change ip address every 6 hours

Randall C Grimshaw rgrimsha at syr.edu
Wed Feb 15 14:02:09 UTC 2012 

May I introduce a different perspective to this discussion.
I agree with Glenn that rotating IP's would be disruptive to the users and harm your reputation for providing a reliable service.... but the devils advocate wants to argue that rotating IP's would not accomplish what you want. Let me call it DynDNS to distinguish it from DDNS, but it is common for home routers and other software tools to keep the DNS service updated with the latest IP. Even if it were reasonable to rotate IP's, it is not an viable control point. 

Randall Grimshaw rgrimsha at syr.edu
________________________________________
From: dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org [dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org] on behalf of Glenn Satchell [glenn.satchell at uniq.com.au]
Sent: Wednesday, February 15, 2012 7:58 AM
To: Users of ISC DHCP
Subject: Re: change ip address every 6 hours

Each client knows its current address, and sends that in a renewal request.

To force the server to decline that address it has to be invalid. Deleting
the lease file doesn't help because the server will see the renewal, note
that there is nothing in the lease file that matches, so re-issue it.

Something like this perhaps:

# config 1
authoritative;
subnet 192.168.100.0 netmask 255.255.25.50 {
  range 192.168.100.2 192.168.100.127;
}

# config 2
authoritative;
subnet 192.168.100.0 netmask 255.255.25.50 {
  range 192.168.100.128 192.168.100.255;
}

Swap these configs and restart the server. All leases in the old range
will be deleted as they are no longer valid. When a client tries to renew
the old IP address will be invalid, so it  will start over and be assigned
a new address out of the new range.

For a 6 hour turnaround you probably want a lease time about 1-2 hours.

But as others have said, this is really a bad idea. If you want to
dis-allow services use a router access list in front of the clients and
block inbound traffic.

regards,
-glenn

> Hi,
>
> While reading this thread, I came up with a doubt. Said you have a range
> of
> addresses, 192.168.100.0/24 to be short. One possible config to serve this
> in dhcpd would be
>
> subnet 192.168.100.0 255.255.255.0 {
>
> range 192.168.100.2 192.168.100.254;
>
> more_stuff;
>
> }
>
> But I know that you can use more that one range of addresses on the same
> subnet, said:
>
> subnet 192.168.100.0 255.255.255.0 {
>
> pool { range 192.168.100.2 192.168.100.63; more_stuff; }
> pool { range 192.168.100.64 192.168.100.127; more_stuff; }
> pool { range 192.168.100.128 192.168.100.191; more_stuff; }
> pool { range 192.168.100.192 192.168.100.254; more_stuff; }
>
> }
>
> So, my doubt is if using one way or another would change the way dhcpd
> distributes the addresses, assuming that there is no rule to bind any
> hardware address to any address, and all other parameters (e.g. lease
> time)
> are very same.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list