Has an address record but no DHCID, not mine.

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Has an address record but no DHCID, not mine.

thomas.zenz@oenb.at
This post was updated on .
Hi to all,

We are using dhcp-4.3.5 in failover on two machines.
Because of problems with DDNS I had to check our config and now I have some questions.

We are using update-style standard and  update-conflict-detection true.

Is it possible to have the two servers use one ID to calculate the DHCID?

Right now I get the error log: "Has an address record but no DHCID, not mine."
I think that happen, when the other Server tries to rewrite the Name. Because of WLAN to LAN changes the Hostname changes its IP up to 13 time per Day...

I didn't find an option for that.

Kind Regards

Thomas

_________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Has an address record but no DHCID, not mine.

thomas.zenz@oenb.at
This Problem is increasing!

When clients change the Subnet (Wifi - LAN - VPN) and mctl did not sync the servers, Clients get adresses, and DNS is not updatet...

26-Jul-2017 09:55:04.077 update: info: client 10.0.0.36#63541/key dhcp-update: view lan: updating zone 'ad.co.at/IN': deleting an RR at PC413.ad.co.at A
26-Jul-2017 09:55:04.104 update: info: client 10.0.0.35#63541/key dhcp-update: view lan: updating zone 'ad.co.at/IN': deleting an RR at PC413.ad.co.at A
26-Jul-2017 09:55:04.120 update: info: client 10.0.0.36#63541/key dhcp-update: view lan: updating zone 'ad.co.at/IN': deleting an RR at PC413.ad.co.at DHCID
26-Jul-2017 09:55:04.266 update: info: client 10.0.0.35#63541/key dhcp-update: view lan: updating zone 'ad.co.at/IN': deleting an RR at PC413.ad.co.at DHCID

Please help!
Reply | Threaded
Open this post in threaded view
|

Re: Has an address record but no DHCID, not mine.

Bill Shirley-2
In reply to this post by thomas.zenz@oenb.at
Could this be because a laptop has both a wired and wireless connection?  Look in the
log files for the MAC addresses acquiring the leases.

Posting your dhcpd.conf may help.

Bill


On 7/18/2017 8:15 AM, Zenz, Thomas wrote:

> Hi to all,
>
> We are using dhcp-4.3.5 in failover on two machines.
> Because of problems with DDNS I had to check our config and now I have some questions.
>
> We are using update-style standard and  update-conflict-detection true.
>
> Is it possible to have the two servers use one ID to calculate the DHCID?
>
> Right now I get the error log: "Has an address record but no DHCID, not mine."
> I think that happen, when the other Server tries to rewrite the Name. Because of WLAN to LAN changes the Hostname changes its IP up to 13 time per Day...
>
> I didn't find an option for that.
>
> Kind Regards
>
> Ing. Thomas Zenz
> IT-Operations
>
> Oesterreichische Nationalbank
> Garnisongasse 15, 1090 Wien
> T:+43(0)1 40420-2744
> F:+43(0)1 40420 04-2744
> M: +43(0)664 1426188
> [hidden email]
> www.oenb.at
>
>
> Diese E-Mail kann vertrauliche Informationen enthalten und irrtümlich an Sie gelangt sein. In diesem Fall informieren Sie bitte sofort die Absenderin bzw. den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail oder von Teilen dieser Mail sind nicht gestattet.
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Has an address record but no DHCID, not mine.

thomas.zenz@oenb.at
The Clients can not have wireless and wirded connection at the same time, but
the lease still is active. I tested it with a test Server today: (see my
config below)

Sep  4 10:29:52 anlpn35 dhcpd: Added new forward map from
PC7345.ad.oenb.co.at to 172.20.17.22
Sep  4 10:29:52 anlpn35 dhcpd: Added reverse map from
22.17.20.172.in-addr.arpa. to PC7345.ad.oenb.co.at
Sep  4 10:35:11 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
Sep  4 10:35:18 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
Sep  4 10:35:20 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
Sep  4 10:35:22 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
Sep  4 10:35:25 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
Sep  4 10:36:21 anlpn35 dhcpd: Added new forward map from
PC7345.ad.oenb.co.at.ad.oenb.co.at to 10.101.90.45
Sep  4 10:36:21 anlpn35 dhcpd: Added reverse map from
45.90.101.10.in-addr.arpa. to PC7345.ad.oenb.co.at.ad.oenb.co.at
Sep  4 10:37:06 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
Sep  4 10:41:26 anlpn35 dhcpd: DHCPRELEASE of 172.20.17.22 from
f8:0b:cb:4f:db:dc (PC7345) via 212.39.196.110 (found)
Sep  4 10:41:26 anlpn35 dhcpd: Removed forward map from PC7345.ad.oenb.co.at
to 172.20.17.22
Sep  4 10:50:41 anlpn35 dhcpd: Added new forward map from
PC7345.ad.oenb.co.at to 10.101.90.45
Sep  4 10:50:41 anlpn35 dhcpd: Added reverse map from
45.90.101.10.in-addr.arpa. to PC7345.ad.oenb.co.at



# This is the Part of the dhcp.conf file for failover
# Her are only configs for the MASTER !!!
# To avoid missmatches in the configuration of primary and secondary we
include dhcpd.master


