]>
Commit | Line | Data |
---|---|---|
08fe7cdb TL |
1 | .\" dhcpd.8 |
2 | .\" | |
9deef2e7 | 3 | .\" Copyright (c) 2004-2016 by Internet Systems Consortium, Inc. ("ISC") |
98311e4b | 4 | .\" Copyright (c) 1996-2003 by Internet Software Consortium |
08fe7cdb | 5 | .\" |
98311e4b DH |
6 | .\" Permission to use, copy, modify, and distribute this software for any |
7 | .\" purpose with or without fee is hereby granted, provided that the above | |
8 | .\" copyright notice and this permission notice appear in all copies. | |
08fe7cdb | 9 | .\" |
98311e4b DH |
10 | .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES |
11 | .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
12 | .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR | |
13 | .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
14 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
15 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT | |
16 | .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
08fe7cdb | 17 | .\" |
98311e4b DH |
18 | .\" Internet Systems Consortium, Inc. |
19 | .\" 950 Charter Street | |
20 | .\" Redwood City, CA 94063 | |
21 | .\" <info@isc.org> | |
2c85ac9b | 22 | .\" https://www.isc.org/ |
98311e4b DH |
23 | .\" |
24 | .\" This software has been written for Internet Systems Consortium | |
69c620f2 | 25 | .\" by Ted Lemon in cooperation with Vixie Enterprises and Nominum, Inc. |
f49473ba | 26 | .\" |
5a38e43f SR |
27 | .\" Support and other services are available for ISC products - see |
28 | .\" https://www.isc.org for more information or to learn more about ISC. | |
29 | .\" | |
802fdea1 | 30 | .\" $Id: dhcpd.8,v 1.35 2011/05/20 13:48:33 tomasz Exp $ |
f49473ba | 31 | .\" |
ee0cda4d TL |
32 | .TH dhcpd 8 |
33 | .SH NAME | |
5e6b52dc | 34 | dhcpd - Dynamic Host Configuration Protocol Server |
ee0cda4d TL |
35 | .SH SYNOPSIS |
36 | .B dhcpd | |
37 | [ | |
38 | .B -p | |
39 | .I port | |
40 | ] | |
d27562c7 TL |
41 | [ |
42 | .B -f | |
43 | ] | |
44 | [ | |
5e6b52dc TL |
45 | .B -d |
46 | ] | |
47 | [ | |
6edb572b TL |
48 | .B -q |
49 | ] | |
50 | [ | |
897065dc TL |
51 | .B -t |
52 | | | |
53 | .B -T | |
54 | ] | |
55 | [ | |
98bd7ca0 DH |
56 | .B -4 |
57 | | | |
58 | .B -6 | |
59 | ] | |
60 | [ | |
785c1a51 FD |
61 | .B -4o6 |
62 | .I port | |
63 | ] | |
64 | [ | |
2e13ba55 SK |
65 | .B -s |
66 | .I server | |
67 | ] | |
68 | [ | |
e2ac5814 TL |
69 | .B -cf |
70 | .I config-file | |
71 | ] | |
72 | [ | |
73 | .B -lf | |
74 | .I lease-file | |
75 | ] | |
76 | [ | |
88cd8aca DH |
77 | .B -pf |
78 | .I pid-file | |
79 | ] | |
80 | [ | |
4a5bfeac SR |
81 | .B --no-pid |
82 | ] | |
83 | [ | |
7a6c9368 SR |
84 | .B -user |
85 | .I user | |
86 | ] | |
87 | [ | |
88 | .B -group | |
89 | .I group | |
90 | ] | |
91 | [ | |
92 | .B -chroot | |
93 | .I dir | |
94 | ] | |
95 | [ | |
51fe0cce TL |
96 | .B -tf |
97 | .I trace-output-file | |
98 | ] | |
99 | [ | |
100 | .B -play | |
101 | .I trace-playback-file | |
102 | ] | |
103 | [ | |
d27562c7 TL |
104 | .I if0 |
105 | [ | |
106 | .I ...ifN | |
107 | ] | |
108 | ] | |
2e13ba55 SK |
109 | |
110 | .B dhcpd | |
111 | --version | |
ee0cda4d | 112 | .SH DESCRIPTION |
98311e4b | 113 | The Internet Systems Consortium DHCP Server, dhcpd, implements the |
5e6b52dc TL |
114 | Dynamic Host Configuration Protocol (DHCP) and the Internet Bootstrap |
115 | Protocol (BOOTP). DHCP allows hosts on a TCP/IP network to request | |
116 | and be assigned IP addresses, and also to discover information about | |
117 | the network to which they are attached. BOOTP provides similar | |
118 | functionality, with certain restrictions. | |
ee0cda4d TL |
119 | .SH OPERATION |
120 | .PP | |
08fe7cdb TL |
121 | The DHCP protocol allows a host which is unknown to the network |
122 | administrator to be automatically assigned a new IP address out of a | |
a0497ac5 | 123 | pool of IP addresses for its network. In order for this to work, the |
08fe7cdb | 124 | network administrator allocates address pools in each subnet and |
ee0cda4d TL |
125 | enters them into the dhcpd.conf(5) file. |
126 | .PP | |
d6645f56 SR |
127 | There are two versions of the DHCP protocol DHCPv4 and DHCPv6. At |
128 | startup the server may be started for one or the other via the | |
129 | .B -4 | |
130 | or | |
131 | .B -6 | |
132 | arguments. | |
133 | .PP | |
08fe7cdb | 134 | On startup, dhcpd reads the |
ee0cda4d | 135 | .IR dhcpd.conf |
5e6b52dc TL |
136 | file and stores a list of available addresses on each subnet in |
137 | memory. When a client requests an address using the DHCP protocol, | |
138 | dhcpd allocates an address for it. Each client is assigned a lease, | |
139 | which expires after an amount of time chosen by the administrator (by | |
140 | default, one day). Before leases expire, the clients to which leases | |
141 | are assigned are expected to renew them in order to continue to use | |
142 | the addresses. Once a lease has expired, the client to which that | |
143 | lease was assigned is no longer permitted to use the leased IP | |
144 | address. | |
