ipv6 dhcp server not handing out addresses

I've trying to retire an old Debian server (v7 Wheezy). I've new one built
(really a VM) and installed (v9 - Stretch). One by one, I'm moving the
services over. Going well, until I hit the IPv6 dhcp server. The ipv4 dhcp
server went smooth.

The old server is running isc-dhcp-server 4.2.2, while the new server is
running isc-dhcp-server 4.3.5.

I copied the configuration file, but not the lease database from old
server. Then I stopped the old ipv6 (and ipv4) dhcp servers and started
the new ones. The ipv6 dhcp server starts, and is listening, but it is not
handing out addresses. I tested with two Windows machine: ipconfig
/release6 then ipconfig /renew6. Both machines had an ipv6 address from
the old dhcp server, so it's not a client problem, and can renew said
address.

Out of frustration, I copied the old database to the new server and
restarted. Still not working.

I finally fired up wireshark on the client, and the problem seems to be
there are no advertise reply to the solicit from the client, which does
show up in the dhcpd logs. So the server sees the request, but doesn't
answer it.

I checked the ip6tables and everything is accept, so it's not a firewall
issue. Any ideas?

== config file ==
default-lease-time 6048;
max-lease-time 6048;
log-facility local7;
ddns-updates on;
ddns-update-style interim;
update-static-leases on;
authoritative;
#log-facility debug;

subnet6 fd00:220:0:1::/64 {
        #Range for clients
        range6 fd00:220:0:1::601 fd00:220:0:1::800;
        #Additional options
        option dhcp6.name-servers fd00:220:0:1::40, fd00:220:0:1::50;
        option dhcp6.domain-search "redacted.name";
}


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

I've trying to retire an old Debian server (v7 Wheezy). I've new one built
(really a VM) and installed (v9 - Stretch). One by one, I'm moving the
services over. Going well, until I hit the IPv6 dhcp server. The ipv4 dhcp
server went smooth.

The old server is running isc-dhcp-server 4.2.2, while the new server is
running isc-dhcp-server 4.3.5.

I copied the configuration file, but not the lease database from old
server. Then I stopped the old ipv6 (and ipv4) dhcp servers and started
the new ones. The ipv6 dhcp server starts, and is listening, but it is not
handing out addresses. I tested with two Windows machine: ipconfig
/release6 then ipconfig /renew6. Both machines had an ipv6 address from
the old dhcp server, so it's not a client problem, and can renew said
address.

Out of frustration, I copied the old database to the new server and
restarted. Still not working.

I finally fired up wireshark on the client, and the problem seems to be
there are no advertise reply to the solicit from the client, which does
show up in the dhcpd logs. So the server sees the request, but doesn't
answer it.

I checked the ip6tables and everything is accept, so it's not a firewall
issue. Any ideas?

You may want to try Wireshark on the server to see if the request actually gets there.
Could be an issue with switches along the way. I had an issue with a switch that was set to prevent DDOS attacks and blocked packets with identical source and destination ports. Removing that check made a lot of things work again.

== config file ==
default-lease-time 6048;
max-lease-time 6048;
log-facility local7;
ddns-updates on;
ddns-update-style interim;
update-static-leases on;
authoritative;
#log-facility debug;

subnet6 fd00:220:0:1::/64 {
	#Range for clients
	range6 fd00:220:0:1::601 fd00:220:0:1::800;
	#Additional options
	option dhcp6.name-servers fd00:220:0:1::40, fd00:220:0:1::50;
	option dhcp6.domain-search "redacted.name";
}


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

I can see the solicits in the dhcp server logs, so I think that's
definitive that they are reaching the server. The advertises should show
up there too, but just in case I'm wrong, I ran wireshark on the server.
Saw the solicits as expected, but 0 advertises.



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

I can see the solicits in the dhcp server logs, so I think that's
definitive that they are reaching the server. The advertises should show
up there too, but just in case I'm wrong, I ran wireshark on the server.
Saw the solicits as expected, but 0 advertises.

Ok, just something that bit me.

On 16/11/2017 17:05, [hidden email] wrote:

I've trying to retire an old Debian server (v7 Wheezy). I've new one
built
(really a VM) and installed (v9 - Stretch). One by one, I'm moving the
services over. Going well, until I hit the IPv6 dhcp server. The ipv4
dhcp
server went smooth.