# Config for Failover Primary
# Name is used for Pools where Failover is implimentet
failover peer "BackUP" {

        secondary;
        address 10.115.221.35; # listen on Interface Address
        port 520; # listen on Port
        peer address 10.115.221.36; # communicate to Address
        peer port 519; # communicate to Port
        max-response-delay 60;
        max-unacked-updates 10;
        #mclt 3600;                      # only on primary !!!
        #split 128;                      # only on promary (only useful value...)
        load balance max seconds 3;
        auto-partner-down 300; #
}


include "/etc/dhcp/dhcpd.master"; #here is the rest of the config
include "/etc/dhcp/dhcpd.static"; #here you finde the static leases
include "/etc/dhcp/dhcpd.zones"; #here you finde the zone declarations for
dynamic Updates
include "/etc/dhcp/dhcpd.scopes";

host PC7345 {
        fixed-address 10.101.90.45;
        hardware ethernet B5:B5:2F:AC:DC:B8;
    option host-name "PC7345";
    ddns-hostname "PC7345";
}

#### I added snips of the files below


#/etc/dhcp/dhcpd.master
# Defined local option
option bpbatch code 135 = text; #PXE V1.0
option bpbatch-script code 155 = text; #PXE V2.0
option ProxyAutodiscoveryOption code 252 = text; #Proxy
option Novell-TreeStandard code 86 = text; #Novell
option Novell-Agent code 78 = { boolean , array of ip-address }; #Novell
option Novell-Scope-Name code 79 = { boolean , text }; #Novell
option time-offset code 2 = signed integer 32;
option time-server code 4 = array of ip-address;
option ldap-server code 95 = text;
option HPLjConfigFile code 144 = text;
option XDispMgr code 49 = array of ip-address;
option DNS-Suffix-Search-List code 119 = text;
option Cisco_LWAPP_AP code 241 = array of ip-address;
option architecture-type code 93 = unsigned integer 16;
option PXEClient code 60 = text;

option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;

#option PXEscriptName code 133 = text;
option tftp-server-name code 66 = text;
#for testing as global option
#next-server tftpserver.ad.oenb.co.at;   #tftp server location
#server-identifier 10.211.223.100;

#############################################################################
# WINS
# 1 = b-node (broadcasts)
# 2 = p-node (point-to- point name queries to a WINS server),
# 4 = m-node (broadcast then query name server)
# 8 = h-node (query name server, then broadcast)
# disabled 20080724 /jps # option netbios-node-type 8;
# option netbios-name-servers 10.1.221.100, 10.1.221.101;
# disabled 20080724 /jps # option netbios-name-servers 10.211.223.100,
10.211.223.101;
#############################################################################

#############################################################################
#                             Optionen fuer Cisco Callmanager
#############################################################################
option TFTP-Server-for-CallManager code 150 = array of ip-address; #Cisco
option TFTP-Server-for-CallManager 10.116.96.202,10.116.96.201; #Cisco
(anlpn62 - CUCM Subscriber, anlpn61 - CUCM Publisher)
#############################################################################
#                             Ende CallManager
#############################################################################


#############################################################################
#                            LDAP Server
#############################################################################

#option ldap-server "ldap://ldap/o=myorg,o=baseorg";

#############################################################################
#                             Ende LDAP Server
#############################################################################
#############################################################################
#                             Optionen fuer w2k Clients
#############################################################################
option space MSFT;
option MSFT.release-on-shutdown code 2 = unsigned integer 32;
# Microsoft server sends a 32-bit integer!!!!!!
# option MSFT.release-on-shutdown code 2 = unsigned integer 8;
option MSFT.disable-netbios-over-tcpip code 1 = unsigned integer 32;

class "win2k-clients" {
        match if option vendor-class-identifier = "MSFT 5.0";
        vendor-option-space MSFT;
        # 20080724 /jps
        option MSFT.disable-netbios-over-tcpip 2; # disable
        #   option MSFT.release-on-shutdown 1;
        #geht nicht    allow-client-updates false;
}
class "vpn-clients-oenb" {
        #auf pos 24, 3Byte lang eine IP, binary to ascii vom 10(basis für Zahl),
8bit, . als Trennzeichen, source)
        match if binary-to-ascii(10,8,".",packet(24,3)) = "172.20.17";
        #set myClientID = pick ( option dhcp-client-identifier,0);
        #set dhcp-client-identifier = concat(substring(ClientID,26,6),"-inside");
        log (info, concat ("Class-VPN-Client: ",myClientID));
}

#############################################################################
#                             ende w2k clients
#############################################################################
#############################################################################
#                             DDNS Delete Old entries
#############################################################################

# I had to remove my on commit script.
# With the scipt enabled static leases did not get renewed

############################End DDNS Delete Old
entries######################

#############################################################################
#                                SERVER OPTIONS
#############################################################################

ddns-update-style standard; # how to update the DNS
#ddns-update-style interim; # old non standard way used TXT records changed
20170718 to standard
#ddns-update-style ad-hoc; # not supporter in future versions
update-static-leases true; # reserved leases update
ddns-ttl 900; # seconds after entry times out
deny client-updates; # ingnore DNS update by Client
ignore client-updates;
update-conflict-detection true; # true, the server will perform standard
DHCID  multiple-client, one-name conflict detection
update-optimization false; # if false client will allways be renewed in DNS
# option definitions common to all supported networks...
# DNS
#option domain-name "w.oenb.co.at";
#option domain-name-servers 10.115.241.100,10.115.221.35,10.115.221.36;
option domain-name-servers 10.115.241.100,10.241.241.100;
option ntp-servers 10.115.241.100;
option time-server 10.115.241.100;
option time-offset 3600;

#What todo if the client send no hostname
#pick first possible string as hostname:
ddns-hostname = pick (option fqdn.hostname,option host-name,concat
("dhcp-",binary-to-ascii (16,8,"-",substring (hardware,1,6))));



####################################################################################################


#option host-name = config-option server.ddns-hostname;

#option all-subnets-local true;
#option broadcast-address 255.255.255.255;
#option router-discovery false;

