Solved Installing a DHCP Server

putney said:
I think the handbook needs updating. See this recently resuscitated thread & in particular the recommendation of net/dhcpd to replace the end-of-life net/isc-dhcp44-server
Click to expand...
Good point.

See also https://www.isc.org/blogs/isc-dhcp-eol/

Does this mean ISC DHCP won’t work anymore?

No. The existing open source software will continue to function as it has, and current operators do not need to stop using ISC DHCP. Many networks with stable DHCP systems that are well-isolated from the open Internet can continue using ISC DHCP as long as their current systems function. However, it is time to start thinking about a migration plan to a more modern system that is actively maintained.

Network and system administrators deploying DHCP in new environments should look beyond ISC DHCP for a solution, as it would be irresponsible to invest in new deployments of this software which is now end-of-life. Naturally, ISC suggests new users consider our Kea DHCP server, but there are alternatives.
Click to expand...

The Kea server is in ports under net/kea
 
T-Daemon said:
If you don't need a "Highly Available DHCP Server", you can stick to handbook chapter 32.6.2. Installing and Configuring a DHCP Server.
Click to expand...
I'm looking at getting this working, although I'm trying to create a very simple configuration just to service a few hosts on my 192.168.1.0/24 LAN.

10 options are listed and I don't know how many are optional.

I assume that there are built in defaults for maximum (5) and default (4) lease times and that initially I don't a domain name (1) or a domain name server (2).
Also not sure which of the options (8) (9) (10) are required, at least not at the begining.
 
Phishfry said:
The handbook is outdated for DHCP server. Kea is the replacement.

Instructions are probably similar.

Use dnsmasq, They wont change their entire project for no good reason.
Click to expand...
I'm having a look at dnsmasq. I presume it must be set up with a static IP address.
What about routing?
 
balanga said:
I presume it must be set up with a static IP address.
Click to expand...
No it is DHCP server. Just like the rest. You can do static DHCP addresses in dnsmasq.conf if you like.

DHCP Server:
You give DHCP server address range to dole out to clients. Can dole out addresses over multiple host network addresses.
For example over a wired network and a wireless network on a whole different IP range.
 
Here is my/usr/local/etc/dnsmasq.conf
Code: 
domain-needed
bogus-priv
strict-order
no-resolv
interface=lagg0
interface=em1
listen-address=127.0.0.1,192.168.1.1,192.168.2.1
expand-hosts
server=208.67.220.220
server=208.67.222.222
local=/localdomain/
domain=localdomain
dhcp-authoritative
dhcp-range=set:em1,192.168.2.10,192.168.2.20,72h
dhcp-range=set:lagg0,192.168.1.100,192.168.1.170,72h
dhcp-option=em1,option:router,192.168.2.1
dhcp-option=lagg0,option:router,192.168.1.1
dhcp-option=option:dns-server,208.67.220.220,208.67.222.222
dhcp-option=option:domain-search,localdomain
#dhcp-option-force=option:domain-search,internal,localdomain
#log-dhcp
#log-queries
#log-facility=/var/log/dnsmasq.log
dhcp-leasefile=/var/db/dnsmasq/dnsmasq.leases
cache-size=500
no-negcache
## conf ###
conf-dir="/usr/local/etc/dnsmasq.d"
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
### Static IP ###
dhcp-host=77:77:77:77:77:77,APU2,192.168.1.5

See how you set the DNS servers here.
server=8.8.8.8 for borg. I been using opendns with good results.

The ##conf## section has my blocklist for junk. A nice pi-hole like feture.

cd /usr/local/etc/dnsmasq.d
fetch https://raw.githubusercontent.com/hagezi/dns-blocklists/main/dnsmasq/ultimate.txt
service dnsmasq restart
 
Code: 
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
#option domain-name "fugue.com";
#option domain-name-servers toccata.fugue.com;

option subnet-mask 255.255.255.0;
#default-lease-time 600;
#max-lease-time 7200;

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.100 192.168.1.110
#  option name-servers bb.home.vix.com, gw.home.vix.com;
#  option domain-name "vix.com";
#  option routers 192.5.5.1;
  option subnet-mask 255.255.255.0;
#  option broadcast-address 192.5.5.31;
#  default-lease-time 600;
#  max-lease-time 7200;
}
Can I use the settings above?
 
balanga said:
Can I use the settings above?
Click to expand...
It works as far as assigning an IP address to a client, although not as I expected.

I thought these options would assign an address in the range 100 - 110 but the client has 147

Code: 
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.110

Also, I don't see how to set defaultrouter
 
Phishfry said:
Oh boy Kea uses the Curly style bracketry for configuration. So leet.

kb.isc.org

Kea Configuration for Small Office or Home Use

This article provides a basic Kea configuration for small office or home users. This simple configuration should be useful, although your specific situation may be more complex.
kb.isc.org kb.isc.org
Click to expand...
IMHO Kea is a textbook example of the second-system-syndrome: hopelessly over-engineered and way too complex for the simple task(s) it has to handle.

