Section 7.2. Configuring a DHCP Server

7.2. Configuring a DHCP Server

Dynamic Host Configuration Protocol (DHCP) is used to automatically send basic configuration data to computers and network devices. This centralizes network configuration control so that a change in the network layoutsuch as adding a nameserver or a gateway, or renumbering the networkdoes not require a visit to every computer in the network. DHCP also provides a convenient method of supplying network configuration information to visiting computers, such as the laptop of a visiting colleague.

When a DHCP client system boots, it effectively shouts a broadcast message to the network: "Does anyone know who I am?" The DHCP server replies, "I know you, you're..." and then proceeds to tell the client its IP address and some combination of other network configuration information, possibly including a hostname, nameserver, timeserver, gateway, and default domain. The information sent by the DHCP server is called a lease and is only valid for a set length of time. The client can renew the lease when it expires, in which case it can keep its identity, or, if it disappears from the network and fails to renew the lease, the IP address can be recycled by the DHCP server and assigned to another host.

Most home and small networks are connected to the Internet by a router or gateway device that includes DHCP service capability. However, you may prefer to use the Fedora DHCP server instead because it gives you more configuration options and control over the network configuration.

7.2.1. How Do I Do That?

Before you set up a DHCP server for your network, you must design the network layout that you wish to use.

Private networksones that will not be connected to the Internet, or that will be connected through a router or gateway that performs network address translation (NAT), or masqueradingwill use one of the private network ranges defined in RFC 1918, shown in Table 7-1.

Most small networks use one of the class C networks that start with the 192.168 prefix, yielding 256 addresses. Because two addresses are reserved for broadcast and network messages, that leaves 254 addresses for computers and network devices (such as printers), which is plenty for most homes and small businesses.

DHCP can assign any combination of two address types:

static

Addresses that are always assigned to a specific computer or network device and never change. Even though these do not change, they are still communicated to the device using the DHCP protocol. Static addresses should be used for any host that other users will need to connect to, such as a web server or printer.

dynamic

Addresses assigned from a pool on a first-come, first-serve basis. Dynamic addresses are appropriate for computers, such as desktop systems, which will be connecting to remote hosts but will never (or rarely) be a destination for network connections.

Table 7-2 shows a possible network configuration for a home or small office network that will use the network prefix 192.168.1. In this example, available addresses have been divided into four ranges, one each for servers, network devices, desktop and laptop systems, and network infrastructure.

DHCP is configured through the text file /etc/dhcpd.conf, which contains configuration statements and comments. Configuration statements are case-insensitive and are separated by semicolons (;)whitespace doesn't matter. Some statements create blocks, delimited with curly braces ({}), that contain other statements. Comments start with # and continue to the end of the line.

The dhcpd.conf file starts out with global statements; only one is required:

ddns-update-style none;

This prevents the DHCP server from attempting to update records on the DNS server (which is prohibited by Fedora's default SELinux configuration).

The rest of the configuration statements are placed in a block as part of a subnet statement:

subnet 192.168.1.0 netmask 255.255.255.0 { # Statements that apply only to this subnet... }

These are the most commonly used configuration statements:

option routers 192.168.1.254

The default gateway. Packets destined for a host that is not in your local network are sent to this gateway for forwarding.

option subnet-mask 255.255.255.0

The subnet mask, which is used to determine whether an IP address is on the local network (which determines routing).

option domain-name-servers 192.168.1.1

Nameservers for this subnet (they may be in the subnet, or they may be external). If there is more than one, list them all, separating the IP addresses or hostnames with commas.

option domain-name " fedorabook.com "

The domain name for machines on this subnet. This is used as the default domain for hostname lookup, so that if a user types a command such as telnet server42, the hostname will be looked up (using a nameserver) as server42.fedorabook.com.

option time-offset -21600

The difference (in seconds) between the local time zone and Coordinated Universal Time (UTC). -21600 indicates a time zone that is six hours behind Greenwich, England (Eastern Standard Time in North America).

option ntp-servers pool.ntp.org

The hostnames or addresses of any available network time protocol servers. The hostname pool.ntp.org accesses a server randomly drawn from a pool of publicly accessible timeservers. You can prepend your ISO country code to select only timeservers in your country; for example, ca.pool.ntp.org would randomly select a Canadian timeserver.

range 192.168.1.128 192.168.1.191

The range of address from which dynamic IP addresses will be assigned.

default-lease-time 86400

The normal lease time in seconds. 86,400 seconds corresponds to one day.

max-lease-time 172800

The maximum lease time, in case the client requests a lease that is longer than the default.

To configure static hosts, statements are placed in the block of a host statement:

host hostname { # Statements that apply only to this host... }

These are the statements that are most commonly used in a host block:

hardware ethernet aa:bb:cc:dd:ee:ff

Determines which Ethernet hardware MAC address will match this host block. This block will be selected if the hostname sent by the DHCP client matches the hostname in the host statement, or if the client's Ethernet card has the same MAC address as the hardware statement.

fixed-address 192.168.1.1

Specifies the static address for this host.

