How to make dhcpd send NAKs instead of silently ignoring DHCPREQUESTS?

Simon Hobson dhcp1 at thehobsons.co.uk
Mon Apr 2 17:47:16 UTC 2012 

Andre Albsmeier wrote:

>But now an unknown client does a DHCPREQUEST of, let's say,
>192.168.24.55 (an address where no host definitions exists).
>In this case the server remains silent and ignores the request
>as it is also documented in dhcpd.conf(5). But I want to NAK
>this address and force the client to do a DHCPDISCOVER (so
>it gets one from the range 192.168.24.200 to 192.168.24.254
>above in turn).
>
>I added
>
>pool {
>   range 192.168.24.1 192.168.24.199;
>   deny  unknown-clients;
>}
>
>which works w.r.t. to the DHCPREQUEST mentioned above but now
>when host2 wants to renew its (static) address I get this in
>the logfile:
>
>Apr  2 16:51:18 <daemon.err> server dhcpd: Dynamic and static leases 
>present for 192.168.24.23.
>Apr  2 16:51:18 <daemon.err> server dhcpd: Remove host declaration 
>host2.domain.org or remove 192.16
>8.24.23
>Apr  2 16:51:18 <daemon.err> server dhcpd: from the dynamic address 
>pool for 192.168.24.0/24
>
>since 192.168.24.23 lies within the (now existing) pool ranging
>from 192.168.24.1 to 192.168.24.199.

Firstly, is it a problem ? The client will either give up and revert 
to doing Discovers, or it will fail to connect to the network. As 
long as it doesn't try and use an address it's not been leased, then 
that isn't your problem as the administrator of the DHCP server. 
Unless the client is broken, it will only take a few extra seconds to 
get a network address - once it's realised it isn't getting an answer 
to it's requests.
If it fails to revert to Discovers then it's broken and not your 
responsibility as the DHCP admin. If you are responsible for the 
client then take it up with the vendor.

As to the rest, well you cannot include an address used in a 
fixed-address statement in any pool. The error message you quote was 
added in response to the numerous threads from people who expected 
the same operation as a Windows server and then complained that their 
"static assignments" were being leased out to other clients. There 
isn't a way to force NACKs of such addresses without triggering this 
error message - though I suppose you could comment that bit out in 
the code and recompile.


There is potentially another way to do things.
The ISC server now supports reserved leases - these are "normal" 
leases but even if expired will never be re-allocated to other 
clients. If you create reserved leases for your fixed address clients 
instead of using host statements then the addresses cannot be given 
to anything else and will result in a NACK in the circumstances you 
describe. You can either just extend your main range, or add small 
ranges to just include the addresses in question.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

More information about the dhcp-users mailing list