DHCP Server Configuration File

Purpose

Defines default configuration information for the Dynamic Host Configuration Protocol (DHCP) server program (dhcpsd).

Description

The dhcpsd configuration file contains entries for logging information, options to return, machines to configure, and other items.

Following are the formats for the data in the configuration file.

# Comment line
The # character means that there is a comment from that point to the end of the line.
## "Name of Resource" "<Keyword> <value> <value> ..."
The ## characters denote a named resource. This is used by the dhcpsconf program to allow the user to create specific resources. The data is stored in the server file so that it can be read in with the configuration file and displayed as the name and not the value in the viewing window of dhcpsconf.

The format of the ## line is a quoted string that is the name of the resource followed by a double-quoted string representing a valid possible line for a configuration file. The second quoted string should be syntactically correct for a line in a DHCP server configuration file. The keyword can only be option, network, subnet, class, and client.

### "DHCP Server" "Any line from a server file"
The ### characters denote a server configuration file. This allows for multiple server files to be saved in one file. The dhcpsconf program uses this to present multiple server datasets in a master. This would be useful, if you were to define a network with 10 servers and wanted to save all the server information in one file and maintain a default server. The default server would go into the master file, and the servers would be saved in the master file with the ### characters. The dhcpsconf program has a function that allows you to create a specific server configuration out of the master file.
numLogFiles n
Specifies the number of log files. If 0 is specified, no log file will be maintained and no log message is displayed anywhere. n is the maximum number of log files maintained as the size of the most recent log file reaches its maximum size and a new log file is created.
logFileSize n
Maximum size of a log file. When the size of the most recent log file reaches this value, it is renamed and a new log file is created. n is measured in kilobytes(KB).
logFileName filename
Name and path of the most recent log file. Less recent log files have the number 1 to (n - 1) appended to their names; the larger the number, the older the file.
logItem <option name>
One item that will be logged. Multiple of these lines are allowed. This allows for the specified logging level to be turned on. The following are option names:
SYSERR
System error, at the interface to the platform
OBJERR
Object error, in between objects in the process
PROTERR
Protocol error, between client and server
WARNING
Warning, worth attention from the user
EVENT
Event occurred to the process
ACTION
Action taken by the process
INFO
Information that might be useful
ACNTING
Who was served, and when
TRACE
Code flow, for debugging.
clientrecorddb <filename>
This is the path to a file to substitute for /etc/dhcps.cr. Configurations that support a large number of addresses should set clientrecorddb and addressrecorddb database files in a file system with substantial free space.
addressrecorddb <filename>
This is the path to a file to substitute for /etc/dhcps.ar.
network <Network address> [<Subnet Mask>|<range>]
Specifies one network administered by this server. Network address is the address of this network. This address is specified in the dotted notation (for example, 9.0.0.0, 128.81.0.0, or 192.81.20.0). Full four-byte value should be specified (for example, 9, 128.81, or 192.81.20 is not legal).

Network address may optionally be followed by the subnet mask, a range, or nothing.

If a subnet mask is specified, one or more subnet statements should appear in the succeeding lines within a pair of curly braces. The subnet mask may be specified either in the dotted notation (for example, 255.255.255.128) or as a number indicating the number of 1 bits in the mask (for example, 25, which is equivalent to 255.255.255.128). The means that a network is not a collection of all subnet for a network, but all subnets with the same length subnet for that network "prefix."

If a range is specified, it determines, within the network, the range of hosts that are administered by this server, and it implies that there is no subnetting. A range is specified by the host addresses, in the dotted notation, at the lower end and the higher end of the range, respectively, separated by a hyphen with no spaces before or after it (for example, 192.81.20.1-129.81.20.128). A range must encompass all addresses to be administered because multiple network statements to define the same network are not allowed. Use the "client" statement to exclude any addresses in the range that the server should not administer.

If nothing is specified after Network address, all hosts in that network are administered by this server.

A network statement may be immediately followed by a pair of curly braces, in which parameters (for example, options) particular to this network can be specified.

subnet <Subnet address> [<range>]
One or more subnet statements are enclosed by a pair of curly braces that immediately follows a network statement with subnet mask. A subnet statement specifies one subnet within that network.

