DHCP Pool Public and Private Range

Tue May 22 16:20:26 UTC 2007

Reedhat Leenux wrote:

>My server has a pool of PUBLIC and PRIVATE IP's and I noticed that Private
>IP range are given first before the Public range.
>
>Below is my setup.
>
>-------------------------
>ddns-update-style none;
>authoritative;
>use-host-decl-names on;
>
>subnet 20x.xxx.xxx.0 netmask 255.255.255.0 {
>     range 20x.xxx.xxx.10 20x.xxx.xxx.254;
>     option subnet-mask 255.255.255.0;
>     option domain-name-servers x.x.x.x;
>     option routers x.x.x.y;
>     option broadcast-address 255.255.255.192;
>     }
>
>subnet 192.168.10.0 netmask 255.255.255.0 {
>     range 192.168.10.10 192.168.10.254;
>     option subnet-mask 255.255.255.0;
>     option domain-name-servers x.x.x.x;
>     option routers x.x.x.y;
>     }
>-------------------------
>
>Am using 'DHCP Server V3.1.0a1'. How can I set this up so that Public IP's
>will be first given before the Private ones.

Short answer: You can't

Less terse answer: As defined, all addresses in that configuration 
are considered equal and the order of allocation is not defined - 
though in practice there is an implementation specific order (highest 
unused address first) which may change without warning in a future 
version. As far as the server is concerned, a 192.168.10.x address is 
no better and no worse to a client than a 20.xxx.xxx.x address.

Full answer: What do you want to happen ?

If you want certain clients to get a private address, while others 
get a public address, then you will need to identify which clients 
get what - the server doesn't have the ESP module written yet ;-) 
There are several ways to do this - one method is to use host 
declarations together with "allow known clients" and deny known 
clients", another is to use classes (see man dhcpd.conf).

If you want a situation where clients get a public address unless 
there are NO free address in which case they will get a private 
address, then this isn't doable at all*. The server will always give 
out an available address which has never been used in favour of 
reusing an expired lease. So even if you persuaded it to use the 
public addresses first, with some client churn you would get to a 
situation where the private addresses were used even though there 
were expired leases in the public range.

* Actually, I think I recall a suggestion that you run a script every 
<so often> that will lease all the addresses in the private range for 
a short time. That way, when another client comes to get a new lease, 
expired leases in the public range would be 'less recently used' and 
get reallocated.