Droms R. The DHCP handbook
Подождите немного. Документ загружается.
Allocation and Renewal in Response to a DHCPREQUEST
Message
After a DHCP client receives a DHCPOFFER message, if it chooses to select the address
the server offered, it responds with a
DHCPREQUEST message, requesting the offered
address. Clients with leases also send
DHCPREQUEST messages from time to time, to
renew their leases. When the server receives a
DHCPREQUEST message, it has three
choices:
• It can ignore the message.
• It can respond with a
DHCPNAK message.
• It can respond with a DHCPACK message.
If the server recognizes the address the client is requesting as its own—that is, if it is
in an address pool declaration or a static address assignment—and the address is
valid for the network segment to which the client is attached, the server checks
whether the client has permission to continue using the address. If the client does
not have permission to continue using the address, the server sends the client a
DHCPNAK message.
Sometimes a server sends a client a DHCPNAK message when it is not strictly allowed
by the protocol. For example, if the client is in the
RENEWING state, a DHCPNAK
message is unexpected, but the server can’t reliably tell that a client is in the RENEW-
ING state, so it might send a DHCPNAK message to the client anyway. Sending a
DHCPNAK message in this situation does not cause problems.
If the server recognizes the IP address being requested as its own, or if it is declared
to be authoritative, the server checks the address to see whether it is valid for the
subnet to which the client is attached. If it is not valid, the server responds with a
DHCPNAK message.
NOTE
The authoritative keyword indicates whether the network administrator believes that the
DHCP server has been configured with complete information about the network segments it
is serving. One of the things this affects is whether the server sends DHCPNAK messages aggres-
sively. Many DHCP servers do not send DHCPNAK messages aggressively, which causes prob-
lems when clients roam to new networks. A DHCP server should allow the user to control this
parameter so that users who are setting up DHCP servers that are not authoritative can avoid
causing problems, while network administrators can get the more efficient DHCPNAK behavior
that an authoritative DHCP server can provide.
CHAPTER 12 Theory of the Operation of a DHCP Server196
016 3273 CH12 10/3/02 4:59 PM Page 196
If the address is valid for the network segment to which the client is connected but
the server does not recognize the address, the server does not respond, even if the
client specifies the server’s address in the
dhcp-server-identifier option.
Lease Extensions
If the address the client is requesting is valid for the network segment to which the
client is attached and is an address the server can assign, and if the client is allowed
to use the address, the server computes the new expiration time for the lease. If the
client requests a particular lease duration, the server makes sure the requested lease
time is within a range specified by the
min-lease-time and max-lease-time parame-
ters. If the requested lease time is not within the specified range, it is set to the value
of
min-lease-time if it is too short or to the value of max-lease-time if it is too
long.
If the client does not request a specific lease duration, the lease duration specified in
the
default-lease-time is used, and the same limits are applied.
After the server computes the duration of the lease, it records the lease on disk and
waits for the operating system to confirm that the data was written to disk. It then
sends a
DHCPACK message with the computed lease duration to the client and writes a
log message. This sequence of events ensures that the DHCP server will never forget,
because of a power failure or system crash, that it has assigned a lease to a client.
Address Use Denied
There are several reasons a client could be unable to continue using its old address. If
the client is connected to a different network segment than it was when the address
it is requesting was allocated, it cannot continue using its old IP address because that
address simply wouldn’t work.
Another reason a client might not be able to continue using an address is that a
server administrator changed some configuration information, such as the pool
permit list. A pool permit list is a list of permits that apply to a particular pool. The
permits for a pool are checked against the client before an address from that pool is
allocated to the client. If the client matches all the permits, it is allowed to receive
an address from the pool; otherwise, it is not. Permits control access on the basis of
whether a client is a BOOTP or DHCP client, for example, or whether a client is a
member of a class. Classes are discussed in more detail in Chapter 20, “Conditional
Behavior.”
If the client received its address because it matched a pool’s permit list, but the
administrator changed the permit list and the client no longer matches it, the server
refuses to give the client the same IP address. It is also possible for the information
that the client sends to change so that the client no longer matches the permit list.
Allocation and Renewal in Response to a DHCPREQUEST Message 197
016 3273 CH12 10/3/02 4:59 PM Page 197
When this happens, the server also refuses to allocate the same IP address. For
example, suppose a subnet has two address pool declarations, as shown in
Example 12.1.
Example 12.1
pool {
range 10.0.0.10 10.0.0.99;
}
pool {
range 10.0.0.100 10.0.0.199;
}
Suppose that when a particular client first acquires its address, it is assigned the IP
address 10.0.0.10. After the client acquires this address, the administrator decides to
move all clients out of the 10.0.0.10–10.0.0.99 pool. The administrator modifies the
pool configuration as shown in Example 12.2 and then restarts the DHCP server.
Example 12.2
pool {
deny all clients;
range 10.0.0.10 10.0.0.99;
}
pool {
range 10.0.0.100 10.0.0.199;
}
When the client tries to renew its lease on IP address 10.0.0.10, the server checks the
permit list for the pool from which the address is allocated and finds that the client
can no longer use the address.
