dhcpd handing out wrong gateway

Fri Sep 9 11:15:55 UTC 2011

The same thing happens for clients that match those classes defined 
inside a shared subnet (the ones in the include file). Those classes 
will inherit things like option routers from the subnet, even though the 
client may have an address in another subnet. You should move all your 
class definitions to the global scope too.

Also 'include' doesn't work as a truly inline include, but rather 
re-starts the parse tree in that file. This was mentioned in another 
post by one of the ISC people.

I think between this and Simopn's suggestions you've got a few things to 
work on, and this should all be ok.

regards,
-glenn

On 09/09/11 17:12, Simon Hobson wrote:
> Fredrik Björk wrote:
>
>> I'm not actually asking for help to debug config files
>
> Actually, yes you are, but you just don't realise it !
>
> The DHCP server is normally quite reliable and handing out the wrong
> options isn't something it normally does - unless wrongly configured.
> And now I see your config, I spot immediately that my hunch was correct.
>
> You have declared some host configs inside a shared-subnet declaration.
> Except under very limited circumstances which require you to **really
> really** know what you're doing, never ever do this. Host declarations
> are global in scope, so options defined there will override options
> inherited from a subnet.
>
> So, say host "special" gets connected to a different network. It will be
> given an IP address from that new network but it will also inherit the
> options declared in it's host declaration. Bingo - you've now got a host
> with an IP address correct for it's network, but the wrong gateway address.
>
>> shared-network BSR3CPE {
>> subnet 123.123.230.0 netmask 255.255.255.0 {
>> option routers 123.123.230.1;
>> pool {
>> range 123.123.230.40 123.123.230.254;
>> deny members of "16-6M-DHCP";
>> deny members of "Static00223a4e8017";
>> }
>> pool {
>> range 123.123.230.2 123.123.230.39;
>> allow members of "16-6M-DHCP";
>> }
>> }
>> subnet 123.123.233.0 netmask 255.255.255.0 {
>> option routers 123.123.233.1;
>> max-lease-time 600;
>> default-lease-time 600;
>> pool {
>> range 123.123.233.65 123.123.233.254;
>> }
>> # The below "SpecialX" were handed out to people who experienced the
>> "gateway problem". Separate host declarations solved their problems!
>> host special {
>> hardware ethernet 00:19:99:a0:51:13;
>> option routers 123.123.233.1;
>> fixed-address 123.123.233.33;
>> }
>> host special2 {
>> hardware ethernet 00:21:91:ed:b3:bb;
>> option routers 123.123.233.1;
>> fixed-address 123.123.233.34;
>> }
>> host special3 {
>> hardware ethernet 00:25:9c:34:fc:55;
>> option routers 123.123.233.1;
>> fixed-address 123.123.233.35;
>> }
>> host special4 {
>> hardware ethernet 00:11:22:33:ef:ef:ef; # Dummy. For future use...
>> option routers 123.123.233.1;
>> fixed-address 123.123.233.36;
>> }
>> }
>> subnet 123.123.231.0 netmask 255.255.255.0 {
>> option routers 123.123.231.1;
>> pool {
>> deny members of "Static001e6bec1635";
>> deny members of "Static00223a4e8017";
>> range 123.123.231.13 123.123.231.254;
>> }
>> pool { allow members of "Static001e6bec1635"; range 123.123.231.8
>> 123.123.231.8; }
>> pool { allow members of "Static00223a4e8017"; range 123.123.231.9
>> 123.123.231.9; }
>> pool {
>> allow members of "Static0018c022a3be";
>> range 123.123.231.10 123.123.231.10;
>> }
>> }
>> }
>>
>>
>> shared-network CASACPE {
>> subnet 123.123.235.0 netmask 255.255.255.0 {
>> option routers 123.123.235.1;
>> include "/etc/dhcpd.static235";
>> pool {
>> max-lease-time 600;
>> default-lease-time 600;
>> allow members of "MTA";
>> range 123.123.235.250 123.123.235.254;
>> }
>> pool {
>> max-lease-time 600;
>> default-lease-time 600;
>> allow unknown clients;
>> range 123.123.235.240 123.123.235.249;
>> }
>> }
>> subnet 123.123.237.0 netmask 255.255.255.0 {
>> option routers 123.123.237.1;
>> pool {
>> max-lease-time 1200;
>> default-lease-time 1200;
>> deny members of "MTA";
>> deny unknown-clients;
>> range 123.123.237.2 123.123.237.254;
>> }
>> }
>> subnet 123.123.238.0 netmask 255.255.255.0 {
>> option routers 123.123.238.1;
>> pool {
>> max-lease-time 1200;
>> default-lease-time 1200;
>> allow members of "MTA";
>> range 123.123.238.2 123.123.238.254;
>> }
>> }
>> }
>>
>>
>
>