xref: /openbsd/usr.sbin/dhcpd/dhcpd.conf.5 (revision 264ca280) 
1.\"	$OpenBSD: dhcpd.conf.5,v 1.17 2015/06/11 12:48:32 schwarze Exp $
2.\"
3.\" Copyright (c) 1995, 1996, 1997, 1998, 1998, 1999
4.\" The Internet Software Consortium.    All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\"
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\" 3. Neither the name of The Internet Software Consortium nor the names
16.\"    of its contributors may be used to endorse or promote products derived
17.\"    from this software without specific prior written permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
20.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
22.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23.\" DISCLAIMED.  IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
24.\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
27.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
28.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31.\" SUCH DAMAGE.
32.\"
33.\" This software has been written for the Internet Software Consortium
34.\" by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
35.\" Enterprises.  To learn more about the Internet Software Consortium,
36.\" see ``http://www.isc.org/isc''.  To learn more about Vixie
37.\" Enterprises, see ``http://www.vix.com''.
38.\"
39.Dd $Mdocdate: June 11 2015 $
40.Dt DHCPD.CONF 5
41.Os
42.Sh NAME
43.Nm dhcpd.conf
44.Nd DHCP server configuration file
45.Sh DESCRIPTION
46The
47.Nm
48file contains configuration information for
49.Xr dhcpd 8 ,
50the Internet Software Consortium DHCP Server.
51.Pp
52The
53.Nm
54file is a free-form ASCII text file.
55It is parsed by the recursive-descent parser built into
56.Xr dhcpd 8 .
57The file may contain extra tabs and newlines for formatting purposes.
58Keywords in the file are case-insensitive.
59Comments may be placed anywhere within the file (except within quotes).
60Comments begin with the
61.Sq #
62character and end at the end of the line.
63.Pp
64The file essentially consists of a list of statements.
65Statements fall into two broad categories \- parameters and declarations.
66.Pp
67Parameter statements say how to do something (e.g., how long a
68lease to offer), whether to do something (e.g., should
69.Xr dhcpd 8
70provide addresses to unknown clients), or what parameters to provide to the
71client (e.g., use gateway 220.177.244.7).
72.Pp
73Declarations are used to describe the topology of the
74network, to describe clients on the network, to provide addresses that
75can be assigned to clients, or to apply a group of parameters to a
76group of declarations.
77In any group of parameters and declarations, all parameters must be specified
78before any declarations which depend on those parameters may be specified.
79.Pp
80Declarations about network topology include the
81.Ic shared-network
82and the
83.Ic subnet
84declarations.
85If clients on a subnet are to be assigned addresses dynamically, a
86.Ic range
87declaration must appear within the
88.Ic subnet
89declaration.
90For clients with statically assigned addresses, or for installations where
91only known clients will be served, each such client must have a
92.Ic host
93declaration.
94If parameters are to be applied to a group of declarations which are not
95related strictly on a per-subnet basis, the
96.Ic group
97declaration can be used.
98.Pp
99For every subnet which will be served, and for every subnet
100to which the dhcp server is connected, there must be one
101.Ic subnet
102declaration, which tells
103.Xr dhcpd 8
104how to recognize that an address is on that subnet.
105A
106.Ic subnet
107declaration is required for each subnet even if no addresses will be
108dynamically allocated on that subnet.
109.Pp
110Some installations have physical networks on which more than one IP
111subnet operates.
112For example, if there is a site-wide requirement that 8-bit subnet masks
113be used, but a department with a single physical Ethernet network expands
114to the point where it has more than 254 nodes, it may be necessary to run
115two 8-bit subnets on the same Ethernet until such time as a new physical
116network can be added.
117In this case, the
118.Ic subnet
119declarations for these two networks may be enclosed in a
120.Ic shared-network
121declaration.
122.Pp
123Some sites may have departments which have clients on more than one
124subnet, but it may be desirable to offer those clients a uniform set
125of parameters which are different than what would be offered to
126clients from other departments on the same subnet.
127For clients which will be declared explicitly with
128.Ic host
129declarations, these declarations can be enclosed in a
130.Ic group
131declaration along with the parameters which are common to that department.
132For clients whose addresses will be dynamically assigned, there is currently no
133way to group parameter assignments other than by network topology.
