howto configure DHCP to reject renewal of lease

Simon Hobson dhcp1 at
Thu Oct 12 08:54:32 UTC 2006

Gilbert Coles wrote:

>What I'm trying to achieve is to configure the ISC dhcpd to give the client
>(when it tries to renew its lease @T/2) a new IP address - to avoid having
>the same IP for a long time.

Why ?

>Is this functionality available in v3.0.4 of the ISC dhcpd?

No, it's the opposite of required functionality according to the RFC.

It's a questions that's been asked before, and every time it's been 
from an ISP - usually expressed as "I don't think it's great but my 
management insists ...". The reason given has been to prevent users 
running servers on their accounts.

Apologies in advance if this isn't the reason, but so far I don't 
think we've heard any other !

If you look through the archives, you'll find it gets roughly the 
same response whenever it's asked - it's against the rfc, it's bad 
for the network AND for the internet, and no it isn't supported. 
Others have gone as far as to suggest that once your customers find 
out what you are doing then you deserve to lose them and go out of 
business and Darwinism will have removed another stupid ISP from the 
market !

Why doesn't it work ? Simple, dynamic dns services which will allow 
dns to track changes in IP address very quickly. So accessing the 
server by dns entry will only break for a short time when the IP 

Why is it bad for your clients ? Every time their address changes, 
all their connections drop, and any downloads in progress will break. 
Imagine that you customer is downloading a large file, and gets to 4G 
of a 4.7G DVD image when this happens - natural response is to try it 
again and if their software doesn't properly support resumed 
downloads then they'll download the same 4G again - so that's 4G of 
wasted bandwidth usage ! If you rotation time is short enough they'll 
never get the file, but waste a lost of bandwidth in the process - 
this is bad for the Internet as a whole.

Why is it bad for you ? Well with the above happening, you'll get a 
reputation for unreliable connections. When your customers find out 
why then you'll be pilloried for be so f***ing clueless ! Either way, 
no sensible customer is going to choose you (or remain with you) 
without some other compelling reason.

If you wish to impose restrictions on what your customers can do with 
their connections then you should do it at the appropriate level. If 
you want to prevent them running (say) a web server, then filter 
traffic on port 80. It won't stop them running a server on another 
port, so you'll have to figure out how to stop that.

Better still, ask yourselves if you REALLY have to prevent it - it's 
going to be a pain to prevent, why not simply impose 
bandwidth/traffic limits which are far easier to measures/control ?


More information about the dhcp-users mailing list