====== Сервис DHCP ====== * [[https://ru.wikipedia.org/wiki/DHCP|Dynamic Host Configuration Protocol]] * [[https://www.isc.org/|Internet Systems Consortium, Inc. Mission-driven non-profit since 1994]] * [[https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf/|Stop DHCP From Changing resolv.conf]] * [[https://www.isc.org/kea/|Kea DHCP Modern, open source DHCPv4 & DHCPv6 server]] ===== isc-dhcp-server ===== ===== Установка ===== ==== Debian/Ubuntu ==== root@gate:~# apt install isc-dhcp-server root@gate:~# cat /etc/default/isc-dhcp-server INTERFACESv4="eth0" #INTERFACESv4="vlan2" #INTERFACESv4="eth0 eth2" ==== CentOS ==== * [[https://www.dmosk.ru/miniinstruktions.php?mini=dhcp-centos|Установка и настройка DHCP сервера на Linux CentOS 7]] ===== Настройка ===== ==== Стандартная конфигурация ==== gate# cat /etc/dhcp/dhcpd.conf ddns-update-style none; log-facility local7; default-lease-time 600; max-lease-time 7200; option domain-name "corpX.un"; #option domain-search "jet.msk.su","service.jet.msk.su","jetinf.jet.msk.su"; option domain-name-servers 192.168.X.10; #option domain-name-servers 192.168.X.12; #### For phone provisioning #### #option file-server-name code 66 = string; # RFC 2132 #option file-server-address code 150 = ip-address; # RFC 5859 (Cisco) #option file-server-name "server.corpX.un"; #option file-server-address 192.168.X.10; #### For PXE #### #allow booting; #allow bootp; #next-server 192.168.X.10; #filename "pxelinux.0"; shared-network LAN1 { subnet 192.168.X.0 netmask 255.255.255.0 { range 192.168.X.101 192.168.X.109; option routers 192.168.X.1; } } #shared-network LAN2 { # subnet 192.168.113.0 netmask 255.255.255.0 { # range 192.168.113.101 192.168.113.109; # option routers 192.168.113.1; # next-server 192.168.X.10; # filename "pxe_lan2/pxelinux.0"; # } #} #### For ip by mac #### #host kube1 {hardware ethernet 08:00:27:12:34:51;fixed-address 192.168.X.221;} #host kube2 {hardware ethernet 08:00:27:12:34:52;fixed-address 192.168.X.222;} #host kube3 {hardware ethernet 08:00:27:12:34:53;fixed-address 192.168.X.223;} #host kube4 {hardware ethernet 08:00:27:12:34:54;fixed-address 192.168.X.224;} #### Digim D40 #### #phone 407 { # hardware ethernet 00:0f:d3:06:11:d3; # option file-server-name "http://server.corpX.un/"; #} ==== Отказоустойчивая конфигурация ==== * !!! Синхронизируем время в системах !!! [[Сервис NTP]] * man dhcpd.conf (DHCP FAILOVER) * [[https://stevendiver.com/2020/02/21/isc-dhcp-failover-configuration/|ISC DHCP Failover Configuration]] nodeN# cat /etc/dhcp/dhcpd.general ddns-update-style none; log-facility local7; subnet 192.168.X.0 netmask 255.255.255.0 { pool { failover peer "dhcp"; range 192.168.X.128 192.168.X.228; } option routers 192.168.X.254; option domain-name "corpX.un"; option domain-name-servers 192.168.X.1, 192.168.X.2; default-lease-time 600; max-lease-time 7200; } #host node3 {hardware ethernet 08:00:27:12:34:53;fixed-address 192.168.X.3;} #host node4 {hardware ethernet 08:00:27:12:34:54;fixed-address 192.168.X.4;} #host node5 {hardware ethernet 08:00:27:12:34:55;fixed-address 192.168.X.5;} #host node6 {hardware ethernet 08:00:27:12:34:56;fixed-address 192.168.X.6;} #host node7 {hardware ethernet 08:00:27:12:34:57;fixed-address 192.168.X.7;} node1# cat /etc/dhcp/dhcpd.conf failover peer "dhcp" { primary; address 192.168.X.1; port 519; peer address 192.168.X.2; peer port 520; max-response-delay 60; max-unacked-updates 10; mclt 600; split 128; load balance max seconds 3; } include "/etc/dhcp/dhcpd.general"; node2# cat /etc/dhcp/dhcpd.conf failover peer "dhcp" { secondary; address 192.168.X.2; port 520; peer address 192.168.X.1; peer port 