man/orig/dhcpd.conf

Материал из Xgu.ru

Перейти к: навигация, поиск

Не указан параметр (1)


dhcpd.conf(5) dhcpd.conf(5)

Содержание

[править] NAME

      dhcpd.conf - dhcpd configuration file

[править] DESCRIPTION

      The  dhcpd.conf  file contains configuration information for dhcpd, the
      Internet Systems Consortium DHCP Server.
      The dhcpd.conf file is a free-form ASCII text file.   It is  parsed  by
      the  recursive-descent  parser built into dhcpd.   The file may contain
      extra tabs and newlines for formatting purposes.  Keywords in the  file
      are case-insensitive.   Comments may be placed anywhere within the file
      (except within quotes).   Comments begin with the # character  and  end
      at the end of the line.
      The  file  essentially  consists  of a list of statements.   Statements
      fall into two broad categories - parameters and declarations.
      Parameter statements either say how to do something (e.g., how  long  a
      lease  to  offer),  whether to do something (e.g., should dhcpd provide
      addresses to unknown clients), or what parameters  to  provide  to  the
      client (e.g., use gateway 220.177.244.7).
      Declarations  are  used  to  describe  the  topology of the network, to
      describe clients on the network,  to  provide  addresses  that  can  be
      assigned  to  clients,  or to apply a group of parameters to a group of
      declarations.   In any group of parameters and declarations, all param-
      eters  must  be specified before any declarations which depend on those
      parameters may be specified.
      Declarations about network topology include the shared-network and  the
      subnet  declarations.    If  clients  on  a  subnet  are to be assigned
      addresses dynamically, a range declaration must appear within the  sub-
      net  declaration.    For clients with statically assigned addresses, or
      for installations where only known clients will be  served,  each  such
      client  must have a host declaration.   If parameters are to be applied
      to a group of declarations which are not related strictly on a per-sub-
      net basis, the group declaration can be used.
      For  every  subnet  which will be served, and for every subnet to which
      the dhcp server is connected, there must  be  one  subnet  declaration,
      which  tells  dhcpd how to recognize that an address is on that subnet.
      A subnet declaration is required for each subnet even if  no  addresses
      will be dynamically allocated on that subnet.
      Some  installations  have  physical  networks on which more than one IP
      subnet operates.   For example, if there  is  a  site-wide  requirement
      that  8-bit subnet masks be used, but a department with a single physi-
      cal ethernet network expands to the point where it has  more  than  254
      nodes,  it may be necessary to run two 8-bit subnets on the same ether-
      net until such time as a new physical network can be added.    In  this
      case,  the  subnet declarations for these two networks must be enclosed
      in a shared-network declaration.
      Note that even when the shared-network declaration is absent, an  empty
      one  is  created  by  the  server to contain the subnet (and any scoped
      parameters included in the subnet).  For practical purposes, this means
      that  "stateless"  DHCP  clients,  which are not tied to addresses (and
      therefore subnets) will receive  the  same  configuration  as  stateful
      ones.
      Some  sites  may  have  departments which have clients on more than one
      subnet, but it may be desirable to offer those clients a uniform set of
      parameters  which  are  different than what would be offered to clients
      from other departments on the same subnet.   For clients which will  be
      declared  explicitly  with host declarations, these declarations can be
      enclosed in a group declaration along with  the  parameters  which  are
      common to that department.   For clients whose addresses will be dynam-
      ically assigned, class declarations and conditional declarations may be
      used  to  group  parameter  assignments based on information the client
      sends.
      When a client is to be booted, its boot parameters  are  determined  by
      consulting that client's host declaration (if any), and then consulting
      any class declarations matching the client, followed by the pool,  sub-
      net  and shared-network declarations for the IP address assigned to the
      client.   Each of these declarations itself appears  within  a  lexical
      scope,  and  all  declarations at less specific lexical scopes are also
      consulted for client option declarations.   Scopes are never considered
      twice,  and  if  parameters  are  declared  in more than one scope, the
      parameter declared in the most specific scope is the one that is  used.
      When  dhcpd  tries  to  find  a host declaration for a client, it first
      looks for a host declaration which has a fixed-address declaration that
      lists  an  IP address that is valid for the subnet or shared network on
      which the client is booting.   If it doesn't find any  such  entry,  it
      tries to find an entry which has no fixed-address declaration.

[править] EXAMPLES

      A typical dhcpd.conf file will look something like this:
      global parameters...
      subnet 204.254.239.0 netmask 255.255.255.224 {
        subnet-specific parameters...
        range 204.254.239.10 204.254.239.30;
      }
      subnet 204.254.239.32 netmask 255.255.255.224 {
        subnet-specific parameters...
        range 204.254.239.42 204.254.239.62;
      }
      subnet 204.254.239.64 netmask 255.255.255.224 {
        subnet-specific parameters...
        range 204.254.239.74 204.254.239.94;
      }
      group {
        group-specific parameters...
        host zappo.test.isc.org {
          host-specific parameters...
        }
        host beppo.test.isc.org {
          host-specific parameters...
        }
        host harpo.test.isc.org {
          host-specific parameters...
        }
      }
                                     Figure 1


      Notice  that  at  the beginning of the file, there's a place for global
      parameters.   These might be  things  like  the  organization's  domain
      name,  the  addresses  of  the  name servers (if they are common to the
      entire organization), and so on.   So, for example:
           option domain-name "isc.org";
           option domain-name-servers ns1.isc.org, ns2.isc.org;
                                     Figure 2
      As you can see in Figure 2, you can specify host addresses  in  parame-
      ters  using  their domain names rather than their numeric IP addresses.
      If a given hostname resolves to more than one IP address (for  example,
      if  that  host  has two ethernet interfaces), then where possible, both
      addresses are supplied to the client.
      The most obvious reason for having subnet-specific parameters as  shown
      in Figure 1 is that each subnet, of necessity, has its own router.   So
      for the first subnet, for example, there should be something like:
           option routers 204.254.239.1;
      Note that the address here is  specified  numerically.    This  is  not
      required  -  if  you have a different domain name for each interface on
      your router, it's perfectly legitimate to use the domain name for  that
      interface  instead  of  the  numeric  address.   However, in many cases
      there may be only one domain name for all of a router's  IP  addresses,
      and it would not be appropriate to use that name here.
      In  Figure  1  there  is  also a group statement, which provides common
      parameters for a set of three hosts - zappo, beppo and harpo.   As  you
      can  see,  these  hosts are all in the test.isc.org domain, so it might
      make sense for a group-specific parameter to override the  domain  name
      supplied to these hosts:
           option domain-name "test.isc.org";
      Also,  given  the  domain they're in, these are probably test machines.
      If we wanted to test the DHCP leasing mechanism, we might set the lease
      timeout somewhat shorter than the default:
           max-lease-time 120;
           default-lease-time 120;
      You  may  have noticed that while some parameters start with the option
      keyword, some do not.   Parameters starting  with  the  option  keyword
      correspond  to  actual DHCP options, while parameters that do not start
      with the option keyword either control the behavior of the DHCP  server
      (e.g., how long a lease dhcpd will give out), or specify client parame-
      ters that are not optional in the DHCP protocol (for  example,  server-
      name and filename).
      In  Figure  1,  each  host  had host-specific parameters.   These could
      include such things as the hostname option,  the  name  of  a  file  to
      upload  (the  filename  parameter)  and  the address of the server from
      which to upload the file (the next-server parameter).   In general, any
      parameter  can appear anywhere that parameters are allowed, and will be
      applied according to the scope in which the parameter appears.
      Imagine that you have a site with a lot  of  NCD  X-Terminals.    These
      terminals come in a variety of models, and you want to specify the boot
      files for each model.   One way to do this would be to have host decla-
      rations for each server and group them by model:
      group {
        filename "Xncd19r";
        next-server ncd-booter;
        host ncd1 { hardware ethernet 0:c0:c3:49:2b:57; }
        host ncd4 { hardware ethernet 0:c0:c3:80:fc:32; }
        host ncd8 { hardware ethernet 0:c0:c3:22:46:81; }
      }
      group {
        filename "Xncd19c";
        next-server ncd-booter;
        host ncd2 { hardware ethernet 0:c0:c3:88:2d:81; }
        host ncd3 { hardware ethernet 0:c0:c3:00:14:11; }
      }
      group {
        filename "XncdHMX";
        next-server ncd-booter;
        host ncd1 { hardware ethernet 0:c0:c3:11:90:23; }
        host ncd4 { hardware ethernet 0:c0:c3:91:a7:8; }
        host ncd8 { hardware ethernet 0:c0:c3:cc:a:8f; }
      }

[править] ADDRESS POOLS

      The  pool  declaration  can be used to specify a pool of addresses that
      will be treated differently than another pool of addresses, even on the
      same  network segment or subnet.   For example, you may want to provide
      a large set of addresses that can be assigned to DHCP clients that  are
      registered  to  your  DHCP  server,  while  providing  a smaller set of
      addresses, possibly with short lease  times,  that  are  available  for
      unknown  clients.    If you have a firewall, you may be able to arrange
      for addresses from one pool to be allowed access to the Internet, while
      addresses  in  another pool are not, thus encouraging users to register
      their DHCP clients.   To do this, you would set up a pair of pool  dec-
      larations:
      subnet 10.0.0.0 netmask 255.255.255.0 {
        option routers 10.0.0.254;
        # Unknown clients get this pool.
        pool {
          option domain-name-servers bogus.example.com;
          max-lease-time 300;
          range 10.0.0.200 10.0.0.253;
          allow unknown-clients;
        }
        # Known clients get this pool.
        pool {
          option domain-name-servers ns1.example.com, ns2.example.com;
          max-lease-time 28800;
          range 10.0.0.5 10.0.0.199;
          deny unknown-clients;
        }
      }
      It  is also possible to set up entirely different subnets for known and
      unknown clients - address pools exist at the level of shared  networks,
      so address ranges within pool declarations can be on different subnets.
      As you can see in the preceding example, pools can  have  permit  lists
      that  control  which  clients  are allowed access to the pool and which
      aren't.  Each entry in a pool's permit  list  is  introduced  with  the
      allow  or  deny keyword.   If a pool has a permit list, then only those
      clients that match specific entries on the permit list will be eligible
      to  be  assigned  addresses from the pool.   If a pool has a deny list,
      then only those clients that do not match any entries on the deny  list
      will  be  eligible.     If both permit and deny lists exist for a pool,
      then only clients that match the permit list and do not match the  deny
      list will be allowed access.

[править] DYNAMIC ADDRESS ALLOCATION

      Address  allocation  is actually only done when a client is in the INIT
      state and has sent a DHCPDISCOVER message.  If the client thinks it has
      a  valid lease and sends a DHCPREQUEST to initiate or renew that lease,
      the server has only three choices - it can ignore the DHCPREQUEST, send
      a  DHCPNAK to tell the client it should stop using the address, or send
      a DHCPACK, telling the client to go ahead and use  the  address  for  a
      while.
      If  the  server  finds  the  address the client is requesting, and that
      address is available to the client, the server will send a DHCPACK.  If
      the  address  is  no longer available, or the client isn't permitted to
      have it, the server will send a DHCPNAK.  If the server  knows  nothing
      about  the address, it will remain silent, unless the address is incor-
      rect for the network segment to which the client has been attached  and
      the server is authoritative for that network segment, in which case the
      server will send a DHCPNAK  even  though  it  doesn't  know  about  the
      address.
      There  may  be a host declaration matching the client's identification.
      If that host declaration  contains  a  fixed-address  declaration  that
      lists  an IP address that is valid for the network segment to which the
      client is connected.  In this case,  the  DHCP  server  will  never  do
      dynamic  address  allocation.   In this case, the client is required to
      take the address specified in the host  declaration.    If  the  client
      sends  a  DHCPREQUEST  for  some other address, the server will respond
      with a DHCPNAK.
      When the DHCP server allocates a new address for  a  client  (remember,
      this  only  happens  if  the  client has sent a DHCPDISCOVER), it first
      looks to see if the client already has a valid lease on an IP  address,
      or  if there is an old IP address the client had before that hasn't yet
      been reassigned.  In that case, the server will take that  address  and
      check  it  to  see  if the client is still permitted to use it.  If the
      client is no longer permitted to use it, the  lease  is  freed  if  the
      server  thought it was still in use - the fact that the client has sent
      a DHCPDISCOVER proves to the server that the client is no longer  using
      the lease.
      If no existing lease is found, or if the client is forbidden to receive
      the existing lease, then the server will look in the  list  of  address
      pools  for  the  network  segment to which the client is attached for a
      lease that is not in use and that the client is permitted to have.   It
      looks through each pool declaration in sequence (all range declarations
      that appear outside of pool declarations are grouped into a single pool
      with  no  permit  list).    If  the permit list for the pool allows the
      client to be allocated an address from that pool, the pool is  examined
      to  see  if  there is an address available.   If so, then the client is
      tentatively assigned  that  address.    Otherwise,  the  next  pool  is
      tested.   If no addresses are found that can be assigned to the client,
      no response is sent to the client.
      If an address is found that the client is permitted to have,  and  that
      has  never  been  assigned to any client before, the address is immedi-
      ately allocated to the client.   If the address is available for  allo-
      cation  but  has  been  previously  assigned to a different client, the
      server will keep looking in hopes of finding an address that has  never
      before been assigned to a client.
      The  DHCP  server  generates  the list of available IP addresses from a
      hash table.   This means that the addresses are not sorted in any  par-
      ticular  order, and so it is not possible to predict the order in which
      the DHCP server will allocate IP addresses.   Users  of  previous  ver-
      sions  of  the  ISC  DHCP server may have become accustomed to the DHCP
      server allocating IP addresses in  ascending  order,  but  this  is  no
      longer  possible,  and  there is no way to configure this behavior with
      version 3 of the ISC DHCP server.

