ISC DHCP server offers fixed IP addresses to ANY device!

Glenn Satchell Glenn.Satchell at uniq.com.au
Sat Dec 20 12:56:30 UTC 2008 

Hi Daniel

In a subnet definition the range statement lists the addresses that
should be offered to dynamic dhcp clients. You have the .4 address in
the dynamic range so dhcpd offers it to dynamic dhcp clients.

You also have the same address in the fixed-address statement. This
does not automatically exclude it from the dynamic range.

subnet XX.169.176.0 netmask 255.255.255.248 {
  option routers XX.169.176.1;
  range XX.169.176.4 XX.169.176.6;
  host donaldduck {
    hardware ethernet 00:11:22:33:44:55;
    fixed-address XX.169.176.4;
  }
}

For this example the fix is to change the range statement:

  range XX.169.176.5 XX.169.176.6;

What is happenning is that if the host donaldduck is up and running,
then dhcpd tries to ping the IP address before offering it to a client,
so in this case it detects that it is in use and skips over it. If host
donaldduck is not booted up, then dhcpd does the ping, finds the
address not in use and so offers it to the dynamic client.

regards,
-glenn

>Date: Fri, 19 Dec 2008 16:47:21 +0100
>From: "Daniel Manser" <doenle85 at gmail.com>
>To: dhcp-users at isc.org
>Subject: ISC DHCP server offers fixed IP addresses to ANY device!
>
>Dear List
>
>We are currently having an issue with our ISC DHCP server offering
>reserved IP addresses to virtually any device, not only to the MAC
>address defined with a "fixed-address" statement.
>
>I'm currently trying to set up an ISC DHCP server for our cable modem
>infrastructure. I compiled the latest DHCPD source code (version 4.0.0)
>on a fresh Debian 4 box.
>
>Assuming that the IP address XX.169.176.4 is reserved for
>00:11:22:33:44:55 (yes, it's a fake MAC and yes, I'm not very
>creative), the DHCP server offers this address to ANY device. Here's an
>extract of my log file:
>
>Dec 19 15:41:06 dhcpdtest dhcpd: DHCPDISCOVER from 00:a0:12:24:74:a0
>via XX.169.176.1
>Dec 19 15:41:06 dhcpdtest dhcpd: DHCPOFFER on XX.169.176.4 to
>00:a0:12:24:74:a0 via XX.169.176.1
>Dec 19 15:41:06 dhcpdtest dhcpd: DHCPREQUEST for XX.169.176.4 to
>00:a0:12:24:74:a0 via XX.169.176.1
>Dec 19 15:41:06 dhcpdtest dhcpd: DHCPACK on XX.169.176.4 to
>00:a0:12:24:74:a0 via XX.169.176.1
>
>I have no idea why DHCPD offers XX.169.176.4. Please note that there
>are no existing leases in the dhcpd.leases file.
>
>Below my configuration files. For a better understanding, a short
>explaination of my configuration:
>
>Cable modems connect to a DHCP relay and get an IP address out of a
>172.72.0.0 range. A device connected to the modem (a computer, or
>router) requests a public IP address (fictitous ranges XX.169.176.4 to
>XX.169.176.6 and XX.169.176.10 to XX.169.176.14). The address
>XX.169.176.4 is reserved for "donaldduck" and should _not_ be offered
>to any other device.
>
>dhcpdtest:~# cat /etc/dhcpd.conf
>server-identifier XX.196.149.52;
>authorative;
>
>include "/etc/dhcpd.d/networks.conf";
>
>subnet 192.168.99.0 netmask 255.255.255.0 { }
>
>subnet 172.27.0.0 netmask 255.255.255.0
>{
>	option subnet-mask 255.255.255.0;
>	range 172.27.0.10 172.27.0.20;
>	option routers 172.27.0.1;
>	option time-offset 36000;
>	default-lease-time 36000;
>	max-lease-time 2592000;
>	option tftp-server-name "XX.169.149.52";
>	filename "THG540-10M-10M_d.cfg";
>	include "/etc/dhcpd.d/modems.conf";
>}
>
>dhcpdtest:~# cat /etc/dhcpd.d/networks.conf
>shared-network OURNETWORKS {
>  option domain-name-servers XX.169.149.10;
>  default-lease-time 36000;
>  subnet XX.169.176.0 netmask 255.255.255.248 {
>    option routers XX.169.176.1;
>    range XX.169.176.4 XX.169.176.6;
>    host donaldduck {
>      hardware ethernet 00:11:22:33:44:55;
>      fixed-address XX.169.176.4;
>      }
>    }
>  subnet XX.169.176.8 netmask 255.255.255.248 {
>    option routers XX.169.176.9;
>    range XX.169.176.10 XX.169.176.14;
>    }
>}
>
>dhcpdtest:~# cat /etc/dhcpd.d/modems.conf
>host testmodem {
>  hardware ethernet 00:1C:EA:B6:82:27;
>  filename "light-d11-epc2203-upd-p1.cm.txt";
>  fixed-address 172.27.0.99;
>}
>
>Any help/response on this issue is highly appreciated.
>
>Daniel
>_______________________________________________
>dhcp-users mailing list
>dhcp-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list