Classifying clients based on FQDN in option 81

Sten Carlsen stenc at s-carlsen.dk
Wed Feb 27 14:48:21 UTC 2013


On 27/02/13 14:31, Glenn Satchell wrote:
> In terms of the configuration language it is certainly possible.
>
> class "example-com" {
>     match if option fqdn.domainname = "example.com";
> }
>
> However, you may need to do a simple packet capture to check that your
> clients actually send that option in the DHCPDISCOVER packet. If it isn't
> there then the server can't make the decision about what to offer.
You could have a pool for non class members only. That might be easier
to pick up then.
>
> regards,
> -glenn
>
> On Wed, February 27, 2013 8:50 pm, Niall O'Reilly wrote:
>> On 27 Feb 2013, at 02:24, VithalPrasad Gaitonde wrote:
>>
>>> Can one configure the ISC DHCP server to define class(es) of clients
>>> based on the DNS domain sent in option 81 by the client.
>> 	I haven't tried that, but I'ld be surprised if it couldn't be done;
>> 	the man pages for dhcpd.conf and dhcp-eval seem to contain the
>> 	information you need.
>>
>> 	That said, I would ask two more basic questions:
>>
>>     1.	Can one depend on the client to set option 81?
>>     2.	Can one trust the client not to spoof a "more attractive" DNS
>> 	domain name than the "legitimate" one?
>>
>> 	Good luck!
>>
>>> Can you then use this class to set options and specific IP range for
>>> such a class of clients.
>> 	Surely.
>>
>> 	IHTH
>> 	Niall O'Reilly
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130227/2f416e96/attachment.html>


More information about the dhcp-users mailing list