1 Internet Systems Consortium DHCP Distribution 2 Version 4.4.2-P1 3 26 May 2021 4 5 README FILE 6 7You should read this file carefully before trying to install or use 8the ISC DHCP Distribution. 9 10 TABLE OF CONTENTS 11 12 1 WHERE TO FIND DOCUMENTATION 13 2 RELEASE STATUS 14 3 BUILDING THE DHCP DISTRIBUTION 15 3.1 UNPACKING IT 16 3.2 CONFIGURING IT 17 3.2.1 DYNAMIC DNS UPDATES 18 3.2.2 LOCALLY DEFINED OPTIONS 19 3.3 BUILDING IT 20 4 INSTALLING THE DHCP DISTRIBUTION 21 5 USING THE DHCP DISTRIBUTION 22 5.1 FIREWALL RULES 23 5.2 LINUX 24 5.2.1 IF_TR.H NOT FOUND 25 5.2.2 SO_ATTACH_FILTER UNDECLARED 26 5.2.3 PROTOCOL NOT CONFIGURED 27 5.2.4 BROADCAST 28 5.2.6 IP BOOTP AGENT 29 5.2.7 MULTIPLE INTERFACES 30 5.3 ATF 31 6 SUPPORT 32 6.1 HOW TO REPORT BUGS 33 7 HISTORY 34 35 WHERE TO FIND DOCUMENTATION 36 37Documentation for this software includes this README file, the 38RELNOTES file, and the manual pages, which are in the server, common, 39client and relay subdirectories. The README file (this file) includes 40late-breaking operational and system-specific information that you 41should read even if you don't want to read the manual pages, and that 42you should *certainly* read if you run into trouble. Internet 43standards relating to the DHCP protocol are listed in the References 44document that is available in html, txt and xml formats in doc/ 45subdirectory. You will have the best luck reading the manual pages if 46you build this software and then install it, although you can read 47them directly out of the distribution if you need to. 48 49DHCP server documentation is in the dhcpd man page. Information about 50the DHCP server lease database is in the dhcpd.leases man page. 51Server configuration documentation is in the dhcpd.conf man page as 52well as the dhcp-options man page. A sample DHCP server 53configuration is in the file server/dhcpd.conf.example. The source for 54the dhcpd, dhcpd.leases and dhcpd.conf man pages is in the server/ sub- 55directory in the distribution. The source for the dhcp-options.5 56man page is in the common/ subdirectory. 57 58DHCP Client documentation is in the dhclient man page. DHCP client 59configuration documentation is in the dhclient.conf man page and the 60dhcp-options man page. The DHCP client configuration script is 61documented in the dhclient-script man page. The format of the DHCP 62client lease database is documented in the dhclient.leases man page. 63The source for all these man pages is in the client/ subdirectory in 64the distribution. In addition, the dhcp-options man page should be 65referred to for information about DHCP options. 66 67DHCP relay agent documentation is in the dhcrelay man page, the source 68for which is distributed in the relay/ subdirectory. 69 70KEA Migration Assistant documentation, including how to build, install 71and use it, is including in the keama directory. 72 73To read installed manual pages, use the man command. Type "man page" 74where page is the name of the manual page. This will only work if 75you have installed the ISC DHCP distribution using the ``make install'' 76command (described later). 77 78If you want to read manual pages that aren't installed, you can type 79``nroff -man page |more'' where page is the filename of the 80unformatted manual page. The filename of an unformatted manual page 81is the name of the manual page, followed by '.', followed by some 82number - 5 for documentation about files, and 8 for documentation 83about programs. For example, to read the dhcp-options man page, 84you would type ``nroff -man common/dhcp-options.5 |more'', assuming 85your current working directory is the top level directory of the ISC 86DHCP Distribution. 87 88Please note that the pathnames of files to which our manpages refer 89will not be correct for your operating system until after you iterate 90'make install' (so if you're reading a manpage out of the source 91directory, it may not have up-to-date information). 92 93 BUILDING THE DHCP DISTRIBUTION 94 95 UNPACKING IT 96 97To build the DHCP Distribution, unpack the compressed tar file using 98the tar utility and the gzip command - type something like: 99 100 gunzip dhcp-4.4.2-P1.tar.gz 101 tar xvf dhcp-4.4.2-P1.tar 102 103 CONFIGURING IT 104 105Now, cd to the dhcp-4.4.2-P1 subdirectory that you've just created and 106configure the source tree by typing: 107 108 ./configure 109 110If the configure utility can figure out what sort of system you're 111running on, it will create a custom Makefile for you for that 112system; otherwise, it will complain. If it can't figure out what 113system you are using, that system is not supported - you are on 114your own. 115 116Several options may be enabled or disabled via the configure command. 