1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
|
.\" dhcpd.8
.\"
.\" Copyright (c) 1995, 1996 The Internet Software Consortium.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of The Internet Software Consortium nor the names
.\" of its contributors may be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
.\" DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
.\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" This software has been written for the Internet Software Consortium
.\" by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
.\" Enterprises. To learn more about the Internet Software Consortium,
.\" see ``http://www.isc.org/''. To learn more about Vixie
.\" Enterprises, see ``http://www.vix.com''.
.TH dhcpd 8
.SH NAME
dhcpd - Dynamic Host Configuration Protocol Server
.SH SYNOPSIS
.B dhcpd
[
.B -p
.I port
]
[
.B -f
]
[
.B -d
]
[
.B -q
]
[
.B -cf
.I config-file
]
[
.B -lf
.I lease-file
]
[
.I if0
[
.I ...ifN
]
]
.SH DESCRIPTION
The Internet Software Consortium DHCP Server, dhcpd, implements the
Dynamic Host Configuration Protocol (DHCP) and the Internet Bootstrap
Protocol (BOOTP). DHCP allows hosts on a TCP/IP network to request
and be assigned IP addresses, and also to discover information about
the network to which they are attached. BOOTP provides similar
functionality, with certain restrictions.
.SH OPERATION
.PP
The DHCP protocol allows a host which is unknown to the network
administrator to be automatically assigned a new IP address out of a
pool of IP addresses for its network. In order for this to work, the
network administrator allocates address pools in each subnet and
enters them into the dhcpd.conf(5) file.
.PP
On startup, dhcpd reads the
.IR dhcpd.conf
file and stores a list of available addresses on each subnet in
memory. When a client requests an address using the DHCP protocol,
dhcpd allocates an address for it. Each client is assigned a lease,
which expires after an amount of time chosen by the administrator (by
default, one day). Before leases expire, the clients to which leases
are assigned are expected to renew them in order to continue to use
the addresses. Once a lease has expired, the client to which that
lease was assigned is no longer permitted to use the leased IP
address.
.PP
In order to keep track of leases across system reboots and server
restarts, dhcpd keeps a list of leases it has assigned in the
dhcpd.leases(5) file. Before dhcpd grants a lease to a host, it
records the lease in this file and makes sure that the contents of the
file are flushed to disk. This ensures that even in the event of a
system crash, dhcpd will not forget about a lease that it has
assigned. On startup, after reading the dhcpd.conf file, dhcpd
reads the dhcpd.leases file to refresh its memory about what leases
have been assigned.
.PP
New leases are appended to the end of the dhcpd.leases
file. In order to prevent the file from becoming arbitrarily large,
from time to time dhcpd creates a new dhcpd.leases file from its
in-core lease database. Once this file has been written to disk, the
old file is renamed
.IR dhcpd.leases~ ,
and the new file is renamed dhcpd.leases. If the system crashes in
the middle of this process, whichever dhcpd.leases file remains will
contain all the lease information, so there is no need for a special
crash recovery process.
.PP
BOOTP support is also provided by this server. Unlike DHCP, the BOOTP
protocol does not provide a protocol for recovering
dynamically-assigned addresses once they are no longer needed. It is
still possible to dynamically assign addresses to BOOTP clients, but
some administrative process for reclaiming addresses is required. By
default, leases are granted to BOOTP clients in perpetuity, although
the network administrator may set an earlier cutoff date or a shorter
lease length for BOOTP leases if that makes sense.
.PP
BOOTP clients may also be served in the old standard way, which is to
simply provide a declaration in the dhcpd.conf file for each
BOOTP client, permanently assigning an address to each client.
.PP
Whenever changes are made to the dhcpd.conf file, dhcpd must be
restarted. To restart dhcpd, send a SIGTERM (signal 15) to the
process ID contained in
.IR RUNDIR/dhcpd.pid ,
and then re-invoke dhcpd. Because the DHCP server database is not as
lightweight as a BOOTP database, dhcpd does not automatically restart
itself when it sees a change to the dhcpd.conf file.
.PP
Note: We get a lot of complaints about this. We realize that it would
be nice if one could send a SIGHUP to the server and have it reload
the database. This is not technically impossible, but it would
require a great deal of work, our resources are extremely limited, and
they can be better spent elsewhere. So please don't complain about
this on the mailing list unless you're prepared to fund a project to
implement this feature, or prepared to do it yourself.
.PP
DHCP traffic always bypasses IPsec, otherwise there could be situations
when a server has an IPsec SA for the client, and sends replies over that,
which a potentially newly booted client cannot grasp.
.SH COMMAND LINE
.PP
The names of the network interfaces on which dhcpd should listen for
broadcasts may be specified on the command line. This should be done
on systems where dhcpd is unable to identify non-broadcast interfaces,
but should not be required on other systems. If no interface names
are specified on the command line dhcpd will identify all network
interfaces which are up, eliminating non-broadcast interfaces if
possible, and listen for DHCP broadcasts on each interface.
.PP
If dhcpd should listen on a port other than the standard (port 67),
the
.B -p
flag may used. It should be followed by the udp port number on which
dhcpd should listen. This is mostly useful for debugging purposes.
If the
.B -p
flag is specified, the server will transmit responses to clients at a
port number that is one greater than the one specified - i.e., if you
specify
.B -p
67, then the server will listen on port 67 and transmit to port 68.
Datagrams that must go through relay agents are sent to the port
number specified with the
.B -p
flag - if you wish to use alternate port numbers, you must configure
any relay agents you are using to use the same alternate port numbers.
.PP
To run dhcpd as a foreground process, rather than allowing it to run
as a daemon in the background, the
.B -f
flag should be specified. This is useful when running dhcpd under a
debugger, or when running it out of inittab on System V systems.