Subnet address is the address of this subnet. This address is specified in the dotted notation (for example, 9.17.32.0 or 128.81.22.0).

Subnet address may be followed by a range or nothing.

If a range is specified, it determines, within the subnet, the range of hosts that are administered by this server. A range is specified by the host addresses, in the dotted notation, at the lower end and the higher end of the range, respectively, separated by a hyphen with no spaces before or after it. A range must encompass all addresses to be administered since multiple subnet statements to define the same subnet are not allowed. Use the "client" statement to exclude any addresses in the range which the server should not administer.

If nothing is specified after Subnet address, all hosts in that subnet are administered by this server.

The ranges in two servers administering the same subnet cannot overlap. Otherwise, two hosts may be assigned the same address.

A subnet statement may be immediately followed by a pair of curly braces, in which parameters (for example, options) particular to this subnet can be specified.

class <class_name> [<range>]
Specifies a class. The class name is a simple ascii string. A class's scope is determined by the curly braces in which it is enclosed. If it is outside all curly braces, then its scope is the entire file.

A class name may be followed by a range or nothing. If a range of Ip Addresses is specified, then only addresses in that range will be assigned to clients who request this class. Note that clients who request this class, for which the subnet does not match the range, will not be processed. Bad addresses will not be given out by the server. If an address range is not specified, then addresses will be given to clients using the usual rules of assignment (by network clauses).

The class statement may be immediately followed by a pair of curly braces, in which the options particular to this class can be specified. A class may be defined within the curly braces of a subnet, but a subnet may not be defined within the curly braces of a class.

Options set up in the network or subnet containing a class definition will also apply to the class.

client <id_type> <id_value> <address>
Specifies a definition of client/address processing.

<id_type> is 0 for a string, otherwise it is one of the hardware types defined in RFC 1340 (for example, 6 for IEEE 802 networks.)

<id_value> is a character string for <id_type>=0. Typically, this would be a domain name. For a non-zero <id_type>, the <id_value> is a hexadecimal string representing the hardware address of the client.
Note: An <id_type> of 0 and an <id_value> of 0 indicates that the <address> specified should not be distributed by this server.
The <address> can be the string "none" to indicate that the client with <id_type> and <id_value> should not be serviced by this server. The <address> can be the string "any" to indicate that the server should choose an appropriate address for this client. The <address> can be an internet address in dotted notation (for example, 9.2.15.82). This will be the Ip address given to the particular client specified by <id_type> and <id_value>. As mentioned above, an <id_type> of 0 and an <id_value> of 0 indicates that the <address> specified should not be distributed by this server.
Note: If a client is configured in this way on the server, then any class information requested by the client will be ignored. No class-specific information will be processed for these clients.

The client statement may be immediately followed by a pair of curly braces, in which the options particular to this client can be specified.

A client statement with an address specified that is not part of the address pool specified in a network/subnet elsewhere in this file must contain the subnet mask option(1). For all other clients, the server will compute the subnet mask option to send the client based on the network/subnet definitions.
Note: All clients inherit all globally defined options. A client defined in a network scope will inherit options defined for that network. A client defined in a subnet scope, will inherit options defined for that subnet and encompassing network.

A class definition inside a client scope is not allowed.

The client statement may be used to configure bootp clients. To do this, specify all the bootp options using the option syntax defined below. In addition, specify an infinite lease time in the client scope with "option 51 0xffffffff". DHCP options will not be served to the bootp client.

nakoutofrange <option>

Specifies the behavior of the DHCP server when a client requests an IP address that this server does not administer.

When a DHCP client moves from one DHCP domain to a new DHCP domain, the client requests its previous IP address from the new DHCP server. By default, the DHCP server ignores such requests without sending a refusal (DHCP NAK). The nakoutofrange policy in the AIX® DHCP server enables the DHCP administrator to force the server to send refusals to clients in such situations, and to force the clients to request new addresses and configurations.

