In Section 5.2, we considered the process of configuring a client system to obtain an IP address from a DHCP server. In this section, we complete the picture by discussing DHCP server configuration and management. DHCP servers vary quite a bit from system to system, but the basic concepts that apply to all of them do not. We'll consider these concepts before diving into the specifics of server configuration on the various Unix systems. DHCP servers draw the IP addresses that they provide from lists of addresses that they have been given to manage. These lists are known as scopes. Unix DHCP servers can manage one or more scopes. For example, suppose we have a network of two subnets, 10.10.1.0/24 and 10.10.20.0/24, and we place a DHCP server on each one. We want to use 101 IP addresses from each subnet for dynamic assignment, hosts 100 through 200. We might divide up the addresses this way:
Each server is assigned part of the address range for eachsubnet. When a client requests an IP address, the DHCP server always assigns one from the appropriate subnet (if none is available, the request fails). Splitting the addresses this way provides for some fault tolerance. If either server goes down, a DHCP relay (see below) can be set up temporarily on its subnet pointing to the other server, and IP address assignment will still take place. Within a scope, certain IP addresses can be excluded, meaning that they are permanently unavailable for assignment (perhaps some server is using one as its static IP address). In addition, certain addresses can be reserved for specific hosts, identified by their MAC address (for example, for a laptop that you want to have the same IP address whenever it is connected to a specific subnet but still changes IP addresses as it moves around). When possible, we'll be excluding the address 10.10.1.125 and reserving the address 10.10.1.105 in our configuration examples (both in subnet 1). Since DHCP operates by broadcasting (see Section 5.2), requests generally only reach a DHCP server on the local subnet. I recommend placing a DHCP server on every subnet, but this is not always feasible. When it is not, DHCP clients can still receive address assignment from a server on another subnet via a DHCP relay server. This server forwards DHCP requests from the local subnet to a designated DHCP server.
Table 8-9 summarizes the DHCP server facilities on the various operating systems we are considering. The remaining parts of this section will discuss DHCP configuration for each operating system.
8.3.1 AIXTheAIX DHCP server is dhcpsd. It is configured via the /etc/dhcpsd.cnf configuration file. Here is a configuration file that I've annotated: logFileName /var/log/dhcp/dhcpsd.log logFileSize 1000 Use four 1000K log files in rotation. numLogFiles 4 logItem SYSERR Items to log: system, object and protocol errors, logItem OBJERR and all warnings. Other choices include: logItem PROTERR EVENT (that occurred), ACTION (taken), INFO logItem WARNING (misc. information), ACNTING (play-by-play). leaseTimeDefault 240 minute Default lease time. supportBOOTP No Don't support remote booting. supportUnlistedClients Yes Accept requests from any client. network 10.10.0.0 24 Our network address and length. { subnet 10.10.1.0 10.10.1.100-10.10.1.175 Address range to assign. { client 1 aa:bb:cc:dd:ee:ff 10.10.1.105 Reservation. { option 51 36000 Longer lease time for this client. } client 0 0 10.10.1.125 Address exclusion. option 3 10.10.1.5 Subnet-specific option (default gateways). option 28 10.10.1.255 Broadcast address. } subnet 10.10.20.0 10.10.20.176-10.10.20.200 Address range to assign. { option 3 10.10.20.88 Default gateways for this subnet. option 48 10.10.20.45 X font server. option 28 10.10.20.255 Broadcast address. } option 15 zoas.org Global options: domain option 1 255.255.255.0 Netmask } # Dynamic DNS update commands updateDNS "/usr/sbin/dhcpaction '%s' '%s' '%s' '%s' BOTH NONIM >>/tmp/updns.out 2>&1 " removeDNS "/usr/sbin/dhcpremove '%s' BOTH NONIM >>/tmp/rmdns.out 2>&1 " The subnet statements contain the actual IP address ranges to be assigned by this server. As this file illustrates, AIX uses standardDHCP option numbers to identify options; see the manual page for DHCP_Server (section 4) for translations. Dynamic DNS updates are triggered when the updateDNS and removeDNS statements are included within the configuration file. Each of them defines the command to use to perform the corresponding update operations. I don't modify these from the settings provided in the delivered configuration file. The DNS server must also be running on the local system. AIX also provides some tools for managing DHCP server configuration and operation. The dhcpsconf command starts a GUI tool that can be used to create a configuration file and to also to manage the DHCP server. It is illustrated in Figure 8-2. Figure 8-2. The AIX DHCP server configuration utilityThe main window has three main areas: Option List (list of available DHCP options), Key List (main statement types to add to the configuration file), and DHCP Server File (illustrates the structure of the file so far). You begin a new configuration file by adding a network (select it in the