Provided by: isc-dhcp-server_4.2.4-1ubuntu10_i386 bug


       dhcpd.conf - dhcpd configuration file


       The  dhcpd.conf  file contains configuration information for dhcpd, the
       Internet Systems Consortium DHCP Server.

       The dhcpd.conf file is a free-form ASCII text file.   It is  parsed  by
       the  recursive-descent  parser built into dhcpd.   The file may contain
       extra tabs and newlines for formatting purposes.  Keywords in the  file
       are case-insensitive.   Comments may be placed anywhere within the file
       (except within quotes).   Comments begin with the # character  and  end
       at the end of the line.

       The  file  essentially  consists  of a list of statements.   Statements
       fall into two broad categories - parameters and declarations.

       Parameter statements either say how to do something (e.g., how  long  a
       lease  to  offer),  whether to do something (e.g., should dhcpd provide
       addresses to unknown clients), or what parameters  to  provide  to  the
       client (e.g., use gateway

       Declarations  are  used  to  describe  the  topology of the network, to
       describe clients on the network,  to  provide  addresses  that  can  be
       assigned  to  clients,  or to apply a group of parameters to a group of
       declarations.   In  any  group  of  parameters  and  declarations,  all
       parameters  must  be  specified before any declarations which depend on
       those parameters may be specified.

       Declarations about network topology include the shared-network and  the
       subnet  declarations.    If  clients  on  a  subnet  are to be assigned
       addresses dynamically, a  range  declaration  must  appear  within  the
       subnet  declaration.    For clients with statically assigned addresses,
       or for installations where only known clients will be served, each such
       client  must have a host declaration.   If parameters are to be applied
       to a group of declarations which are not related  strictly  on  a  per-
       subnet basis, the group declaration can be used.

       For  every  subnet  which will be served, and for every subnet to which
       the dhcp server is connected, there must  be  one  subnet  declaration,
       which  tells  dhcpd how to recognize that an address is on that subnet.
       A subnet declaration is required for each subnet even if  no  addresses
       will be dynamically allocated on that subnet.

       Some  installations  have  physical  networks on which more than one IP
       subnet operates.   For example, if there  is  a  site-wide  requirement
       that  8-bit  subnet  masks  be  used,  but  a  department with a single
       physical ethernet network expands to the point where it has  more  than
       254  nodes,  it  may  be necessary to run two 8-bit subnets on the same
       ethernet until such time as a new physical network can be  added.    In
       this  case,  the  subnet  declarations  for  these two networks must be
       enclosed in a shared-network declaration.

       Note that even when the shared-network declaration is absent, an  empty
       one  is  created  by  the  server to contain the subnet (and any scoped
       parameters included in the subnet).  For practical purposes, this means
       that  "stateless"  DHCP  clients,  which are not tied to addresses (and
       therefore subnets) will receive  the  same  configuration  as  stateful

       Some  sites  may  have  departments which have clients on more than one
       subnet, but it may be desirable to offer those clients a uniform set of
       parameters  which  are  different than what would be offered to clients
       from other departments on the same subnet.   For clients which will  be
       declared  explicitly  with host declarations, these declarations can be
       enclosed in a group declaration along with  the  parameters  which  are
       common  to  that  department.    For  clients  whose  addresses will be
       dynamically assigned, class declarations and  conditional  declarations
       may  be  used  to  group parameter assignments based on information the
       client sends.

       When a client is to be booted, its boot parameters  are  determined  by
       consulting that client's host declaration (if any), and then consulting
       any class declarations matching  the  client,  followed  by  the  pool,
       subnet  and  shared-network declarations for the IP address assigned to
       the client.   Each  of  these  declarations  itself  appears  within  a
       lexical scope, and all declarations at less specific lexical scopes are
       also consulted for  client  option  declarations.    Scopes  are  never
       considered  twice,  and  if  parameters  are  declared in more than one
       scope, the parameter declared in the most specific  scope  is  the  one
       that is used.

       When  dhcpd  tries  to  find  a host declaration for a client, it first
       looks for a host declaration which has a fixed-address declaration that
       lists  an  IP address that is valid for the subnet or shared network on
       which the client is booting.   If it doesn't find any  such  entry,  it
       tries to find an entry which has no fixed-address declaration.


       A typical dhcpd.conf file will look something like this:

       global parameters...

       subnet netmask {
         subnet-specific parameters...

       subnet netmask {
         subnet-specific parameters...

       subnet netmask {
         subnet-specific parameters...

       group {
         group-specific parameters...
         host {
           host-specific parameters...
         host {
           host-specific parameters...
         host {
           host-specific parameters...

                                      Figure 1

       Notice  that  at  the beginning of the file, there's a place for global
       parameters.   These might be  things  like  the  organization's  domain
       name,  the  addresses  of  the  name servers (if they are common to the
       entire organization), and so on.   So, for example:

            option domain-name "";
            option domain-name-servers,;

                                      Figure 2

       As you can  see  in  Figure  2,  you  can  specify  host  addresses  in
       parameters  using  their  domain  names  rather  than  their numeric IP
       addresses.  If a given hostname resolves to more than  one  IP  address
       (for  example,  if  that  host has two ethernet interfaces), then where
       possible, both addresses are supplied to the client.

       The most obvious reason for having subnet-specific parameters as  shown
       in Figure 1 is that each subnet, of necessity, has its own router.   So
       for the first subnet, for example, there should be something like:

            option routers;

       Note that the address here is  specified  numerically.    This  is  not
       required  -  if  you have a different domain name for each interface on
       your router, it's perfectly legitimate to use the domain name for  that
       interface  instead  of  the  numeric  address.   However, in many cases
       there may be only one domain name for all of a router's  IP  addresses,
       and it would not be appropriate to use that name here.

       In  Figure  1  there  is  also a group statement, which provides common
       parameters for a set of three hosts - zappo, beppo and harpo.   As  you
       can  see,  these  hosts are all in the domain, so it might
       make sense for a group-specific parameter to override the  domain  name
       supplied to these hosts:

            option domain-name "";

       Also,  given  the  domain they're in, these are probably test machines.
       If we wanted to test the DHCP leasing mechanism, we might set the lease
       timeout somewhat shorter than the default:

            max-lease-time 120;
            default-lease-time 120;

       You  may  have noticed that while some parameters start with the option
       keyword, some do not.   Parameters starting  with  the  option  keyword
       correspond  to  actual DHCP options, while parameters that do not start
       with the option keyword either control the behavior of the DHCP  server
       (e.g.,  how  long  a  lease  dhcpd  will  give  out), or specify client
       parameters that are not optional in the  DHCP  protocol  (for  example,
       server-name and filename).

       In  Figure  1,  each  host  had host-specific parameters.   These could
       include such things as the hostname option,  the  name  of  a  file  to
       upload  (the  filename  parameter)  and  the address of the server from
       which to upload the file (the next-server parameter).   In general, any
       parameter  can appear anywhere that parameters are allowed, and will be
       applied according to the scope in which the parameter appears.

       Imagine that you have a site with a lot  of  NCD  X-Terminals.    These
       terminals come in a variety of models, and you want to specify the boot
       files for each model.   One way to  do  this  would  be  to  have  host
       declarations for each server and group them by model:

       group {
         filename "Xncd19r";
         next-server ncd-booter;

         host ncd1 { hardware ethernet 0:c0:c3:49:2b:57; }
         host ncd4 { hardware ethernet 0:c0:c3:80:fc:32; }
         host ncd8 { hardware ethernet 0:c0:c3:22:46:81; }

       group {
         filename "Xncd19c";
         next-server ncd-booter;

         host ncd2 { hardware ethernet 0:c0:c3:88:2d:81; }
         host ncd3 { hardware ethernet 0:c0:c3:00:14:11; }

       group {
         filename "XncdHMX";
         next-server ncd-booter;

         host ncd1 { hardware ethernet 0:c0:c3:11:90:23; }
         host ncd4 { hardware ethernet 0:c0:c3:91:a7:8; }
         host ncd8 { hardware ethernet 0:c0:c3:cc:a:8f; }


       The  pool  declaration  can be used to specify a pool of addresses that
       will be treated differently than another pool of addresses, even on the
       same  network segment or subnet.   For example, you may want to provide
       a large set of addresses that can be assigned to DHCP clients that  are
       registered  to  your  DHCP  server,  while  providing  a smaller set of
       addresses, possibly with short lease  times,  that  are  available  for
       unknown  clients.    If you have a firewall, you may be able to arrange
       for addresses from one pool to be allowed access to the Internet, while
       addresses  in  another pool are not, thus encouraging users to register
       their DHCP clients.   To do this, you would  set  up  a  pair  of  pool

       subnet netmask {
         option routers;

         # Unknown clients get this pool.
         pool {
           option domain-name-servers;
           max-lease-time 300;
           allow unknown-clients;

         # Known clients get this pool.
         pool {
           option domain-name-servers,;
           max-lease-time 28800;
           deny unknown-clients;

       It  is also possible to set up entirely different subnets for known and
       unknown clients - address pools exist at the level of shared  networks,
       so address ranges within pool declarations can be on different subnets.

       As  you  can  see in the preceding example, pools can have permit lists
       that control which clients are allowed access to  the  pool  and  which
       aren't.   Each  entry  in  a  pool's permit list is introduced with the
       allow or deny keyword.   If a pool has a permit list, then  only  those
       clients that match specific entries on the permit list will be eligible
       to be assigned addresses from the pool.   If a pool has  a  deny  list,
       then  only those clients that do not match any entries on the deny list
       will be eligible.    If both permit and deny lists exist  for  a  pool,
       then  only clients that match the permit list and do not match the deny
       list will be allowed access.


       Address allocation is actually only done when a client is in  the  INIT
       state and has sent a DHCPDISCOVER message.  If the client thinks it has
       a valid lease and sends a DHCPREQUEST to initiate or renew that  lease,
       the server has only three choices - it can ignore the DHCPREQUEST, send
       a DHCPNAK to tell the client it should stop using the address, or  send
       a  DHCPACK,  telling  the  client to go ahead and use the address for a

       If the server finds the address the  client  is  requesting,  and  that
       address is available to the client, the server will send a DHCPACK.  If
       the address is no longer available, or the client  isn't  permitted  to
       have  it,  the server will send a DHCPNAK.  If the server knows nothing
       about the address,  it  will  remain  silent,  unless  the  address  is
       incorrect for the network segment to which the client has been attached
       and the server is authoritative for that network segment, in which case
       the  server  will  send a DHCPNAK even though it doesn't know about the

       There may be a host declaration matching the  client's  identification.
       If  that  host  declaration  contains  a fixed-address declaration that
       lists an IP address that is valid for the network segment to which  the
       client  is  connected.   In  this  case,  the DHCP server will never do
       dynamic address allocation.  In this case, the client  is  required  to
       take  the  address  specified  in the host declaration.   If the client
       sends a DHCPREQUEST for some other address,  the  server  will  respond
       with a DHCPNAK.

       When  the  DHCP  server allocates a new address for a client (remember,
       this only happens if the client has  sent  a  DHCPDISCOVER),  it  first
       looks  to see if the client already has a valid lease on an IP address,
       or if there is an old IP address the client had before that hasn't  yet
       been  reassigned.   In that case, the server will take that address and
       check it to see if the client is still permitted to  use  it.   If  the
       client  is  no  longer  permitted  to use it, the lease is freed if the
       server thought it was still in use - the fact that the client has  sent
       a  DHCPDISCOVER proves to the server that the client is no longer using
       the lease.

       If no existing lease is found, or if the client is forbidden to receive
       the  existing  lease,  then the server will look in the list of address
       pools for the network segment to which the client  is  attached  for  a
       lease that is not in use and that the client is permitted to have.   It
       looks through each pool declaration in sequence (all range declarations
       that appear outside of pool declarations are grouped into a single pool
       with no permit list).   If the permit list  for  the  pool  allows  the
       client  to be allocated an address from that pool, the pool is examined
       to see if there is an address available.   If so, then  the  client  is
       tentatively  assigned  that  address.    Otherwise,  the  next  pool is
       tested.   If no addresses are found that can be assigned to the client,
       no response is sent to the client.