134.Pp
135When a client is to be booted, its boot parameters are determined by
136first consulting that client's
137.Ic host
138declaration (if any), then consulting the
139.Ic group
140declaration (if any) which enclosed that
141.Ic host
142declaration, then consulting the
143.Ic subnet
144declaration for the subnet on which the client is booting, then consulting the
145.Ic shared-network
146declaration (if any) containing that subnet, and finally consulting the
147top-level parameters which may be specified outside of any declaration.
148.Pp
149When
150.Xr dhcpd 8
151tries to find a
152.Ic host
153declaration for a client, it first looks for a
154.Ic host
155declaration which has a
156.Ar fixed-address
157parameter which matches the subnet or shared network on which the client
158is booting.
159If it doesn't find any such entry, it then tries to find an entry which has no
160.Ar fixed-address
161parameter.
162If no such entry is found, then
163.Xr dhcpd 8
164acts as if there is no entry in the
165.Nm
166file for that client, even if there is an entry for that client on a
167different subnet or shared network.
168.Sh EXAMPLES
169A typical
170.Nm
171file will look something like this:
172.Pp
173Example 1
174.Bd -unfilled -offset indent
175.Ar global parameters...
176
177shared-network ISC-BIGGIE {
178.Pf "  " Ar shared-network-specific parameters ...
179  subnet 204.254.239.0 netmask 255.255.255.224 {
180.Pf "    " Ar subnet-specific parameters ...
181    range 204.254.239.10 204.254.239.30;
182  }
183  subnet 204.254.239.32 netmask 255.255.255.224 {
184.Pf "    " Ar subnet-specific parameters ...
185    range 204.254.239.42 204.254.239.62;
186  }
187}
188
189subnet 204.254.239.64 netmask 255.255.255.224 {
190.Pf "  " Ar subnet-specific parameters ...
191  range 204.254.239.74 204.254.239.94;
192}
193
194group {
195.Pf "  " Ar group-specific parameters ...
196  host zappo.test.isc.org {
197.Pf "    " Ar host-specific parameters ...
198  }
199  host beppo.test.isc.org {
200.Pf "    " Ar host-specific parameters ...
201  }
202  host harpo.test.isc.org {
203.Pf "    " Ar host-specific parameters ...
204  }
205}
206.Ed
207.Pp
208Notice that at the beginning of the file, there's a place
209for global parameters.
210These might be things like the organization's domain name,
211the addresses of the name servers
212(if they are common to the entire organization), and so on.
213So, for example:
214.Pp
215Example 2
216.Bd -literal -offset indent
217option domain-name \&"isc.org\&";
218option domain-name-servers ns1.isc.org, ns2.isc.org;
219.Ed
220.Pp
221As you can see in Example 2, it's legal to specify host addresses in
222parameters as domain names rather than as numeric IP addresses.
223If a given hostname resolves to more than one IP address (for example, if
224that host has two Ethernet interfaces), both addresses are supplied to
225the client.
226.Pp
227In Example 1, you can see that both the shared-network statement and
228the subnet statements can have parameters.
229Let us say that the shared network ISC-BIGGIE supports an entire department \-
230perhaps the accounting department.
231If accounting has its own domain, then a shared-network-specific parameter
232might be:
233.Pp
234.Dl option domain-name \&"accounting.isc.org\&";
235.Pp
236All subnet declarations appearing in the shared-network declaration
237would then have the domain-name option set to
238.Dq accounting.isc.org
239instead of just
240.Dq isc.org .
241.Pp
242The most obvious reason for having subnet-specific parameters as
243shown in Example 1 is that each subnet, of necessity, has its own router.
244So for the first subnet, for example, there should be something like:
245.Pp
246.Dl option routers 204.254.239.1;
247.Pp
248Note that the address here is specified numerically.
249This is not required \- if you have a different domain name for each
250interface on your router, it's perfectly legitimate to use the domain name
251for that interface instead of the numeric address.
252However, in many cases there may be only one domain name for all of a router's
253IP addresses, and it would not be appropriate to use that name here.
254.Pp
255In Example 1 there is also a
256.Ic group
257statement, which provides common parameters for a set of three hosts \- zappo,
258beppo and harpo.
259As you can see, these hosts are all in the test.isc.org domain, so it
260might make sense for a group-specific parameter to override the domain
261name supplied to these hosts:
262.Pp
263.Dl option domain-name \&"test.isc.org\&";
264.Pp
265Also, given the domain they're in, these are probably test machines.
