Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
11 Securing Your Network From DHCP Risks

Like many basic Internet protocols, DHCP was not originally designed with a robust security model, but was designed for simplicity of implementation and ease of deployment. Care should be taken in networks that use DHCP to avoid common security pitfalls.…

12 A Basic Guide to Configuring DHCP Failover

Setting Up DHCP Failover: A Basic Overview Many of the syntax options presented here are explained in more detail in the dhcpd.conf man page distributed with dhcp. It is recommended that you consult that document for specifics once you have grasped the basic…

13 How DHCP uses raw sockets

Question: How does DHCP use raw sockets? Is it possible not to use them? Answer:The DHCP protocol has some odd requirements to really work properly. Being able to transmit to and receive packets sent to the all-ones limited broadcast address (255.255.255.255),…

14 DHCP failover peers at a distance - configuration, loading and bandwidth considerations

Question: Are there any recommendations on the feasibility of running geographically-separated (e.g. two corners of the U.S) DHCP failover peers on a public network? What is the practical minimal communication channel requirement? Answer: We know of users…

15 DHCPv6 and link-local IPv6 interface addresses

Problem: For DHCPv6 server, if we want dhcpd listening on a certain interface it requires a subnet declaration in dhcpd.conf which covers the interface's address, otherwise, the dhcpd server will refuse to listen on the specified interface. For example, we…

16 bind update on xx.xx.xx.xx from <peername> rejected: incoming update is less critical than outgoing update

Question: I'm seeing this error being logged: bind update on xx.xx.xx.xx from <peername> rejected: incoming update is less critical than outgoing update What does it mean? Answer: What's happening is the local server is sending a binding update, and…

17 Why are the lease times short and random during communication-interrupted state?

Question: We experienced a DHCP server failure at our site. During recovery with only one server in service, it was operating in communications-interupted mode. During this time we observed that it was handing out very short leases of apparently random lengths…

18 How does pool rebalance work between failover pairs?

In 3.0.x, there was no min-balance parameter - it was introduced in 3.1.x when the mechanism for pool rebalancing was changed. In 3.0.x, the server attempted to perform rebalance on a pool for every /successful/ allocation. if it could not rebalance the pool…

19 Using RAMdisks and other similar volatile storage for the leases file

It can be tempting to consider using high speed but volatile storage for the dhcpd leases files in an attempt to improve performance where there are i/o bottlenecks. Often this is accompanied by a plan to routinely copy the lease file to hard disk, for example…

20 Why is it necessary to declare all the subnets?

It's necessary to declare the subnets in dhcpd.conf for any interfaces on which you want to use DHCP protocols: - the subnets on which you are listening for and responding to client requests and leasequeries - the subnets for which you are providing client…