ee0cda4d | 145 | .PP |
08fe7cdb | 146 | In order to keep track of leases across system reboots and server |
ee0cda4d | 147 | restarts, dhcpd keeps a list of leases it has assigned in the |
a0497ac5 | 148 | dhcpd.leases(5) file. Before dhcpd grants a lease to a host, it |
ee0cda4d | 149 | records the lease in this file and makes sure that the contents of the |
a0497ac5 | 150 | file are flushed to disk. This ensures that even in the event of a |
ee0cda4d | 151 | system crash, dhcpd will not forget about a lease that it has |
a0497ac5 | 152 | assigned. On startup, after reading the dhcpd.conf file, dhcpd |
ee0cda4d TL |
153 | reads the dhcpd.leases file to refresh its memory about what leases |
154 | have been assigned. | |
155 | .PP | |
156 | New leases are appended to the end of the dhcpd.leases | |
a0497ac5 | 157 | file. In order to prevent the file from becoming arbitrarily large, |
ee0cda4d TL |
158 | from time to time dhcpd creates a new dhcpd.leases file from its |
159 | in-core lease database. Once this file has been written to disk, the | |
160 | old file is renamed | |
161 | .IR dhcpd.leases~ , | |
a0497ac5 | 162 | and the new file is renamed dhcpd.leases. If the system crashes in |
ee0cda4d TL |
163 | the middle of this process, whichever dhcpd.leases file remains will |
164 | contain all the lease information, so there is no need for a special | |
165 | crash recovery process. | |
166 | .PP | |
5e6b52dc TL |
167 | BOOTP support is also provided by this server. Unlike DHCP, the BOOTP |
168 | protocol does not provide a protocol for recovering | |
a0497ac5 | 169 | dynamically-assigned addresses once they are no longer needed. It is |
5e6b52dc | 170 | still possible to dynamically assign addresses to BOOTP clients, but |
a0497ac5 | 171 | some administrative process for reclaiming addresses is required. By |
5e6b52dc TL |
172 | default, leases are granted to BOOTP clients in perpetuity, although |
173 | the network administrator may set an earlier cutoff date or a shorter | |
174 | lease length for BOOTP leases if that makes sense. | |
175 | .PP | |
176 | BOOTP clients may also be served in the old standard way, which is to | |
177 | simply provide a declaration in the dhcpd.conf file for each | |
178 | BOOTP client, permanently assigning an address to each client. | |
ee0cda4d TL |
179 | .PP |
180 | Whenever changes are made to the dhcpd.conf file, dhcpd must be | |
a0497ac5 | 181 | restarted. To restart dhcpd, send a SIGTERM (signal 15) to the |
ee0cda4d | 182 | process ID contained in |
5e6b52dc TL |
183 | .IR RUNDIR/dhcpd.pid , |
184 | and then re-invoke dhcpd. Because the DHCP server database is not as | |
185 | lightweight as a BOOTP database, dhcpd does not automatically restart | |
186 | itself when it sees a change to the dhcpd.conf file. | |
4e19a6df | 187 | .PP |
a0497ac5 | 188 | Note: We get a lot of complaints about this. We realize that it would |
4e19a6df | 189 | be nice if one could send a SIGHUP to the server and have it reload |
a0497ac5 | 190 | the database. This is not technically impossible, but it would |
4e19a6df | 191 | require a great deal of work, our resources are extremely limited, and |
a0497ac5 | 192 | they can be better spent elsewhere. So please don't complain about |
4e19a6df TL |
193 | this on the mailing list unless you're prepared to fund a project to |
194 | implement this feature, or prepared to do it yourself. | |
d27562c7 TL |
195 | .SH COMMAND LINE |
196 | .PP | |
5e6b52dc TL |
197 | The names of the network interfaces on which dhcpd should listen for |
198 | broadcasts may be specified on the command line. This should be done | |
199 | on systems where dhcpd is unable to identify non-broadcast interfaces, | |
200 | but should not be required on other systems. If no interface names | |
201 | are specified on the command line dhcpd will identify all network | |
98311e4b | 202 | interfaces which are up, eliminating non-broadcast interfaces if |
5e6b52dc | 203 | possible, and listen for DHCP broadcasts on each interface. |
d27562c7 | 204 | .PP |
d6645f56 SR |
205 | .SH COMMAND LINE OPTIONS |
206 | .TP | |
207 | .BI \-4 | |
802fdea1 TM |
208 | Run as a DHCP server. This is the default and cannot be combined with |
209 | \fB\-6\fR. | |
d6645f56 SR |
210 | .TP |
211 | .BI \-6 | |
802fdea1 | 212 | Run as a DHCPv6 server. This cannot be combined with \fB\-4\fR. |
d6645f56 | 213 | .TP |
785c1a51 FD |
214 | .BI \-4o6 \ port |
215 | Participate in the DHCPv4 over DHCPv6 protocol specified by RFC 7341. | |
216 | This associates a DHCPv4 and a DHCPv6 server to allow the v4 server to | |
4dd0eb18 | 217 | receive v4 requests that were encapsulated in a v6 packet. Communication |
785c1a51 FD |
218 | between the two servers is done on a pair of UDP sockets bound |
219 | to ::1 \fIport\fR and \fIport + 1\fR. Both servers must | |
220 | be launched using the same \fIport\fR argument. | |
221 | .TP | |
d6645f56 | 222 | .BI \-p \ port |
785c1a51 | 223 | The UDP port number on which |
d6645f56 SR |
224 | .B dhcpd |
