Clients keep sending DHCPDECLINE
Rasmus Bøg Hansen
moffe at zz9.dk
Fri Aug 20 11:10:36 UTC 2010
Hi folks
I have been running ISC DHCPD during many years with only minor tweaks
necessary and no trouble.
Over the last months I have suddenly seen a behaviour, that is new to
me:
1) Client DHCPDISCOVERs
2) Server DHCPOFFERs
3) Client DHCPREQUESTs
4) Server DHCPACKs
5) Client DHCPDECLINEs
6) Server abandons IP
7) Goto 1, with new IP
This goes on for a long loop, probably until the user shuts down the PC.
My *impresssion* is that this behaviour comes from Windows Vista/7
clients, but not all clients on the network behaves like this! I have no
access to the PCs (residential network) so I am unable to check this.
I am sure that the IP was previously unused so even though the client
claims that the IP is aldready used, I am certain that it is not.
The network is "flat", that is, one managed switch with no DHCP
filtering etc. and 12 unmanaged switches, all directly connected to the
managed switch. The DHCP server is connected directly to the managed
switch.
The DHCP server is Debian stable with dhcpd from stable, upgrading to
4.1.1 did not change anything.
Aug 20 12:49:34 albani dhcpd: DHCPDISCOVER from 0c:60:76:5a:6b:77 via eth0
Aug 20 12:49:35 albani dhcpd: DHCPOFFER on 172.16.222.27 to 0c:60:76:5a:6b:77 (8220-AG) via eth0
Aug 20 12:49:35 albani dhcpd: DHCPREQUEST for 172.16.222.27 (172.16.0.2) from 0c:60:76:5a:6b:77 (8220-AG) via eth0
Aug 20 12:49:35 albani dhcpd: DHCPACK on 172.16.222.27 to 0c:60:76:5a:6b:77 (8220-AG) via eth0
Aug 20 12:49:37 albani dhcpd: Abandoning IP address 172.16.222.27: declined.
Aug 20 12:49:37 albani dhcpd: DHCPDECLINE of 172.16.222.27 from 0c:60:76:5a:6b:77 (8220-AG) via eth0: abandoned
Aug 20 12:49:47 albani dhcpd: DHCPDISCOVER from 0c:60:76:5a:6b:77 via eth0
Aug 20 12:49:48 albani dhcpd: DHCPOFFER on 172.16.222.26 to 0c:60:76:5a:6b:77 (8220-AG) via eth0
Aug 20 12:49:48 albani dhcpd: DHCPREQUEST for 172.16.222.26 (172.16.0.2) from 0c:60:76:5a:6b:77 (8220-AG) via eth0
Aug 20 12:49:48 albani dhcpd: DHCPACK on 172.16.222.26 to 0c:60:76:5a:6b:77 (8220-AG) via eth0
Aug 20 12:49:50 albani dhcpd: Abandoning IP address 172.16.222.26: declined.
Aug 20 12:49:50 albani dhcpd: DHCPDECLINE of 172.16.222.26 from 0c:60:76:5a:6b:77 (8220-AG) via eth0: abandoned
Aug 20 12:50:00 albani dhcpd: DHCPDISCOVER from 0c:60:76:5a:6b:77 via eth0
Aug 20 12:50:01 albani dhcpd: DHCPOFFER on 172.16.222.25 to 0c:60:76:5a:6b:77 (8220-AG) via eth0
Aug 20 12:50:01 albani dhcpd: DHCPREQUEST for 172.16.222.25 (172.16.0.2) from 0c:60:76:5a:6b:77 (8220-AG) via eth0
Aug 20 12:50:01 albani dhcpd: DHCPACK on 172.16.222.25 to 0c:60:76:5a:6b:77 (8220-AG) via eth0
Aug 20 12:50:03 albani dhcpd: Abandoning IP address 172.16.222.25: declined.