266If we wanted to test the DHCP leasing mechanism, we might set the
267lease timeout somewhat shorter than the default:
268.Bd -literal -offset indent
269max-lease-time 120;
270default-lease-time 120;
271.Ed
272.Pp
273You may have noticed that while some parameters start with the
274.Ic option
275keyword, some do not.
276Parameters starting with the
277.Ic option
278keyword correspond to actual DHCP options, while parameters that do not start
279with the option keyword either control the behaviour of the DHCP server
280(e.g., how long a lease
281.Xr dhcpd 8
282will give out), or specify client parameters that are not optional in the
283DHCP protocol (for example, server-name and filename).
284.Pp
285In Example 1, each host had
286.Ar host-specific parameters .
287These could include such things as the
288.Ic hostname
289option, the name of a file to download (the
290.Ar filename
291parameter) and the address of the server from which to download the file (the
292.Ar next-server
293parameter).
294In general, any parameter can appear anywhere that parameters are allowed,
295and will be applied according to the scope in which the parameter appears.
296.Pp
297Imagine that you have a site with a lot of NCD X-Terminals.
298These terminals come in a variety of models, and you want to specify the
299boot files for each model.
300One way to do this would be to have host declarations for each server
301and group them by model:
302.Bd -literal -offset indent
303group {
304  filename "Xncd19r";
305  next-server ncd-booter;
306
307  host ncd1 { hardware ethernet 0:c0:c3:49:2b:57; }
308  host ncd4 { hardware ethernet 0:c0:c3:80:fc:32; }
309  host ncd8 { hardware ethernet 0:c0:c3:22:46:81; }
310}
311
312group {
313  filename "Xncd19c";
314  next-server ncd-booter;
315
316  host ncd2 { hardware ethernet 0:c0:c3:88:2d:81; }
317  host ncd3 { hardware ethernet 0:c0:c3:00:14:11; }
318}
319
320group {
321  filename "XncdHMX";
322  next-server ncd-booter;
323
324  host ncd5 { hardware ethernet 0:c0:c3:11:90:23; }
325  host ncd6 { hardware ethernet 0:c0:c3:91:a7:8; }
326  host ncd7 { hardware ethernet 0:c0:c3:cc:a:8f; }
327}
328.Ed
329.Sh REFERENCE: DECLARATIONS
330The
331.Ic shared-network
332statement
333.Bd -unfilled -offset indent
334.Ic shared-network Ar name No {
335.Pf "  " Op Ar parameters
336.Pf "  " Op Ar declarations
337}
338.Ed
339.Pp
340The
341.Ic shared-network
342statement is used to inform the DHCP server that some IP subnets actually
343share the same physical network.
344Any subnets in a shared network should be declared within a
345.Ic shared-network
346statement.
347Parameters specified in the
348.Ic shared-network
349statement will be used when booting clients on those subnets unless
350parameters provided at the subnet or host level override them.
351If any subnet in a shared network has addresses available for dynamic
352allocation, those addresses are collected into a common pool for that
353shared network and assigned to clients as needed.
354There is no way to distinguish on which subnet of a shared network a
355client should boot.
356.Pp
357.Ar name
358should be the name of the shared network.
359This name is used when printing debugging messages, so it should be
360descriptive for the shared network.
361The name may have the syntax of a valid domain name
362(although it will never be used as such), or it may be any arbitrary
363name, enclosed in quotes.
364.Pp
365The
366.Ic subnet
367statement
368.Bd -unfilled -offset indent
369.Ic subnet Ar subnet-number Ic netmask Ar netmask No {
370.Pf "  " Op Ar parameters
371.Pf "  " Op Ar declarations
372}
373.Ed
374.Pp
375The
376.Ic subnet
377statement is used to provide
378.Xr dhcpd 8
379with enough information to tell whether or not an IP address is on that subnet.
380It may also be used to provide subnet-specific parameters and to
381specify what addresses may be dynamically allocated to clients booting
382on that subnet.
383Such addresses are specified using the
384.Ic range
385declaration.
386.Pp
387The
388.Ar subnet-number
389and
390.Ar netmask
391should be specified as numeric IP addresses.
392The subnet number, together with the netmask, are sufficient to determine
393whether any given IP address is on the specified subnet.