[править] IP ADDRESS CONFLICT PREVENTION

      The DHCP server checks IP addresses to see if they are  in  use  before
      allocating  them  to  clients.    It  does this by sending an ICMP Echo
      request message to the IP address being allocated.   If  no  ICMP  Echo
      reply  is  received within a second, the address is assumed to be free.
      This is only done for leases that have been specified in  range  state-
      ments, and only when the lease is thought by the DHCP server to be free
      - i.e., the DHCP server or its failover peer has not listed  the  lease
      as in use.
      If  a  response  is  received  to an ICMP Echo request, the DHCP server
      assumes that there is a configuration error - the IP address is in  use
      by  some  host on the network that is not a DHCP client.   It marks the
      address as abandoned, and will not assign it to clients.
      If a DHCP client tries to get an IP address, but  none  are  available,
      but there are abandoned IP addresses, then the DHCP server will attempt
      to reclaim an abandoned IP address.   It marks one IP address as  free,
      and  then  does  the same ICMP Echo request check described previously.
      If there is no answer to the ICMP Echo request, the address is assigned
      to the client.
      The  DHCP  server  does not cycle through abandoned IP addresses if the
      first IP address it tries to reclaim is free.   Rather, when  the  next
      DHCPDISCOVER comes in from the client, it will attempt a new allocation
      using the same method described here, and will typically try a  new  IP
      address.

[править] DHCP FAILOVER

      This version of the ISC DHCP server supports the DHCP failover protocol
      as documented in draft-ietf-dhc-failover-12.txt.   This is not a  final
      protocol  document,  and we have not done interoperability testing with
      other vendors' implementations of this protocol, so you must not assume
      that  this implementation conforms to the standard.  If you wish to use
      the failover protocol, make sure that both failover peers  are  running
      the same version of the ISC DHCP server.
      The failover protocol allows two DHCP servers (and no more than two) to
      share a common address pool.   Each server will have about half of  the
      available  IP  addresses  in the pool at any given time for allocation.
      If one server fails, the other server will continue to renew leases out
      of the pool, and will allocate new addresses out of the roughly half of
      available addresses that it had  when  communications  with  the  other
      server were lost.
      It  is possible during a prolonged failure to tell the remaining server
      that the other server is down, in which case the remaining server  will
      (over  time)  reclaim  all the addresses the other server had available
      for allocation, and begin to reuse them.   This is called  putting  the
      server into the PARTNER-DOWN state.
      You  can put the server into the PARTNER-DOWN state either by using the
      omshell (1) command  or  by  stopping  the  server,  editing  the  last
      failover  state  declaration  in  the  lease  file,  and restarting the
      server.   If you use this last method, change the "my state" line to:
      failover peer name state {
      my state partner-down;
      peer state state at date;
      }
      It is only required to change "my state" as shown above.
      When the other server comes back online, it should automatically detect
      that  it has been offline and request a complete update from the server
      that was running in the PARTNER-DOWN state, and then both servers  will
      resume processing together.
      It is possible to get into a dangerous situation: if you put one server
      into the PARTNER-DOWN state, and then *that* server goes down, and  the
      other  server  comes  back  up, the other server will not know that the
      first server was in the PARTNER-DOWN state,  and  may  issue  addresses
      previously  issued  by the other server to different clients, resulting
      in IP address conflicts.   Before putting a  server  into  PARTNER-DOWN
      state,  therefore,  make  sure  that  the other server will not restart
      automatically.
      The failover protocol defines a primary server  role  and  a  secondary
      server  role.    There are some differences in how primaries and secon-
      daries act, but most of the differences simply have to do with  provid-
      ing  a  way for each peer to behave in the opposite way from the other.
      So one server must be configured as primary, and the other must be con-
      figured  as  secondary,  and  it  doesn't  matter too much which one is
      which.

[править] FAILOVER STARTUP

      When a server starts that has  not  previously  communicated  with  its
      failover  peer, it must establish communications with its failover peer
      and synchronize with it before it can serve clients.   This can  happen
      either  because  you  have just configured your DHCP servers to perform
      failover for the first time, or because one of  your  failover  servers
      has failed catastrophically and lost its database.
      The  initial  recovery  process  is  designed  to  ensure that when one
      failover peer loses its database and then  resynchronizes,  any  leases
      that the failed server gave out before it failed will be honored.  When
      the failed server starts up, it notices that it has no  saved  failover
      state, and attempts to contact its peer.
      When  it  has established contact, it asks the peer for a complete copy
      its peer's lease database.  The peer then sends its complete  database,
      and sends a message indicating that it is done.  The failed server then
      waits until MCLT has passed, and once MCLT has passed both servers make
      the transition back into normal operation.  This waiting period ensures
      that any leases the failed server may have given out while out of  con-
      tact with its partner will have expired.
      While the failed server is recovering, its partner remains in the part-
      ner-down state, which means that it is serving all clients.  The failed
      server provides no service at all to DHCP clients until it has made the
      transition into normal operation.
      In the case where both servers detect that they have never before  com-
      municated  with their partner, they both come up in this recovery state
      and follow the procedure we have just described.    In  this  case,  no
      service will be provided to DHCP clients until MCLT has expired.

