DHCP Server Configuration File

Purpose

Defines default configuration information for the Dynamic Host Configuration Protocol (DHCP) server program (dhcpsd).

Description

The dhcpsd configuration file contains entries for logging information, options to return, machines to configure, and other items.

Following are the formats for the data in the configuration file.

# Comment line

The # character means that there is a comment from that point to the end of the line.

## "Name of Resource" "<Keyword> <value> <value> ..."

The ## characters denote a named resource. This is used by the dhcpsconf program to allow the user to create specific resources. The data is stored in the server file so that it can be read in with the configuration file and displayed as the name and not the value in the viewing window of dhcpsconf.

The format of the ## line is a quoted string that is the name of the resource followed by a double-quoted string representing a valid possible line for a configuration file. The second quoted string should be syntactically correct for a line in a DHCP server configuration file. The keyword can only be option, network, subnet, class, and client.

### "DHCP Server" "Any line from a server file"

The ### characters denote a server configuration file. This allows for multiple server files to be saved in one file. The dhcpsconf program uses this to present multiple server datasets in a master. This would be useful, if you were to define a network with 10 servers and wanted to save all the server information in one file and maintain a default server. The default server would go into the master file, and the servers would be saved in the master file with the ### characters. The dhcpsconf program has a function that allows you to create a specific server configuration out of the master file.

numLogFiles n

Specifies the number of log files. If 0 is specified, no log file will be maintained and no log message is displayed anywhere. n is the maximum number of log files maintained as the size of the most recent log file reaches its maximum size and a new log file is created.

logFileSize n

Maximum size of a log file. When the size of the most recent log file reaches this value, it is renamed and a new log file is created. n is measured in kilobytes(KB).

logFileName filename

Name and path of the most recent log file. Less recent log files have the number 1 to (n - 1) appended to their names; the larger the number, the older the file.

logItem <option name>

One item that will be logged. Multiple of these lines are allowed. This allows for the specified logging level to be turned on. The following are option names:

SYSERR: System error, at the interface to the platform
OBJERR: Object error, in between objects in the process
PROTERR: Protocol error, between client and server
WARNING: Warning, worth attention from the user
EVENT: Event occurred to the process
ACTION: Action taken by the process
INFO: Information that might be useful
ACNTING: Who was served, and when
TRACE: Code flow, for debugging.

clientrecorddb <filename>

This is the path to a file to substitute for /etc/dhcps.cr. Configurations that support a large number of addresses should set clientrecorddb and addressrecorddb database files in a file system with substantial free space.

addressrecorddb <filename>

This is the path to a file to substitute for /etc/dhcps.ar.

network <Network address> [<Subnet Mask>|<range>]

Specifies one network administered by this server. Network address is the address of this network. This address is specified in the dotted notation (for example, 9.0.0.0, 128.81.0.0, or 192.81.20.0). Full four-byte value should be specified (for example, 9, 128.81, or 192.81.20 is not legal).

Network address may optionally be followed by the subnet mask, a range, or nothing.

If a subnet mask is specified, one or more subnet statements should appear in the succeeding lines within a pair of curly braces. The subnet mask may be specified either in the dotted notation (for example, 255.255.255.128) or as a number indicating the number of 1 bits in the mask (for example, 25, which is equivalent to 255.255.255.128). The means that a network is not a collection of all subnet for a network, but all subnets with the same length subnet for that network "prefix."

If a range is specified, it determines, within the network, the range of hosts that are administered by this server, and it implies that there is no subnetting. A range is specified by the host addresses, in the dotted notation, at the lower end and the higher end of the range, respectively, separated by a hyphen with no spaces before or after it (for example, 192.81.20.1-129.81.20.128). A range must encompass all addresses to be administered because multiple network statements to define the same network are not allowed. Use the "client" statement to exclude any addresses in the range that the server should not administer.

If nothing is specified after Network address, all hosts in that network are administered by this server.

A network statement may be immediately followed by a pair of curly braces, in which parameters (for example, options) particular to this network can be specified.

subnet <Subnet address> [<range>]

One or more subnet statements are enclosed by a pair of curly braces that immediately follows a network statement with subnet mask. A subnet statement specifies one subnet within that network.