394.Pp
395Although a netmask must be given with every subnet declaration, it is
396recommended that if there is any variance in subnet masks at a site, a
397subnet-mask option statement be used in each subnet declaration to set
398the desired subnet mask, since any subnet-mask option statement will
399override the subnet mask declared in the subnet statement.
400.Pp
401The
402.Ic range
403statement
404.Pp
405.Xo
406.Ic range Op Ic dynamic-bootp
407.Ar low-address Oo Ar high-address Oc ;
408.Xc
409.Pp
410For any subnet on which addresses will be assigned dynamically, there
411must be at least one
412.Ic range
413statement.
414The range statement gives the lowest and highest IP addresses in a range.
415All IP addresses in the range should be in the subnet in which the
416.Ic range
417statement is declared.
418The
419.Ic dynamic-bootp
420flag may be specified if addresses in the specified range may be dynamically
421assigned to BOOTP clients as well as DHCP clients.
422When specifying a single address,
423.Ar high-address
424can be omitted.
425.Pp
426The
427.Ic host
428statement
429.Bd -unfilled -offset indent
430.Ic host Ar hostname No {
431.Pf "  " Op Ar parameters
432.Pf "  " Op Ar declarations
433}
434.Ed
435.Pp
436There must be at least one
437.Ic host
438statement for every BOOTP client that is to be served.
439.Ic host
440statements may also be specified for DHCP clients, although this is
441not required unless booting is only enabled for known hosts.
442.Pp
443If it is desirable to be able to boot a DHCP or BOOTP
444client on more than one subnet with fixed addresses, more than one
445address may be specified in the
446.Ar fixed-address
447parameter, or more than one
448.Ic host
449statement may be specified.
450.Pp
451If client-specific boot parameters must change based on the network
452to which the client is attached, then multiple
453.Ic host
454statements should be used.
455.Pp
456If a client is to be booted using a fixed address if it's
457possible, but should be allocated a dynamic address otherwise, then a
458.Ic host
459statement must be specified without a
460.Ar fixed-address
461clause.
462.Ar hostname
463should be a name identifying the host.
464If a
465.Ar hostname
466option is not specified for the host,
467.Ar hostname
468is used.
469.Pp
470.Ic host
471declarations are matched to actual DHCP or BOOTP clients by matching the
472.Ic dhcp-client-identifier
473option specified in the
474.Ic host
475declaration to the one supplied by the client or, if the
476.Ic host
477declaration or the client does not provide a
478.Ic dhcp-client-identifier
479option, by matching the
480.Ar hardware
481parameter in the
482.Ic host
483declaration to the network hardware address supplied by the client.
484BOOTP clients do not normally provide a
485.Ar dhcp-client-identifier ,
486so the hardware address must be used for all clients that may boot using
487the BOOTP protocol.
488.Pp
489The
490.Ic group
491statement
492.Bd -unfilled -offset indent
493.Ic group No {
494.Pf "  " Op Ar parameters
495.Pf "  " Op Ar declarations
496}
497.Ed
498.Pp
499The
500.Ic group
501statement is used simply to apply one or more parameters to a group of
502declarations.
503It can be used to group hosts, shared networks, subnets, or even other groups.
504.Sh REFERENCE: ALLOW and DENY
505The
506.Ic allow
507and
508.Ic deny
509statements can be used to control the behaviour of
510.Xr dhcpd 8
511to various sorts of requests.
512.Pp
513The
514.Ar unknown-clients
515keyword
516.Bd -literal -offset indent
517allow unknown-clients;
518deny unknown-clients;
519.Ed
520.Pp
521The
522.Ar unknown-clients
523flag is used to tell
524.Xr dhcpd 8
525whether or not to dynamically assign addresses to unknown clients.
526Dynamic address assignment to unknown clients is allowed by default.
527.Pp
528The
529.Ar bootp
530keyword
531.Bd -literal -offset indent
532allow bootp;
533deny bootp;
534.Ed
535.Pp
536The
537.Ar bootp
538flag is used to tell
539.Xr dhcpd 8
540whether or not to respond to bootp queries.
541Bootp queries are allowed by default.
542.Pp
543The
544.Ar booting
545keyword
546.Bd -literal -offset indent
547allow booting;
548deny booting;
549.Ed
550.Pp
551The
552.Ar booting
553flag is used to tell
554.Xr dhcpd 8
555whether or not to respond to queries from a particular client.