225 | should listen. If unspecified | |
226 | .B dhcpd | |
227 | uses the default port of 67. This is mostly useful for debugging | |
228 | purposes. | |
229 | .TP | |
230 | .BI \-s \ address | |
231 | Specify an address or host name to which | |
232 | .B dhcpd | |
233 | should send replies rather than the broadcast address (255.255.255.255). | |
234 | This option is only supported in IPv4. | |
235 | .TP | |
236 | .BI \-f | |
237 | Force | |
238 | .B dhcpd | |
239 | to run as a foreground process instead of as a daemon in the background. | |
240 | This is useful when running | |
241 | .B dhcpd | |
242 | under a debugger, or when running it | |
243 | out of inittab on System V systems. | |
244 | .TP | |
245 | .BI \-d | |
246 | Send log messages to the standard error descriptor. | |
247 | This can be useful for debugging, and also at sites where a | |
5e6b52dc | 248 | complete log of all dhcp activity must be kept but syslogd is not |
a0497ac5 | 249 | reliable or otherwise cannot be used. Normally, |
d6645f56 SR |
250 | .B dhcpd |
251 | will log all | |
252 | output using the \fBsyslog(3)\fR function with the log facility set to | |
253 | LOG_DAEMON. Note that \fB\-d\fR implies \fB\-f\fR (the daemon will | |
254 | not fork itself into the background). | |
255 | .TP | |
256 | .BI \-q | |
257 | Be quiet at startup. This suppresses the printing of the entire | |
258 | copyright message during startup. This might be desirable when | |
259 | starting | |
260 | .B dhcpd | |
261 | from a system startup script (e.g., /etc/rc). | |
262 | .TP | |
263 | .BI \-t | |
264 | Test the configuration file. The server tests the configuration file | |
897065dc | 265 | for correct syntax, but will not attempt to perform any network |
a0497ac5 | 266 | operations. This can be used to test a new configuration file |
897065dc | 267 | automatically before installing it. |
d6645f56 SR |
268 | .TP |
269 | .BI \-T | |
270 | Test the lease file. The server tests the lease file | |
271 | for correct syntax, but will not attempt to perform any network | |
8e112e2b | 272 | operations. This can be used to test a new lease file |
d6645f56 SR |
273 | automatically before installing it. |
274 | .TP | |
7a6c9368 SR |
275 | .BI \-user \ user |
276 | Setuid to user after completing privileged operations, | |
277 | such as creating sockets that listen on privileged ports. | |
278 | This also causes the lease file to be owned by user. | |
279 | This option is only available if the code was compiled | |
280 | with the PARANOIA patch (./configure --enable-paranoia). | |
281 | .TP | |
282 | .BI \-group \ group | |
283 | Setgid to group after completing privileged operations, | |
284 | such as creating sockets that listen on privileged ports. | |
285 | This also causes the lease file to use group. | |
286 | This option is only available if the code was compiled | |
287 | with the PARANOIA patch (./configure --enable-paranoia). | |
288 | .TP | |
289 | .BI \-chroot \ dir | |
290 | Chroot to directory. This may occur before or after | |
291 | reading the configuration files depending on whether | |
292 | the code was compiled with the EARLY_CHROOT option | |
293 | enabled (./configure --enable-early-chroot). | |
294 | This option is only available if the code was compiled | |
295 | with the PARANOIA patch (./configure --enable-paranoia). | |
296 | .TP | |
d6645f56 SR |
297 | .BI \-tf \ tracefile |
298 | Specify a file into which the entire startup state of the server and | |
299 | all the transactions it processes are logged. This can be | |
51fe0cce TL |
300 | useful in submitting bug reports - if you are getting a core dump |
301 | every so often, you can start the server with the \fB-tf\fR option and | |
302 | then, when the server dumps core, the trace file will contain all the | |
303 | transactions that led up to it dumping core, so that the problem can | |
304 | be easily debugged with \fB-play\fR. | |
d6645f56 SR |
305 | .TP |
306 | .BI \-play \ playfile | |
307 | Specify a file from which the entire startup state of the server and | |
308 | all the transactions it processed are read. The \fB-play\fR option | |
309 | must be specified with an alternate lease file, | |
51fe0cce TL |
310 | using the \fB-lf\fR switch, so that the DHCP server doesn't wipe out |
311 | your existing lease file with its test data. The DHCP server will | |
312 | refuse to operate in playback mode unless you specify an alternate | |
313 | lease file. | |
d6645f56 SR |
314 | .TP |
315 | .BI --version | |
316 | Print version number and exit. | |
317 | .PP | |
318 | .I Modifying default file locations: | |
319 | The following options can be used to modify the locations | |
320 | .B dhcpd | |
8e112e2b | 321 | uses for its files. Because of the importance of using the same |
d6645f56 SR |
322 | lease database at all times when running dhcpd in production, these |
323 | options should be used \fBonly\fR for testing lease files or database | |
324 | files in a non-production environment. | |
325 | .TP | |
326 | .BI \-cf \ config-file | |