       If  an  address is found that the client is permitted to have, and that
       has  never  been  assigned  to  any  client  before,  the  address   is
       immediately  allocated to the client.   If the address is available for
       allocation but has been previously assigned to a different client,  the
       server  will keep looking in hopes of finding an address that has never
       before been assigned to a client.

       The DHCP server generates the list of available  IP  addresses  from  a
       hash  table.    This  means  that  the  addresses are not sorted in any
       particular order, and so it is not possible to  predict  the  order  in
       which  the  DHCP server will allocate IP addresses.   Users of previous
       versions of the ISC DHCP server may have become accustomed to the  DHCP
       server  allocating  IP  addresses  in  ascending  order, but this is no
       longer possible, and there is no way to configure  this  behavior  with
       version 3 of the ISC DHCP server.


       The  DHCP  server  checks IP addresses to see if they are in use before
       allocating them to clients.   It does this  by  sending  an  ICMP  Echo
       request  message  to  the IP address being allocated.   If no ICMP Echo
       reply is received within a second, the address is assumed to  be  free.
       This  is  only  done  for  leases  that  have  been  specified in range
       statements, and only when the lease is thought by the DHCP server to be
       free  -  i.e.,  the DHCP server or its failover peer has not listed the
       lease as in use.

       If a response is received to an ICMP  Echo  request,  the  DHCP  server
       assumes  that there is a configuration error - the IP address is in use
       by some host on the network that is not a DHCP client.   It  marks  the
       address as abandoned, and will not assign it to clients.

       If  a  DHCP  client tries to get an IP address, but none are available,
       but there are abandoned IP addresses, then the DHCP server will attempt
       to  reclaim an abandoned IP address.   It marks one IP address as free,
       and then does the same ICMP Echo request  check  described  previously.
       If there is no answer to the ICMP Echo request, the address is assigned
       to the client.

       The DHCP server does not cycle through abandoned IP  addresses  if  the
       first  IP  address it tries to reclaim is free.   Rather, when the next
       DHCPDISCOVER comes in from the client, it will attempt a new allocation
       using  the  same method described here, and will typically try a new IP


       This version of the ISC DHCP server supports the DHCP failover protocol
       as  documented in draft-ietf-dhc-failover-12.txt.   This is not a final
       protocol document, and we have not done interoperability  testing  with
       other vendors' implementations of this protocol, so you must not assume
       that this implementation conforms to the standard.  If you wish to  use
       the  failover  protocol, make sure that both failover peers are running
       the same version of the ISC DHCP server.

       The failover protocol allows two DHCP servers (and no more than two) to
       share  a common address pool.   Each server will have about half of the
       available IP addresses in the pool at any given  time  for  allocation.
       If one server fails, the other server will continue to renew leases out
       of the pool, and will allocate new addresses out of the roughly half of
       available  addresses  that  it  had  when communications with the other
       server were lost.

       It is possible during a prolonged failure to tell the remaining  server
       that  the other server is down, in which case the remaining server will
       (over time) reclaim all the addresses the other  server  had  available
       for  allocation,  and begin to reuse them.   This is called putting the
       server into the PARTNER-DOWN state.

       You can put the server into the PARTNER-DOWN state either by using  the
       omshell  (1)  command  or  by  stopping  the  server,  editing the last
       failover state declaration  in  the  lease  file,  and  restarting  the
       server.   If you use this last method, change the "my state" line to:

       failover peer name state {
       my state partner-down;
       peer state state at date;

       It is only required to change "my state" as shown above.

       When the other server comes back online, it should automatically detect
       that it has been offline and request a complete update from the  server
       that  was running in the PARTNER-DOWN state, and then both servers will
       resume processing together.

       It is possible to get into a dangerous situation: if you put one server
       into  the PARTNER-DOWN state, and then *that* server goes down, and the
       other server comes back up, the other server will  not  know  that  the
       first  server  was  in  the PARTNER-DOWN state, and may issue addresses
       previously issued by the other server to different  clients,  resulting
       in  IP  address  conflicts.   Before putting a server into PARTNER-DOWN
       state, therefore, make sure that the  other  server  will  not  restart

       The  failover  protocol  defines  a primary server role and a secondary
       server  role.    There  are  some  differences  in  how  primaries  and
       secondaries  act,  but  most  of the differences simply have to do with
       providing a way for each peer to behave in the opposite  way  from  the
       other.    So  one  server  must be configured as primary, and the other
       must be configured as secondary, and it doesn't matter too  much  which
       one is which.


       When  a  server  starts  that  has not previously communicated with its
       failover peer, it must establish communications with its failover  peer
       and  synchronize with it before it can serve clients.   This can happen
       either because you have just configured your DHCP  servers  to  perform
       failover  for  the  first time, or because one of your failover servers
       has failed catastrophically and lost its database.

       The initial recovery process  is  designed  to  ensure  that  when  one
       failover  peer  loses  its database and then resynchronizes, any leases
       that the failed server gave out before it failed will be honored.  When
       the  failed  server starts up, it notices that it has no saved failover
       state, and attempts to contact its peer.

       When it has established contact, it asks the peer for a  complete  copy
       its  peer's lease database.  The peer then sends its complete database,
       and sends a message indicating that it is done.  The failed server then
       waits until MCLT has passed, and once MCLT has passed both servers make
       the transition back into normal operation.  This waiting period ensures
       that  any  leases  the  failed  server  may have given out while out of
       contact with its partner will have expired.

       While the failed server is  recovering,  its  partner  remains  in  the
       partner-down  state,  which  means that it is serving all clients.  The
       failed server provides no service at all to DHCP clients until  it  has
       made the transition into normal operation.

       In  the  case  where  both  servers  detect that they have never before
       communicated with their partner, they both come  up  in  this  recovery
       state  and follow the procedure we have just described.   In this case,
       no service will be provided to DHCP clients until MCLT has expired.


       In order to configure failover, you need to write  a  peer  declaration
       that  configures  the  failover  protocol,  and  you need to write peer
       references in each pool declaration for which you want to do  failover.
       You  do  not  have  to  do  failover  for  all pools on a given network
       segment.    You must not tell one  server  it's  doing  failover  on  a
       particular  address  pool  and tell the other it is not.   You must not
       have any common address pools on which you are not doing  failover.   A
       pool declaration that utilizes failover would look like this:

       pool {
            failover peer "foo";
            pool specific parameters

       The   server currently  does very  little  sanity checking,  so if  you
       configure it wrong, it will just  fail in odd ways.  I would  recommend
       therefore  that you either do  failover or don't do failover, but don't
       do any mixed pools.  Also,  use the same master configuration file  for
       both   servers,  and  have  a  separate file  that  contains  the  peer
       declaration and includes the master file.  This will help you to  avoid
       configuration   mismatches.  As our  implementation evolves,  this will
       become  less of  a  problem.  A  basic  sample dhcpd.conf  file for   a
       primary server might look like this:

       failover peer "foo" {
         port 519;
         peer address;
         peer port 520;
         max-response-delay 60;
         max-unacked-updates 10;
         mclt 3600;
         split 128;
         load balance max seconds 3;

       include "/etc/dhcpd.master";

       The statements in the peer declaration are as follows:

       The primary and secondary statements

         [ primary | secondary ];

         This  determines  whether  the  server  is  primary  or secondary, as
         described earlier under DHCP FAILOVER.

       The address statement

         address address;

         The address statement declares the IP address or DNS  name  on  which
         the  server should listen for connections from its failover peer, and
         also  the  value  to  use  for  the  DHCP  Failover  Protocol  server
         identifier.   Because this value is used as an identifier, it may not
         be omitted.

       The peer address statement

         peer address address;

         The peer address statement declares the IP address  or  DNS  name  to
         which  the  server  should  connect  to  reach  its failover peer for
         failover messages.

       The port statement

         port port-number;

         The port statement declares the TCP port on which the  server  should
         listen for connections from its failover peer.  This statement may be
         omitted, in which case the IANA assigned port number 647 will be used
         by default.

       The peer port statement

         peer port port-number;

         The  peer  port  statement  declares the TCP port to which the server
         should connect to reach its  failover  peer  for  failover  messages.
         This  statement  may be omitted, in which case the IANA assigned port
         number 647 will be used by default.

       The max-response-delay statement

         max-response-delay seconds;

         The max-response-delay statement  tells  the  DHCP  server  how  many
         seconds  may  pass without receiving a message from its failover peer
         before it assumes that connection has failed.   This number should be
         small  enough  that  a  transient  network  failure  that  breaks the
         connection will not result in the servers being out of  communication
         for  a  long  time, but large enough that the server isn't constantly
         making and breaking connections.   This parameter must be specified.

       The max-unacked-updates statement

         max-unacked-updates count;

         The max-unacked-updates statement tells the remote  DHCP  server  how
         many BNDUPD messages it can send before it receives a BNDACK from the
         local system.   We don't have enough operational  experience  to  say
         what a good value for this is, but 10 seems to work.   This parameter
         must be specified.

       The mclt statement

         mclt seconds;

         The mclt statement defines the Maximum Client Lead Time.   It must be
         specified  on the primary, and may not be specified on the secondary.
         This is the length of time for which a lease may be renewed by either
         failover  peer  without  contacting  the  other.   The longer you set
         this, the longer it will take for the running server  to  recover  IP
         addresses after moving into PARTNER-DOWN state.   The shorter you set
         it, the more load your servers will  experience  when  they  are  not
         communicating.     A   value  of  something  like  3600  is  probably
         reasonable, but again bear in mind that we have no  real  operational
         experience with this.

       The split statement

         split index;

         The  split  statement  specifies  the  split  between the primary and
         secondary for the purposes of load  balancing.    Whenever  a  client
         makes  a  DHCP  request,  the  DHCP  server runs a hash on the client
         identification, resulting in value from 0 to 255.  This is used as an
         index  into  a  256  bit field.  If the bit at that index is set, the
         primary is responsible.  If the bit at that index  is  not  set,  the
         secondary is responsible.  The split value determines how many of the
         leading bits are set to one.  So, in practice,  higher  split  values
         will  cause  the  primary  to  serve more clients than the secondary.
         Lower split values, the converse.  Legal values  are  between  0  and
         255, of which the most reasonable is 128.

       The hba statement

         hba colon-separated-hex-list;

         The  hba  statement  specifies  the  split  between  the  primary and
         secondary as a bitmap  rather  than  a  cutoff,  which  theoretically
         allows for finer-grained control.   In practice, there is probably no
         need  for  such  fine-grained  control,  however.    An  example  hba

           hba ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:

         This  is  equivalent  to  a split 128; statement, and identical.  The
         following two examples are also equivalent to a split of 128, but are
         not identical:

           hba aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:

           hba 55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:55:

         They are equivalent, because half the bits are set to 0, half are set
         to 1 (0xa  and  0x5  are  1010  and  0101  binary  respectively)  and
         consequently  this  would  roughly divide the clients equally between
         the servers.  They are not identical, because the actual  peers  this
         would load balance to each server are different for each example.

         You must only have split or hba defined, never both.  For most cases,
         the fine-grained control that hba offers isn't necessary,  and  split
         should be used.

       The load balance max seconds statement

         load balance max seconds seconds;

         This  statement  allows  you  to  configure a cutoff after which load
         balancing is disabled.  The cutoff is based on the number of  seconds
         since  the client sent its first DHCPDISCOVER or DHCPREQUEST message,
         and only works with clients that correctly implement the secs field -
         fortunately  most clients do.  We recommend setting this to something
         like 3 or 5.  The effect of this is that if one of the failover peers
         gets into a state where it is responding to failover messages but not
         responding to some client requests, the other failover peer will take
         over its client load automatically as the clients retry.

       The auto-partner-down statement

         auto-partner-down seconds;

         This  statement  instructs  the server to initiate a timed delay upon
         entering the communications-interrupted state (any situation of being
         out-of-contact  with the remote failover peer).  At the conclusion of
         the timer, the  server  will  automatically  enter  the  partner-down
         state.  This permits the server to allocate leases from the partner's
         free lease pool after  an  STOS+MCLT  timer  expires,  which  can  be
         dangerous  if  the  partner is in fact operating at the time (the two
         servers will give conflicting bindings).