The old server is running isc-dhcp-server 4.2.2, while the new server is
running isc-dhcp-server 4.3.5.

I copied the configuration file, but not the lease database from old
server. Then I stopped the old ipv6 (and ipv4) dhcp servers and started
the new ones. The ipv6 dhcp server starts, and is listening, but it is
not
handing out addresses. I tested with two Windows machine: ipconfig
/release6 then ipconfig /renew6. Both machines had an ipv6 address from
the old dhcp server, so it's not a client problem, and can renew said
address.

Out of frustration, I copied the old database to the new server and
restarted. Still not working.

I finally fired up wireshark on the client, and the problem seems to be
there are no advertise reply to the solicit from the client, which does
show up in the dhcpd logs. So the server sees the request, but doesn't
answer it.

I checked the ip6tables and everything is accept, so it's not a firewall
issue. Any ideas?

You may want to try Wireshark on the server to see if the request
actually gets there.
Could be an issue with switches along the way. I had an issue with a
switch that was set to prevent DDOS attacks and blocked packets with
identical source and destination ports. Removing that check made a lot
of things work again.

== config file ==
default-lease-time 6048;
max-lease-time 6048;
log-facility local7;
ddns-updates on;
ddns-update-style interim;
update-static-leases on;
authoritative;
#log-facility debug;

subnet6 fd00:220:0:1::/64 {
	#Range for clients
	range6 fd00:220:0:1::601 fd00:220:0:1::800;
	#Additional options
	option dhcp6.name-servers fd00:220:0:1::40, fd00:220:0:1::50;
	option dhcp6.domain-search "redacted.name";
}

--
Best regards

Sten Carlsen

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Could the firewall on the DHCP6 server be blocking the replies?

Bill

On 16/11/2017 17:47, [hidden email] wrote:

I can see the solicits in the dhcp server logs, so I think that's
definitive that they are reaching the server. The advertises should show
up there too, but just in case I'm wrong, I ran wireshark on the server.
Saw the solicits as expected, but 0 advertises.

Ok, just something that bit me.

On 16/11/2017 17:05, [hidden email] wrote:

I've trying to retire an old Debian server (v7 Wheezy). I've new one
built
(really a VM) and installed (v9 - Stretch). One by one, I'm moving the
services over. Going well, until I hit the IPv6 dhcp server. The ipv4
dhcp
server went smooth.

The old server is running isc-dhcp-server 4.2.2, while the new server is
running isc-dhcp-server 4.3.5.

I copied the configuration file, but not the lease database from old
server. Then I stopped the old ipv6 (and ipv4) dhcp servers and started
the new ones. The ipv6 dhcp server starts, and is listening, but it is
not
handing out addresses. I tested with two Windows machine: ipconfig
/release6 then ipconfig /renew6. Both machines had an ipv6 address from
the old dhcp server, so it's not a client problem, and can renew said
address.

Out of frustration, I copied the old database to the new server and
restarted. Still not working.

I finally fired up wireshark on the client, and the problem seems to be
there are no advertise reply to the solicit from the client, which does
show up in the dhcpd logs. So the server sees the request, but doesn't
answer it.

I checked the ip6tables and everything is accept, so it's not a firewall
issue. Any ideas?

You may want to try Wireshark on the server to see if the request
actually gets there.
Could be an issue with switches along the way. I had an issue with a
switch that was set to prevent DDOS attacks and blocked packets with
identical source and destination ports. Removing that check made a lot
of things work again.

== config file ==
default-lease-time 6048;
max-lease-time 6048;
log-facility local7;
ddns-updates on;
ddns-update-style interim;
update-static-leases on;
authoritative;
#log-facility debug;

subnet6 fd00:220:0:1::/64 {
	#Range for clients
	range6 fd00:220:0:1::601 fd00:220:0:1::800;
	#Additional options
	option dhcp6.name-servers fd00:220:0:1::40, fd00:220:0:1::50;
	option dhcp6.domain-search "redacted.name";
}

--
Best regards

Sten Carlsen

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Firewall is wide open. I checked that too.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Have you tried looking at traffic on the DHCP6 server with tcpdump:
[0:root@elmo clamav]$ tcpdump -n -i lan4 portrange 546-547
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan4, link-type EN10MB (Ethernet), capture size 262144 bytes
14:49:26.162028 IP6 fe80::74b4:e117:e83:e565.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 renew
14:49:26.164029 IP6 fe80::6ef0:49ff:fe0a:1e54.dhcpv6-server > fe80::74b4:e117:e83:e565.dhcpv6-client: dhcp6 reply
14:50:26.595666 IP6 fe80::f976:c419:fe5b:11c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 renew
14:50:26.597087 IP6 fe80::6ef0:49ff:fe0a:1e54.dhcpv6-server > fe80::f976:c419:fe5b:11c.dhcpv6-client: dhcp6 reply

Substitute your interface for lan4.

