suggestion to improve dhcpd behavior regarding default setting of max-lease-time statement
gknispel at proformatique.com
gknispel at proformatique.com
Thu Apr 24 17:21:57 UTC 2008
>> IMHO a change in the manpage is welcome but we should not change the
>> code
>> behavior, which is not a good pratice unless really necessary (imagine
>> the
>> huge user base having to adopt to new rules, it's wiser to teach new
>> admins
>> on how it works).
>
> Many administrators are not aware of how dhcpd currently works regarding
> the default 'max-lease-time' setting of 86400 seconds, because it was
> never documented, and I think that even when we document it properly, many
> administrators may not really appreciate that they suddenly must configure
> a 'max-lease-time' in case they configure a 'default-lease-time' greater
> than 86400 seconds.
Maybe dhcpd should emit a warning when default-lease-time > max-lease-time ?
I think a behavioral change is more risky than just adding the description
of the current behavior in the documentation and letting the admin know
about potential problems. Also don't changing the behavior can't break
installations more than they already are, and forcing admins to add a
max-lease-time param doesn't seem to be a too heavy burden.
> Nevertheless, my suggestion for dhcpd will not make any difference to
> configuration of administrators, who were already aware of this behavior
> and configured a 'max-lease-time' equal to or greater than the
> 'default-lease-time'. My suggestion is not to set the 'max-lease-time' in
> case it is configured, but to change the default value of 'max-lease-time'
> in case it is not configured, so that we can avoid a 'hidden'
> configuration conflict. With 'hidden' I mean that de current hardcoded
> default setting for 'max-lease-time' of 86400 seconds is not shown
> anywhere.
>
> Thank you and kind regards,
>
> Fons
>>>> "Eduardo Fleury" <efleury at gmail.com> 4/24/2008 5:31 PM >>>
> Hi Fons,
> Yes, I understand that. But that's because actually there isn't such thing
> as 'max-lease-time' not being configured at all. It must have some value,
> and it defaults to 86400 in case the admin omits that info.
> But you're right, I think that should be documented as well. Like, two
> additions to dhcpd.conf(5):
>
> 1) In 'max-lease-time' description, let users know it will assume the
> default value of 86400 in case it's omited.
> 2) In 'default-lease-time' description, let users know 'max-lease-time'
> has
> priority over this setting.
>
> Best regards,
> Eduardo
>
> On Thu, Apr 24, 2008 at 12:22 PM, Fons de Jongh <fdjongh at novell.com>
> wrote:
>
>> Hi Eduardo
>>
>> Thank you for your response.
>> Please note that it is not just a matter of having configured a
>> 'default-lease-time' greater than the 'max-lease-time'. I agree that an
>> administrator should understand that in such case the 'max-lease-time'
>> overrules the 'default-lease-time'. No extra documentation necessary for
>> that case.
>>
>> However, the problem is that if an administrator only configures a
>> 'default-lease-time' (so no 'max-lease-time' is configured at all), and
>> he
>> sets the 'default-lease-time' to a value greater than 86400 seconds,
>> dhcpd
>> only returns 86400 seconds with option 51.
>>
>> Thank you and kind regards,
>>
>> Fons
>>
>>
>> >>> "Eduardo Fleury" <efleury at gmail.com> 4/24/2008 5:13 PM >>>
>> Hi,
>> I understand that setting a default-lease-time higher than the
>> max-lease-time is a configuration error, one should not do that.
>>
>> I do agree however that a sysadmin who isn't very familiar with dhcp may
>> be
>> induced to make this error due to lack of information in the man-page,
>> thus
>> I suggest a note is added to the default-lease-time explanation in
>> dhcpd.conf(5).
>>
>> Actually default-lease-time is just a hint for dhcpd in case the client
>> didn't provide a desired expiration time, whereas max-lease-time has a
>> larger scope which is to enforce expiration times remain between well
>> defined boundaries.
>>
>> default lease > max lease is supposed to have the same behavior of a
>> client
>> asking for a lease > max lease, thus the situation you explained is
>> expected.
