Re: DNS, DHCP and classes

PeeGee wrote:
I can't help with the DNS and DHCP changes (haven't [yet] had to deal with them, but do want to learn about DNS [when I get the time]), but I do want to clarify what you're doing so that someone else may be able to help on where your problem may lie.

I look after a network at a nearby school which includes a SuSE 9.3 system providing basic services, including DHCP and DNS. I have a few problems or, more correctly, "irritations" where something I would like to do doesn't seem to work. The system has three NICs with networks 10/24, 192.168/24 and 192.168/20.

You've later stated the networks are:

192.168.16.0/24 (= 192.168.16.0 to 192.168.16.255)
and
192.168.64.0/20 (= 192.168.64.0 to 192.168.79.255)

correct?

....

Irritation 1.
Need to look up DNS configuration myself, so can't say.
Irritation 2.
DHCP is set up to recognise all three networks and ignore requests from the 10/24 network. The 192.168/24 network

as in 192.168.16.0/24?

uses a pool for "unknown-clients" and the 192.168/20 network

as in 192.168.64.0/20?

excludes the first block and last three blocks of 256 addresses from a similar pool.

It excludes 192.168.64.0-192.168.64.255 & 192.168.77.0-192.168.79.255?

This allows internet filtering to be applied using the assigned address to change squid/squidguard filters used. The pool is also split into separate ranges, excluding the .0 and .255 addresses, as we found that any windows client given such an address could not connect to the Windows 2003 server.

All bits set on a host address is a broadcast address for that network. On a x.x.x.y/24 network, that means the [pseudo] host with x.x.x.255

Don't quote me on this, but I think that all bits unset on a host address is a routing address (or something like that) for that network[1]. On a x.x.x.y/24 network, that means the [pseudo] host with x.x.x.0 is used for routing information.

[1] For whatever purpose, host with all bits zero is special - that I am sure.

I'm sure that all the host bits have to be [un]set; so on a 192.168.64.0/20 network, the hosts with addresses 192.168.64.0 (in hex: C0.A8.40.00) and 192.168.79.255 (in hex: C0.A8.4F.FF) are the special hosts.

Windwos may be borken in that it's sticking to strict class C host decoding (only expecting an 8 bit host) and not looking at your supernet of 192.168.64/20 properly - or the netmask on the Windwos 2003 server isn't set properly? Or...(more likely on what I guess from your description):

I presume the "sub"splitting of the /20 pool is into 16 blocks (pools) numbered 1-16 with ip addresses 192.168.64.x-192.168.79.x each given a netmask of /24 (ie 255.255.255.0). In this case, the hosts with 192.168.y.0 and 192.168.y.255 are special for each of the 16 blocks of 256 addresses.

At the moment, the four "odd" blocks have predefined addresses using host declarations, which also means they have to be predefined in the DNS as DHCP does not pass these on as an update. What I would like to do is use the "class" declarations to assign systems to one of a number of pools within the "odd" blocks based on the client name and remove the need to perform a manual update when a new laptop is assigned to a teacher, for example.

Dunno.

I have added entries in the appropriate places (by copying the examples in the man pages and changing the names to protect the guilty) of the form:

class "laptop" {
match if substring ( option dhcp-client-identifier, 1, 4 ) = "Dell";
match if substring ( option dhcp-client-identifier, 1, 3 ) = "IBM";
match if substring ( option dhcp-client-identifier, 1, 4 ) = "Acer";
}

pool {
allow members of "laptop";
range 192.168.14.1 192.168.14.200;

Is this a changed entry (to protect the innocent) or actual? The 192.168.14.x are not in either of the ranges you specified (noted above) for your /24 and /20 networks.

}

I assume that case is significant, but addresses seem to be allocated from the general pool (which uses "allow unknown-clients"). There are no reported errors and the strings are the same case as entries in the "leases" file, so I assume I have missed something. Suggestions of things to look for would be welcome.

Irritation 3.
Dunno.

.

Relevant Pages

  • Re: Working on howl port
    ... software needs to work as if it has no control over network allocation, ... the host does not have knowledge of what IPv4 Link- ... these modifications reduce the reliability of the DHCP service. ... is not sufficient reason to unconfigure a valid DHCP ...
    (freebsd-net)
  • Re: simple networking question
    ... I'm guessing you can ping by IP but not host name. ... Again, your problem is, Active Directory is DNS based. ... configured on your private network. ... virtualization). ...
    (microsoft.public.windows.server.general)
  • Re: network has gone down again, and I cannot figure out why
    ... search dns: dns.asm.bellsouth.net ... try against the secondary DNS server address. ... up DHCP on this end and now I can email. ... DHCP just configures your side of the network with the data that the ...
    (Fedora)
  • CERT Advisory CA-2002-12 Format String Vulnerability in ISC DHCPD
    ... The Internet Software Consortium provides a Dynamic Host ... have not seen active scanning or exploitation of this vulnerability. ... NSUPDATE allows the DHCP ... significant impact on your normal network operations. ...
    (Cert)
  • CERT Advisory CA-2002-12 Format String Vulnerability in ISC DHCPD
    ... The Internet Software Consortium provides a Dynamic Host ... have not seen active scanning or exploitation of this vulnerability. ... NSUPDATE allows the DHCP ... significant impact on your normal network operations. ...
    (Cert)