1 Internet Systems Consortium DHCP Distribution 2 Version 4.4.3 3 9 March 2022 4 5 README FILE 6 7You should read this file carefully before trying to install or use 8the ISC DHCP Distribution. 9 10 TABLE OF CONTENTS 11 12 1 WHERE TO FIND DOCUMENTATION 13 2 RELEASE STATUS 14 3 BUILDING THE DHCP DISTRIBUTION 15 3.1 UNPACKING IT 16 3.2 CONFIGURING IT 17 3.2.1 DYNAMIC DNS UPDATES 18 3.2.2 LOCALLY DEFINED OPTIONS 19 3.3 BUILDING IT 20 4 INSTALLING THE DHCP DISTRIBUTION 21 5 USING THE DHCP DISTRIBUTION 22 5.1 FIREWALL RULES 23 5.2 LINUX 24 5.2.1 IF_TR.H NOT FOUND 25 5.2.2 SO_ATTACH_FILTER UNDECLARED 26 5.2.3 PROTOCOL NOT CONFIGURED 27 5.2.4 BROADCAST 28 5.2.6 IP BOOTP AGENT 29 5.2.7 MULTIPLE INTERFACES 30 5.3 ATF 31 6 SUPPORT 32 6.1 HOW TO REPORT BUGS 33 7 HISTORY 34 35 WHERE TO FIND DOCUMENTATION 36 37Documentation for this software includes this README file, the 38RELNOTES file, and the manual pages, which are in the server, common, 39client and relay subdirectories. The README file (this file) includes 40late-breaking operational and system-specific information that you 41should read even if you don't want to read the manual pages, and that 42you should *certainly* read if you run into trouble. Internet 43standards relating to the DHCP protocol are listed in the References 44document that is available in html, txt and xml formats in doc/ 45subdirectory. You will have the best luck reading the manual pages if 46you build this software and then install it, although you can read 47them directly out of the distribution if you need to. 48 49DHCP server documentation is in the dhcpd man page. Information about 50the DHCP server lease database is in the dhcpd.leases man page. 51Server configuration documentation is in the dhcpd.conf man page as 52well as the dhcp-options man page. A sample DHCP server 53configuration is in the file server/dhcpd.conf.example. The source for 54the dhcpd, dhcpd.leases and dhcpd.conf man pages is in the server/ sub- 55directory in the distribution. The source for the dhcp-options.5 56man page is in the common/ subdirectory. 57 58DHCP Client documentation is in the dhclient man page. DHCP client 59configuration documentation is in the dhclient.conf man page and the 60dhcp-options man page. The DHCP client configuration script is 61documented in the dhclient-script man page. The format of the DHCP 62client lease database is documented in the dhclient.leases man page. 63The source for all these man pages is in the client/ subdirectory in 64the distribution. In addition, the dhcp-options man page should be 65referred to for information about DHCP options. The client component 66is End-of-Life and will not be part of future releases. 67 68DHCP relay agent documentation is in the dhcrelay man page, the source 69for which is distributed in the relay/ subdirectory. The relay component 70is End-of-Life and will not be part of future releases. 71 72KEA Migration Assistant documentation, including how to build, install 73and use it, is included in the keama/ directory. 74 75To read installed manual pages, use the man command. Type "man page" 76where page is the name of the manual page. This will only work if 77you have installed the ISC DHCP distribution using the ``make install'' 78command (described later). 79 80If you want to read manual pages that aren't installed, you can type 81``nroff -man page |more'' where page is the filename of the 82unformatted manual page. The filename of an unformatted manual page 83is the name of the manual page, followed by '.', followed by some 84number - 5 for documentation about files, and 8 for documentation 85about programs. For example, to read the dhcp-options man page, 86you would type ``nroff -man common/dhcp-options.5 |more'', assuming 87your current working directory is the top level directory of the ISC 88DHCP Distribution. 89 90Please note that the pathnames of files to which our manpages refer 91will not be correct for your operating system until after you iterate 92'make install' (so if you're reading a manpage out of the source 93directory, it may not have up-to-date information). 94 95 RELEASE STATUS 96 97Version 4.4.3 is a maintenance release of the DHCP client, relay and 98server. It is the final release for the client and relay components, 99which have reached end-of-life and will no longer be maintained. 