What is the best way to move from using deny duplicates" to "allow duplicates" ?
Glenn Satchell
glenn.satchell at uniq.com.au
Thu Apr 3 06:18:58 UTC 2014
Hi Bjarne
I think "allow duplicates" won't do what you want.
In the dhcpd.conf manpage it says:
The duplicates keyword
allow duplicates;
deny duplicates;
Host declarations can match client messages based on the
DHCP Client Identifier option or based on the client's net-
work hardware type and MAC address. If the MAC address is
used, the host declaration will match any client with that
MAC address - even clients with different client identif-
iers. This doesn't normally happen, but is possible when
one computer has more than one operating system installed on
it - for example, Microsoft Windows and NetBSD or Linux.
So this is a generic description of what happens regardless of the setting
of allow/deny duplicates. It means that if a host matches the hardware
address in a host statement and you assign a fixed ip then it will always
get that fixed ip. But I assume you don't want to create 150,000 host
entries in your config.
The next part of the man page describes what allow/deny duplicates does.
The duplicates flag tells the DHCP server that if a request
is received from a client that matches the MAC address of a
host declaration, any other leases matching that MAC address
should be discarded by the server, even if the UID is not
the same. This is a violation of the DHCP protocol, but
can prevent clients whose client identifiers change regu-
larly from holding many leases at the same time. By
default, duplicates are allowed.
So with deny duplicates, when winpe boots dhcpd will release the lease
held by the earlier pxe client, but only if you use a host statement fo
rthat client. Otherwise the two requests (pxe and winpe) look like two
different clients and get two different leases.
Allow duplicates doesn't really help here, all it changes is to not
release the other leases for that MAC address if you use a host statement.
The latest version dhcp-4.3.0 has a new feature to ignore client-ids. This
may help, but you'd probably have to compile this version yourself for
RHEL5. This is from the RELNOTES:
- Add ignore-client-uids option in the server. This option causes
the server to not record a client's uid in its lease. This
violates the specification but may also be useful when a client
can dual boot using different client ids but the same mac address.
Thank you to Brian De Wolf at Cal Poly Pomona for the patch.
This would mean thatpxe, winpe and the final OS would all present the same
mac and no client-id, so they should be seen as the same client and get
the same IP address.
So the TL;DR; is that allow duplicates doesn't look like it will do what
you want, dhcp-4.3.0 might.
HTH.
regards,
-glenn
On Thu, April 3, 2014 4:55 pm, Bjarne Blichfeldt wrote:
> Hi All
>
> What will happen to the existing lease database when I move from deny
> duplicates to allow duplicates ?
> Will I have to clear the lease database before I restart dhcpd with "allow
> duplicates" set or will it just work ? And how is it going to influence
> the failover if I
> change one server at a time?
>
>
> More details :
>
> Two RHEL5 machines, isc-dhcpd-4.1-ESV-R3 in failover configuration, about
> 150.000 leases in file..
>
> We are seeing lot of issues with pxe clients, client id and so on.
>
> Scenario pxe boot/install a thick client :
> client pxe boots, gets an address with lease time 3600 (mctl)
> starts winpe which request an address, but with different clientid => new
> ip, lease time 3600
> winpe does not know how to renew its lease (known problem) and dies
> after 3600 seconds.
>
> Also we see a lot of double registrations in dns in a VDI environment.
>
>
> To make this work I would like to change to "allow duplicates", forcing
> the DHCP server to use the mac address, which does not change, as
> reference instead of client-id, which does change.
>
> I remember from many discussion on this list, that this would do the
> trick.
> Double checking the manual however, leaves me not so sure :
> "Host declarations can match client messages based on the DHCP Client
> Identifier option or based on the clients network hardware type and MAC
> address.
> If the MAC address is used, the host declaration will match any client
> with that MAC address - even clients with different client identifiers
> "
>
> Since "host" declarations is mentioned her, does that means it will only
> work for host declarations = fixed IP, or will "allow duplicate" actually
> work for ALL dhcp leases ?
>
>
>
>
> Thanks in advance for any input
> Bjarne Blichfeldt
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list