howto configure DHCP to reject renewal of lease
dhcp1 at thehobsons.co.uk
Thu Oct 12 08:54:32 UTC 2006
Gilbert Coles wrote:
>What I'm trying to achieve is to configure the ISC dhcpd to give the client
>(when it tries to renew its lease @T/2) a new IP address - to avoid having
>the same IP for a long time.
>Is this functionality available in v3.0.4 of the ISC dhcpd?
No, it's the opposite of required functionality according to the RFC.
It's a questions that's been asked before, and every time it's been
from an ISP - usually expressed as "I don't think it's great but my
management insists ...". The reason given has been to prevent users
running servers on their accounts.
Apologies in advance if this isn't the reason, but so far I don't
think we've heard any other !
If you look through the archives, you'll find it gets roughly the
same response whenever it's asked - it's against the rfc, it's bad
for the network AND for the internet, and no it isn't supported.
Others have gone as far as to suggest that once your customers find
out what you are doing then you deserve to lose them and go out of
business and Darwinism will have removed another stupid ISP from the
Why doesn't it work ? Simple, dynamic dns services which will allow
dns to track changes in IP address very quickly. So accessing the
server by dns entry will only break for a short time when the IP
Why is it bad for your clients ? Every time their address changes,
all their connections drop, and any downloads in progress will break.
Imagine that you customer is downloading a large file, and gets to 4G
of a 4.7G DVD image when this happens - natural response is to try it
again and if their software doesn't properly support resumed
downloads then they'll download the same 4G again - so that's 4G of
wasted bandwidth usage ! If you rotation time is short enough they'll
never get the file, but waste a lost of bandwidth in the process -
this is bad for the Internet as a whole.
Why is it bad for you ? Well with the above happening, you'll get a
reputation for unreliable connections. When your customers find out
why then you'll be pilloried for be so f***ing clueless ! Either way,
no sensible customer is going to choose you (or remain with you)
without some other compelling reason.
If you wish to impose restrictions on what your customers can do with
their connections then you should do it at the appropriate level. If
you want to prevent them running (say) a web server, then filter
traffic on port 80. It won't stop them running a server on another
port, so you'll have to figure out how to stop that.
Better still, ask yourselves if you REALLY have to prevent it - it's
going to be a pain to prevent, why not simply impose
bandwidth/traffic limits which are far easier to measures/control ?
More information about the dhcp-users