100 101 BUILDING THE DHCP DISTRIBUTION 102 103 UNPACKING IT 104 105To build the DHCP Distribution, unpack the compressed tar file using 106the tar utility and the gzip command - type something like: 107 108 gunzip dhcp-4.4.3.tar.gz 109 tar xvf dhcp-4.4.3.tar 110 111 CONFIGURING IT 112 113Now, cd to the dhcp-4.4.3 subdirectory that you've just created and 114configure the source tree by typing: 115 116 ./configure 117 118If the configure utility can figure out what sort of system you're 119running on, it will create a custom Makefile for you for that 120system; otherwise, it will complain. If it can't figure out what 121system you are using, that system is not supported - you are on 122your own. 123 124Several options may be enabled or disabled via the configure command. 125You can get a list of these by typing: 126 127 ./configure --help 128 129If you want to use dynamic shared libraries automake, autoconf 130(aka GNU autotools) and libtool must be available. The DHCP 131distribution provides 3 configure.ac* files: the -lt version 132has no libtool support and was copied to the configure.ac 133standard file in the distribution. To enable libtool support 134you should perform these steps: 135 136 cp configure.ac+lt configure.ac 137 autoreconf -i 138 139after you can use the regenerated configure as usual 140(with libtool support (--enable-libtool) on by default): 141 142 ./configure 143 144For compatibility (and people who don't read this documentation) 145the --enable-libtool configuration file is supported even by 146the distributed configure (and off by default). The previous 147steps are performed and the regenerated configure called with 148almost the same parameters (this "almost" makes the use of 149this feature not recommended). 150 151Note you can't go back from with libtool support to without libtool 152support by restoring configure.ac and rerun autoreconf. If you 153want or need to restore the without libtool support state the 154required way is to simply restore the whole distribution. 155 156 DYNAMIC DNS UPDATES 157 158A fully-featured implementation of dynamic DNS updates is included in 159this release. It uses libraries from BIND and, to avoid issues with 160different versions, includes the necessary BIND version. The appropriate 161BIND libraries will be compiled and installed in the bind subdirectory 162as part of the make step. In order to build the necessary libraries you 163will need to have "gmake" available on your build system. 164 165 166There is documentation for the DDNS support in the dhcpd.conf manual 167page - see the beginning of this document for information on finding 168manual pages. 169 170 LOCALLY DEFINED OPTIONS 171 172In previous versions of the DHCP server there was a mechanism whereby 173options that were not known by the server could be configured using 174a name made up of the option code number and an identifier: 175"option-nnn" This is no longer supported, because it is not future- 176proof. Instead, if you want to use an option that the server doesn't 177know about, you must explicitly define it using the method described 178in the dhcp-options man page under the DEFINING NEW OPTIONS heading. 179 180 BUILDING IT 181 182Once you've run configure, just type ``make'', and after a while 183you should have a dhcp server. If you get compile errors on one 184of the supported systems mentioned earlier, please let us know. 185If you get warnings, it's not likely to be a problem - the DHCP 186server compiles completely warning-free on as many architectures 187as we can manage, but there are a few for which this is difficult. 188If you get errors on a system not mentioned above, you will need 189to do some programming or debugging on your own to get the DHCP 190Distribution working. 191 192If you cross compile you have to follow the instructions from 193the BIND README, in particular you must set the BUILD_CC 194environment variable. 195 196 INSTALLING THE DHCP DISTRIBUTION 197 198Once you have successfully gotten the DHCP Distribution to build, you 199can install it by typing ``make install''. If you already have an old 200version of the DHCP Distribution installed, you may want to save it 201before typing ``make install''. 202 203 USING THE DHCP DISTRIBUTION 204 205 FIREWALL RULES 206 207If you are running the DHCP server or client on a computer that's also 208acting as a firewall, you must be sure to allow DHCP packets through 209the firewall. In particular, your firewall rules _must_ allow packets 210from IP address 0.0.0.0 to IP address 255.255.255.255 from UDP port 68 211to UDP port 67 through. They must also allow packets from your local 212firewall's IP address and UDP port 67 through to any address your DHCP 213server might serve on UDP port 68. Finally, packets from relay agents 214on port 67 to the DHCP server on port 67, and vice versa, must be 215permitted. 