DNS/DHCP issues - files not getting updated
I'm having a few issues with DNS/DHCP, I'll ask about these one at a time.
bind 9.9.7-P1, dhcpd 4.2.5-P1, Slackware 64, 14.1 First, old leases seem to hang around forever in /var/state/dhcp/dhcpd.leases, example below. Those listed are from back in March. None of the computers in the lease file are currently connected. Why are they hanging around? Should static IPs be in there? If so, something is not working. /var/state/dhcp/dhcpd.leases Code:
# The format of this file is documented in the dhcpd.leases(5) manual page. Code:
authoritative; |
Static IPs should NOT be in dhcp files. If you have a static ip, other protocols will probably apply unless someone has set up static ips by mac address. Mac addresses can be changed & faked, so I wouldn't regard that as secure.
|
you use default lease time but you should use max lease time (max-lease-time) and min lease time (min-lease-time). from what i understand, default lease time is more of a suggestion while min and max will be forced onto the client.
as for the dhcpd file, i am not sure that isnt just a historical list. i dont think that reflects leases that are currently working. |
Quote:
If static IPs are not to be configured in dhcpd.conf then where are they to be configured? baldur_1 - yes, I'm beginning to realize it is mostly a history, but does it ever get purged/reduced/reset? Does it grow forever? |
no, last time i looked i believe what it does is hold the last ip address of a computer that gets one. so there should be about one entry per mac address. it will also create new files periodically. from what i see from mine it creates a new file every few months and with each new file it records the last ip per mac address as it looks on mine.
|
oh, and one other thing about the static ips, i believe what business kid was suggesting is you should set it on the device rather than let it be given by the dhcp server so hard code the ip address. if you have your dhcp server to serve only inside your network and not to the outside nic, that should not be a big security concern though. i have been having my dhcp assign static ips by mac and have not had any issues.
to me unless i am missing something, the security reason you would worry about is someone spoofing a mac and getting special access by that mac which if you do not do then you should not have to worry about unless you were on like a large business like network. |
All times are GMT -5. The time now is 05:26 PM. |