#option ProxyAutodiscoveryOption = "http://anxpc2.w.oenb.co.at/proxy.js";
#Proxy WPAD #Proxy WPAD TEMP 20150722/AF
option Novell-TreeStandard = OENB; # Novell
# option Novell-Agent true ANIA00;     # Novell
# Changed to cisco loadbalancer 20070111 /jps
#option Novell-Agent true ANLA00, ANLA01;     # Novell
option Novell-Agent true ANLAV00,ANLAV03; # Novell mail Durst 20090811
# option Novell-Agent true NWSLP;     # Novell
#option Novell-Scope-Name true "UNSCOPED"; # Novell
option Novell-Scope-Name true "OENB"; # Novell

default-lease-time 1209600; #604800; # seconds 1209600 14 Tage
max-lease-time 2419200; # seconds
min-lease-time 43200; # seconds
one-lease-per-client true; # setzt alle Leases auf free, die auf die Mac
gehen
deny duplicates; #ist gegenden Standard. Verhinderet Mehrere Leases pro MAC
bei verschiedenen UIDs (PXE Boot dann Linux oder Windows)
stash-agent-options true; #merke dir die Forwarder Info

lease-file-name "/var/dhcp/dhcpd.leases";
pid-file-name "/var/run/dhcp/dhcpd.pid";
ping-check on; # check if IP Address is free
#server-identifier 10.115.255.255; # server address to send to client
# not supported con router (no directed Brodcast)
# Wegen HP-Jetdirects auf Mac Gefiltert!!!
allow booting;
allow bootp;

log-facility local7; # where to write the logfile

authoritative; # Clients trust this server more


###########################################################################
# Definition for omshell connections to controll server in runtime
key defomapi {
        algorithm hmac-md5;
        secret "****";
}
omapi-key defomapi; # optional key
omapi-port 7911; # Port to listen to (and to enable)
############################################################################

############################################################################
#
#                       KEY s
#
############################################################################

key dhcp-update. {
        algorithm hmac-md5;
        secret "****";
}

############################################################################
#
#                       CLASSEN
#
############################################################################


####### Jet Direct Boxen
####### Alle anderen ausser den xxx Jet direct karten:

Class "noJetDirect" {

        match if ((substring(hardware,1,3) != 00:01:E6) and
(substring(hardware,1,3) != 00:10:83) and (substring(hardware,1,3) !=
00:30:c1) and (substring(hardware,1,3) != 00:60:b0) and not
(substring(option vendor-class-identifier,0,9) = "PXEClient"));
        # server-identifier 10.115.241.100; # server address to send to client
}

# SunRay
Class "SunRayClients" {

        match if ((substring(hardware,1,3) = 00:14:4F) or (substring(hardware,1,3)
= 00:21:28));

        log (info, "Class Decission Sunray" );
        set relay-agent = binary-to-ascii(10,8,".",packet(24,3));
        log (info, concat("GW:",relay-agent) );
        #   option tftp-server-name "srss02.w.oenb.co.at";
        #   option XDispMgr 10.111.252.102;
}

#############################################################################
# Definition of PXE-specific options
# Code 1: Multicast IP address of bootfile
# Code 2: UDP port that client should monitor for MTFTP responses
# Code 3: UDP port that MTFTP servers are using to listen for MTFTP requests
# Code 4: Number of secondes a client must listen for activity before trying
#         to start a new MTFTP transfer
# Code 5: Number of secondes a client must listen before trying to restart
#         a MTFTP transfer
# option bpbatch code 135 = text;             #PXE V1.0 on top of Script
# option bpbatch-script code 155 = text;      #PXE V2.0 on top of Script

option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option PXE.discovery-control code 6 = unsigned integer 8;
option PXE.discovery-mcast-addr code 7 = ip-address;

option space SUNW;
option SUNW.SrootIP4 code 2 = ip-address;
option SUNW.SrootNM code 3 = text;
option SUNW.SrootPTH code 4 = text;
option SUNW.SinstIP4 code 10 = ip-address;
option SUNW.SinstNM code 11 = text;
option SUNW.SinstPTH code 12 = text;
option SUNW.SbootURI code 16 = text;


class "PXE" {

        match if substring(option vendor-class-identifier,0,9) = "PXEClient";
        default-lease-time 1800; # seconds 1800 30min
        max-lease-time 1800; # seconds
        # option vendor-class-identifier "PXEClient";
        set relay-agent = binary-to-ascii(10,8,".",packet(24,3));
        log (info, "Class PXE-Boot" );
        log (info, concat("GW:",relay-agent) );
        log (info, architecture-type );

        vendor-option-space PXE;
        # option PXE.mtftp-ip 0.0.0.0; #set to zero to use standard TFTP server
        # option tftp-server-name "tftpserver.ad.oenb.co.at"; #tftp Server

        if (relay-agent = "10.112.0") {
                option PXEClient "PXEClient"; # Bug with Windows Setup Server
                next-server anut123.w.oenb.co.at; #tftp server location bddserver
                filename "SUNW.i86pc"; # Bootfilename (incl path)
        } else {
                #   next-server tftpserver.ad.oenb.co.at;   #tftp server location
bpbatch
                next-server bddserver1.ad.oenb.co.at; #tftp server location bddserver
                if (option architecture-type = 00:07) {
                        option tftp-server-name "bddserver1.ad.oenb.co.at"; #tftp Server ANCS04
                        filename "\\boot\\x64\\wdsmgfw\.efi"; # Bootfilename (incl path)
                        option PXEClient "PXEClient";
                } else {
                        filename "\\boot\\pxeboot\.n12"; # Bootfilename (incl path)
                }
        }
        #
        # Intel EtherExpress PRO 100 with Intel Boot Agent 2.2
        #
        # Agent doesnt request option 155 needed by bpbatch. We force the
        # server to include it in its reply.
        if option dhcp-parameter-request-list =
01:03:3c:2b:43:80:81:82:83:84:85:86:87 {

