Chapter 27. DHCP / 27.3. The DHCP Server dhcpd | ||||
|---|---|---|---|---|
 | 27.2. DHCP Software Packages | 27.4. For More Information |  | |
Chapter 27. DHCP / 27.3. The DHCP Server dhcpd | ||||
|---|---|---|---|---|
| 27.2. DHCP Software Packages | 27.4. For More Information | | |
The core of any DHCP system is the dynamic host configuration
protocol daemon. This server leases addresses and
watches how they are used, according to the settings defined in the
configuration file /etc/dhcpd.conf. By changing the
parameters and values in this file, a system administrator can influence the
program's behavior in numerous ways.
Look at the basic sample /etc/dhcpd.conf file
in Example 27.1, “The Configuration File /etc/dhcpd.conf”.
Example 27.1. The Configuration File /etc/dhcpd.conf
default-lease-time 600; # 10 minutes
max-lease-time 7200; # 2 hours
option domain-name "cosmos.all";
option domain-name-servers 192.168.1.1, 192.168.1.2;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
subnet 192.168.1.0 netmask 255.255.255.0
{
range 192.168.1.10 192.168.1.20;
range 192.168.1.100 192.168.1.200;
}
This simple configuration file should be sufficient to get the DHCP server to assign IP addresses in the network. Make sure that a semicolon is inserted at the end of each line, because otherwise dhcpd will not be started.
The above sample file can be divided into three sections.
The first one defines how many seconds an IP address is
leased to a requesting client by default
(default-lease-time) before it should apply for renewal.
The section also includes a statement of the maximum period for which a
machine may keep an IP address assigned by the DHCP server without applying
for renewal (max-lease-time).
In the second part, some basic network parameters are defined on a global level:
The line option domain-name defines the default domain
of your network.
With the entry option domain-name-servers, specify up
to three values for the DNS servers used to resolve IP addresses
into hostnames and vice versa. Ideally, configure a name server
on your machine
or somewhere else in your network before setting up DHCP. That name server
should also define a hostname for each dynamic address and vice versa. To
learn how to configure your own name server, read Chapter 24, The Domain Name System.
The line option broadcast-address defines the broadcast
address to be used by the requesting client.
With option routers, tell the server where to send data
packets that cannot be delivered to a host on the local network (according
to the source and target host address and the subnet mask provided). In
most cases, especially in smaller networks, this router is identical
to the Internet gateway.
With option subnet-mask, specify the netmask assigned
to clients.
The last section of the file is there to define a network, including a
subnet mask. To finish, specify the address range that the DHCP daemon
should use to assign IP addresses to interested clients. In this example,
clients may be given any address between 192.168.1.10 and
192.168.1.20 as well as 192.168.1.100
and 192.168.1.200.
After editing these few lines, you should be able to activate the DHCP
daemon with the command
rcdhcpd start. It will be ready for
use immediately. Use the command
rcdhcpd check-syntax to perform a
brief syntax check. If you encounter any unexpected problems with your
configuration—the server aborts with an error or does not return
done on start—you should be able to find
out what has
gone wrong by looking for information either in the main system log
/var/log/messages or on console 10
(Ctrl-Alt-F10).
On a default SUSE LINUX system, the DHCP daemon is started in a chroot
environment for security reasons. The configuration files must be copied to
the chroot environment so the daemon can find them. Normally, there is no
need to worry about this because the command
rcdhcpd start automatically copies
the files.
As mentioned above, DHCP can also be used to assign a predefined, static address to a specific client for each request. Addresses assigned explicitly always take priority over dynamic addresses from the pool. Furthermore, a static address never expires in the way a dynamic address would, for example, if there were not enough addresses available so the server needed to redistribute them among clients.
To identify a client configured with a static address,
dhcpd uses the hardware address, which is a
globally unique, fixed numerical code consisting of six octet pairs for the
identification of all network devices (for example,
00:00:45:12:EE:F4). If the respective lines, like the
ones in Example 27.2, “Additions to the Configuration File”, are added to
the configuration file of Example 27.1, “The Configuration File /etc/dhcpd.conf”,
the DHCP daemon always assigns the same set of data to the
corresponding client under all circumstances.
Example 27.2. Additions to the Configuration File
host earth {
hardware ethernet 00:00:45:12:EE:F4;
fixed-address 192.168.1.21;
}
The name of the
respective client (host
hostname, here
earth) is entered
in the first line and the MAC address in the second line. On Linux hosts,
this address can be determined with the command ifstatus
followed by the network device (for example, eth0). If
necessary, activate the network card first with
ifup eth0. The output should
contain something like
link/ether 00:00:45:12:EE:F4
In the above example, a client with a network card having the MAC address
00:00:45:12:EE:F4 is assigned the IP address 192.168.1.21 and the hostname
earth automatically. The type of hardware to enter is
ethernet in nearly all cases, although
token-ring, which is often found on IBM systems, is also
supported.
To improve security, the SUSE version of the ISC's DHCP server comes with
the non-root/chroot patch by Ari Edelkind applied. This enables
dhcpd to
run with the user ID nobody
and
run in a chroot environment (/var/lib/dhcp).
To make this possible, the configuration file
dhcpd.conf must be located in
/var/lib/dhcp/etc. The
init script automatically copies the file to this directory when starting.
Control the server's behavior regarding this feature by means of
entries in the file
/etc/sysconfig/dhcpd. To
run dhcpd without the chroot
environment, set the variable DHCPD_RUN_CHROOTED in
/etc/sysconfig/dhcpd to “no”.
To enable dhcpd to resolve hostnames even from within the chroot environment, some other configuration files must be copied as well:
/etc/localtime
/etc/host.conf
/etc/hosts
/etc/resolv.conf
These files are copied to /var/lib/dhcp/etc/
when starting the init
script. Take these copies into account for any changes that they
require if they are dynamically modified by scripts like
/etc/ppp/ip-up. However, there should be no need to
worry about this if the configuration file only specifies IP addresses
(instead of hostnames).
If your configuration includes additional files that should be copied into
the chroot environment, specify these under the variable
DHCPD_CONF_INCLUDE_FILES in the file
etc/sysconfig/dhcpd. To make sure the DHCP logging
facility keeps working even after a restart of the syslog daemon, it is
necessary to add the option "-a /var/lib/dhcp/dev/log"
under SYSLOGD_PARAMS in the file
/etc/sysconfig/syslog.