216 217We have noticed that on some systems where we are using a packet 218filter, if you set up a firewall that blocks UDP port 67 and 68 219entirely, packets sent through the packet filter will not be blocked. 220However, unicast packets will be blocked. This can result in strange 221behaviour, particularly on DHCP clients, where the initial packet 222exchange is broadcast, but renewals are unicast - the client will 223appear to be unable to renew until it starts broadcasting its 224renewals, and then suddenly it'll work. The fix is to fix the 225firewall rules as described above. 226 227 PARTIAL SERVERS 228 229If you have a server that is connected to two networks, and you only 230want to provide DHCP service on one of those networks (e.g., you are 231using a cable modem and have set up a NAT router), if you don't write 232any subnet declaration for the network you aren't supporting, the DHCP 233server will ignore input on that network interface if it can. If it 234can't, it will refuse to run - some operating systems do not have the 235capability of supporting DHCP on machines with more than one 236interface, and ironically this is the case even if you don't want to 237provide DHCP service on one of those interfaces. 238 239 LINUX 240 241There are three big LINUX issues: the all-ones broadcast address, 242Linux 2.1 ip_bootp_agent enabling, and operations with more than one 243network interface. There are also two potential compilation/runtime 244problems for Linux 2.1/2.2: the "SO_ATTACH_FILTER undeclared" problem 245and the "protocol not configured" problem. 246 247 LINUX: PROTOCOL NOT CONFIGURED 248 249If you get the following message, it's because your kernel doesn't 250have the Linux packetfilter or raw packet socket configured: 251 252 Make sure CONFIG_PACKET (Packet socket) and CONFIG_FILTER (Socket 253 Filtering) are enabled in your kernel configuration 254 255If this happens, you need to configure your Linux kernel to support 256Socket Filtering and the Packet socket, or to select a kernel provided 257by your Linux distribution that has these enabled (virtually all modern 258ones do by default). 259 260 LINUX: BROADCAST 261 262If you are running a recent version of Linux, this won't be a problem, 263but on older versions of Linux (kernel versions prior to 2.2), there 264is a potential problem with the broadcast address being sent 265incorrectly. 266 267In order for dhcpd to work correctly with picky DHCP clients (e.g., 268Windows 95), it must be able to send packets with an IP destination 269address of 255.255.255.255. Unfortunately, Linux changes an IP 270destination of 255.255.255.255 into the local subnet broadcast address 271(here, that's 192.5.5.223). 272 273This isn't generally a problem on Linux 2.2 and later kernels, since 274we completely bypass the Linux IP stack, but on old versions of Linux 2752.1 and all versions of Linux prior to 2.1, it is a problem - pickier 276DHCP clients connected to the same network as the ISC DHCP server or 277ISC relay agent will not see messages from the DHCP server. It *is* 278possible to run into trouble with this on Linux 2.2 and later if you 279are running a version of the DHCP server that was compiled on a Linux 2802.0 system, though. 281 282It is possible to work around this problem on some versions of Linux 283by creating a host route from your network interface address to 284255.255.255.255. The command you need to use to do this on Linux 285varies from version to version. The easiest version is: 286 287 route add -host 255.255.255.255 dev eth0 288 289On some older Linux systems, you will get an error if you try to do 290this. On those systems, try adding the following entry to your 291/etc/hosts file: 292 293255.255.255.255 all-ones 294 295Then, try: 296 297 route add -host all-ones dev eth0 298 299Another route that has worked for some users is: 300 301 route add -net 255.255.255.0 dev eth0 302 303If you are not using eth0 as your network interface, you should 304specify the network interface you *are* using in your route command. 305 306 LINUX: IP BOOTP AGENT 307 308Some versions of the Linux 2.1 kernel apparently prevent dhcpd from 309working unless you enable it by doing the following: 310 311 echo 1 >/proc/sys/net/ipv4/ip_bootp_agent 312 313 314 LINUX: MULTIPLE INTERFACES 315 316Very old versions of the Linux kernel do not provide a networking API 317that allows dhcpd to operate correctly if the system has more than one 318broadcast network interface. However, Linux 2.0 kernels with version 319numbers greater than or equal to 2.0.31 add an API feature: the 320SO_BINDTODEVICE socket option. If SO_BINDTODEVICE is present, it is 321possible for dhcpd to operate on Linux with more than one network 322interface. In order to take advantage of this, you must be running a 3232.0.31 or greater kernel, and you must have 2.0.31 or later system 324headers installed *before* you build the DHCP Distribution. 