dhcpd only works on one subnet!? . . . help!

Ryanjon7 · 03-26-2009, 03:48 PM

Hello all,

I am working on a medium to small size network running fedora 8 64 bit linux and some Mac Pro workstations. I have set up a fedora 8 server with named (bind) and dhcpd to give out hostnames and ip address. Took me awhile to set up but it is working. The problem is that it only works on one subnet. I have setup 2 subnets in my configs but it is only working on the subnet my named server is on which is the server subnet. I have setup an access control list in named to try and recursively communicate accross the specified subnets. I have added these subnets to my dhcpd.conf config aswell. I will post my dhcpd.conf and named.conf ;

--------------------------------------------------------------
dhcpd.conf
--------------------------------------------------------------

ddns-update-style interim;
ddns-updates off;
ignore client-updates;
one-lease-per-client false;
ignore bootp;
option T150 code 150 = string;
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample

authorative;

key rndckey {
algorithm hmac-md5;
secret "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
};

zone xxxxxxxx. {
primary 10.2.200.1;
key rndckey;
}

zone 200.2.10.IN-ADDR.ARPA. {
primary 10.2.200.1;
key rndckey;
}

zone 100.2.10.IN-ADDR.ARPA. {
primary 10.2.200.1;
key rndckey;
}

#
## -------- Servers ---------------------------------------
#

shared-network xxxxxxxx {
subnet 10.2.200.0 netmask 255.255.255.0 {

option routers 10.2.200.254;
option subnet-mask 255.255.255.0;
option domain-name "xxxxxxxx";
option domain-name-servers 10.2.200.1;
option time-offset -28800; # Pacific Standard Time
option ntp-servers time.chu.nrc.ca, pool.ntp.org;

range 10.2.200.51 10.2.200.99;

group {

#
## ------------ Nameserver ------------------------
#
host xxxx {
hardware ethernet 00:30:48:7D:C5:A2;
fixed-address xxxx.xxxxxxxx;
}
# -------------------------------------------------

host xxxx {
hardware ethernet 00:30:48:C5:42:B2;
fixed-address xxxx.xxxxxxxx;
etc... etc...

second subnet;

#
### ------------------- Workstations -----------------------------------
#
shared-network xxxxxxxx {
subnet 10.2.100.0 netmask 255.255.255.0 {

option routers 10.2.100.254;
option subnet-mask 255.255.255.0;
option domain-name "xxxxxxxx";
option domain-name-servers 10.2.200.1;
option time-offset -28800; # Pacific Standard Time
option ntp-servers time.chu.nrc.ca, pool.ntp.org;

range 10.2.100.40 10.2.100.99;

group {
host xxxxx { #
hardware ethernet 00:1f:5b:3e:0a:14;
fixed-address xxxxx.xxxxxxxx;
}
host xxxxx { #
hardware ethernet 00:1f:5b:3d:9d:48;
fixed-address xxxxx.xxxxxxxx;
}

etc . . .etc

--------------------------------------------------------
named.conf
---------------------------------------------------------

acl accept { 10.2.200.1/24; 10.2.100.1/24; 127.0.0.1/24; };

options {
listen-on port 53 { 10.2.200.1/24; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { accept; };
allow-transfer { accept; };
allow-recursion { accept; };
};

key "rndckey" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel update_debug {
file "/var/log/update-debug.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.info";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};

category update { update_debug; };
category security { security_info; };
};

zone "xxxxxxxx." IN {
type master;
file "xxxxxxxx.db";
};

zone "200.2.10.IN-ADDR.ARPA." IN {
type master;
file "10.2.200.db";
};

zone "100.2.10.IN-ADDR.ARPA." IN {
type master;
file "10.2.100.db";
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";

------------------------------------------------------------------

Also we have two switches, one primary which has a default ip 10.0.0.254
and a secondary attached to the primary with an ip on 10.0.0.253. All servers are on the 10.0.0.254 switch, but the workstations are randomly scattered on both switchs.

I am thinking that my configs don't specify the .253 routing and that
this will have to be setup somewhere and somehow . . .

If anyone has any suggestions, or can see where I error, please let me know as soon as possible

Thanks . . .

watcher69b · 03-26-2009, 07:52 PM

are the subnets on different routers?

if so you will need to forward the DHCP broadcast

Ryanjon7 · 03-26-2009, 11:41 PM

yes . . . and no. The subnet is setup on the same switch as the nameserver. However, there is another switch with the same subnet setup, but is trunked into the name server switch. So two switches, same vlans, but the switches have different ip addresses. . . so some workstations are on the 10.2.100 subnet on switch 10.0.0.254 and some are on the 10.2.100 subnet on switch 10.0.0.253. The 10.0.0.254 switch being the primary, and the 10.0.0.253 switch is connected directly to all vlans on the primary switch. So, I don't think that this is necessarily the issue . . .

Ryanjon7 · 03-26-2009, 11:49 PM

. . . how would I forward dhcp broadcasts correctly?

watcher69b · 03-28-2009, 08:53 AM

What kind of routers are you using?

for Cisco
"Another issue deals with how Cisco routers deal with certain broadcast based traffic like NetBIOS or DHCP. When you configure the ip helper-address command, you forward every IP broadcast in the ip forward protocol command list. The no ip forward protocol command can be used to disable the forwarding for specific protocols.

Here is an example to enable the forwarding of NetBIOS.
ip forward-protocol udp netbios-ns
ip forward-protocol udp netbios-dgm