327 | Path to alternate configuration file. | |
328 | .TP | |
329 | .BI \-lf \ lease-file | |
330 | Path to alternate lease file. | |
331 | .TP | |
332 | .BI \-pf \ pid-file | |
333 | Path to alternate pid file. | |
4a5bfeac SR |
334 | .TP |
335 | .BI \--no-pid | |
336 | Option to disable writing pid files. By default the program | |
337 | will write a pid file. If the program is invoked with this | |
338 | option it will not check for an existing server process. | |
2e13ba55 | 339 | .PP |
d69e527c SR |
340 | .SH PORTS |
341 | During operations the server may use multiple UDP and TCP ports | |
342 | to provide different functions. Which ports are opened depends | |
343 | on both the way you compiled your code and the configuration you | |
344 | supply. The following should provide you an idea of what | |
345 | ports may be in use. | |
346 | ||
347 | Normally a DHCPv4 server will open a raw UDP socket to receive | |
348 | and send most DHCPv4 packets. It also opens a fallback UDP socket | |
349 | for use in sending unicast packets. Normally these will both | |
350 | use the well known port number for BOOTPS. | |
351 | ||
4dd0eb18 | 352 | For each DHCPv4 failover peer you list in the configuration file |
d69e527c | 353 | there will be a TCP socket listening for connections on the |
4dd0eb18 | 354 | ports specified in the configuration file. When the peer connects |
d69e527c SR |
355 | there will be another socket for the established connection. |
356 | For the established connection the side (primary or secondary) | |
357 | opening the connection will use a random port. | |
358 | ||
359 | For DHCPv6 the server opens a UDP socket on the well known | |
360 | dhcpv6-server port. | |
361 | ||
362 | The server opens an icmp socket for doing ping requests to check | |
363 | if addresses are in use. | |
364 | ||
365 | If you have included an omapi-port statement in your configuration | |
366 | file then the server will open a TCP socket on that port to | |
367 | listen for OMPAI connections. When something connects another | |
368 | port will be used for the established connection. | |
369 | ||
370 | When DDNS is enabled at compile time (see includes/site.h) | |
371 | the server will open both a v4 and a v6 UDP socket on | |
372 | random ports. These ports are opened even if DDNS is disabled | |
373 | in the configuration file. | |
374 | .PP | |
ee0cda4d | 375 | .SH CONFIGURATION |
a0497ac5 | 376 | The syntax of the dhcpd.conf(5) file is discussed separately. This |
ee0cda4d | 377 | section should be used as an overview of the configuration process, |
ba7ed239 | 378 | and the dhcpd.conf(5) documentation should be consulted for detailed |
ee0cda4d TL |
379 | reference information. |
380 | .PP | |
381 | .SH Subnets | |
382 | dhcpd needs to know the subnet numbers and netmasks of all subnets for | |
a0497ac5 | 383 | which it will be providing service. In addition, in order to |
ee0cda4d TL |
384 | dynamically allocate addresses, it must be assigned one or more ranges |
385 | of addresses on each subnet which it can in turn assign to client | |
a0497ac5 | 386 | hosts as they boot. Thus, a very simple configuration providing DHCP |
08fe7cdb TL |
387 | support might look like this: |
388 | .nf | |
389 | .sp 1 | |
5e6b52dc | 390 | subnet 239.252.197.0 netmask 255.255.255.0 { |
08fe7cdb | 391 | range 239.252.197.10 239.252.197.250; |
98311e4b | 392 | } |
08fe7cdb | 393 | .fi |
ee0cda4d | 394 | .PP |
08fe7cdb TL |
395 | Multiple address ranges may be specified like this: |
396 | .nf | |
397 | .sp 1 | |
5e6b52dc TL |
398 | subnet 239.252.197.0 netmask 255.255.255.0 { |
399 | range 239.252.197.10 239.252.197.107; | |
08fe7cdb | 400 | range 239.252.197.113 239.252.197.250; |
5e6b52dc | 401 | } |
08fe7cdb | 402 | .fi |
ee0cda4d | 403 | .PP |
08fe7cdb TL |
404 | If a subnet will only be provided with BOOTP service and no dynamic |
405 | address assignment, the range clause can be left out entirely, but the | |
406 | subnet statement must appear. | |
ee0cda4d TL |
407 | .PP |
408 | .SH Lease Lengths | |
08fe7cdb | 409 | DHCP leases can be assigned almost any length from zero seconds to |
a0497ac5 | 410 | infinity. What lease length makes sense for any given subnet, or for |
08fe7cdb TL |
411 | any given installation, will vary depending on the kinds of hosts |
412 | being served. | |
ee0cda4d | 413 | .PP |
08fe7cdb TL |
414 | For example, in an office environment where systems are added from |
415 | time to time and removed from time to time, but move relatively | |
5a38e43f | 416 | infrequently, it might make sense to allow lease times of a month or |
a0497ac5 | 417 | more. In a final test environment on a manufacturing floor, it may |
08fe7cdb TL |
418 | make more sense to assign a maximum lease length of 30 minutes - |
419 | enough time to go through a simple test procedure on a network | |
420 | appliance before packaging it up for delivery. | |
ee0cda4d | 421 | .PP |
08fe7cdb TL |
422 | It is possible to specify two lease lengths: the default length that |
