What is the best way to move from using “deny duplicates" to "allow duplicates" ?

Glenn Satchell glenn.satchell at uniq.com.au
Thu Apr 3 06:25:17 UTC 2014 

And to answer your specific original question, adding allow duplicates
should just work, no need to wipe out the lease file first.

In fact there are very few times when deleting the lease file should be
necessary - generally it is a bad thing to do as the clients still have
state about their own lease, but the server does not and could offer
leases already in use, if for example the client did not respond to a
ping.

Once it's done on one server means that server won't delete any duplicate
leases, but it will respond to request from the other server to do so.
When the second server is done, neither will try to delete any duplicate
leases.

regards,
-glenn

On Thu, April 3, 2014 5:18 pm, Glenn Satchell wrote:
> Hi Bjarne
>
> I think "allow duplicates" won't do what you want.
>
> In the dhcpd.conf manpage it says:
>
>      The duplicates keyword
>
>       allow duplicates;
>       deny duplicates;
>
>      Host declarations can match client  messages  based  on  the
>      DHCP  Client Identifier option or based on the client's net-
>      work hardware type and MAC address.   If the MAC address  is
>      used,  the  host declaration will match any client with that
>      MAC address - even clients with  different  client  identif-
>      iers.    This  doesn't normally happen, but is possible when
>      one computer has more than one operating system installed on
>      it - for example, Microsoft Windows and NetBSD or Linux.
>
> So this is a generic description of what happens regardless of the setting
> of allow/deny duplicates. It means that if a host matches the hardware
> address in a host statement and you assign a fixed ip then it will always
> get that fixed ip. But I assume you don't want to create 150,000 host
> entries in your config.
>
> The next part of the man page describes what allow/deny duplicates does.
>
>      The duplicates flag tells the DHCP server that if a  request
>      is  received from a client that matches the MAC address of a
>      host declaration, any other leases matching that MAC address
>      should  be  discarded  by the server, even if the UID is not
>      the same.   This is a violation of the  DHCP  protocol,  but
>      can  prevent  clients  whose client identifiers change regu-
>      larly from  holding  many  leases  at  the  same  time.   By
>      default, duplicates are allowed.
>
> So with deny duplicates, when winpe boots dhcpd will release the lease
> held by the earlier pxe client, but only if you use a host statement fo
> rthat client. Otherwise the two requests (pxe and winpe) look like two
> different clients and get two different leases.
>
> Allow duplicates doesn't really help here, all it changes is to not
> release the other leases for that MAC address if you use a host statement.
>
> The latest version dhcp-4.3.0 has a new feature to ignore client-ids. This
> may help, but you'd probably have to compile this version yourself for
> RHEL5. This is from the RELNOTES:
>
> - Add ignore-client-uids option in the server.  This option causes
>   the server to not record a client's uid in its lease.  This
>   violates the specification but may also be useful when a client
>   can dual boot using different client ids but the same mac address.
>   Thank you to Brian De Wolf at Cal Poly Pomona for the patch.
>
> This would mean thatpxe, winpe and the final OS would all present the same
> mac and no client-id, so they should be seen as the same client and get
> the same IP address.
>
> So the TL;DR; is that allow duplicates doesn't look like it will do what
> you want, dhcp-4.3.0 might.
>
> HTH.
>
> regards,
> -glenn
>
> On Thu, April 3, 2014 4:55 pm, Bjarne Blichfeldt wrote:
>> Hi All
>>
>> What will happen to the existing lease database when I move from “deny
>> duplicates” to “allow duplicates” ?
>> Will I have to clear the lease database before I restart dhcpd with
>> "allow
>> duplicates" set or will it just work ? And how is it going to influence
>> the failover if I
>> change one server at a time?
>>
>>
>> More details :
>>
>> Two RHEL5 machines, isc-dhcpd-4.1-ESV-R3 in failover configuration,
>> about
>> 150.000 leases in file..
>>
>> We are seeing  lot of issues with pxe clients, client id and so on.
>>
>> Scenario   – pxe boot/install a thick client :
>> client pxe boots,  gets an address with lease time 3600 (mctl)
>> starts winpe which request an address, but with different clientid =>
>> new
>> ip, lease time 3600
>>   winpe does not know how to renew its lease (known problem) and dies
>> after 3600 seconds.
>>
>> Also we see a lot of double registrations in dns in a VDI environment.
>>
>>
>> To make this work I would like to change to "allow duplicates", forcing
>> the DHCP server to use the mac address, which does not change, as
>> reference instead of client-id, which does change.
>>
>> I remember from many discussion on this list, that this would do the
>> trick.
>> Double checking the manual however, leaves me not so sure :
>> "Host declarations can match client messages based on the DHCP Client
>> Identifier option or based on the client’s network hardware type and MAC
>> address.
>>   If the MAC address is used, the host declaration will match any client
>> with that MAC address - even clients with different client identifiers
>> "
>>
>> Since "host" declarations is mentioned her, does that means it will only
>> work for host declarations = fixed IP, or will "allow duplicate"
>> actually
>> work for ALL dhcp leases ?
>>
>>
>>
>>
>> Thanks in advance for any input
>> Bjarne Blichfeldt
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>

More information about the dhcp-users mailing list