Key List area and then click Add), and then at least one subnet beneath it. In general, the current selection is placed in a position immediately subordinate to whatever is selected in the right-hand pane. Adding an option when the network is selected makes it a global option for that network, while doing the same thing when a subnet or client is selected limits the option's scope to that entity. In the figure, we are in the process of adding the X font server option to subnet 2. You use the Server Server Defaults menu path to specify global options and other server characteristics. The items on the Operations menu control the DHCP server process, and they can be used to Start it, Stop it, obtain its Status, or have it reread its configuration file (Refresh). AIX also provides the dadmin command for querying a DHCP server. For example, the following command queries the DHCP server on kumquat, asking about the status of the specified IP address: # dadmin -h kumquat -q 192.168.44.23 PLEASE WAIT....Gathering Information From the Server.... IP Address Status Lease Time Start Time Last Leased Proxy ... 10.10.20.180 Free This IP address is not currently in use. The AIX DHCP relay server is dhcprs, and its configuration file is /etc/dhcprs.cnf . Here is an example: Log file directives as for the DHCP server server 10.10.30.1 The server statement is the most important in the file, and it specifies which remote DHCP server to forward requests to. 8.3.2 ISC DHCP: FreeBSD and LinuxThe open source operating systems all use the DHCP implementation from the Internet Software Consortium (see http://www.isc.org). The DHCP server is dhcpd. It uses the configuration file /etc/dhcpd.conf . Here is an example version illustrating its features: default-lease-time 14400; Global options. option subnet-mask 255.255.255.0; option domain zoas.org; subnet 10.10.1.0 netmask 255.255.255.0 { range 10.10.1.100 10.10.1.104; IP addresses available for assignment. range 10.10.1.106 10.10.1.124; range 10.10.1.126 10.10.1.175; option routers 10.10.1.5; Options sent to these clients. option broadcast-address 10.10.1.255; } subnet 10.10.20.0 netmask 255.255.255.0 { range 10.10.20.176 10.10.20.200; Another address range. option routers 10.10.20.88; Options for these clients. option broadcast-address 10.10.20.255; option font-servers 10.10.20.45; } host special { A reservation. hardware ethernet aa:bb:cc:dd:ee:ff; fixed-address 10.10.1.105; default-lease-time 36000; Longer lease time for this host. } This configuration file is very easy to understand. Note that we had to specify exclusions by defining multiple ranges for the 10.10.1.0 subnet (although being able to have more than one range is also a point in this DHCP server's favor). Fixed IP addresses can also be assigned based on the client ID, which is defined in the client's configuration. This can be useful, for example, when a company has a pool of wireless cards that staff members borrow. Some of them use the client ID option to ensure they get the same address regardless of which card they happen to have borrowed. Include the following option within the host configuration to accomplish this: option dhcp-client-identifier string; The corresponding client configuration file entry is: send dhcp-client-identifier string; Before you can run the ISC DHCP server for the first time, you must create its lease file using this command: # touch /var/lib/dhcp/dhcpd.leases The file must exist before the server will start. The server also creates a backup file in the same location, named dhcpd.leases~, which is used while updating the lease file. If this process should ever crash and leave the system without a leases file, you must copy the backup file to the normal filename before restarting the DHCP server. Otherwise, duplicate leases will quickly abound on the affected subnets, and you'll have no end of fun cleaning the mess up. There is also a DHCP relay server from the ISC, dhcrelay. It requires no configuration file and takes the desired DHCP server as its argument, as in this example: # dhcrelay 10.10.30.1 The server is usually started by a boot script. Some systems have options for configuring it other than editing the corresponding script file; see Table 8-9 for details. There is a graphical utility for configuring the DHCP server available in the KDE desktop environment. It is named kcmdhcpd andwritten by KarlBackström (http://www.lysator.liu.se/~backstrom/kcmdhcpd/), and it is illustrated in Figure 8-3. Figure 8-3. The kcmdhcpd utilityIn the illustration, the 10.10.1.0 subnet's scope is being set up. The window on the left is used to specify the scope's most important properties. We have also clicked on that window's Advanced button to open the smaller, frontmost window (where we are setting the option for an X font server). The utility's main window appears on the right. ISC DHCP Version 3 adds support for dynamic DNS updates.[15] This feature is in a preliminary state and may change over time. It currently works only with systems that have only a single network interface. The current implementation also lacks any security features and so should only be used when preventing unauthorized updates is not an issue.