[править] CONFIGURING FAILOVER

      In  order  to  configure failover, you need to write a peer declaration
      that configures the failover protocol, and you need to write peer  ref-
      erences  in  each  pool  declaration for which you want to do failover.
      You do not have to do failover for all pools on a  given  network  seg-
      ment.    You must not tell one server it's doing failover on a particu-
      lar address pool and tell the other it is not.   You must not have  any
      common  address pools on which you are not doing failover.  A pool dec-
      laration that utilizes failover would look like this:
      pool {
           failover peer "foo";
           pool specific parameters
      };
      The  server currently  does very  little  sanity checking,  so if   you
      configure  it wrong, it will just  fail in odd ways.  I would recommend
      therefore that you either do  failover or don't do failover, but  don't
      do  any mixed pools.  Also,  use the same master configuration file for
      both  servers,  and  have  a  separate file  that  contains  the   peer
      declaration  and includes the master file.  This will help you to avoid
      configuration  mismatches.  As our  implementation evolves,  this  will
      become   less of  a  problem.  A  basic  sample dhcpd.conf  file for  a
      primary server might look like this:
      failover peer "foo" {
        primary;
        address anthrax.rc.vix.com;
        port 519;
        peer address trantor.rc.vix.com;
        peer port 520;
        max-response-delay 60;
        max-unacked-updates 10;
        mclt 3600;
        split 128;
        load balance max seconds 3;
      }
      include "/etc/dhcpd.master";
      The statements in the peer declaration are as follows:
      The primary and secondary statements
        [ primary | secondary ];
        This determines whether  the  server  is  primary  or  secondary,  as
        described earlier under DHCP FAILOVER.
      The address statement
        address address;
        The  address  statement  declares the IP address or DNS name on which
        the server should listen for connections from its failover peer,  and
        also  the  value to use for the DHCP Failover Protocol server identi-
        fier.  Because this value is used as an identifier,  it  may  not  be
        omitted.
      The peer address statement
        peer address address;
        The  peer  address  statement  declares the IP address or DNS name to
        which the server should  connect  to  reach  its  failover  peer  for
        failover messages.
      The port statement
        port port-number;
        The  port  statement declares the TCP port on which the server should
        listen for connections from its failover peer.  This statement may be
        omitted, in which case the IANA assigned port number 647 will be used
        by default.
      The peer port statement
        peer port port-number;
        The peer port statement declares the TCP port  to  which  the  server
        should  connect  to  reach  its  failover peer for failover messages.
        This statement may be omitted, in which case the IANA  assigned  port
        number 647 will be used by default.
      The max-response-delay statement
        max-response-delay seconds;
        The  max-response-delay statement tells the DHCP server how many sec-
        onds may pass without receiving a  message  from  its  failover  peer
        before it assumes that connection has failed.   This number should be
        small enough that a transient network failure that breaks the connec-
        tion  will not result in the servers being out of communication for a
        long time, but large enough that the server isn't  constantly  making
        and breaking connections.   This parameter must be specified.
      The max-unacked-updates statement
        max-unacked-updates count;
        The  max-unacked-updates  statement  tells the remote DHCP server how
        many BNDUPD messages it can send before it receives a BNDACK from the
        local  system.    We  don't have enough operational experience to say
        what a good value for this is, but 10 seems to work.   This parameter
        must be specified.
      The mclt statement
        mclt seconds;
        The mclt statement defines the Maximum Client Lead Time.   It must be
        specified on the primary, and may not be specified on the  secondary.
        This is the length of time for which a lease may be renewed by either
        failover peer without contacting the  other.    The  longer  you  set
        this,  the  longer  it will take for the running server to recover IP
        addresses after moving into PARTNER-DOWN state.   The shorter you set
        it, the more load your servers will experience when they are not com-
        municating.   A value of something like 3600 is probably  reasonable,
        but  again  bear  in mind that we have no real operational experience
        with this.
      The split statement
        split index;
        The split statement specifies the split between the primary and  sec-
        ondary  for the purposes of load balancing.   Whenever a client makes
        a DHCP request, the DHCP server runs a hash on the client identifica-
        tion,  resulting  in  value  from 0 to 255.  This is used as an index
        into a 256 bit field.  If the bit at that index is set,  the  primary
        is  responsible.   If the bit at that index is not set, the secondary
        is responsible.  The split value determines how many of  the  leading
        bits are set to one.  So, in practice, higher split values will cause
        the primary to serve more clients than the  secondary.   Lower  split
        values,  the  converse.  Legal values are between 0 and 255, of which
        the most reasonable is 128.
      The hba statement
        hba colon-separated-hex-list;
        The hba statement specifies the split between the  primary  and  sec-
        ondary  as  a bitmap rather than a cutoff, which theoretically allows
        for finer-grained control.   In practice, there is probably  no  need
        for such fine-grained control, however.   An example hba statement:
          hba ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
              00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00;
        This  is  equivalent  to  a split 128; statement, and identical.  The
        following two examples are also equivalent to a split of 128, but are
        not identical:
          hba aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:
              aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa;
          hba 55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:
              55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55;
        They are equivalent, because half the bits are set to 0, half are set
        to 1 (0xa and 0x5 are 1010 and 0101 binary respectively)  and  conse-
        quently  this  would  roughly  divide the clients equally between the
        servers.  They are not identical, because the actual peers this would
        load balance to each server are different for each example.
        You must only have split or hba defined, never both.  For most cases,
        the fine-grained control that hba offers isn't necessary,  and  split
        should be used.
      The load balance max seconds statement
        load balance max seconds seconds;
        This statement allows you to configure a cutoff after which load bal-
        ancing is disabled.  The cutoff is based on  the  number  of  seconds
        since  the client sent its first DHCPDISCOVER or DHCPREQUEST message,
        and only works with clients that correctly implement the secs field -
        fortunately  most clients do.  We recommend setting this to something
        like 3 or 5.  The effect of this is that if one of the failover peers
        gets into a state where it is responding to failover messages but not
        responding to some client requests, the other failover peer will take
        over its client load automatically as the clients retry.
      The auto-partner-down statement
        auto-partner-down seconds;
        This  statement  instructs  the server to initiate a timed delay upon
        entering the communications-interrupted state (any situation of being
        out-of-contact  with the remote failover peer).  At the conclusion of
        the timer, the  server  will  automatically  enter  the  partner-down
        state.  This permits the server to allocate leases from the partner's
        free lease pool after an STOS+MCLT timer expires, which can  be  dan-
        gerous  if  the  partner  is  in  fact operating at the time (the two
        servers will give conflicting bindings).
        Think very carefully before enabling this feature.  The  partner-down
        and  communications-interrupted  states  are intentionally segregated
        because there do exist situations where a failover server can fail to
        communicate  with  its peer, but still has the ability to receive and
        reply to requests from DHCP clients.  In general, this feature should
        only  be  used  in  those  deployments where the failover servers are
        directly connected to one another, such as by a  dedicated  hardwired
        link ("a heartbeat cable").
        A  zero  value  disables  the  auto-partner-down  feature  (also  the
        default), and any positive value indicates the  time  in  seconds  to
        wait before automatically entering partner-down.
      The Failover pool balance statements.
         max-lease-misbalance percentage;
         max-lease-ownership percentage;
         min-balance seconds;
         max-balance seconds;
        This version of the DHCP Server evaluates pool balance on a schedule,
        rather than on demand as leases are allocated.  The  latter  approach
        proved  to be slightly klunky when pool misbalanced reach total satu-
        ration...when any server ran out of leases to assign,  it  also  lost
        its ability to notice it had run dry.
        In  order  to understand pool balance, some elements of its operation
        first need to be defined.   First,  there  are  'free'  and  'backup'
        leases.   Both  of  these  are  referred  to  as 'free state leases'.
        'free' and 'backup' are 'the free states' for  the  purpose  of  this
        document.   The difference is that only the primary may allocate from
        'free' leases unless under special circumstances, and only  the  sec-
        ondary may allocate 'backup' leases.
        When  pool balance is performed, the only plausible expectation is to
        provide a 50/50 split of  the  free  state  leases  between  the  two
        servers.   This is because no one can predict which server will fail,
        regardless of the relative load placed upon the two servers, so  giv-
        ing each server half the leases gives both servers the same amount of
        'failure endurance'.  Therefore, there is no  way  to  configure  any
        different  behaviour,  outside  of  some  very  small windows we will
        describe shortly.
        The first thing calculated  on  any  pool  balance  run  is  a  value
        referred to as 'lts', or "Leases To Send".  This, simply, is the dif-
        ference in the count of free and backup leases, divided by two.   For
        the  secondary,  it  is the difference in the backup and free leases,
        divided by two.  The resulting value is signed: if  it  is  positive,
        the  local  server  is  expected to hand out leases to retain a 50/50
        balance.  If it is negative, the remote server  would  need  to  send
        leases  to  balance  the  pool.  Once the lts value reaches zero, the
        pool is perfectly balanced (give or take one lease in the case of  an
        odd number of total free state leases).
        The  current  approach  is  still  something  of  a hybrid of the old
        approach, marked by the presence of the  max-lease-misbalance  state-
        ment.  This parameter configures what used to be a 10% fixed value in
        previous versions: if lts is less than free+backup  *  max-lease-mis-
        balance percent, then the server will skip balancing a given pool (it
        won't bother moving any leases,  even  if  some  leases  "should"  be
        moved).   The meaning of this value is also somewhat overloaded, how-
        ever, in that it also governs the estimation of when  to  attempt  to
        balance  the  pool (which may then also be skipped over).  The oldest
        leases in the free and backup states are  examined.   The  time  they
        have  resided  in  their  respective queues is used as an estimate to
        indicate how much time it is probable it would take before the leases
        at the top of the list would be consumed (and thus, how long it would
        take to use all leases in that state).  This percentage  is  directly
        multiplied by this time, and fit into the schedule if it falls within
        the min-balance and max-balance  configured  values.   The  scheduled
        pool  check  time is only moved in a downwards direction, it is never
        increased.  Lastly, if the lts is more than double this number in the
        negative  direction,  the  local  server  will 'panic' and transmit a
        Failover protocol POOLREQ message, in the hopes that the remote  sys-
        tem will be woken up into action.
        Once  the  lts  value  exceeds the max-lease-misbalance percentage of
        total free state leases as described above, leases are moved  to  the
        remote server.  This is done in two passes.
        In  the  first pass, only leases whose most recent bound client would
        have been served by the remote server - according to the Load Balance
        Algorithm  (see  above  split and hba configuration statements) - are
        given away to the peer.  This first pass  will  happily  continue  to
        give  away  leases, decrementing the lts value by one for each, until
        the lts value has reached the negative of the total number of  leases
        multiplied  by  the max-lease-ownership percentage.  So it is through
        this value that you can permit a small misbalance of the lease  pools
        -  for  the  purpose  of  giving  the peer more than a 50/50 share of
        leases in the hopes that their clients might some day return  and  be
        allocated by the peer (operating normally).  This process is referred
        to as 'MAC Address Affinity',  but  this  is  somewhat  misnamed:  it
        applies  equally  to  DHCP Client Identifier options.  Note also that
        affinity is applied to leases when they enter the state  'free'  from
        'expired' or 'released'.  In this case also, leases will not be moved
        from free to backup if the secondary already has more than its share.
        The  second  pass  is  only  entered  into if the first pass fails to
        reduce the lts underneath the total number of free state leases  mul-
        tiplied  by  the  max-lease-ownership  percentage.  In this pass, the
        oldest leases are given over to the peer without second thought about
        the  Load  Balance  Algorithm, and this continues until the lts falls
        under this value.  In this way, the local server  will  also  happily
        keep  a  small percentage of the leases that would normally load bal-
        ance to itself.
        So, the  max-lease-misbalance  value  acts  as  a  behavioural  gate.
        Smaller values will cause more leases to transition states to balance
        the pools over time, higher values will decrease the amount of change
        (but may lead to pool starvation if there's a run on leases).
        The  max-lease-ownership  value  permits a small (percentage) skew in
        the lease balance of a percentage of the total number of  free  state
        leases.
        Finally,  the  min-balance and max-balance make certain that a sched-
        uled rebalance event happens within a reasonable timeframe (not to be
        thrown off by, for example, a 7 year old free lease).
        Plausible  values  for  the percentages lie between 0 and 100, inclu-
        sive, but values over 50 are indistinguishable from one another (once
        lts  exceeds  50% of the free state leases, one server must therefore
        have 100% of the leases in its respective free state).  It is  recom-
        mended  to  select a max-lease-ownership value that is lower than the
        value selected for the max-lease-misbalance value.   max-lease-owner-
        ship defaults to 10, and max-lease-misbalance defaults to 15.
        Plausible values for the min-balance and max-balance times also range
        from 0 to (2^32)-1 (or the limit of your  local  time_t  value),  but
        default  to  values 60 and 3600 respectively (to place balance events
        between 1 minute and 1 hour).

[править] CLIENT CLASSING

      Clients can be separated into classes, and treated differently  depend-
      ing  on  what  class  they are in.   This separation can be done either
      with a conditional statement, or with  a  match  statement  within  the
      class  declaration.    It  is  possible to specify a limit on the total
      number of clients within a particular class or subclass that  may  hold
      leases at one time, and it is possible to specify automatic subclassing
      based on the contents of the client packet.
      To add clients to classes based  on  conditional  evaluation,  you  can
      specify a matching expression in the class statement:
      class "ras-clients" {
        match if substring (option dhcp-client-identifier, 1, 3) = "RAS";
      }
      Note  that  whether  you use matching expressions or add statements (or
      both) to classify clients, you must always write  a  class  declaration
      for  any  class that you use.   If there will be no match statement and
      no in-scope statements for a class, the declaration  should  look  like
      this:
      class "ras-clients" {
      }

[править] SUBCLASSES

      In  addition to classes, it is possible to declare subclasses.   A sub-
      class is a class with the same name as a regular class, but with a spe-
      cific  submatch expression which is hashed for quick matching.  This is
      essentially a speed hack - the main  difference  between  five  classes
      with  match  expressions  and one class with five subclasses is that it
      will be quicker to find the subclasses.   Subclasses work as follows:
      class "allocation-class-1" {
        match pick-first-value (option dhcp-client-identifier, hardware);
      }
      class "allocation-class-2" {
        match pick-first-value (option dhcp-client-identifier, hardware);
      }
      subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
      subclass "allocation-class-2" 1:8:0:2b:a9:cc:e3;
      subclass "allocation-class-1" 1:0:0:c4:aa:29:44;
      subnet 10.0.0.0 netmask 255.255.255.0 {
        pool {
          allow members of "allocation-class-1";
          range 10.0.0.11 10.0.0.50;
        }
        pool {
          allow members of "allocation-class-2";
          range 10.0.0.51 10.0.0.100;
        }
      }
      The data following the class name in the subclass declaration is a con-
      stant  value  to  use  in  matching the match expression for the class.
      When class matching is done, the server will evaluate the match expres-
      sion  and  then  look  the result up in the hash table.   If it finds a
      match, the client is considered a member of both the class and the sub-
      class.
      Subclasses  can be declared with or without scope.   In the above exam-
      ple, the sole purpose of the subclass is to allow some  clients  access
      to  one address pool, while other clients are given access to the other
      pool, so these subclasses are declared without scopes.   If part of the
      purpose  of  the subclass were to define different parameter values for
      some clients, you might want to declare some subclasses with scopes.
      In the above example, if you had a single client that needed some  con-
      figuration parameters, while most didn't, you might write the following
      subclass declaration for that client:
      subclass "allocation-class-2" 1:08:00:2b:a1:11:31 {
        option root-path "samsara:/var/diskless/alphapc";
        filename "/tftpboot/netbsd.alphapc-diskless";
      }
      In this example, we've used subclassing as a  way  to  control  address
      allocation  on  a per-client basis.  However, it's also possible to use
      subclassing in ways that are not specific to clients - for example,  to
      use  the  value of the vendor-class-identifier option to determine what
      values to send in the vendor-encapsulated-options option.   An  example
      of  this  is  shown  under  the VENDOR ENCAPSULATED OPTIONS head in the
      dhcp-options(5) manual page.

[править] PER-CLASS LIMITS ON DYNAMIC ADDRESS ALLOCATION

      You may specify a limit to the number of clients in a class that can be
      assigned  leases.   The effect of this will be to make it difficult for
      a new client in a class to get an address.   Once a class with  such  a
      limit  has  reached  its limit, the only way a new client in that class
      can get a lease is for an existing  client  to  relinquish  its  lease,
      either  by  letting  it  expire,  or  by  sending a DHCPRELEASE packet.
      Classes with lease limits are specified as follows:
      class "limited-1" {
        lease limit 4;
      }
      This will produce a class in which a maximum of four members may hold a
      lease at one time.

[править] SPAWNING CLASSES

      It  is  possible  to  declare  a spawning class.  A spawning class is a
      class that automatically produces subclasses based on what  the  client
      sends.    The  reason that spawning classes were created was to make it
      possible to create lease-limited classes on the fly.    The  envisioned
      application  is  a cable-modem environment where the ISP wishes to pro-
      vide clients at a particular site with more than one  IP  address,  but
      does  not  wish to provide such clients with their own subnet, nor give
      them an unlimited number of IP addresses from the  network  segment  to
      which they are connected.
      Many  cable  modem  head-end  systems  can be configured to add a Relay
      Agent Information option to DHCP packets when relaying them to the DHCP
      server.    These systems typically add a circuit ID or remote ID option
      that uniquely identifies the customer  site.    To  take  advantage  of
      this, you can write a class declaration as follows:
      class "customer" {
        spawn with option agent.circuit-id;
        lease limit 4;
      }
      Now  whenever  a  request comes in from a customer site, the circuit ID
      option will be checked against the class's hash table.   If a  subclass
      is  found that matches the circuit ID, the client will be classified in
      that subclass and treated accordingly.   If no subclass is found match-
      ing  the  circuit  ID,  a  new  one  will  be created and logged in the
      dhcpd.leases file, and the client will be classified in this new class.
      Once  the  client  has been classified, it will be treated according to
      the rules of the class, including, in this case, being subject  to  the
      per-site limit of four leases.
      The  use  of the subclass spawning mechanism is not restricted to relay
      agent options - this particular example is given only because it  is  a
      fairly straightforward one.