117You can get a list of these by typing: 118 119 ./configure --help 120 121If you want to use dynamic shared libraries automake, autoconf 122(aka GNU autotools) and libtool must be available. The DHCP 123distribution provides 3 configure.ac* files: the -lt version 124has no libtool support and was copied to the configure.ac 125standard file in the distribution. To enable libtool support 126you should perform these steps: 127 128 cp configure.ac+lt configure.ac 129 autoreconf -i 130 131after you can use the regenerated configure as usual 132(with libtool support (--enable-libtool) on by default): 133 134 ./configure 135 136For compatibility (and people who don't read this documentation) 137the --enable-libtool configuration file is supported even by 138the distributed configure (and off by default). The previous 139steps are performed and the regenerated configure called with 140almost the same parameters (this "almost" makes the use of 141this feature not recommended). 142 143Note you can't go back from with libtool support to without libtool 144support by restoring configure.ac and rerun autoreconf. If you 145want or need to restore the without libtool support state the 146required way is to simply restore the whole distribution. 147 148 DYNAMIC DNS UPDATES 149 150A fully-featured implementation of dynamic DNS updates is included in 151this release. It uses libraries from BIND and, to avoid issues with 152different versions, includes the necessary BIND version. The appropriate 153BIND libraries will be compiled and installed in the bind subdirectory 154as part of the make step. In order to build the necessary libraries you 155will need to have "gmake" available on your build system. 156 157 158There is documentation for the DDNS support in the dhcpd.conf manual 159page - see the beginning of this document for information on finding 160manual pages. 161 162 LOCALLY DEFINED OPTIONS 163 164In previous versions of the DHCP server there was a mechanism whereby 165options that were not known by the server could be configured using 166a name made up of the option code number and an identifier: 167"option-nnn" This is no longer supported, because it is not future- 168proof. Instead, if you want to use an option that the server doesn't 169know about, you must explicitly define it using the method described 170in the dhcp-options man page under the DEFINING NEW OPTIONS heading. 171 172 BUILDING IT 173 174Once you've run configure, just type ``make'', and after a while 175you should have a dhcp server. If you get compile errors on one 176of the supported systems mentioned earlier, please let us know. 177If you get warnings, it's not likely to be a problem - the DHCP 178server compiles completely warning-free on as many architectures 179as we can manage, but there are a few for which this is difficult. 180If you get errors on a system not mentioned above, you will need 181to do some programming or debugging on your own to get the DHCP 182Distribution working. 183 184If you cross compile you have to follow the instructions from 185the BIND README, in particular you must set the BUILD_CC 186environment variable. 187 188 INSTALLING THE DHCP DISTRIBUTION 189 190Once you have successfully gotten the DHCP Distribution to build, you 191can install it by typing ``make install''. If you already have an old 192version of the DHCP Distribution installed, you may want to save it 193before typing ``make install''. 194 195 USING THE DHCP DISTRIBUTION 196 197 FIREWALL RULES 198 199If you are running the DHCP server or client on a computer that's also 200acting as a firewall, you must be sure to allow DHCP packets through 201the firewall. In particular, your firewall rules _must_ allow packets 202from IP address 0.0.0.0 to IP address 255.255.255.255 from UDP port 68 203to UDP port 67 through. They must also allow packets from your local 204firewall's IP address and UDP port 67 through to any address your DHCP 205server might serve on UDP port 68. Finally, packets from relay agents 206on port 67 to the DHCP server on port 67, and vice versa, must be 207permitted. 208 209We have noticed that on some systems where we are using a packet 210filter, if you set up a firewall that blocks UDP port 67 and 68 211entirely, packets sent through the packet filter will not be blocked. 