FreeBSD Manual Pages
5 stars based on
Want to link to this manual page? Skip site navigation 1 Skip section navigation 2 Header And Logo. It is parsed by the recursive-descent parser built into dhcpd.
The file may contain extra tabs and newlines for formatting purposes. Keywords in the file are case-insensitive. Comments may be placed anywhere within the file except within quotes. Comments begin with the character and end at the end of the line. The file essentially consists of a list of statements. Statements fall into two broad categories - parameters and declarations. Parameter statements either say how to do something e.
Declarations are used to describe the topology of the network, to describe clients on the network, to provide addresses that can be assigned to clients, or to apply a group of parameters to a group of declarations. In any group of parameters and declarations, all param- eters must be specified before any declarations which depend on those parameters may be specified.
Declarations about network topology include the option definitions may not be scoped dhcp and the subnet declarations. If clients on a subnet are to be assigned addresses dynamically, a range declaration must appear within the sub- net declaration. For clients with statically assigned addresses, or for installations where only known clients will be served, each such client must have a host declaration.
If parameters are to be applied to a group of declarations which are not related strictly on a per-sub- net basis, the group declaration can be used. For every subnet which will be served, and for every subnet to which the dhcp server is connected, there must be one subnet declaration, which tells dhcpd how to recognize that an address is on that subnet.
A subnet declaration is required for each subnet even if no addresses will be option definitions may not be scoped dhcp allocated on that subnet. Some installations have physical networks on which more than one IP subnet operates. For example, if there is a site-wide requirement that 8-bit subnet masks be used, but a department with a single physi- cal ethernet network expands to the point where it has more than nodes, it may be necessary to run two 8-bit subnets on the same ether- net until such time as a new physical network can be added.
In this case, the subnet declarations for these two networks must be enclosed in a shared-network declaration. Note that even when the shared-network declaration is absent, an empty one is created by the server to contain the subnet and any scoped parameters included in the subnet.
For practical purposes, this means that "stateless" DHCP clients, which are not tied to addresses and therefore subnets will receive the same configuration as stateful ones.
Some sites may have departments which have clients on more than one subnet, but it may be desirable to offer those clients a uniform set of parameters which are different than what would be offered to clients from other departments on the same subnet. For clients which will be declared explicitly with host declarations, these declarations can be enclosed in a group declaration along with the parameters which are common to that department.
For clients whose addresses will be dynam- ically assigned, class declarations and conditional declarations may be used to group parameter assignments based on information the client sends. When a client is to option definitions may not be scoped dhcp booted, its boot parameters are determined by consulting that client's host declaration if anyand then consulting any class declarations matching the client, followed by the poolsub- net and shared-network declarations for option definitions may not be scoped dhcp IP address assigned to the client.
Each of these declarations itself appears within a lexical scope, and all declarations at less specific lexical scopes are also consulted for client option declarations. Scopes are never considered twice, and if parameters are declared in more than one scope, the parameter option definitions may not be scoped dhcp in the most specific scope is the one that is used.
When dhcpd tries to find a host declaration for a client, it first looks for a host declaration which has a fixed-address declaration that lists an IP address that is valid for the subnet or shared network on which the client is booting. If it doesn't find any such entry, it tries to find an entry which has no fixed-address declaration.
These might be things like the organization's domain name, the addresses of the name servers if they are common to the entire organizationand so on. If a given hostname resolves to more than one IP address for example, if that host has two ethernet interfacesthen where possible, both addresses are supplied to the client. The most obvious reason for having subnet-specific parameters as shown in Figure 1 is that each subnet, of necessity, has its own router. So for the first subnet, for example, there should be something like: This is not required - if you have a different domain name for each interface on your router, it's perfectly legitimate to use the domain name for that interface instead of the numeric address.
However, in many cases there may be only one domain name for all of a router's IP addresses, and it would not be appropriate to use that name here. In Figure 1 there is also a group statement, which provides common parameters for a set of three hosts - zappo, beppo and harpo.
As you can see, these hosts are all in the test. If we wanted to test the DHCP leasing mechanism, we might set the lease timeout somewhat shorter than the default: Parameters starting with the option keyword correspond to actual DHCP options, while parameters that do not start with the option keyword either control the behavior of the DHCP server e. In Figure 1, each host had host-specific parameters. These could include such things as option definitions may not be scoped dhcp hostname option, the name of a file to upload the filename parameter and the address of the server from which to upload the file the next-server parameter.
In general, any parameter can appear anywhere that parameters are allowed, and will be applied according to the scope in which the parameter appears. These terminals come in a option definitions may not be scoped dhcp of models, and you want to specify the boot files for each model. One way to do this would be to have host decla- rations for each server and group them by model: For example, you may want to provide a large set of addresses that can be assigned to DHCP clients that are registered to your DHCP server, while providing a smaller set of addresses, possibly with short lease times, that are available for unknown clients.