[править] COMBINING MATCH, MATCH IF AND SPAWN WITH

      In  some  cases,  it  may  be  useful to use one expression to assign a
      client to a particular class, and a second expression to put it into  a
      subclass  of  that  class.   This can be done by combining the match if
      and spawn with statements, or the match if and match statements.    For
      example:
      class "jr-cable-modems" {
        match if option dhcp-vendor-identifier = "jrcm";
        spawn with option agent.circuit-id;
        lease limit 4;
      }
      class "dv-dsl-modems" {
        match if option dhcp-vendor-identifier = "dvdsl";
        spawn with option agent.circuit-id;
        lease limit 16;
      }
      This  allows you to have two classes that both have the same spawn with
      expression without getting the clients in the two classes confused with
      each other.

[править] DYNAMIC DNS UPDATES

      The  DHCP  server has the ability to dynamically update the Domain Name
      System.  Within the configuration files, you can define  how  you  want
      the  Domain Name System to be updated.  These updates are RFC 2136 com-
      pliant so any DNS server supporting RFC 2136 should be able  to  accept
      updates from the DHCP server.
      Two  DNS  update  schemes  are  currently  implemented,  and another is
      planned.   The two that are currently implemented are  the  ad-hoc  DNS
      update mode and the interim DHCP-DNS interaction draft update mode.  In
      the future we plan to add a third mode which will be the  standard  DNS
      update  method based on the RFCS for DHCP-DNS interaction and DHCID The
      DHCP server must be configured to use one  of  the  two  currently-sup-
      ported  methods,  or  not to do dns updates.  This can be done with the
      ddns-update-style configuration parameter.

[править] THE AD-HOC DNS UPDATE SCHEME

      The ad-hoc Dynamic DNS update scheme is now  deprecated  and  does  not
      work.   In future releases of the ISC DHCP server, this scheme will not
      likely be available.  The interim scheme works,  allows  for  failover,
      and  should  now  be  used.  The following description is left here for
      informational purposes only.
      The ad-hoc Dynamic DNS update scheme implemented in this version of the
      ISC  DHCP  server is a prototype design, which does not have much to do
      with the standard update method that is being standardized in the  IETF
      DHC  working  group, but rather implements some very basic, yet useful,
      update capabilities.   This mode does not work with the failover proto-
      col  because  it  does not account for the possibility of two different
      DHCP servers updating the same set of DNS records.
      For the ad-hoc DNS update method, the client's FQDN is derived  in  two
      parts.    First, the hostname is determined.   Then, the domain name is
      determined, and appended to the hostname.
      The DHCP server determines the client's hostname by first looking for a
      ddns-hostname  configuration  option,  and using that if it is present.
      If no such option is present, the server looks for a valid hostname  in
      the  FQDN option sent by the client.  If one is found, it is used; oth-
      erwise, if the client sent a host-name option, that  is  used.   Other-
      wise,  if  there  is a host declaration that applies to the client, the
      name from that declaration will be used.  If none of these applies, the
      server will not have a hostname for the client, and will not be able to
      do a DNS update.
      The domain name is determined from  the  ddns-domainname  configuration
      option.  The default configuration for this option is:
        option server.ddns-domainname = config-option domain-name;
      So  if this configuration option is not configured to a different value
      (over-riding the above default), or if a  domain-name  option  has  not
      been  configured  for  the  client's  scope,  then  the server will not
      attempt to perform a DNS update.
      The client's fully-qualified domain name, derived as we have described,
      is  used  as  the  name  on  which an "A" record will be stored.  The A
      record will contain the IP address that the client was assigned in  its
      lease.    If there is already an A record with the same name in the DNS
      server, no update of either the A or PTR records will occur - this pre-
      vents a client from claiming that its hostname is the name of some net-
      work  server.    For  example,  if  you  have   a   fileserver   called
      "fs.sneedville.edu", and the client claims its hostname is "fs", no DNS
      update will be done for that client,  and  an  error  message  will  be
      logged.
      If  the  A record update succeeds, a PTR record update for the assigned
      IP address will be done, pointing to the A  record.    This  update  is
      unconditional  - it will be done even if another PTR record of the same
      name exists.   Since the IP address  has  been  assigned  to  the  DHCP
      server, this should be safe.
      Please note that the current implementation assumes clients only have a
      single network interface.   A client with two network  interfaces  will
      see  unpredictable  behavior.    This  is considered a bug, and will be
      fixed in a later release.   It may be helpful to enable the  one-lease-
      per-client  parameter  so that roaming clients do not trigger this same
      behavior.
      The DHCP protocol normally involves a four-packet exchange - first  the
      client sends a DHCPDISCOVER message, then the server sends a DHCPOFFER,
      then the client sends a DHCPREQUEST, then the server sends  a  DHCPACK.
      In  the  current version of the server, the server will do a DNS update
      after it has received the DHCPREQUEST, and before it has sent the  DHC-
      PACK.    It  only  sends  the DNS update if it has not sent one for the
      client's address before, in order to minimize the impact  on  the  DHCP
      server.
      When the client's lease expires, the DHCP server (if it is operating at
      the time, or when next it operates) will remove the client's A and  PTR
      records  from  the  DNS database.   If the client releases its lease by
      sending a DHCPRELEASE message, the server will likewise  remove  the  A
      and PTR records.

[править] THE INTERIM DNS UPDATE SCHEME

      The  interim  DNS  update  scheme  operates mostly according to several
      drafts considered by the IETF.  While the drafts have since become RFCs
      the code was written before they were finalized and there are some dif-
      ferences between our code and the final RFCs.  We plan  to  update  our
      code,  probably adding a standard DNS update option, at some time.  The
      basic framework is similar with the main material difference being that
      a  DHCID  RR was assigned in the RFCs whereas our code continues to use
      an experimental TXT record.  The format  of  the  TXT  record  bears  a
      resemblance  to  the  DHCID  RR  but it is not equivalent (MD5 vs SHA1,
      field length differences etc).  The standard RFCs are:
                           RFC 4701 (updated by RF5494)
                                     RFC 4702
                                     RFC 4703
      And the corresponding drafts were:
                         draft-ietf-dnsext-dhcid-rr-??.txt
                         draft-ietf-dhc-fqdn-option-??.txt
                       draft-ietf-dhc-ddns-resolution-??.txt
      Because our implementation is slightly different than the standard,  we
      will briefly document the operation of this update style here.
      The  first  point  to understand about this style of DNS update is that
      unlike the ad-hoc style, the DHCP server does  not  necessarily  always
      update  both  the  A  and the PTR records.   The FQDN option includes a
      flag which, when sent by the client, indicates that the  client  wishes
      to  update  its own A record.   In that case, the server can be config-
      ured either to honor the client's intentions or ignore them.   This  is
      done  with  the statement allow client-updates; or the statement ignore
      client-updates;.   By default, client updates are allowed.
      If the server is configured to allow client updates, then if the client
      sends a fully-qualified domain name in the FQDN option, the server will
      use that name the client sent in the FQDN  option  to  update  the  PTR
      record.   For example, let us say that the client is a visitor from the
      "radish.org" domain, whose hostname is "jschmoe".   The server  is  for
      the  "example.org"  domain.    The  DHCP  client  indicates in the FQDN
      option that its FQDN is "jschmoe.radish.org.".   It also indicates that
      it  wants  to update its own A record.   The DHCP server therefore does
      not attempt to set up an A record for the client, but does set up a PTR
      record  for  the  IP  address  that  it assigns the client, pointing at
      jschmoe.radish.org.   Once the DHCP client has an IP  address,  it  can
      update its own A record, assuming that the "radish.org" DNS server will
      allow it to do so.
      If the server is configured not to allow  client  updates,  or  if  the
      client doesn't want to do its own update, the server will simply choose
      a name for the client from either the fqdn option (if present)  or  the
      hostname  option (if present).  It will use its own domain name for the
      client, just as in the ad-hoc update scheme.  It will then update  both
      the A and PTR record, using the name that it chose for the client.   If
      the client sends a fully-qualified domain name in the fqdn option,  the
      server  uses only the leftmost part of the domain name - in the example
      above, "jschmoe" instead of "jschmoe.radish.org".
      Further, if the ignore client-updates;  directive  is  used,  then  the
      server  will  in addition send a response in the DHCP packet, using the
      FQDN Option, that implies to the client that it should perform its  own
      updates  if it chooses to do so.  With deny client-updates;, a response
      is sent which indicates the client may not perform updates.
      Also, if the use-host-decl-names configuration option is enabled,  then
      the  host  declaration's hostname will be used in place of the hostname
      option, and the same rules will apply as described above.
      The other difference between the ad-hoc scheme and the  interim  scheme
      is that with the interim scheme, a method is used that allows more than
      one DHCP server to update the DNS database without accidentally  delet-
      ing  A  records  that shouldn't be deleted nor failing to add A records
      that should be added.   The scheme works as follows:
      When the DHCP server issues a client a new lease,  it  creates  a  text
      string  that  is an MD5 hash over the DHCP client's identification (see
      draft-ietf-dnsext-dhcid-rr-??.txt for details).   The update adds an  A
      record  with  the name the server chose and a TXT record containing the
      hashed identifier string  (hashid).    If  this  update  succeeds,  the
      server is done.
      If  the update fails because the A record already exists, then the DHCP
      server attempts to add the A record with the  prerequisite  that  there
      must be a TXT record in the same name as the new A record, and that TXT
      record's contents must be equal to hashid.   If this  update  succeeds,
      then  the  client  has its A record and PTR record.   If it fails, then
      the name the client has been assigned (or requested)  is  in  use,  and
      can't  be  used by the client.   At this point the DHCP server gives up
      trying to do a DNS update for the client until the client chooses a new
      name.
      The  interim  DNS  update  scheme  is  called  interim for two reasons.
      First, it does not quite follow the RFCs.   The RFCs  call  for  a  new
      DHCID RRtype while he interim DNS update scheme uses a TXT record.  The
      ddns-resolution draft called for the DHCP server to put a DHCID  RR  on
      the PTR record, but the interim update method does not do this.  In the
      final RFC this requirement was relaxed such that a  server  may  add  a
      DHCID RR to the PTR record.
      In  addition to these differences, the server also does not update very
      aggressively.  Because each DNS update involves a round trip to the DNS
      server,  there  is a cost associated with doing updates even if they do
      not actually modify the DNS  database.    So  the  DHCP  server  tracks
      whether  or not it has updated the record in the past (this information
      is stored on the lease) and does not attempt to update records that  it
      thinks it has already updated.
      This  can  lead  to cases where the DHCP server adds a record, and then
      the record is deleted through some  other  mechanism,  but  the  server
      never  again  updates  the  DNS  because  it thinks the data is already
      there.   In this case the data can be removed from  the  lease  through
      operator  intervention,  and  once  this has been done, the DNS will be
      updated the next time the client renews.

