Override dynamic lease with static reservation

Hi,

I find it a rather common occurence that a client that currently holds a
dynamic lease should get a static reservation of a different IP address.
Thus, a host entry is put into the configuration and the client
rebooted.

It then asks for the last IP address it knows of, which is the dynamic
address. The server proceeds to look in its database, says "yup, here is
the address".

The usual method is to delete the dynamic address from the database,
which either involves a rather fragile and often misbehaving omshell
process where the only "documentation" is half a mailing list thread
from ten years ago, or shutting down the server and hand-editing the
database file (which is a service interruption).

Is there a configuration option to tell the server "if there is
something static for this client, forget everything dynamic you might
have and NAK the dynami address from the client"?

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hi Marc,

On Fri, 27 Sep 2019, Marc Haber wrote:

my experience with isc dhcp is that once you have a host reservation
that matches the client, the host reservation takes precedence over
any historic lease.

This should automatically lead to the server sending a NAK to a client
requesting the old dynamic lease.

If it is not sending a nack then I would think that your host
reservation is not matching the client request. Subnet mismatch or
criteria mismatch.

So you can just leave the lease to expire normally.

Greetings
Christian

--
Christian Kratzer                   CK Software GmbH
Email:   [hidden email]               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On Fri, Sep 27, 2019 at 04:39:31PM +0200, Christian Kratzer wrote:
> my experience with isc dhcp is that once you have a host reservation
> that matches the client, the host reservation takes precedence over
> any historic lease.
>
> This should automatically lead to the server sending a NAK to a client
> requesting the old dynamic lease.

Negative, Sir. Not here.

> If it is not sending a nack then I would think that your host
> reservation is not matching the client request. Subnet mismatch or
> criteria mismatch.

Then the reservation would not work after manually removing the dynamic
lease from the database.

> So you can just leave the lease to expire normally.

On my systems, the dynamic lease gets renewed. And renewed. And renewed.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Marc Haber <[hidden email]> wrote:

> I find it a rather common occurence that a client that currently holds a
> dynamic lease should get a static reservation of a different IP address.
> Thus, a host entry is put into the configuration and the client
> rebooted.
>
> It then asks for the last IP address it knows of, which is the dynamic
> address. The server proceeds to look in its database, says "yup, here is
> the address".

Yes, that's correct.
As an alternative to the host declaration, setting the reserved flag on the lease will achieve almost the same effect - but still needs OMSHELL or lease file editing). The address is permanently reserved for the client, but unlike a host declaration, it goes through the normal lease lifecycle (it can expire, DNS updates happen properly, etc).

> The usual method is to delete the dynamic address from the database,
> which either involves a rather fragile and often misbehaving omshell
> process where the only "documentation" is half a mailing list thread
> from ten years ago, or shutting down the server and hand-editing the
> database file (which is a service interruption).
>
> Is there a configuration option to tell the server "if there is
> something static for this client, forget everything dynamic you might
> have and NAK the dynami address from the client"?

deny known-clients (or allow unknown-clients) might do what you want.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On Fri, Sep 27, 2019 at 06:59:51PM +0100, Simon Hobson wrote:
What would be the omshell procedure for that?

I guess that a reservation is the best thing for infrastructure like
servers while a "reserved" lease is better for a client that should have
always the same IP address?

Or why are there two ways to do this?

> > Is there a configuration option to tell the server "if there is
> > something static for this client, forget everything dynamic you might
> > have and NAK the dynami address from the client"?
>
> deny known-clients (or allow unknown-clients) might do what you want.

I have set deny known-clients on my pool and at least my notebook
changed its IP address at the next (manually triggered) renew. I haven't
done more explicit tests, but this seems to have solved it. We'll see in
a week whether clients without a host statement drop off the net.

Thanks for helping!