         Think very carefully before enabling this feature.  The  partner-down
         and  communications-interrupted  states  are intentionally segregated
         because there do exist situations where a failover server can fail to
         communicate  with  its peer, but still has the ability to receive and
         reply to requests from DHCP clients.  In general, this feature should
         only  be  used  in  those  deployments where the failover servers are
         directly connected to one another, such as by a  dedicated  hardwired
         link ("a heartbeat cable").

         A  zero  value  disables  the  auto-partner-down  feature  (also  the
         default), and any positive value indicates the  time  in  seconds  to
         wait before automatically entering partner-down.

       The Failover pool balance statements.

          max-lease-misbalance percentage;
          max-lease-ownership percentage;
          min-balance seconds;
          max-balance seconds;

         This version of the DHCP Server evaluates pool balance on a schedule,
         rather than on demand as leases are allocated.  The  latter  approach
         proved  to  be  slightly  klunky  when  pool  misbalanced reach total
         saturation...when any server ran out of leases  to  assign,  it  also
         lost its ability to notice it had run dry.

         In  order  to understand pool balance, some elements of its operation
         first need to be defined.   First,  there  are  ´free´  and  ´backup´
         leases.   Both  of  these  are  referred  to  as ´free state leases´.
         ´free´ and ´backup´ are ´the free states´ for  the  purpose  of  this
         document.   The difference is that only the primary may allocate from
         ´free´ leases  unless  under  special  circumstances,  and  only  the
         secondary may allocate ´backup´ leases.

         When  pool balance is performed, the only plausible expectation is to
         provide a 50/50 split of  the  free  state  leases  between  the  two
         servers.   This is because no one can predict which server will fail,
         regardless of the relative load  placed  upon  the  two  servers,  so
         giving each server half the leases gives both servers the same amount
         of ´failure endurance´.  Therefore, there is no way to configure  any
         different  behaviour,  outside  of  some  very  small windows we will
         describe shortly.

         The first thing calculated  on  any  pool  balance  run  is  a  value
         referred  to  as  ´lts´,  or  "Leases To Send".  This, simply, is the
         difference in the count of free and backup leases,  divided  by  two.
         For  the  secondary,  it  is  the  difference  in the backup and free
         leases, divided by two.  The resulting value  is  signed:  if  it  is
         positive, the local server is expected to hand out leases to retain a
         50/50 balance.  If it is negative, the remote server  would  need  to
         send  leases  to  balance the pool.  Once the lts value reaches zero,
         the pool is perfectly balanced (give or take one lease in the case of
         an odd number of total free state leases).

         The  current  approach  is  still  something  of  a hybrid of the old
         approach,  marked  by  the  presence  of   the   max-lease-misbalance
         statement.   This  parameter  configures  what used to be a 10% fixed
         value in previous versions: if lts is less than  free+backup  *  max-
         lease-misbalance percent, then the server will skip balancing a given
         pool (it won't bother moving any leases, even if some leases "should"
         be  moved).   The  meaning of this value is also somewhat overloaded,
         however, in that it also governs the estimation of when to attempt to
         balance  the  pool (which may then also be skipped over).  The oldest
         leases in the free and backup states are  examined.   The  time  they
         have  resided  in  their  respective queues is used as an estimate to
         indicate how much time it is probable it would take before the leases
         at the top of the list would be consumed (and thus, how long it would
         take to use all leases in that state).  This percentage  is  directly
         multiplied by this time, and fit into the schedule if it falls within
         the min-balance and max-balance  configured  values.   The  scheduled
         pool  check  time is only moved in a downwards direction, it is never
         increased.  Lastly, if the lts is more than double this number in the
         negative  direction,  the  local  server  will ´panic´ and transmit a
         Failover protocol POOLREQ message,  in  the  hopes  that  the  remote
         system will be woken up into action.

         Once  the  lts  value  exceeds the max-lease-misbalance percentage of
         total free state leases as described above, leases are moved  to  the
         remote server.  This is done in two passes.

         In  the  first pass, only leases whose most recent bound client would
         have been served by the remote server - according to the Load Balance
         Algorithm  (see  above  split and hba configuration statements) - are
         given away to the peer.  This first pass  will  happily  continue  to
         give  away  leases, decrementing the lts value by one for each, until
         the lts value has reached the negative of the total number of  leases
         multiplied  by  the max-lease-ownership percentage.  So it is through
         this value that you can permit a small misbalance of the lease  pools
         -  for  the  purpose  of  giving  the peer more than a 50/50 share of
         leases in the hopes that their clients might some day return  and  be
         allocated by the peer (operating normally).  This process is referred
         to as ´MAC Address Affinity´,  but  this  is  somewhat  misnamed:  it
         applies  equally  to  DHCP Client Identifier options.  Note also that
         affinity is applied to leases when they enter the state  ´free´  from
         ´expired´ or ´released´.  In this case also, leases will not be moved
         from free to backup if the secondary already has more than its share.

         The second pass is only entered into  if  the  first  pass  fails  to
         reduce  the  lts  underneath  the  total  number of free state leases
         multiplied by the max-lease-ownership percentage.  In this pass,  the
         oldest leases are given over to the peer without second thought about
         the Load Balance Algorithm, and this continues until  the  lts  falls
         under  this  value.   In this way, the local server will also happily
         keep a small percentage  of  the  leases  that  would  normally  load
         balance to itself.

         So,  the  max-lease-misbalance  value  acts  as  a  behavioural gate.
         Smaller values will cause more leases to transition states to balance
         the pools over time, higher values will decrease the amount of change
         (but may lead to pool starvation if there's a run on leases).

         The max-lease-ownership value permits a small  (percentage)  skew  in
         the  lease  balance of a percentage of the total number of free state

         Finally,  the  min-balance  and  max-balance  make  certain  that   a
         scheduled  rebalance event happens within a reasonable timeframe (not
         to be thrown off by, for example, a 7 year old free lease).

         Plausible  values  for  the  percentages  lie  between  0  and   100,
         inclusive,  but values over 50 are indistinguishable from one another
         (once lts exceeds 50% of the  free  state  leases,  one  server  must
         therefore  have 100% of the leases in its respective free state).  It
         is recommended to select a max-lease-ownership value  that  is  lower
         than  the  value  selected  for the max-lease-misbalance value.  max-
         lease-ownership defaults to 10, and max-lease-misbalance defaults  to

         Plausible values for the min-balance and max-balance times also range
         from 0 to (2^32)-1 (or the limit of your  local  time_t  value),  but
         default  to  values 60 and 3600 respectively (to place balance events
         between 1 minute and 1 hour).


       Clients  can  be  separated  into  classes,  and  treated   differently
       depending  on  what  class  they  are in.   This separation can be done
       either with a conditional statement, or with a match  statement  within
       the class declaration.   It is possible to specify a limit on the total
       number of clients within a particular class or subclass that  may  hold
       leases at one time, and it is possible to specify automatic subclassing
       based on the contents of the client packet.

       To add clients to classes based  on  conditional  evaluation,  you  can
       specify a matching expression in the class statement:

       class "ras-clients" {
         match if substring (option dhcp-client-identifier, 1, 3) = "RAS";

       Note  that  whether  you use matching expressions or add statements (or
       both) to classify clients, you must always write  a  class  declaration
       for  any  class that you use.   If there will be no match statement and
       no in-scope statements for a class, the declaration  should  look  like

       class "ras-clients" {


       In  addition  to  classes,  it  is  possible to declare subclasses.   A
       subclass is a class with the same name as a regular class, but  with  a
       specific  submatch expression which is hashed for quick matching.  This
       is essentially a speed hack - the main difference between five  classes
       with  match  expressions  and one class with five subclasses is that it
       will be quicker to find the subclasses.   Subclasses work as follows:

       class "allocation-class-1" {
         match pick-first-value (option dhcp-client-identifier, hardware);

       class "allocation-class-2" {
         match pick-first-value (option dhcp-client-identifier, hardware);

       subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
       subclass "allocation-class-2" 1:8:0:2b:a9:cc:e3;
       subclass "allocation-class-1" 1:0:0:c4:aa:29:44;

       subnet netmask {
         pool {
           allow members of "allocation-class-1";
         pool {
           allow members of "allocation-class-2";

       The data following the class name in  the  subclass  declaration  is  a
       constant  value  to use in matching the match expression for the class.
       When class matching  is  done,  the  server  will  evaluate  the  match
       expression and then look the result up in the hash table.   If it finds
       a match, the client is considered a member of both the  class  and  the

       Subclasses  can  be  declared  with  or  without  scope.   In the above
       example, the sole purpose of the subclass  is  to  allow  some  clients
       access to one address pool, while other clients are given access to the
       other pool, so these subclasses are declared without scopes.   If  part
       of  the  purpose  of  the  subclass  were to define different parameter
       values for some clients, you might want to declare some subclasses with

       In  the  above  example,  if  you  had a single client that needed some
       configuration parameters,  while  most  didn't,  you  might  write  the
       following subclass declaration for that client:

       subclass "allocation-class-2" 1:08:00:2b:a1:11:31 {
         option root-path "samsara:/var/diskless/alphapc";
         filename "/tftpboot/netbsd.alphapc-diskless";

       In  this  example,  we've  used subclassing as a way to control address
       allocation on a per-client basis.  However, it's also possible  to  use
       subclassing  in ways that are not specific to clients - for example, to
       use the value of the vendor-class-identifier option to  determine  what
       values  to  send in the vendor-encapsulated-options option.  An example
       of this is shown under the VENDOR  ENCAPSULATED  OPTIONS  head  in  the
       dhcp-options(5) manual page.


       You may specify a limit to the number of clients in a class that can be
       assigned leases.   The effect of this will be to make it difficult  for
       a  new  client in a class to get an address.   Once a class with such a
       limit has reached its limit, the only way a new client  in  that  class
       can  get  a  lease  is  for an existing client to relinquish its lease,
       either by letting it  expire,  or  by  sending  a  DHCPRELEASE  packet.
       Classes with lease limits are specified as follows:

       class "limited-1" {
         lease limit 4;

       This will produce a class in which a maximum of four members may hold a
       lease at one time.


       It is possible to declare a spawning class.   A  spawning  class  is  a
       class  that  automatically produces subclasses based on what the client
       sends.   The reason that spawning classes were created was to  make  it
       possible  to  create lease-limited classes on the fly.   The envisioned
       application is a  cable-modem  environment  where  the  ISP  wishes  to
       provide clients at a particular site with more than one IP address, but
       does not wish to provide such clients with their own subnet,  nor  give
       them  an  unlimited  number of IP addresses from the network segment to
       which they are connected.

       Many cable modem head-end systems can be  configured  to  add  a  Relay
       Agent Information option to DHCP packets when relaying them to the DHCP
       server.   These systems typically add a circuit ID or remote ID  option
       that  uniquely  identifies  the  customer  site.   To take advantage of
       this, you can write a class declaration as follows:

       class "customer" {
         spawn with option agent.circuit-id;
         lease limit 4;

       Now whenever a request comes in from a customer site,  the  circuit  ID
       option  will be checked against the class's hash table.   If a subclass
       is found that matches the circuit ID, the client will be classified  in
       that  subclass  and  treated  accordingly.    If  no  subclass is found
       matching the circuit ID, a new one will be created and  logged  in  the
       dhcpd.leases file, and the client will be classified in this new class.
       Once the client has been classified, it will be  treated  according  to
       the  rules  of the class, including, in this case, being subject to the
       per-site limit of four leases.

       The use of the subclass spawning mechanism is not restricted  to  relay
       agent  options  - this particular example is given only because it is a
       fairly straightforward one.