[править] DYNAMIC DNS UPDATE SECURITY

      When you set your DNS server up to allow updates from the DHCP  server,
      you  may  be  exposing  it to unauthorized updates.  To avoid this, you
      should use TSIG signatures -  a  method  of  cryptographically  signing
      updates using a shared secret key.   As long as you protect the secrecy
      of this key, your updates should also be secure.   Note, however,  that
      the  DHCP  protocol  itself  provides no security, and that clients can
      therefore provide information to the DHCP server which the DHCP  server
      will  then  use  in  its updates, with the constraints described previ-
      ously.
      The DNS server must be configured to allow updates for  any  zone  that
      the DHCP server will be updating.  For example, let us say that clients
      in  the  sneedville.edu  domain  will  be  assigned  addresses  on  the
      10.10.17.0/24  subnet.   In  that case, you will need a key declaration
      for the TSIG key you will be using, and also two  zone  declarations  -
      one  for the zone containing A records that will be updates and one for
      the zone containing PTR records - for ISC BIND, something like this:
      key DHCP_UPDATER {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;
        secret pRP5FapFoJ95JEL06sv4PQ==;
      };
      zone "example.org" {
           type master;
           file "example.org.db";
           allow-update { key DHCP_UPDATER; };
      };
      zone "17.10.10.in-addr.arpa" {
           type master;
           file "10.10.17.db";
           allow-update { key DHCP_UPDATER; };
      };
      You will also have to configure your DHCP server to do updates to these
      zones.    To  do  so,  you  need  to  add  something  like this to your
      dhcpd.conf file:
      key DHCP_UPDATER {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;
        secret pRP5FapFoJ95JEL06sv4PQ==;
      };
      zone EXAMPLE.ORG. {
        primary 127.0.0.1;
        key DHCP_UPDATER;
      }
      zone 17.127.10.in-addr.arpa. {
        primary 127.0.0.1;
        key DHCP_UPDATER;
      }
      The primary statement specifies the IP address of the name server whose
      zone  information  is to be updated.  In addition to the primary state-
      ment there are also the primary6 , secondary and secondary6 statements.
      The  primary6  statement specifies an IPv6 address for the name server.
      The secondaries provide for additional addresses for name servers to be
      used  if  the primary does not respond.  The number of name servers the
      DDNS code will attempt to use before giving up is limited and  is  cur-
      rently set to three.
      Note that the zone declarations have to correspond to authority records
      in your name server - in the above example, there must be an SOA record
      for  "example.org." and for "17.10.10.in-addr.arpa.".   For example, if
      there were a subdomain "foo.example.org"  with  no  separate  SOA,  you
      could not write a zone declaration for "foo.example.org."  Also keep in
      mind that zone names in your DHCP configuration should end  in  a  ".";
      this  is  the  preferred syntax.  If you do not end your zone name in a
      ".", the DHCP server will figure it out.  Also note that  in  the  DHCP
      configuration,  zone  names  are not encapsulated in quotes where there
      are in the DNS configuration.
      You should choose your own secret key, of course.  The ISC BIND 8 and 9
      distributions  come  with  a  program for generating secret keys called
      dnssec-keygen.  The version that comes with BIND 9 is likely to produce
      a  substantially more random key, so we recommend you use that one even
      if you are not using BIND 9 as your DNS server.  If you are using  BIND
      9's dnssec-keygen, the above key would be created as follows:
           dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
      If  you  are  using the BIND 8 dnskeygen program, the following command
      will generate a key as seen above:
           dnskeygen -H 128 -u -c -n DHCP_UPDATER
      You may wish to enable logging of DNS updates on your DNS  server.   To
      do so, you might write a logging statement like the following:
      logging {
           channel update_debug {
                file "/var/log/update-debug.log";
                severity  debug 3;
                print-category yes;
                print-severity yes;
                print-time     yes;
           };
           channel security_info    {
                file "/var/log/named-auth.info";
                severity  info;
                print-category yes;
                print-severity yes;
                print-time     yes;
           };
           category update { update_debug; };
           category security { security_info; };
      };
      You  must  create  the  /var/log/named-auth.info  and  /var/log/update-
      debug.log files before starting the name server.   For more information
      on configuring ISC BIND, consult the documentation that accompanies it.

[править] REFERENCE: EVENTS

      There are three kinds of events that can happen regarding a lease,  and
      it  is  possible  to  declare  statements  that occur when any of these
      events happen.   These events are the commit event, when the server has
      made  a  commitment  of a certain lease to a client, the release event,
      when the client has released the server from its  commitment,  and  the
      expiry event, when the commitment expires.
      To  declare  a  set of statements to execute when an event happens, you
      must use the on statement, followed by the name of the event,  followed
      by  a  series of statements to execute when the event happens, enclosed
      in braces.   Events are used to implement DNS updates,  so  you  should
      not  define  your  own event handlers if you are using the built-in DNS
      update mechanism.
      The built-in version of the DNS update mechanism is in  a  text  string
      towards  the  top  of  server/dhcpd.c.    If you want to use events for
      things other than DNS updates, and you also want DNS updates, you  will
      have  to  start  out by copying this code into your dhcpd.conf file and
      modifying it.

[править] REFERENCE: DECLARATIONS

      The include statement
       include "filename";
      The include statement is used to read in a named file, and process  the
      contents of that file as though it were entered in place of the include
      statement.
      The shared-network statement
       shared-network name {
         [ parameters ]
         [ declarations ]
       }
      The shared-network statement is used to inform  the  DHCP  server  that
      some  IP subnets actually share the same physical network.  Any subnets
      in a shared network should be declared within a  shared-network  state-
      ment.   Parameters  specified  in  the shared-network statement will be
      used when booting clients on those subnets unless  parameters  provided
      at  the  subnet or host level override them.  If any subnet in a shared
      network has addresses available for dynamic allocation, those addresses
      are  collected  into a common pool for that shared network and assigned
      to clients as needed.  There is no way to distinguish on  which  subnet
      of a shared network a client should boot.
      Name should be the name of the shared network.   This name is used when
      printing debugging messages, so it should be descriptive for the shared
      network.    The  name  may  have  the  syntax  of  a  valid domain name
      (although it will never be used as such), or it may  be  any  arbitrary
      name, enclosed in quotes.
      The subnet statement
       subnet subnet-number netmask netmask {
         [ parameters ]
         [ declarations ]
       }
      The  subnet  statement is used to provide dhcpd with enough information
      to tell whether or not an IP address is on that subnet.  It may also be
      used   to  provide  subnet-specific  parameters  and  to  specify  what
      addresses may be dynamically allocated to clients booting on that  sub-
      net.   Such addresses are specified using the range declaration.
      The subnet-number should be an IP address or domain name which resolves
      to the subnet number of  the  subnet  being  described.    The  netmask
      should  be  an  IP  address or domain name which resolves to the subnet
      mask of the subnet being described.   The subnet number, together  with
      the  netmask,  are sufficient to determine whether any given IP address
      is on the specified subnet.
      Although a netmask must be given with every subnet declaration,  it  is
      recommended  that if there is any variance in subnet masks at a site, a
      subnet-mask option statement be used in each subnet declaration to  set
      the  desired  subnet  mask, since any subnet-mask option statement will
      override the subnet mask declared in the subnet statement.
      The subnet6 statement
       subnet6 subnet6-number {
         [ parameters ]
         [ declarations ]
       }
      The subnet6 statement is used to provide dhcpd with enough  information
      to tell whether or not an IPv6 address is on that subnet6.  It may also
      be used to provide  subnet-specific  parameters  and  to  specify  what
      addresses  may be dynamically allocated to clients booting on that sub-
      net.
      The subnet6-number should be an IPv6 network identifier,  specified  as
      ip6-address/bits.
      The range statement
      range [ dynamic-bootp ] low-address [ high-address];
      For  any  subnet on which addresses will be assigned dynamically, there
      must be at least one range statement.   The range statement  gives  the
      lowest  and  highest IP addresses in a range.   All IP addresses in the
      range should be in the subnet in which the range statement is declared.
      The  dynamic-bootp  flag may be specified if addresses in the specified
      range may be dynamically assigned to BOOTP  clients  as  well  as  DHCP
      clients.    When specifying a single address, high-address can be omit-
      ted.
      The range6 statement
      range6 low-address high-address;
      range6 subnet6-number;
      range6 subnet6-number temporary;
      range6 address temporary;
      For any IPv6 subnet6 on which addresses will be  assigned  dynamically,
      there  must  be at least one range6 statement. The range6 statement can
      either be the lowest and highest IPv6 addresses in  a  range6,  or  use
      CIDR  notation,  specified as ip6-address/bits. All IP addresses in the
      range6 should be in the  subnet6  in  which  the  range6  statement  is
      declared.
      The  temporary  variant makes the prefix (by default on 64 bits) avail-
      able for temporary (RFC 4941) addresses. A new address  per  prefix  in
      the  shared  network  is computed at each request with an IA_TA option.
      Release and Confirm ignores temporary addresses.
      Any IPv6 addresses given to hosts with fixed-address6 are excluded from
      the range6, as are IPv6 addresses on the server itself.


      The prefix6 statement
      prefix6 low-address high-address / bits;
      The  prefix6 is the range6 equivalent for Prefix Delegation (RFC 3633).
      Prefixes of bits length are  assigned  between  low-address  and  high-
      address.
      Any  IPv6  prefixes  given to static entries (hosts) with fixed-prefix6
      are excluded from the prefix6.
      This statement is currently global but it should have a  shared-network
      scope.
      The host statement
       host hostname {
         [ parameters ]
         [ declarations ]
       }
      The host declaration provides a scope in which to provide configuration
      information about a specific client, and also provides a way to  assign
      a  client a fixed address.  The host declaration provides a way for the
      DHCP server to identify a DHCP or BOOTP  client,  and  also  a  way  to
      assign the client a static IP address.
      If  it  is  desirable to be able to boot a DHCP or BOOTP client on more
      than one subnet with fixed addresses, more  than  one  address  may  be
      specified  in  the  fixed-address  declaration,  or  more than one host
      statement may be specified matching the same client.
      If client-specific boot parameters must change based on the network  to
      which the client is attached, then multiple host declarations should be
      used.  The host declarations will only match a client if one  of  their
      fixed-address  statements  is  viable on the subnet (or shared network)
      where the client is attached.  Conversely, for a  host  declaration  to
      match  a client being allocated a dynamic address, it must not have any
      fixed-address statements.  You may therefore need  a  mixture  of  host
      declarations  for  any  given client...some having fixed-address state-
      ments, others without.
      hostname should be a name identifying the host.  If a  hostname  option
      is not specified for the host, hostname is used.
      Host declarations are matched to actual DHCP or BOOTP clients by match-
      ing the dhcp-client-identifier option specified in the host declaration
      to  the  one supplied by the client, or, if the host declaration or the
      client does not provide a dhcp-client-identifier  option,  by  matching
      the  hardware parameter in the host declaration to the network hardware
      address supplied by the client.   BOOTP clients do not normally provide
      a  dhcp-client-identifier, so the hardware address must be used for all
      clients that may boot using the BOOTP protocol.
      DHCPv6 servers can use the host-identifier option parameter in the host
      declaration,  and  specify  any  option  with a fixed value to identify
      hosts.
      Please be aware that only the  dhcp-client-identifier  option  and  the
      hardware  address can be used to match a host declaration, or the host-
      identifier option parameter for DHCPv6 servers.   For  example,  it  is
      not  possible to match a host declaration to a host-name option.   This
      is because the host-name option cannot be guaranteed to be  unique  for
      any  given  client,  whereas both the hardware address and dhcp-client-
      identifier option are at least theoretically guaranteed to be unique to
      a given client.
      The group statement
       group {
         [ parameters ]
         [ declarations ]
       }
      The group statement is used simply to apply one or more parameters to a
      group of declarations.   It can be used to  group  hosts,  shared  net-
      works, subnets, or even other groups.

[править] REFERENCE: ALLOW AND DENY

      The  allow  and  deny statements can be used to control the response of
      the DHCP server to various sorts of requests.  The allow and deny  key-
      words  actually have different meanings depending on the context.  In a
      pool context, these keywords can be used to set  up  access  lists  for
      address  allocation pools.  In other contexts, the keywords simply con-
      trol general server behavior with respect to clients  based  on  scope.
      In  a  non-pool context, the ignore keyword can be used in place of the
      deny keyword to prevent logging of denied requests.


