rpm/dhcp
SHA256
1
0
Fork 0
forked from pool/dhcp
Code Pull Requests Activity
0c711272fa
dhcp/dhcpd.conf
Marius Tomaschewski 209e98a28b - Updated to ISC dhcp-4.2.2 release, providing two security fixes 
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
  allowed remote attackers to cause a denial of service (a daemon
  exit) via crafted BOOTP packets. Further also DNS update fix to
  detect overlapping pools or misconfigured fixed-address entries,
  that caused a server crash during DNS update and other fixes.
  For a complete list, please see the RELNOTES file provided in
  the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
  patch, xen-checksum, close-on-exec patches and removed obsolete
  in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
  not used and create a link in /var/run, so it can write one
  when started as user without chroot and avoid stop problems
  when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
  avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn't
  changed to not wipe out iptables connmark when renewing the
  lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
  moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
  to ensure, they're not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only

OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=75
2011-08-29 15:37:53 +00:00

139 lines
4.5 KiB
ISCdhcpd
Raw Blame History

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# if you do not use dynamical DNS updates:
#
# if you want to use dynamical DNS updates, you should first read
# the manuals and DDNS-howto.txt provided in the dhcp-doc package.
#
ddns-updates off;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
#
# Define RFC 3442 classless static route option (121);
# the following _example_ routes:
# 192.168.2.254/32 via 0.0.0.0 (device route)
# 192.168.2.253/32 via 192.168.1.2 (255.255.255.255)
# 192.2.0.128/25 via 192.168.1.2 (255.255.255.128)
# 192.168.2.0/24 via 192.168.1.2 (255.255.255.0)
# 172.16.0.0/12 via 192.168.1.2 (255.240.0.0)
# 10.0.0.0/8 via 192.168.1.2 (255.0.0.0)
# default via 192.168.1.1
# have to be written as:
# option rfc3442-classless-static-routes
# 32, 192, 168, 2, 254, 0, 0, 0, 0,
# 32, 192, 168, 2, 253, 192, 168, 1, 2,
# 25, 192, 2, 0, 128, 192, 168, 1, 2,
# 24, 192, 168, 3, 192, 168, 1, 2,
# 12, 172, 16, 192, 168, 1, 2,
# 8, 10, 192, 168, 1, 2,
# 0, 192, 168, 1, 1;
#
# Note: you have to specify the default gateway here
# as well, because when classless routes are in use,
# the 'routers' option is ignored by the dhcp client.
#
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
subnet 10.152.187.0 netmask 255.255.255.0 {
}
# This is a very basic subnet declaration.
subnet 10.254.239.0 netmask 255.255.255.224 {
range 10.254.239.10 10.254.239.20;
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
subnet 10.254.239.32 netmask 255.255.255.224 {
range dynamic-bootp 10.254.239.40 10.254.239.60;
option broadcast-address 10.254.239.31;
option routers rtr-239-32-1.example.org;
}
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.26 10.5.5.30;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 10.5.5.1;
option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}
View Git Blame Copy Permalink