Antw: Re: static entries vs leases

Thomas Zenz Thomas.Zenz at oenb.at
Tue Jul 25 10:01:44 UTC 2006


Hey Glenn,

We were running version 3.0.3r4 befor upgrading. We did the Upgrade
because of Problems with failover and with Clients booting PXE changing
to Linux or Windows. The udhcpd from Linux always gets a new Address, so
the scope was running out of addresses quick.

The two entries are correct. We have two Buildings. In each building,
there is a scope for the Printers. 10.110.0.0/16 and 10.210.0.0/16. The
Printer can now be connected in building 1 or 2 an I don't have to
change anything.

I'll send you some Parts of our config now:

######################################################################################################################################
    dhcpd.conf:
##############

failover peer "BackUP"                  # Name is used for Pools where
Failover is implimentet
{
        primary;
        address 10.15.21.36;          # listen on Interface Address
        port 519;                       # listen on Port
        peer address 10.15.21.35;     # communicate to Address
        peer port 520;                  # communicate to Port
        max-response-delay 60;
        max-unacked-updates 10;
        mclt 1209600;
        split 128;                      # only on primary (only useful
value...)
        load balance max seconds 1;
}


include "/etc/dhcpd.master";               #here is the rest of the
config
include "/etc/dhcpd.static";               #here you finde the manual
static leases
include "/etc/dhcpd.static.vmps";          #here you finde the
generated static leases
include "/etc/dhcpd.zones";                #here you finde the zone
declarations for dynamic Updates
include "/etc/dhcpd.scopes";               #here you finde the scopes
declarations

######################################################################################################################################
  dhcpd.master
##############

option bpbatch code 135 = text;                   #PXE V1.0
option bpbatch-script code 155 = text;            #PXE V2.0
option ProxyAutodiscoveryOption code 252 = text;  #Proxy
option Novell-TreeStandard code 86 = text;        #Novell
option Novell-Agent code 78 = { boolean, array of ip-address }; 
#Novell
option Novell-Scope-Name code 79 = { boolean, text };          #Novell
option time-offset code 2 = signed integer 32;
option time-server code 4 = array of ip-address;
option ldap-server code 95 = text;
option HPLjConfigFile code 144 = text;

#option PXEscriptName code 133 = text;
#option tftp-server-name code 66 = text;
#for testing as global option
#next-server tftpserver.ad.oenb.co.at;                  #tftp server
location
#server-identifier 10.211.223.100;

#############################################################################
# WINS
# 1 = b-node (broadcasts)
# 2 = p-node (point-to- point name queries to a WINS server),
# 4 = m-node (broadcast then query name server)
# 8 = h-node (query name server, then broadcast)
option netbios-node-type 8;
option netbios-name-servers 10.21.223.100, 10.21.223.101;
#############################################################################

#############################################################################
#                             Optionen fuer Cisco Callmanager
#############################################################################


option TFTP-Server-for-CallManager code 150 = array of ip-address; 
#Cisco
option TFTP-Server-for-CallManager 10.39.13.40;


#############################################################################
#                             Ende CallManager
#############################################################################

#############################################################################
#                            LDAP Server
#############################################################################

#option ldap-server "ldap://ldap/o=myorg,o=baseorg";

#############################################################################
#                             Ende LDAP Server
#############################################################################
#############################################################################
#                             Optionen fuer w2k Clients
#############################################################################
option space MSFT;
option MSFT.release-on-shutdown code 2 = unsigned integer 32;
# Microsoft server sends a 32-bit integer!!!!!!
# option MSFT.release-on-shutdown code 2 = unsigned integer 8;

class "win2k-clients" {
    match if option vendor-class-identifier = "MSFT 5.0";
    vendor-option-space MSFT;
 #   option MSFT.release-on-shutdown 1;
#geht nicht    allow-client-updates false;
}