[править] ALLOW DENY AND IGNORE IN SCOPE

      The following usages of allow and deny will work in any scope, although
      it is not recommended that they be used in pool declarations.
      The unknown-clients keyword
       allow unknown-clients;
       deny unknown-clients;
       ignore unknown-clients;
      The unknown-clients flag is used to tell dhcpd whether or not to dynam-
      ically assign addresses to unknown clients.   Dynamic  address  assign-
      ment  to  unknown  clients is allowed by default.  An unknown client is
      simply a client that has no host declaration.
      The use of this option  is  now  deprecated.   If  you  are  trying  to
      restrict  access  on your network to known clients, you should use deny
      unknown-clients; inside of your address pool, as  described  under  the
      heading ALLOW AND DENY WITHIN POOL DECLARATIONS.
      The bootp keyword
       allow bootp;
       deny bootp;
       ignore bootp;
      The bootp flag is used to tell dhcpd whether or not to respond to bootp
      queries.  Bootp queries are allowed by default.
      This option does not satisfy the  requirement  of  failover  peers  for
      denying  dynamic bootp clients.  The deny dynamic bootp clients; option
      should be used instead. See the ALLOW AND DENY WITHIN POOL DECLARATIONS
      section of this man page for more details.
      The booting keyword
       allow booting;
       deny booting;
       ignore booting;
      The  booting  flag  is  used to tell dhcpd whether or not to respond to
      queries from a particular client.  This keyword only has  meaning  when
      it appears in a host declaration.   By default, booting is allowed, but
      if it is disabled for a particular client, then that client will not be
      able to get an address from the DHCP server.
      The duplicates keyword
       allow duplicates;
       deny duplicates;
      Host  declarations  can  match client messages based on the DHCP Client
      Identifier option or based on the client's network  hardware  type  and
      MAC  address.    If  the MAC address is used, the host declaration will
      match any client with that MAC address - even  clients  with  different
      client  identifiers.    This  doesn't  normally happen, but is possible
      when one computer has more than one operating system installed on it  -
      for example, Microsoft Windows and NetBSD or Linux.
      The duplicates flag tells the DHCP server that if a request is received
      from a client that matches the MAC address of a host  declaration,  any
      other  leases  matching  that  MAC  address  should be discarded by the
      server, even if the UID is not the same.   This is a violation  of  the
      DHCP  protocol, but can prevent clients whose client identifiers change
      regularly from holding many leases  at  the  same  time.   By  default,
      duplicates are allowed.
      The declines keyword
       allow declines;
       deny declines;
       ignore declines;
      The  DHCPDECLINE  message  is used by DHCP clients to indicate that the
      lease the server has offered is not valid.   When the server receives a
      DHCPDECLINE  for  a  particular  address,  it  normally  abandons  that
      address, assuming that some unauthorized system is using it.   Unfortu-
      nately,  a  malicious  or buggy client can, using DHCPDECLINE messages,
      completely exhaust the DHCP server's allocation pool.   The server will
      reclaim these leases, but while the client is running through the pool,
      it may cause serious thrashing in the DNS, and it will also  cause  the
      DHCP server to forget old DHCP client address allocations.
      The declines flag tells the DHCP server whether or not to honor DHCPDE-
      CLINE messages.   If it is set to deny or ignore in a particular scope,
      the DHCP server will not respond to DHCPDECLINE messages.
      The client-updates keyword
       allow client-updates;
       deny client-updates;
      The  client-updates  flag tells the DHCP server whether or not to honor
      the client's intention to do its own update of its A record.   This  is
      only  relevant  when doing interim DNS updates.   See the documentation
      under the heading THE INTERIM DNS UPDATE SCHEME for details.
      The leasequery keyword
       allow leasequery;
       deny leasequery;
      The leasequery flag tells the DHCP server whether or not to answer DHC-
      PLEASEQUERY  packets.  The  answer  to a DHCPLEASEQUERY packet includes
      information about a specific lease, such as when it was issued and when
      it  will expire. By default, the server will not respond to these pack-
      ets.

[править] ALLOW AND DENY WITHIN POOL DECLARATIONS

      The uses of the allow and deny keywords shown in the  previous  section
      work  pretty much the same way whether the client is sending a DHCPDIS-
      COVER or a DHCPREQUEST message - an address will be  allocated  to  the
      client  (either  the old address it's requesting, or a new address) and
      then that address will be tested to see if it's okay to let the  client
      have  it.    If  the client requested it, and it's not okay, the server
      will send a DHCPNAK message.   Otherwise, the server  will  simply  not
      respond  to  the  client.    If  it  is okay to give the address to the
      client, the server will send a DHCPACK message.
      The primary motivation behind pool  declarations  is  to  have  address
      allocation  pools  whose  allocation policies are different.   A client
      may be denied access to one pool, but allowed access to another pool on
      the  same  network segment.   In order for this to work, access control
      has to be done during address allocation, not after address  allocation
      is done.
      When a DHCPREQUEST message is processed, address allocation simply con-
      sists of looking up the address the client is requesting and seeing  if
      it's  still  available  for the client.  If it is, then the DHCP server
      checks both the address pool permit lists  and  the  relevant  in-scope
      allow  and deny statements to see if it's okay to give the lease to the
      client.  In the case of a DHCPDISCOVER message, the allocation  process
      is done as described previously in the ADDRESS ALLOCATION section.
      When declaring permit lists for address allocation pools, the following
      syntaxes are recognized following the allow or deny keywords:
       known-clients;
      If specified, this statement either allows or prevents allocation  from
      this  pool  to any client that has a host declaration (i.e., is known).
      A client is known if it has a host declaration in any scope,  not  just
      the current scope.
       unknown-clients;
      If  specified, this statement either allows or prevents allocation from
      this pool to any client that has no  host  declaration  (i.e.,  is  not
      known).
       members of "class";
      If  specified, this statement either allows or prevents allocation from
      this pool to any client that is a member of the named class.
       dynamic bootp clients;
      If specified, this statement either allows or prevents allocation  from
      this pool to any bootp client.
       authenticated clients;
      If  specified, this statement either allows or prevents allocation from
      this pool to any client that has  been  authenticated  using  the  DHCP
      authentication protocol.   This is not yet supported.
       unauthenticated clients;
      If  specified, this statement either allows or prevents allocation from
      this pool to any client that has not been authenticated using the  DHCP
      authentication protocol.   This is not yet supported.
       all clients;
      If  specified, this statement either allows or prevents allocation from
      this pool to all clients.   This can be used when you want to  write  a
      pool  declaration  for some reason, but hold it in reserve, or when you
      want to renumber your network quickly, and  thus  want  the  server  to
      force  all clients that have been allocated addresses from this pool to
      obtain new addresses immediately when they next renew.
       after time;
      If specified, this statement either allows or prevents allocation  from
      this  pool  after  a given date. This can be used when you want to move
      clients from one pool to another. The server adjusts the regular  lease
      time  so  that  the  latest expiry time is at the given time+min-lease-
      time.  A short min-lease-time enforces a step change, whereas a  longer
      min-lease-time  allows  for  a  gradual  change.  time is either second
      since epoch, or a UTC time string e.g.   4  2007/08/24  09:14:32  or  a
      string  with  time  zone  offset  in seconds e.g. 4 2007/08/24 11:14:32
      -7200