       In some cases, it may be useful to  use  one  expression  to  assign  a
       client  to a particular class, and a second expression to put it into a
       subclass of that class.   This can be done by combining  the  match  if
       and  spawn with statements, or the match if and match statements.   For

       class "jr-cable-modems" {
         match if option dhcp-vendor-identifier = "jrcm";
         spawn with option agent.circuit-id;
         lease limit 4;

       class "dv-dsl-modems" {
         match if option dhcp-vendor-identifier = "dvdsl";
         spawn with option agent.circuit-id;
         lease limit 16;

       This allows you to have two classes that both have the same spawn  with
       expression without getting the clients in the two classes confused with
       each other.


       The DHCP server has the ability to dynamically update the  Domain  Name
       System.   Within  the  configuration files, you can define how you want
       the Domain Name System to be  updated.   These  updates  are  RFC  2136
       compliant  so  any  DNS  server  supporting  RFC 2136 should be able to
       accept updates from the DHCP server.

       Two DNS update  schemes  are  currently  implemented,  and  another  is
       planned.    The  two  that are currently implemented are the ad-hoc DNS
       update mode and the interim DHCP-DNS interaction draft update mode.  In
       the  future  we plan to add a third mode which will be the standard DNS
       update method based on the RFCS for DHCP-DNS interaction and DHCID  The
       DHCP  server  must  be  configured  to  use  one  of the two currently-
       supported methods, or not to do dns updates.  This can be done with the
       ddns-update-style configuration parameter.


       The  ad-hoc  Dynamic  DNS  update scheme is now deprecated and does not
       work.  In future releases of the ISC DHCP server, this scheme will  not
       likely  be  available.   The interim scheme works, allows for failover,
       and should now be used.  The following description  is  left  here  for
       informational purposes only.

       The ad-hoc Dynamic DNS update scheme implemented in this version of the
       ISC DHCP server is a prototype design, which does not have much  to  do
       with  the standard update method that is being standardized in the IETF
       DHC working group, but rather implements some very basic,  yet  useful,
       update  capabilities.    This  mode  does  not  work  with the failover
       protocol because it  does  not  account  for  the  possibility  of  two
       different DHCP servers updating the same set of DNS records.

       For  the  ad-hoc DNS update method, the client's FQDN is derived in two
       parts.   First, the hostname is determined.   Then, the domain name  is
       determined, and appended to the hostname.

       The DHCP server determines the client's hostname by first looking for a
       ddns-hostname configuration option, and using that if  it  is  present.
       If  no such option is present, the server looks for a valid hostname in
       the FQDN option sent by the client.  If  one  is  found,  it  is  used;
       otherwise,  if  the  client  sent  a  host-name  option,  that is used.
       Otherwise, if there is a host declaration that applies to  the  client,
       the name from that declaration will be used.  If none of these applies,
       the server will not have a hostname for the client,  and  will  not  be
       able to do a DNS update.

       The  domain  name  is determined from the ddns-domainname configuration
       option.  The default configuration for this option is:

         option server.ddns-domainname = config-option domain-name;

       So if this configuration option is not configured to a different  value
       (over-riding  the  above  default),  or if a domain-name option has not
       been configured for the  client's  scope,  then  the  server  will  not
       attempt to perform a DNS update.

       The client's fully-qualified domain name, derived as we have described,
       is used as the name on which an "A"  record  will  be  stored.   The  A
       record  will contain the IP address that the client was assigned in its
       lease.   If there is already an A record with the same name in the  DNS
       server,  no  update  of  either  the A or PTR records will occur - this
       prevents a client from claiming that its hostname is the name  of  some
       network  server.    For  example,  if  you  have  a  fileserver  called
       "", and the client claims its hostname is "fs", no DNS
       update  will  be  done  for  that  client, and an error message will be

       If the A record update succeeds, a PTR record update for  the  assigned
       IP  address  will  be  done, pointing to the A record.   This update is
       unconditional - it will be done even if another PTR record of the  same
       name  exists.    Since  the  IP  address  has been assigned to the DHCP
       server, this should be safe.

       Please note that the current implementation assumes clients only have a
       single  network  interface.   A client with two network interfaces will
       see unpredictable behavior.   This is considered a  bug,  and  will  be
       fixed  in a later release.   It may be helpful to enable the one-lease-
       per-client parameter so that roaming clients do not trigger  this  same

       The  DHCP protocol normally involves a four-packet exchange - first the
       client sends a DHCPDISCOVER message, then the server sends a DHCPOFFER,
       then  the  client sends a DHCPREQUEST, then the server sends a DHCPACK.
       In the current version of the server, the server will do a  DNS  update
       after  it  has  received  the  DHCPREQUEST,  and before it has sent the
       DHCPACK.   It only sends the DNS update if it has not sent one for  the
       client's  address  before,  in order to minimize the impact on the DHCP

       When the client's lease expires, the DHCP server (if it is operating at
       the  time, or when next it operates) will remove the client's A and PTR
       records from the DNS database.   If the client releases  its  lease  by
       sending  a  DHCPRELEASE  message, the server will likewise remove the A
       and PTR records.


       The interim DNS update scheme  operates  mostly  according  to  several
       drafts considered by the IETF.  While the drafts have since become RFCs
       the code was written before they were  finalized  and  there  are  some
       differences between our code and the final RFCs.  We plan to update our
       code, probably adding a standard DNS update option, at some time.   The
       basic framework is similar with the main material difference being that
       a DHCID RR was assigned in the RFCs whereas our code continues  to  use
       an  experimental  TXT  record.   The  format  of the TXT record bears a
       resemblance to the DHCID RR but it is  not  equivalent  (MD5  vs  SHA1,
       field length differences etc).  The standard RFCs are:

                            RFC 4701 (updated by RF5494)
                                      RFC 4702
                                      RFC 4703

       And the corresponding drafts were:


       Because  our implementation is slightly different than the standard, we
       will briefly document the operation of this update style here.

       The first point to understand about this style of DNS  update  is  that
       unlike  the  ad-hoc  style, the DHCP server does not necessarily always
       update both the A and the PTR records.   The  FQDN  option  includes  a
       flag  which,  when sent by the client, indicates that the client wishes
       to update its  own  A  record.    In  that  case,  the  server  can  be
       configured  either  to  honor  the  client's intentions or ignore them.
       This is done with the statement allow client-updates; or the  statement
       ignore client-updates;.   By default, client updates are allowed.

       If the server is configured to allow client updates, then if the client
       sends a fully-qualified domain name in the FQDN option, the server will
       use  that  name  the  client  sent in the FQDN option to update the PTR
       record.   For example, let us say that the client is a visitor from the
       ""  domain,  whose hostname is "jschmoe".   The server is for
       the "" domain.   The  DHCP  client  indicates  in  the  FQDN
       option that its FQDN is "".   It also indicates that
       it wants to update its own A record.   The DHCP server  therefore  does
       not attempt to set up an A record for the client, but does set up a PTR
       record for the IP address that  it  assigns  the  client,  pointing  at    Once  the  DHCP client has an IP address, it can
       update its own A record, assuming that the "" DNS server will
       allow it to do so.

       If  the  server  is  configured  not to allow client updates, or if the
       client doesn't want to do its own update, the server will simply choose
       a  name  for the client from either the fqdn option (if present) or the
       hostname option (if present).  It will use its own domain name for  the
       client,  just as in the ad-hoc update scheme.  It will then update both
       the A and PTR record, using the name that it chose for the client.   If
       the  client sends a fully-qualified domain name in the fqdn option, the
       server uses only the leftmost part of the domain name - in the  example
       above, "jschmoe" instead of "".

       Further,  if  the  ignore  client-updates;  directive is used, then the
       server will in addition send a response in the DHCP packet,  using  the
       FQDN  Option, that implies to the client that it should perform its own
       updates if it chooses to do so.  With deny client-updates;, a  response
       is sent which indicates the client may not perform updates.

       Also,  if the use-host-decl-names configuration option is enabled, then
       the host declaration's hostname will be used in place of  the  hostname
       option, and the same rules will apply as described above.

       The  other  difference between the ad-hoc scheme and the interim scheme
       is that with the interim scheme, a method is used that allows more than
       one  DHCP  server  to  update  the  DNS  database  without accidentally
       deleting A records that shouldn't be  deleted  nor  failing  to  add  A
       records that should be added.   The scheme works as follows:

       When  the  DHCP  server  issues a client a new lease, it creates a text
       string that is an MD5 hash over the DHCP client's  identification  (see
       draft-ietf-dnsext-dhcid-rr-??.txt  for details).   The update adds an A
       record with the name the server chose and a TXT record  containing  the
       hashed  identifier  string  (hashid).    If  this  update succeeds, the
       server is done.

       If the update fails because the A record already exists, then the  DHCP
       server  attempts  to  add the A record with the prerequisite that there
       must be a TXT record in the same name as the new A record, and that TXT
       record's  contents  must be equal to hashid.   If this update succeeds,
       then the client has its A record and PTR record.   If  it  fails,  then
       the  name  the  client  has been assigned (or requested) is in use, and
       can't be used by the client.   At this point the DHCP server  gives  up
       trying to do a DNS update for the client until the client chooses a new

       The interim DNS update  scheme  is  called  interim  for  two  reasons.
       First,  it  does  not  quite follow the RFCs.   The RFCs call for a new
       DHCID RRtype while he interim DNS update scheme uses a TXT record.  The
       ddns-resolution  draft  called for the DHCP server to put a DHCID RR on
       the PTR record, but the interim update method does not do this.  In the
       final  RFC  this  requirement  was relaxed such that a server may add a
       DHCID RR to the PTR record.

       In addition to these differences, the server also does not update  very
       aggressively.  Because each DNS update involves a round trip to the DNS
       server, there is a cost associated with doing updates even if  they  do
       not  actually  modify  the  DNS  database.    So the DHCP server tracks
       whether or not it has updated the record in the past (this  information
       is  stored on the lease) and does not attempt to update records that it
       thinks it has already updated.

       This can lead to cases where the DHCP server adds a  record,  and  then
       the  record  is  deleted  through  some other mechanism, but the server
       never again updates the DNS because  it  thinks  the  data  is  already
       there.    In  this  case the data can be removed from the lease through
       operator intervention, and once this has been done,  the  DNS  will  be
       updated the next time the client renews.


       When  you set your DNS server up to allow updates from the DHCP server,
       you may be exposing it to unauthorized updates.   To  avoid  this,  you
       should  use  TSIG  signatures  -  a method of cryptographically signing
       updates using a shared secret key.   As long as you protect the secrecy
       of  this key, your updates should also be secure.   Note, however, that
       the DHCP protocol itself provides no security,  and  that  clients  can
       therefore  provide information to the DHCP server which the DHCP server
       will  then  use  in  its  updates,  with  the   constraints   described

       The  DNS  server  must be configured to allow updates for any zone that
       the DHCP server will be updating.  For example, let us say that clients
       in  the  domain  will  be  assigned  addresses  on  the subnet.  In that case, you will need  a  key  declaration
       for  the  TSIG  key you will be using, and also two zone declarations -
       one for the zone containing A records that will be updates and one  for
       the zone containing PTR records - for ISC BIND, something like this:

       key DHCP_UPDATER {
         algorithm HMAC-MD5.SIG-ALG.REG.INT;
         secret pRP5FapFoJ95JEL06sv4PQ==;

       zone "" {
            type master;
            file "";
            allow-update { key DHCP_UPDATER; };

       zone "" {
            type master;
            file "10.10.17.db";
            allow-update { key DHCP_UPDATER; };

       You will also have to configure your DHCP server to do updates to these
       zones.   To do so,  you  need  to  add  something  like  this  to  your
       dhcpd.conf file:

       key DHCP_UPDATER {
         algorithm HMAC-MD5.SIG-ALG.REG.INT;
         secret pRP5FapFoJ95JEL06sv4PQ==;

       zone EXAMPLE.ORG. {
         key DHCP_UPDATER;

       zone {
         key DHCP_UPDATER;

       The primary statement specifies the IP address of the name server whose
       zone information  is  to  be  updated.   In  addition  to  the  primary
       statement  there  are  also  the  primary6  ,  secondary and secondary6
       statements.  The primary6 statement specifies an IPv6 address  for  the
       name server.  The secondaries provide for additional addresses for name
       servers to be used if the primary does not respond.  The number of name
       servers  the  DDNS code will attempt to use before giving up is limited
       and is currently set to three.