423 | will be assigned if a client doesn't ask for any particular lease | |
a0497ac5 | 424 | length, and a maximum lease length. These are specified as clauses |
08fe7cdb TL |
425 | to the subnet command: |
426 | .nf | |
427 | .sp 1 | |
5e6b52dc TL |
428 | subnet 239.252.197.0 netmask 255.255.255.0 { |
429 | range 239.252.197.10 239.252.197.107; | |
430 | default-lease-time 600; | |
08fe7cdb | 431 | max-lease-time 7200; |
98311e4b | 432 | } |
08fe7cdb | 433 | .fi |
ee0cda4d | 434 | .PP |
08fe7cdb TL |
435 | This particular subnet declaration specifies a default lease time of |
436 | 600 seconds (ten minutes), and a maximum lease time of 7200 seconds | |
a0497ac5 | 437 | (two hours). Other common values would be 86400 (one day), 604800 |
08fe7cdb | 438 | (one week) and 2592000 (30 days). |
ee0cda4d | 439 | .PP |
08fe7cdb TL |
440 | Each subnet need not have the same lease\(emin the case of an office |
441 | environment and a manufacturing environment served by the same DHCP | |
442 | server, it might make sense to have widely disparate values for | |
443 | default and maximum lease times on each subnet. | |
ee0cda4d TL |
444 | .SH BOOTP Support |
445 | Each BOOTP client must be explicitly declared in the dhcpd.conf | |
a0497ac5 | 446 | file. A very basic client declaration will specify the client |
08fe7cdb | 447 | network interface's hardware address and the IP address to assign to |
a0497ac5 SR |
448 | that client. If the client needs to be able to load a boot file from |
449 | the server, that file's name must be specified. A simple bootp | |
08fe7cdb TL |
450 | client declaration might look like this: |
451 | .nf | |
452 | .sp 1 | |
fc5aedc9 TL |
453 | host haagen { |
454 | hardware ethernet 08:00:2b:4c:59:23; | |
5e6b52dc | 455 | fixed-address 239.252.197.9; |
08fe7cdb | 456 | filename "/tftpboot/haagen.boot"; |
5e6b52dc | 457 | } |
08fe7cdb | 458 | .fi |
ee0cda4d | 459 | .SH Options |
08fe7cdb TL |
460 | DHCP (and also BOOTP with Vendor Extensions) provide a mechanism |
461 | whereby the server can provide the client with information about how | |
462 | to configure its network interface (e.g., subnet mask), and also how | |
463 | the client can access various network services (e.g., DNS, IP routers, | |
464 | and so on). | |
ee0cda4d | 465 | .PP |
08fe7cdb | 466 | These options can be specified on a per-subnet basis, and, for BOOTP |
a0497ac5 | 467 | clients, also on a per-client basis. In the event that a BOOTP |
08fe7cdb TL |
468 | client declaration specifies options that are also specified in its |
469 | subnet declaration, the options specified in the client declaration | |
a0497ac5 | 470 | take precedence. A reasonably complete DHCP configuration might |
08fe7cdb TL |
471 | look something like this: |
472 | .nf | |
473 | .sp 1 | |
5e6b52dc TL |
474 | subnet 239.252.197.0 netmask 255.255.255.0 { |
475 | range 239.252.197.10 239.252.197.250; | |
476 | default-lease-time 600 max-lease-time 7200; | |
477 | option subnet-mask 255.255.255.0; | |
478 | option broadcast-address 239.252.197.255; | |
479 | option routers 239.252.197.1; | |
480 | option domain-name-servers 239.252.197.2, 239.252.197.3; | |
08fe7cdb | 481 | option domain-name "isc.org"; |
5e6b52dc | 482 | } |
08fe7cdb | 483 | .fi |
ee0cda4d | 484 | .PP |
08fe7cdb TL |
485 | A bootp host on that subnet that needs to be in a different domain and |
486 | use a different name server might be declared as follows: | |
487 | .nf | |
488 | .sp 1 | |
ba7ed239 TL |
489 | host haagen { |
490 | hardware ethernet 08:00:2b:4c:59:23; | |
5e6b52dc TL |
491 | fixed-address 239.252.197.9; |
492 | filename "/tftpboot/haagen.boot"; | |
493 | option domain-name-servers 192.5.5.1; | |
08fe7cdb | 494 | option domain-name "vix.com"; |
5e6b52dc | 495 | } |
08fe7cdb | 496 | .fi |
ee0cda4d | 497 | .PP |
5e6b52dc TL |
498 | A more complete description of the dhcpd.conf file syntax is provided |
499 | in dhcpd.conf(5). | |
90e0ef94 TL |
500 | .SH OMAPI |
501 | The DHCP server provides the capability to modify some of its | |
502 | configuration while it is running, without stopping it, modifying its | |
503 | database files, and restarting it. This capability is currently | |
504 | provided using OMAPI - an API for manipulating remote objects. OMAPI | |
505 | clients connect to the server using TCP/IP, authenticate, and can then | |
506 | examine the server's current status and make changes to it. | |
507 | .PP | |
508 | Rather than implementing the underlying OMAPI protocol directly, user | |
a0497ac5 | 509 | programs should use the dhcpctl API or OMAPI itself. Dhcpctl is a |
90e0ef94 | 510 | wrapper that handles some of the housekeeping chores that OMAPI does |
a0497ac5 | 511 | not do automatically. Dhcpctl and OMAPI are documented in \fBdhcpctl(3)\fR |
90e0ef94 TL |
512 | and \fBomapi(3)\fR. |
513 | .PP | |
a0497ac5 | 514 | OMAPI exports objects, which can then be examined and modified. The |
90e0ef94 | 515 | DHCP server exports the following objects: lease, host, |
a0497ac5 SR |