[править] REFERENCE: PARAMETERS

      The adaptive-lease-time-threshold statement
        adaptive-lease-time-threshold percentage;
        When the number of allocated leases within a  pool  rises  above  the
        percentage  given  in  this  statement, the DHCP server decreases the
        lease length for new clients within this pool to min-lease-time  sec-
        onds.  Clients  renewing  an already valid (long) leases get at least
        the remaining time from the current lease. Since  the  leases  expire
        faster,  the  server  may  either  recover more quickly or avoid pool
        exhaustion entirely.  Once the number of allocated leases drop  below
        the  threshold, the server reverts back to normal lease times.  Valid
        percentages are between 1 and 99.
      The always-broadcast statement
        always-broadcast flag;
        The DHCP and BOOTP protocols both require DHCP and BOOTP  clients  to
        set the broadcast bit in the flags field of the BOOTP message header.
        Unfortunately, some DHCP and BOOTP clients do not do this, and there-
        fore  may  not  receive  responses  from  the DHCP server.   The DHCP
        server can be made to always broadcast its responses  to  clients  by
        setting  this  flag  to  'on' for the relevant scope; relevant scopes
        would be inside a conditional statement, as a parameter for a  class,
        or  as a parameter for a host declaration.   To avoid creating excess
        broadcast traffic on your network, we recommend that you restrict the
        use  of this option to as few clients as possible.   For example, the
        Microsoft DHCP client is known not to have this problem, as  are  the
        OpenTransport and ISC DHCP clients.
      The always-reply-rfc1048 statement
        always-reply-rfc1048 flag;
        Some  BOOTP clients expect RFC1048-style responses, but do not follow
        RFC1048 when sending their requests.   You can tell that a client  is
        having this problem if it is not getting the options you have config-
        ured for it and if you see in  the  server  log  the  message  "(non-
        rfc1048)" printed with each BOOTREQUEST that is logged.
        If you want to send rfc1048 options to such a client, you can set the
        always-reply-rfc1048 option in that client's  host  declaration,  and
        the  DHCP  server  will respond with an RFC-1048-style vendor options
        field.   This flag can be set in  any  scope,  and  will  affect  all
        clients covered by that scope.
      The authoritative statement
        authoritative;
        not authoritative;
        The  DHCP server will normally assume that the configuration informa-
        tion about a given network segment is not known to be correct and  is
        not  authoritative.   This is so that if a naive user installs a DHCP
        server not fully understanding how to configure it, it does not  send
        spurious  DHCPNAK  messages  to  clients that have obtained addresses
        from a legitimate DHCP server on the network.
        Network administrators setting  up  authoritative  DHCP  servers  for
        their networks should always write authoritative; at the top of their
        configuration file to indicate that the DHCP server should send DHCP-
        NAK messages to misconfigured clients.   If this is not done, clients
        will be unable to get a correct IP  address  after  changing  subnets
        until  their  old  lease  has  expired, which could take quite a long
        time.
        Usually, writing authoritative; at the top level of the  file  should
        be sufficient.   However, if a DHCP server is to be set up so that it
        is aware of some networks for which it is authoritative and some net-
        works  for  which  it  is  not, it may be more appropriate to declare
        authority on a per-network-segment basis.
        Note that the most specific scope for which the concept of  authority
        makes  any  sense  is the physical network segment - either a shared-
        network statement or a subnet statement that is not contained  within
        a shared-network statement.  It is not meaningful to specify that the
        server is authoritative for some subnets within a shared network, but
        not  authoritative  for  others, nor is it meaningful to specify that
        the server is authoritative for some host declarations and  not  oth-
        ers.
      The boot-unknown-clients statement
        boot-unknown-clients flag;
        If  the  boot-unknown-clients statement is present and has a value of
        false or off, then clients for which there  is  no  host  declaration
        will  not  be  allowed to obtain IP addresses.   If this statement is
        not present or has a value of true or on, then clients  without  host
        declarations will be allowed to obtain IP addresses, as long as those
        addresses are not restricted by  allow  and  deny  statements  within
        their pool declarations.
      The db-time-format statement
        db-time-format [ default | local ] ;
        The  DHCP  server  software  outputs  several timestamps when writing
        leases to persistent storage.  This configuration  parameter  selects
        one  of two output formats.  The default format prints the day, date,
        and time in UTC, while the local format prints  the  system  seconds-
        since-epoch,  and  helpfully  provides the day and time in the system
        timezone in a comment.  The time formats are described in  detail  in
        the dhcpd.leases(5) manpage.
      The ddns-hostname statement
        ddns-hostname name;
        The  name  parameter should be the hostname that will be used in set-
        ting up the client's A and PTR  records.    If  no  ddns-hostname  is
        specified in scope, then the server will derive the hostname automat-
        ically, using an algorithm that varies  for  each  of  the  different
        update methods.
      The ddns-domainname statement
        ddns-domainname name;
        The name parameter should be the domain name that will be appended to
        the client's hostname to form a fully-qualified domain-name (FQDN).
      The ddns-rev-domainname statement
        ddns-rev-domainname name; The name parameter  should  be  the  domain
        name  that  will  be  appended to the client's reversed IP address to
        produce a name for use in the client's PTR record.   By default, this
        is "in-addr.arpa.", but the default can be overridden here.
        The  reversed  IP  address  to  which this domain name is appended is
        always the IP  address  of  the  client,  in  dotted  quad  notation,
        reversed  -  for example, if the IP address assigned to the client is
        10.17.92.74, then the reversed IP  address  is  74.92.17.10.    So  a
        client  with that IP address would, by default, be given a PTR record
        of 10.17.92.74.in-addr.arpa.
      The ddns-update-style parameter
        ddns-update-style style;
        The style parameter must be one of  ad-hoc,  interim  or  none.   The
        ddns-update-style  statement  is only meaningful in the outer scope -
        it is evaluated once after reading the dhcpd.conf file,  rather  than
        each  time  a client is assigned an IP address, so there is no way to
        use different DNS update styles for different clients. The default is
        none.
      The ddns-updates statement
         ddns-updates flag;
        The  ddns-updates  parameter  controls whether or not the server will
        attempt to do a DNS update when a lease is confirmed.   Set  this  to
        off  if  the server should not attempt to do updates within a certain
        scope.  The ddns-updates parameter is on by default.   To disable DNS
        updates  in all scopes, it is preferable to use the ddns-update-style
        statement, setting the style to none.
      The default-lease-time statement
        default-lease-time time;
        Time should be the length in seconds that will be assigned to a lease
        if  the client requesting the lease does not ask for a specific expi-
        ration time.  This is used for both DHCPv4 and DHCPv6 leases  (it  is
        also  known as the "valid lifetime" in DHCPv6).  The default is 43200
        seconds.
      The delayed-ack and max-ack-delay statements
        delayed-ack count; max-ack-delay microseconds;
        Count should be an integer value from zero to 2^16-1, and defaults to
        28.   The  count  represents  how many DHCPv4 replies maximum will be
        queued pending transmission until after a database commit event.   If
        this  number  is reached, a database commit event (commonly resulting
        in fsync() and representing a performance penalty) will be made,  and
        the  reply  packets  will be transmitted in a batch afterwards.  This
        preserves the RFC2131 direction  that  "stable  storage"  be  updated
        prior  to  replying  to  clients.  Should the DHCPv4 sockets "go dry"
        (select() returns immediately with no read sockets),  the  commit  is
        made and any queued packets are transmitted.
        Similarly, microseconds indicates how many microseconds are permitted
        to pass inbetween queuing a packet pending an fsync,  and  performing
        the  fsync.   Valid  values  range  from 0 to 2^32-1, and defaults to
        250,000 (1/4 of a second).
        Please note  that  as  delayed-ack  is  currently  experimental,  the
        delayed-ack  feature  is  not  compiled  in  by  default, but must be
        enabled at compile time with './configure --enable-delayed-ack'.
      The do-forward-updates statement
        do-forward-updates flag;
        The do-forward-updates statement instructs  the  DHCP  server  as  to
        whether it should attempt to update a DHCP client's A record when the
        client acquires or renews a lease.   This  statement  has  no  effect
        unless  DNS  updates  are  enabled  and  ddns-update-style  is set to
        interim.   Forward updates are enabled by default.   If  this  state-
        ment  is  used to disable forward updates, the DHCP server will never
        attempt to update the client's A record, and will only  ever  attempt
        to update the client's PTR record if the client supplies an FQDN that
        should be placed in the PTR record using the fqdn option.  If forward
        updates  are enabled, the DHCP server will still honor the setting of
        the client-updates flag.
      The dynamic-bootp-lease-cutoff statement
        dynamic-bootp-lease-cutoff date;
        The dynamic-bootp-lease-cutoff statement sets the ending time for all
        leases  assigned dynamically to BOOTP clients.  Because BOOTP clients
        do not have any way of renewing leases, and  don't  know  that  their
        leases  could expire, by default dhcpd assigns infinite leases to all
        BOOTP clients.  However, it may make sense in some situations to  set
        a cutoff date for all BOOTP leases - for example, the end of a school
        term, or the time at night when a facility is closed and all machines
        are required to be powered off.
        Date  should be the date on which all assigned BOOTP leases will end.
        The date is specified in the form:
                                W YYYY/MM/DD HH:MM:SS
        W is the day of the week expressed as a number from zero (Sunday)  to
        six  (Saturday).  YYYY is the year, including the century.  MM is the
        month expressed as a number from 1 to 12.   DD  is  the  day  of  the
        month,  counting from 1.  HH is the hour, from zero to 23.  MM is the
        minute and SS is the second.  The time is always in Coordinated  Uni-
        versal Time (UTC), not local time.
      The dynamic-bootp-lease-length statement
        dynamic-bootp-lease-length length;
        The dynamic-bootp-lease-length statement is used to set the length of
        leases dynamically assigned to BOOTP clients.   At some sites, it may
        be  possible to assume that a lease is no longer in use if its holder
        has not used BOOTP or DHCP to get its address within a  certain  time
        period.    The  period is specified in length as a number of seconds.
        If a client reboots using BOOTP during the timeout period, the  lease
        duration  is reset to length, so a BOOTP client that boots frequently
        enough will never lose its lease.  Needless to  say,  this  parameter
        should be adjusted with extreme caution.
      The filename statement
        filename "filename";
        The filename statement can be used to specify the name of the initial
        boot file which is to be loaded by a client.  The filename should  be
        a filename recognizable to whatever file transfer protocol the client
        can be expected to use to load the file.
      The fixed-address declaration
        fixed-address address [, address ... ];
        The fixed-address declaration is used to assign one or more fixed  IP
        addresses  to a client.  It should only appear in a host declaration.
        If more than one address is supplied, then when the client boots,  it
        will be assigned the address that corresponds to the network on which
        it is booting.  If none of the addresses in the fixed-address  state-
        ment are valid for the network to which the client is connected, that
        client will not match the host  declaration  containing  that  fixed-
        address  declaration.   Each address in the fixed-address declaration
        should be either an IP address or a domain name that resolves to  one
        or more IP addresses.
      The fixed-address6 declaration
        fixed-address6 ip6-address ;
        The  fixed-address6  declaration  is  used  to  assign  a  fixed IPv6
        addresses to a client.  It should only appear in a host  declaration.
      The get-lease-hostnames statement
        get-lease-hostnames flag;
        The  get-lease-hostnames  statement  is used to tell dhcpd whether or
        not to look up the domain name corresponding to  the  IP  address  of
        each  address  in  the  lease  pool and use that address for the DHCP
        hostname option.  If flag is true, then this lookup is done  for  all
        addresses in the current scope.   By default, or if flag is false, no
        lookups are done.
      The hardware statement
        hardware hardware-type hardware-address;
        In order for a BOOTP client to be recognized,  its  network  hardware
        address  must  be declared using a hardware clause in the host state-
        ment.  hardware-type must be the name of a physical  hardware  inter-
        face  type.    Currently,  only the ethernet and token-ring types are
        recognized, although support for a fddi hardware  type  (and  others)
        would  also  be  desirable.   The hardware-address should be a set of
        hexadecimal octets (numbers from 0 through ff) separated  by  colons.
        The hardware statement may also be used for DHCP clients.
      The host-identifier option statement
        host-identifier option option-name option-data;
        This  identifies a DHCPv6 client in a host statement.  option-name is
        any option, and option-data is the value  for  the  option  that  the
        client will send. The option-data must be a constant value.
      The infinite-is-reserved statement
        infinite-is-reserved flag;
        ISC DHCP now supports 'reserved' leases.  See the section on RESERVED
        LEASES below.  If this flag is  on,  the  server  will  automatically
        reserve  leases  allocated  to  clients  which  requested an infinite
        (0xffffffff) lease-time.
        The default is off.
      The lease-file-name statement
        lease-file-name name;
        Name should be the  name  of  the  DHCP  server's  lease  file.    By
        default,  this is DBDIR/dhcpd.leases.   This statement must appear in
        the outer scope of the configuration file - if  it  appears  in  some
        other  scope,  it will have no effect.  Furthermore, it has no effect
        if overridden by the -lf flag or the PATH_DHCPD_DB environment  vari-
        able.
      The limit-addrs-per-ia statement
        limit-addrs-per-ia number;
        By default, the DHCPv6 server will limit clients to one IAADDR per IA
        option, meaning one address.  If you wish to permit clients  to  hang
        onto multiple addresses at a time, configure a larger number here.
        Note  that  there  is  no  present  method to configure the server to
        forcibly configure the client with one IP address per each subnet  on
        a shared network.  This is left to future work.
      The dhcpv6-lease-file-name statement
        dhcpv6-lease-file-name name;
        Name  is  the name of the lease file to use if and only if the server
        is running in DHCPv6 mode.  By default, this is  DBDIR/dhcpd6.leases.
        This  statement, like lease-file-name, must appear in the outer scope
        of the configuration file.  It has no effect if overridden by the -lf
        flag  or  the  PATH_DHCPD6_DB environment variable.  If dhcpv6-lease-
        file-name is not specified, but lease-file-name is, the latter  value
        will be used.
      The local-port statement
        local-port port;
        This  statement causes the DHCP server to listen for DHCP requests on
        the UDP port specified in port, rather than on port 67.
      The local-address statement
        local-address address;
        This statement causes the DHCP server to  listen  for  DHCP  requests
        sent  to  the  specified  address,  rather  than requests sent to all
        addresses.  Since serving directly attached DHCP clients implies that
        the  server must respond to requests sent to the all-ones IP address,
        this option cannot be used if clients are on directly  attached  net-
        works...it  is  only  realistically  useful  for  a server whose only
        clients are reached via unicasts, such as via DHCP relay agents.
        Note:  This statement is only effective if the  server  was  compiled
        using  the USE_SOCKETS #define statement, which is default on a small
        number of operating systems, and must be explicitly  chosen  at  com-
        pile-time for all others.  You can be sure if your server is compiled
        with USE_SOCKETS if you see lines of this format at startup:
         Listening on Socket/eth0
        Note also that since this bind()s all DHCP sockets to  the  specified
        address,  that  only  one  address  may be supported in a daemon at a
        given time.
      The log-facility statement
        log-facility facility;
        This statement causes the DHCP server to do all of its logging on the
        specified  log  facility once the dhcpd.conf file has been read.   By
        default the DHCP server logs to the daemon facility.    Possible  log
        facilities  include  auth,  authpriv,  cron,  daemon, ftp, kern, lpr,
        mail, mark, news, ntp,  security,  syslog,  user,  uucp,  and  local0
        through  local7.    Not  all of these facilities are available on all
        systems, and there may be other facilities available  on  other  sys-
        tems.
        In  addition  to setting this value, you may need to modify your sys-
        log.conf file to configure logging of the DHCP server.   For example,
        you might add a line like this:
             local7.debug /var/log/dhcpd.log
        The syntax of the syslog.conf file may be different on some operating
        systems - consult the syslog.conf manual page to  be  sure.   To  get
        syslog  to  start  logging to the new file, you must first create the
        file with correct ownership and permissions (usually, the same  owner
        and  permissions  of your /var/log/messages or /usr/adm/messages file
        should be fine) and send a SIGHUP to syslogd.  Some  systems  support
        log  rollover  using  a  shell  script or program called newsyslog or
        logrotate, and you may be able to configure this as well so that your
        log file doesn't grow uncontrollably.
        Because  the  log-facility  setting  is  controlled by the dhcpd.conf
        file, log messages printed  while  parsing  the  dhcpd.conf  file  or
        before parsing it are logged to the default log facility.  To prevent
        this, see the README file  included  with  this  distribution,  which
        describes  how to change the default log facility.  When this parame-
        ter is used, the DHCP server prints its startup message a second time
        after parsing the configuration file, so that the log will be as com-
        plete as possible.
      The max-lease-time statement
        max-lease-time time;
        Time should be the maximum length in seconds that will be assigned to
        a  lease.   If  not defined, the default maximum lease time is 86400.
        The only exception to this is that Dynamic BOOTP lease lengths, which
        are not specified by the client, are not limited by this maximum.
      The min-lease-time statement
        min-lease-time time;
        Time should be the minimum length in seconds that will be assigned to
        a lease.  The default is the minimum of  300  seconds  or  max-lease-
        time.
      The min-secs statement
        min-secs seconds;
        Seconds  should be the minimum number of seconds since a client began
        trying to acquire a new lease before the DHCP server will respond  to
        its  request.   The  number  of  seconds  is based on what the client
        reports, and the maximum value that the client can report is 255 sec-
        onds.   Generally, setting this to one will result in the DHCP server
        not responding to the client's first request, but  always  responding
        to its second request.
        This can be used to set up a secondary DHCP server which never offers
        an address to a client until the primary  server  has  been  given  a
        chance  to  do  so.    If the primary server is down, the client will
        bind to the secondary server, but  otherwise  clients  should  always
        bind  to  the primary.   Note that this does not, by itself, permit a
        primary server and a secondary server to share a pool of dynamically-
        allocatable addresses.
      The next-server statement
        next-server server-name;
        The  next-server statement is used to specify the host address of the
        server from which the initial boot file (specified  in  the  filename
        statement)  is  to  be  loaded.    Server-name should be a numeric IP
        address or a domain name.
      The omapi-port statement
        omapi-port port;
        The omapi-port statement causes the DHCP server to listen  for  OMAPI
        connections  on  the  specified port.   This statement is required to
        enable the OMAPI protocol, which is used to examine  and  modify  the
        state of the DHCP server as it is running.
      The one-lease-per-client statement
        one-lease-per-client flag;
        If  this flag is enabled, whenever a client sends a DHCPREQUEST for a
        particular lease, the server will automatically free any other leases
        the  client  holds.    This  presumes  that  when  the client sends a
        DHCPREQUEST, it has forgotten any lease not mentioned in the  DHCPRE-
        QUEST  -  i.e., the client has only a single network interface and it
        does not remember leases it's holding on networks to which it is  not
        currently  attached.   Neither of these assumptions are guaranteed or
        provable, so we urge caution in the use of this statement.
      The pid-file-name statement
        pid-file-name name;
        Name should be the name of the DHCP server's process ID file.    This
        is  the file in which the DHCP server's process ID is stored when the
        server starts.   By default, this  is  RUNDIR/dhcpd.pid.    Like  the
        lease-file-name  statement,  this  statement must appear in the outer
        scope of the configuration file.  It has no effect if  overridden  by
        the -pf flag or the PATH_DHCPD_PID environment variable.
        The dhcpv6-pid-file-name statement
           dhcpv6-pid-file-name name;
           Name  is the name of the pid file to use if and only if the server
           is running in DHCPv6 mode.  By default, this is  DBDIR/dhcpd6.pid.
           This statement, like pid-file-name, must appear in the outer scope
           of the configuration file.  It has no effect if overridden by  the
           -pf   flag   or  the  PATH_DHCPD6_PID  environment  variable.   If
           dhcpv6-pid-file-name is not specified, but pid-file-name  is,  the
           latter value will be used.
        The ping-check statement
           ping-check flag;
           When  the  DHCP server is considering dynamically allocating an IP
           address to a client, it first sends an ICMP Echo request (a  ping)
           to  the address being assigned.   It waits for a second, and if no
           ICMP Echo response has been heard, it assigns the address.   If  a
           response is heard, the lease is abandoned, and the server does not
           respond to the client.
           This ping check introduces a default one-second delay in  respond-
           ing  to  DHCPDISCOVER  messages,  which  can be a problem for some
           clients.   The default delay of one second may be configured using
           the  ping-timeout parameter.  The ping-check configuration parame-
           ter can be used to control checking - if its value  is  false,  no
           ping check is done.
        The ping-timeout statement
           ping-timeout seconds;
           If  the DHCP server determined it should send an ICMP echo request
           (a ping) because the ping-check statement  is  true,  ping-timeout
           allows  you  to  configure how many seconds the DHCP server should
           wait for an ICMP Echo response  to  be  heard,  if  no  ICMP  Echo
           response  has been received before the timeout expires, it assigns
           the address.  If a response is heard, the lease is abandoned,  and
           the  server  does  not respond to the client.  If no value is set,
           ping-timeout defaults to 1 second.
        The preferred-lifetime statement
           preferred-lifetime seconds;
           IPv6 addresses have 'valid' and 'preferred' lifetimes.  The  valid
           lifetime  determines  at what point at lease might be said to have
           expired, and is no longer useable.  A  preferred  lifetime  is  an
           advisory  condition  to  help applications move off of the address
           and onto currently valid addresses (should there still be any open
           TCP sockets or similar).
           The preferred lifetime defaults to the renew+rebind timers, or 3/4
           the default lease time if none were specified.
        The remote-port statement
           remote-port port;
           This statement causes the DHCP server to transmit  DHCP  responses
           to  DHCP  clients upon the UDP port specified in port, rather than
           on port 68.  In the event that the UDP response is transmitted  to
           a  DHCP Relay, the server generally uses the local-port configura-
           tion value.  Should the DHCP  Relay  happen  to  be  addressed  as
           127.0.0.1,  however, the DHCP Server transmits its response to the
           remote-port configuration value.  This is  generally  only  useful
           for  testing  purposes, and this configuration value should gener-
           ally not be used.
        The server-identifier statement
           server-identifier hostname;
           The server-identifier statement can be used to  define  the  value
           that  is  sent  in  the  DHCP Server Identifier option for a given
           scope.   The value specified must be an IP address  for  the  DHCP
           server,  and must be reachable by all clients served by a particu-
           lar scope.
           The use of the server-identifier statement is  not  recommended  -
           the  only  reason  to  use  it  is to force a value other than the
           default value to be sent on  occasions  where  the  default  value
           would  be  incorrect.    The default value is the first IP address
           associated with  the  physical  network  interface  on  which  the
           request arrived.
           The  usual  case where the server-identifier statement needs to be
           sent is when a physical interface has more than  one  IP  address,
           and  the  one  being sent by default isn't appropriate for some or
           all clients served by that interface.  Another common case is when
           an  alias  is  defined  for  the purpose of having a consistent IP
           address for the DHCP server, and it is desired  that  the  clients
           use this IP address when contacting the server.
           Supplying a value for the dhcp-server-identifier option is equiva-
           lent to using the server-identifier statement.
        The server-duid statement
           server-duid LLT [ hardware-type timestamp hardware-address ] ;
           server-duid EN enterprise-number enterprise-identifier ;
           server-duid LL [ hardware-type hardware-address ] ;
           The server-duid statement configures the server DUID. You may pick
           either  LLT (link local address plus time), EN (enterprise), or LL
           (link local).
           If you choose LLT or LL, you may specify the exact contents of the
           DUID.   Otherwise the server will generate a DUID of the specified
           type.
           If you choose EN, you must include the enterprise number  and  the
           enterprise-identifier.
           The default server-duid type is LLT.
        The server-name statement
           server-name name ;
           The  server-name statement can be used to inform the client of the
           name of the server from which it is booting.   Name should be  the
           name that will be provided to the client.
        The site-option-space statement
           site-option-space name ;
           The site-option-space statement can be used to determine from what
           option space site-local options will be taken.   This can be  used
           in  much the same way as the vendor-option-space statement.  Site-
           local options in DHCP are those options whose  numeric  codes  are
           greater  than  224.   These options are intended for site-specific
           uses, but are frequently used by vendors of embedded hardware that
           contains  DHCP  clients.   Because site-specific options are allo-
           cated on an ad hoc basis, it is quite possible that  one  vendor's
           DHCP  client  might use the same option code that another vendor's
           client  uses,  for  different  purposes.    The  site-option-space
           option  can  be  used  to  assign a different set of site-specific
           options for each such vendor, using  conditional  evaluation  (see
           dhcp-eval (5) for details).
        The stash-agent-options statement
           stash-agent-options flag;
           If  the  stash-agent-options parameter is true for a given client,
           the server will record the relay agent  information  options  sent
           during  the  client's  initial DHCPREQUEST message when the client
           was in the SELECTING state and behave  as  if  those  options  are
           included in all subsequent DHCPREQUEST messages sent in the RENEW-
           ING state.   This works around a problem with relay agent informa-
           tion options, which is that they usually not appear in DHCPREQUEST
           messages sent by the client in the RENEWING  state,  because  such
           messages are unicast directly to the server and not sent through a
           relay agent.
        The update-conflict-detection statement
           update-conflict-detection flag;
           If the update-conflict-detection parameter  is  true,  the  server
           will  perform  standard  DHCID  multiple-client, one-name conflict
           detection.  If the parameter has been set false, the  server  will
           skip this check and instead simply tear down any previous bindings
           to install the new binding without question.  The default is true.
        The update-optimization statement
           update-optimization flag;
           If  the update-optimization parameter is false for a given client,
           the server will attempt a DNS update for that client each time the
           client  renews  its  lease,  rather than only attempting an update
           when it appears to be necessary.   This will allow the DNS to heal
           from  database  inconsistencies  more easily, but the cost is that
           the DHCP server must do many  more  DNS  updates.    We  recommend
           leaving  this  option  enabled, which is the default.  This option
           only affects the behavior of the interim DNS  update  scheme,  and
           has no effect on the ad-hoc DNS update scheme.   If this parameter
           is not specified, or is true, the DHCP  server  will  only  update
           when  the  client information changes, the client gets a different
           lease, or the client's lease expires.
        The update-static-leases statement
           update-static-leases flag;
           The update-static-leases flag, if enabled, causes the DHCP  server
           to  do  DNS  updates  for  clients even if those clients are being
           assigned their IP address using a fixed-address statement  -  that
           is, the client is being given a static assignment.   This can only
           work with the interim DNS update scheme.   It is  not  recommended
           because  the  DHCP  server  has no way to tell that the update has
           been done, and therefore will not delete the record when it is not
           in  use.    Also, the server must attempt the update each time the
           client renews its lease, which could have  a  significant  perfor-
           mance  impact in environments that place heavy demands on the DHCP
           server.
        The use-host-decl-names statement
           use-host-decl-names flag;
           If the use-host-decl-names parameter is true  in  a  given  scope,
           then  for  every host declaration within that scope, the name pro-
           vided for the host declaration will be supplied to the  client  as
           its hostname.   So, for example,
               group {
                 use-host-decl-names on;
                 host joe {
                   hardware ethernet 08:00:2b:4c:29:32;
                   fixed-address joe.fugue.com;
                 }
               }
           is equivalent to
                 host joe {
                   hardware ethernet 08:00:2b:4c:29:32;
                   fixed-address joe.fugue.com;
                   option host-name "joe";
                 }
           An option host-name statement within a host declaration will over-
           ride the use of the name in the host declaration.
           It should be noted here that most DHCP clients  completely  ignore
           the  host-name option sent by the DHCP server, and there is no way
           to configure them not to do this.   So you generally have a choice
           of  either  not  having  any hostname to client IP address mapping
           that the client will recognize, or  doing  DNS  updates.    It  is
           beyond  the  scope  of  this document to describe how to make this
           determination.
        The use-lease-addr-for-default-route statement
           use-lease-addr-for-default-route flag;
           If the use-lease-addr-for-default-route parameter  is  true  in  a
           given  scope,  then  instead of sending the value specified in the
           routers option (or sending no value at all), the IP address of the
           lease  being  assigned  is  sent  to the client.   This supposedly
           causes Win95 machines to ARP for all IP addresses,  which  can  be
           helpful  if  your router is configured for proxy ARP.   The use of
           this feature is not recommended, because it won't  work  for  many
           DHCP clients.
        The vendor-option-space statement
           vendor-option-space string;
           The  vendor-option-space  parameter  determines  from  what option
           space vendor options are taken.   The use  of  this  configuration
           parameter  is  illustrated  in the dhcp-options(5) manual page, in
           the VENDOR ENCAPSULATED OPTIONS section.