>>
>> IMHO a change in the manpage is welcome but we should not change the
>> code
>> behavior, which is not a good pratice unless really necessary (imagine
>> the
>> huge user base having to adopt to new rules, it's wiser to teach new
>> admins
>> on how it works).
>>
>> Best regards,
>> --
>> Eduardo M. Fleury
>> Researcher at INdT - Instituto Nokia de Tecnologia
>> http://eduardofleury.com
>>
>> On Thu, Apr 24, 2008 at 11:45 AM, Fons de Jongh <fdjongh at novell.com>
>> wrote:
>>
>> > Dear DHCP Hackers,
>> >
>> > My name is Fons de Jongh and I work at Novell as a technical support
>> > engineer. I understood from S Kalyanasundaram, who is a developer at
>> Novell,
>> > that you can verify my suggestion for dhcpd, and may-be approve it in
>> case
>> > it makes sense.
>> >
>> > Okay, here I start...
>> >
>> > I have installed dhcp-server-3.0.3-23.38 on SuSE Linux Enterprise
>> Server
>> > 10.
>> >
>> > One can configure a 'default-lease-time' and a 'max-lease-time'
>> statement
>> > with the 'global parameters' of a DHCP server or with any declaration.
>> As
>> > desired, dhcpd will use the configured statements of a declaration
>> that
>> is
>> > most specific to the IP address to be offered/allocated (yiaddr) for
>> the
>> > setting of the IP Address Lease Time option (option 51) in DHCPOFFER
>> and
>> > DHCPACK reply messages.
>> >
>> > Apparently the default value of 'max-lease-time' is 86400 seconds (1
>> day).
>> > However, this is not mentioned with the description of the
>> 'max-lease-time'
>> > statement in the manual page of dhcpd.conf. So dhcpd administrators
>> cannot
>> > be aware of this hardcoded limit.
>> >
>> > The consequential behavior of dhcpd is that if one does not configure
>> a
>> > 'max-lease-time' statement, but only a 'default-lease-time' statement
>> with a
>> > value greater than 86400 seconds, dhcpd will return an IP Address
>> Lease
>> Time
>> > of 86400 seconds with option 51 in DHCPOFFER and DHCPACK messages,
>> > regardless to the higher setting of the 'default-lease-time'
>> statement.
>> >
>> > Hence, if one configures a 'default-lease-time' statement with a value
>> > greater than 86400 seconds, one must also configure a 'max-lease-time'
>> > statement with the same value as 'default-lease-time' or higher, in
>> order
>> to
>> > make dhcpd return the desired configuration of 'default-lease-time'
>> with
>> > option 51 in DHCPOFFER and DHCPACK messages. This condition is not
>> described
>> > in the manual page of dhcpd.conf, so dhcpd administrators do not know
>> they
>> > should set a 'max-lease-time' greater than or equal to the
>> > 'default-lease-time' if they configure a 'default-lease-time' greater
>> than
>> > 86400 seconds.
>> >
>> > My suggestion is to change the default setting of 'max-lease-time' to
>> a
>> > variable value instead of the current hardcoded constant 86400. I
>> suggest
>> to
>> > make the default value of 'max-lease-time' equal to the value of
>> > 'default-lease-time', so that if one configures the
>> 'default-lease-time'
>> > only, the 'max-lease-time' will never limit the 'default-lease-time'.
>> >
>> > An alternate suggestion to handle the same configuration conflict is
>> to
>> > make the default setting of 'max-lease-time' 0xFFFFFFFF (infinite),
>> but
>> that
>> > may result into undesired behavior when clients request for an
>> infinite
>> > lease time per DHCP option 51 in a DHCPREQUEST message.
>> >
>> > Please let me know if you agree with my suggestion to make the default
>> > value of 'max-lease-time' equal to the value of 'default-lease-time'
>> or
>> if
>> > you have comments or questions.
>> >
>> > Thank you and kind regards,
>> >
>> > Fons de Jongh
>> > Novell Technical Services
>> >
>> >
>>
>>
>>
>>
>>
>>
>
>
> --
> Eduardo M. Fleury
> http://eduardofleury.com
>
>
>
>
>
>
More information about the dhcp-hackers
mailing list