Bill


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Also, verify that your DHCP6 server has an address on the defined subnet:
[0:root@elmo clamav]$ ip -o -6 addr | grep 'inet6 fd'
2: lan4    inet6 fd03:e4d:8a00:20f7::1/64 scope global \       valid_lft forever preferred_lft forever
5: wifi    inet6 fd03:e4d:8a00:20f8::1/64 scope global \       valid_lft forever preferred_lft forever

Bill

Have you tried looking at traffic on the DHCP6 server with tcpdump:
[0:root@elmo clamav]$ tcpdump -n -i lan4 portrange 546-547
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan4, link-type EN10MB (Ethernet), capture size 262144 bytes
14:49:26.162028 IP6 fe80::74b4:e117:e83:e565.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 renew
14:49:26.164029 IP6 fe80::6ef0:49ff:fe0a:1e54.dhcpv6-server > fe80::74b4:e117:e83:e565.dhcpv6-client: dhcp6 reply
14:50:26.595666 IP6 fe80::f976:c419:fe5b:11c.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 renew
14:50:26.597087 IP6 fe80::6ef0:49ff:fe0a:1e54.dhcpv6-server > fe80::f976:c419:fe5b:11c.dhcpv6-client: dhcp6 reply

Substitute your interface for lan4.

Bill

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Yes. Well, I used wireshark, but same thing. I see the solicits in the
packet capture, but that's it. No replies. Now that would lead me to think
firewall, but as I've mentioned, I've checked that already. ip6tables -L
-n => no rules, defaults are accept. ip6tables -L -n -t nat => no rules,
defaults are accept. Ditto for iptables, not that it should matter.

Since no one can find anything obvious, maybe the version I've got has a
bug? Anyone using 4.3.5 for ipv6 sucessfully?


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Confirmed.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

You might be on to something, but the pool6 idea didn't work either. In
between posts, I installed the kea dhcp6 server. Got a minimal config file
cobbled together (man, it's a mess edit the config compared to the
isc-dhcp-server) and fired it up. Clients got a lease no problem (the
ipconfig /release6, ipconfig /renew6 dance). So 100% it's a server issue,
and 100% not a firewall issue.

That leaves two possibilities:

(1) Something has changed from 4.2.2 to 4.3.5 that requires updating my
config file.
or
(2) There is a bug in 4.3.5. I noticed you didn't use 4.3.5. Possibly some
regression that was fixed in 4.3.6??? I looked at the release notes and
didn't see anything.

Unless someone spots an error in my config file (and the original works
fine on 4.2.2), I guess I'll have to look at 4.3.6 to see if that fixes
the issue.

== current config ==
efault-lease-time 6048;
max-lease-time 6048;
log-facility local7;
ddns-updates on;
ddns-update-style interim;
update-static-leases on;
authoritative;
#log-facility debug;

subnet6 fd00:220:0:1::/64 {
        pool6 {
                #Range for clients
                range6 fd00:220:0:1::601 fd00:220:0:1::800;
                allow unknown clients;
                allow known clients;
        }
        #Additional options
        option dhcp6.name-servers fd00:220:0:1::40, fd00:220:0:1::50;
        option dhcp6.domain-search "redacted.name";
}


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hello Robert:

Sorry you're having difficulties.  I tested your server config below
with 4.3.5 and locally connected clients and the server issues leases
without issue as you can see from the log output later on. So there is
nothing inherent in your server config that is causing an issue. Can you
email me, directly, a pcap file so I can see exactly what your clients
are sending? I would also suggest you (if you haven't already) try
running dhcpd in the foreground so you can capture all of the logging
down to the debug level to stdout. It is possible the solicits are being
dropped and we're not seeing why. Alternatively you can open a ticket
here: https://www.isc.org/community/report-bug/ By default new tickets
are confidential as are any attachments emailed to the bug ticket. We
are keenly aware of the sensitivity of user system information and we
never make public such information unless we have explicit permission
from users to do so. Certainly with issues such as yours the more data
you can supply us with the easier it will be for us to resolve your
issue. Regards, Thomas Markwalder ISC Software Engineering Log output
from 4.3.5 with your config: tmark@cserver isc_dhcp $ sudo bin/t.sh
4.3.5 etc/v6/spotswood.conf enp0s10 -6 wipe wiping lease file
output/spotswood.leases sbin/dhcpd enp0s10 -6 -d -cf
/labspace/var/isc_dhcp/etc/v6/spotswood.conf -pf output/spotswood.pid
-lf output/spotswood.leases Internet Systems Consortium DHCP Server
4.3.5 Copyright 2004-2016 Internet Systems Consortium. All rights
reserved. For info, please visit https://www.isc.org/software/dhcp/ 
Config file: /labspace/var/isc_dhcp/etc/v6/spotswood.conf Database file:
output/spotswood.leases PID file: output/spotswood.pid Wrote 0 NA, 0 TA,
0 PD leases to lease file. Bound to *:547 Listening on
Socket/5/enp0s10/fd00:220:0:1::/64 Sending on
Socket/5/enp0s10/fd00:220:0:1::/64 Server starting service. wiping lease
file output/spotswood.leases sbin/dhcpd enp0s10 -6 -d -cf
/labspace/var/isc_dhcp/etc/v6/spotswood.conf -pf output/spotswood.pid
-lf output/spotswood.leases Internet Systems Consortium DHCP Server
4.3.5 Copyright 2004-2016 Internet Systems Consortium. All rights
reserved. For info, please visit https://www.isc.org/software/dhcp/ 
Config file: /labspace/var/isc_dhcp/etc/v6/spotswood.conf Database file:
output/spotswood.leases PID file: output/spotswood.pid Wrote 0 NA, 0 TA,
0 PD leases to lease file. Bound to *:547 Listening on
Socket/5/enp0s10/fd00:220:0:1::/64 Sending on
Socket/5/enp0s10/fd00:220:0:1::/64 Server starting service. Solicit
message from 3002::35 port 546, transaction ID 0x000000 Picking pool
address fd00:220:0:1::800 Advertise NA: address fd00:220:0:1::800 to
client with duid 00:01:00:01:21:a1:8f:ab:00:0c:01:02:03:04 iaid = 1
valid for 6048 seconds Sending Advertise to 3002::35 port 546 Request
message from 3002::35 port 546, transaction ID 0x1000000 Reply NA:
address fd00:220:0:1::800 to client with duid
00:01:00:01:21:a1:8f:ab:00:0c:01:02:03:04 iaid = 1 valid for 6048
seconds Sending Reply to 3002::35 port 546 Solicit message from 3002::35
port 546, transaction ID 0x2000000 Picking pool address
fd00:220:0:1::789 Advertise NA: address fd00:220:0:1::789 to client with
duid 00:01:00:01:21:a1:8f:ab:00:0c:01:02:03:05 iaid = 1 valid for 6048
seconds Sending Advertise to 3002::35 port 546 Request message from
3002::35 port 546, transaction ID 0x3000000 Reply NA: address
fd00:220:0:1::789 to client with duid
00:01:00:01:21:a1:8f:ab:00:0c:01:02:03:05 iaid = 1 valid for 6048
seconds Sending Reply to 3002::35 port 546 Solicit message from 3002::35
port 546, transaction ID 0x4000000 Picking pool address
fd00:220:0:1::7da Advertise NA: address fd00:220:0:1::7da to client with
duid 00:01:00:01:21:a1:8f:ab:00:0c:01:02:03:06 iaid = 1 valid for 6048
seconds Sending Advertise to 3002::35 port 546 Request message from
3002::35 port 546, transaction ID 0x5000000 Reply NA: address
fd00:220:0:1::7da to client with duid
00:01:00:01:21:a1:8f:ab:00:0c:01:02:03:06 iaid = 1 valid for 6048
seconds Sending Reply to 3002::35 port 546 Solicit message from 3002::35
port 546, transaction ID 0x6000000 Picking pool address
fd00:220:0:1::717 Advertise NA: address fd00:220:0:1::717 to client with
duid 00:01:00:01:21:a1:8f:ab:00:0c:01:02:03:07 iaid = 1 valid for 6048
seconds Sending Advertise to 3002::35 port 546 Request message from
3002::35 port 546, transaction ID 0x7000000 Reply NA: address
fd00:220:0:1::717 to client with duid
00:01:00:01:21:a1:8f:ab:00:0c:01:02:03:07 iaid = 1 valid for 6048
seconds Sending Reply to 3002::35 port 546 Solicit message from 3002::35
port 546, transaction ID 0x8000000 Advertise NA: address
fd00:220:0:1::800 to client with duid
00:01:00:01:21:a1:8f:ab:00:0c:01:02:03:04 iaid = 1 valid for 6048
seconds Sending Advertise to 3002::35 port 546 Request message from
3002::35 port 546, transaction ID 0x9000000 Reply NA: address
fd00:220:0:1::800 to client with duid
00:01:00:01:21:a1:8f:ab:00:0c:01:02:03:04 iaid = 1 valid for 6048
seconds Sending Reply to 3002::35 port 546


