How to make dhcpd send NAKs instead of silently ignoring DHCPREQUESTS?
Andre Albsmeier
Andre.Albsmeier at siemens.com
Mon Apr 2 16:10:09 UTC 2012
Using isc-dhcpd (now 4.2.3-P2) for years, I am now stuck with a
problem I can't fix. First the relevant parts of dhcp.conf:
authoritative;
ddns-update-style none;
default-lease-time 300;
max-lease-time 600;
min-lease-time 0;
use-host-decl-names on;
deny duplicates;
one-lease-per-client on;
<some options>
subnet 192.168.24.0 netmask 255.255.255.0 {
range 192.168.24.200 192.168.24.254;
option broadcast-address 192.168.24.255;
<some options>
}
host host1.domain.org {
hardware ethernet 0:90:27:35:66:a2;
fixed-address 192.168.24.11;
default-lease-time 14400;
min-lease-time 14100;
max-lease-time 14700;
}
host host2.domain.org {
hardware ethernet 0:18:f3:87:86:60;
fixed-address 192.168.24.23;
default-lease-time 14400;
min-lease-time 14100;
max-lease-time 14700;
}
(There are more host definitions scattered across the range
1 - 199 but for this example two are enough).
When an unknown client does a DHCPDISCOVER it properly gets an
address within the range 192.168.24.200 to 192.168.24.254.
When one of the two known client comes, it gets its fixed
address as stated above.
But now an unknown client does a DHCPREQUEST of, let's say,
192.168.24.55 (an address where no host definitions exists).
In this case the server remains silent and ignores the request
as it is also documented in dhcpd.conf(5). But I want to NAK
this address and force the client to do a DHCPDISCOVER (so
it gets one from the range 192.168.24.200 to 192.168.24.254
above in turn).
I added
pool {
range 192.168.24.1 192.168.24.199;
deny unknown-clients;
}
which works w.r.t. to the DHCPREQUEST mentioned above but now
when host2 wants to renew its (static) address I get this in
the logfile:
Apr 2 16:51:18 <daemon.err> server dhcpd: Dynamic and static leases present for 192.168.24.23.
Apr 2 16:51:18 <daemon.err> server dhcpd: Remove host declaration host2.domain.org or remove 192.16
8.24.23
Apr 2 16:51:18 <daemon.err> server dhcpd: from the dynamic address pool for 192.168.24.0/24
since 192.168.24.23 lies within the (now existing) pool ranging
from 192.168.24.1 to 192.168.24.199.
Since I may not use "deny unknown-clients;" outside of pools
(as stated by dhcpd.conf(5)) how can I restrict the addresses
in the range from 192.168.24.1 to 192.168.24.199 which are not
taken by fixed-address statements from being ignored but instead
NAK ack'ed on a DHCPREQUEST of 192.168.24.55?
Thanks!
More information about the dhcp-users
mailing list