212However, unicast packets will be blocked. This can result in strange 213behaviour, particularly on DHCP clients, where the initial packet 214exchange is broadcast, but renewals are unicast - the client will 215appear to be unable to renew until it starts broadcasting its 216renewals, and then suddenly it'll work. The fix is to fix the 217firewall rules as described above. 218 219 PARTIAL SERVERS 220 221If you have a server that is connected to two networks, and you only 222want to provide DHCP service on one of those networks (e.g., you are 223using a cable modem and have set up a NAT router), if you don't write 224any subnet declaration for the network you aren't supporting, the DHCP 225server will ignore input on that network interface if it can. If it 226can't, it will refuse to run - some operating systems do not have the 227capability of supporting DHCP on machines with more than one 228interface, and ironically this is the case even if you don't want to 229provide DHCP service on one of those interfaces. 230 231 LINUX 232 233There are three big LINUX issues: the all-ones broadcast address, 234Linux 2.1 ip_bootp_agent enabling, and operations with more than one 235network interface. There are also two potential compilation/runtime 236problems for Linux 2.1/2.2: the "SO_ATTACH_FILTER undeclared" problem 237and the "protocol not configured" problem. 238 239 LINUX: PROTOCOL NOT CONFIGURED 240 241If you get the following message, it's because your kernel doesn't 242have the Linux packetfilter or raw packet socket configured: 243 244 Make sure CONFIG_PACKET (Packet socket) and CONFIG_FILTER (Socket 245 Filtering) are enabled in your kernel configuration 246 247If this happens, you need to configure your Linux kernel to support 248Socket Filtering and the Packet socket, or to select a kernel provided 249by your Linux distribution that has these enabled (virtually all modern 250ones do by default). 251 252 LINUX: BROADCAST 253 254If you are running a recent version of Linux, this won't be a problem, 255but on older versions of Linux (kernel versions prior to 2.2), there 256is a potential problem with the broadcast address being sent 257incorrectly. 258 259In order for dhcpd to work correctly with picky DHCP clients (e.g., 260Windows 95), it must be able to send packets with an IP destination 261address of 255.255.255.255. Unfortunately, Linux changes an IP 262destination of 255.255.255.255 into the local subnet broadcast address 263(here, that's 192.5.5.223). 264 265This isn't generally a problem on Linux 2.2 and later kernels, since 266we completely bypass the Linux IP stack, but on old versions of Linux 2672.1 and all versions of Linux prior to 2.1, it is a problem - pickier 268DHCP clients connected to the same network as the ISC DHCP server or 269ISC relay agent will not see messages from the DHCP server. It *is* 270possible to run into trouble with this on Linux 2.2 and later if you 271are running a version of the DHCP server that was compiled on a Linux 2722.0 system, though. 273 274It is possible to work around this problem on some versions of Linux 275by creating a host route from your network interface address to 276255.255.255.255. The command you need to use to do this on Linux 277varies from version to version. The easiest version is: 278 279 route add -host 255.255.255.255 dev eth0 280 281On some older Linux systems, you will get an error if you try to do 282this. On those systems, try adding the following entry to your 283/etc/hosts file: 284 285255.255.255.255 all-ones 286 287Then, try: 288 289 route add -host all-ones dev eth0 290 291Another route that has worked for some users is: 292 293 route add -net 255.255.255.0 dev eth0 294 295If you are not using eth0 as your network interface, you should 296specify the network interface you *are* using in your route command. 297 298 LINUX: IP BOOTP AGENT 299 300Some versions of the Linux 2.1 kernel apparently prevent dhcpd from 301working unless you enable it by doing the following: 302 303 echo 1 >/proc/sys/net/ipv4/ip_bootp_agent 304 305 306 LINUX: MULTIPLE INTERFACES 307 308Very old versions of the Linux kernel do not provide a networking API 309that allows dhcpd to operate correctly if the system has more than one 310broadcast network interface. However, Linux 2.0 kernels with version 311numbers greater than or equal to 2.0.31 add an API feature: the 312SO_BINDTODEVICE socket option. If SO_BINDTODEVICE is present, it is 313possible for dhcpd to operate on Linux with more than one network 314interface. In order to take advantage of this, you must be running a 3152.0.31 or greater kernel, and you must have 2.0.31 or later system 316headers installed *before* you build the DHCP Distribution. 