                # 080123 tz   option dhcp-server-identifier  10.211.223.100; #damit er
sich das File vom TFTP Server holt
                option dhcp-server-identifier 10.115.221.35; #damit er sich das File vom
TFTP Server holt
                #    supersede dhcp-parameter-request-list
                #            1,3,60,43,66,67,128,129,130,131,132,133,134,135,155;
        }
}

class "SUNW.SPARC-Enterprise" {
        match if substring(option vendor-class-identifier,0,21) =
"SUNW.SPARC-Enterprise";
        #option vendor-class-identifier "SUNW.SPARC-Enterprise";
        log (info, "Class SUNW" );
        vendor-option-space SUNW;
        option SUNW.SinstNM "anut123.w.oenb.co.at";
        option SUNW.SinstIP4 10.112.221.123;
        option SUNW.SinstPTH
"/export/home/kits/INSTALLSERVER/sol-10-u6-ga1-sparc-dvd";
        option SUNW.SrootNM "anut123.w.oenb.co.at";
        option SUNW.SrootIP4 10.112.221.123;
        option SUNW.SrootPTH
"/export/home/kits/INSTALLSERVER/sol-10-u6-ga1-sparc-dvd/Solaris_10/Tools/Boot";
        #option SUNW.SbootURI "tftp://anut123.w.oenb.co.at/SUNW.SPARC-Enterprise";
        filename "0100144FB7D81E";
}


############################### END PXE DEFINITION
###########################


#############################################################
#
#              Here are our Scopes
#
#############################################################

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

subnet 10.114.0.0 netmask 255.255.0.0 {
}
subnet 10.115.0.0 netmask 255.255.0.0 {
}
subnet 10.100.0.0 netmask 255.255.0.0 {
}

############ Server Lans

host anxn01_ping_test_W2K8 {

        hardware ethernet 00:50:56:8f:74:3f;
        fixed-address 10.100.0.11;
}

########### Client Lans

shared-network "TestDHCPClient" {

        subnet 10.188.0.0 netmask 255.255.0.0 {

                option subnet-mask 255.255.0.0;
                option routers 10.188.0.1;
                option broadcast-address 10.188.255.255;
                option domain-name "adxml.oenb.co.at";
                #option domain-name-servers 10.211.229.110, 10.112.221.240, 10.112.221.1,
10.211.229.110;
                ddns-domainname= "adxml.oenb.co.at"; # add to hostname
                option bpbatch = "oenb";
                option bpbatch-script = "oenb";
                pool {

                        range 10.188.0.100 10.188.0.200; # rage for Clients
                        failover peer "BackUP";
                        deny dynamic bootp clients;
                }
        }
}

zone 0.188.10.in-addr.arpa. {

        primary 10.211.229.110; #adxml anet10
}

#### zones all the same
zone 10.in-addr.arpa {

        primary 192.168.31.130;
        key dhcp-update.;
}

#### scopes  all the same
shared-network "OeNB-RIB" {

        subnet 10.97.0.0 netmask 255.255.0.0 {

                option subnet-mask 255.255.0.0;
                option domain-name "ad.oenb.co.at";
                ddns-domainname= "ad.oenb.co.at";
                pool {

                        range 10.97.10.0 10.97.10.254;
                        failover peer "BackUP";
                        deny dynamic bootp clients;
                }
                option routers 10.97.0.1;
                option bpbatch "oenb";
                option bpbatch-script "oenb";
        }
}




--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Has an address record but no DHCID, not mine.

Bill Shirley-2
The device is probably pulling addresses for both wired and wireless.  Check
to see if there are two different MAC address requesting address for the device.

Bill


On 9/4/2017 5:21 AM, [hidden email] wrote:

> The Clients can not have wireless and wirded connection at the same time, but
> the lease still is active. I tested it with a test Server today: (see my
> config below)
>
> Sep  4 10:29:52 anlpn35 dhcpd: Added new forward map from
> PC7345.ad.oenb.co.at to 172.20.17.22
> Sep  4 10:29:52 anlpn35 dhcpd: Added reverse map from
> 22.17.20.172.in-addr.arpa. to PC7345.ad.oenb.co.at
> Sep  4 10:35:11 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep  4 10:35:18 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep  4 10:35:20 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep  4 10:35:22 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep  4 10:35:25 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep  4 10:36:21 anlpn35 dhcpd: Added new forward map from
> PC7345.ad.oenb.co.at.ad.oenb.co.at to 10.101.90.45
> Sep  4 10:36:21 anlpn35 dhcpd: Added reverse map from
> 45.90.101.10.in-addr.arpa. to PC7345.ad.oenb.co.at.ad.oenb.co.at
> Sep  4 10:37:06 anlpn35 dhcpd: Forward map from PC7345.ad.oenb.co.at to
> 10.101.90.45 FAILED: Has an address record but no DHCID, not mine.
> Sep  4 10:41:26 anlpn35 dhcpd: DHCPRELEASE of 172.20.17.22 from
> f8:0b:cb:4f:db:dc (PC7345) via 212.39.196.110 (found)
> Sep  4 10:41:26 anlpn35 dhcpd: Removed forward map from PC7345.ad.oenb.co.at
> to 172.20.17.22
> Sep  4 10:50:41 anlpn35 dhcpd: Added new forward map from
> PC7345.ad.oenb.co.at to 10.101.90.45
> Sep  4 10:50:41 anlpn35 dhcpd: Added reverse map from
> 45.90.101.10.in-addr.arpa. to PC7345.ad.oenb.co.at
>
>
>
> # This is the Part of the dhcp.conf file for failover
> # Her are only configs for the MASTER !!!
> # To avoid missmatches in the configuration of primary and secondary we
> include dhcpd.master
>
>
> # Config for Failover Primary
> # Name is used for Pools where Failover is implimentet
> failover peer "BackUP" {
>
> secondary;
> address 10.115.221.35; # listen on Interface Address
> port 520; # listen on Port
> peer address 10.115.221.36; # communicate to Address
> peer port 519; # communicate to Port
> max-response-delay 60;
> max-unacked-updates 10;
> #mclt 3600;                      # only on primary !!!
> #split 128;                      # only on promary (only useful value...)
> load balance max seconds 3;
> auto-partner-down 300; #
> }
>
>
> include "/etc/dhcp/dhcpd.master"; #here is the rest of the config
> include "/etc/dhcp/dhcpd.static"; #here you finde the static leases
> include "/etc/dhcp/dhcpd.zones"; #here you finde the zone declarations for
> dynamic Updates
> include "/etc/dhcp/dhcpd.scopes";
>
> host PC7345 {
> fixed-address 10.101.90.45;
> hardware ethernet B5:B5:2F:AC:DC:B8;
>      option host-name "PC7345";
>      ddns-hostname "PC7345";
> }
>
> #### I added snips of the files below
>
>
> #/etc/dhcp/dhcpd.master
> # Defined local option
> option bpbatch code 135 = text; #PXE V1.0
> option bpbatch-script code 155 = text; #PXE V2.0
> option ProxyAutodiscoveryOption code 252 = text; #Proxy
> option Novell-TreeStandard code 86 = text; #Novell
> option Novell-Agent code 78 = { boolean , array of ip-address }; #Novell
> option Novell-Scope-Name code 79 = { boolean , text }; #Novell
> option time-offset code 2 = signed integer 32;
> option time-server code 4 = array of ip-address;
> option ldap-server code 95 = text;
> option HPLjConfigFile code 144 = text;
> option XDispMgr code 49 = array of ip-address;
> option DNS-Suffix-Search-List code 119 = text;
> option Cisco_LWAPP_AP code 241 = array of ip-address;
> option architecture-type code 93 = unsigned integer 16;
> option PXEClient code 60 = text;
>
> option space pxelinux;
> option pxelinux.magic code 208 = string;
> option pxelinux.configfile code 209 = text;
> option pxelinux.pathprefix code 210 = text;
> option pxelinux.reboottime code 211 = unsigned integer 32;
>
> #option PXEscriptName code 133 = text;
> option tftp-server-name code 66 = text;
> #for testing as global option
> #next-server tftpserver.ad.oenb.co.at;   #tftp server location
> #server-identifier 10.211.223.100;
>
> #############################################################################
> # WINS
> # 1 = b-node (broadcasts)
> # 2 = p-node (point-to- point name queries to a WINS server),
> # 4 = m-node (broadcast then query name server)
> # 8 = h-node (query name server, then broadcast)
> # disabled 20080724 /jps # option netbios-node-type 8;
> # option netbios-name-servers 10.1.221.100, 10.1.221.101;
> # disabled 20080724 /jps # option netbios-name-servers 10.211.223.100,
> 10.211.223.101;
> #############################################################################
>
> #############################################################################
> #                             Optionen fuer Cisco Callmanager
> #############################################################################
> option TFTP-Server-for-CallManager code 150 = array of ip-address; #Cisco
> option TFTP-Server-for-CallManager 10.116.96.202,10.116.96.201; #Cisco
> (anlpn62 - CUCM Subscriber, anlpn61 - CUCM Publisher)
> #############################################################################
> #                             Ende CallManager
> #############################################################################
>
>
> #############################################################################
> #                            LDAP Server
> #############################################################################
>
> #option ldap-server "ldap://ldap/o=myorg,o=baseorg";
>
> #############################################################################
> #                             Ende LDAP Server
> #############################################################################
> #############################################################################
> #                             Optionen fuer w2k Clients
> #############################################################################
> option space MSFT;
> option MSFT.release-on-shutdown code 2 = unsigned integer 32;
> # Microsoft server sends a 32-bit integer!!!!!!