DNS Updates
If the DHCP server is doing DNS updates (see Chapter 11, “DHCP–DNS Interaction”),
it sends the DNS update before it writes the lease entry or sends the
DHCPACK
message. If the DHCP client supports the FQDN option, the DHCP server reports the
result of the update to the DHCP client in the
DHCPACK message.
If the server revokes a client’s lease by sending it a DHCPNAK message and it had previ-
ously done a DNS update for that client, the server removes the DNS information for
the client.
CHAPTER 12 Theory of the Operation of a DHCP Server198
016 3273 CH12 10/3/02 4:59 PM Page 198
If the client fails to renew its lease, when the lease expires, the DHCP server removes
the lease from the lease database. When the DHCP server is stopped and then
restarted, it checks to see whether any leases expired while it was stopped, and if so,
it removes any DNS entries that had been entered for those leases.
DHCP Message Handling
DHCP clients can send a variety of other messages during operation, including
DHCPDECLINE, DHCPRELEASE, DHCPINFORM, and DHCPLEASEQUERY messages. The follow-
ing sections discuss the handling of these messages.
DHCPDECLINE
Message Handling
A DHCP client can send DHCPDECLINE messages if it is assigned an IP address that
another client is using. The client detects this by sending an ARP request for the IP
address it is assigned when it receives a
DHCPACK message while in the REQUESTING
state. If it receives a response to this ARP message, the client knows that the address
it received is in use, so it sends a
DHCPDECLINE message, indicating to the DHCP
server that the client cannot use the address.
The ISC DHCP server normally honors
DHCPDECLINE messages from clients, creating
permanent leases for such addresses, marking them as abandoned (see the section
“Address Assignment”), and logging a message indicating that this happened. When
an address is marked as abandoned, it is not normally allocated to any client. If a
client is sending
DHCPDECLINE messages as a denial of service attack, the server
reclaims abandoned leases according to a strategy described later in this chapter. This
prevents such denial of service attacks from causing great harm, although they still
place an additional load on the DHCP server.
DHCPRELEASE
Message Handling
When a server receives a DHCPRELEASE message from a client, it changes the expira-
tion time of the lease to the current time and records the lease. A message is logged,
indicating that this happened.
DHCPINFORM
Message Handling
When the server receives a DHCPINFORM message, it collects the parameters that are
appropriate for the network segment that the client claims to be connected to and
sends them to the client in a
DHCPACK message. No address allocation is performed.
The server prints log messages, indicating that the
DHCPINFORM message was received
and that the
DHCPACK was sent. If the server has not been configured to be authorita-
tive, the server ignores and does not respond to
DHCPINFORM messages because the
information it has may not be correct.
DHCP Message Handling 199
016 3273 CH12 10/3/02 4:59 PM Page 199
DHCPLEASEQUERY Message Handling
The DHCPLEASEQUERY message is very new, and it is not supported by many DHCP
servers, including version 3.0 of the ISC DHCP server. However, this section talks
about how it might be handled by a DHCP server.
Unlike other DHCP messages that are sent to the DHCP server, the
DHCPLEASEQUERY
message comes from a DHCP relay agent, not from a DHCP client. Relay agents,
particularly in broadband ISP environments, frequently append routing information
to DHCP client messages before forwarding them to DHCP servers, using the
Relay
Agent Information option. These routers generally cache the DHCP server’s
response, which gives the router a mapping between the client’s IP address and infor-
mation about how to forward datagrams to the client. When such a router is
rebooted, it loses this cached information.
When the router then receives a datagram for a particular IP address that is no
longer in its cache, it sends a
DHCPLEASEQUERY message to the DHCP server that
contains the IP address in the
ciaddr field. The DHCP server then looks up that IP
address in the lease database and returns whatever information it has to the relay
agent, by using the
DHCPACK message. If the IP address hasn’t been assigned to a
client, the DHCP server returns a
DHCPNAK message instead.
In order for the DHCPLEASEQUERY message to be useful, the DHCP server must store
the information that the relay agent sent in the
Relay Agent Information option.
DHCP servers frequently do this anyway because the information is useful in other
situations such as identifying the client or associating the client with its location on
the network.
Abandoned Lease Address Reclamation
The DHCP server attempts to reclaim abandoned leases in situations where it appears
that the lease is abandoned due to an implementation error in the DHCP client. If a
DHCP client sends a
DHCPREQUEST message, requesting an abandoned IP address, the
server removes the flag which indicates that the lease is abandoned and enables the
client to renew the lease.
If there are no IP addresses available for allocation but there are abandoned
addresses, the DHCP server reclaims one of the abandoned IP addresses and attempts
to assign it to a client. The server uses an ICMP echo check, as described in early in
this chapter, to check on the availability of the address and it abandons the lease
again if the address still appears to be in use. If the address does not appear to be in
use, the server assigns it to the client.