#############################################################################
#                             ende w2k clients
#############################################################################
#############################################################################
#                             DDNS Delete Old entries
#############################################################################

on commit
{
        #########################################
        # Test Print into Log
        #########################################
        set TestVCI = pick ( option vendor-class-identifier , 0);
        set TestClientID = pick ( option dhcp-client-identifier , 0);
        set TestMAC = substring (binary-to-ascii (16, 8, ":",
hardware), 0, 50);
        log (info, concat ("VendorID: ",TestVCI));
        log (info, concat ("ClientID: ",TestClientID));
        log (info, concat ("MAC: ",TestMAC));

       
#############################################################################
        #                                 Log Switch Infos
       
#############################################################################
        if exists agent.circuit-id {
                log ( info, concat("Switch Port No is ", substring
(binary-to-ascii (10,8, ":", option agent.circuit-id), 2, 8)));
                log ( info, concat("Switch MAC Address is ", substring
(binary-to-ascii (10,8, ":", option agent.remote-id), 0, 50)));
                log ( info, concat("Client MAC Address is ", substring
(binary-to-ascii (16, 8, ":", hardware), 0, 50)));
        }
       
##############################################################################

  if (((config-option server.ddns-updates = null) or
       (config-option server.ddns-updates != 0)) )
  {

        set ddns-fwd-name = concat (pick (config-option
server.ddns-hostname,
                                          option host-name), ".",
                                    pick (config-option
server.ddns-domainname,
                                          config-option domain-name));
        set old-addr = pick ( option dhcp-requested-address , 0);
        log (info, concat ("===== reqaddr = ", binary-to-ascii
(10,8,".", old-addr)));
        if defined (ddns-fwd-name)
        {
                if (substring (option dhcp-client-identifier,1,3) =
"RAS")
                {
                        log (info, concat ("===== ", substring(option
dhcp-client-identifier,1,3)));
                }
                #else
                elsif ((pick ( option dhcp-requested-address , 0)) !=
0)
                #if ((substring (option dhcp-client-identifier,1,3) !=
"RAS") and (old-addr != 0))
                {
                        log (info, "Will delete old address FWD");
                        switch (ns-update ( delete(IN, A,
ddns-fwd-name, null)))
                        {
                                default:
                                        break;
                        }
                        set old-rev-addr = concat (binary-to-ascii (10,
8, ".", reverse (1, old-addr)), ".",
                                                        pick
(config-option server.ddns-rev-domainname, "in-addr.arpa."));
                        log (info, "Will delete old address REV");
                        switch (ns-update ( delete(IN, PTR,
old-rev-addr, null)))
                        {
                                default:
                                        break;
                        }
                        unset old-rev-addr;
                }
                unset old-addr;
                log (info, concat("Update FWD to ", ddns-fwd-name));
                switch (ns-update (not exists (IN, A, ddns-fwd-name,
null),
                                add (IN, A, ddns-fwd-name,
leased-address, lease-time / 2)))
                {
                        case YXDOMAIN:
                        case YXRRSET:
                                break;
                        default:
                                unset ddns-fwd-name;
                                break;

                        case NOERROR:
                                set ddns-rev-name = concat
(binary-to-ascii (10, 8, ".", reverse (1, leased-address)), ".",
                                        pick (config-option
server.ddns-rev-domainname, "in-addr.arpa."));
                                log (info, concat("Update REV to ",
ddns-rev-name ));
                                switch (ns-update (delete (IN, PTR,
ddns-rev-name, null),
                                        add (IN, PTR, ddns-rev-name,
ddns-fwd-name, lease-time / 2)))
                                {
                                        default:
                                                unset ddns-rev-name;
                                                on release or expiry
                                                {
                                                        log (info,
"released or expired ... deleting FWD enty");
                                                        switch
(ns-update (exists(IN, A, ddns-fwd-name, null),
                                                        delete (IN, A,
ddns-fwd-name, leased-address)))
                                                        {
                                                                case
NOERROR:
                                                                unset
ddns-fwd-name;
                                                                break;
                                                        }
                                                        on release or
expiry;
                                                 }
                                                 break;