       Note that the zone declarations have to correspond to authority records
       in your name server - in the above example, there must be an SOA record
       for "" and for "".   For example,  if
       there  were  a  subdomain  ""  with no separate SOA, you
       could not write a zone declaration for ""  Also keep in
       mind  that  zone  names in your DHCP configuration should end in a ".";
       this is the preferred syntax.  If you do not end your zone  name  in  a
       ".",  the  DHCP  server will figure it out.  Also note that in the DHCP
       configuration, zone names are not encapsulated in  quotes  where  there
       are in the DNS configuration.

       You should choose your own secret key, of course.  The ISC BIND 8 and 9
       distributions come with a program for  generating  secret  keys  called
       dnssec-keygen.  The version that comes with BIND 9 is likely to produce
       a substantially more random key, so we recommend you use that one  even
       if  you are not using BIND 9 as your DNS server.  If you are using BIND
       9's dnssec-keygen, the above key would be created as follows:

            dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER

       If you are using the BIND 8 dnskeygen program,  the  following  command
       will generate a key as seen above:

            dnskeygen -H 128 -u -c -n DHCP_UPDATER

       You  may  wish to enable logging of DNS updates on your DNS server.  To
       do so, you might write a logging statement like the following:

       logging {
            channel update_debug {
                 file "/var/log/update-debug.log";
                 severity  debug 3;
                 print-category yes;
                 print-severity yes;
                 print-time     yes;
            channel security_info    {
                 file "/var/log/";
                 severity  info;
                 print-category yes;
                 print-severity yes;
                 print-time     yes;

            category update { update_debug; };
            category security { security_info; };

       You  must  create  the  /var/log/  and  /var/log/update-
       debug.log files before starting the name server.   For more information
       on configuring ISC BIND, consult the documentation that accompanies it.


       There are three kinds of events that can happen regarding a lease,  and
       it  is  possible  to  declare  statements  that occur when any of these
       events happen.   These events are the commit event, when the server has
       made  a  commitment  of a certain lease to a client, the release event,
       when the client has released the server from its  commitment,  and  the
       expiry event, when the commitment expires.

       To  declare  a  set of statements to execute when an event happens, you
       must use the on statement, followed by the name of the event,  followed
       by  a  series of statements to execute when the event happens, enclosed
       in braces.   Events are used to implement DNS updates,  so  you  should
       not  define  your  own event handlers if you are using the built-in DNS
       update mechanism.

       The built-in version of the DNS update mechanism is in  a  text  string
       towards  the  top  of  server/dhcpd.c.    If you want to use events for
       things other than DNS updates, and you also want DNS updates, you  will
       have  to  start  out by copying this code into your dhcpd.conf file and
       modifying it.


       The include statement

        include "filename";

       The include statement is used to read in a named file, and process  the
       contents of that file as though it were entered in place of the include

       The shared-network statement

        shared-network name {
          [ parameters ]
          [ declarations ]

       The shared-network statement is used to inform  the  DHCP  server  that
       some  IP subnets actually share the same physical network.  Any subnets
       in  a  shared  network  should  be  declared  within  a  shared-network
       statement.   Parameters  specified in the shared-network statement will
       be used  when  booting  clients  on  those  subnets  unless  parameters
       provided at the subnet or host level override them.  If any subnet in a
       shared network has addresses available for  dynamic  allocation,  those
       addresses  are collected into a common pool for that shared network and
       assigned to clients as needed.  There is no way to distinguish on which
       subnet of a shared network a client should boot.

       Name should be the name of the shared network.   This name is used when
       printing debugging messages, so it should be descriptive for the shared
       network.    The  name  may  have  the  syntax  of  a  valid domain name
       (although it will never be used as such), or it may  be  any  arbitrary
       name, enclosed in quotes.

       The subnet statement

        subnet subnet-number netmask netmask {
          [ parameters ]
          [ declarations ]

       The  subnet  statement is used to provide dhcpd with enough information
       to tell whether or not an IP address is on that subnet.  It may also be
       used   to  provide  subnet-specific  parameters  and  to  specify  what
       addresses may be dynamically  allocated  to  clients  booting  on  that
       subnet.   Such addresses are specified using the range declaration.

       The subnet-number should be an IP address or domain name which resolves
       to the subnet number of  the  subnet  being  described.    The  netmask
       should  be  an  IP  address or domain name which resolves to the subnet
       mask of the subnet being described.   The subnet number, together  with
       the  netmask,  are sufficient to determine whether any given IP address
       is on the specified subnet.

       Although a netmask must be given with every subnet declaration,  it  is
       recommended  that if there is any variance in subnet masks at a site, a
       subnet-mask option statement be used in each subnet declaration to  set
       the  desired  subnet  mask, since any subnet-mask option statement will
       override the subnet mask declared in the subnet statement.

       The subnet6 statement

        subnet6 subnet6-number {
          [ parameters ]
          [ declarations ]

       The subnet6 statement is used to provide dhcpd with enough  information
       to tell whether or not an IPv6 address is on that subnet6.  It may also
       be used to provide  subnet-specific  parameters  and  to  specify  what
       addresses  may  be  dynamically  allocated  to  clients booting on that

       The subnet6-number should be an IPv6 network identifier,  specified  as

       The range statement

       range [ dynamic-bootp ] low-address [ high-address];

       For  any  subnet on which addresses will be assigned dynamically, there
       must be at least one range statement.   The range statement  gives  the
       lowest  and  highest IP addresses in a range.   All IP addresses in the
       range should be in the subnet in which the range statement is declared.
       The  dynamic-bootp  flag may be specified if addresses in the specified
       range may be dynamically assigned to BOOTP  clients  as  well  as  DHCP
       clients.    When  specifying  a  single  address,  high-address  can be

       The range6 statement

       range6 low-address high-address;
       range6 subnet6-number;
       range6 subnet6-number temporary;
       range6 address temporary;

       For any IPv6 subnet6 on which addresses will be  assigned  dynamically,
       there  must  be at least one range6 statement. The range6 statement can
       either be the lowest and highest IPv6 addresses in  a  range6,  or  use
       CIDR  notation,  specified as ip6-address/bits. All IP addresses in the
       range6 should be in the  subnet6  in  which  the  range6  statement  is

       The  temporary  variant  makes  the  prefix  (by  default  on  64 bits)
       available for temporary (RFC 4941) addresses. A new address per  prefix
       in the shared network is computed at each request with an IA_TA option.
       Release and Confirm ignores temporary addresses.

       Any IPv6 addresses given to hosts with fixed-address6 are excluded from
       the range6, as are IPv6 addresses on the server itself.

       The prefix6 statement

       prefix6 low-address high-address / bits;

       The  prefix6 is the range6 equivalent for Prefix Delegation (RFC 3633).
       Prefixes of bits length are  assigned  between  low-address  and  high-

       Any  IPv6  prefixes  given to static entries (hosts) with fixed-prefix6
       are excluded from the prefix6.

       This statement is currently global but it should have a  shared-network

       The host statement

        host hostname {
          [ parameters ]
          [ declarations ]

       The host declaration provides a scope in which to provide configuration
       information about a specific client, and also provides a way to  assign
       a  client a fixed address.  The host declaration provides a way for the
       DHCP server to identify a DHCP or BOOTP  client,  and  also  a  way  to
       assign the client a static IP address.

       If  it  is  desirable to be able to boot a DHCP or BOOTP client on more
       than one subnet with fixed addresses, more  than  one  address  may  be
       specified  in  the  fixed-address  declaration,  or  more than one host
       statement may be specified matching the same client.

       If client-specific boot parameters must change based on the network  to
       which the client is attached, then multiple host declarations should be
       used.  The host declarations will only match a client if one  of  their
       fixed-address  statements  is  viable on the subnet (or shared network)
       where the client is attached.  Conversely, for a  host  declaration  to
       match  a client being allocated a dynamic address, it must not have any
       fixed-address statements.  You may therefore need  a  mixture  of  host
       declarations   for   any   given   client...some  having  fixed-address
       statements, others without.

       hostname should be a name identifying the host.  If a  hostname  option
       is not specified for the host, hostname is used.

       Host  declarations  are  matched  to  actual  DHCP  or BOOTP clients by
       matching  the  dhcp-client-identifier  option  specified  in  the  host
       declaration  to  the  one  supplied  by  the  client,  or,  if the host
       declaration or the client does  not  provide  a  dhcp-client-identifier
       option,  by  matching the hardware parameter in the host declaration to
       the network hardware address supplied by the client.   BOOTP clients do
       not  normally provide a dhcp-client-identifier, so the hardware address
       must be used for all clients that may boot using the BOOTP protocol.

       DHCPv6 servers can use the host-identifier option parameter in the host
       declaration,  and  specify  any  option  with a fixed value to identify

       Please be aware that only the  dhcp-client-identifier  option  and  the
       hardware  address can be used to match a host declaration, or the host-
       identifier option parameter for DHCPv6 servers.   For  example,  it  is
       not  possible to match a host declaration to a host-name option.   This
       is because the host-name option cannot be guaranteed to be  unique  for
       any  given  client,  whereas both the hardware address and dhcp-client-
       identifier option are at least theoretically guaranteed to be unique to
       a given client.

       The group statement

        group {
          [ parameters ]
          [ declarations ]

       The group statement is used simply to apply one or more parameters to a
       group of  declarations.    It  can  be  used  to  group  hosts,  shared
       networks, subnets, or even other groups.


       The  allow  and  deny statements can be used to control the response of
       the DHCP server to various sorts  of  requests.   The  allow  and  deny
       keywords actually have different meanings depending on the context.  In
       a pool context, these keywords can be used to set up access  lists  for
       address  allocation  pools.   In  other  contexts,  the keywords simply
       control general server behavior with respect to clients based on scope.
       In  a  non-pool context, the ignore keyword can be used in place of the
       deny keyword to prevent logging of denied requests.


       The following usages of allow and deny will work in any scope, although
       it is not recommended that they be used in pool declarations.

       The unknown-clients keyword

        allow unknown-clients;
        deny unknown-clients;
        ignore unknown-clients;

       The  unknown-clients  flag  is  used  to  tell  dhcpd whether or not to
       dynamically assign addresses  to  unknown  clients.    Dynamic  address
       assignment to unknown clients is allowed by default.  An unknown client
       is simply a client that has no host declaration.

       The use of this option  is  now  deprecated.   If  you  are  trying  to
       restrict  access  on your network to known clients, you should use deny
       unknown-clients; inside of your address pool, as  described  under  the

       The bootp keyword

        allow bootp;
        deny bootp;
        ignore bootp;

       The bootp flag is used to tell dhcpd whether or not to respond to bootp
       queries.  Bootp queries are allowed by default.

       The booting keyword

        allow booting;
        deny booting;
        ignore booting;

       The booting flag is used to tell dhcpd whether or  not  to  respond  to
       queries  from  a particular client.  This keyword only has meaning when
       it appears in a host declaration.   By default, booting is allowed, but
       if it is disabled for a particular client, then that client will not be
       able to get an address from the DHCP server.

       The duplicates keyword

        allow duplicates;
        deny duplicates;

       Host declarations can match client messages based on  the  DHCP  Client
       Identifier  option  or  based on the client's network hardware type and
       MAC address.   If the MAC address is used, the  host  declaration  will
       match  any  client  with that MAC address - even clients with different
       client identifiers.   This doesn't normally  happen,  but  is  possible
       when  one computer has more than one operating system installed on it -
       for example, Microsoft Windows and NetBSD or Linux.

       The duplicates flag tells the DHCP server that if a request is received
       from  a  client that matches the MAC address of a host declaration, any
       other leases matching that MAC  address  should  be  discarded  by  the
       server,  even  if the UID is not the same.   This is a violation of the
       DHCP protocol, but can prevent clients whose client identifiers  change
       regularly  from  holding  many  leases  at  the same time.  By default,
       duplicates are allowed.