325 326We have heard reports that you must still add routes to 255.255.255.255 327in order for the all-ones broadcast to work, even on 2.0.31 kernels. 328In fact, you now need to add a route for each interface. Hopefully 329the Linux kernel gurus will get this straight eventually. 330 331Linux 2.1 and later kernels do not use SO_BINDTODEVICE or require the 332broadcast address hack, but do support multiple interfaces, using the 333Linux Packet Filter. 334 335 LINUX: OpenWrt 336 337DHCP 4.1 has been tested on OpenWrt 7.09 and 8.09. In keeping with 338standard practice, client/scripts now includes a dhclient-script file 339for OpenWrt. However, this is not sufficient by itself to run dhcp on 340OpenWrt; a full OpenWrt package for DHCP is available at 341ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0-openwrt.tar.gz 342 343 LINUX: 802.1q VLAN INTERFACES 344 345If you're using 802.1q vlan interfaces on Linux, it is necessary to 346vconfig the subinterface(s) to rewrite the 802.1q information out of 347packets received by the dhcpd daemon via LPF: 348 349 vconfig set_flag eth1.523 1 1 350 351Note that this may affect the performance of your system, since the 352Linux kernel must rewrite packets received via this interface. For 353more information, consult the vconfig man pages. 354 355 356 ATF 357 358Please see the file DHCP/doc/devel/atf.dox for a description of building 359and using these tools. 360 361The optional unit tests use ATF (Automated Testing Framework) including 362the atf-run and atf-report tools. ATF deprecated these tools in 363version 0.19 and removed these tools from its sources in version 0.20, 364requiring you to get an older version, use Kyua with an ATF compatibility 365package or use the version included in the Bind sources. 366 367 SUPPORT 368 369The Internet Systems Consortium DHCP server is developed and distributed 370by ISC in the public trust, thanks to the generous donations of its 371sponsors. ISC now also offers commercial quality support contracts for 372ISC DHCP, more information about ISC Support Contracts can be found at 373the following URL: 374 375 https://www.isc.org/support/ 376 377Please understand that we may not respond to support inquiries unless 378you have a support contract. ISC will continue its practice of always 379responding to critical items that effect the entire community, and 380responding to all other requests for support upon ISC's mailing lists 381on a best-effort basis. 382 383However, ISC DHCP has attracted a fairly sizable following on the 384Internet, which means that there are a lot of knowledgeable users who 385may be able to help you if you get stuck. These people generally 386read the dhcp-users@isc.org mailing list. Be sure to provide as much 387detail in your query as possible. 388 389If you are going to use ISC DHCP, you should probably subscribe to 390the dhcp-users or dhcp-announce mailing lists. 391 392WHERE TO SEND FEATURE REQUESTS: We like to hear your feedback. We may 393not respond to it all the time, but we do read it. If ISC DHCP doesn't 394work well for you, or you have an idea that would improve it for your 395use, please create an issue at https://gitlab.isc.org/isc-projects/dhcp/issues. 396This is also an excellent place to send patches that add new features. 397 398WHERE TO REPORT BUGS: If you want the act of sending in a bug report 399to result in you getting help in the form of a fixed piece of 400software, you are asking for help. Your bug report is helpful to us, 401but fundamentally you are making a support request, so please use the 402addresses described in the previous paragraphs. If you are _sure_ that 403your problem is a bug, and not user error, or if your bug report 404includes a patch, you can submit it to our ticketing system at 405https://gitlab.isc.org/isc-projects/dhcp/issues. If you have not received 406a notice that the ticket has been resolved, then we're still working on it. 407Notice that this is the final release that features client and relay 408components. Reporting bugs in them makes limited sense. The ISC team 409will not be fixing any issues related to client or relay. They may be 410useful for other users to document some problems or perhaps discuss 411and share workarounds. 