You can place the nakoutofrange option either inside a subnet scope or in the global scope. Each option and its placement have specific implications to the behavior of the DHCP server. The following options are available:

none
This is the default setting when the nakoutofrange keyword is not present. A DHCP server sends a DHCP NAK response when a client asks for an address that the server controls and that the client cannot use. For example, a client requests an address that another client is using.
Note: To use a policy other than none in the global area, you must understand the network topology and ensure that clients of the DHCP server can reach the DHCP server from any network access point.
insubnet
If a client requests an address that matches the subnet from which the client is broadcasting, but the address does not fall within the controlled IP address ranges of that subnet, the DHCP server sends a DHCP NAK response to the client.
Note: Do not use this option when multiple DHCP servers are controlling separate IP address ranges on the same subnet, unless every access point to the subnet can only reach one of the DHCP servers.
notinsubnet
The DHCP server sends a DHCP NAK response to a client that is requesting an address that does not match the subnet from which the client is broadcasting. When this option is placed outside the subnet scope, the DHCP NAK response is sent when the client's broadcast is received from a subnet that is not controlled by the server.
Note: When this option is placed inside the subnet scope, it should be used when there are no other logical subnets on the client's network segment that are administered through any DHCP server.
both
The DHCP server sends a DHCP NAK response to a client that is requesting an address that the server cannot assign to the client. Placing this option inside a subnet scope combines the implications of placing the notinsubnet option and the insubnet option inside the subnet scope. Place this option inside a subnet scope when the configured DHCP server is the only DHCP server capable of assigning an address to a client broadcasting from any of the network access points on the subnet. This option should be placed globally only when the configured DHCP server is the only reachable DHCP server from any of the network access points.
The following is an example of the nakoutofrange option:
nakoutofrange none
	subnet 192.1.1.0 255.255.255.0 192.1.1.5-192.1.1.254
	{
		nakoutofrange both
		# ... options ...
	}
	subnet 12.1.10.0 255.255.255.0 12.1.10.5-12.1.10.150
	{
		# another server controls addresses 12.1.10.151-12.1.10.254
		nakoutofrange notinsubnet
		# ... options ...
	}
Note: A typical configuration is to use the both option inside all subnet scopes and to leave the default none option enforced in the global scope.
option <code> <value>
This parameter specifies the value of an option defined in "DHCP Options and BOOTP Vendor Extensions" (RFC 1533) and supported by this server.

An option is specified by the "option" keyword followed by the option code of this option and its data field, in a single line. One or more of this parameter may be specified.

The scope within which an option applies is delimited by a pair of curly braces ({, }) surrounding this parameter.

Two or more options with the same option code may be specified. Their data fields are concatenated in a single option in a packet generated by the server if the options have the same scope or one's scope includes that of another.

Some of the defined options do not need to be specified by this parameter. These options are either mandated by the protocol or this implementation to be present in proper packets, or only generated by a client. These options are:

Option Code Name
0 Pad Option
255 End Option
1 Subnet Mask
50 Request IP Address
51 IP Address Lease Time
52 Option Overload
53 DHCP Message Type
54 Server Identifier
55 Parameter Request List
57 Maximum DHCP Message Size
58 Renewal (T1) Time Value
59 Rebinding (T2) Time Value
60 Class identifier of client
61 Client identifier

The other options may be specified by this parameter.

When specifying an option, its data field takes one of the following formats:

IP Address
xxx.xxx.xxx.xxx
IP Addresses
[xxx.xxx.xxx.xxx ...]
IP Address Pair
[ip address:ip address]
IP Address Pairs
[[ip address:ip address] ...]
Boolean
[0, 1]
Byte
[-128, 127]
Unsigned Byte
[0, 255]
Unsigned Bytes
[[0, 255] [0, 255] ...]
Short
[-32768, 32767]
Unsigned Short
[0, 65535]
Unsigned Shorts
[[0, 65535] [0, 65536]
Long
[-2147483648, 2147483647]
Unsigned Long
[0, 4294967295]
String
"Value Here"
Note: All IP addresses are specified in dotted-decimal form.

Each of the defined options is listed below by its code and name, followed by the format of its data field. These are specified in latest Vendor Extensions RFC.