The following configuration file excerpt illustrates the method for enabling dynamic updates: subnet . . . { normal statements . . . ddns-domainname "dhcp.zoas.org"; ddns-rev-domainname "in-addr.arpa"; } The two additional substatements specify the DNS domain and reverse lookup domain that should be added to host names/IP addresses when DNS A and PTR records are created for them (respectively). 8.3.3 HP-UXTheHP-UX DHCP daemon is on the eccentric side. It is named bootpd, a name that reflects its dual purpose as a DHCP and BOOTP server. The primary DHCP configuration file is /etc/dhcptab , which uses a termcap-like syntax. Here is an example file: dhcp_default_client_settings:\ Global settings. lease-time=14400:dn=zoas.org:\ lease-policy=accept-new-clients:\ subnet-mask=255.255.255.0: dhcp_pool_group:\ Defines a scope and its properties. pool-name=subnet1:\ addr-pool-start-address=10.10.1.100:\ addr-pool-last-address=10.10.1.175:\ reserved-for-other=10.10.1.125:\ Exclusion. reserved-for-other=10.10.1.105:\ Reservation. allow-bootp-clients=FALSE:\ gw=10.10.1.5:\ Default gateway. ba=10.10.1.255: Broadcast address. dhcp_pool_group:\ pool-name=subnet2:\ addr-pool-start-address=10.10.20.100:\ addr-pool-last-address=10.10.20.200:\ gw=10.10.20.88:\ Default gateway. ba=10.10.20.255:\ Broadcast address. xf=10.10.20.45: X font server. Here, we have defined our usual address ranges for the two subnets, along with their associated options. Note that IP addresses for reservations are included in the exclusion list. Reservations themselves are handled in another configuration file, /etc/bootptab. Here is an example entry: pandora:\ ht=ethernet:\ Identifier type. ha=aabbccddeeff:\ Hardware address. ip=10.10.1.105:\ IP address to assign. vm=rfc1048:\ Implementation style. sm=255.0.0.0:\ Subnet mask. ba=10.10.1.255 Broadcast address. The bootpd daemon serves as a DHCP relay agent (in addition to its remote booting functions). Like reservations, relaying is specified in the /etc/bootptab file, as in this example: subnet3:\ Group name from dhcptab. ht=ethernet:\ ha=000000000000:\ This will match any MAC address. hm=000000000000:\ bp=10.10.2.99 :\ Relay host IP address. th=0:\ Seconds to wait before relaying. hp=4 Maximum hops. You can also specify relaying for individual hosts by specifying its MAC address as the host address (ha) and using a mask of all ones (hm). The HP-UX DHCP server supportsdynamic updates to the DNS only in Version 11i. They are enabled via options to the pool group definition, as in this example: dhcp_pool_group:\ pool-name=subnet2:\ ... pcsn:\ Use hostname specified by client. ddns-address=10.10.1.100:\ DNS server address. In general, you can edit the configuration files by hand, or you can use SAM to control the various settings within it. Note that the relevantSAM areas are labeled with reference to remote booting (i.e., BOOTP), but they can be used to administer DHCP as well; the path from the main menu is Networking and Communications Bootable Devices. 8.3.4 SolarisTheSolaris DHCP server is named in.dhcpd (following the usual naming convention for Solaris network daemons). Its configuration files reside in /var/dhcp . It uses two separate files. The first of these, dhcptab, defines global and subnet- or client-specific options. Here is an example, which illustrates its termcap-like format: Locale m :UTCoffst=-14400:DNSdname="zoas.org":\ :Subnet=255.255.255.0: plum m :Include=Locale:LeaseTim=14400:LeaseNeg: special m :Include=Locale:LeaseTim=36000: 10.10.1.0 m :Subnet=255.255.255.0:Router=10.10.1.5:\ :Broadcst=10.10.1.255: 10.10.20.0 m :Subnet=255.255.255.0:Router=10.10.20.88:\ :Broadcst=10.10.20.255:XfontSrv=10.10.20.45: This file defines a series of macros, named groups of settings. It also illustrates the use of the Include setting, which allows one macro to be incorporated in another macro as a whole. The settings themselves have very easy-to-understand names. The first two items are used to define global options (note that the first one is included in the second and third entries). The second item, plum, will be assigned to most of the IP addresses in the scope, so it functions as a global default (although there is no way to tell this from this configuration file). This item conventionally has the same name as the DHCP server's hostname. The third item will be used to apply different settings to our reserved IP address. The final two items define settings that apply to the scopes associated with the specified subnets. The initial name field must be the same as the subnet address. The actual IP addresses to assign are stored in files (known as network files) in the same directory, and they are given names created by replacing all of the periods in the subnet address with underscores. For example, here is the file named 10_10_1_0, corresponding to the 10.10.1.0 subnet: client flags IP address DHCP server Expires Macro 00 00 10.10.1.100 10.10.1.50 0 plum 00 00 10.10.1.101 10.10.1.50 0 plum 00 00 10.10.1.102 10.10.1.50 0 plum 00 00 10.10.1.103 10.10.1.50 0 plum 00 00 10.10.1.104 10.10.1.50 0 plum 01AABBCCDDEEFF 02 10.10.1.105 10.10.1.50 0 special 00 00 10.10.1.106 10.10.1.50 0 plum ... 