412 413PLEASE DO NOT REPORT BUGS IN OLD SOFTWARE RELEASES! Fetch the latest 414release and see if the bug is still in that version of the software, 415and if it is still present, _then_ report it. ISC release versions 416always have three numbers, for example: 1.2.3. The 'major release' is 4171 here, the 'minor release' is 2, and the 'maintenance release' is 3. 418 419PLEASE take a moment to determine where the ISC DHCP distribution 420that you're using came from. ISC DHCP is sometimes heavily modified 421by integrators in various operating systems - it's not that we 422feel that our software is perfect and incapable of having bugs, but 423rather that it is very frustrating to find out after many days trying 424to help someone that the sources you're looking at aren't what they're 425running. When in doubt, please retrieve the source distribution from 426ISC's web page and install it. 427 428 HOW TO REPORT BUGS OR REQUEST HELP 429 430When you report bugs or ask for help, please provide us complete 431information. A list of information we need follows. Please read it 432carefully, and put all the information you can into your initial bug 433report. This will save us a great deal of time and more informative 434bug reports are more likely to get handled more quickly overall. 435 436 1. The specific operating system name and version of the 437 machine on which the DHCP server or client is running. 438 2. The specific operating system name and version of the 439 machine on which the client is running, if you are having 440 trouble getting a client working with the server. 441 3. If you're running Linux, the version number we care about is 442 the kernel version and maybe the library version, not the 443 distribution version - e.g., while we don't mind knowing 444 that you're running Redhat version mumble.foo, we must know 445 what kernel version you're running, and it helps if you can 446 tell us what version of the C library you're running, 447 although if you don't know that off the top of your head it 448 may be hard for you to figure it out, so don't go crazy 449 trying. 450 4. The specific version of the DHCP distribution you're 451 running, as reported by dhcpd -t. 452 5. Please explain the problem carefully, thinking through what 453 you're saying to ensure that you don't assume we know 454 something about your situation that we don't know. 455 6. Include your dhcpd.conf and dhcpd.leases file as MIME attachments 456 if they're not over 100 kilobytes in size each. If they are 457 this large, please make them available to us, e.g., via a hidden 458 http:// URL or FTP site. If you're not comfortable releasing 459 this information due to sensitive contents, you may encrypt 460 the file to our release signing key, available on our website. 461 7. Include a log of your server or client running until it 462 encounters the problem - for example, if you are having 463 trouble getting some client to get an address, restart the 464 server with the -d flag and then restart the client, and 465 send us what the server prints. Likewise, with the client, 466 include the output of the client as it fails to get an 467 address or otherwise does the wrong thing. Do not leave 468 out parts of the output that you think aren't interesting. 469 8. If the client or server is dumping core, please run the 470 debugger and get a stack trace, and include that in your 471 bug report. For example, if your debugger is gdb, do the 472 following: 473 474 gdb dhcpd dhcpd.core 475 (gdb) where 476 [...] 477 (gdb) quit 478 479 This assumes that it's the dhcp server you're debugging, and 480 that the core file is in dhcpd.core. 481 482Please see https://www.isc.org/dhcp/ for details on how to subscribe 483to the ISC DHCP mailing lists. 484 485 HISTORY 486 487ISC DHCP was originally written by Ted Lemon under a contract with 488Vixie Labs with the goal of being a complete reference implementation 489of the DHCP protocol. Funding for this project was provided by 490Internet Systems Consortium. The first release of the ISC DHCP 491distribution in December 1997 included just the DHCP server. 492Release 2 in June 1999 added a DHCP client and a BOOTP/DHCP relay 493agent. DHCP 3 was released in October 2001 and included DHCP failover 494support, OMAPI, Dynamic DNS, conditional behaviour, client classing, 495and more. Version 3 of the DHCP server was funded by Nominum, Inc. 496The 4.0 release in December 2007 introduced DHCPv6 protocol support 497for the server and client. The client and relay components reached 498their End-of-Life in January 2022. 499 500This product includes cryptographic software written 501by Eric Young (eay@cryptsoft.com). 502