Subnet address is the address of this subnet. This address is specified in the dotted notation (for example, 9.17.32.0 or 128.81.22.0).

Subnet address may be followed by a range or nothing.

If a range is specified, it determines, within the subnet, the range of hosts that are administered by this server. A range is specified by the host addresses, in the dotted notation, at the lower end and the higher end of the range, respectively, separated by a hyphen with no spaces before or after it. A range must encompass all addresses to be administered since multiple subnet statements to define the same subnet are not allowed. Use the "client" statement to exclude any addresses in the range which the server should not administer.

If nothing is specified after Subnet address, all hosts in that subnet are administered by this server.

The ranges in two servers administering the same subnet cannot overlap. Otherwise, two hosts may be assigned the same address.

A subnet statement may be immediately followed by a pair of curly braces, in which parameters (for example, options) particular to this subnet can be specified.

class <class_name> [<range>]

Specifies a class. The class name is a simple ascii string. A class's scope is determined by the curly braces in which it is enclosed. If it is outside all curly braces, then its scope is the entire file.

A class name may be followed by a range or nothing. If a range of Ip Addresses is specified, then only addresses in that range will be assigned to clients who request this class. Note that clients who request this class, for which the subnet does not match the range, will not be processed. Bad addresses will not be given out by the server. If an address range is not specified, then addresses will be given to clients using the usual rules of assignment (by network clauses).

The class statement may be immediately followed by a pair of curly braces, in which the options particular to this class can be specified. A class may be defined within the curly braces of a subnet, but a subnet may not be defined within the curly braces of a class.

Options set up in the network or subnet containing a class definition will also apply to the class.

client <id_type> <id_value> <address>

Specifies a definition of client/address processing.

<id_type> is 0 for a string, otherwise it is one of the hardware types defined in RFC 1340 (for example, 6 for IEEE 802 networks.)

<id_value> is a character string for <id_type>=0. Typically, this would be a domain name. For a non-zero <id_type>, the <id_value> is a hexadecimal string representing the hardware address of the client.

Note: An <id_type> of 0 and an <id_value> of 0 indicates that the <address> specified should not be distributed by this server.

The <address> can be the string "none" to indicate that the client with <id_type> and <id_value> should not be serviced by this server. The <address> can be the string "any" to indicate that the server should choose an appropriate address for this client. The <address> can be an internet address in dotted notation (for example, 9.2.15.82). This will be the Ip address given to the particular client specified by <id_type> and <id_value>. As mentioned above, an <id_type> of 0 and an <id_value> of 0 indicates that the <address> specified should not be distributed by this server.

Note: If a client is configured in this way on the server, then any class information requested by the client will be ignored. No class-specific information will be processed for these clients.

The client statement may be immediately followed by a pair of curly braces, in which the options particular to this client can be specified.

A client statement with an address specified that is not part of the address pool specified in a network/subnet elsewhere in this file must contain the subnet mask option(1). For all other clients, the server will compute the subnet mask option to send the client based on the network/subnet definitions.

Note: All clients inherit all globally defined options. A client defined in a network scope will inherit options defined for that network. A client defined in a subnet scope, will inherit options defined for that subnet and encompassing network.

A class definition inside a client scope is not allowed.

The client statement may be used to configure bootp clients. To do this, specify all the bootp options using the option syntax defined below. In addition, specify an infinite lease time in the client scope with "option 51 0xffffffff". DHCP options will not be served to the bootp client.

nakoutofrange <option>

Specifies the behavior of the DHCP server when a client requests an IP address that this server does not administer.

When a DHCP client moves from one DHCP domain to a new DHCP domain, the client requests its previous IP address from the new DHCP server. By default, the DHCP server ignores such requests without sending a refusal (DHCP NAK). The nakoutofrange policy in the AIX® DHCP server enables the DHCP administrator to force the server to send refusals to clients in such situations, and to force the clients to request new addresses and configurations.

