
2802       that the lease is only offered to the returning client.
2803
2804       Care should probably be taken to ensure that the client  only  has  one
2805       lease within a given subnet that it is identified by.
2806
2807       Leases  may  be  set  ´reserved´  either  through OMAPI, or through the
2808       ´infinite-is-reserved´ configuration option (if this is  applicable  to
2809       your environment and mixture of clients).
2810
2811       It  should  also be noted that leases marked ´reserved´ are effectively
2812       treated the same as leases marked ´bootp´.
2813

REFERENCE: OPTION STATEMENTS

2815       DHCP option statements are documented  in  the  dhcp-options(5)  manual
2816       page.
2817

REFERENCE: EXPRESSIONS

2819       Expressions used in DHCP option statements and elsewhere are documented
2820       in the dhcp-eval(5) manual page.
2821

SEE ALSO

2823       dhcpd(8),  dhcpd.leases(5),  dhcp-options(5),  dhcp-eval(5),   RFC2132,
2824       RFC2131.
2825

AUTHOR

2827       dhcpd.conf(5) is maintained by ISC.  Information about Internet Systems
2828       Consortium can be found at https://www.isc.org.
2829
2830
2831
2832                                                                 dhcpd.conf(5)
Impressum