[Jeffrey Hutzelman]

--On Tuesday, February 12, 2008 11:56:31 AM -0600 Blake Hudson 
<blake at ispn.net> wrote:

> -------- Original Message  --------
> Subject:
> From: Peter Saksi <Peter at Saksi.se>
> To: dhcp-users at isc.org
> Date: Tuesday, February 12, 2008 11:22:32 AM
>> Hi All,
>>
>> Im trying to figure out how to deny MAC-addr to connect to the dhcp
>> server.
>>
>> The story,
>>
>> I have access to 2 dhcp server, one I have admin access but not the
>> other. When I run my IPTV reciver (box) on the net it will connect to
>> "my" dhcp server and use that ipaddr result will be no TV pic. It should
>> be connecting to the one I dont have admin access. How do I deny the
>> MAC-addr of the box not to connect to my server ?
>>
>> ultra_10:~# uname -a
>> Linux ultra_10 2.6.18-5-sparc64 #1 Sat Dec 22 03:07:31 UTC 2007 sparc64
>> GNU/Linux ultra_10:~# dhcpd3 -v Internet Systems Consortium DHCP Server
>> V3.0.4 Copyright 2004-2006 Internet Systems Consortium.
>> All rights reserved.
>> Peter
>> ---------EOF--------------------
>>
>>
>>
>>
> It sounds like you are connecting your DHCP to the net. If your ISP has
> not taken preventative steps this can cause a lot of problems for them. I
> would primarily suggest that you separate your internal network from your
> ISP's network via a SOHO/Linux/BSD router. If this is not possible, or
> practical, you should set your DHCP server to allocate addresses only to
> known hosts...
>
> In your subnet/pool stanza, define 'deny unknown-clients;'. Then,
> manually define each host that should be receiving an IP from your DHCP
> server. man dhcpd.conf for examples and specifics.

You should also say 'not authoritative;' in this situation.