519; max-response-delay 60; max-unacked-updates 10; load balance max seconds 3; } include "/etc/dhcp/dhcpd.general"; ==== Конфигурация с поддержкой динамических обновлений зон DNS ==== * Сервис DNS [[Сервис DNS#Настройка поддержки динамических обновлений от DHCP сервера]] * [[http://serverfault.com/questions/494523/adding-static-dns-entries-on-a-dynamic-bind-setup|Adding static DNS entries on a dynamic BIND setup]] server# cat dhcpd.conf ddns-update-style interim; ddns-ttl 60; ... subnet 192.168.X.0 netmask 255.255.255.0 { ### ubuntu #include "/etc/dhcp/rndc.key"; ### freebsd #include "/usr/local/etc/rndc.key"; zone corpX.un. { primary 192.168.X.10; key rndc-key; } zone X.168.192.in-addr.arpa. { primary 192.168.X.10; key rndc-key; } ... ===== Проверка конфигурации и запуск ===== ==== Debian/Ubuntu ==== # dhcpd -t # service isc-dhcp-server restart # service isc-dhcp-server status ===== Мониторинг выданных адресов ===== ==== Debian/Ubuntu ==== root@gate:~# dhcp-lease-list root@gate:~# less /var/lib/dhcp/dhcpd.leases root@gate:~# grep dhcp /var/log/syslog ===== Статистика DHCP сервера ===== * [[http://sourceforge.net/projects/dhcpd-pools/files/]] ==== Debian/Ubuntu ==== # apt install dhcpd-pools # dhcpd-pools # dhcpd-pools -l /var/lib/dhcp/dhcpd.leases -c /etc/dhcp/dhcpd.conf # cat /usr/local/bin/dhcp_stat.sh #!/bin/sh CMD='/usr/bin/dhcpd-pools -l /var/lib/dhcp/dhcpd.leases -c /etc/dhcp/dhcpd.conf -f c | grep 192.168.' MAX=`eval $CMD | cut -d'"' -f8` CUR=`eval $CMD | cut -d'"' -f10` eval RES=\$$1 echo $RES # /usr/local/bin/dhcp_stat.sh MAX # /usr/local/bin/dhcp_stat.sh CUR ==== FreeBSD ==== # pkg install dhcpd-pools # dhcpd-pools -l /var/db/dhcpd/dhcpd.leases -c /usr/local/etc/dhcpd.conf ===== isc-kea ===== * [[https://ubuntu.com/server/docs/how-to-install-and-configure-isc-kea|How to install and configure isc-kea]] gate# apt install kea gate# cat /etc/kea/kea-dhcp4.conf { "Dhcp4": { "interfaces-config": { "interfaces": [ "eth2" ], "dhcp-socket-type": "raw" }, "control-socket": { "socket-type": "unix", "socket-name": "/run/kea/kea4-ctrl-socket" }, "lease-database": { "type": "memfile", "lfc-interval": 3600 }, "expired-leases-processing": { "reclaim-timer-wait-time": 10, "flush-reclaimed-timer-wait-time": 25, "hold-reclaimed-time": 3600, "max-reclaim-leases": 100, "max-reclaim-time": 250, "unwarned-reclaim-cycles": 5 }, "renew-timer": 900, "rebind-timer": 1800, "valid-lifetime": 3600, "option-data": [ { "name": "domain-name-servers", "data": "192.168.X.10" }, # not work in windows { "name": "domain-search", "data": "corpX.un,isp.un" }, { "name": "domain-name", "data": "corpX.un" } ], "subnet4": [ { "id": 1, "subnet": "192.168.100+X.0/24", "pools": [ { "pool": "192.168.100+X.100 - 192.168.100+X.109" } ], "option-data": [ { "name": "routers", "data": "192.168.100+X.1" } ] } ], "loggers": [ { "name": "kea-dhcp4", "output_options": [ { "output": "stdout", "pattern": "%-5p %m\n" } ], "severity": "INFO", "debuglevel": 0 } ] } } # kea-dhcp4 -t /etc/kea/kea-dhcp4.conf # service kea-dhcp4-server restart # service kea-dhcp4-server status # cat /var/lib/kea/kea-leases4.csv ===== Поиск посторонних DHCP серверов ===== * [[http://www.netpatch.ru/dhcdrop.html|Подавление DHCP серверов - dhcdrop]] ==== Debian/Ubuntu ==== # wget http://www.netpatch.ru/projects/dhcdrop/dhcdrop-lin-0.5.tar.bz2 # tar -xvf /root/dhcdrop-lin-0.5.tar.bz2 -C /usr/local/sbin/ dhcdrop ==== FreeBSD ==== # pkg install dhcdrop ==== FreeBSD/Debian/Ubuntu ==== # /usr/local/sbin/dhcdrop -b -i eth0 -c 2 -y # /usr/local/sbin/dhcdrop -t -b -q -i -l > /tmp/dhcp.txt || (cat /tmp/dhcp.txt | mail -s 'Critical. Second DHCP.' root@corpX.un)