a small comment on isc dhcp

mark mark at immermail.com
Wed Feb 28 18:37:55 UTC 2007 

David W. Hankins wrote:
> On Wed, Feb 28, 2007 at 09:28:36AM -0800, mark wrote:
>> Also, is this desire for configuration error tolerance confined to
>> dhcpd, or do you want all software to do this?  sshd?  apache?
>> bind?  A unix 'mount' that tolerates duplicate mount points
>> in fstab and just picks one?
> 
> Is it better for software to fail (and thus be visible) or to
> try and tolerate the situation (and thus hide an error)?
> 
> I've heard operators tell me that they hate software that only
> manages to "hide" failure situations by pressing on long after
> they'd encountered "bad config".
> 
> But still, of course, Luc is not alone.
> 
> 
> For example, ISC DHCP's 'authoritative' mess.  There are those
> that would applaud the attempt not to spit garbage out onto
> any random interface someone 'accidentally' started dhcpd
> on.  But if you've ever had a non-authoritative dhcpd
> on one of your networks, you might be of the opinion that it
> would actually be better if it did DHCPNAK other clients.
> 
> By failing to NAK, it effectively hides itself...it still
> addresses some of your clients (which is bad), it just
> becomes less visible.
> 
> 
> Was that really a benefit, and if so was it worth it?  I'd
> have to say "no."  It's trying too hard to be nice.

Surely there is no single best practice with respect to tolerance of
"abnormal" situations.  But I think the 'authoritative' issue
differs in at least one important respect from the issue Luc raised.
While the 'authoritative' business may be a 'mess', it's essentially
deterministic.  It's pretty hard to make tolerance of config errors
deterministic, at least without adding a lot of complexity that is
more hassle than the benefit.  Especially when you consider that the
issues Luc raised are easily, widely, and routinely solved in pretty
simple ways with existing tools and practices.  There are probably
thousands of sites running dhcpd that have solved most of these issues
with no more than simple shell scripts, version control software, etc.

Mark

More information about the dhcp-users mailing list