       The declines keyword

        allow declines;
        deny declines;
        ignore declines;

       The DHCPDECLINE message is used by DHCP clients to  indicate  that  the
       lease the server has offered is not valid.   When the server receives a
       DHCPDECLINE  for  a  particular  address,  it  normally  abandons  that
       address,   assuming   that   some  unauthorized  system  is  using  it.
       Unfortunately, a malicious  or  buggy  client  can,  using  DHCPDECLINE
       messages,  completely  exhaust the DHCP server's allocation pool.   The
       server will reclaim these leases,  but  while  the  client  is  running
       through  the  pool,  it  may cause serious thrashing in the DNS, and it
       will also cause the DHCP server  to  forget  old  DHCP  client  address

       The  declines  flag  tells  the  DHCP  server  whether  or not to honor
       DHCPDECLINE messages.   If it is set to deny or ignore in a  particular
       scope, the DHCP server will not respond to DHCPDECLINE messages.

       The client-updates keyword

        allow client-updates;
        deny client-updates;

       The  client-updates  flag tells the DHCP server whether or not to honor
       the client's intention to do its own update of its A record.   This  is
       only  relevant  when doing interim DNS updates.   See the documentation
       under the heading THE INTERIM DNS UPDATE SCHEME for details.

       The leasequery keyword

        allow leasequery;
        deny leasequery;

       The leasequery flag tells the DHCP server  whether  or  not  to  answer
       DHCPLEASEQUERY  packets. The answer to a DHCPLEASEQUERY packet includes
       information about a specific lease, such as when it was issued and when
       it  will  expire.  By  default,  the  server  will not respond to these


       The uses of the allow and deny keywords shown in the  previous  section
       work  pretty  much  the  same  way  whether  the  client  is  sending a
       DHCPDISCOVER or a DHCPREQUEST message - an address will be allocated to
       the  client  (either the old address it's requesting, or a new address)
       and then that address will be tested to see if it's  okay  to  let  the
       client  have  it.    If the client requested it, and it's not okay, the
       server will send a DHCPNAK message.   Otherwise, the server will simply
       not  respond  to the client.   If it is okay to give the address to the
       client, the server will send a DHCPACK message.

       The primary motivation behind pool  declarations  is  to  have  address
       allocation  pools  whose  allocation policies are different.   A client
       may be denied access to one pool, but allowed access to another pool on
       the  same  network segment.   In order for this to work, access control
       has to be done during address allocation, not after address  allocation
       is done.

       When  a  DHCPREQUEST  message  is  processed, address allocation simply
       consists of looking up the address the client is requesting and  seeing
       if it's still available for the client.  If it is, then the DHCP server
       checks both the address pool permit lists  and  the  relevant  in-scope
       allow  and deny statements to see if it's okay to give the lease to the
       client.  In the case of a DHCPDISCOVER message, the allocation  process
       is done as described previously in the ADDRESS ALLOCATION section.

       When declaring permit lists for address allocation pools, the following
       syntaxes are recognized following the allow or deny keywords:


       If specified, this statement either allows or prevents allocation  from
       this  pool  to any client that has a host declaration (i.e., is known).
       A client is known if it has a host declaration in any scope,  not  just
       the current scope.


       If  specified, this statement either allows or prevents allocation from
       this pool to any client that has no  host  declaration  (i.e.,  is  not

        members of "class";

       If  specified, this statement either allows or prevents allocation from
       this pool to any client that is a member of the named class.

        dynamic bootp clients;

       If specified, this statement either allows or prevents allocation  from
       this pool to any bootp client.

        authenticated clients;

       If  specified, this statement either allows or prevents allocation from
       this pool to any client that has  been  authenticated  using  the  DHCP
       authentication protocol.   This is not yet supported.

        unauthenticated clients;

       If  specified, this statement either allows or prevents allocation from
       this pool to any client that has not been authenticated using the  DHCP
       authentication protocol.   This is not yet supported.

        all clients;

       If  specified, this statement either allows or prevents allocation from
       this pool to all clients.   This can be used when you want to  write  a
       pool  declaration  for some reason, but hold it in reserve, or when you
       want to renumber your network quickly, and  thus  want  the  server  to
       force  all clients that have been allocated addresses from this pool to
       obtain new addresses immediately when they next renew.

        after time;

       If specified, this statement either allows or prevents allocation  from
       this  pool  after  a given date. This can be used when you want to move
       clients from one pool to another. The server adjusts the regular  lease
       time  so  that  the  latest expiry time is at the given time+min-lease-
       time.  A short min-lease-time enforces a step change, whereas a  longer
       min-lease-time  allows  for  a  gradual  change.  time is either second
       since epoch, or a UTC time string e.g.   4  2007/08/24  09:14:32  or  a
       string  with  time  zone  offset  in seconds e.g. 4 2007/08/24 11:14:32


       The adaptive-lease-time-threshold statement

         adaptive-lease-time-threshold percentage;

         When the number of allocated leases within a  pool  rises  above  the
         percentage  given  in  this  statement, the DHCP server decreases the
         lease length for new  clients  within  this  pool  to  min-lease-time
         seconds. Clients renewing an already valid (long) leases get at least
         the remaining time from the current lease. Since  the  leases  expire
         faster,  the  server  may  either  recover more quickly or avoid pool
         exhaustion entirely.  Once the number of allocated leases drop  below
         the  threshold, the server reverts back to normal lease times.  Valid
         percentages are between 1 and 99.

       The always-broadcast statement

         always-broadcast flag;

         The DHCP and BOOTP protocols both require DHCP and BOOTP  clients  to
         set the broadcast bit in the flags field of the BOOTP message header.
         Unfortunately, some DHCP and  BOOTP  clients  do  not  do  this,  and
         therefore  may not receive responses from the DHCP server.   The DHCP
         server can be made to always broadcast its responses  to  clients  by
         setting  this  flag  to  ´on´ for the relevant scope; relevant scopes
         would be inside a conditional statement, as a parameter for a  class,
         or  as a parameter for a host declaration.   To avoid creating excess
         broadcast traffic on your network, we recommend that you restrict the
         use  of this option to as few clients as possible.   For example, the
         Microsoft DHCP client is known not to have this problem, as  are  the
         OpenTransport and ISC DHCP clients.

       The always-reply-rfc1048 statement

         always-reply-rfc1048 flag;

         Some  BOOTP clients expect RFC1048-style responses, but do not follow
         RFC1048 when sending their requests.   You can tell that a client  is
         having  this  problem  if  it  is  not  getting  the options you have
         configured for it and if you see in the server log the message "(non-
         rfc1048)" printed with each BOOTREQUEST that is logged.

         If you want to send rfc1048 options to such a client, you can set the
         always-reply-rfc1048 option in that client's  host  declaration,  and
         the  DHCP  server  will respond with an RFC-1048-style vendor options
         field.   This flag can be set in  any  scope,  and  will  affect  all
         clients covered by that scope.

       The authoritative statement


         not authoritative;

         The   DHCP   server  will  normally  assume  that  the  configuration
         information about a given network segment is not known to be  correct
         and is not authoritative.  This is so that if a naive user installs a
         DHCP server not fully understanding how to configure it, it does  not
         send   spurious  DHCPNAK  messages  to  clients  that  have  obtained
         addresses from a legitimate DHCP server on the network.

         Network administrators setting  up  authoritative  DHCP  servers  for
         their networks should always write authoritative; at the top of their
         configuration file to indicate  that  the  DHCP  server  should  send
         DHCPNAK  messages  to  misconfigured  clients.   If this is not done,
         clients will be unable to get a correct  IP  address  after  changing
         subnets  until  their old lease has expired, which could take quite a
         long time.

         Usually, writing authoritative; at the top level of the  file  should
         be sufficient.   However, if a DHCP server is to be set up so that it
         is aware of some networks for which  it  is  authoritative  and  some
         networks  for  which it is not, it may be more appropriate to declare
         authority on a per-network-segment basis.

         Note that the most specific scope for which the concept of  authority
         makes  any  sense  is the physical network segment - either a shared-
         network statement or a subnet statement that is not contained  within
         a shared-network statement.  It is not meaningful to specify that the
         server is authoritative for some subnets within a shared network, but
         not  authoritative  for  others, nor is it meaningful to specify that
         the server is  authoritative  for  some  host  declarations  and  not

       The boot-unknown-clients statement

         boot-unknown-clients flag;

         If  the  boot-unknown-clients statement is present and has a value of
         false or off, then clients for which there  is  no  host  declaration
         will  not  be  allowed to obtain IP addresses.   If this statement is
         not present or has a value of true or on, then clients  without  host
         declarations will be allowed to obtain IP addresses, as long as those
         addresses are not restricted by  allow  and  deny  statements  within
         their pool declarations.

       The db-time-format statement

         db-time-format [ default | local ] ;

         The  DHCP  server  software  outputs  several timestamps when writing
         leases to persistent storage.  This configuration  parameter  selects
         one  of two output formats.  The default format prints the day, date,
         and time in UTC, while the local format prints  the  system  seconds-
         since-epoch,  and  helpfully  provides the day and time in the system
         timezone in a comment.  The time formats are described in  detail  in
         the dhcpd.leases(5) manpage.

       The ddns-hostname statement

         ddns-hostname name;

         The  name  parameter  should  be  the  hostname  that will be used in
         setting up the client's A and PTR records.   If no  ddns-hostname  is
         specified  in  scope,  then  the  server  will  derive  the  hostname
         automatically, using  an  algorithm  that  varies  for  each  of  the
         different update methods.

       The ddns-domainname statement

         ddns-domainname name;

         The name parameter should be the domain name that will be appended to
         the client's hostname to form a fully-qualified domain-name (FQDN).

       The ddns-rev-domainname statement

         ddns-rev-domainname name; The name parameter  should  be  the  domain
         name  that  will  be  appended to the client's reversed IP address to
         produce a name for use in the client's PTR record.   By default, this
         is "", but the default can be overridden here.

         The  reversed  IP  address  to  which this domain name is appended is
         always the IP  address  of  the  client,  in  dotted  quad  notation,
         reversed  -  for example, if the IP address assigned to the client is, then the reversed IP  address  is    So  a
         client  with that IP address would, by default, be given a PTR record

       The ddns-update-style parameter

         ddns-update-style style;

         The style parameter must be one of  ad-hoc,  interim  or  none.   The
         ddns-update-style  statement  is only meaningful in the outer scope -
         it is evaluated once after reading the dhcpd.conf file,  rather  than
         each  time  a client is assigned an IP address, so there is no way to
         use different DNS update styles for different clients. The default is

       The ddns-updates statement

          ddns-updates flag;

         The  ddns-updates  parameter  controls whether or not the server will
         attempt to do a DNS update when a lease is confirmed.   Set  this  to
         off  if  the server should not attempt to do updates within a certain
         scope.  The ddns-updates parameter is on by default.   To disable DNS
         updates  in all scopes, it is preferable to use the ddns-update-style
         statement, setting the style to none.

       The default-lease-time statement

         default-lease-time time;

         Time should be the length in seconds that will be assigned to a lease
         if  the  client  requesting  the  lease  does  not ask for a specific
         expiration time.  This is used for both DHCPv4 and DHCPv6 leases  (it
         is  also  known  as  the "valid lifetime" in DHCPv6).  The default is
         43200 seconds.

       The delayed-ack and max-ack-delay statements

         delayed-ack count; max-ack-delay microseconds;

         Count should be an integer value from zero to 2^16-1, and defaults to
         28.   The  count  represents  how many DHCPv4 replies maximum will be
         queued pending transmission until after a database commit event.   If
         this  number  is reached, a database commit event (commonly resulting
         in fsync() and representing a performance penalty) will be made,  and
         the  reply  packets  will be transmitted in a batch afterwards.  This
         preserves the RFC2131 direction  that  "stable  storage"  be  updated
         prior  to  replying  to  clients.  Should the DHCPv4 sockets "go dry"
         (select() returns immediately with no read sockets),  the  commit  is
         made and any queued packets are transmitted.