CHAPTER 12 Theory of the Operation of a DHCP Server200
016 3273 CH12 10/3/02 4:59 PM Page 200
NOTE
The lease database is a simple log-structured file, and each lease update is written to the end
of it. It is common for there to be several entries in the lease database for the same IP address.
Without some kind of compaction algorithm, the file simply grows without bound until the
disk on which it is stored becomes full. To prevent this from happening, the server rewrites
the lease database from its in-memory database once every hour. After the file is rewritten, the
old version is saved as a backup and the new one is moved into place.
Summary
The DHCP server runs continuously as a background process, processing client
requests as they arrive. When a client request for a new IP address arrives, the server
must attempt to allocate an address, either from the dynamic pool or by using a
prearranged static assignment. If an address is found for the client, the server ensures
that it is not in use and then offers it to the client.
When a client tries to renew a lease, the server must decide whether the IP address
the client is renewing is appropriate for the client. It must tell the client to stop
using the address, tell the client it can continue using the address, or remain silent.
If the server finds an IP address that should be available but is nonetheless in use, it
does not assign the address to a client but marks it as abandoned. The server does
not attempt to use addresses marked as abandoned unless a shortage of IP addresses
occurs during some subsequent address allocation attempt. If such a shortage occurs,
the server again attempts to allocate abandoned addresses.
The server maintains a persistent database of leases that are confirmed to DHCP
clients and does not send a message to the client to confirm a lease until the lease is
written to the persistent database.
Summary 201
016 3273 CH12 10/3/02 4:59 PM Page 201
016 3273 CH12 10/3/02 4:59 PM Page 202
IN THIS CHAPTER
•Installing the Microsoft DHCP
Server
• Managing DHCP Servers
• Configuring DHCP Servers
• Controlling the Windows
DHCP Server
13
The Microsoft DHCP
Server
The Microsoft DHCP service is distributed as part of
Windows 2000 Server and it includes two components: the
DHCP server and the DHCP manager. The DHCP server is
responsible for all interactions with DHCP clients, and the
DHCP manager provides a user interface for controlling
and configuring the server.
This chapter describes how to install, configure, and
manage the Microsoft server. Appendix A, “Microsoft
DHCP Server Examples,” includes additional examples and
screen shots of Microsoft server use.
Installing the Microsoft DHCP Service
You install the Microsoft DHCP service on Windows 2000
with the Add/Remove Programs option in the Control
Panel. To bring up this option, select the Start menu,
and then select Settings, Control Panel, as shown in
Figure 13.1. Double-click the
Add/Remove Programs icon,
and then select the
Add/Remove Windows Components icon.
Next, select Networking Services and click the Details
button. Scroll down and select the Dynamic Host
Configuration Protocol (DHCP) entry, as shown in
Figure 13.2, and click the OK button. This process loads
both the DHCP server and the DHCP manager.
017 3273 CH13 10/3/02 4:56 PM Page 203
CHAPTER 13 The Microsoft DHCP Server204
FIGURE 13.1 Starting the Add/Remove Programs icon from the Control Panel.
FIGURE 13.2 Installing the Microsoft DHCP service from the Add/Remove Programs
dialog box.
017 3273 CH13 10/3/02 4:56 PM Page 204
When the Microsoft DHCP service is installed, DHCP server is configured to start
automatically (along with other services) when you start Windows 2000. However,
the server doesn’t respond to incoming client requests until you configure and acti-
vate the scopes, as described in the next section of this chapter. You can control the
operation of the server by using the Service option from the Control Panel, which is
described in more detail later in this chapter.
You must fully configure the Microsoft DHCP server before activating any scopes;
otherwise, the server might respond to client requests with incomplete or incorrect
configuration information. It might also interfere with the operation of clients that
are managed by other servers, by inappropriately sending
DHCPNAK messages for
requests from network segments that are not yet included in the server’s
configuration.
Managing DHCP Servers
The Microsoft DHCP service can include multiple DHCP servers, which are
controlled through the DHCP manager. The installation process configures the
DHCP manager for a DHCP server that is running on the same computer
as the DHCP manager. If you plan to use other DHCP servers, you must
configure the DHCP manager for the additional servers.
You start the DHCP manager by clicking the Start menu and then selecting
Programs, Administrative Tools, DHCP, as shown in Figure 13.3.
To add a new server, select Action, Add Server. The DHCP manager displays the
window shown in Figure 13.4. Enter the name or IP address of the new server and
click OK. The DHCP manager contacts the new server and adds it to its list of avail-
able servers.
Configuring DHCP Servers
The Microsoft server configuration is defined around scopes, which are similar to the
subnet declarations for the ISC server. Each scope defines a network segment, the
addresses available for assignment within that network segment, and the subnet
mask for the segment. The definition of a scope in the Microsoft server performs the
same function as the
subnet and range settings in the ISC configuration file and is
unrelated to the concept of scopes and scoping in the ISC DHCP server.
Configuring DHCP Servers 205
017 3273 CH13 10/3/02 4:56 PM Page 205