516 | failover-state and group. Each object has a number of methods that |
517 | are provided: lookup, create, and destroy. In addition, it is | |
90e0ef94 TL |
518 | possible to look at attributes that are stored on objects, and in some |
519 | cases to modify those attributes. | |
520 | .SH THE LEASE OBJECT | |
521 | Leases can't currently be created or destroyed, but they can be looked | |
522 | up to examine and modify their state. | |
523 | .PP | |
524 | Leases have the following attributes: | |
525 | .PP | |
526 | .B state \fIinteger\fR lookup, examine | |
527 | .RS 0.5i | |
528 | .nf | |
529 | 1 = free | |
530 | 2 = active | |
531 | 3 = expired | |
532 | 4 = released | |
533 | 5 = abandoned | |
534 | 6 = reset | |
535 | 7 = backup | |
536 | 8 = reserved | |
537 | 9 = bootp | |
538 | .fi | |
539 | .RE | |
540 | .PP | |
541 | .B ip-address \fIdata\fR lookup, examine | |
542 | .RS 0.5i | |
543 | The IP address of the lease. | |
544 | .RE | |
545 | .PP | |
546 | .B dhcp-client-identifier \fIdata\fR lookup, examine, update | |
547 | .RS 0.5i | |
548 | The | |
549 | client identifier that the client used when it acquired the lease. | |
550 | Not all clients send client identifiers, so this may be empty. | |
551 | .RE | |
552 | .PP | |
553 | .B client-hostname \fIdata\fR examine, update | |
554 | .RS 0.5i | |
555 | The value the client sent in the host-name option. | |
556 | .RE | |
557 | .PP | |
558 | .B host \fIhandle\fR examine | |
559 | .RS 0.5i | |
560 | the host declaration associated with this lease, if any. | |
561 | .RE | |
562 | .PP | |
563 | .B subnet \fIhandle\fR examine | |
564 | .RS 0.5i | |
565 | the subnet object associated with this lease (the subnet object is not | |
566 | currently supported). | |
567 | .RE | |
568 | .PP | |
569 | .B pool \fIhandle\fR examine | |
570 | .RS 0.5i | |
c759db75 | 571 | the pool object associated with this lease (the pool object is not |
90e0ef94 TL |
572 | currently supported). |
573 | .RE | |
574 | .PP | |
575 | .B billing-class \fIhandle\fR examine | |
576 | .RS 0.5i | |
577 | the handle to the class to which this lease is currently billed, if | |
578 | any (the class object is not currently supported). | |
579 | .RE | |
580 | .PP | |
581 | .B hardware-address \fIdata\fR examine, update | |
582 | .RS 0.5i | |
583 | the hardware address (chaddr) field sent by the client when it | |
584 | acquired its lease. | |
585 | .RE | |
586 | .PP | |
587 | .B hardware-type \fIinteger\fR examine, update | |
588 | .RS 0.5i | |
589 | the type of the network interface that the client reported when it | |
590 | acquired its lease. | |
591 | .RE | |
592 | .PP | |
593 | .B ends \fItime\fR examine | |
594 | .RS 0.5i | |
595 | the time when the lease's current state ends, as understood by the | |
596 | client. | |
597 | .RE | |
598 | .PP | |
599 | .B tstp \fItime\fR examine | |
600 | .RS 0.5i | |
601 | the time when the lease's current state ends, as understood by the | |
602 | server. | |
603 | .RE | |
604 | .B tsfp \fItime\fR examine | |
605 | .RS 0.5i | |
88cd8aca DH |
606 | the adjusted time when the lease's current state ends, as understood by |
607 | the failover peer (if there is no failover peer, this value is | |
608 | undefined). Generally this value is only adjusted for expired, released, | |
609 | or reset leases while the server is operating in partner-down state, and | |
610 | otherwise is simply the value supplied by the peer. | |
611 | .RE | |
612 | .B atsfp \fItime\fR examine | |
613 | .RS 0.5i | |
614 | the actual tsfp value sent from the peer. This value is forgotten when a | |
c759db75 | 615 | lease binding state change is made, to facilitate retransmission logic. |
90e0ef94 TL |
616 | .RE |
617 | .PP | |
618 | .B cltt \fItime\fR examine | |
619 | .RS 0.5i | |
620 | The time of the last transaction with the client on this lease. | |
621 | .RE | |
622 | .SH THE HOST OBJECT | |
623 | Hosts can be created, destroyed, looked up, examined and modified. | |
624 | If a host declaration is created or deleted using OMAPI, that | |
a0497ac5 | 625 | information will be recorded in the dhcpd.leases file. It is |
90e0ef94 TL |
626 | permissible to delete host declarations that are declared in the |
627 | dhcpd.conf file. | |
628 | .PP | |
629 | Hosts have the following attributes: | |
630 | .PP | |
631 | .B name \fIdata\fR lookup, examine, modify | |
632 | .RS 0.5i | |
a0497ac5 | 633 | the name of the host declaration. This name must be unique among all |
90e0ef94 TL |
634 | host declarations. |
635 | .RE | |
636 | .PP | |
637 | .B group \fIhandle\fR examine, modify | |
638 | .RS 0.5i | |
639 | the named group associated with the host declaration, if there is one. | |
640 | .RE | |
641 | .PP | |
642 | .B hardware-address \fIdata\fR lookup, examine, modify | |
643 | .RS 0.5i | |
644 | the link-layer address that will be used to match the client, if any. | |
645 | Only valid if hardware-type is also present. | |
646 | .RE | |
647 | .PP | |
648 | .B hardware-type \fIinteger\fR lookup, examine, modify | |
649 | .RS 0.5i | |
