Dual DNS server farms in dhcpd.conf
Glenn Satchell
Glenn.Satchell at uniq.com.au
Wed Apr 29 03:20:30 UTC 2009
>Date: Tue, 28 Apr 2009 17:56:50 -0700
>From: "John Tabasz (jtabasz)" <jtabasz at cisco.com>
>
>Hi Glenn,
>
>Dohh!
Easy to do, and it's hard for the parser to decide on a typo or
variable, so you don't always get a syntax error. Been caught by that
one myself.
>When snooping the packets coming from my designated client I see
>something called "client-class-identifier" whose value is "MSFT 5.0".
>But nothing called vendor-class-identifier.
That's probably how the packet sniffer decided to name it as opposed to
dhcpd. It is stored in the packet as an option number.
>Anyway, I deeply appreciate the help I have received on this issue. It
>works after having separated the option and vendor-class-identifier in
>the config file.
Oh that's great. There are lots of simple ways that dhcpd can do very
clever things!
>Where can I donate?
You or your organisation might consider https://www.isc.org/supportisc
regards,
-glenn
>Thanks Again,
>
>John
>
>-----Original Message-----
>From: dhcp-users-bounces at lists.isc.org
>[mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of Glenn Satchell
>Sent: Tuesday, April 28, 2009 4:51 PM
>To: dhcp-users at lists.isc.org
>Subject: RE: Dual DNS server farms in dhcpd.conf
>
>Hi John
>
>>Class "MSFT" {
>> match is substring (option-vendor-class-identifier, 0, 4) = "MSFT";
>
>That should be
>
> option vendor-class-identifier
>
>note that it is two words "option" and "vendor-class-identifier".
>
>With the extra "-" in there the parser sees this as a new variable with
>null value which will never match "MSFT".
>
>If you use a packet capture program you can see the contents of the
>various dhcp options, eg wireshark, snoop, tcpdump, etc.
>
>The options (there are lots of them) are defined in the dhcp-options man
>page.
>
>regards,
>-glenn
>
>>Date: Tue, 28 Apr 2009 13:51:33 -0700
>>From: "John Tabasz (jtabasz)" <jtabasz at cisco.com>
>>
>>Hi All,
>>
>>Thanks to all who have chimed in on this for me. I just tried it in the
>
>>lab and my W2K SP4 PC failed to get the dns server addresses included
>>in the class "MSFT"; declaration. It still gets the dns server IP
>>addresses and domain name that are in the subnet declaration.
>>
>>I added this:
>>
>>Class "MSFT" {
>> match is substring (option-vendor-class-identifier, 0, 4) = "MSFT";
>> option domain-name "testdomain.mydomain.com";
>> option domain-name-servers 128.104.107.239, 192.168.230.199; }
>>
>>Then the subnet declaration looks like this:
>>
>>Subnet 25.25.25.0 netmask 255.255.255.0 {
>> option routers 25.25.25.1;
>> option subnet-mask 255.255.255.0;
>> option domain-name-servers 10.10.3.25, 10.10.4.25;
>> option domain-name "mydomain.com";
>> deny-unknown-clients;
>>}
>>
>>Then the host declaration looks like this:
>>
>> host testhostPC01 {
>> hardware ethernet 0:07:e9:e0:52:a0;
>> fixed-address 25.25.25.96;
>> option hostname "testhostPC01";
>>}
>>
>>I restarted the dhcpd process between each set of changes to the
>>dhcpd.conf file and got no syntax errors.
>>
>>Anything here look wrong or right?
>>
>>Thanks,
>>
>>John
>>
>>-----Original Message-----
>>From: dhcp-users-bounces at lists.isc.org
>>[mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of Randall C
>>Grimshaw
>>Sent: Tuesday, April 28, 2009 12:12 PM
>>To: 'Users of ISC DHCP'
>>Subject: RE: Dual DNS server farms in dhcpd.conf
>>
>>You are correct, but I think Vista has a habit of using info in some
>>cases.
>>
>>Randy
>>
>>-----Original Message-----
>>From: dhcp-users-bounces at lists.isc.org
>>[mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of John Tabasz
>>(jtabasz)
>>Sent: Tuesday, April 28, 2009 2:05 PM
>>To: Users of ISC DHCP; Glenn Satchell
>>Subject: RE: Dual DNS server farms in dhcpd.conf
>>
>>
>>
>>Randy,
>>
>>Thanks for the response.
>>
>>In which cases will dhcpd provide the global, and I'm assuming by
>>global we are talking about the non PC specific dns entries, dns
>addresses?
>>What I'm assuming that you are saying is that the dhcpd will respond
>>with the "class MSFT" defined dns server addresses when responding to a
>
>>DHCPREQ and the client will come up with the correct dns entries. The
>>problem comes in when a DHCPINFO is sent to the dhcpd, in which case
>>the global dns entries are sometimes sent in response. Is this true?
>>
>>DHCPINFO is not something that will happen unless specifically
>>initiated by the client. Under what circumstances will a DHCPINFO take
>>place on a MSFT client?