Code Name Data Field Format and Notes
0 Pad Option No need to specify
255 End Option No need to specify
1 Subnet Mask Unsigned Long
2 Time Offset Long
3 Router Option IP Addresses
4 Timer Server Option IP Addresses
5 Name Server Option IP Addresses
6 Domain Name Server Option IP Addresses
7 Log Server Option IP Addresses
8 Cookie Server Option IP Addresses
9 LPR Server Option IP Addresses
10 Impress Server Option IP Addresses
11 Resource Location Server Option IP Addresses
12 Host Name Option String
13 Boot File Size Option Unsigned Short
14 Merit Dump File String
15 Domain Name String
16 Swap Server IP Address
17 Root Path String
18 Extensions Path String

IP Layer Parameters per Host

Code Name Data Field Format and Notes
19 IP Forwarding Enable/Disable Option Boolean
20 Non-local Source Routing Enable/Disable Option Boolean
21 Policy Filter Option IP Address Pairs
22 Maximum Datagram Reassembly Size Unsigned Short
23 Default IP Time-to-live Unsigned Byte
24 Path MTU Aging Timeout Option Unsigned Long
25 Path MTU Plateau Table Unsigned Shorts

IP Layer Parameters per Interface

Code Name Data Field Format and Notes
26 Interface MTU Option Unsigned Short
27 All Subnets are Local Option Boolean
28 Broadcast Address Option IP Address
29 Perform Mask Discovery Option Boolean
30 Mask Supplier Option Boolean
31 Perform Router Discovery Option Boolean
32 Router Solicitation Address Option IP Address
33 Static Route Option IP Address Pairs

Link Layer Parameters per Interface

Code Name Data Field Format and Notes
34 Trailer Encapsulation Option Boolean
35 ARP Cache Timeout Option Unsigned Long
36 Ethernet Encapsulation Option Boolean

TCP Parameters

Code Name Data Field Format and Notes
37 TCP Default TTL Option Unsigned Byte
38 TCP Keepalive Interval Option Unsigned Long
39 TCP Keepalive Garbage Option Boolean

Application and Service Parameters

Code Name Data Field Format and Notes
40 NIS Domain Option String
41 NIS Option IP Addresses
42 Network Time Protocol Servers Option IP Addresses
43 Vendor Specific Information Unsigned Bytes
44 NetBIOS over TCP/IP Name Server Option IP Addresses
45 NetBIOS over TCP/IP Datagram Distribution Server IP Addresses
46 NetBIOS over TCP/IP Node Type Option Unsigned Byte
47 NetBIOS over TCP/IP Scope Option Unsigned Bytes
48 X Window System Font Server Option IP Addresses
49 X Window System Display Manager Option IP Addresses

DHCP Extensions

Code Name Data Field Format and Notes
50 Request IP Address No need to specify
51 IP Address Lease Time Unsigned Long
52 Option Overload No need to specify
53 DHCP Message Type No need to specify
54 Server Identifier No need to specify
55 Parameter Request List No need to specify
56 Message String
57 Maximum DHCP Message Size No need to specify
58 Renewal (T1) Time Value No need to specify
59 Rebinding (T2) Time Value No need to specify
60 Class Identifier of Client Generated by client
61 Client Identifier Generated by client

BOOTP Specific Options

Code Name Data Field Format and Notes
sa Server Address for the BOOTP client to use IP Address
bf Bootfile for the BOOTP client to use String
hd Home Directory for the BOOTP client to search for the bootfile String

Following is an example of BOOTP specific options:

option sa 1.1.2.2
option hd "/vikings/native"
option bf "bootfile.asdg"
 

Other option numbers may be specified, up to a maximum of 255. The options not listed above must be specified with the unsigned byte list type. Following is an example:

option 178 01 34 53 # Means place tag 178 with value 
0x013553
leaseTimeDefault <amount>[<unit>]
Specifies the default lease duration for the leases issued by this server. In the absence of any more specific lease duration (for example, lease duration for specific client(s) or class of clients), the lease duration specified by this parameter takes effect.

The amount is specified by a decimal number. The unit is one of the following (plural is accepted):

  • year
  • month
  • week
  • day
  • hour
  • minute (default if unit is absent)
  • second

There is at least one white space in between the amount and unit. Only the first amount following the keyword has effect.

If this parameter is not specified, the default lease duration is one (1) hour.