556This keyword only has meaning when it appears in a host declaration.
557By default, booting is allowed, but if it is disabled for a particular client,
558then that client will not be able to get an address from the DHCP server.
559.Sh REFERENCE: PARAMETERS
560The
561.Ic default-lease-time
562statement
563.Pp
564.D1 Ic default-lease-time Ar time ;
565.Pp
566.Ar time
567should be the length in seconds that will be assigned to a lease if
568the client requesting the lease does not ask for a specific expiration time.
569.Pp
570The
571.Ic max-lease-time
572statement
573.Pp
574.D1 Ic max-lease-time Ar time ;
575.Pp
576.Ar time
577should be the maximum length in seconds that will be assigned to a
578lease if the client requesting the lease asks for a specific expiration time.
579.Pp
580The
581.Ic hardware
582statement
583.Pp
584.D1 Ic hardware Ar hardware-type hardware-address ;
585.Pp
586In order for a BOOTP client to be recognized, its network hardware
587address must be declared using a
588.Ic hardware
589clause in the
590.Ic host
591statement.
592.Ar hardware-type
593must be the name of a hardware interface type.
594Currently, the
595.Ar ethernet ,
596.Ar token-ring
597and
598.Ar fddi
599physical interface types are recognized,
600although support for DHCP-over-IPSec virtual interface type
601.Ar ipsec-tunnel
602is provided.
603The
604.Ar hardware-address
605should be a set of hexadecimal octets (numbers from 0 through ff)
606separated by colons.
607The
608.Ic hardware
609statement may also be used for DHCP clients.
610.Pp
611The
612.Ic filename
613statement
614.Pp
615.D1 Ic filename Qq Ar filename ;
616.Pp
617The
618.Ic filename
619statement can be used to specify the name of the initial boot file which
620is to be loaded by a client.
621The
622.Ar filename
623should be a filename recognizable to whatever file transfer protocol
624the client can be expected to use to load the file.
625.Pp
626The
627.Ic server-name
628statement
629.Pp
630.D1 Ic server-name Qq Ar name ;
631.Pp
632The
633.Ic server-name
634statement can be used to inform the client of the name of the server
635from which it is booting.
636.Ar name
637should be the name that will be provided to the client.
638.Pp
639The
640.Ic next-server
641statement
642.Pp
643.D1 Ic next-server Ar server-name ;
644.Pp
645The
646.Ic next-server
647statement is used to specify the host address of
648the server from which the initial boot file (specified in the
649.Ic filename
650statement) is to be loaded.
651.Ar server-name
652should be a numeric IP address or a domain name.
653If no
654.Ic next-server
655parameter applies to a given client, the DHCP server's IP address is used.
656.Pp
657The
658.Ic fixed-address
659statement
660.Pp
661.D1 Ic fixed-address Ar address Op , Ar address ... ;
662.Pp
663The
664.Ic fixed-address
665statement is used to assign one or more fixed IP addresses to a client.
666It should only appear in a
667.Ic host
668declaration.
669If more than one address is supplied, then when the client boots, it will be
670assigned the address which corresponds to the network on which it is booting.
671If none of the addresses in the
672.Ic fixed-address
673statement are on the network on which the client is booting, that client will
674not match the
675.Ic host
676declaration containing that
677.Ic fixed-address
678statement.
679Each
680.Ar address
681should be either an IP address or a domain name which resolves to one
682or more IP addresses.
683.Pp
684Clients with fixed addresses are not assigned DHCP leases,
685and may therefore not be used with the
686.Fl ACL
687table options of
688.Xr dhcpd 8 .
689.Pp
690The
691.Ic dynamic-bootp-lease-cutoff
692statement
693.Pp
694.D1 Ic dynamic-bootp-lease-cutoff Ar date ;
695.Pp
696The
697.Ic dynamic-bootp-lease-cutoff
698statement sets the ending time for all leases assigned dynamically to
699BOOTP clients.
700Because BOOTP clients do not have any way of renewing leases,
701and don't know that their leases could expire, by default
702.Xr dhcpd 8
703assigns infinite leases to all BOOTP clients.