On 11/16/2017 05:35 PM, [hidden email] wrote:
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

I've found the problem. The official compiled tarball of 4.3.5, same
startup command (except for path to dhcpd binary), including config file,
hands out leases. I'd say that's pretty definitive that the problem is the
Debian version. Now I've got a bug report to file with Debian.

> Also, verify that your DHCP6 server has an address on the defined
subnet: [0:root@elmo clamav]$ ip -o -6 addr | grep 'inet6 fd'
> 2: lan4    inet6 fd03:e4d:8a00:20f7::1/64 scope global \      
valid_lft forever preferred_lft forever
> 5: wifi    inet6 fd03:e4d:8a00:20f8::1/64 scope global \      
valid_lft forever preferred_lft forever
>
> Bill
>
> On 11/16/2017 2:54 PM, Bill Shirley wrote:
>> Have you tried looking at traffic on the DHCP6 server with tcpdump:
[0:root@elmo clamav]$ tcpdump -n -i lan4 portrange 546-547



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

I've found the problem. The official compiled tarball of 4.3.5, same
startup command (except for path to dhcpd binary), including config file,
hands out leases. I'd say that's pretty definitive that the problem is the
Debian version. Now I've got a bug report to file with Debian.

For anyone who might find this, the Debian version with the bug is
4.3.5-3. A later version may be fixed.

> Also, verify that your DHCP6 server has an address on the defined
subnet: [0:root@elmo clamav]$ ip -o -6 addr | grep 'inet6 fd'
> 2: lan4    inet6 fd03:e4d:8a00:20f7::1/64 scope global \      
valid_lft forever preferred_lft forever
> 5: wifi    inet6 fd03:e4d:8a00:20f8::1/64 scope global \      
valid_lft forever preferred_lft forever
>
> Bill
>
> On 11/16/2017 2:54 PM, Bill Shirley wrote:
>> Have you tried looking at traffic on the DHCP6 server with tcpdump:
[0:root@elmo clamav]$ tcpdump -n -i lan4 portrange 546-547



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hi,

I am running DHCPv6 on my network to hand out static IPv6 addresses from
a stateless server to a bunch, but not all of my clients.

Here is my configuration:

allow leasequery;
option dhcp6.preference 255;
option dhcp6.rapid-commit;
option dhcp6.info-refresh-time 21600;
log(info,concat(
    "DHCP6-RELAY client-id: ", pick-first-value(binary-to-ascii(16,8,":",v6relay(0, option dhcp6.client-id)),""),
    ", interface-id: ", pick-first-value(v6relay(1, option dhcp6.interface-id),""),
    ", remote-id: ", pick-first-value(v6relay(1, option dhcp6.remote-id),"")
    ));
host fan-100 {
        host-identifier option
                dhcp6.client-id 0:2:0:0:ab:11:ba:92:17:ee:7b:0:2d:60;
        fixed-address6 2a01:238:4071:3282::1d:100;
}
host fan-250 {
        host-identifier option
                dhcp6.client-id 0:2:0:0:ab:11:ba:92:17:ee:7b:0:2d:60;
        fixed-address6 2a01:238:4071:3282::1d:250;
}
host swivel {
        host-identifier option
                dhcp6.client-id 0:4:11:ab:87:18:a9:e8:8b:b4:cc:26:c3:3f:1e:bb:ef:c0;
        fixed-address6 2a01:238:4071:3282::1f:100;
}
host drop {
        host-identifier option
                dhcp6.client-id 0:4:4c:22:39:fd:b8:66:98:89:f7:20:a6:c2:51:bc:5d:d9;
        fixed-address6 2a01:238:4071:3282::1c:100;
}
host oversway {
        host-identifier option
                dhcp6.client-id 0:2:0:0:ab:11:a8:7c:5e:5d:25:dd:92:2e;
        fixed-address6 2a01:238:4071:3281::6b:100;
}
subnet6 2a01:238:4071:3281::/64 {
}
subnet6 2a01:238:4071:3282::/64 {
}