To configure a network that uses the layout shown in Table 7-2, where the devices have the MAC addresses shown in Table 7-3, you would write this /etc/dhcpd.conf file:

# Sample /etc/dhcpd.conf file # Don't update DNS ddns-update-style none; # The local network is 192.168.1.X subnet 192.168.1.0 netmask 255.255.255.0 {     option routers                192.168.1.254;        # Default gateway     option subnet-mask            255.255.255.0;        # Client netmask     option domain-name            "fedorabook.com";     # Domain     option domain-name-servers    172.16.97.1;          # Nameserver is .1     option time-offset            -21600;               # Eastern Standard Time     option ntp-servers            pool.ntp.org;         # Timeservers     default-lease-time             86400;             # 1 day     max-lease-time                 172800;            # 2 days     # Dynamic configuration     range 192.168.1.128 192.168.1.191     # Static configuration for various hosts     host prime {              hardware ethernet 00:0c:0d:99:99:99 ;         fixed-address 192.168.1.1 ;     }     host cabinet {              hardware ethernet 00:0c:0d:aa:aa:aa ;         fixed-address 192.168.1.2 ;     }     host chatterbox {              hardware ethernet 00:0c:0d:bb:bb:bb ;         fixed-address 192.168.1.3 ;     }     host laser1 {              hardware ethernet 00:0c:0d:cc:cc:cc ;         fixed-address 192.168.1.64 ;     }     host multifunction1 {              hardware ethernet 00:0c:0d:dd:dd:dd ;         fixed-address 192.168.1.65 ;     }     host webcam1 {              hardware ethernet 00:0c:0d:ee:ee:ee ;         fixed-address 192.168.1.66 ;     }     host gateway1 {              hardware ethernet 00:0c:0d:ff:ff:ff ;         fixed-address 192.168.1.254 ;     } }

00:0c:0d:99:99:99

00:0c:0d:aa:aa:aa

00:0c:0d:bb:bb:bb

00:0c:0d:cc:cc:cc

00:0c:0d:dd:dd:dd

00:0c:0d:ee:ee:ee

Once your configuration has been saved in /etc/dhcpd.conf, restart dhcpd to activate it using the Services graphical tool or this command:

# service dhcpd restart             

If there are errors in your configuration file, dhcpd may not start. Check the end of the file /var/log/messages to see if there are any error messages:

# tail -50 /var/log/messages|less

If there are no error messages, clients can begin using the dhcpd server to obtain their IP addresses.

You will need to open port 68 UDP in your firewall configuration in order to permit clients to reach dhcpd. You should also verify that no other DHCP servers are running on your network (check router and gateway appliances in addition to computers).

If configured to obtain IP information through DHCP, the client systems will contact the DHCP server when they are booted. You can also force them to contact the DHCP server at any time:

• On a Fedora Core 4 or later system, use dhclient to configure an Ethernet port using DHCP:

• # dhclient eth0

  
  

• In this case, the port being configured is eth0, the first Ethernet connection. On other Linux systems, you may need to use dhcpcd or pump in place of dhclient.

• On a Windows system, you can use ipconfig to obtain or renew a DHCP lease:

• C:> ipconfig /renew Windows IP Configuration Ethernet adapter 1:        Connection-specific DNS Suffix  . : fedorabook.com        IP Address. . . . . . . . . . . . : 192.168.1.207        Subnet Mark . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.1.254

  
  

7.2.2. How Does It Work?

Table 7-4 shows the sequence of messages that flow between a DHCP client and a DHCP server during initial negotiation and during lease renewal.

Early DHCP messages are sent using UDP to the broadcast address 255.255.255.255. This is necessary because the client does not have an IP address at the start of the negotiation.

dhcpd stores lease information in the file /var/lib/dhcpd/dhcpd.leases so that if it is stopped and restarted, it still has an idea of what leases are outstanding. In a similar way, dhclient stores its lease information in /var/lib/dhcp/dhclient-<eth0>.leases (where <eth0> is the interface name).

7.2.3. What About...

7.2.3.1. ...older clients that use the bootp protocol?

The DHCP server, dhcpd, can also manage clients that use the Bootstrap Protocol (BOOTP). However, BOOTP does not use leases, so once an IP address is assigned, it stays assigned even if the computer using that address is removed from the network. IP assignments from an address pool are therefore called automatic assignments instead of dynamic assignments.

To enable dhcpd to assign BOOTP addresses, add the dynamic-bootp option to the range statement in /etc/dhcpd.conf:

range dynamic-bootp 192.168.1.128 192.168.1.191

7.2.4. Where Can I Learn More?

• The manpages for dhcpd, dhcpd.conf, dhclient, and dhclient.conf

• The standard that defines DHCP: RFC 2131, http://www.ietf.org/rfc/rfc2131.txt