If you have a firewall, you may be able to arrange for addresses from one pool to be allowed access to the Internet, while addresses in another pool are not, thus encouraging users to register their DHCP clients. To do this, you would set up a pair of pool dec- larations: As you can see in the preceding example, pools can have permit lists that control which clients are allowed access to the pool and which aren't. Each entry in a pool's permit list is introduced with the allow or deny keyword.
If a pool has a permit list, then only those clients that match specific entries on the permit list will be eligible to be assigned addresses from the pool.
If a pool has a deny list, then only those clients that do not match any entries on the deny list will be eligible. If both permit and deny lists exist for a pool, then only clients that match option definitions may not be scoped dhcp permit list and do not match the deny list will be allowed access.
If the server knows nothing about the address, it will remain silent, unless the address is incor- rect for the network segment to which the client has been attached and the server is authoritative for that network segment, in which case the server will send a DHCPNAK even though it doesn't know about the address.
There may be a host declaration matching the client's identification. If that host declaration contains a fixed-address declaration that lists an IP address that is valid for the network segment to which the client is connected. In this case, the DHCP server will never do dynamic address allocation. In this case, the client is required to take the address specified in the host declaration.
In that case, the server will take that address and check it to see if the client is still permitted to use it. If no existing lease is found, or if the client is forbidden to receive the existing lease, then the server will look in the list of address pools for the network segment to which the client is attached for a lease that is not in use and that the client is permitted to have.
It looks through each pool declaration in sequence all range declarations that appear outside of pool declarations are grouped into a single pool with no permit list. If the permit list for the pool allows the client to be allocated an address from that pool, the pool is examined to see if there is an address available. If so, then the client is tentatively assigned that address. Otherwise, the next pool is tested. If no addresses are found that can be assigned to the client, no response is sent to the client.
If an address is found that the client is permitted to have, and that has never been assigned to any client before, the address is immedi- ately allocated to the client. If the address is available option definitions may not be scoped dhcp allo- cation but has been previously assigned to a different client, the server will keep looking in hopes of finding an address that has never before been assigned to a client.
This means that the addresses are not sorted in any par- ticular order, and so it is not possible to predict the order in which the DHCP server will allocate IP addresses. This is only done for leases that have option definitions may not be scoped dhcp specified in range state- ments, and only when the lease is thought by the DHCP server to be free - i. It marks the address as abandoned, and will not assign it to clients. This is not a final protocol document, and we have not done interoperability testing with other vendors' implementations of this protocol, so you must not assume that this implementation conforms to the standard.
The failover protocol allows two DHCP servers and no more than two to share a common address pool. Each server will have about half of the available IP addresses in the pool option definitions may not be scoped dhcp any given time for allocation. If one server fails, the other server will continue to renew leases out of the pool, and will allocate new addresses out of the roughly half of available addresses that it had when communications with the other server were lost.
It is possible during a prolonged failure to tell the remaining server that the other server is down, in which case the remaining server will over time reclaim all the addresses the other server had available for allocation, and begin to reuse them. You can put the server into the PARTNER-DOWN state either by using the omshell 1 command or by stopping the server, editing the last failover state declaration in the lease file, and restarting the server.
If you use this last method, change the "my state" line to: When the other server comes back online, it should automatically detect that it has been offline and request a complete update from the server that was running in the PARTNER-DOWN state, and then both servers will resume processing together. It is possible to get into a dangerous situation: The failover protocol defines a primary server role and a secondary server role.
There are some differences in how primaries and secon- daries act, but most of the differences simply have to do with provid- ing a way for each peer to behave in the opposite way from the other. So one server must be configured as primary, and the other must option definitions may not be scoped dhcp con- figured as secondary, and it doesn't matter too much which one is which.
This can happen either because you have just configured your DHCP servers to perform failover for the first time, or because one of your failover servers has option definitions may not be scoped dhcp catastrophically and lost its database. The initial recovery process is designed to ensure that when one failover peer loses its database and then resynchronizes, any leases that the failed server gave out before it failed will be honored. When the failed server starts up, it notices that it has no saved failover state, and attempts to contact its peer.
When it has established contact, it asks the peer for a complete copy its peer's lease database. The peer then sends its complete database, and sends a message indicating that it is done. This waiting period ensures that any leases the failed server may have given out while out of con- tact with its partner will have expired. While the failed server is recovering, its partner remains in the part- ner-down state, which means that it is serving all clients.
The failed server provides no service at all to DHCP clients until it has made the transition into normal operation. In the case where both servers detect that they have never before com- municated with their partner, they both come up in this recovery state and follow the procedure we have just described.
You option definitions may not be scoped dhcp not have to do failover for all pools on a given network seg- ment. You must not tell one server it's doing failover on option definitions may not be scoped dhcp particu- lar address pool and tell the other it is not. You must not have any common address pools on which you are not doing failover.
A pool dec- laration that utilizes failover would look like this: I would recommend therefore that you either do failover or don't do failover, but don't do any mixed pools. Also, use the same master configuration file for both servers, and have a separate file that contains the peer declaration and includes the master file.
This will help you to avoid configuration mismatches.