dhclient didn't wait for dhcpoffer
Chris Buxton
cbuxton at menandmice.com
Wed Jun 3 00:11:38 UTC 2009
On Jun 2, 2009, at 3:34 PM, rgreiner wrote:
> Jun 2 16:54:37 noc dhclient: Listening on LPF/eth1/00:0e:35:8c:b3:46
> Jun 2 16:54:37 noc dhclient: Sending on LPF/eth1/00:0e:35:8c:b3:46
> Jun 2 16:54:37 noc dhclient: Sending on Socket/fallback
> Jun 2 16:54:41 noc dhclient: DHCPDISCOVER on eth1 to 255.255.255.255
> port 67 interval 8
> Jun 2 16:54:41 noc dhclient: DHCPOFFER of 169.254.111.112 from
> 0.0.0.0
> Jun 2 16:54:41 noc dhclient: DHCPREQUEST of 169.254.111.112 on eth1
> to
> 255.255.255.255 port 67
> Jun 2 16:54:41 noc dhclient: DHCPNAK from 172.17.0.254
> Jun 2 16:54:41 noc dhclient: DHCPACK of 169.254.111.112 from 0.0.0.0
Your client was offered a lease of 169.254.111.112, sent from an
unspecified address (0.0.0.0). There is a seriously broken, rogue DHCP
server somewhere on your network.
Your client got the NAK from your normal DHCP server, because your
server is configured as "authoritative", but it also got an ACK from
the rogue DHCP server. It apparently ignored the NAK and went ahead
and used the offered lease. The whole exchange happened very quickly.
> Jun 2 16:57:02 noc dhclient: Listening on LPF/eth1/00:0e:35:8c:b3:46
> Jun 2 16:57:02 noc dhclient: Sending on LPF/eth1/00:0e:35:8c:b3:46
> Jun 2 16:57:02 noc dhclient: Sending on Socket/fallback
> Jun 2 16:57:06 noc dhclient: DHCPDISCOVER on eth1 to 255.255.255.255
> port 67 interval 5
> Jun 2 16:57:06 noc dhclient: DHCPOFFER of 172.16.143.255 from
> 172.17.0.254
> Jun 2 16:57:06 noc dhclient: DHCPREQUEST of 172.16.143.255 on eth1 to
> 255.255.255.255 port 67
> Jun 2 16:57:06 noc dhclient: DHCPACK of 172.16.143.255 from
> 172.17.0.254
Here there is no evidence of the rogue DHCP server.
Chris Buxton
Professional Services
Men & Mice
More information about the dhcp-users
mailing list