/* README.SuSE for the ISC DHCP server */ Before you can run dhcpd, you have to configure it via - /etc/sysconfig/dhcpd (general settings) and - /etc/dhcpd.conf (configuration file) See /usr/share/doc/packages/dhcp-server for example configurations. Note on packet filtering ======================== This dhcp package contains an additional dhcpd binary (/usr/sbin/dhcpd.bsd) which is compiled using BSD sockets instead of LPF (linux packet filter). Using that binary, the network traffic handled by dhcpd can be filtered by the packet filter of the Linux kernel, while the raw sockets used normally would bypass any filtering. However, there is a tiny number of setups where this can result in incompatibilities with certain DHCP clients, or with DHCP relay agents in between. More information and a discussion of side effects was discussed here: See http://marc.theaimsgroup.com/?l=dhcp-server&m=108791973729847&w=2 It is possible to choose the binary by adjusting DHCPD_BINARY in /etc/sysconfig/dhcpd. Option 119 (Searchlist) ======================= For this relatively new option (DHCP Option 119, RFC3397) the server does not have a dedicated configuration option yet. It must be declared as free option, after compressing the search string with DNS compression (see below), and put into the configuration like this: option searchlist code 119 = string; option searchlist "\x07domain1\x07example\x03com\x00\x07domain2\xc0\x08"; The first line is always used globally; the second one could be placed in a subnet block. The compressed string can be generated with the program /usr/share/doc/packages/dhcp-server/dnscompr.py as shown here (example): # python /usr/share/doc/packages/dhcp-server/dnscompr.py domain1.example.com domain2.example.com '\x07domain1\x07example\x03com\x00\x07domain2\xc0\x08' dnscompr.py needs the python-dnspython package installed, which is shipping since 10.0. For older SUSE Linux versions the python-module can be found at http://ftp.suse.com/pub/people/poeml/python-dnspython/ The compression is described in RFC 3397, and (with more detail) in RFC1035. Chroot Jail =========== Our version of the ISC dhcp server contains a modified "(non-root/chroot)" patch by Ari Edelkind. This allows dhcpd to - run as unprivileged user - run in a chroot environment (/var/lib/dhcp) which, in this combination, is the safest possible way of running dhcpd. In order to be found by dhcpd in the chroot jail, the configuration file will automatically copied to /var/lib/dhcp/etc/ when the server is started. Further conf files (include files) can be listed in DHCPD_CONF_INCLUDE_FILES in /etc/sysconfig/dhcpd. To enable dhcpd to continue logging from the chroot environment even after syslogd has been restarted, "-a /var/lib/dhcp/dev/log" is automatically added to the syslog configuration in /etc/sysconfig/syslog. NOTE: In the chroot jail, dhcpd can't resolve hostnames unless it can find the following files: /etc/localtime /etc/host.conf /etc/hosts /etc/resolv.conf /lib/libresolv.so.2 /lib/libnss_dns.so.2 /lib/libnss_dns6.so.2 Thererore, these files (about 100 kB) will automatically copied to the chroot jail when the server is started. (You might have to keep these current if they are modified dynamically by other programs (e.g./etc/ppp/ip-up) while dhcpd is running.) This is not a problem at all when you use IP addresses instead of host names in the config file. In case of trouble, you can also disable the chroot feature by setting DHCPD_RUN_CHROOTED in /etc/sysconfig/dhcpd to "no". See and for more information. Have a lot of fun! Your SuSE Team