This parameter should appear outside of any pair of curly braces, for example, it applies to all leases issued by this server.
Note: This keyword only applies to the default for all addresses. To specify a specific lease time for a subnet, network, class or client, use the usual "option 51 value" to specify that lease time (in seconds).
leaseExpireInterval <amount> [<unit>]
Specifies the time interval at which the lease expiration condition is examined, and if a running lease meets such condition, it is expired. The value of this parameter applies to all leases administered by this server.

The amount is specified by a decimal number. The unit is one of the following (plural is accepted):

  • year
  • month
  • week
  • day
  • hour
  • minute (default if unit is absent)
  • second

There is at least one white space in between the amount and unit. Only the first amount following the keyword has effect.

If this parameter is not specified, the default interval is one (1) minute.

This parameter should appear outside of any pair of curly braces, for example it applies to all leases issued by this server.

The value of this parameter should be in proportion with that of parameter leaseTimeDefault so that the expirations of leases are recognized in time.

supportBOOTP [yes | no]
Indicates to the server whether or not to support requests from BOOTP clients.

If yes is specified, the server will support BOOTP clients.

If the value field is not a yes, or the keyword is omitted, the server will not support BOOTP clients.

The scope of this parameter covers all the networks and subnets administered by this server.

If the server previously supported BOOTP clients and has been reconfigured not to support BOOTP clients, the address binding for a BOOTP client established before the reconfiguration, if any, will still be maintained until the time when that BOOTP client sends a request again (when it is rebooting.) At that time, the server will not respond, and the binding will be removed.

supportunlistedClients [yes | no]
Indicates to the server whether or not to support requests from clients that are not specifically configured with their own individual client statements in the server.

If yes is specified, the server will support unlisted clients.

If the value field is anything other than yes, the server will not support unlisted clients.

If this keyword is not found in the file, the server will support clients not specifically configured with a client statement.

updateDNS <string>
A string enclosed in quotes, indicating a program to execute to update the DNS server with the new inverse mapping for the IP address and names served by dhcp. This string should include four %s's to indicate the placement of the following information from the dhcp client:
hostname
Value of option 12. The value returned by the dhcp server is used, if one is supplied. Else, if the client specified a value in this file, the client-requested value is used. If neither the client specified a requested hostname nor the server supplied one, this exec string will not be executed.
domainname
Value of option 15. The value returned by the dhcp server is used, if one is supplied. Else, if the client specified a value in this file, the client-requested value is used. If neither the client specified a requested hostname nor the server supplied one, a null string (" ") is supplied by dhcp. This may cause the update of address records to fail.
Ip Address
IP address leased to this client by the server. The string is supplied in dotted notation, for example, 9.2.23.43.
leasetime
Lease time granted by the server. This string is a decimal number representing the number of seconds of the lease.

These values are output by dhcp in this order:

hostname domainname Ip Address leasetime

A script /usr/sbin/dhcpaction has been provided with this function, as well as actions to help NIM interact with DHCP clients. Run the script as follows:

/usr/sbin/dhcpaction hostname domainname ipaddress
leasetime < A | PTR | BOTH | NONE > < NONIM | NIM >

The first four parameters are what will be used to update the DNS server. The fifth parameter tells dhcpaction to update the A record, the PTR record, or both, or none. The options are A, PTR, BOTH, NONE. The sixth parameter is used to tell servers that NIM is being used, and processing needs to be done when a client changes address. The options for this are NIM and NONIM.

An example follows:

updateDNS "/usr/sbin/dhcpaction %s %s %s %s %s PTR
NONIM 2>&1 >>/tmp/updns.out"

Examples

  1. In this example, we are setting up a server with a default lease time of 30 minutes. This means that any address that doesn't explicitly have a lease time set in a network, class, client, or subnet scope, will get 30 minutes. We are also setting the time between server address expiration checks to 3 minutes. This means that every 3 minutes, the server will check to see if an address has expired and mark it as expired. We are also saying the server should accept BOOTP requests and accept any client that matches the normal address assignment scheme. The normal address assignment scheme means that an address and options are assigned based on the network/subnet that the client is on.

    We are also setting up two global options that should apply to all clients we serve. We are saying that there is a printer at 10.11.12.13 for everyone to use and the global domain name is dreampark. We are defining one network that has subnetting on the first 24 bits.

