Inhaltsverzeichnis

DHCP4-Dienst mit festen IPv4-Adressen

dhcpd/KVM Bug beachten 1)

Pakete

Debian (ab 6.0):

isc-dhcp-server

openSuSE (ab 12.1):

dhcp-server

centos (6) :

dhcp  

Konfiguration

/etc/dhcp/dhcpd.conf : ( debian ab 6.0 )

/etc/dhcpd.conf : ( openSuSE 12.1, centos 6 )

authoritative;
ddns-update-style none;

log-facility local7;

subnet 192.168.1.0 netmask 255.255.255.0 {
  option domain-name "linuxhotel.de";
  option routers 192.168.1.1;
  option broadcast-address 192.168.1.255;
  default-lease-time 600;
  max-lease-time 7200;
}

use-host-decl-names on;

host notebook24 {
  hardware ethernet 00:16:d3:b9:a0:3e;
  fixed-address 192.168.1.224;
}

Debian ab 6.0

/etc/default/isc-dhcp-server :

INTERFACES="eth0"

SuSE

/etc/sysconfig/dhcpd:

DHCPD_INTERFACE="eth0"

CentOS (bis 6)

/etc/sysconfig/dhcpd :

# Command line options here
DHCPDARGS="eth0"

Testen

Debian, CentOS 5.3

dhcpd -t

SuSE

rcdhcpd check-syntax

starten

openSuSE (ab 12.1)

service dhcpd start
chkconfig dhcpd on

debian (ab 6.0)

service isc-dhcp-server restart

centos (ab 7)

service dhcpd start

Client testen

Optional: Interface mit passender Mac-Adresse anlegen: macvlan

DHCP Anfrage ohne Änderung:

Debian (ab 6.0) Ubuntu (18.04)

dhclient -d -sf /bin/true eth0

oder

dhclient -d -sf /usr/bin/env eth0

Unter Ubuntu 18.04 läuft dhclient in einem AppArmor-Käfig (confinement) und kann daher /bin/true und /usr/bin/env nicht ausführen. Lösung

openSuSE (12.3)

dhcpcd --test eth0

openSuSE (ab 42.1)

/usr/lib/wicked/bin/wickedd-dhcp4 --test eth0

IP-Adress-Pool

/etc/dhcp/dhcpd.conf
subnet 192.168.227.0 netmask 255.255.255.0 {
  range 192.168.227.50 192.168.227.69;
  …
}
dhcpd -t
service isc-dhcp-server restart
dhclient -d -sf /bin/true eth0
dhcp-lease-list

Clientseitiges DNS über DHCP konfigurieren

/etc/dhcp/dhcpd.conf
option domain-name "z03.example.org";
option domain-name-servers 192.168.202.13;
option domain-search "linuxhotel.de", "z03.example.org";

DHCP Client

DHCP Server Optionen überschreiben

Beispiel: eigene DNS-Informationen in die resolv.conf eintragen

/etc/dhcp/dhclient.conf
supersede domain-name "z03.test";
supersede domain-name-servers 192.168.203.101;

Tools

OMAPI / omshell

Ist eine Möglichkeit einen laufenden DHCP-Server ohne Neustart zu steuern ( leases, etc. ).

DHCP Failover

Debian 5.0

( noch nicht getestet )

mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.common.conf
scp /etc/dhcp3/dhcpd.common.conf notebook25.linuxhotel.de:/etc/dhcp3/dhcpd.common.conf

dhcpd.common.conf

/etc/dhcp3/dhcpd.common.conf :

subnet 192.168.1.0 netmask 255.255.255.0 {
  pool {
    failover peer "dhcp-failover";
    range 192.168.1.100 192.168.1.189;
  }
  option domain-name "linuxhotel.de";
  option domain-name-servers 192.168.1.4, 192.168.1.6;
  option routers 192.168.1.1;
  option broadcast-address 192.168.1.255;
}

Primary

/etc/dhcp3/dhcpd.conf :

failover peer "dhcp-failover" {
  primary ; # declare this to be the primary server
  address notebook20.linuxhotel.de;
  port 520;
  peer address notebook25.linuxhotel.de;
  peer port 520;
  max-response-delay 60;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 1800;
  split 128;
}

include "/etc/dhcp3/dhcpd.common.conf";
/etc/init.d/dhcp3-server restart

Secondary

/etc/init.d/dhcp3-server stop

/etc/dhcp3/dhcpd.conf :

failover peer "dhcp-failover" {
  secondary;
  address notebook25.linuxhotel.de;
  port 520;
  peer address notebook20.linuxhotel.de;
  peer port 520;
  max-response-delay 60;
  max-unacked-updates 10;
  load balance max seconds 3;
}

include "/etc/dhcp3/dhcpd.common.conf";
rm /var/lib/dhcp3/dhcpd.leases~
> /var/lib/dhcp3/dhcpd.leases
/etc/init.d/dhcp3-server start

Sekunden entsprechend mclt Eintrag warten …

Primary oder Secondary syncronisieren

z.B. nach Got POOLREQ, answering negatively! Peer may be out of leases or database inconsistent im Log …

/etc/init.d/dhcp3-server stop
rm /var/lib/dhcp3/dhcpd.leases~
> /var/lib/dhcp3/dhcpd.leases
/etc/init.d/dhcp3-server start

Sekunden entsprechend mclt Eintrag warten …

1)
Lösungsmöglichkeiten um UDP Checksum-Problem in KVM zu vermeiden:
  • in KVM e1000 als Netzwerkkarte auswählen,
  • oder: TX offloading in der Netzwerkkarte ausschalten
  • oder: mit iptables die Checksumme erzeugen