<HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.23507"></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Courier New">
<DIV>It's been awhile since I looked that carefully at the documentation, but my 19,260 static assignments outside of pools would argue that the "assign static (unchanging) addresses outside of ranges" strategy works :)</DIV>
<DIV> </DIV>
<DIV>A really quick skim of the docs does seem to indicate that ranges are for dynamic allocation (and pools are just a way to encapsulate them for failover).</DIV>
<DIV> </DIV>
<DIV>Anyway, I've got a CGI app that our staff use to map MACs to IP addresses and then some perl code that uses Expect and omshell to add, remove and change host containers/stanzas inside the lease files on running DHCP servers. It reads the lease file to determine current host assignments, then reads the state of the CGI app's database, figures out the delta and then uses omshell to apply it.</DIV>
<DIV> </DIV>
<DIV>...Steve</DIV>
<DIV><BR><BR><SPAN style="FONT-SIZE: 0px"></SPAN>Gregory Sloop <gregs@sloop.net> wrote:<BR></DIV>
<TABLE style="MARGIN: 0px 0px 0px 15px; FONT-SIZE: 1em" border=0 bgColor=#f3f3f3>
<TBODY>
<TR>
<TD>
<DIV style="BORDER-LEFT: #050505 1px solid; PADDING-LEFT: 7px">I'm puzzled.<BR><BR>I decided to read the docs [again] *very* carefully, since I'd gone<BR>over them before fairly carefully and was a bit surprised at the<BR>responses I got yesterday saying that I shouldn't include the IP<BR>address in the host dec. in the pool at all. [And that bad things<BR>would happen if I *did* have it in a pool, even with the "deny<BR>unknown-clients" clause/directive.]<BR><BR>It *appears* that the recommendation given yesterday will work, given<BR>everyone's experience. [I have not tried it yet, and I am and have<BR>been running it my way for years.]<BR><BR>But it appears the way I am doing it most closely matches the documentation.<BR><BR><BR>From the dhcp.conf man page...<BR>---<BR>ALLOW DENY AND IGNORE IN SCOPE<BR> The following usages of allow and deny will work in any scope, although it is not recommended that they be used in pool<BR> declarations.<BR><BR>The unknown-clients keyword<BR><BR> allow unknown-clients;<BR> deny unknown-clients;<BR> ignore unknown-clients;<BR><BR> The unknown-clients flag is used to tell dhcpd whether or not to dynamically assign addresses to unknown clients.<BR> Dynamic address assignment to unknown clients is allowed by default. An unknown client is simply a client that has no<BR> host declaration.<BR><BR> The use of this option is now deprecated. If you are trying to restrict access on your network to known clients, you<BR> should use deny unknown-clients; inside of your address pool, as described under the heading ALLOW AND DENY WITHIN POOL<BR> DECLARATIONS.<BR>--- AND ---<BR>ALLOW AND DENY WITHIN POOL DECLARATIONS.<BR>...<BR>known-clients;<BR><BR> If specified, this statement either allows or prevents allocation from this pool to any client that has a host declaraĆ¢<BR> tion (i.e., is known). A client is known if it has a host declaration in any scope, not just the current scope.<BR><BR> unknown-clients;<BR><BR> If specified, this statement either allows or prevents allocation from this pool to any client that has no host declaration<BR> (i.e., is not known).<BR>---<BR><BR>So, not to complain about the help you all have given, but it appears<BR>to me that this says that having a host declaration makes it a "known<BR>client" and that if you use the "deny unknown-client" directive in the<BR>pool, NO unknown clients will get that address, and the host<BR>declaration should ensure that no OTHER client should get that address... <BR><BR>So, in what cases are you all claiming that having it declared in the<BR>pool, but with a host definition *and* a "deny unknown-clients" would<BR>result in the IP defined in the host declaration [and in the pool,<BR>with a "deny unknown-clients" clause] getting assigned to anyone else?<BR><BR>Next, while it may work, not having the address in any pool, doesn't<BR>match the docs, at least in intent. [Again, my reading of the docs.]<BR><BR>It looks to me as if the docs INTEND for you to have the address in a<BR>pool, and restrict the assignment via the "deny unknown-clients"<BR>clause inside the pool. <BR><BR>I really don't want to start a war here - I'm just trying to make<BR>sense of what appear to be deviations from the docs. Perhaps I<BR>misunderstand the docs, or perhaps the explanations given do. I just<BR>want to make sure I really grok what's intended, as well as how it<BR>might practically work - even if the docs don't describe it that way.<BR><BR>[I'm running 4.1-R4, BTW - the standard Ubuntu package.]<BR><BR>TIA<BR>-Greg<BR><BR>_______________________________________________<BR>dhcp-users mailing list<BR>dhcp-users@lists.isc.org<BR><A href="https://lists.isc.org/mailman/listinfo/dhcp-users">https://lists.isc.org/mailman/listinfo/dhcp-users</A><BR></DIV></TD></TR></TBODY></TABLE><BR>
<!--StartFragment-->
<hr size="1">
This information is directed in confidence solely to the person named
above and may contain confidential and/or privileged material. This
information may not otherwise be distributed, copied or disclosed. If you
have received this e-mail in error, please notify the sender immediately
via a return e-mail and destroy original message. Thank you for your
cooperation.<!--EndFragment-->
</BODY></HTML>