> # option MSFT.release-on-shutdown code 2 = unsigned integer 8;
> option MSFT.disable-netbios-over-tcpip code 1 = unsigned integer 32;
>
> class "win2k-clients" {
> match if option vendor-class-identifier = "MSFT 5.0";
> vendor-option-space MSFT;
> # 20080724 /jps
> option MSFT.disable-netbios-over-tcpip 2; # disable
> #   option MSFT.release-on-shutdown 1;
> #geht nicht    allow-client-updates false;
> }
> class "vpn-clients-oenb" {
> #auf pos 24, 3Byte lang eine IP, binary to ascii vom 10(basis für Zahl),
> 8bit, . als Trennzeichen, source)
> match if binary-to-ascii(10,8,".",packet(24,3)) = "172.20.17";
> #set myClientID = pick ( option dhcp-client-identifier,0);
> #set dhcp-client-identifier = concat(substring(ClientID,26,6),"-inside");
> log (info, concat ("Class-VPN-Client: ",myClientID));
> }
>
> #############################################################################
> #                             ende w2k clients
> #############################################################################
> #############################################################################
> #                             DDNS Delete Old entries
> #############################################################################
>
> # I had to remove my on commit script.
> # With the scipt enabled static leases did not get renewed
>
> ############################End DDNS Delete Old
> entries######################
>
> #############################################################################
> #                                SERVER OPTIONS
> #############################################################################
>
> ddns-update-style standard; # how to update the DNS
> #ddns-update-style interim; # old non standard way used TXT records changed
> 20170718 to standard
> #ddns-update-style ad-hoc; # not supporter in future versions
> update-static-leases true; # reserved leases update
> ddns-ttl 900; # seconds after entry times out
> deny client-updates; # ingnore DNS update by Client
> ignore client-updates;
> update-conflict-detection true; # true, the server will perform standard
> DHCID  multiple-client, one-name conflict detection
> update-optimization false; # if false client will allways be renewed in DNS
> # option definitions common to all supported networks...
> # DNS
> #option domain-name "w.oenb.co.at";
> #option domain-name-servers 10.115.241.100,10.115.221.35,10.115.221.36;
> option domain-name-servers 10.115.241.100,10.241.241.100;
> option ntp-servers 10.115.241.100;
> option time-server 10.115.241.100;
> option time-offset 3600;
>
> #What todo if the client send no hostname
> #pick first possible string as hostname:
> ddns-hostname = pick (option fqdn.hostname,option host-name,concat
> ("dhcp-",binary-to-ascii (16,8,"-",substring (hardware,1,6))));
>
>
>
> ####################################################################################################
>
>
> #option host-name = config-option server.ddns-hostname;
>
> #option all-subnets-local true;
> #option broadcast-address 255.255.255.255;
> #option router-discovery false;
>
> #option ProxyAutodiscoveryOption = "http://anxpc2.w.oenb.co.at/proxy.js";
> #Proxy WPAD #Proxy WPAD TEMP 20150722/AF
> option Novell-TreeStandard = OENB; # Novell
> # option Novell-Agent true ANIA00;     # Novell
> # Changed to cisco loadbalancer 20070111 /jps
> #option Novell-Agent true ANLA00, ANLA01;     # Novell
> option Novell-Agent true ANLAV00,ANLAV03; # Novell mail Durst 20090811
> # option Novell-Agent true NWSLP;     # Novell
> #option Novell-Scope-Name true "UNSCOPED"; # Novell
> option Novell-Scope-Name true "OENB"; # Novell
>
> default-lease-time 1209600; #604800; # seconds 1209600 14 Tage
> max-lease-time 2419200; # seconds
> min-lease-time 43200; # seconds
> one-lease-per-client true; # setzt alle Leases auf free, die auf die Mac
> gehen
> deny duplicates; #ist gegenden Standard. Verhinderet Mehrere Leases pro MAC
> bei verschiedenen UIDs (PXE Boot dann Linux oder Windows)
> stash-agent-options true; #merke dir die Forwarder Info
>
> lease-file-name "/var/dhcp/dhcpd.leases";
> pid-file-name "/var/run/dhcp/dhcpd.pid";
> ping-check on; # check if IP Address is free
> #server-identifier 10.115.255.255; # server address to send to client
> # not supported con router (no directed Brodcast)
> # Wegen HP-Jetdirects auf Mac Gefiltert!!!
> allow booting;
> allow bootp;
>
> log-facility local7; # where to write the logfile
>
> authoritative; # Clients trust this server more
>
>
> ###########################################################################
> # Definition for omshell connections to controll server in runtime
> key defomapi {
> algorithm hmac-md5;
> secret "****";
> }
> omapi-key defomapi; # optional key
> omapi-port 7911; # Port to listen to (and to enable)
> ############################################################################
>
> ############################################################################
> #
> #                       KEY s
> #
> ############################################################################
>
> key dhcp-update. {
> algorithm hmac-md5;
> secret "****";
> }
>
> ############################################################################
> #
> #                       CLASSEN
> #
> ############################################################################
>
>
> ####### Jet Direct Boxen
> ####### Alle anderen ausser den xxx Jet direct karten:
>
> Class "noJetDirect" {
>
> match if ((substring(hardware,1,3) != 00:01:E6) and
> (substring(hardware,1,3) != 00:10:83) and (substring(hardware,1,3) !=
> 00:30:c1) and (substring(hardware,1,3) != 00:60:b0) and not
> (substring(option vendor-class-identifier,0,9) = "PXEClient"));
> # server-identifier 10.115.241.100; # server address to send to client
> }
>
> # SunRay
> Class "SunRayClients" {
>
> match if ((substring(hardware,1,3) = 00:14:4F) or (substring(hardware,1,3)
> = 00:21:28));
>
> log (info, "Class Decission Sunray" );
> set relay-agent = binary-to-ascii(10,8,".",packet(24,3));
