DISCOVERs from "unknown network segment" - suppress log messages?

Sten Carlsen stenc at s-carlsen.dk
Mon Nov 28 15:11:44 UTC 2022 

> On 28 Nov 2022, at 15.49, Neufeld, Keith <Keith.Neufeld at wichita.edu> wrote:
> 
>>> Just think given the above, 200 request packets/second relayed to every DHCP server on the network 8-O That’s some serious wastage of resource.
>>> As you say, simplest to just firewall the packets and ignore it.
>> 
>> Tried that today, unfortunately to no avail. macOS has pf installed, but obviously pf does not / cannot block DHCP packets or the other way round, dhcpd grabs the DISCOVERs before pf rules come into effect. So I’m back to field one…
>> 
>> Any other ideas?
> 
> I'd be inclined to make a dhcpd.conf-not-our-subnets containing subnet declarations with no pools for all the other subnets that show up in your logs and "include" it into your dhcpd.conf .
> 
> I've had mixed success with "ignore booting" over the years (some versions of the server it works, some it doesn't and I still get logs), but I'd definitely put it into each of the subnet declarations for wishful thinking.  I know you already tried it in an individual host declaration, but still worth trying in a subnet.

I would use this option and also look into the allow/deny section of the man. Also I would look at the authoritative statement to not send DHCPNAKs to everybody else (or maybe do it to underline the situation).

After this I would look at filtering the log files to remove all the irrelevant stuff before they are saved or looked at.

> 
> Lacking an "ignore unknown subnets" configuration mechanism, it seems like this might work and be next best.
> 
> -- 
> Keith Neufeld
> Director of Networking and Telecommunications
> Wichita State University
> 
> -- 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20221128/065c825c/attachment.htm>

More information about the dhcp-users mailing list