Сервис DHCP
isc-dhcp-server
Установка
Debian/Ubuntu
root@gate:~# apt install isc-dhcp-server
root@gate:~# cat /etc/default/isc-dhcp-server
INTERFACESv4="eth0"
#INTERFACESv4="vlan2"
#INTERFACESv4="eth0 eth2"
CentOS
Настройка
Стандартная конфигурация
gate# cat /etc/dhcp/dhcpd.conf
ddns-update-style none;
log-facility local7;
default-lease-time 600;
max-lease-time 7200;
option domain-name "corpX.un";
#option domain-search "jet.msk.su","service.jet.msk.su","jetinf.jet.msk.su";
option domain-name-servers 192.168.X.10;
#option domain-name-servers 192.168.X.12;
#### For phone provisioning ####
#option file-server-name code 66 = string; # RFC 2132
#option file-server-address code 150 = ip-address; # RFC 5859 (Cisco)
#option file-server-name "server.corpX.un";
#option file-server-address 192.168.X.10;
#### For PXE ####
#allow booting;
#allow bootp;
#next-server 192.168.X.10;
#filename "pxelinux.0";
shared-network LAN1 {
subnet 192.168.X.0 netmask 255.255.255.0 {
range 192.168.X.101 192.168.X.109;
option routers 192.168.X.1;
}
}
#shared-network LAN2 {
# subnet 192.168.113.0 netmask 255.255.255.0 {
# range 192.168.113.101 192.168.113.109;
# option routers 192.168.113.1;
# next-server 192.168.X.10;
# filename "pxe_lan2/pxelinux.0";
# }
#}
#### For ip by mac ####
#host kube1 {hardware ethernet 08:00:27:12:34:51;fixed-address 192.168.X.221;}
#host kube2 {hardware ethernet 08:00:27:12:34:52;fixed-address 192.168.X.222;}
#host kube3 {hardware ethernet 08:00:27:12:34:53;fixed-address 192.168.X.223;}
#host kube4 {hardware ethernet 08:00:27:12:34:54;fixed-address 192.168.X.224;}
#### Digim D40 ####
#phone 407 {
# hardware ethernet 00:0f:d3:06:11:d3;
# option file-server-name "http://server.corpX.un/";
#}
Отказоустойчивая конфигурация
nodeN# cat /etc/dhcp/dhcpd.general
ddns-update-style none;
log-facility local7;
subnet 192.168.X.0 netmask 255.255.255.0 {
pool {
failover peer "dhcp";
range 192.168.X.128 192.168.X.228;
}
option routers 192.168.X.254;
option domain-name "corpX.un";
option domain-name-servers 192.168.X.1, 192.168.X.2;
default-lease-time 600;
max-lease-time 7200;
}
#host node3 {hardware ethernet 08:00:27:12:34:53;fixed-address 192.168.X.3;}
#host node4 {hardware ethernet 08:00:27:12:34:54;fixed-address 192.168.X.4;}
#host node5 {hardware ethernet 08:00:27:12:34:55;fixed-address 192.168.X.5;}
#host node6 {hardware ethernet 08:00:27:12:34:56;fixed-address 192.168.X.6;}
#host node7 {hardware ethernet 08:00:27:12:34:57;fixed-address 192.168.X.7;}
node1# cat /etc/dhcp/dhcpd.conf
failover peer "dhcp" {
primary;
address 192.168.X.1;
port 519;
peer address 192.168.X.2;
peer port 520;
max-response-delay 60;
max-unacked-updates 10;
mclt 600;
split 128;
load balance max seconds 3;
}
include "/etc/dhcp/dhcpd.general";
node2# cat /etc/dhcp/dhcpd.conf
failover peer "dhcp" {
secondary;
address 192.168.X.2;
port 520;
peer address 192.168.X.1;
peer port 519;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
include "/etc/dhcp/dhcpd.general";
Конфигурация с поддержкой динамических обновлений зон DNS
server# cat dhcpd.conf
ddns-update-style interim;
ddns-ttl 60;
...
subnet 192.168.X.0 netmask 255.255.255.0 {
### ubuntu
#include "/etc/dhcp/rndc.key";
### freebsd
#include "/usr/local/etc/rndc.key";
zone corpX.un. {
primary 192.168.X.10;
key rndc-key;
}
zone X.168.192.in-addr.arpa. {
primary 192.168.X.10;
key rndc-key;
}
...
Проверка конфигурации и запуск
Debian/Ubuntu
# dhcpd -t
# service isc-dhcp-server restart
# service isc-dhcp-server status
Мониторинг выданных адресов
Debian/Ubuntu
root@gate:~# dhcp-lease-list
root@gate:~# less /var/lib/dhcp/dhcpd.leases
root@gate:~# grep dhcp /var/log/syslog
Статистика DHCP сервера
Debian/Ubuntu
# apt install dhcpd-pools
# dhcpd-pools
# dhcpd-pools -l /var/lib/dhcp/dhcpd.leases -c /etc/dhcp/dhcpd.conf
# cat /usr/local/bin/dhcp_stat.sh
#!/bin/sh
CMD='/usr/bin/dhcpd-pools -l /var/lib/dhcp/dhcpd.leases -c /etc/dhcp/dhcpd.conf -f c | grep 192.168.'
MAX=`eval $CMD | cut -d'"' -f8`
CUR=`eval $CMD | cut -d'"' -f10`
eval RES=\$$1
echo $RES
# /usr/local/bin/dhcp_stat.sh MAX
# /usr/local/bin/dhcp_stat.sh CUR
FreeBSD
# pkg install dhcpd-pools
# dhcpd-pools -l /var/db/dhcpd/dhcpd.leases -c /usr/local/etc/dhcpd.conf
isc-kea
gate# apt install kea
gate# cat /etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "eth2" ],
"dhcp-socket-type": "raw"
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea/kea4-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"option-data": [
{
"name": "domain-name-servers",
"data": "192.168.X.10"
},
# not work in windows
{
"name": "domain-search",
"data": "corpX.un,isp.un"
},
{
"name": "domain-name",
"data": "corpX.un"
}
],
"subnet4": [
{
"id": 1,
"subnet": "192.168.100+X.0/24",
"pools": [ { "pool": "192.168.100+X.100 - 192.168.100+X.109" } ],
"option-data": [
{
"name": "routers",
"data": "192.168.100+X.1"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "stdout",
"pattern": "%-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
# kea-dhcp4 -t /etc/kea/kea-dhcp4.conf
# service kea-dhcp4-server restart
# service kea-dhcp4-server status
# cat /var/lib/kea/kea-leases4.csv
Поиск посторонних DHCP серверов
Debian/Ubuntu
# wget http://www.netpatch.ru/projects/dhcdrop/dhcdrop-lin-0.5.tar.bz2
# tar -xvf /root/dhcdrop-lin-0.5.tar.bz2 -C /usr/local/sbin/ dhcdrop
FreeBSD
FreeBSD/Debian/Ubuntu
# /usr/local/sbin/dhcdrop -b -i eth0 -c 2 -y
# /usr/local/sbin/dhcdrop -t -b -q -i <intface> -l <mac_address> > /tmp/dhcp.txt || (cat /tmp/dhcp.txt | mail -s 'Critical. Second DHCP.' root@corpX.un)