[править] SETTING PARAMETER VALUES USING EXPRESSIONS

      Sometimes it's helpful to be able to set the value  of  a  DHCP  server
      parameter  based  on some value that the client has sent.   To do this,
      you can use  expression  evaluation.    The  dhcp-eval(5)  manual  page
      describes how to write expressions.   To assign the result of an evalu-
      ation to an option, define the option as follows:
        my-parameter = expression ;
      For example:
        ddns-hostname = binary-to-ascii (16, 8, "-",
                                         substring (hardware, 1, 6));

[править] RESERVED LEASES

      It's often useful to allocate a single address to a single  client,  in
      approximate  perpetuity.   Host  statements  with fixed-address clauses
      exist to a certain extent to  serve  this  purpose,  but  because  host
      statements  are  intended  to  approximate 'static configuration', they
      suffer from not being referenced in a littany of other Server Services,
      such as dynamic DNS, failover, 'on events' and so forth.
      If  a  standard  dynamic  lease, as from any range statement, is marked
      'reserved', then the server will only allocate this lease to the client
      it is identified by (be that by client identifier or hardware address).
      In practice, this means that the lease follows the normal state engine,
      enters  ACTIVE  state  when  the  client is bound to it, expires, or is
      released, and any events or services that would  normally  be  supplied
      during  these  events are processed normally, as with any other dynamic
      lease.  The only difference is that  failover  servers  treat  reserved
      leases  as  special  when  they  enter the FREE or BACKUP states - each
      server applies the lease into the state it may allocate from - and  the
      leases  are  not  placed  on the queue for allocation to other clients.
      Instead they may only be 'found' by client  identity.   The  result  is
      that the lease is only offered to the returning client.
      Care  should  probably  be taken to ensure that the client only has one
      lease within a given subnet that it is identified by.
      Leases may be set 'reserved'  either  through  OMAPI,  or  through  the
      'infinite-is-reserved'  configuration  option (if this is applicable to
      your environment and mixture of clients).
      It should also be noted that leases marked 'reserved'  are  effectively
      treated the same as leases marked 'bootp'.

[править] REFERENCE: OPTION STATEMENTS

      DHCP  option  statements  are  documented in the dhcp-options(5) manual
      page.

[править] REFERENCE: EXPRESSIONS

      Expressions used in DHCP option statements and elsewhere are documented
      in the dhcp-eval(5) manual page.

[править] SEE ALSO

      dhcpd(8),   dhcpd.leases(5),  dhcp-options(5),  dhcp-eval(5),  RFC2132,
      RFC2131.

[править] AUTHOR

dhcpd.conf(5) was written by Ted Lemon under a contract with Vixie Labs. Funding for this project was provided by Internet Systems Consortium. Information about Internet Systems Consortium can be found at https://www.isc.org.


                                                                dhcpd.conf(5)