Configuration question..

Wed Sep 13 12:50:33 UTC 2006

Glenn Satchell wrote:
>> To: dhcp-users at isc.org
>> Subject: Re: Configuration question..
>> From: Keith.Neufeld at wichita.edu
>> Date: Tue, 12 Sep 2006 09:20:54 -0500
>>
>>> . . .
>>>
>>> The webmin gui doesn't show us the defined hosts we have, and we can't 
>>> figure out where/how to add them.. so I started to think that somehow 
>>> our config is incorrect..
>>>
>>> . . .
>>>
>>> We use hosts in pools, b/c I have one setup for unknown clients and one 
>>> for known clients.. and well, in the pools I can't see the defined hosts 
>>> that we have in the webmin gui.
>> The fact that the host declarations are inside the pool declaration is 
>> actually irrelevant to whether they can get a lease from that pool or 
>> not--the determination is made (in your configuration) by whether they're 
>> known (listed anywhere in the configuration) or unknown.
>>
>> To demonstrate that, take the host declaration for ronlapbop [sic] and 
>> move it to the 10.0.0.0 "Public Network" section of your configuration, 
>> then try to boot it on your 192.168.1.0 subnet.  It'll still get an 
>> address from one of your known-host ranges, _not_ from the 192.168.1.20-25 
>> range for unknown clients.
>>
>> There's been a thread on the mailing list recently about proper placement 
>> of host declarations; but the common wisdom is to put them _outside_ of 
>> all blocks, in the global scope, UNLESS you specifically want them to use 
>> some of the options from their "home" subnet even when they're roaming to 
>> other subnets.  [Did I say that about right?]  Putting host declarations 
>> inside subnet or pool declarations can lead people to think the hosts are 
>> tied to getting addresses only from the subnet or pool (which isn't 
>> actually the case), so it's nicer to put them globally and avoid the 
>> confusion.
>>
>>
>> It may be just the way my browser is displaying the file, but I prefer 
>> indenting blocks visually to match their syntactic nesting--so it'd be 
>> easier for me to read quickly if e.g. the stuff inside the 10.0.0.65-94 
>> pool were indented by another tabstop, and the hosts inside it (if they 
>> stay there) indented two tabstops from where they appear now.
>>
>> My $.02.
> 
> One other idea is to use the group { } function when you have some
> common options for different groups of hosts. See below.
> 
> I also agree with the wisdom of moving the host declarations to the
> global scope. They will still pick up appropriate subnet and pool
> settings based on whichever subnet or pool they get assigned an address
> from. I would venture to say this seems to be the collective "best
> practice" of the mailing list.
> 
> I would then move the option settings from the pool to the subnet scope.
> 
> The file would start to look a bit like this:
> 
> #global options
> 
> group {
>   option routers 0.0.0.0;
>   host ... { }
>   host ... { }
> }
> host ... { }
> host ... { }
> 
> subnet 192.168.1.0 netmask 255.255.255.0 {
>     option domain-name "adriance.poklib.org"; 
>     option domain-name-servers 192.168.1.2;
>     option netbios-name-servers 192.168.1.248;
>     option netbios-node-type 8;
>     #option netbios-node-type 4;
>     option routers 192.168.1.3;
>     #option routers 192.168.1.2;
> 
>     pool {
>         deny unknown clients;
>         range ...
>         ...
>     } # close pool
> } # close subnet
> 
> subnet 10.0.0.0 netmask 255.255.255.128 {
>     option ...
>     range ...
>     allow unknown clients;
> }
> 
> You have authoritative in the global scope, so no need to repeat it in
> subnet or pool scopes.
> 
> My two cents worth, hope it helps.
> 
> regards,
> -glenn
> --
> Glenn Satchell       mailto:glenn.satchell at uniq.com.au  |  Heard about
> Uniq Advances Pty Ltd           http://www.uniq.com.au  |  the new Unix
> PO Box 70 Paddington NSW Australia 2021                 |  sports car?
> tel:0409-458-580   tel:02-9380-6360   fax:02-9380-6416  |  The  rwx
> 
> 
Ok,

I'm trying to understand this.. and  thinking I'm still missing 
something (as I'm still getting the warning..)

So here is the rough skeleton of what I'm doing..

# dhcpd.conf

authoritative;
other_global_options;

subnet 192.168.1.0 netmask 255.255.255.0 {
global_settings_for_this_subnet;

pool {
	deny unknown clients;
	range 192.168.1.100 192.168.1.105;
	}

group {
	option routers 0.0.0.0;
	host one	{ hardware ethernet aa:bb:cc:dd:ee:f1; fixed-address 
192.168.1.99; }
	}

host two	{ hardware ethernet aa:bb:cc:dd:ee:f2; fixed-address 
192.168.1.98; }
host three	{ hardware ethernet aa:bb:cc:dd:ee:f3; }

pool {
	allow unknown clients;
	range 192.168.1.20 192.168.1.25;
	option domain-name-servers 0.0.0.0;
	}

} # close subnet 192.168.1.0/24

# public network
subnet 10.0.0.0 netmask 255.255.255.128 {
other_options_here;
option router 10.0.0.87;

pool {
	allow unknown clients;
	range 10.0.0.95 10.0.0.125;
	}

group {
	option routers 10.0.0.62;
	host something	{ hardware ethernet 11:22:33:44:55:61; fixed-address 
10.0.0.5; }
	}

host another	{ hardware 11:22:33:44:55:62; }

} # close subnet 10.0.0.0/25

This still gives me warnings:
WARNING: Host declarations are global.  They are not limited to the 
scope you declared them in

do I need to define the hosts outside the subnets even? but if I do that 
how will it know what hosts to apply what to?  how would it tell the 
different between hosts one, two and another? Or am I just missing 
something that should be glaringly obvious?