Dynamic Host Configuration Protocol (DHCP)

How to Prevent DHCP Client from Receiving IP from a Specific Server?

Sometimes, people may encounter multiple misconfigured DHCP servers in a LAN. Then you may keep receiving wrong IP/Gateway/DNS information that prevent you from connecting to the Internet.

Here's how to prevent your host from receiving DHCP information from the misconfigured server.

The following actions are tested under Oracle Enterprise Linux 5.

  • Get the name or ip of the misconfigured DHCP server by checking /var/lib/dhclient/dhclient-eth0.leases:

    lease {
  interface "eth0";
  fixed-address 10.182.121.208;
  option subnet-mask 255.255.254.0;
  option routers 10.182.120.1;
  option dhcp-lease-time 21600;
  option dhcp-message-type 5;
  option domain-name-servers 10.182.244.34,146.56.237.50,140.83.70.155;
  option dhcp-server-identifier 146.56.237.50;
  option broadcast-address 10.182.121.255;
  option domain-name "example.com";
  renew 2 2007/8/7 04:39:33;
  rebind 2 2007/8/7 07:34:09;
  expire 2 2007/8/7 08:19:09;
}

    The DHCP server IP is 146.56.237.50.

  • Create file /etc/dhclient.conf with contents:

    reject 146.56.237.50

    To reject more than one:

    reject 146.56.237.50
reject 146.56.237.51

    The reject statement causes the DHCP client to reject offers from servers who use the specified address as a server identifier. This can be used to avoid being configured by rogue or misconfigured dhcp servers, although it should be a last resort - better to track down the bad DHCP server and fix it.

  • Re-obtain DHCP information by restarting the network interface:

    # ifdown eth0
# ifup eth0

Setup multiple DHCP Servers in a Intranet

In this situation, when a DHCP client sends a request, which server response first, the client will use who's service.

To configure one server only response specific hosts (identified by MAC), and another server doesn't reponse these hosts, we can leverage client class here. One server configure file can be:

ddns-update-style none;
subnet 192.168.1.0 netmask 255.255.255.0 {
    option routers                192.168.1.102;
    option subnet-mask            255.255.255.0;
    option nis-domain             "domain.org";
    option domain-name            "domain.org";
    option domain-name-servers    192.168.1.102;
    option time-offset            -18000;
    default-lease-time            21600;
    max-lease-time                43200;

    class "vms" {
        # XenSource, Inc. and VMware, Inc. network cards
        match if (substring (pick-first-value (option dhcp-client-identifier, hardware), 0, 4) = 1:00:16:3E)
            or (substring (pick-first-value (option dhcp-client-identifier, hardware), 0, 4) = 1:00:0C:29)
            or (substring (pick-first-value (option dhcp-client-identifier, hardware), 0, 4) = 1:00:50:56)
            or (substring (pick-first-value (option dhcp-client-identifier, hardware), 0, 4) = 1:00:05:69);
            # match pick-first-value (option dhcp-client-identifier, hardware);
        }
        # subclass "myvms" 1:00:16:3E:00:00:11;

        pool {
            allow members of "vms";
            range dynamic-bootp 192.168.1.128 192.168.1.138;
        }
}

And another server only change allow to deny, and has different range:

$ diff -Nur server1_dhcpd.conf server2_dhcpd.conf
--- server1_dhcpd.conf  2007-05-17 15:59:31.000000000 +0800
+++ server2_dhcpd.conf  2007-05-17 16:02:20.000000000 +0800
@@ -20,8 +20,8 @@
         # subclass "myvms" 1:00:16:3E:00:00:11;

         pool {
-            allow members of "vms";
-            range dynamic-bootp 192.168.1.128 192.168.1.138;
+            deny members of "vms";
+            range dynamic-bootp 192.168.1.139 192.168.1.149;
         }
 }

None: DHCP (last edited 2010-01-27 03:36:26 by ZhigangWang)