What is the best way to move from using “deny duplicates" to "allow duplicates" ?

Glenn Satchell glenn.satchell at uniq.com.au
Thu Apr 3 06:18:58 UTC 2014 

Hi Bjarne

I think "allow duplicates" won't do what you want.

In the dhcpd.conf manpage it says:

     The duplicates keyword

      allow duplicates;
      deny duplicates;

     Host declarations can match client  messages  based  on  the
     DHCP  Client Identifier option or based on the client's net-
     work hardware type and MAC address.   If the MAC address  is
     used,  the  host declaration will match any client with that
     MAC address - even clients with  different  client  identif-
     iers.    This  doesn't normally happen, but is possible when
     one computer has more than one operating system installed on
     it - for example, Microsoft Windows and NetBSD or Linux.

So this is a generic description of what happens regardless of the setting
of allow/deny duplicates. It means that if a host matches the hardware
address in a host statement and you assign a fixed ip then it will always
get that fixed ip. But I assume you don't want to create 150,000 host
entries in your config.

The next part of the man page describes what allow/deny duplicates does.

     The duplicates flag tells the DHCP server that if a  request
     is  received from a client that matches the MAC address of a
     host declaration, any other leases matching that MAC address
     should  be  discarded  by the server, even if the UID is not
     the same.   This is a violation of the  DHCP  protocol,  but
     can  prevent  clients  whose client identifiers change regu-
     larly from  holding  many  leases  at  the  same  time.   By
     default, duplicates are allowed.

So with deny duplicates, when winpe boots dhcpd will release the lease
held by the earlier pxe client, but only if you use a host statement fo
rthat client. Otherwise the two requests (pxe and winpe) look like two
different clients and get two different leases.

Allow duplicates doesn't really help here, all it changes is to not
release the other leases for that MAC address if you use a host statement.

The latest version dhcp-4.3.0 has a new feature to ignore client-ids. This
may help, but you'd probably have to compile this version yourself for
RHEL5. This is from the RELNOTES:

- Add ignore-client-uids option in the server.  This option causes
  the server to not record a client's uid in its lease.  This
  violates the specification but may also be useful when a client
  can dual boot using different client ids but the same mac address.
  Thank you to Brian De Wolf at Cal Poly Pomona for the patch.

This would mean thatpxe, winpe and the final OS would all present the same
mac and no client-id, so they should be seen as the same client and get
the same IP address.

So the TL;DR; is that allow duplicates doesn't look like it will do what
you want, dhcp-4.3.0 might.

HTH.

regards,
-glenn

On Thu, April 3, 2014 4:55 pm, Bjarne Blichfeldt wrote:
> Hi All
>
> What will happen to the existing lease database when I move from “deny
> duplicates” to “allow duplicates” ?
> Will I have to clear the lease database before I restart dhcpd with "allow
> duplicates" set or will it just work ? And how is it going to influence
> the failover if I
> change one server at a time?
>
>
> More details :
>
> Two RHEL5 machines, isc-dhcpd-4.1-ESV-R3 in failover configuration, about
> 150.000 leases in file..
>
> We are seeing  lot of issues with pxe clients, client id and so on.
>
> Scenario   – pxe boot/install a thick client :
> client pxe boots,  gets an address with lease time 3600 (mctl)
> starts winpe which request an address, but with different clientid => new
> ip, lease time 3600
>   winpe does not know how to renew its lease (known problem) and dies
> after 3600 seconds.
>
> Also we see a lot of double registrations in dns in a VDI environment.
>
>
> To make this work I would like to change to "allow duplicates", forcing
> the DHCP server to use the mac address, which does not change, as
> reference instead of client-id, which does change.
>
> I remember from many discussion on this list, that this would do the
> trick.
> Double checking the manual however, leaves me not so sure :
> "Host declarations can match client messages based on the DHCP Client
> Identifier option or based on the client’s network hardware type and MAC
> address.
>   If the MAC address is used, the host declaration will match any client
> with that MAC address - even clients with different client identifiers
> "
>
> Since "host" declarations is mentioned her, does that means it will only
> work for host declarations = fixed IP, or will "allow duplicate" actually
> work for ALL dhcp leases ?
>
>
>
>
> Thanks in advance for any input
> Bjarne Blichfeldt
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list