Discussion:
[Dnsmasq-discuss] Safe to use static DHCP allocations within dynamic range?
Ed W
2015-10-15 11:39:18 UTC
Permalink
Hi, I'm not quite clear from the manual pages, so can I please get a
definitive answer:

- Am I safe to use to assign a static IP allocation using --dhcp-host
options, *within* an IP range allocated using --dhcp-range ?

Specifically, whilst I realise that dnsmasq will first ping to see if an
IP is unused:
- Will there be a hard mask on the IP being handed out dynamically as a
result of the --dhcp-host option?
- ie if the static allocated device is missing from the network for some
long period of time, am I "safe" from having a dynamic device "pinch" my
static IP?

Corner case:
- What happens if there is currently a lease allocated to IP w.x.y.z,
and I setup a static --dhcp-host allocation for that IP and a
*different* mac, ie this lease needs to be booted off. Assuming the
lease is technically not expired, and I disconnect the (now errant)
device from the network and reconnect it, will it be able to regain it's
(technically still not expired) lease, or will dnsmasq observe the
static allocation, expire the lease and allocate a new dynamic allocation?


Background:
- I do realise it's best practice to have a separate static range
outside of the dynamic allocation range
- For various technical reasons this environment would be massively
simpler if it were possible to safely allocate static allocations
*inside* the dynamic range and have them protected and always available
(ie even if the machine is offline for a long period)


Thanks if anyone can confirm what happens here with certainty

Ed W
Carlos Carvalho
2015-10-17 01:21:33 UTC
Permalink
Post by Ed W
Hi, I'm not quite clear from the manual pages, so can I please get a
- Am I safe to use to assign a static IP allocation using --dhcp-host
options, *within* an IP range allocated using --dhcp-range ?
Specifically, whilst I realise that dnsmasq will first ping to see if an IP
- Will there be a hard mask on the IP being handed out dynamically as a
result of the --dhcp-host option?
- ie if the static allocated device is missing from the network for some
long period of time, am I "safe" from having a dynamic device "pinch" my
static IP?
Good question; this is not written in the manual. I think it should be
explicitly stated there.

From my reading of the source the answer is yes. The response to the client is
built by the function dhcp_reply() in file rfc2131.c. We see that all possible
answers to DHCPDISCOVER and DHCPREQUEST check for !config_find_by_address().
This function, in file dhcp.c, checks if the address has been manually
configured by dhcp-host, as seen in options.c. Note that a dhcp-host
declaration can have a lease time but config_find_by_address() doesn't
take time into account, so static declarations are never given dynamically.

I didn't check the IPv6 case but the strategy will surely be the same.
Post by Ed W
- What happens if there is currently a lease allocated to IP w.x.y.z, and I
setup a static --dhcp-host allocation for that IP and a *different* mac, ie
this lease needs to be booted off.
You cannot, this is illegal. If you give a lease to a client you have to abide
by your promise. The correct procedure is to make the client deconfigure the
interface (as is done in a proper reboot or shutdown). It'll then send a
message to the dhcp server releasing the address. From this moment the lease no
longer exists, and you can reconfigure the dhcp server with the static
declaration. If the client comes back and requests the address the server will
deny it. The client will then start the procedure from the beginning
(dhcpdiscover) and will receive an available address.
Simon Kelley
2015-10-20 20:51:40 UTC
Permalink
Post by Ed W
Hi, I'm not quite clear from the manual pages, so can I please get a
- Am I safe to use to assign a static IP allocation using --dhcp-host
options, *within* an IP range allocated using --dhcp-range ?
Specifically, whilst I realise that dnsmasq will first ping to see if an
- Will there be a hard mask on the IP being handed out dynamically as a
result of the --dhcp-host option?
- ie if the static allocated device is missing from the network for some
long period of time, am I "safe" from having a dynamic device "pinch" my
static IP?
Yes. Addresses withing the dynamic range which appear as static
allocations are protected from being handed out to other clients.
Post by Ed W
- What happens if there is currently a lease allocated to IP w.x.y.z,
and I setup a static --dhcp-host allocation for that IP and a
*different* mac, ie this lease needs to be booted off. Assuming the
lease is technically not expired, and I disconnect the (now errant)
device from the network and reconnect it, will it be able to regain it's
(technically still not expired) lease, or will dnsmasq observe the
static allocation, expire the lease and allocate a new dynamic allocation?
For the duration of the existing lease, the existing owner will get to
keep it. If the address is set as static for a MAC and that MAC asks for
a lease, it will be offered a different address, and a message logged
about why. Once the lease expires, the existing owner will not be able
to renew the lease, and will move address. Once that's happened, the
static-MAC will also not be able to renew its lease, and will move
address to the originally allocated static address.
Post by Ed W
- I do realise it's best practice to have a separate static range
outside of the dynamic allocation range
- For various technical reasons this environment would be massively
simpler if it were possible to safely allocate static allocations
*inside* the dynamic range and have them protected and always available
(ie even if the machine is offline for a long period)
exec-summary. If you have static allocations in the dynamic range, all
will be fine. If you add a new allocation in the dynamic range for an
unused address, all will be fine. If you add a new allocation for an
address that's already in use, all will eventually be fine, but clients
will be move addresses to make it so.

Cheers,

Simon.



Cheers,

Simon.
Ed W
2015-10-23 16:38:11 UTC
Permalink
Hi Simon

Thanks for the (as usual) excellent answer (and thanks Carlos!)

This behaviour is extremely desirable and as far as I can tell isn't
available with other DHCP servers!

Cheers

Ed W
Post by Simon Kelley
Post by Ed W
Hi, I'm not quite clear from the manual pages, so can I please get a
- Am I safe to use to assign a static IP allocation using --dhcp-host
options, *within* an IP range allocated using --dhcp-range ?
Specifically, whilst I realise that dnsmasq will first ping to see if an
- Will there be a hard mask on the IP being handed out dynamically as a
result of the --dhcp-host option?
- ie if the static allocated device is missing from the network for some
long period of time, am I "safe" from having a dynamic device "pinch" my
static IP?
Yes. Addresses withing the dynamic range which appear as static
allocations are protected from being handed out to other clients.
Post by Ed W
- What happens if there is currently a lease allocated to IP w.x.y.z,
and I setup a static --dhcp-host allocation for that IP and a
*different* mac, ie this lease needs to be booted off. Assuming the
lease is technically not expired, and I disconnect the (now errant)
device from the network and reconnect it, will it be able to regain it's
(technically still not expired) lease, or will dnsmasq observe the
static allocation, expire the lease and allocate a new dynamic allocation?
For the duration of the existing lease, the existing owner will get to
keep it. If the address is set as static for a MAC and that MAC asks for
a lease, it will be offered a different address, and a message logged
about why. Once the lease expires, the existing owner will not be able
to renew the lease, and will move address. Once that's happened, the
static-MAC will also not be able to renew its lease, and will move
address to the originally allocated static address.
Post by Ed W
- I do realise it's best practice to have a separate static range
outside of the dynamic allocation range
- For various technical reasons this environment would be massively
simpler if it were possible to safely allocate static allocations
*inside* the dynamic range and have them protected and always available
(ie even if the machine is offline for a long period)
exec-summary. If you have static allocations in the dynamic range, all
will be fine. If you add a new allocation in the dynamic range for an
unused address, all will be fine. If you add a new allocation for an
address that's already in use, all will eventually be fine, but clients
will be move addresses to make it so.
Cheers,
Simon.
Cheers,
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Loading...