DNS/DHCP issues

mfoley · 09-25-2015, 09:40 AM

I'm having a few issues with DNS/DHCP, I'll ask about these one at a time.

bind 9.9.7-P1, dhcpd 4.2.5-P1, Slackware 64, 14.1

First, old leases seem to hang around forever in /var/state/dhcp/dhcpd.leases, example below. Those listed are from back in March. None of the computers in the lease file are currently connected. Why are they hanging around?

Should static IPs be in there? If so, something is not working.

/var/state/dhcp/dhcpd.leases

Code:

# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.2.5-P1

lease 192.168.0.101 {
  starts 6 2015/03/07 11:46:52;
  ends 0 2015/03/08 11:46:52;
  tstp 0 2015/03/08 11:46:52;
  cltt 6 2015/03/07 11:46:52;
  binding state free;
  hardware ethernet 00:16:17:46:70:69;
  uid "\001\000\026\027Fpi";
}
lease 192.168.0.104 {
  starts 2 2015/03/17 17:01:10;
  ends 3 2015/03/18 17:01:10;
  tstp 3 2015/03/18 17:01:10;
  cltt 2 2015/03/17 17:01:10;
  binding state free;
  hardware ethernet c8:9c:dc:6e:24:e8;
  uid "\001\310\234\334n$\350";
}

My dhcpd.conf file:

Code:

authoritative;

ddns-updates on;
update-static-leases on;
allow unknown-clients;  # default, deprecated (man dhcpd.conf)
ignore client-updates;  # see https://www.centos.org/forums/viewtopic.php?t=29256, man dhcpd.conf: ignore client-updates
ddns-update-style interim;
default-lease-time 86400;

log-facility local7;

zone hprs.local. { primary 192.168.0.2; }
zone 0.168.192.in-addr.arpa. { primary 192.168.0.2; }

subnet 192.168.0.0 netmask 255.255.255.0 {
    option routers 192.168.0.2;
    range 192.168.0.100 192.168.0.254;
    option domain-name-servers 192.168.0.2;
#    option domain-name-servers 66.193.88.3, 66.193.88.4;
    option domain-name "hprs.local";
    ddns-domainname = "hprs.local.";
    ddns-rev-domainname = "in-addr.arpa.";
}

# Web Server (Linux)
host webserver {
    hardware ethernet 60:A4:4C:61:9C:FE;
    fixed-address 192.168.0.3;
}

# SQL Server Database Server (Server 2008)
host server {
#    hardware ethernet 40:E0:4C:39:7F:61;
    hardware ethernet 3C:1E:04:47:16:B0;
    fixed-address 192.168.0.4;
}

# Network Attached Storage (Linux)
host ohprsstorage {
    hardware ethernet F4:6D:04:60:04:38;
    fixed-address 192.168.0.5;
}

# COMMON workstation (WIN7)
host COMMON {
    hardware ethernet 2C:27:D7:2F:CF:7A;
    fixed-address 192.168.0.58;
}

host ricoh {
    hardware ethernet 00:26:73:55:63:AB;
    fixed-address 192.168.0.20;
}

# Postage meter
host postage {
    hardware ethernet 00:10:60:B6:72:D4;
    fixed-address 192.168.0.21;
}

business_kid · 09-26-2015, 04:37 AM

Static IPs should NOT be in dhcp files. If you have a static ip, other protocols will probably apply unless someone has set up static ips by mac address. Mac addresses can be changed & faked, so I wouldn't regard that as secure.

baldur_1 · 09-27-2015, 07:16 AM

you use default lease time but you should use max lease time (max-lease-time) and min lease time (min-lease-time). from what i understand, default lease time is more of a suggestion while min and max will be forced onto the client.

as for the dhcpd file, i am not sure that isnt just a historical list. i dont think that reflects leases that are currently working.

mfoley · 09-28-2015, 12:56 PM

Quote:

Originally Posted by business_kid

Static IPs should NOT be in dhcp files. If you have a static ip, other protocols will probably apply unless someone has set up static ips by mac address. Mac addresses can be changed & faked, so I wouldn't regard that as secure.

This dhcpd serves computers on the local LAN, so not too much worry about spoofing MAC addresses.

If static IPs are not to be configured in dhcpd.conf then where are they to be configured?

baldur_1 - yes, I'm beginning to realize it is mostly a history, but does it ever get purged/reduced/reset? Does it grow forever?

baldur_1 · 09-29-2015, 06:26 AM

no, last time i looked i believe what it does is hold the last ip address of a computer that gets one. so there should be about one entry per mac address. it will also create new files periodically. from what i see from mine it creates a new file every few months and with each new file it records the last ip per mac address as it looks on mine.

baldur_1 · 09-29-2015, 06:30 AM

oh, and one other thing about the static ips, i believe what business kid was suggesting is you should set it on the device rather than let it be given by the dhcp server so hard code the ip address. if you have your dhcp server to serve only inside your network and not to the outside nic, that should not be a big security concern though. i have been having my dhcp assign static ips by mac and have not had any issues.

to me unless i am missing something, the security reason you would worry about is someone spoofing a mac and getting special access by that mac which if you do not do then you should not have to worry about unless you were on like a large business like network.