         Similarly, microseconds indicates how many microseconds are permitted
         to pass inbetween queuing a packet pending an fsync,  and  performing
         the  fsync.   Valid  values  range  from 0 to 2^32-1, and defaults to
         250,000 (1/4 of a second).

         Please note  that  as  delayed-ack  is  currently  experimental,  the
         delayed-ack  feature  is  not  compiled  in  by  default, but must be
         enabled at compile time with ´./configure --enable-delayed-ack´.

       The do-forward-updates statement

         do-forward-updates flag;

         The do-forward-updates statement instructs  the  DHCP  server  as  to
         whether it should attempt to update a DHCP client's A record when the
         client acquires or renews a lease.   This  statement  has  no  effect
         unless  DNS  updates  are  enabled  and  ddns-update-style  is set to
         interim.    Forward  updates  are  enabled  by  default.    If   this
         statement  is  used  to disable forward updates, the DHCP server will
         never attempt to update the client's A record,  and  will  only  ever
         attempt  to  update the client's PTR record if the client supplies an
         FQDN that should be placed in the PTR record using the  fqdn  option.
         If  forward updates are enabled, the DHCP server will still honor the
         setting of the client-updates flag.

       The dynamic-bootp-lease-cutoff statement

         dynamic-bootp-lease-cutoff date;

         The dynamic-bootp-lease-cutoff statement sets the ending time for all
         leases  assigned dynamically to BOOTP clients.  Because BOOTP clients
         do not have any way of renewing leases, and  don't  know  that  their
         leases  could expire, by default dhcpd assigns infinite leases to all
         BOOTP clients.  However, it may make sense in some situations to  set
         a cutoff date for all BOOTP leases - for example, the end of a school
         term, or the time at night when a facility is closed and all machines
         are required to be powered off.

         Date  should be the date on which all assigned BOOTP leases will end.
         The date is specified in the form:

                                 W YYYY/MM/DD HH:MM:SS

         W is the day of the week expressed as a number from zero (Sunday)  to
         six  (Saturday).  YYYY is the year, including the century.  MM is the
         month expressed as a number from 1 to 12.   DD  is  the  day  of  the
         month,  counting from 1.  HH is the hour, from zero to 23.  MM is the
         minute and SS is the second.   The  time  is  always  in  Coordinated
         Universal Time (UTC), not local time.

       The dynamic-bootp-lease-length statement

         dynamic-bootp-lease-length length;

         The dynamic-bootp-lease-length statement is used to set the length of
         leases dynamically assigned to BOOTP clients.   At some sites, it may
         be  possible to assume that a lease is no longer in use if its holder
         has not used BOOTP or DHCP to get its address within a  certain  time
         period.    The  period is specified in length as a number of seconds.
         If a client reboots using BOOTP during the timeout period, the  lease
         duration  is reset to length, so a BOOTP client that boots frequently
         enough will never lose its lease.  Needless to  say,  this  parameter
         should be adjusted with extreme caution.

       The filename statement

         filename "filename";

         The filename statement can be used to specify the name of the initial
         boot file which is to be loaded by a client.  The filename should  be
         a filename recognizable to whatever file transfer protocol the client
         can be expected to use to load the file.

       The fixed-address declaration

         fixed-address address [, address ... ];

         The fixed-address declaration is used to assign one or more fixed  IP
         addresses  to a client.  It should only appear in a host declaration.
         If more than one address is supplied, then when the client boots,  it
         will be assigned the address that corresponds to the network on which
         it is booting.   If  none  of  the  addresses  in  the  fixed-address
         statement are valid for the network to which the client is connected,
         that client will not  match  the  host  declaration  containing  that
         fixed-address   declaration.    Each  address  in  the  fixed-address
         declaration should be either an IP address  or  a  domain  name  that
         resolves to one or more IP addresses.

       The fixed-address6 declaration

         fixed-address6 ip6-address ;

         The  fixed-address6  declaration  is  used  to  assign  a  fixed IPv6
         addresses to a client.  It should only appear in a host declaration.

       The get-lease-hostnames statement

         get-lease-hostnames flag;

         The get-lease-hostnames statement is used to tell  dhcpd  whether  or
         not  to  look  up  the domain name corresponding to the IP address of
         each address in the lease pool and use  that  address  for  the  DHCP
         hostname  option.   If flag is true, then this lookup is done for all
         addresses in the current scope.   By default, or if flag is false, no
         lookups are done.

       The hardware statement

         hardware hardware-type hardware-address;

         In  order  for  a BOOTP client to be recognized, its network hardware
         address must  be  declared  using  a  hardware  clause  in  the  host
         statement.   hardware-type  must  be  the name of a physical hardware
         interface type.   Currently, only the ethernet and  token-ring  types
         are  recognized,  although  support  for  a  fddi  hardware type (and
         others) would also be desirable.  The hardware-address  should  be  a
         set  of  hexadecimal  octets (numbers from 0 through ff) separated by
         colons.   The hardware statement may also be used for DHCP clients.

       The host-identifier option statement

         host-identifier option option-name option-data;

         This identifies a DHCPv6 client in a host statement.  option-name  is
         any  option,  and  option-data  is  the value for the option that the
         client will send. The option-data must be a constant value.

       The infinite-is-reserved statement

         infinite-is-reserved flag;

         ISC DHCP now supports ´reserved´ leases.  See the section on RESERVED
         LEASES  below.   If  this  flag  is on, the server will automatically
         reserve leases allocated  to  clients  which  requested  an  infinite
         (0xffffffff) lease-time.

         The default is off.

       The lease-file-name statement

         lease-file-name name;

         Name  should  be  the  name  of  the  DHCP  server's lease file.   By
         default, this is DBDIR/dhcpd.leases.   This statement must appear  in
         the  outer  scope  of  the configuration file - if it appears in some
         other scope, it will have no effect.  Furthermore, it has  no  effect
         if  overridden  by  the  -lf  flag  or  the PATH_DHCPD_DB environment

       The limit-addrs-per-ia statement

         limit-addrs-per-ia number;

         By default, the DHCPv6 server will limit clients to one IAADDR per IA
         option,  meaning  one address.  If you wish to permit clients to hang
         onto multiple addresses at a time, configure a larger number here.

         Note that there is no present  method  to  configure  the  server  to
         forcibly  configure the client with one IP address per each subnet on
         a shared network.  This is left to future work.

       The dhcpv6-lease-file-name statement

         dhcpv6-lease-file-name name;

         Name is the name of the lease file to use if and only if  the  server
         is  running in DHCPv6 mode.  By default, this is DBDIR/dhcpd6.leases.
         This statement, like lease-file-name, must appear in the outer  scope
         of the configuration file.  It has no effect if overridden by the -lf
         flag or the PATH_DHCPD6_DB environment  variable.   If  dhcpv6-lease-
         file-name  is not specified, but lease-file-name is, the latter value
         will be used.

       The local-port statement

         local-port port;

         This statement causes the DHCP server to listen for DHCP requests  on
         the UDP port specified in port, rather than on port 67.

       The local-address statement

         local-address address;

         This  statement  causes  the  DHCP server to listen for DHCP requests
         sent to the specified address,  rather  than  requests  sent  to  all
         addresses.  Since serving directly attached DHCP clients implies that
         the server must respond to requests sent to the all-ones IP  address,
         this  option  cannot  be  used  if  clients  are on directly attached is only realistically useful for a  server  whose  only
         clients are reached via unicasts, such as via DHCP relay agents.

         Note:   This  statement  is only effective if the server was compiled
         using the USE_SOCKETS #define statement, which is default on a  small
         number  of  operating  systems,  and  must  be  explicitly  chosen at
         compile-time for all others.  You can  be  sure  if  your  server  is
         compiled with USE_SOCKETS if you see lines of this format at startup:

          Listening on Socket/eth0

         Note  also  that since this bind()s all DHCP sockets to the specified
         address, that only one address may be supported  in  a  daemon  at  a
         given time.

       The log-facility statement

         log-facility facility;

         This statement causes the DHCP server to do all of its logging on the
         specified log facility once the dhcpd.conf file has been  read.    By
         default  the  DHCP server logs to the daemon facility.   Possible log
         facilities include auth, authpriv,  cron,  daemon,  ftp,  kern,  lpr,
         mail,  mark,  news,  ntp,  security,  syslog,  user, uucp, and local0
         through local7.   Not all of these facilities are  available  on  all
         systems,  and  there  may  be  other  facilities  available  on other

         In addition to setting this  value,  you  may  need  to  modify  your
         syslog.conf  file  to  configure  logging  of  the DHCP server.   For
         example, you might add a line like this:

              local7.debug /var/log/dhcpd.log

         The syntax of the syslog.conf file may be different on some operating
         systems  -  consult  the  syslog.conf manual page to be sure.  To get
         syslog to start logging to the new file, you must  first  create  the
         file  with correct ownership and permissions (usually, the same owner
         and permissions of your /var/log/messages or  /usr/adm/messages  file
         should  be  fine) and send a SIGHUP to syslogd.  Some systems support
         log rollover using a shell script  or  program  called  newsyslog  or
         logrotate, and you may be able to configure this as well so that your
         log file doesn't grow uncontrollably.

         Because the log-facility setting  is  controlled  by  the  dhcpd.conf
         file,  log  messages  printed  while  parsing  the dhcpd.conf file or
         before parsing it are logged to the default log facility.  To prevent
         this,  see  the  README  file  included with this distribution, which
         describes  how  to  change  the  default  log  facility.   When  this
         parameter  is  used,  the  DHCP  server  prints its startup message a
         second time after parsing the configuration file,  so  that  the  log
         will be as complete as possible.

       The max-lease-time statement

         max-lease-time time;

         Time should be the maximum length in seconds that will be assigned to
         a lease.  If not defined, the default maximum lease  time  is  86400.
         The only exception to this is that Dynamic BOOTP lease lengths, which
         are not specified by the client, are not limited by this maximum.

       The min-lease-time statement

         min-lease-time time;

         Time should be the minimum length in seconds that will be assigned to
         a  lease.   The  default  is the minimum of 300 seconds or max-lease-

       The min-secs statement

         min-secs seconds;

         Seconds should be the minimum number of seconds since a client  began
         trying  to acquire a new lease before the DHCP server will respond to
         its request.  The number of seconds  is  based  on  what  the  client
         reports,  and  the  maximum  value  that the client can report is 255
         seconds.   Generally, setting this to one will  result  in  the  DHCP
         server  not  responding  to  the  client's  first request, but always
         responding to its second request.

         This can be used to set up a secondary DHCP server which never offers
         an  address  to  a  client  until the primary server has been given a
         chance to do so.   If the primary server is  down,  the  client  will
         bind  to  the  secondary  server, but otherwise clients should always
         bind to the primary.   Note that this does not, by itself,  permit  a
         primary server and a secondary server to share a pool of dynamically-
         allocatable addresses.

       The next-server statement

         next-server server-name;

         The next-server statement is used to specify the host address of  the
         server  from  which  the initial boot file (specified in the filename
         statement) is to be loaded.   Server-name  should  be  a  numeric  IP
         address or a domain name.

       The omapi-port statement

         omapi-port port;

         The  omapi-port  statement causes the DHCP server to listen for OMAPI
         connections on the specified port.   This statement  is  required  to
         enable  the  OMAPI  protocol, which is used to examine and modify the
         state of the DHCP server as it is running.

       The one-lease-per-client statement

         one-lease-per-client flag;

         If this flag is enabled, whenever a client sends a DHCPREQUEST for  a
         particular lease, the server will automatically free any other leases
         the client holds.   This  presumes  that  when  the  client  sends  a
         DHCPREQUEST,  it  has  forgotten  any  lease  not  mentioned  in  the
         DHCPREQUEST - i.e., the client has only a  single  network  interface
         and  it does not remember leases it's holding on networks to which it
         is  not  currently  attached.    Neither  of  these  assumptions  are
         guaranteed  or  provable,  so  we  urge  caution  in  the use of this

       The pid-file-name statement

         pid-file-name name;

         Name should be the name of the DHCP server's process ID file.    This
         is  the file in which the DHCP server's process ID is stored when the
         server starts.   By default, this  is  RUNDIR/    Like  the
         lease-file-name  statement,  this  statement must appear in the outer
         scope of the configuration file.  It has no effect if  overridden  by
         the -pf flag or the PATH_DHCPD_PID environment variable.