650 | the type of the network interface that will be used to match the | |
a0497ac5 | 651 | client, if any. Only valid if hardware-address is also present. |
90e0ef94 TL |
652 | .RE |
653 | .PP | |
654 | .B dhcp-client-identifier \fIdata\fR lookup, examine, modify | |
655 | .RS 0.5i | |
656 | the dhcp-client-identifier option that will be used to match the | |
657 | client, if any. | |
658 | .RE | |
659 | .PP | |
660 | .B ip-address \fIdata\fR examine, modify | |
661 | .RS 0.5i | |
662 | a fixed IP address which is reserved for a DHCP client that matches | |
a0497ac5 | 663 | this host declaration. The IP address will only be assigned to the |
90e0ef94 TL |
664 | client if it is valid for the network segment to which the client is |
665 | connected. | |
666 | .RE | |
667 | .PP | |
668 | .B statements \fIdata\fR modify | |
669 | .RS 0.5i | |
670 | a list of statements in the format of the dhcpd.conf file that will be | |
671 | executed whenever a message from the client is being processed. | |
672 | .RE | |
673 | .PP | |
674 | .B known \fIinteger\fR examine, modify | |
675 | .RS 0.5i | |
676 | if nonzero, indicates that a client matching this host declaration | |
a0497ac5 | 677 | will be treated as \fIknown\fR in pool permit lists. If zero, the |
90e0ef94 TL |
678 | client will not be treated as known. |
679 | .RE | |
680 | .SH THE GROUP OBJECT | |
681 | Named groups can be created, destroyed, looked up, examined and | |
682 | modified. If a group declaration is created or deleted using OMAPI, | |
683 | that information will be recorded in the dhcpd.leases file. It is | |
684 | permissible to delete group declarations that are declared in the | |
685 | dhcpd.conf file. | |
686 | .PP | |
687 | Named groups currently can only be associated with | |
688 | hosts - this allows one set of statements to be efficiently attached | |
a0497ac5 | 689 | to more than one host declaration. |
90e0ef94 TL |
690 | .PP |
691 | Groups have the following attributes: | |
692 | .PP | |
693 | .B name \fIdata\fR | |
694 | .RS 0.5i | |
695 | the name of the group. All groups that are created using OMAPI must | |
696 | have names, and the names must be unique among all groups. | |
697 | .RE | |
698 | .PP | |
699 | .B statements \fIdata\fR | |
700 | .RS 0.5i | |
701 | a list of statements in the format of the dhcpd.conf file that will be | |
702 | executed whenever a message from a client whose host declaration | |
703 | references this group is processed. | |
704 | .RE | |
d758ad8c | 705 | .SH THE CONTROL OBJECT |
a0497ac5 | 706 | The control object allows you to shut the server down. If the server |
d758ad8c TL |
707 | is doing failover with another peer, it will make a clean transition |
708 | into the shutdown state and notify its peer, so that the peer can go | |
709 | into partner down, and then record the "recover" state in the lease | |
710 | file so that when the server is restarted, it will automatically | |
711 | resynchronize with its peer. | |
712 | .PP | |
713 | On shutdown the server will also attempt to cleanly shut down all | |
714 | OMAPI connections. If these connections do not go down cleanly after | |
c759db75 | 715 | five seconds, they are shut down preemptively. It can take as much |
d758ad8c TL |
716 | as 25 seconds from the beginning of the shutdown process to the time |
717 | that the server actually exits. | |
718 | .PP | |
719 | To shut the server down, open its control object and set the state | |
720 | attribute to 2. | |
0db87765 TL |
721 | .SH THE FAILOVER-STATE OBJECT |
722 | The failover-state object is the object that tracks the state of the | |
723 | failover protocol as it is being managed for a given failover peer. | |
724 | The failover object has the following attributes (please see | |
725 | .B dhcpd.conf (5) | |
726 | for explanations about what these attributes mean): | |
727 | .PP | |
728 | .B name \fIdata\fR examine | |
729 | .RS 0.5i | |
730 | Indicates the name of the failover peer relationship, as described in | |
731 | the server's \fBdhcpd.conf\fR file. | |
732 | .RE | |
733 | .PP | |
734 | .B partner-address \fIdata\fR examine | |
735 | .RS 0.5i | |
736 | Indicates the failover partner's IP address. | |
737 | .RE | |
738 | .PP | |
739 | .B local-address \fIdata\fR examine | |
740 | .RS 0.5i | |
741 | Indicates the IP address that is being used by the DHCP server for | |
742 | this failover pair. | |
743 | .RE | |
744 | .PP | |
745 | .B partner-port \fIdata\fR examine | |
746 | .RS 0.5i | |
747 | Indicates the TCP port on which the failover partner is listening for | |
748 | failover protocol connections. | |
749 | .RE | |
750 | .PP | |
751 | .B local-port \fIdata\fR examine | |
752 | .RS 0.5i | |
753 | Indicates the TCP port on which the DHCP server is listening for | |
754 | failover protocol connections for this failover pair. | |
755 | .RE | |
756 | .PP | |
757 | .B max-outstanding-updates \fIinteger\fR examine | |
758 | .RS 0.5i | |
759 | Indicates the number of updates that can be outstanding and | |
760 | unacknowledged at any given time, in this failover relationship. | |
