headers
Martin McCormick | 3 Aug 2003 21:35

dhcp Update Timeout. No Good Reason I can find.

   *** From dhcp-server -- To unsubscribe, see the end of this message. ***

	I am seeing a situation in which the dhcp server registers the
following error message when it tries to update a reverse map which is
running on the very same piece of hardware as the dns that supports
that reverse  map:

Aug  3 03:04:06 ns dhcpd: can't remove reverse map on
	162.8.25.10.in-addr.arpa.: timed out
	
	The same server updates forward maps in the same address range
on the same platform.  I also see the same outcome when it tries to
write a new reverse map.

	If I manually use the same key under nsupdate, I can
successfully manipulate reverse records in that zone.  When looking at
the zone statements in the dhcpd.conf file, both forward and reverse
zones use the same key and the dhcp server can write forward maps all
day long without mishaps.

	In the past when there is an authority problem, I have seen
refusal statements in the error message.  This just appears to not get
any response.

	Bind is set to allow updates from localhost or anybody with
the key.

	It used to work so I have changed something by accident.

	Thank you for your ideas.
(Continue reading)

Permalink | Reply | 3 comments |
headers
Mike Diggins | 4 Aug 2003 05:03
Picon
Picon
Favicon

host statements

   *** From dhcp-server -- To unsubscribe, see the end of this message. ***

Is there anyway for the DHCP v3 server to recognize fixed address host
statements as known hosts as in 'allow known hosts'. In other words, if I
have a host statement:

host name { hardware ethernet 00:00:86:19:1E:61; fixed-address
192.168.143.55; }

Can I create a pool with 'allow known clients' and have it recognize this
host? It appears I have to add a second host statement statement without
the fixed-address which means I have to have two statements for most of my
hosts. In my organization we assign a fixed address for the office and a
"roaming" dynamic address when there on another network. I'd like to be
able to use just one host statement.

-Mike

-----------------------------------------------------------------------
List Archives : http://www.isc.org/ml-archives/dhcp-server/
Unsubscribe   : http://www.isc.org/dhcp-lists.html    
-or-          : mailto:dhcp-server-request <at> isc.org?Subject=unsubscribe  
-----------------------------------------------------------------------
Permalink | Reply | 1 comment |
headers
Simon Hobson | 4 Aug 2003 09:53

Re: dhcp Update Timeout. No Good Reason I can find.

   *** From dhcp-server -- To unsubscribe, see the end of this message. ***

Martin McCormick wrote:

>Aug  3 03:04:06 ns dhcpd: can't remove reverse map on
>	162.8.25.10.in-addr.arpa.: timed out

Does BIND log anything at this time ?

If you do not get anything logged by BIND then it is probably a 
communication issue (ie the request is not getting to the right 
server). If you do get something logged then the message should give 
you some clue as to the problem.

Simon

--

-- 

NOTE: This is a throw-away email address which will reach me for as 
long as it stays spam-free, remove date for real address.

Simon Hobson, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101

Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.

-----------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 0 comments |
headers
Larry Sheldon | 4 Aug 2003 14:44
Picon
Favicon

Re: host statements

   *** From dhcp-server -- To unsubscribe, see the end of this message. ***

> Is there anyway for the DHCP v3 server to recognize fixed address host
> statements as known hosts as in 'allow known hosts'. In other words, if I
> have a host statement:
> 
> host name { hardware ethernet 00:00:86:19:1E:61; fixed-address
> 192.168.143.55; }
> 
> Can I create a pool with 'allow known clients' and have it recognize this
> host? It appears I have to add a second host statement statement without
> the fixed-address which means I have to have two statements for most of my
> hosts. In my organization we assign a fixed address for the office and a
> "roaming" dynamic address when there on another network. I'd like to be
> able to use just one host statement.

I am hoping the answer is--the host will get the assigned address at home,
and a pool address for knowns, or pool address knowns and unknowns, if one
exists, when roaming.
--
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
. L. F. (Larry) Sheldon, Jr.                                            .
- Unix Systems and Network Administration                               -
. Creighton University Computer Center-Old Gym                          .
- 2500 California Plaza                                                 -
. Omaha, Nebraska, U.S.A.  68178       Two identifying characteristics  .
- lsheldon <at> creighton.edu                  of System Administrators:     -
. 402 280-2254 (work)                Infallibility, and the ability to  .
- 402 681-4726 (cellular)               learn from their mistakes.      -
. 402 332-4622 (residence)                (Adapted from Stephen Pinker) .
(Continue reading)

Permalink | Reply | 0 comments |
headers
Martin McCormick | 4 Aug 2003 15:51

Re: dhcp Update Timeout. No Good Reason I can find.

   *** From dhcp-server -- To unsubscribe, see the end of this message. ***

Simon Hobson writes:
>If you do not get anything logged by BIND then it is probably a 
>communication issue (ie the request is not getting to the right 
>server). If you do get something logged then the message should give 
>you some clue as to the problem.

	Thank you.  The problem was in the zone file, itself, for the
reverse map.  I had made a master and slave dns switch roles some time
ago and the master ended up with the wrong server in the NS list which
orphaned all the update attempts to the private network reverse map.
Since little to no email or other services that use the reverse map
are found in our private network at this time, nobody ever complained
even though this condition existed for longer than I care to admit.  I
only happened to notice it when I looked at the syslog file to watch
our dhcp server after making a change and discovered that every single
registration succeeded with the forward map, but timed out on the
reverse map.  No log entries existed in the name server log that were
even close to the times in question so it was obvious that nothing
happened at all.