                                        case NOERROR:
                                                on release or expiry
                                                {
                                                        log (info,
"Lease expired or released");
                                                        switch
(ns-update (delete (IN, PTR, ddns-rev-name, null)))
                                                        {
                                                                case
NOERROR:
                                                                unset
ddns-rev-name;
                                                                break;
                                                        }
                                                        switch
(ns-update (exists(IN, A, ddns-fwd-name, null),
                                                                delete
(IN, A, ddns-fwd-name, leased-address)))
                                                        {
                                                                case
NOERROR:
                                                                       
unset ddns-fwd-name;
                                                                       
break;
                                                        }
                                                        on release or
expiry;
                                                }
                                }
                        }
                }
        }
}

############################End DDNS Delete Old
entries######################

#############################################################################
#                                SERVER OPTIONS
#############################################################################

ddns-update-style interim;              # how to update the DNS
#ddns-update-style ad-hoc;              # not supporter in future
versions
ddns-ttl 900;                           # seconds after entry times
out
deny client-updates;                    # ingnore DNS update by Client
ignore client-updates;

update-optimization false;              # if false client will allways
be renewed in DNS
# option definitions common to all supported networks...
# DNS
option domain-name-servers 10.15.21.10, 10.15.21.36, 10.15.21.35;
option ntp-servers 10.15.41.100;
option time-server 10.15.41.100;
option time-offset 3600;
option ip-forwarding off;

#What todo if the client send no hostname
#ddns-hostname = pick (option fqdn.hostname, option host-name,
#                      concat ("dhcp-", binary-to-ascii (10, 8, "-",
leased-address)));
ddns-hostname = pick (option fqdn.hostname, option host-name,
                      concat ("dhcp-",  binary-to-ascii (16, 8, "-",
substring (hardware,1,6))));

####################################################################################################


#option host-name = config-option server.ddns-hostname;

#option all-subnets-local true;
#option broadcast-address 255.255.255.255;
#option router-discovery false;

option ProxyAutodiscoveryOption = "http://intra/web.ins";  #Proxy
option Novell-TreeStandard = OENB;              # Novell
# option Novell-Agent true ANIA00;      # Novell
option Novell-Agent true ANLA00, ANLA01;        # Novell
#option Novell-Scope-Name true "UNSCOPED";      # Novell
option Novell-Scope-Name true "OENB";   # Novell

default-lease-time 1209600; #604800;            # seconds 1209600 14
Tage
max-lease-time  2419200;                        # seconds
min-lease-time  43200;                          # seconds
one-lease-per-client true;                      # setzt alle Leases auf
free, die auf die Mac gehen
deny duplicates;                                #ist gegenden Standard.
Verhinderet Mehrere Leases pro MAC bei verschiedenen UIDs (PXE Boot dann
Linux oder Windows)
stash-agent-options true;                       #merke dir die
Forwarder Info

lease-file-name "/etc/dhcp/dhcpd.leases";
pid-file-name "/var/run/dhcp/dhcpd.pid";
ping-check on;                          # check if IP Address is free
#server-identifier 10.115.255.255;      # server address to send to
client
                                        # not supported on router (no
directed Brodcast)
                                        # Wegen HP-Jetdirects auf Mac
Gefiltert!!!
allow booting;
allow bootp;

log-facility local7;                    # where to write the logfile

authoritative;                          # Clients trust this server
more


###########################################################################
# Definition for omshell connections to controll server in runtime
#key defomapi {
#        algorithm hmac-md5;
#        secret KEY;
#};
#omapi-key defomapi;                    # optional key
omapi-port 7911;                       # Port to listen to (and to
enable)
############################################################################

############################################################################
#
#                              KEY s
#
############################################################################

key dhcp-update. {
       algorithm hmac-md5;
       secret "";
};

############################################################################
#
#                              CLASSEN
#
############################################################################


####### Jet Direct Boxen
####### Alle anderen ausser den xxx Jet direct karten:

Class "noJetDirect"
{
  match if ((substring(hardware, 1, 3) != 00:01:E6)
        and (substring(hardware, 1, 3) != 00:10:83)
        and (substring(hardware, 1, 3) != 00:30:c1)
        and (substring(hardware, 1, 3) != 00:60:b0)
        and not (substring(option vendor-class-identifier, 0, 9) =
"PXEClient"));
#       server-identifier 10.115.241.100;       # server address to
send to client
}

