Server handing out different addresses every time??

Marc Perea marccp at srttel.com
Fri Jun 17 14:39:44 UTC 2011 

Hi Pat,
We're also a DSL ISP, but we do things a bit differently it seems. My comments may or may not help with your problem at hand, but I hope it at least spurs some thought.
 
Rather than messing with iptables, you could just set ping-check off; in the global config. Do you prefer having ICMP available? It's a great troubleshooting tool, but it's also a DOS vector, so we (for the most part) keep ICMP disabled for our customers.
 
I agree with Simon - if the router is performing a DISCOVER and not a REQUEST while it still has a valid lease, but has lost L1 temporarily, it is behaving poorly.
 
As a fellow ISP, I have heard that there's a bill in the legislature that is going to require us (ISPs) to retain 18 months of circuit identifying records in order to aid law enforcement since they usually take quite a while to get proper subpoenas. I only bring this up because it sounds like you have a fair amount of churn on IPs, and you _could_ consider doing something different, as we have. Rather than keeping logs and databases of who had what when and which circuit that points to, and on that day who was paying for that circuit, etc., we decided that the IP for a circuit should be static - still dynamically assigned by the DHCP process, but unchanging. This saves us a lot of headache from the law enforcement perspective. Just food for thought.
 
I can't speak to whether or not the ping-check should take into account the MAC that had/still has the lease - that seems to be entirely logical, but I don't know what the actual implementation does. The documentation implies that what you are seeing - any response = in use, regardless of MAC - is accurate to the intended working of the directive.
 
>With ping blocked, those ones won't answer and the
>server hands out the address multiple times...causing duplicates.
>Not a good thing.
Agreed, this is not a good thing, but it also shouldn't be happening, I think! Are you truncating your leases file or running multiple dhcp servers that aren't aware of each other? How does a client router have an IP and think it has a valid lease that the server isn't aware of? Fixing this scenario might be the fix you are looking for.
 
--Marc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20110617/84eb6637/attachment.html>

More information about the dhcp-users mailing list