> log (info, concat("GW:",relay-agent) );
> #   option tftp-server-name "srss02.w.oenb.co.at";
> #   option XDispMgr 10.111.252.102;
> }
>
> #############################################################################
> # Definition of PXE-specific options
> # Code 1: Multicast IP address of bootfile
> # Code 2: UDP port that client should monitor for MTFTP responses
> # Code 3: UDP port that MTFTP servers are using to listen for MTFTP requests
> # Code 4: Number of secondes a client must listen for activity before trying
> #         to start a new MTFTP transfer
> # Code 5: Number of secondes a client must listen before trying to restart
> #         a MTFTP transfer
> # option bpbatch code 135 = text;             #PXE V1.0 on top of Script
> # option bpbatch-script code 155 = text;      #PXE V2.0 on top of Script
>
> option space PXE;
> option PXE.mtftp-ip code 1 = ip-address;
> option PXE.mtftp-cport code 2 = unsigned integer 16;
> option PXE.mtftp-sport code 3 = unsigned integer 16;
> option PXE.mtftp-tmout code 4 = unsigned integer 8;
> option PXE.mtftp-delay code 5 = unsigned integer 8;
> option PXE.discovery-control code 6 = unsigned integer 8;
> option PXE.discovery-mcast-addr code 7 = ip-address;
>
> option space SUNW;
> option SUNW.SrootIP4 code 2 = ip-address;
> option SUNW.SrootNM code 3 = text;
> option SUNW.SrootPTH code 4 = text;
> option SUNW.SinstIP4 code 10 = ip-address;
> option SUNW.SinstNM code 11 = text;
> option SUNW.SinstPTH code 12 = text;
> option SUNW.SbootURI code 16 = text;
>
>
> class "PXE" {
>
> match if substring(option vendor-class-identifier,0,9) = "PXEClient";
> default-lease-time 1800; # seconds 1800 30min
> max-lease-time 1800; # seconds
> # option vendor-class-identifier "PXEClient";
> set relay-agent = binary-to-ascii(10,8,".",packet(24,3));
> log (info, "Class PXE-Boot" );
> log (info, concat("GW:",relay-agent) );
> log (info, architecture-type );
>
> vendor-option-space PXE;
> # option PXE.mtftp-ip 0.0.0.0; #set to zero to use standard TFTP server
> # option tftp-server-name "tftpserver.ad.oenb.co.at"; #tftp Server
>
> if (relay-agent = "10.112.0") {
> option PXEClient "PXEClient"; # Bug with Windows Setup Server
> next-server anut123.w.oenb.co.at; #tftp server location bddserver
> filename "SUNW.i86pc"; # Bootfilename (incl path)
> } else {
> #   next-server tftpserver.ad.oenb.co.at;   #tftp server location
> bpbatch
> next-server bddserver1.ad.oenb.co.at; #tftp server location bddserver
> if (option architecture-type = 00:07) {
> option tftp-server-name "bddserver1.ad.oenb.co.at"; #tftp Server ANCS04
> filename "\\boot\\x64\\wdsmgfw\.efi"; # Bootfilename (incl path)
> option PXEClient "PXEClient";
> } else {
> filename "\\boot\\pxeboot\.n12"; # Bootfilename (incl path)
> }
> }
> #
> # Intel EtherExpress PRO 100 with Intel Boot Agent 2.2
> #
> # Agent doesnt request option 155 needed by bpbatch. We force the
> # server to include it in its reply.
> if option dhcp-parameter-request-list =
> 01:03:3c:2b:43:80:81:82:83:84:85:86:87 {
>
> # 080123 tz   option dhcp-server-identifier  10.211.223.100; #damit er
> sich das File vom TFTP Server holt
> option dhcp-server-identifier 10.115.221.35; #damit er sich das File vom
> TFTP Server holt
> #    supersede dhcp-parameter-request-list
> #            1,3,60,43,66,67,128,129,130,131,132,133,134,135,155;
> }
> }
>
> class "SUNW.SPARC-Enterprise" {
> match if substring(option vendor-class-identifier,0,21) =
> "SUNW.SPARC-Enterprise";
> #option vendor-class-identifier "SUNW.SPARC-Enterprise";
> log (info, "Class SUNW" );
> vendor-option-space SUNW;
> option SUNW.SinstNM "anut123.w.oenb.co.at";
> option SUNW.SinstIP4 10.112.221.123;
> option SUNW.SinstPTH
> "/export/home/kits/INSTALLSERVER/sol-10-u6-ga1-sparc-dvd";
> option SUNW.SrootNM "anut123.w.oenb.co.at";
> option SUNW.SrootIP4 10.112.221.123;
> option SUNW.SrootPTH
> "/export/home/kits/INSTALLSERVER/sol-10-u6-ga1-sparc-dvd/Solaris_10/Tools/Boot";
> #option SUNW.SbootURI "tftp://anut123.w.oenb.co.at/SUNW.SPARC-Enterprise";
> filename "0100144FB7D81E";
> }
>
>
> ############################### END PXE DEFINITION
> ###########################
>
>
> #############################################################
> #
> #              Here are our Scopes
> #
> #############################################################
>
> # No service will be given on this subnet, but declaring it helps the
> # DHCP server to understand the network topology.
>
> subnet 10.114.0.0 netmask 255.255.0.0 {
> }
> subnet 10.115.0.0 netmask 255.255.0.0 {
> }
> subnet 10.100.0.0 netmask 255.255.0.0 {
> }
>
> ############ Server Lans
>
> host anxn01_ping_test_W2K8 {
>
> hardware ethernet 00:50:56:8f:74:3f;
> fixed-address 10.100.0.11;
> }
>
> ########### Client Lans
>
> shared-network "TestDHCPClient" {
>
> subnet 10.188.0.0 netmask 255.255.0.0 {
>
> option subnet-mask 255.255.0.0;
> option routers 10.188.0.1;
> option broadcast-address 10.188.255.255;
> option domain-name "adxml.oenb.co.at";
> #option domain-name-servers 10.211.229.110, 10.112.221.240, 10.112.221.1,
> 10.211.229.110;
> ddns-domainname= "adxml.oenb.co.at"; # add to hostname
> option bpbatch = "oenb";
> option bpbatch-script = "oenb";
> pool {
>
> range 10.188.0.100 10.188.0.200; # rage for Clients
> failover peer "BackUP";
> deny dynamic bootp clients;
> }
> }
> }
>
> zone 0.188.10.in-addr.arpa. {
>
> primary 10.211.229.110; #adxml anet10
> }
>
> #### zones all the same
> zone 10.in-addr.arpa {
>
> primary 192.168.31.130;
> key dhcp-update.;
> }
>
> #### scopes  all the same
> shared-network "OeNB-RIB" {
>
> subnet 10.97.0.0 netmask 255.255.0.0 {
>
> option subnet-mask 255.255.0.0;
> option domain-name "ad.oenb.co.at";
> ddns-domainname= "ad.oenb.co.at";
> pool {
>
> range 10.97.10.0 10.97.10.254;
> failover peer "BackUP";
> deny dynamic bootp clients;
> }
> option routers 10.97.0.1;
> option bpbatch "oenb";
> option bpbatch-script "oenb";
> }
> }
>
>
>
>
> --
> Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Has an address record but no DHCID, not mine.

