randomizing lease renewal?
khelms at zcorum.com
Fri Mar 30 14:57:59 UTC 2007
> 2) Why ? In the years I've been on this list we've only ever been
> given one sensible reason for such a function, but normally it's a
> variation on "we want to make it hard for people to run servers".
There are lots of other reasons, most have to do with network management
and dynamically moving people from one network to the next. Dynamically
load balancing connectivity is one reason we use, there are cases where
you cannot use BGP or NAT for balancing. Dynamically moving people
> With the ISC server it is not possible, it is specifically against
> the rfc and is deeply ingrained in the code I believe.
> As to preventing people running servers, well it doesn't work -
> dynamic dns service allow people to update their dns as fast as you
> can change their IP address. Also, for reasons I can't be bothered to
> either retype or find,copy, and paste, it is really, really bad for
> the internet.
You're right when you say its ineffective for keeping diligent people
from running servers, however most users (even the one's trying to run
servers) aren't diligent. Most end users have a very foggy idea of what
DNS is. In addition, the whole "it is really, really bad for
the internet." is based on assumptions of why people want this feature
and an exaggeration of what occurs when you do force a client to another IP address.
Most of the commercial DHCP servers support this function, certainly
Cisco CNR does, and since CNR is used by many MSO's (including using
this function) the idea that dynamically forcing the client to another
address is terrible is pretty silly. Its certainly no more disruptive
than having a cable modem drop offline in mid-communication. However,
it is against the RFC, but IMO that is simply artifact of the prevalent
opinion. I have great respect for the authors of the ISC DHCP daemon
and the community, but in this I greatly disagree with the stance they
have taken and I believe its based far more on philosophy than fact.
> However, you aren't clear whether this is simply for one client for a
> once-only change, or a general thing. Giving you the benefit of the
> doubt, if you need to change a clients address as a once-only thing
> (as part of address reorganisation for example) then you can simply
> remove it from any pools and it will not be renewed. If you create a
> new pool with that address and explicitly "deny booting" then the
> server will NAK it as soon as a client attempts to renew it instead
> is simply ignoring the requests.
This is one way to force the desired behavior through a workaround,
there are several other methods. However, they all require outside
scripting to automate.
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
More information about the dhcp-users