Class "Futro300TerminalClients"
{
  match if (substring(hardware, 1, 3) = 00:90:DC);

  #set relay-agent = binary-to-ascii(10, 8, ".", packet(24, 4));
  set relay-agent = binary-to-ascii(10, 8, ".", packet(24, 3));
        log (info, "Class Decission Futro F300" );
        log (info, concat("GW:",relay-agent) );

default-lease-time 43200; #604800;            # seconds 1209600 14
Tage

  if ((relay-agent = "10.204.0")
   or (relay-agent = "10.14.101")
   or (relay-agent = "10.14.102")
   or (relay-agent = "10.14.103")
   or (relay-agent = "10.14.104")
   or (relay-agent = "10.14.105")
   or (relay-agent = "10.14.106")
   or (relay-agent = "10.14.107")
   or (relay-agent = "10.14.108")
   or (relay-agent = "10.14.109")
   or (relay-agent = "10.14.110")
   or (relay-agent = "10.206.0")) {
        log (info, "GSA Netz" );
        option bpbatch "gsaF300";
        option bpbatch-script "gsaF300";
  } else {
        log (info, "OeNB Netz" );
        option bpbatch "oenbF300";
        option bpbatch-script "oenbF300";
 }
}

#############################################################################
# Definition of PXE-specific options
# Code 1: Multicast IP address of bootfile
# Code 2: UDP port that client should monitor for MTFTP responses
# Code 3: UDP port that MTFTP servers are using to listen for MTFTP
requests
# Code 4: Number of secondes a client must listen for activity before
trying
#         to start a new MTFTP transfer
# Code 5: Number of secondes a client must listen before trying to
restart
#         a MTFTP transfer
# option bpbatch code 135 = text;             #PXE V1.0 on top of
Script
# option bpbatch-script code 155 = text;      #PXE V2.0 on top of
Script

option space PXE;
        option PXE.mtftp-ip code 1 = ip-address;
        option PXE.mtftp-cport code 2 = unsigned integer 16;
        option PXE.mtftp-sport code 3 = unsigned integer 16;
        option PXE.mtftp-tmout code 4 = unsigned integer 8;
        option PXE.mtftp-delay code 5 = unsigned integer 8;
        option PXE.discovery-control code 6 = unsigned integer 8;
        option PXE.discovery-mcast-addr code 7 = ip-address;

class "PXE"
{
        match if substring(option vendor-class-identifier, 0, 9) =
"PXEClient";
        default-lease-time 1800;                # seconds 1800 30min
        max-lease-time  1800;                   # seconds
#       option vendor-class-identifier "PXEClient";

        vendor-option-space PXE;
#       option PXE.mtftp-ip 0.0.0.0; #set to zero to use standard TFTP
server
#       option tftp-server-name "tftpserver.ad.oenb.co.at";     #tftp
Server


        next-server tftpserver.ad.oenb.co.at;                   #tftp
server location
        filename "bpbatch";                     # Bootfilename (incl
path)

#
# Intel EtherExpress PRO 100 with Intel Boot Agent 2.2
#
# Agent doesnt request option 155 needed by bpbatch. We force the
# server to include it in its reply.
  if option dhcp-parameter-request-list =
            01:03:3c:2b:43:80:81:82:83:84:85:86:87 {
                option dhcp-server-identifier  10.211.223.101; #damit
er sich das File vom TFTP Server holt
#    supersede dhcp-parameter-request-list
#            1,3,60,43,66,67,128,129,130,131,132,133,134,135,155;
  }
}
############################### END PXE DEFINITION
###########################


#############################################################
#
#              Here are the major Scopes
#
#############################################################

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

subnet 10.15.0.0 netmask 255.255.0.0 {
}
subnet 10.100.0.0 netmask 255.255.0.0 {
}

#Entrie for pingTest

host anxn01_ping_test
{
       hardware ethernet 08:00:20:ee:bd:91;
       fixed-address 10.100.0.11;
}

######################################################################################################################################
  dhcp.scopes
##############

...