761 | .RE | |
762 | .PP | |
763 | .B mclt \fIinteger\fR examine | |
764 | .RS 0.5i | |
765 | Indicates the maximum client lead time in this failover relationship. | |
766 | .RE | |
767 | .PP | |
768 | .B load-balance-max-secs \fIinteger\fR examine | |
769 | .RS 0.5i | |
770 | Indicates the maximum value for the secs field in a client request | |
771 | before load balancing is bypassed. | |
772 | .RE | |
773 | .PP | |
774 | .B load-balance-hba \fIdata\fR examine | |
775 | .RS 0.5i | |
776 | Indicates the load balancing hash bucket array for this failover | |
777 | relationship. | |
778 | .RE | |
779 | .PP | |
780 | .B local-state \fIinteger\fR examine, modify | |
781 | .RS 0.5i | |
782 | Indicates the present state of the DHCP server in this failover | |
a0497ac5 | 783 | relationship. Possible values for state are: |
0db87765 TL |
784 | .RE |
785 | .RS 1i | |
786 | .PP | |
787 | .nf | |
edcb5c46 EH |
788 | 1 - startup |
789 | 2 - normal | |
790 | 3 - communications interrupted | |
791 | 4 - partner down | |
792 | 5 - potential conflict | |
793 | 6 - recover | |
794 | 7 - paused | |
795 | 8 - shutdown | |
796 | 9 - recover done | |
797 | 10 - resolution interrupted | |
798 | 11 - conflict done | |
799 | 254 - recover wait | |
0db87765 TL |
800 | .fi |
801 | .RE | |
802 | .PP | |
803 | .RS 0.5i | |
edcb5c46 EH |
804 | (Note that some of the above values have changed since DHCP 3.0.x.) |
805 | .RE | |
806 | .PP | |
807 | .RS 0.5i | |
0db87765 TL |
808 | In general it is not a good idea to make changes to this state. |
809 | However, in the case that the failover partner is known to be down, it | |
810 | can be useful to set the DHCP server's failover state to partner | |
a0497ac5 | 811 | down. At this point the DHCP server will take over service of the |
0db87765 | 812 | failover partner's leases as soon as possible, and will give out |
a0497ac5 | 813 | normal leases, not leases that are restricted by MCLT. If you do put |
0db87765 TL |
814 | the DHCP server into the partner-down when the other DHCP server is |
815 | not in the partner-down state, but is not reachable, IP address | |
a0497ac5 | 816 | assignment conflicts are possible, even likely. Once a server has |
0db87765 TL |
817 | been put into partner-down mode, its failover partner must not be |
818 | brought back online until communication is possible between the two | |
819 | servers. | |
820 | .RE | |
821 | .PP | |
822 | .B partner-state \fIinteger\fR examine | |
823 | .RS 0.5i | |
824 | Indicates the present state of the failover partner. | |
825 | .RE | |
826 | .PP | |
827 | .B local-stos \fIinteger\fR examine | |
828 | .RS 0.5i | |
829 | Indicates the time at which the DHCP server entered its present state | |
830 | in this failover relationship. | |
831 | .RE | |
832 | .PP | |
833 | .B partner-stos \fIinteger\fR examine | |
834 | .RS 0.5i | |
835 | Indicates the time at which the failover partner entered its present state. | |
836 | .RE | |
837 | .PP | |
838 | .B hierarchy \fIinteger\fR examine | |
839 | .RS 0.5i | |
840 | Indicates whether the DHCP server is primary (0) or secondary (1) in | |
841 | this failover relationship. | |
842 | .RE | |
843 | .PP | |
844 | .B last-packet-sent \fIinteger\fR examine | |
845 | .RS 0.5i | |
846 | Indicates the time at which the most recent failover packet was sent | |
847 | by this DHCP server to its failover partner. | |
848 | .RE | |
849 | .PP | |
850 | .B last-timestamp-received \fIinteger\fR examine | |
851 | .RS 0.5i | |
852 | Indicates the timestamp that was on the failover message most recently | |
853 | received from the failover partner. | |
854 | .RE | |
855 | .PP | |
856 | .B skew \fIinteger\fR examine | |
857 | .RS 0.5i | |
858 | Indicates the skew between the failover partner's clock and this DHCP | |
859 | server's clock | |
860 | .RE | |
861 | .PP | |
862 | .B max-response-delay \fIinteger\fR examine | |
863 | .RS 0.5i | |
864 | Indicates the time in seconds after which, if no message is received | |
865 | from the failover partner, the partner is assumed to be out of | |
866 | communication. | |
867 | .RE | |
868 | .PP | |
869 | .B cur-unacked-updates \fIinteger\fR examine | |
870 | .RS 0.5i | |
871 | Indicates the number of update messages that have been received from | |
872 | the failover partner but not yet processed. | |
873 | .RE | |
ee0cda4d TL |
874 | .SH FILES |
875 | .B ETCDIR/dhcpd.conf, DBDIR/dhcpd.leases, RUNDIR/dhcpd.pid, | |
876 | .B DBDIR/dhcpd.leases~. | |
877 | .SH SEE ALSO | |
66b01364 | 878 | dhclient(8), dhcrelay(8), dhcpd.conf(5), dhcpd.leases(5) |
ee0cda4d TL |
879 | .SH AUTHOR |
880 | .B dhcpd(8) | |
90e0ef94 | 881 | was originally written by Ted Lemon under a contract with Vixie Labs. |
98311e4b | 882 | Funding for this project was provided by Internet Systems |
a0497ac5 | 883 | Consortium. Version 3 of the DHCP server was funded by Nominum, Inc. |
98311e4b | 884 | Information about Internet Systems Consortium is available at |
2c85ac9b | 885 | .B https://www.isc.org/\fR. |