.PP
To have dhcpd log to the standard error descriptor, specify the
.B -d
flag. This can be useful for debugging, and also at sites where a
complete log of all dhcp activity must be kept but syslogd is not
reliable or otherwise cannot be used. Normally, dhcpd will log all
output using the syslog(3) function with the log facility set to
LOG_DAEMON.
.PP
Dhcpd can be made to use an alternate configuration file with the
.B -cf
flag, or an alternate lease file with the
.B -lf
flag. Because of the importance of using the same lease database at
all times when running dhcpd in production, these options should be
used \fBonly\fR for testing lease files or database files in a
non-production environment.
.PP
When starting dhcpd up from a system startup script (e.g., /etc/rc),
it may not be desirable to print out the entire copyright message on
startup. To avoid printing this message, the
.B -q
flag may be specified.
.SH CONFIGURATION
The syntax of the dhcpd.conf(5) file is discussed separately. This
section should be used as an overview of the configuration process,
and the dhcpd.conf(5) documentation should be consulted for detailed
reference information.
.PP
.SH Subnets
dhcpd needs to know the subnet numbers and netmasks of all subnets for
which it will be providing service. In addition, in order to
dynamically allocate addresses, it must be assigned one or more ranges
of addresses on each subnet which it can in turn assign to client
hosts as they boot. Thus, a very simple configuration providing DHCP
support might look like this:
.nf
.sp 1
subnet 239.252.197.0 netmask 255.255.255.0 {
range 239.252.197.10 239.252.197.250;
}
.fi
.PP
Multiple address ranges may be specified like this:
.nf
.sp 1
subnet 239.252.197.0 netmask 255.255.255.0 {
range 239.252.197.10 239.252.197.107;
range 239.252.197.113 239.252.197.250;
}
.fi
.PP
If a subnet will only be provided with BOOTP service and no dynamic
address assignment, the range clause can be left out entirely, but the
subnet statement must appear.
.PP
.SH Lease Lengths
DHCP leases can be assigned almost any length from zero seconds to
infinity. What lease length makes sense for any given subnet, or for
any given installation, will vary depending on the kinds of hosts
being served.
.PP
For example, in an office environment where systems are added from
time to time and removed from time to time, but move relatively
infrequently, it might make sense to allow lease times of a month of
more. In a final test environment on a manufacturing floor, it may
make more sense to assign a maximum lease length of 30 minutes -
enough time to go through a simple test procedure on a network
appliance before packaging it up for delivery.
.PP
It is possible to specify two lease lengths: the default length that
will be assigned if a client doesn't ask for any particular lease
length, and a maximum lease length. These are specified as clauses
to the subnet command:
.nf
.sp 1
subnet 239.252.197.0 netmask 255.255.255.0 {
range 239.252.197.10 239.252.197.107;
default-lease-time 600;
max-lease-time 7200;
}
.fi
.PP
This particular subnet declaration specifies a default lease time of
600 seconds (ten minutes), and a maximum lease time of 7200 seconds
(two hours). Other common values would be 86400 (one day), 604800
(one week) and 2592000 (30 days).
.PP
Each subnet need not have the same lease\(emin the case of an office
environment and a manufacturing environment served by the same DHCP
server, it might make sense to have widely disparate values for
default and maximum lease times on each subnet.
.SH BOOTP Support
Each BOOTP client must be explicitly declared in the dhcpd.conf
file. A very basic client declaration will specify the client
network interface's hardware address and the IP address to assign to
that client. If the client needs to be able to load a boot file from
the server, that file's name must be specified. A simple bootp
client declaration might look like this:
.nf
.sp 1
host haagen {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 239.252.197.9;
filename "/tftpboot/haagen.boot";
}
.fi
.SH Options
DHCP (and also BOOTP with Vendor Extensions) provides a mechanism
whereby the server can provide the client with information about how
to configure its network interface (e.g., subnet mask), and also how
the client can access various network services (e.g., DNS, IP routers,
and so on).
.PP
These options can be specified on a per-subnet basis, and, for BOOTP
clients, also on a per-client basis. In the event that a BOOTP
client declaration specifies options that are also specified in its
subnet declaration, the options specified in the client declaration
take precedence. An reasonably complete DHCP configuration might
look something like this:
.nf
.sp 1
subnet 239.252.197.0 netmask 255.255.255.0 {
range 239.252.197.10 239.252.197.250;
default-lease-time 600 max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 239.252.197.255;
option routers 239.252.197.1;
option domain-name-servers 239.252.197.2, 239.252.197.3;
option domain-name "isc.org";
}
.fi
.PP
A bootp host on that subnet that needs to be in a different domain and
use a different name server might be declared as follows:
.nf
.sp 1
host haagen {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 239.252.197.9;
filename "/tftpboot/haagen.boot";
option domain-name-servers 192.5.5.1;
option domain-name "vix.com";
}
.fi
.PP
A more complete description of the dhcpd.conf file syntax is provided
in dhcpd.conf(5).
.SH FILES
.B ETCDIR/dhcpd.conf, DBDIR/dhcpd.leases, RUNDIR/dhcpd.pid,
.B DBDIR/dhcpd.leases~.
.SH SEE ALSO
dhclient(8), dhcrelay(8), dhcpd.conf(5), dhcpd.leases(5)
.SH AUTHOR
.B dhcpd(8)
was written by Ted Lemon <mellon@vix.com>
under a contract with Vixie Labs. Funding
for this project was provided by the Internet Software Corporation.
Information about the Internet Software Consortium can be found at
.B http://www.isc.org/.
|