You can place the nakoutofrange option either inside a subnet scope or in the global scope. Each option and its placement have specific implications to the behavior of the DHCP server. The following options are available:

none: This is the default setting when the nakoutofrange keyword is not present. A DHCP server sends a DHCP NAK response when a client asks for an address that the server controls and that the client cannot use. For example, a client requests an address that another client is using.
Note: To use a policy other than none in the global area, you must understand the network topology and ensure that clients of the DHCP server can reach the DHCP server from any network access point.
insubnet: If a client requests an address that matches the subnet from which the client is broadcasting, but the address does not fall within the controlled IP address ranges of that subnet, the DHCP server sends a DHCP NAK response to the client.
Note: Do not use this option when multiple DHCP servers are controlling separate IP address ranges on the same subnet, unless every access point to the subnet can only reach one of the DHCP servers.
notinsubnet: The DHCP server sends a DHCP NAK response to a client that is requesting an address that does not match the subnet from which the client is broadcasting. When this option is placed outside the subnet scope, the DHCP NAK response is sent when the client's broadcast is received from a subnet that is not controlled by the server.
Note: When this option is placed inside the subnet scope, it should be used when there are no other logical subnets on the client's network segment that are administered through any DHCP server.
both: The DHCP server sends a DHCP NAK response to a client that is requesting an address that the server cannot assign to the client. Placing this option inside a subnet scope combines the implications of placing the notinsubnet option and the insubnet option inside the subnet scope. Place this option inside a subnet scope when the configured DHCP server is the only DHCP server capable of assigning an address to a client broadcasting from any of the network access points on the subnet. This option should be placed globally only when the configured DHCP server is the only reachable DHCP server from any of the network access points.

The following is an example of the nakoutofrange option:

nakoutofrange none
	subnet 192.1.1.0 255.255.255.0 192.1.1.5-192.1.1.254
	{
		nakoutofrange both
		# ... options ...
	}
	subnet 12.1.10.0 255.255.255.0 12.1.10.5-12.1.10.150
	{
		# another server controls addresses 12.1.10.151-12.1.10.254
		nakoutofrange notinsubnet
		# ... options ...
	}

Note: A typical configuration is to use the both option inside all subnet scopes and to leave the default none option enforced in the global scope.

option <code> <value>

This parameter specifies the value of an option defined in "DHCP Options and BOOTP Vendor Extensions" (RFC 1533) and supported by this server.

An option is specified by the "option" keyword followed by the option code of this option and its data field, in a single line. One or more of this parameter may be specified.

The scope within which an option applies is delimited by a pair of curly braces ({, }) surrounding this parameter.

Two or more options with the same option code may be specified. Their data fields are concatenated in a single option in a packet generated by the server if the options have the same scope or one's scope includes that of another.

Some of the defined options do not need to be specified by this parameter. These options are either mandated by the protocol or this implementation to be present in proper packets, or only generated by a client. These options are:

Option Code	Name
0	Pad Option
255	End Option
1	Subnet Mask
50	Request IP Address
51	IP Address Lease Time
52	Option Overload
53	DHCP Message Type
54	Server Identifier
55	Parameter Request List
57	Maximum DHCP Message Size
58	Renewal (T1) Time Value
59	Rebinding (T2) Time Value
60	Class identifier of client
61	Client identifier

The other options may be specified by this parameter.

When specifying an option, its data field takes one of the following formats:

IP Address: xxx.xxx.xxx.xxx
IP Addresses: [xxx.xxx.xxx.xxx ...]
IP Address Pair: [ip address:ip address]
IP Address Pairs: [[ip address:ip address] ...]
Boolean: [0, 1]
Byte: [-128, 127]
Unsigned Byte: [0, 255]
Unsigned Bytes: [[0, 255] [0, 255] ...]
Short: [-32768, 32767]
Unsigned Short: [0, 65535]
Unsigned Shorts: [[0, 65535] [0, 65536]
Long: [-2147483648, 2147483647]
Unsigned Long: [0, 4294967295]
String: "Value Here"

Note: All IP addresses are specified in dotted-decimal form.

Each of the defined options is listed below by its code and name, followed by the format of its data field. These are specified in latest Vendor Extensions RFC.