>>
>>Just trying to understand,
>>
>>John
>>
>>
>>
>>-----Original Message-----
>>From: dhcp-users-bounces at lists.isc.org
>>[mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of Randall C
>>Grimshaw
>>Sent: Tuesday, April 28, 2009 10:32 AM
>>To: Users of ISC DHCP; Glenn Satchell
>>Subject: RE: Dual DNS server farms in dhcpd.conf
>>
>>This sounds like it should work fairly well for you, but one thing to
>>follow-up on is the client behavior when issuing DHCPINFO requests.
>>DHCPd will provide the global default DNS in such cases.
>>
>>We do something like this using the group method as someone else
>>suggested to you, but the success is limited to a use case where it is
>>non-critical that the users get the correct address every time.
>>
>>Randy
>>
>>-----Original Message-----
>>From: dhcp-users-bounces at lists.isc.org
>>[mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of John Tabasz
>>(jtabasz)
>>Sent: Tuesday, April 28, 2009 1:12 PM
>>To: Glenn Satchell; Users of ISC DHCP
>>Subject: RE: Dual DNS server farms in dhcpd.conf
>>
>>Hi Glenn,
>>
>>This is almost exactly what I was looking for. Thanks for the reply.
>>I'll test it out today.
>>By the way, how would I have found this information on my own?
>>
>>Thanks,
>>
>>John
>>
>>-----Original Message-----
>>From: dhcp-users-bounces at lists.isc.org
>>[mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of Glenn Satchell
>>Sent: Monday, April 27, 2009 9:21 PM
>>To: dhcp-users at lists.isc.org
>>Subject: Re: Dual DNS server farms in dhcpd.conf
>>
>>
>>>Date: Mon, 27 Apr 2009 15:23:09 -0700
>>>From: "John Tabasz (jtabasz)" <jtabasz at cisco.com>
>>>
>>>Hi All,
>>>
>>>I have a situation where I want to use dhcpd.conf to serve up
>>>addresses
>>
>>>that are statically assigned. I have previously used the following to
>>>do
>>>this:
>>>
>>>shared-network TEST {
>>>
>>>subnet 192.168.200.0 netmask 255.255.255.0 { option routers
>>>192.168.200.1;
>>> option subnet-mask 255.255.255.0;
>>> option domain-name-servers 10.1.1.25,10.1.2.25,10.1.3.25;
>>> option domain-name "mydomain.com";
>>>deny unknown-clients;
>>>}
>>>
>>> host dev5c.mydomain.com {
>>> hardware ethernet 0:3:ba:11:b1:75;
>>> fixed-address 192.168.200.165;
>>> option host-name "dev5c";
>>> }
>>>
>>>}
>>>
>>>This worked fine until a new requirement came up that the PCs on the
>>>network and the Unix workstations on the same subnet should receive a
>>>different set of DNS server IP addresses.
>>>
>>>I wrote a couple of perl scripts that take the host info and massage
>>>it
>>
>>>into the dhcpd.conf file. One way of getting what I want is to add
>>>logic into the scripts that examine the hostname and if the name
>>>indicates that the device is a PC, add the correct DNS server info
>>>into
>>
>>>the host declaration. This rather than using the shared-network global
>
>>>command to set the DNS servers for the whole subnet.
>>>
>>>Is there a DHCP option that returns the kernel that the client is
>>>running? If so, is there a way to use this info to manipulate the DNS
>>>entries?
>>>
>>>Suggestions?
>>>
>>
>>This will identify the Windows PCs and override their dns servers. The
>>subnet definition stays pretty much as it is, although you don't really
>
>>need the shared-network around the subnet and host definitions.
>>
>>class "MSFT" {
>> match if substring(option vendor-class-identifier, 0, 4) = "MSFT";
>> option domain-name-servers 10.1.1.26,10.1.2.26,10.1.3.26; }
>>
>>regards,
>>-glenn
>>
>>_______________________________________________
>>dhcp-users mailing list
>>dhcp-users at lists.isc.org
>>https://lists.isc.org/mailman/listinfo/dhcp-users
>>_______________________________________________
>>dhcp-users mailing list
>>dhcp-users at lists.isc.org
>>https://lists.isc.org/mailman/listinfo/dhcp-users
>>_______________________________________________
>>dhcp-users mailing list
>>dhcp-users at lists.isc.org
>>https://lists.isc.org/mailman/listinfo/dhcp-users
>>_______________________________________________
>>dhcp-users mailing list
>>dhcp-users at lists.isc.org
>>https://lists.isc.org/mailman/listinfo/dhcp-users
>>_______________________________________________
>>dhcp-users mailing list
>>dhcp-users at lists.isc.org
>>https://lists.isc.org/mailman/listinfo/dhcp-users
>>_______________________________________________
>>dhcp-users mailing list
>>dhcp-users at lists.isc.org
>>https://lists.isc.org/mailman/listinfo/dhcp-users
>
>_______________________________________________
>dhcp-users mailing list
>dhcp-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/dhcp-users
>_______________________________________________
>dhcp-users mailing list
>dhcp-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list