00 01 10.10.1.125 10.10.1.50 0 plum ... 00 00 10.10.1.200 10.10.1.50 0 plum Each line in the file defines an IP address within the scope. The fields in this file contain the client ID that is currently using the IP address (or 00 if it is free), flags applying to that entry (00 for addresses used for normal assignments), the IP address itself, the IP address of the DHCP server that manages it, the lease expiration time (0 if it is unassigned), and the macro within the dhcptab file that provides the options for that IP address. In this case, we are looking at a file before the DHCP service has been started. Thus, all the dynamic fields in the file retain their initial entries. The reserved address, 10.10.1.105, has a somewhat different format. The client ID is set to the string consisting of 01 (indicating that it is an Ethernet address) followed by the MAC address (sans colons). The flags field is set to 2, indicating that the address is permanently assigned. This entry also uses a different macro from the dhcptab file to obtain its longer lease time. The excluded address, host 125, is assigned a flag value of 1, which indicates that the address is unavailable for assignment. The Solaris DHCP server does not currently support dynamic updates to the DNS. in.dhcpd can also function as a DHCP relay server. You specify this behavior via the facility's boot configuration file: /etc/default/dhcp under Solaris 8 and /etc/inet/dhcpsvc.conf under Solaris 9. Here are examples illustrating the relevant entries:
Solaris provides the DHCP Manager graphical utility for configuring DHCP. It can be started from the administrative area of the desktop or using the dhcpmgr command in /usr/sadm/admin/bin. Solaris 8 also provides the nongraphical, menu-based utility dhcpconfig for the same purpose (the utility exists under Solaris 9, but this functionality has been removed). 8.3.5 Tru64TheTru64 DHCP server is named joind. It uses several configuration files in /etc/join. The first of these is server.pcy which is used to specify global server options. Here is a sample version of the file: accept_client_name Allow clients to specify their own hostnames. #support_bootp Don't support BOOTP. #registered_clients_only Accept requests from anyone. send_options_in_offer Include DHCP options in the initial offer. use_macaddr_as_id Use the MAC address to identify special clients. The next file is named nets , and it is used to specify the various scopes managed by this DHCP server and the range of available addresses within them: 10.10.1.0 10.10.1.22 10.10.1.100-10.10.1.104 10.10.1.106-10.10.1.124 10.10.1.126-10.10.1.175 10.10.20.0 10.10.1.22 10.10.20.175-10.10.20.200 The first scope is for the 10.10.1.0 subnet, and it is defined as three address ranges. The second scope is for the 10.10.20.0 subnet, defined via a single address range. The second field in each line specifies the DHCP server managing the scope. Note that fields which are the same in successive lines do not need to be repeated. The final configuration file is dhcpcap , a termcap-style configuration file used to specify DHCP options. Here are some example entries: special:\ :ht=ether:ha=aabbccddeeff:\ Identify this client via its MAC address. :ip=10.10.1.105:\ Assign this IP address. :gw=10.10.1.5:\ Default gateway. :ba=10.10.1.255:\ Broadcast address. :sm=255.255.255.0:\ Subnet mask. :dn="zoas.org":\ DNS domain name. :lt=36000: Lease time. subnet1:\ :nw=10.10.1.0:\ Network address. :gw=10.10.1.5:\ Default gateway. ...Same options as above. :lt=14400: Lease time. subnet2:\ :nw=10.10.20.0:\ Network address. :gw=10.10.20.88:\ Default gateway. :ba=10.10.20.255:\ Broadcast address. ...Same options as above. :lt=14400:\ Lease time. :xf=10.10.20.45: X font server. Note that many settings must be repeated in each stanza as there is no global section or include mechanism. These configuration files may be created and modified manually. However, Tru64 also provide the xjoin utility for accomplishing this. It is illustrated in Figure 8-4. Figure 8-4. The Tru64 xjoin facilityThe Tru64 DHCP server does not provide dynamic updates to the DNS. The DHCP relay server is named bprelay, and it is started by a command of the following form, where the argument is the address of the DHCP server to which to relay: # bprelay 10.10.30.1 Note that this server is not started by any boot script. You will have to modify a boot script if you want it to run as a matter of course. |