Dhcp with known and unknown hosts

From Exterior Memory
Jump to: navigation, search

The ISC DHCP server is fairly flexible, and can return static IP addresses for known hosts, while returning other IP addresses for unknown hosts.

Man page example

The dhcpd.conf man page gives the following example to distinguish between known and unknown hosts:

subnet 192.0.2.0 netmask 255.255.255.0 {
  option routers 192.0.2.1;

  # Unknown clients get this pool.
  pool {
    option domain-name-servers bogus.example.com;
    max-lease-time 300;
    range 192.0.2.200 192.0.2.253;
    allow unknown-clients;
  }

  # Known clients get this pool.
  pool {
    option domain-name-servers ns1.example.com, ns2.example.com;
    max-lease-time 28800;
    range 192.0.2.5 192.0.2.199;
    deny unknown-clients;
  }
}

host myhost1 { hardware ethernet 01:23:45:00:00:01; }
host myhost2 { hardware ethernet 01:23:45:00:00:02; }
host myhost3 { hardware ethernet 01:23:45:00:00:03; }

In this case, known host get an IP address in the range 192.0.2.5-192.0.2.199, but which IP is unspecified.

To specify a specific IP address for each host, it should be specified in the host declaration:

host myhost1 { hardware ethernet 01:23:45:00:00:01; fixed-address 192.0.2.5; }
host myhost2 { hardware ethernet 01:23:45:00:00:02; fixed-address 192.0.2.6; }
host myhost3 { hardware ethernet 01:23:45:00:00:03; fixed-address 192.0.2.7; }

Unfortunately, there are two problems with the resulting configuration:

  • pool definitions are not supported for IPv6
  • You may see an error like this:
Dynamic and static leases present for 192.0.2.5.
Remove host declaration myhost or remove 192.0.2.5
from the dynamic address pool for 192.0.2.0/24

The cause for the later error is that dhcpd gets confused if it would encounter a known host without fixed address, like so:

host myhost1 { hardware ethernet 01:23:45:00:00:01; fixed-address 192.0.2.5; }
host myhost2 { hardware ethernet 01:23:45:00:00:02; fixed-address 192.0.2.6; }
host myhost3 { hardware ethernet 01:23:45:00:00:03; }

In this case, it should assign an IP address from the range 192.0.2.5-192.0.2.199, but that might conflict with the other hosts if it picks 192.0.2.5 or 192.0.2.6. The warning tells you about this potential conflict and suggests you to avoid it by changing the configuration file. If you use fixed-addresses for all known hosts, you can safely ignore this warning.

IPv4 Example

Here is an example file that distinguishes between known and unknown clients, but does not use pools.

# Unknown clients uses the 192.0.2.200-192.0.2.253 range.
subnet 192.0.2.0 netmask 255.255.255.0 {
  option routers 192.0.2.1;
  option domain-name-servers bogus.example.com;
  max-lease-time 300;
  range 192.0.2.200 192.0.2.253;
  allow unknown-clients;
}

# Known clients uses specific IP addresses in the 192.0.2.5-192.0.2.199
group {
  option domain-name-servers ns1.example.com, ns2.example.com;
  max-lease-time 28800;
  host myhost1 { hardware ethernet 01:23:45:00:00:01; fixed-address 192.0.2.5; }
  host myhost2 { hardware ethernet 01:23:45:00:00:02; fixed-address 192.0.2.6; }
  host myhost3 { hardware ethernet 01:23:45:00:00:03; fixed-address 192.0.2.7; }
}