thomas.zenz@oenb.at
Hi Bill,

Yes the mac is different:
Sep  4 10:29:52 anlpn35 dhcpd: DHCPREQUEST for 172.20.17.22 from
f8:0b:cb:4f:db:dc (PC7345) via 212.39.196.110
Sep  4 10:29:52 anlpn35 dhcpd: DHCPACK on 172.20.17.22 to f8:0b:cb:4f:db:dc
(PC7345) via 212.39.196.110
Sep  4 10:50:41 anlpn35 dhcpd: DHCPREQUEST for 10.101.90.45 from
d4:81:d7:77:15:16 via enp6s0
Sep  4 10:50:41 anlpn35 dhcpd: DHCPACK on 10.101.90.45 to d4:81:d7:77:15:16
via enp6s0

The difference is, the 172.20 Address is for a Cisco AnyConnect Client.
Actually Requested by the Firewall with a different UID for each Session.
MAC for all sessions is the same.
Nevertheless anlpn35 added the A Record for 172.20.17.22 why does it say
DHCID not mine??

Tom



--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Has an address record but no DHCID, not mine.

Bill Shirley-2
Before updating the DNS, DHCP checks that there is no existing record for that
hostname or, if there there is a record, that its TXT (or DHCID) matches the value
it calculates for the MAC address.  If it finds a record and there is a mis-match,
it issues the 'not mine' message when actually is DHCP's but not for that MAC
address.

Add a host record for one of the two MACs setting the ddns-hostname to use:
host Bobs-Wifi  { hardware ethernet f0:bf:97:13:7f:f8;          ddns-hostname = "Bobs-Wifi"; }

This should stop the conflict.

Bill

On 9/5/2017 2:45 AM, [hidden email] wrote:
Hi Bill,

Yes the mac is different:
Sep  4 10:29:52 anlpn35 dhcpd: DHCPREQUEST for 172.20.17.22 from
f8:0b:cb:4f:db:dc (PC7345) via 212.39.196.110
Sep  4 10:29:52 anlpn35 dhcpd: DHCPACK on 172.20.17.22 to f8:0b:cb:4f:db:dc
(PC7345) via 212.39.196.110
Sep  4 10:50:41 anlpn35 dhcpd: DHCPREQUEST for 10.101.90.45 from
d4:81:d7:77:15:16 via enp6s0
Sep  4 10:50:41 anlpn35 dhcpd: DHCPACK on 10.101.90.45 to d4:81:d7:77:15:16
via enp6s0

The difference is, the 172.20 Address is for a Cisco AnyConnect Client.
Actually Requested by the Firewall with a different UID for each Session.
MAC for all sessions is the same.
Nevertheless anlpn35 added the A Record for 172.20.17.22 why does it say
DHCID not mine??

Tom



--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Has an address record but no DHCID, not mine.

thomas.zenz@oenb.at
Hi Bill,

To bad, you are right.
I will ad a extra DNS Domain for VPN clients, so they can coexist.

Wired clients will get an A-Record in company.com
VPN clients will get an A-Record in vpn.company.com

We will have to add the dns-suffix and modify our scripts ...

Thank you
Thomas

Special thanks to Cisco for a well planned client ...



--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Has an address record but no DHCID, not mine.

Bill Shirley-2
In reply to this post by thomas.zenz@oenb.at
In your config, i noticed your comment:
#############################################################################
#                             DDNS Delete Old entries
#############################################################################

# I had to remove my on commit script.
# With the scipt enabled static leases did not get renewed

############################End DDNS Delete Old entries######################
DHCP has a 'static' test that might allow you to run your script only on non-static
leases.  Here's what I use it for:
on commit {
        if static {

                option dhcp-renewal-time        = encode-int(43200 / 2, 32);    # 43200 = 12 hours
                option dhcp-rebinding-time      = encode-int(43200 * 7 / 8, 32);
                ddns-ttl                        = encode-int((43200 / 2) + 1, 32);
                #ddns-ttl                       = encode-int((lease-time / 2) + 2, 32);         # backup DHCP partner
        } else {
                set vendor_class_identifier = option vendor-class-identifier;

                option dhcp-renewal-time        = encode-int(lease-time / 2, 32);
                option dhcp-rebinding-time      = encode-int(lease-time * 7 / 8, 32);
                ddns-ttl                        = encode-int((lease-time / 2) + 1, 32);
                #ddns-ttl                       = encode-int((lease-time / 2) + 2, 32);         # backup DHCP partner
        }
}
(Note, if the DNS ttl ends with a 1, the lease was issued by the primary DHCP server; if 2 by the secondary.)
Example:
RFgun-84b947.lan.example.com. 18001 IN    A    10.99.0.71
RFgun-84bf76.lan.example.com. 18002 IN    A    10.99.0.21


Hope this helps,
Bill


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Has an address record but no DHCID, not mine.

thomas.zenz@oenb.at
In reply to this post by thomas.zenz@oenb.at

Because the Server is working fine.
That's how we fixed the Problem.

One-A-Record-for-two-different-Interfaces-tt2139
<http://isc-dhcp-users.2343191.n4.nabble.com/One-A-Record-for-two-different-Interfaces-tt2139.html>  



--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users