704However, it may make sense in some situations to set a cutoff date for all
705BOOTP leases \- for example, the end of a school term,
706or the time at night when a facility is closed and all
707machines are required to be powered off.
708.Pp
709.Ar date
710should be the date on which all assigned BOOTP leases will end.
711The date is specified in the form:
712.Pp
713.Dl W YYYY/MM/DD HH:MM:SS
714.Pp
715W is the day of the week expressed as a number from zero (Sunday)
716to six (Saturday).
717YYYY is the year, including the century.
718MM is the month expressed as a number from 1 to 12.
719DD is the day of the month, counting from 1.
720HH is the hour, from zero to 23.
721MM is the minute and SS is the second.
722The time is always in Coordinated Universal Time (UTC), not local time.
723.Pp
724The
725.Ic dynamic-bootp-lease-length
726statement
727.Pp
728.D1 Ic dynamic-bootp-lease-length Ar length ;
729.Pp
730The
731.Ic dynamic-bootp-lease-length
732statement is used to set the length of leases dynamically assigned to
733BOOTP clients.
734At some sites, it may be possible to assume that a lease is no longer in
735use if its holder has not used BOOTP or DHCP to get its address within
736a certain time period.
737The period is specified in
738.Ar length
739as a number of seconds.
740If a client reboots using BOOTP during the timeout period, the lease
741duration is reset to
742.Ar length ,
743so a BOOTP client that boots frequently enough will never lose its lease.
744Needless to say, this parameter should be adjusted with extreme caution.
745.Pp
746The
747.Ic get-lease-hostnames
748statement
749.Pp
750.D1 Ic get-lease-hostnames Ar flag ;
751.Pp
752The
753.Ic get-lease-hostnames
754statement is used to tell
755.Xr dhcpd 8
756whether or not to look up the domain name corresponding to the IP address of
757each address in the lease pool and use that address for the DHCP
758.Ic hostname
759option.
760If
761.Ar flag
762is true, then this lookup is done for all addresses in the current scope.
763By default, or if
764.Ar flag
765is false, no lookups are done.
766.Pp
767The
768.Ic use-host-decl-names
769statement
770.Pp
771.D1 Ic use-host-decl-names Ar flag ;
772.Pp
773If the
774.Ic use-host-decl-names
775parameter is true in a given scope, then for every host declaration within
776that scope, the name provided for the host declaration will be supplied to
777the client as its hostname.
778So, for example,
779.Bd -literal -offset indent
780group {
781  use-host-decl-names on;
782
783  host joe {
784    hardware ethernet 08:00:2b:4c:29:32;
785    fixed-address joe.fugue.com;
786  }
787}
788.Ed
789.Pp
790is equivalent to
791.Bd -literal -offset indent
792host joe {
793  hardware ethernet 08:00:2b:4c:29:32;
794  fixed-address joe.fugue.com;
795  option host-name "joe";
796}
797.Ed
798.Pp
799An
800.Ic option host-name
801statement within a host declaration will override the use of the name
802in the host declaration.
803.Pp
804The
805.Ic authoritative
806statement
807.Pp
808.D1 Ic authoritative ;
809.Pp
810.D1 Ic not authoritative ;
811.Pp
812The DHCP server will normally assume that the configuration
813information about a given network segment is known to be correct and
814is authoritative.
815So if a client requests an IP address on a given network segment that the
816server knows is not valid for that segment, the server will respond with a
817DHCPNAK message, causing the client to forget its IP address and try to get
818a new one.
819.Pp
820If a DHCP server is being configured by somebody who is not the
821network administrator and who therefore does not wish to assert this
822level of authority, then the statement
823.Dq not authoritative
824should be written in the appropriate scope in the configuration file.
825.Pp
826Usually, writing
827.Em not authoritative;
828at the top level of the file should be sufficient.
829However, if a DHCP server is to be set up so that it is aware of some
830networks for which it is authoritative and some networks for which it is not,
831it may be more appropriate to declare authority on a per-network-segment basis.
832.Pp
833Note that the most specific scope for which the concept of authority
834makes any sense is the physical network segment \- either a
835shared-network statement or a subnet statement that is not contained
836within a shared-network statement.
837It is not meaningful to specify that the server is authoritative for some
838subnets within a shared network, but not authoritative for others,
839nor is it meaningful to specify that the server is authoritative for some
840host declarations and not others.