    Thus, the network we are defining has some number of subnets and all the subnets we are specifying in this network scope have netmask of 255.255.255.0. Under that network, we are defining some options for that network and some subnets. The subnets define the actual addresses available for distribution. There are two subnets. Inside the second subnet, there is a class. The class information only applies to hosts on the second subnet that request that class. If that class is asked for the host, it will get two netbios options. If the address is in the first subnet, it will get the options in the subnet clause, which are nothing. If the host is in the second subnet, it will get all the options in the clause for the second subnet. If it also has the class, it will get the class options. If options are repeated with the same scope or a sub-scope, these options are concatenated together and set as one option. All hosts given an address from one of the two subnets will receive the options that are in the network scope.

    leaseTimeDefault                   30 minutes
    leaseExpireInterval                3 minutes
    supportBOOTP                       yes
    supportUnlistedClients             yes
       
    option 9         10.11.12.13                  # printer for all
    option 15        dreampark                    # domain
    name
       
    network 9.0.0.0 24
    {
              subnet 9.2.218.0     9.2.218.1-9.2.218.128
              subnet 9.67.112.0    9.67.112.1-9.67.112.64
              {
                option 28          9.67.112.127             # broadcast address
                option 9           9.67.112.1               # printer 1
                option 9           9.67.112.2               # printer 2
                option 15          sandbox.                 # domain name
                class netbios_host
                {
                                   #Netbi ov tcp/ip name server
                                   option 44 9.67.112.125
                                   Netbi over tcp/ip node type
                                   option 46 2
                       }
                }
        
                option 15          toyland                   # domain name
                option 9           9.68.111.128              # printer 3
                option 33          1.2.3.4:9.8.7.1           # route to the moon
                option 33          5.6.7.8:9.8.7.2           # route to the mars
                # routes to black holes
                option 3           11.22.33.44    55.66.77.88
    }
     
  2. In this example, we see the output of the dhcpsconf command. This format is more used by the dhcpsconf GUI to store information. This format allows for multiple configurations. The dhcpsconf GUI can in turn generate the specific server files for an individual server. The file specifies two of DHCP Servers, Greg and Fred. Each contain the definitions for the two servers. The dhcpsconf command can generate files specifically for Greg or Fred. The dhcpsconf command will also use the named resources (## sections) to display network pieces that have been named by the administrator.
    The DHCP server Greg is responsible for network 9.3.145.0, subnet mask 255.255.255.192. The DHCP server Fred is responsible for network 9.3.146.128, subnet mask 255.255.255.240. Each server provides its own domain name. Other options named and unnamed may be placed in the server's configuration section.
    Note: This format is used by dhcpsconf, which generateS the appropriate configuration files for DHCP servers Greg and Fred.
    # Named resources Section
    ## "Network 1 Subnet Netmask" "option 1 255.255.255.192"
    ## "Network 2 Subnet Netmask" "option 1 255.255.255.240"
    ## "Network 1 Domain Name" "option 15 "bizarro.austin.ibm.com""
    ## "Network 2 Domain Name" "option 15 "superman.austin.ibm.com""
    ## "Network 1 Network" "network 9.3.145.0 26"
    ## "Network 2 Network" "network 9.3.146.128 27"
      
    ### "DHCP Server Greg" "logItem SYSERR"
    ### "DHCP Server Greg" "numlogfiles 6"
    ### "DHCP Server Greg" "logfilesize 100"
    ### "DHCP Server Greg" "logfilename /usr/tmp/dhcpgreg.log"
    ### "DHCP Server Greg" "network 9.3.145.0 26"
    ### "DHCP Server Greg" "{"
    ### "DHCP Server Greg" "option 15 "bizarro.austin.ibm.com""
    ### "DHCP Server Greg" "}"
    ### "DHCP Server Fred" "logItem SYSERR"
    ### "DHCP Server Fred" "logItem OBJERR"
    ### "DHCP Server Fred" "numlogfiles 3"
    ### "DHCP Server Fred" "logfilesize 50"
    ### "DHCP Server Fred" "logfilename /usr/tmp/dhcpfred.log"
    ### "DHCP Server Fred" "network 9.3.146.128 27"
    ### "DHCP Server Fred" "{"
    ### "DHCP Server Fred" "option 15 "superman.austin.ibm.com""
    ### "DHCP Server Fred" "}"