	This is what can only be called a bonehead mistake.
I was so sure that I had dhcp configured wrong.

Martin McCormick

-----------------------------------------------------------------------
List Archives : http://www.isc.org/ml-archives/dhcp-server/
Unsubscribe   : http://www.isc.org/dhcp-lists.html
(Continue reading)

Permalink | Reply | 0 comments |
headers
Alex Sharaz | 5 Aug 2003 12:21
Picon

simple question about testing dhcpd config files

   *** From dhcp-server -- To unsubscribe, see the end of this message. ***

hi all,
I've got a simple question re testing the validity of a dhcpd.conf file
I know I can do a

dhcpd -t -f <dhcp config file>

to determine whether there the config file is valid, but how do i 
incorporate it into a script?

I have a cron job that regularly updates the dhcpd.conf file and what I'd 
like to do is verify the new file before i overwrite the production one 
with the new copy.

Is there a status variable that is set anywhere that I can test in a script

TIA
alex
Sent using Mulberry 3.01a

-----------------------------------------------------------------------
List Archives : http://www.isc.org/ml-archives/dhcp-server/
Unsubscribe   : http://www.isc.org/dhcp-lists.html    
-or-          : mailto:dhcp-server-request <at> isc.org?Subject=unsubscribe  
-----------------------------------------------------------------------
Permalink | Reply | 2 comments |
headers
John Hascall | 5 Aug 2003 15:17
Favicon

Re: simple question about testing dhcpd config files

   *** From dhcp-server -- To unsubscribe, see the end of this message. ***

>    *** From dhcp-server -- To unsubscribe, see the end of this message. ***
> 
> hi all,
> I've got a simple question re testing the validity of a dhcpd.conf file
> I know I can do a
> 
> dhcpd -t -f <dhcp config file>
> 
> to determine whether there the config file is valid, but how do i 
> incorporate it into a script?
> 
> I have a cron job that regularly updates the dhcpd.conf file and what I'd 
> like to do is verify the new file before i overwrite the production one 
> with the new copy.
> 
> Is there a status variable that is set anywhere that I can test in a script

Yes, for example (using /bin/sh):

   :
# (generate  ${CONFFILE}.new)
   :
rm -f ${CONFFILE}.old
rm -f ${BADCFILE}
/usr/sbin/dhcpd -t -cf ${CONFFILE}.new > ${BADCFILE} 2>&1
[ $? -ne 0 ] && {                                                   <==here
        echo Restart failed: BAD CONFIG `date` >> ${RLOGFILE}
        mail -s "BAD dhcpd.conf FILE" ${MAILTO} < ${BADCFILE}
(Continue reading)

Permalink | Reply | 0 comments |
headers
Josh Richard | 5 Aug 2003 15:28
Picon

Re: simple question about testing dhcpd config files

   *** From dhcp-server -- To unsubscribe, see the end of this message. ***

This works with Perl:
You check the return value of a system call to dhcpd...

--- cut begin
my $config_bad = system"/path_to/dhcpd -t -q -cf $otFile";

if ($config_bad){#something is wrong with the config file.  Send email 
and keep the current version running
    my $error = `/path_to/dhcpd -t -cf $otFile 2>&1`;
    chomp $error;
    # $error contains the error message dhcpd sent out.  Mail it to 
whoever you like.
    } else{    # we have a good dhcpd.conf, do something...
}
--- cut end

Regards,

Josh Richard

Alex Sharaz wrote:

>   *** From dhcp-server -- To unsubscribe, see the end of this message. ***
>
>hi all,
>I've got a simple question re testing the validity of a dhcpd.conf file
>I know I can do a
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Josh Richard | 6 Aug 2003 16:35
Picon

Vendor options sent in clear text or encoded?

   *** From dhcp-server -- To unsubscribe, see the end of this message. ***

<This is a repost...in case it was missed...;)>

I am wondering if anyone can offer direction here.
We are using sunrays and want to supply vendor encapsulated options to
the clients (much like the response below).

I modified our dhcpd.conf file to include only:

if option vendor-class-identifier = "SUNW.NewT.SUNW" {
         vendor-option-space SunRay;
}
option SunRay.AuthSrvr code 21 = ip-address;
option SunRay.NewTVer  code 23 = text;
option SunRay.FWSrvr   code 31 = ip-address;

and the necessary values for the above variables for our site.

The values are in the global scope as well as the definitions.  When our
test sunray boots, it loops around continously.  I used tcpdump to dump
the binary data on the dhcp server (tcpdump -lenx -s 1500 -w dhcp.out
port bootps or port bootpc) and ran the data through tehtereal
(tethereal -Vr dhcp.out | more) and do not see the encapsulated options
being given out.

My specific questions are:

1. Are the vendor encapsulated options given in clear text like regular
options or are they garbled somehow?
(Continue reading)

Permalink | Reply | 1 comment |
headers
Ted Lemon | 6 Aug 2003 18:58

Re: Vendor options sent in clear text or encoded?

   *** From dhcp-server -- To unsubscribe, see the end of this message. ***

I think it would be worth your time to go do some reading on the format of 
DHCP packets.   They're very simple - it won't take you long.   The short 
answer to your question is, nothing in a DHCP packet is ever 
privacy-protected.

-----------------------------------------------------------------------
List Archives : http://www.isc.org/ml-archives/dhcp-server/
Unsubscribe   : http://www.isc.org/dhcp-lists.html    
-or-          : mailto:dhcp-server-request <at> isc.org?Subject=unsubscribe  
-----------------------------------------------------------------------
Permalink | Reply | 0 comments |

Gmane