841.Pp
842The
843.Ic use-lease-addr-for-default-route
844statement
845.Pp
846.D1 Ic use-lease-addr-for-default-route Ar flag ;
847.Pp
848If the
849.Ic use-lease-addr-for-default-route
850parameter is true in a given scope, then instead of sending the value
851specified in the routers option (or sending no value at all),
852the IP address of the lease being assigned is sent to the client.
853This supposedly causes Win95 machines to ARP for all IP addresses,
854which can be helpful if your router is configured for proxy ARP.
855.Pp
856If
857.Ic use-lease-addr-for-default-route
858is enabled and an option routers statement are both in scope,
859the routers option will be preferred.
860The rationale for this is that in situations where you want to use
861this feature, you probably want it enabled for a whole bunch of
862Windows 95 machines, and you want to override it for a few other machines.
863Unfortunately, if the opposite happens to be true for your
864site, you are probably better off not trying to use this flag.
865.Pp
866The
867.Ic always-reply-rfc1048
868statement
869.Pp
870.D1 Ic always-reply-rfc1048 Ar flag ;
871.Pp
872Some BOOTP clients expect RFC 1048-style responses, but do not follow
873RFC 1048 when sending their requests.
874You can tell that a client is having this problem if it is not getting
875the options you have configured for it and if you see in the server log
876the message
877.Dq (non-rfc1048)
878printed with each BOOTREQUEST that is logged.
879.Pp
880If you want to send RFC 1048 options to such a client, you can set the
881.Ic always-reply-rfc1048
882option in that client's host declaration, and the DHCP server will
883respond with an RFC 1048-style vendor options field.
884This flag can be set in any scope, and will affect all clients covered
885by that scope.
886.Pp
887The
888.Ic server-identifier
889statement
890.Pp
891.D1 Ic server-identifier Ar hostname ;
892.Pp
893The
894.Ic server-identifier
895statement can be used to define the value that is sent in the
896DHCP Server Identifier option for a given scope.
897The value specified
898.Em must
899be an IP address for the DHCP server, and must be reachable by all
900clients served by a particular scope.
901.Pp
902The use of the server-identifier statement is not recommended \- the only
903reason to use it is to force a value other than the default value to be
904sent on occasions where the default value would be incorrect.
905The default value is the first IP address associated with the physical
906network interface on which the request arrived.
907.Pp
908The usual case where the
909.Ic server-identifier
910statement needs to be sent is when a physical interface has more than one
911IP address, and the one being sent by default isn't appropriate for some
912or all clients served by that interface.
913Another common case is when an alias is defined for the purpose of
914having a consistent IP address for the DHCP server, and it is desired
915that the clients use this IP address when contacting the server.
916.Pp
917Supplying a value for the
918.Ic dhcp-server-identifier
919option is equivalent to using the
920.Ic server-identifier
921statement.
922.Sh REFERENCE: OPTION STATEMENTS
923DHCP option statements are documented in the
924.Xr dhcp-options 5
925manual page.
926.Sh SEE ALSO
927.Xr dhcp-options 5 ,
928.Xr dhcpd.leases 5 ,
929.Xr dhcpd 8
930.Sh STANDARDS
931.Rs
932.%A R. Droms
933.%D March 1997
934.%R RFC 2131
935.%T Dynamic Host Configuration Protocol
936.Re
937.Pp
938.Rs
939.%A S. Alexander
940.%A R. Droms
941.%D March 1997
942.%R RFC 2132
943.%T DHCP Options and BOOTP Vendor Extensions
944.Re
945.Pp
946.Rs
947.%A M. Patrick
948.%D January 2001
949.%R RFC 3046
950.%T DHCP Relay Agent Information Option
951.Re
952.Pp
953.Rs
954.%A B. Patel
955.%A B. Aboba
956.%A S. Kelly
957.%A V. Gupta
958.%D January 2003
959.%R RFC 3456
960.%T Dynamic Host Configuration Protocol (DHCPv4) Configuration of IPsec Tunnel Mode
961.Re
962.Sh AUTHORS
963.An -nosplit
964.Xr dhcpd 8
965was written by
966.An Ted Lemon Aq Mt mellon@vix.com
967under a contract with Vixie Labs.
968.Pp
969The current implementation was reworked by
970.An Henning Brauer Aq Mt henning@openbsd.org .
971