Code	Name	Data Field Format and Notes
0	Pad Option	No need to specify
255	End Option	No need to specify
1	Subnet Mask	Unsigned Long
2	Time Offset	Long
3	Router Option	IP Addresses
4	Timer Server Option	IP Addresses
5	Name Server Option	IP Addresses
6	Domain Name Server Option	IP Addresses
7	Log Server Option	IP Addresses
8	Cookie Server Option	IP Addresses
9	LPR Server Option	IP Addresses
10	Impress Server Option	IP Addresses
11	Resource Location Server Option	IP Addresses
12	Host Name Option	String
13	Boot File Size Option	Unsigned Short
14	Merit Dump File	String
15	Domain Name	String
16	Swap Server	IP Address
17	Root Path	String
18	Extensions Path	String

IP Layer Parameters per Host

Code	Name	Data Field Format and Notes
19	IP Forwarding Enable/Disable Option	Boolean
20	Non-local Source Routing Enable/Disable Option	Boolean
21	Policy Filter Option	IP Address Pairs
22	Maximum Datagram Reassembly Size	Unsigned Short
23	Default IP Time-to-live	Unsigned Byte
24	Path MTU Aging Timeout Option	Unsigned Long
25	Path MTU Plateau Table	Unsigned Shorts

IP Layer Parameters per Interface

Code	Name	Data Field Format and Notes
26	Interface MTU Option	Unsigned Short
27	All Subnets are Local Option	Boolean
28	Broadcast Address Option	IP Address
29	Perform Mask Discovery Option	Boolean
30	Mask Supplier Option	Boolean
31	Perform Router Discovery Option	Boolean
32	Router Solicitation Address Option	IP Address
33	Static Route Option	IP Address Pairs

Link Layer Parameters per Interface

Code	Name	Data Field Format and Notes
34	Trailer Encapsulation Option	Boolean
35	ARP Cache Timeout Option	Unsigned Long
36	Ethernet Encapsulation Option	Boolean

TCP Parameters

Code	Name	Data Field Format and Notes
37	TCP Default TTL Option	Unsigned Byte
38	TCP Keepalive Interval Option	Unsigned Long
39	TCP Keepalive Garbage Option	Boolean

Application and Service Parameters

Code	Name	Data Field Format and Notes
40	NIS Domain Option	String
41	NIS Option	IP Addresses
42	Network Time Protocol Servers Option	IP Addresses
43	Vendor Specific Information	Unsigned Bytes
44	NetBIOS over TCP/IP Name Server Option	IP Addresses
45	NetBIOS over TCP/IP Datagram Distribution Server	IP Addresses
46	NetBIOS over TCP/IP Node Type Option	Unsigned Byte
47	NetBIOS over TCP/IP Scope Option	Unsigned Bytes
48	X Window System Font Server Option	IP Addresses
49	X Window System Display Manager Option	IP Addresses

DHCP Extensions

Code	Name	Data Field Format and Notes
50	Request IP Address	No need to specify
51	IP Address Lease Time	Unsigned Long
52	Option Overload	No need to specify
53	DHCP Message Type	No need to specify
54	Server Identifier	No need to specify
55	Parameter Request List	No need to specify
56	Message	String
57	Maximum DHCP Message Size	No need to specify
58	Renewal (T1) Time Value	No need to specify
59	Rebinding (T2) Time Value	No need to specify
60	Class Identifier of Client	Generated by client
61	Client Identifier	Generated by client

BOOTP Specific Options

Code	Name	Data Field Format and Notes
sa	Server Address for the BOOTP client to use	IP Address
bf	Bootfile for the BOOTP client to use	String
hd	Home Directory for the BOOTP client to search for the bootfile	String

Following is an example of BOOTP specific options:

option sa 1.1.2.2
option hd "/vikings/native"
option bf "bootfile.asdg"

Other option numbers may be specified, up to a maximum of 255. The options not listed above must be specified with the unsigned byte list type. Following is an example:

option 178 01 34 53 # Means place tag 178 with value 
0x013553

leaseTimeDefault <amount>[<unit>]

Specifies the default lease duration for the leases issued by this server. In the absence of any more specific lease duration (for example, lease duration for specific client(s) or class of clients), the lease duration specified by this parameter takes effect.

The amount is specified by a decimal number. The unit is one of the following (plural is accepted):

year
month
week
day
hour
minute (default if unit is absent)
second

There is at least one white space in between the amount and unit. Only the first amount following the keyword has effect.

If this parameter is not specified, the default lease duration is one (1) hour.