317 318We have heard reports that you must still add routes to 255.255.255.255 319in order for the all-ones broadcast to work, even on 2.0.31 kernels. 320In fact, you now need to add a route for each interface. Hopefully 321the Linux kernel gurus will get this straight eventually. 322 323Linux 2.1 and later kernels do not use SO_BINDTODEVICE or require the 324broadcast address hack, but do support multiple interfaces, using the 325Linux Packet Filter. 326 327 LINUX: OpenWrt 328 329DHCP 4.1 has been tested on OpenWrt 7.09 and 8.09. In keeping with 330standard practice, client/scripts now includes a dhclient-script file 331for OpenWrt. However, this is not sufficient by itself to run dhcp on 332OpenWrt; a full OpenWrt package for DHCP is available at 333ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0-openwrt.tar.gz 334 335 LINUX: 802.1q VLAN INTERFACES 336 337If you're using 802.1q vlan interfaces on Linux, it is necessary to 338vconfig the subinterface(s) to rewrite the 802.1q information out of 339packets received by the dhcpd daemon via LPF: 340 341 vconfig set_flag eth1.523 1 1 342 343Note that this may affect the performance of your system, since the 344Linux kernel must rewrite packets received via this interface. For 345more information, consult the vconfig man pages. 346 347 348 ATF 349 350Please see the file DHCP/doc/devel/atf.dox for a description of building 351and using these tools. 352 353The optional unit tests use ATF (Automated Testing Framework) including 354the atf-run and atf-report tools. ATF deprecated these tools in 355version 0.19 and removed these tools from its sources in version 0.20, 356requiring you to get an older version, use Kyua with an ATF compatibility 357package or use the version included in the Bind sources. 358 359 SUPPORT 360 361The Internet Systems Consortium DHCP server is developed and distributed 362by ISC in the public trust, thanks to the generous donations of its 363sponsors. ISC now also offers commercial quality support contracts for 364ISC DHCP, more information about ISC Support Contracts can be found at 365the following URL: 366 367 https://www.isc.org/support/ 368 369Please understand that we may not respond to support inquiries unless 370you have a support contract. ISC will continue its practice of always 371responding to critical items that effect the entire community, and 372responding to all other requests for support upon ISC's mailing lists 373on a best-effort basis. 374 375However, ISC DHCP has attracted a fairly sizable following on the 376Internet, which means that there are a lot of knowledgeable users who 377may be able to help you if you get stuck. These people generally 378read the dhcp-users@isc.org mailing list. Be sure to provide as much 379detail in your query as possible. 380 381If you are going to use ISC DHCP, you should probably subscribe to 382the dhcp-users or dhcp-announce mailing lists. 383 384WHERE TO SEND FEATURE REQUESTS: We like to hear your feedback. We may 385not respond to it all the time, but we do read it. If ISC DHCP doesn't 386work well for you, or you have an idea that would improve it for your 387use, please create an issue at https://gitlab.isc.org/isc-projects/dhcp/issues. 388This is also an excellent place to send patches that add new features. 389 390WHERE TO REPORT BUGS: If you want the act of sending in a bug report 391to result in you getting help in the form of a fixed piece of 392software, you are asking for help. Your bug report is helpful to us, 393but fundamentally you are making a support request, so please use the 394addresses described in the previous paragraphs. If you are _sure_ that 395your problem is a bug, and not user error, or if your bug report 396includes a patch, you can submit it to our ticketing system at 397https://gitlab.isc.org/isc-projects/dhcp/issues. If you have not received 398a notice that the ticket has been resolved, then we're still working on it. 399 400PLEASE DO NOT REPORT BUGS IN OLD SOFTWARE RELEASES! Fetch the latest 401release and see if the bug is still in that version of the software, 402and if it is still present, _then_ report it. ISC release versions 403always have three numbers, for example: 1.2.3. The 'major release' is 4041 here, the 'minor release' is 2, and the 'maintenance release' is 3. 