Since the radvd advertises the networks as managed, all clients send
DHCP requests, and the server logs for each of those requests:

Nov 21 08:54:59 chasse dhcpd[763]: Solicit message from fe80::5054:ff:fe17:2fe7 port 546, transaction ID 0x811FA800
Nov 21 08:54:59 chasse dhcpd[763]: DHCP6-RELAY client-id: 0:2:0:0:ab:11:f6:cb:ae:dd:18:d1:73:c1, interface-id: , remote-id:
Nov 21 08:54:59 chasse dhcpd[763]: Unable to pick client address: no IPv6 pools on this shared network
Nov 21 08:54:59 chasse dhcpd[763]: Sending Reply to fe80::5054:ff:fe17:2fe7 port 546

These seriously clutter up my logs, can I tell the server that it should
ignore DHCP solicit messages from clients that it doesn't have static
configuration for? Or is it better to shrug and to have the DHCPv6
server assign a "dynamic" IP address?

Can I somehow tweak radvd's announcement to keep at least the frequency
of those undesired DHCPv6 solicitations down?

Greetings
Marc


--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hi,

On Tue, 21 Nov 2017, Brice Abba wrote:

how is that supposed to make a difference.  I was under the impression that hosts are globally scoped.

Greetings
Christian

--
Christian Kratzer                   CK Software GmbH
Email:   [hidden email]               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On Tue, Nov 21, 2017 at 10:15:06AM +0100, Christian Kratzer wrote:
And, additionally, it's not the hosts that do have a host declaration
that cause the problem, it's the hosts that don't. I don't think that
this will help at all.

Oh, btw, my apologies for not cleaning out the References Headers from
my initial message, I didn't mean to hijack a thread. Just fat fingers.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hi

On Tue, 21 Nov 2017, Marc Haber wrote:
<snipp/>
ich checked in the isc dhcp 4.3.5 sources where the respective log messages comes from dhcpv6.c

1252 /*!
1253  *
1254  * \brief  Get an IPv6 address for the client.
1255  *
1256  * Attempt to find a usable address for the client.  We walk through
1257  * the ponds checking for permit and deny then through the pools
1258  * seeing if they have an available address.
1259  *
1260  * \param reply = the state structure for the current work on this request
1261  *                if we create a lease we return it using reply->lease
1262  *
1263  * \return
1264  * ISC_R_SUCCESS = we were able to find an address and are returning a
1265  *                 pointer to the lease
1266  * ISC_R_NORESOURCES = there don't appear to be any free addresses.  This
1267  *                     is probabalistic.  We don't exhaustively try the
1268  *                     address range, instead we hash the duid and if
1269  *                     the address derived from the hash is in use we
1270  *                     hash the address.  After a number of failures we
1271  *                     conclude the pool is basically full.
1272  */
1273 static isc_result_t
1274 pick_v6_address(struct reply_state *reply)
1275 {
...
...
...
1306         /* If we get here and p is NULL we have no useful pools */
1307         if (p == NULL) {
1308                 log_debug("Unable to pick client address: "
1309                           "no IPv6 pools on this shared network");
1310                 return ISC_R_NORESOURCES;
1311         }


it looks to me you have very few options to stop the message.

1. add a pool to the subnet, perhaps just having a pool with deny all could help

2. uncomment the log_debug() and recompile

3. just ignore the message as it does not apply to your configuration

Greetings
Christian

--
Christian Kratzer                   CK Software GmbH
Email:   [hidden email]               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users