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hi,

On Fri, 27 Sep 2019, Marc Haber wrote:
> On Fri, Sep 27, 2019 at 04:39:31PM +0200, Christian Kratzer wrote:
>> my experience with isc dhcp is that once you have a host reservation
>> that matches the client, the host reservation takes precedence over
>> any historic lease.
>>
>> This should automatically lead to the server sending a NAK to a client
>> requesting the old dynamic lease.
>
> Negative, Sir. Not here.

your system is messed up in some way.  I just verified the behaviour in my setup

- Redundant ISC dhcp setup running on two FreeBSD 12 VM
- isc-dhcp43-server-4.3.6P1_1
- Debian buster client vm


1. Allow debian buster vm to aquire dynamic lease

Sep 29 09:53:13 nocfra2 dhcpd[51637]: DHCPDISCOVER from 52:54:00:e4:f0:e6 via 192.168.37.1
Sep 29 09:53:14 nocfra2 dhcpd[51637]: DHCPOFFER on 192.168.37.212 to 52:54:00:e4:f0:e6 (buster) via 192.168.37.1
Sep 29 09:53:14 nocfra2 dhcpd[51637]: DHCPREQUEST for 192.168.37.212 (192.168.33.22) from 52:54:00:e4:f0:e6 (buster) via 192.168.37.1
Sep 29 09:53:14 nocfra2 dhcpd[51637]: DHCPACK on 192.168.37.212 to 52:54:00:e4:f0:e6 (buster) via 192.168.37.1

2. add host entry into both dhcp configs

host buster {
     hardware ethernet 52:54:00:e4:f0:e6;
     option host-name "buster";
     fixed-address 192.168.37.63;
}

3. forcibly power off debian buster vm off using virsh

4. reboot debian buster vm

Sep 29 09:55:19 nocfra2 dhcpd[51735]: DHCPREQUEST for 192.168.37.212 from 52:54:00:e4:f0:e6 via 192.168.37.1: lease 192.168.37.212 unavailable.
Sep 29 09:55:19 nocfra2 dhcpd[51735]: DHCPNAK on 192.168.37.212 to 52:54:00:e4:f0:e6 via 192.168.37.1
Sep 29 09:55:19 nocfra2 dhcpd[51735]: uid lease 192.168.37.212 for client 52:54:00:e4:f0:e6 is duplicate on 192.168.37.0/24
Sep 29 09:55:19 nocfra2 dhcpd[51735]: DHCPDISCOVER from 52:54:00:e4:f0:e6 via 192.168.37.1
Sep 29 09:55:19 nocfra2 dhcpd[51735]: DHCPOFFER on 192.168.37.63 to 52:54:00:e4:f0:e6 via 192.168.37.1
Sep 29 09:55:19 nocfra2 dhcpd[51735]: uid lease 192.168.37.212 for client 52:54:00:e4:f0:e6 is duplicate on 192.168.37.0/24
Sep 29 09:55:19 nocfra2 dhcpd[51735]: DHCPREQUEST for 192.168.37.63 (192.168.33.21) from 52:54:00:e4:f0:e6 via 192.168.37.1
Sep 29 09:55:19 nocfra2 dhcpd[51735]: DHCPACK on 192.168.37.63 to 52:54:00:e4:f0:e6 via 192.168.37.1

as you see the vm tries to request the old dynamic ip but received a DHCPNAK

It subsequently falls back into DISOCOVER and gets the host entry.


Summary:

This is default isc dhcp behaviour.

From all that I remember from looking at the code host always takes precence from dynamic leases.

So if this is not happening in your system then you are either

- doing something differently
- have some strange configuration or patches
- your host entry is not matching

So perhaps you would like to share your configuration and what version of isc dhcp with what patches you are running.

Specifically it would be interesting to see how exactly you are doing your host reservation.

Greetings
Christian

--
Christian Kratzer                   CK Software GmbH
Email:   [hidden email]               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Christian Kratzer <[hidden email]> wrote:

> Summary:
>
> This is default isc dhcp behaviour.
>
> From all that I remember from looking at the code host always takes precence from dynamic leases.

Well, I've just checked and concur - adding a host entry with fixed address does cause a request for the dynamic lease to be Nacked - lease unavailable. A discover is replied to with the fixed address. That's with version 4.2.2.
There must have been a change somewhere, because I do recall that in the past (and it's going back some years now) I distinctly remember having to edit the leases file to remove dynamic leases in order to force clients to get the fixed address. Just adding the host entry was not sufficient at some time in the past.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On 29 Sep 2019, at 17:22, Simon Hobson wrote:

> Just adding the host entry was not sufficient at some time in the past.

From my experience, I can confirm this.

Configuring 'deny known-clients;' in the relevant pool specification(s)
was enough to prevent continued use of the previously-used dynamic
lease.

Niall O'Reilly
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users