405ISC will accept bug reports against the most recent two major.minor 406releases: for example, 1.0.0 and 0.9.0, but not 0.8.* or prior. 407 408PLEASE take a moment to determine where the ISC DHCP distribution 409that you're using came from. ISC DHCP is sometimes heavily modified 410by integrators in various operating systems - it's not that we 411feel that our software is perfect and incapable of having bugs, but 412rather that it is very frustrating to find out after many days trying 413to help someone that the sources you're looking at aren't what they're 414running. When in doubt, please retrieve the source distribution from 415ISC's web page and install it. 416 417 HOW TO REPORT BUGS OR REQUEST HELP 418 419When you report bugs or ask for help, please provide us complete 420information. A list of information we need follows. Please read it 421carefully, and put all the information you can into your initial bug 422report. This will save us a great deal of time and more informative 423bug reports are more likely to get handled more quickly overall. 424 425 1. The specific operating system name and version of the 426 machine on which the DHCP server or client is running. 427 2. The specific operating system name and version of the 428 machine on which the client is running, if you are having 429 trouble getting a client working with the server. 430 3. If you're running Linux, the version number we care about is 431 the kernel version and maybe the library version, not the 432 distribution version - e.g., while we don't mind knowing 433 that you're running Redhat version mumble.foo, we must know 434 what kernel version you're running, and it helps if you can 435 tell us what version of the C library you're running, 436 although if you don't know that off the top of your head it 437 may be hard for you to figure it out, so don't go crazy 438 trying. 439 4. The specific version of the DHCP distribution you're 440 running, as reported by dhcpd -t. 441 5. Please explain the problem carefully, thinking through what 442 you're saying to ensure that you don't assume we know 443 something about your situation that we don't know. 444 6. Include your dhcpd.conf and dhcpd.leases file as MIME attachments 445 if they're not over 100 kilobytes in size each. If they are 446 this large, please make them available to us, e.g., via a hidden 447 http:// URL or FTP site. If you're not comfortable releasing 448 this information due to sensitive contents, you may encrypt 449 the file to our release signing key, available on our website. 450 7. Include a log of your server or client running until it 451 encounters the problem - for example, if you are having 452 trouble getting some client to get an address, restart the 453 server with the -d flag and then restart the client, and 454 send us what the server prints. Likewise, with the client, 455 include the output of the client as it fails to get an 456 address or otherwise does the wrong thing. Do not leave 457 out parts of the output that you think aren't interesting. 458 8. If the client or server is dumping core, please run the 459 debugger and get a stack trace, and include that in your 460 bug report. For example, if your debugger is gdb, do the 461 following: 462 463 gdb dhcpd dhcpd.core 464 (gdb) where 465 [...] 466 (gdb) quit 467 468 This assumes that it's the dhcp server you're debugging, and 469 that the core file is in dhcpd.core. 470 471Please see https://www.isc.org/dhcp/ for details on how to subscribe 472to the ISC DHCP mailing lists. 473 474 HISTORY 475 476ISC DHCP was originally written by Ted Lemon under a contract with 477Vixie Labs with the goal of being a complete reference implementation 478of the DHCP protocol. Funding for this project was provided by 479Internet Systems Consortium. The first release of the ISC DHCP 480distribution in December 1997 included just the DHCP server. 481Release 2 in June 1999 added a DHCP client and a BOOTP/DHCP relay 482agent. DHCP 3 was released in October 2001 and included DHCP failover 483support, OMAPI, Dynamic DNS, conditional behaviour, client classing, 484and more. Version 3 of the DHCP server was funded by Nominum, Inc. 485The 4.0 release in December 2007 introduced DHCPv6 protocol support 486for the server and client. 487 488This product includes cryptographic software written 489by Eric Young (eay@cryptsoft.com). 490