How to make dhcpd send NAKs instead of silently ignoring DHCPREQUESTS?
dhcp1 at thehobsons.co.uk
Mon Apr 2 17:47:16 UTC 2012
Andre Albsmeier wrote:
>But now an unknown client does a DHCPREQUEST of, let's say,
>192.168.24.55 (an address where no host definitions exists).
>In this case the server remains silent and ignores the request
>as it is also documented in dhcpd.conf(5). But I want to NAK
>this address and force the client to do a DHCPDISCOVER (so
>it gets one from the range 192.168.24.200 to 192.168.24.254
>above in turn).
> range 192.168.24.1 192.168.24.199;
> deny unknown-clients;
>which works w.r.t. to the DHCPREQUEST mentioned above but now
>when host2 wants to renew its (static) address I get this in
>Apr 2 16:51:18 <daemon.err> server dhcpd: Dynamic and static leases
>present for 192.168.24.23.
>Apr 2 16:51:18 <daemon.err> server dhcpd: Remove host declaration
>host2.domain.org or remove 192.16
>Apr 2 16:51:18 <daemon.err> server dhcpd: from the dynamic address
>pool for 192.168.24.0/24
>since 192.168.24.23 lies within the (now existing) pool ranging
>from 192.168.24.1 to 192.168.24.199.
Firstly, is it a problem ? The client will either give up and revert
to doing Discovers, or it will fail to connect to the network. As
long as it doesn't try and use an address it's not been leased, then
that isn't your problem as the administrator of the DHCP server.
Unless the client is broken, it will only take a few extra seconds to
get a network address - once it's realised it isn't getting an answer
to it's requests.
If it fails to revert to Discovers then it's broken and not your
responsibility as the DHCP admin. If you are responsible for the
client then take it up with the vendor.
As to the rest, well you cannot include an address used in a
fixed-address statement in any pool. The error message you quote was
added in response to the numerous threads from people who expected
the same operation as a Windows server and then complained that their
"static assignments" were being leased out to other clients. There
isn't a way to force NACKs of such addresses without triggering this
error message - though I suppose you could comment that bit out in
the code and recompile.
There is potentially another way to do things.
The ISC server now supports reserved leases - these are "normal"
leases but even if expired will never be re-allocated to other
clients. If you create reserved leases for your fixed address clients
instead of using host statements then the addresses cannot be given
to anything else and will result in a NACK in the circumstances you
describe. You can either just extend your main range, or add small
ranges to just include the addresses in question.
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users