This parameter should appear outside of any pair of curly braces, for example, it applies to all leases issued by this server.

Note: This keyword only applies to the default for all addresses. To specify a specific lease time for a subnet, network, class or client, use the usual "option 51 value" to specify that lease time (in seconds).

leaseExpireInterval <amount> [<unit>]

Specifies the time interval at which the lease expiration condition is examined, and if a running lease meets such condition, it is expired. The value of this parameter applies to all leases administered by this server.

The amount is specified by a decimal number. The unit is one of the following (plural is accepted):

year
month
week
day
hour
minute (default if unit is absent)
second

There is at least one white space in between the amount and unit. Only the first amount following the keyword has effect.

If this parameter is not specified, the default interval is one (1) minute.

This parameter should appear outside of any pair of curly braces, for example it applies to all leases issued by this server.

The value of this parameter should be in proportion with that of parameter leaseTimeDefault so that the expirations of leases are recognized in time.

supportBOOTP [yes | no]

Indicates to the server whether or not to support requests from BOOTP clients.

If yes is specified, the server will support BOOTP clients.

If the value field is not a yes, or the keyword is omitted, the server will not support BOOTP clients.

The scope of this parameter covers all the networks and subnets administered by this server.

If the server previously supported BOOTP clients and has been reconfigured not to support BOOTP clients, the address binding for a BOOTP client established before the reconfiguration, if any, will still be maintained until the time when that BOOTP client sends a request again (when it is rebooting.) At that time, the server will not respond, and the binding will be removed.

supportunlistedClients [yes | no]

Indicates to the server whether or not to support requests from clients that are not specifically configured with their own individual client statements in the server.

If yes is specified, the server will support unlisted clients.

If the value field is anything other than yes, the server will not support unlisted clients.

If this keyword is not found in the file, the server will support clients not specifically configured with a client statement.

updateDNS <string>

A string enclosed in quotes, indicating a program to execute to update the DNS server with the new inverse mapping for the IP address and names served by dhcp. This string should include four %s's to indicate the placement of the following information from the dhcp client:

hostname: Value of option 12. The value returned by the dhcp server is used, if one is supplied. Else, if the client specified a value in this file, the client-requested value is used. If neither the client specified a requested hostname nor the server supplied one, this exec string will not be executed.
domainname: Value of option 15. The value returned by the dhcp server is used, if one is supplied. Else, if the client specified a value in this file, the client-requested value is used. If neither the client specified a requested hostname nor the server supplied one, a null string (" ") is supplied by dhcp. This may cause the update of address records to fail.
Ip Address: IP address leased to this client by the server. The string is supplied in dotted notation, for example, 9.2.23.43.
leasetime: Lease time granted by the server. This string is a decimal number representing the number of seconds of the lease.

These values are output by dhcp in this order:

hostname domainname Ip Address leasetime

A script /usr/sbin/dhcpaction has been provided with this function, as well as actions to help NIM interact with DHCP clients. Run the script as follows:

/usr/sbin/dhcpaction hostname domainname ipaddress
leasetime < A | PTR | BOTH | NONE > < NONIM | NIM >

The first four parameters are what will be used to update the DNS server. The fifth parameter tells dhcpaction to update the A record, the PTR record, or both, or none. The options are A, PTR, BOTH, NONE. The sixth parameter is used to tell servers that NIM is being used, and processing needs to be done when a client changes address. The options for this are NIM and NONIM.

An example follows:

updateDNS "/usr/sbin/dhcpaction %s %s %s %s %s PTR
NONIM 2>&1 >>/tmp/updns.out"

Examples

In this example, we are setting up a server with a default lease time of 30 minutes. This means that any address that doesn't explicitly have a lease time set in a network, class, client, or subnet scope, will get 30 minutes. We are also setting the time between server address expiration checks to 3 minutes. This means that every 3 minutes, the server will check to see if an address has expired and mark it as expired. We are also saying the server should accept BOOTP requests and accept any client that matches the normal address assignment scheme. The normal address assignment scheme means that an address and options are assigned based on the network/subnet that the client is on.
We are also setting up two global options that should apply to all clients we serve. We are saying that there is a printer at 10.11.12.13 for everyone to use and the global domain name is dreampark. We are defining one network that has subnetting on the first 24 bits.