shared-network "Drucker-110"
{
        subnet 10.110.0.0 netmask 255.255.0.0
        {
                option subnet-mask 255.255.0.0;
                option domain-name "ad.oenb.co.at";
                ddns-domainname= "ad.oenb.co.at";
                pool
                {
                        range 10.110.100.1 10.110.109.254;
                        failover peer "BackUP";
                        deny dynamic bootp clients;
                }
                option routers 10.110.0.1;
                option bpbatch "oenb";
                option bpbatch-script "oenb";
        }
}

shared-network "Drucker-210"
{
        subnet 10.210.0.0 netmask 255.255.0.0
        {
                option subnet-mask 255.255.0.0;
                option domain-name "ad.oenb.co.at";
                ddns-domainname= "ad.oenb.co.at";
                pool
                {
                        range 10.210.100.1 10.210.109.254;
                        failover peer "BackUP";
                        deny dynamic bootp clients;
                }
                option routers 10.210.0.1;
                option bpbatch "oenb";
                option bpbatch-script "oenb";
        }
}

....

######################################################################################################################################
  dhcp.zones
##############

zone 210.10.in-addr.arpa
{
    primary  10.115.221.36;
    key dhcp-update.;
}

######################################################################################################################################
  dhcp.static.vmps
##############
  see in last mail.


>>> Glenn Satchell <Glenn.Satchell at uniq.com.au> 24.07.2006 14:11:15
>>>

>Date: Mon, 24 Jul 2006 11:47:44 +0200
>From: "Thomas Zenz" <Thomas.Zenz at oenb.at>
>To: <dhcp-users at isc.org>
>Subject: static entries vs leases
>
>Hey 
>
>We use a File with static entries for our Printers:
>
>e.g:
>host ANP643_1
>{
>        hardware ethernet 00:14:38:a4:bd:88;
>        fixed-address 10.110.6.43;
>        option host-name "ANP643";
>        ddns-hostname "ANP643";
>        ddns-domainname "ad.oenb.co.at";
>        update-static-leases true;
>}
>
>host ANP643_2
>{
>        hardware ethernet 00:14:38:a4:bd:88;
>        fixed-address 10.210.6.43;
>        option host-name "ANP643";
>        ddns-hostname "ANP643";
>        ddns-domainname "ad.oenb.co.at";
>        update-static-leases true;
>}
>
>We use two entries, because, the Printer can be in two different
>Locataions and so in two different IP Subnets.
>
>Since we upgraded to 3.0.4r1 the Printer get's a dynamic address even
>there is a static.
>
>Jul 24 10:32:25 anlpn35 dhcpd: DHCPDISCOVER from 00:14:38:a4:bd:88
via
>10.210.0.1
>Jul 24 10:32:26 anlpn35 dhcpd: DHCPOFFER on 10.210.109.244 to
>00:14:38:a4:bd:88 (NPIA4BD88) via 10.210.0.1
>Jul 24 10:32:31 anlpn35 dhcpd: DHCPREQUEST for 10.210.109.244
>(10.115.221.35) from 00:14:38:a4:bd:88 (NPIA4BD88) via 10.210.0.1
>Jul 24 10:32:31 anlpn35 dhcpd: DHCPACK on 10.210.109.244 to
>00:14:38:a4:bd:88 (NPIA4BD88) via 10.210.0.1
---8<--- snip

dhcpd will only use the assigned fixed-address if it would be valid
for
the subnet that the printer is located on. In this case dhcpd thinks
otherwise, so ignores the statements in the host statement.

We need to see a bit more of your configuration file(s) to understand
what is going on. For example, you have two host entries with
identical
contents - is this a slip of the cut and paste, or how it really is?
What is(are) the subnet definition(s) that contains 10.210.0.1,
10.210.109.244 and 10.210.6.43? Is it one big subnet, eg 10.210.0.0/16
?

Remember host statements are in the global scope, so putting them
inside a subnet declaration does not automatically make them valid for
that subnet.

What version were you previously running that worked?

regards,
-glenn

>Is there a new configuration option?
>
>Parts from the config File:
>
>one-lease-per-client true;               
>deny duplicates;                              
>
>did not help.
>
>
>Please help
>Kind Regard
>Tom
>




More information about the dhcp-users mailing list