How to make dhcpd send NAKs instead of silently ignoring DHCPREQUESTS?

Mon Apr 2 16:10:09 UTC 2012

Using isc-dhcpd (now 4.2.3-P2) for years, I am now stuck with a
problem I can't fix. First the relevant parts of dhcp.conf:

authoritative;
ddns-update-style               none;
default-lease-time              300;
max-lease-time                  600;
min-lease-time                  0;
use-host-decl-names             on;
deny duplicates;
one-lease-per-client            on;

<some options>

subnet 192.168.24.0 netmask 255.255.255.0 {
  range                         192.168.24.200 192.168.24.254;
  option broadcast-address      192.168.24.255;
  <some options>
}

host host1.domain.org {
  hardware ethernet     0:90:27:35:66:a2;
  fixed-address         192.168.24.11;
  default-lease-time    14400;
  min-lease-time        14100;
  max-lease-time        14700;
}

host host2.domain.org {
  hardware ethernet     0:18:f3:87:86:60;
  fixed-address         192.168.24.23;
  default-lease-time    14400;
  min-lease-time        14100;
  max-lease-time        14700;
}

(There are more host definitions scattered across the range
1 - 199 but for this example two are enough).

When an unknown client does a DHCPDISCOVER it properly gets an
address within the range 192.168.24.200 to 192.168.24.254.

When one of the two known client comes, it gets its fixed
address as stated above.

But now an unknown client does a DHCPREQUEST of, let's say,
192.168.24.55 (an address where no host definitions exists).
In this case the server remains silent and ignores the request
as it is also documented in dhcpd.conf(5). But I want to NAK
this address and force the client to do a DHCPDISCOVER (so
it gets one from the range 192.168.24.200 to 192.168.24.254
above in turn).

I added

pool {
  range 192.168.24.1 192.168.24.199;
  deny  unknown-clients;
}

which works w.r.t. to the DHCPREQUEST mentioned above but now
when host2 wants to renew its (static) address I get this in
the logfile:

Apr  2 16:51:18 <daemon.err> server dhcpd: Dynamic and static leases present for 192.168.24.23.
Apr  2 16:51:18 <daemon.err> server dhcpd: Remove host declaration host2.domain.org or remove 192.16
8.24.23
Apr  2 16:51:18 <daemon.err> server dhcpd: from the dynamic address pool for 192.168.24.0/24

since 192.168.24.23 lies within the (now existing) pool ranging
from 192.168.24.1 to 192.168.24.199.

Since I may not use "deny unknown-clients;" outside of pools
(as stated by dhcpd.conf(5)) how can I restrict the addresses
in the range from 192.168.24.1 to 192.168.24.199 which are not
taken by fixed-address statements from being ignored but instead
NAK ack'ed on a DHCPREQUEST of 192.168.24.55?

Thanks!