Thus, the network we are defining has some number of subnets and all the subnets we are specifying in this network scope have netmask of 255.255.255.0. Under that network, we are defining some options for that network and some subnets. The subnets define the actual addresses available for distribution. There are two subnets. Inside the second subnet, there is a class. The class information only applies to hosts on the second subnet that request that class. If that class is asked for the host, it will get two netbios options. If the address is in the first subnet, it will get the options in the subnet clause, which are nothing. If the host is in the second subnet, it will get all the options in the clause for the second subnet. If it also has the class, it will get the class options. If options are repeated with the same scope or a sub-scope, these options are concatenated together and set as one option. All hosts given an address from one of the two subnets will receive the options that are in the network scope.
```
leaseTimeDefault                   30 minutes
leaseExpireInterval                3 minutes
supportBOOTP                       yes
supportUnlistedClients             yes
   
option 9         10.11.12.13                  # printer for all
option 15        dreampark                    # domain
name
   
network 9.0.0.0 24
{
          subnet 9.2.218.0     9.2.218.1-9.2.218.128
          subnet 9.67.112.0    9.67.112.1-9.67.112.64
          {
            option 28          9.67.112.127             # broadcast address
            option 9           9.67.112.1               # printer 1
            option 9           9.67.112.2               # printer 2
            option 15          sandbox.                 # domain name
            class netbios_host
            {
                               #Netbi ov tcp/ip name server
                               option 44 9.67.112.125
                               Netbi over tcp/ip node type
                               option 46 2
                   }
            }
    
            option 15          toyland                   # domain name
            option 9           9.68.111.128              # printer 3
            option 33          1.2.3.4:9.8.7.1           # route to the moon
            option 33          5.6.7.8:9.8.7.2           # route to the mars
            # routes to black holes
            option 3           11.22.33.44    55.66.77.88
}
 
```

In this example, we see the output of the dhcpsconf command. This format is more used by the dhcpsconf GUI to store information. This format allows for multiple configurations. The dhcpsconf GUI can in turn generate the specific server files for an individual server. The file specifies two of DHCP Servers, Greg and Fred. Each contain the definitions for the two servers. The dhcpsconf command can generate files specifically for Greg or Fred. The dhcpsconf command will also use the named resources (## sections) to display network pieces that have been named by the administrator.

The DHCP server Greg is responsible for network 9.3.145.0, subnet mask 255.255.255.192. The DHCP server Fred is responsible for network 9.3.146.128, subnet mask 255.255.255.240. Each server provides its own domain name. Other options named and unnamed may be placed in the server's configuration section.

Note: This format is used by dhcpsconf, which generateS the appropriate configuration files for DHCP servers Greg and Fred.

# Named resources Section
## "Network 1 Subnet Netmask" "option 1 255.255.255.192"
## "Network 2 Subnet Netmask" "option 1 255.255.255.240"
## "Network 1 Domain Name" "option 15 "bizarro.austin.ibm.com""
## "Network 2 Domain Name" "option 15 "superman.austin.ibm.com""
## "Network 1 Network" "network 9.3.145.0 26"
## "Network 2 Network" "network 9.3.146.128 27"
  
### "DHCP Server Greg" "logItem SYSERR"
### "DHCP Server Greg" "numlogfiles 6"
### "DHCP Server Greg" "logfilesize 100"
### "DHCP Server Greg" "logfilename /usr/tmp/dhcpgreg.log"
### "DHCP Server Greg" "network 9.3.145.0 26"
### "DHCP Server Greg" "{"
### "DHCP Server Greg" "option 15 "bizarro.austin.ibm.com""
### "DHCP Server Greg" "}"
### "DHCP Server Fred" "logItem SYSERR"
### "DHCP Server Fred" "logItem OBJERR"
### "DHCP Server Fred" "numlogfiles 3"
### "DHCP Server Fred" "logfilesize 50"
### "DHCP Server Fred" "logfilename /usr/tmp/dhcpfred.log"
### "DHCP Server Fred" "network 9.3.146.128 27"
### "DHCP Server Fred" "{"
### "DHCP Server Fred" "option 15 "superman.austin.ibm.com""
### "DHCP Server Fred" "}"