Aug 20 12:50:03 albani dhcpd: DHCPDECLINE of 172.16.222.25 from 0c:60:76:5a:6b:77 (8220-AG) via eth0: abandoned
dhcpd.conf:
include "/etc/dhcp3/dhcpd.key";
include "/etc/dhcp3/dhcpd.master";
include "/etc/dhcp3/dhcpd.static";
include "/etc/dhcp3/dhcpd.blacklist";
dhcpd.master:
server-identifier 172.16.0.2;
default-lease-time 7200;
max-lease-time 14400;
authoritative;
log-facility local6;
zone 16.172.in-addr.arpa. {
key ak-key;
primary 172.16.0.2;
}
zone amagerkollegiet.dk. {
key ak-key;
primary 172.16.0.2;
}
option domain-name "amagerkollegiet.dk";
ddns-domainname "amagerkollegiet.dk";
ddns-update-style interim;
ignore client-updates;
update-optimization on;
update-static-leases on;
class "validclients" {
match if (
(
(substring (option host-name, 0, 2) = "17")
or (substring (option host-name, 0, 2) = "74")
or (substring (option host-name, 0, 2) = "76")
or (substring (option host-name, 0, 2) = "78")
or (substring (option host-name, 0, 2) = "80")
or (substring (option host-name, 0, 2) = "82")
or (substring (option host-name, 0, 2) = "84")
or (substring (option host-name, 0, 2) = "86")
or (substring (option host-name, 0, 2) = "88")
or (substring (option host-name, 0, 2) = "75")
or (substring (option host-name, 0, 2) = "66")
or (substring (option host-name, 0, 2) = "68")
) and
(
(substring (option host-name, 2, 2) = "01")
or (substring (option host-name, 2, 2) = "02")
or (substring (option host-name, 2, 2) = "03")
or (substring (option host-name, 2, 2) = "04")
or (substring (option host-name, 2, 2) = "05")
or (substring (option host-name, 2, 2) = "06")
or (substring (option host-name, 2, 2) = "07")
or (substring (option host-name, 2, 2) = "08")
or (substring (option host-name, 2, 2) = "09")
or (substring (option host-name, 2, 2) = "10")
or (substring (option host-name, 2, 2) = "11")
or (substring (option host-name, 2, 2) = "12")
or (substring (option host-name, 2, 2) = "13")
or (substring (option host-name, 2, 2) = "14")
or (substring (option host-name, 2, 2) = "15")
or (substring (option host-name, 2, 2) = "16")
or (substring (option host-name, 2, 2) = "17")
or (substring (option host-name, 2, 2) = "18")
or (substring (option host-name, 2, 2) = "19")
or (substring (option host-name, 2, 2) = "20")
or (substring (option host-name, 2, 2) = "21")
or (substring (option host-name, 2, 2) = "22")
or (substring (option host-name, 2, 2) = "23")
or (substring (option host-name, 2, 2) = "24")
or (substring (option host-name, 2, 2) = "25")
or (substring (option host-name, 2, 2) = "26")
or (substring (option host-name, 2, 2) = "27")
or (substring (option host-name, 2, 2) = "28")
or (substring (option host-name, 2, 2) = "29")
or (substring (option host-name, 2, 2) = "30")
or (substring (option host-name, 2, 2) = "31")
));
}
class "ras-clients" {
match if substring (option dhcp-client-identifier, 1, 3) = "RAS";
deny booting;
}
option netbios-node-type 8;
option ip-forwarding off;
option wpad code 252 = text;
option time-offset -3600;
one-lease-per-client on;
deny duplicates;
option space MSFT;
option MSFT.release-on-shutdown code 2 = unsigned integer 32;
class "win2k-clients" {
match if option vendor-class-identifier = "MSFT 5.0";
vendor-option-space MSFT;
option MSFT.release-on-shutdown 1;
}
shared-network amagerkollegiet {
subnet 172.16.0.0 netmask 255.240.0.0 {
pool {
allow members of "validclients";
range 172.16.1.0 172.16.255.254;
}
pool {
deny members of "validclients";
allow unknown clients;
range 172.31.0.1 172.31.0.254;
ddns-updates off;
default-lease-time 300;
max-lease-time 600;
}
option domain-name-servers 172.16.0.2,
208.67.222.222, 193.162.159.194;
option netbios-name-servers 172.16.0.2;
option time-servers 172.16.0.2,
193.162.159.194;
option ntp-servers 172.16.0.2,
193.162.159.194;
option routers 172.16.0.1;
server-identifier 172.16.0.2;
"http://www.amagerkollegiet.dk/wpad.dat";
}
subnet 192.168.0.0 netmask 255.255.0.0 {
pool {
range 192.168.0.0 192.168.255.255;
deny all clients;
}
option routers 192.168.0.2;
option domain-name-servers 172.16.0.2, 172.16.0.7;
}
}
dhcpd.static and dhcpd.blacklist only holds a lot of static host
declarations. None for the problematic clients, though.
I am really at a loss here. I have tried to make the pool a lot bigger
with no help. I have tried ignoring declines, ping-checks etc. and
nothing helps.
What is the cause of this problem - a bug/virus in Windows?
TIA and best regards
/Rasmus
--
Rasmus Bøg Hansen || moffe at zz9.dk
C.F. Møllers Allé 46, 3tv || http://www.zz9.dk
2300 København S ||
More information about the dhcp-users
mailing list