         The dhcpv6-pid-file-name statement

            dhcpv6-pid-file-name name;

            Name  is the name of the pid file to use if and only if the server
            is running in DHCPv6 mode.  By default, this is  DBDIR/
            This statement, like pid-file-name, must appear in the outer scope
            of the configuration file.  It has no effect if overridden by  the
            -pf   flag   or  the  PATH_DHCPD6_PID  environment  variable.   If
            dhcpv6-pid-file-name is not specified, but pid-file-name  is,  the
            latter value will be used.

         The ping-check statement

            ping-check flag;

            When  the  DHCP server is considering dynamically allocating an IP
            address to a client, it first sends an ICMP Echo request (a  ping)
            to  the address being assigned.   It waits for a second, and if no
            ICMP Echo response has been heard, it assigns the address.   If  a
            response is heard, the lease is abandoned, and the server does not
            respond to the client.

            This  ping  check  introduces  a  default  one-second   delay   in
            responding  to  DHCPDISCOVER  messages, which can be a problem for
            some clients.   The default delay of one second may be  configured
            using  the  ping-timeout  parameter.  The ping-check configuration
            parameter can be used to control checking - if its value is false,
            no ping check is done.

         The ping-timeout statement

            ping-timeout seconds;

            If  the DHCP server determined it should send an ICMP echo request
            (a ping) because the ping-check statement  is  true,  ping-timeout
            allows  you  to  configure how many seconds the DHCP server should
            wait for an ICMP Echo response  to  be  heard,  if  no  ICMP  Echo
            response  has been received before the timeout expires, it assigns
            the address.  If a response is heard, the lease is abandoned,  and
            the  server  does  not respond to the client.  If no value is set,
            ping-timeout defaults to 1 second.

         The preferred-lifetime statement

            preferred-lifetime seconds;

            IPv6 addresses have ´valid´ and ´preferred´ lifetimes.  The  valid
            lifetime  determines  at what point at lease might be said to have
            expired, and is no longer useable.  A  preferred  lifetime  is  an
            advisory  condition  to  help applications move off of the address
            and onto currently valid addresses (should there still be any open
            TCP sockets or similar).

            The preferred lifetime defaults to the renew+rebind timers, or 3/4
            the default lease time if none were specified.

         The remote-port statement

            remote-port port;

            This statement causes the DHCP server to transmit  DHCP  responses
            to  DHCP  clients upon the UDP port specified in port, rather than
            on port 68.  In the event that the UDP response is transmitted  to
            a   DHCP   Relay,   the   server  generally  uses  the  local-port
            configuration value.  Should the DHCP Relay happen to be addressed
            as,  however, the DHCP Server transmits its response to
            the remote-port  configuration  value.   This  is  generally  only
            useful  for  testing purposes, and this configuration value should
            generally not be used.

         The server-identifier statement

            server-identifier hostname;

            The server-identifier statement can be used to  define  the  value
            that  is  sent  in  the  DHCP Server Identifier option for a given
            scope.   The value specified must be an IP address  for  the  DHCP
            server,  and  must  be  reachable  by  all  clients  served  by  a
            particular scope.

            The use of the server-identifier statement is  not  recommended  -
            the  only  reason  to  use  it  is to force a value other than the
            default value to be sent on  occasions  where  the  default  value
            would  be  incorrect.    The default value is the first IP address
            associated with  the  physical  network  interface  on  which  the
            request arrived.

            The  usual  case where the server-identifier statement needs to be
            sent is when a physical interface has more than  one  IP  address,
            and  the  one  being sent by default isn't appropriate for some or
            all clients served by that interface.  Another common case is when
            an  alias  is  defined  for  the purpose of having a consistent IP
            address for the DHCP server, and it is desired  that  the  clients
            use this IP address when contacting the server.

            Supplying   a  value  for  the  dhcp-server-identifier  option  is
            equivalent to using the server-identifier statement.

         The server-duid statement

            server-duid LLT [ hardware-type timestamp hardware-address ] ;

            server-duid EN enterprise-number enterprise-identifier ;

            server-duid LL [ hardware-type hardware-address ] ;

            The server-duid statement configures the server DUID. You may pick
            either  LLT (link local address plus time), EN (enterprise), or LL
            (link local).

            If you choose LLT or LL, you may specify the exact contents of the
            DUID.   Otherwise the server will generate a DUID of the specified

            If you choose EN, you must include the enterprise number  and  the

            The default server-duid type is LLT.

         The server-name statement

            server-name name ;

            The  server-name statement can be used to inform the client of the
            name of the server from which it is booting.   Name should be  the
            name that will be provided to the client.

         The site-option-space statement

            site-option-space name ;

            The site-option-space statement can be used to determine from what
            option space site-local options will be taken.   This can be  used
            in  much the same way as the vendor-option-space statement.  Site-
            local options in DHCP are those options whose  numeric  codes  are
            greater  than  224.   These options are intended for site-specific
            uses, but are frequently used by vendors of embedded hardware that
            contains   DHCP   clients.    Because  site-specific  options  are
            allocated on an ad hoc  basis,  it  is  quite  possible  that  one
            vendor's  DHCP  client might use the same option code that another
            vendor's client uses, for different purposes.    The  site-option-
            space  option  can  be  used  to  assign  a different set of site-
            specific  options  for  each  such   vendor,   using   conditional
            evaluation (see dhcp-eval (5) for details).

         The stash-agent-options statement

            stash-agent-options flag;

            If  the  stash-agent-options parameter is true for a given client,
            the server will record the relay agent  information  options  sent
            during  the  client's  initial DHCPREQUEST message when the client
            was in the SELECTING state and behave  as  if  those  options  are
            included  in  all  subsequent  DHCPREQUEST  messages  sent  in the
            RENEWING state.   This works around a  problem  with  relay  agent
            information  options,  which  is  that  they usually not appear in
            DHCPREQUEST messages sent by the client  in  the  RENEWING  state,
            because  such  messages are unicast directly to the server and not
            sent through a relay agent.

         The update-conflict-detection statement

            update-conflict-detection flag;

            If the update-conflict-detection parameter  is  true,  the  server
            will  perform  standard  DHCID  multiple-client, one-name conflict
            detection.  If the parameter has been set false, the  server  will
            skip this check and instead simply tear down any previous bindings
            to install the new binding without question.  The default is true.

         The update-optimization statement

            update-optimization flag;

            If the update-optimization parameter is false for a given  client,
            the server will attempt a DNS update for that client each time the
            client renews its lease, rather than  only  attempting  an  update
            when it appears to be necessary.   This will allow the DNS to heal
            from database inconsistencies more easily, but the  cost  is  that
            the  DHCP  server  must  do  many more DNS updates.   We recommend
            leaving this option enabled, which is the  default.   This  option
            only  affects  the  behavior of the interim DNS update scheme, and
            has no effect on the ad-hoc DNS update scheme.   If this parameter
            is  not  specified,  or  is true, the DHCP server will only update
            when the client information changes, the client gets  a  different
            lease, or the client's lease expires.

         The update-static-leases statement

            update-static-leases flag;

            The  update-static-leases flag, if enabled, causes the DHCP server
            to do DNS updates for clients even  if  those  clients  are  being
            assigned  their  IP address using a fixed-address statement - that
            is, the client is being given a static assignment.   This can only
            work  with  the interim DNS update scheme.   It is not recommended
            because the DHCP server has no way to tell  that  the  update  has
            been done, and therefore will not delete the record when it is not
            in use.   Also, the server must attempt the update each  time  the
            client   renews   its   lease,  which  could  have  a  significant
            performance impact in environments that place heavy demands on the
            DHCP server.

         The use-host-decl-names statement

            use-host-decl-names flag;

            If  the  use-host-decl-names  parameter  is true in a given scope,
            then for every  host  declaration  within  that  scope,  the  name
            provided  for  the host declaration will be supplied to the client
            as its hostname.   So, for example,

                group {
                  use-host-decl-names on;

                  host joe {
                    hardware ethernet 08:00:2b:4c:29:32;

            is equivalent to

                  host joe {
                    hardware ethernet 08:00:2b:4c:29:32;
                    option host-name "joe";

            An option host-name  statement  within  a  host  declaration  will
            override the use of the name in the host declaration.

            It  should  be noted here that most DHCP clients completely ignore
            the host-name option sent by the DHCP server, and there is no  way
            to configure them not to do this.   So you generally have a choice
            of either not having any hostname to  client  IP  address  mapping
            that  the  client  will  recognize,  or doing DNS updates.   It is
            beyond the scope of this document to describe  how  to  make  this

         The use-lease-addr-for-default-route statement

            use-lease-addr-for-default-route flag;

            If  the  use-lease-addr-for-default-route  parameter  is true in a
            given scope, then instead of sending the value  specified  in  the
            routers option (or sending no value at all), the IP address of the
            lease being assigned is sent  to  the  client.    This  supposedly
            causes  Win95  machines  to ARP for all IP addresses, which can be
            helpful if your router is configured for proxy ARP.   The  use  of
            this  feature  is  not recommended, because it won't work for many
            DHCP clients.

         The vendor-option-space statement

            vendor-option-space string;

            The vendor-option-space  parameter  determines  from  what  option
            space  vendor  options  are taken.   The use of this configuration
            parameter is illustrated in the dhcp-options(5)  manual  page,  in
            the VENDOR ENCAPSULATED OPTIONS section.


       Sometimes  it's  helpful  to  be able to set the value of a DHCP server
       parameter based on some value that the client has sent.   To  do  this,
       you  can  use  expression  evaluation.    The  dhcp-eval(5) manual page
       describes how to write  expressions.    To  assign  the  result  of  an
       evaluation to an option, define the option as follows:

         my-parameter = expression ;

       For example:

         ddns-hostname = binary-to-ascii (16, 8, "-",
                                          substring (hardware, 1, 6));


       It's  often  useful to allocate a single address to a single client, in
       approximate perpetuity.  Host  statements  with  fixed-address  clauses
       exist  to  a  certain  extent  to  serve this purpose, but because host
       statements are intended to  approximate  ´static  configuration´,  they
       suffer from not being referenced in a littany of other Server Services,
       such as dynamic DNS, failover, ´on events´ and so forth.

       If a standard dynamic lease, as from any  range  statement,  is  marked
       ´reserved´, then the server will only allocate this lease to the client
       it is identified by (be that by client identifier or hardware address).

       In practice, this means that the lease follows the normal state engine,
       enters  ACTIVE  state  when  the  client is bound to it, expires, or is
       released, and any events or services that would  normally  be  supplied
       during  these  events are processed normally, as with any other dynamic
       lease.  The only difference is that  failover  servers  treat  reserved
       leases  as  special  when  they  enter the FREE or BACKUP states - each
       server applies the lease into the state it may allocate from - and  the
       leases  are  not  placed  on the queue for allocation to other clients.
       Instead they may only be ´found´ by client  identity.   The  result  is
       that the lease is only offered to the returning client.

       Care  should  probably  be taken to ensure that the client only has one
       lease within a given subnet that it is identified by.

       Leases may be set ´reserved´  either  through  OMAPI,  or  through  the
       ´infinite-is-reserved´  configuration  option (if this is applicable to
       your environment and mixture of clients).

       It should also be noted that leases marked ´reserved´  are  effectively
       treated the same as leases marked ´bootp´.


       DHCP  option  statements  are  documented in the dhcp-options(5) manual


       Expressions used in DHCP option statements and elsewhere are documented
       in the dhcp-eval(5) manual page.


       dhcpd(8),   dhcpd.leases(5),  dhcp-options(5),  dhcp-eval(5),  RFC2132,


       dhcpd.conf(5) was written by Ted Lemon  under  a  contract  with  Vixie
       Labs.    Funding  for  this  project  was  provided by Internet Systems
       Consortium.  Information about Internet Systems Consortium can be found