RE: What is the best way to move from using “deny duplicates" to "allow duplicates" ?

Bjarne Blichfeldt BJB at jndata.dk
Thu Apr 3 07:24:52 UTC 2014 

Hi Glenn

Thank you very much for the detailed answer, much appreciated.

yes, I was afraid that allow/deny duplicates was not the answer.
We will look into the effort of going for dhcp-4.3.0, that sounds like it would work.


Regards,
Bjarne Blichfeldt 


> -----Original Message-----
> From: dhcp-users-bounces+bjb=jndata.dk at lists.isc.org [mailto:dhcp-users-
> bounces+bjb=jndata.dk at lists.isc.org] On Behalf Of Glenn Satchell
> Sent: 3. april 2014 08:25
> To: Users of ISC DHCP
> Subject: Re: What is the best way to move from using “deny duplicates" to "allow
> duplicates" ?
> 
> And to answer your specific original question, adding allow duplicates
> should just work, no need to wipe out the lease file first.
> 
> In fact there are very few times when deleting the lease file should be
> necessary - generally it is a bad thing to do as the clients still have
> state about their own lease, but the server does not and could offer
> leases already in use, if for example the client did not respond to a
> ping.
> 
> Once it's done on one server means that server won't delete any duplicate
> leases, but it will respond to request from the other server to do so.
> When the second server is done, neither will try to delete any duplicate
> leases.
> 
> regards,
> -glenn
> 
> On Thu, April 3, 2014 5:18 pm, Glenn Satchell wrote:
> > Hi Bjarne
> >
> > I think "allow duplicates" won't do what you want.
> >
> > In the dhcpd.conf manpage it says:
> >
> >      The duplicates keyword
> >
> >       allow duplicates;
> >       deny duplicates;
> >
> >      Host declarations can match client  messages  based  on  the
> >      DHCP  Client Identifier option or based on the client's net-
> >      work hardware type and MAC address.   If the MAC address  is
> >      used,  the  host declaration will match any client with that
> >      MAC address - even clients with  different  client  identif-
> >      iers.    This  doesn't normally happen, but is possible when
> >      one computer has more than one operating system installed on
> >      it - for example, Microsoft Windows and NetBSD or Linux.
> >
> > So this is a generic description of what happens regardless of the setting
> > of allow/deny duplicates. It means that if a host matches the hardware
> > address in a host statement and you assign a fixed ip then it will always
> > get that fixed ip. But I assume you don't want to create 150,000 host
> > entries in your config.
> >
> > The next part of the man page describes what allow/deny duplicates does.
> >
> >      The duplicates flag tells the DHCP server that if a  request
> >      is  received from a client that matches the MAC address of a
> >      host declaration, any other leases matching that MAC address
> >      should  be  discarded  by the server, even if the UID is not
> >      the same.   This is a violation of the  DHCP  protocol,  but
> >      can  prevent  clients  whose client identifiers change regu-
> >      larly from  holding  many  leases  at  the  same  time.   By
> >      default, duplicates are allowed.
> >
> > So with deny duplicates, when winpe boots dhcpd will release the lease
> > held by the earlier pxe client, but only if you use a host statement fo
> > rthat client. Otherwise the two requests (pxe and winpe) look like two
> > different clients and get two different leases.
> >
> > Allow duplicates doesn't really help here, all it changes is to not
> > release the other leases for that MAC address if you use a host statement.
> >
> > The latest version dhcp-4.3.0 has a new feature to ignore client-ids. This
> > may help, but you'd probably have to compile this version yourself for
> > RHEL5. This is from the RELNOTES:
> >
> > - Add ignore-client-uids option in the server.  This option causes
> >   the server to not record a client's uid in its lease.  This
> >   violates the specification but may also be useful when a client
> >   can dual boot using different client ids but the same mac address.
> >   Thank you to Brian De Wolf at Cal Poly Pomona for the patch.
> >
> > This would mean thatpxe, winpe and the final OS would all present the same
> > mac and no client-id, so they should be seen as the same client and get
> > the same IP address.
> >
> > So the TL;DR; is that allow duplicates doesn't look like it will do what
> > you want, dhcp-4.3.0 might.
> >
> > HTH.
> >
> > regards,
> > -glenn
> >
> > On Thu, April 3, 2014 4:55 pm, Bjarne Blichfeldt wrote:
> >> Hi All
> >>
> >> What will happen to the existing lease database when I move from “deny
> >> duplicates” to “allow duplicates” ?
> >> Will I have to clear the lease database before I restart dhcpd with
> >> "allow
> >> duplicates" set or will it just work ? And how is it going to influence
> >> the failover if I
> >> change one server at a time?
> >>
> >>
> >> More details :
> >>
> >> Two RHEL5 machines, isc-dhcpd-4.1-ESV-R3 in failover configuration,
> >> about
> >> 150.000 leases in file..
> >>
> >> We are seeing  lot of issues with pxe clients, client id and so on.
> >>
> >> Scenario   – pxe boot/install a thick client :
> >> client pxe boots,  gets an address with lease time 3600 (mctl)
> >> starts winpe which request an address, but with different clientid =>
> >> new
> >> ip, lease time 3600
> >>   winpe does not know how to renew its lease (known problem) and dies
> >> after 3600 seconds.
> >>
> >> Also we see a lot of double registrations in dns in a VDI environment.
> >>
> >>
> >> To make this work I would like to change to "allow duplicates", forcing
> >> the DHCP server to use the mac address, which does not change, as
> >> reference instead of client-id, which does change.
> >>
> >> I remember from many discussion on this list, that this would do the
> >> trick.
> >> Double checking the manual however, leaves me not so sure :
> >> "Host declarations can match client messages based on the DHCP Client
> >> Identifier option or based on the client’s network hardware type and MAC
> >> address.
> >>   If the MAC address is used, the host declaration will match any client
> >> with that MAC address - even clients with different client identifiers
> >> "
> >>
> >> Since "host" declarations is mentioned her, does that means it will only
> >> work for host declarations = fixed IP, or will "allow duplicate"
> >> actually
> >> work for ALL dhcp leases ?
> >>
> >>
> >>
> >>
> >> Thanks in advance for any input
> >> Bjarne Blichfeldt
> >>
> >> _______________________________________________
> >> dhcp-users mailing list
> >> dhcp-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/dhcp-users
> >
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >
> >
> 
> 
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list