On existing servers I still mostly run isc-dhcp (I predict it will still be available for many years to come...) and when setting up new servers or migrating, I just use net/dhcpd which is pretty much a drop-in replacement with the same sane config syntax we used for the last quarter of a century. Plus it is BSD-licensed, not GPL like pretty much all non-isc-alternatives in that very incomplete (or biased?) comparison list on Wikipedia...
 
balanga said:
I don't see how to set defaultrouter
Click to expand...
option routers {....}

Complete example:
Code: 
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.100 192.168.1.110;
  option routers 192.168.1.1;
  option domain-name "example.com.";
  option domain-name-servers 192.168.1.1;
}
Don't forget the ; at the end of each line.
 
Is the above example sufficient to have a functioning dnsmasq server?

I keep getting .147 assigned instead of something from the specified range.

How do I delete a lease for a client?

Chatgpt says I can run this:-

sudo dhclient -r <interface>

but that doesn't work.
 
Code: 
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
Don't mix up your configuration files.
 
It seems I have a basic dhcp server up and running now.

One thing i'm not sure about is how to set the IP address of the server itself.
Do I set it up with a static IP address or does it determine the address from the config file, in which case do i set ifconfig_em0='dhcp' in rc.conf ?
 
The DHCP server itself needs a static IP address on the interface it is serving DHCP on. As you are setting up DHCP on your gateway host, which typically has a .1 IP adres already. Not a specific rule, but you usually take the first or last IP address of a range as gateway address, that's common practice. On a /24 subnet that's .1 or .254.

balanga said:
does it determine the address from the config file
Click to expand...
No, the configuration only tells it on which interface you will be serving DHCP on. That interface needs to have an IP address (you set this in rc.conf).

For example:
Code: 
ifconfig_em0="inet 192.168.99.1 netmask 255.255.255.0"
dhcpd_enable="YES"
dhcpd_ifaces="em0"

And your dhcpd.conf:
Code: 
subnet 192.168.99.0 netmask 255.255.255.0 {
  range 192.168.99.10 192.168.99.200;
  option routers 192.168.99.1;
  option domain-name "example.com.";
  option domain-name-servers 192.168.99.1;
}

Now, hosts on the same broadcast domain as the em0 interface will be able to DHCP and get a dynamic address in the 192.168.99.10-200 range.
 
Phishfry said:
Here is my/usr/local/etc/dnsmasq.conf
Code: 
domain-needed
bogus-priv
strict-order
no-resolv
interface=lagg0
interface=em1
listen-address=127.0.0.1,192.168.1.1,192.168.2.1
expand-hosts
server=208.67.220.220
server=208.67.222.222
local=/localdomain/
domain=localdomain
dhcp-authoritative
dhcp-range=set:em1,192.168.2.10,192.168.2.20,72h
dhcp-range=set:lagg0,192.168.1.100,192.168.1.170,72h
dhcp-option=em1,option:router,192.168.2.1
dhcp-option=lagg0,option:router,192.168.1.1
dhcp-option=option:dns-server,208.67.220.220,208.67.222.222
dhcp-option=option:domain-search,localdomain
#dhcp-option-force=option:domain-search,internal,localdomain
#log-dhcp
#log-queries
#log-facility=/var/log/dnsmasq.log
dhcp-leasefile=/var/db/dnsmasq/dnsmasq.leases
cache-size=500
no-negcache
## conf ###
conf-dir="/usr/local/etc/dnsmasq.d"
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
### Static IP ###
dhcp-host=77:77:77:77:77:77,APU2,192.168.1.5
Click to expand...

Thanks for this config. It looks like it is designed for a heavy duty server.

I don't undertstand many of these setting and would initially like to use the options I need to get up and running so want to use a minimal set of options to understand what their functions are.

Can you tell me which of these options I need to have? I am using a small LAN of maybe four systems, which currently access the Internet through a USB tethered phone.

bogus-priv
strict-order
no-resolv

listen-address=127.0.0.1,192.168.1.1,192.168.2.1
expand-hosts
server=208.67.220.220

local=/localdomain/
domain=localdomain
dhcp-authoritative

dhcp-option=option:dns-server,208.67.220.220,208.67.222.222
dhcp-option=option:domain-search,localdomain
#dhcp-option-force=option:domain-search,internal,localdomain

dhcp-leasefile=/var/db/dnsmasq/dnsmasq.leases
cache-size=500
no-negcache
## conf ###
conf-dir="/usr/local/etc/dnsmasq.d"
# This fixes a security hole. see CERT Vulnerability VU#598349
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
Click to expand...
 
You must log in or register to reply here.
Back
Top