DHCP is one of the most common network services found in corporations, home networks, and Internet service providers that dynamically assign IP addresses from a specific pool to a device for a particular length of time to help use allocated IP addresses more efficiently. In this article, I will provide the basic steps on setting up a DHCP server on a FreeBSD machine using the Internet Software Consortium's DHCP software (also known as ISC DHCP). I will also provide links to other resources that can provide additional information on more advanced configuration options. The version of ISC DHCP that I will be referring to in this article is 3.0.1rc9, and the version of FreeBSD that I used as a reference is 4.6-STABLE.

The easiest way to install the ISC DHCP software package is to install from the Ports collection under net/isc-dhcp3. You can also build and install the package from the tarball available from the ISC's FTP server. I would highly recommend building and installing the ISC DHCP from the Ports collection, but before you start the install process, you should have the latest version of the port on your system (which can be done by using cvsup; more information on using cvsup can be found in the FreeBSD Handbook).

To install ISC DHCP from the Ports collection, run the following commands as root:

	# cd /usr/ports/net/isc-dhcp3
	# make ; make install

Once the port has finished building and installing, the DHCP dæmon, relay agent and the client have been installed on the machine, with the main executables installed under /usr/local/sbin. In order to use the newly installed DHCP client (say, if you are going to be running the DHCP dæmon on a router/firewall that needs to get a dynamic address from your Internet service provider), you will need to add the following line to /etc/rc.conf:

	dhcp_program="/usr/local/sbin/dhclient"

as the default is to use dhclient from /sbin. All of the configuration files will be placed under /usr/local/etc.

If you decide to install ISC DHCP from the ISC tarball, the install can be done in a couple more steps than via Ports, and differs in the sense that it the ISC tarball version will install the files under /usr/sbin instead of /usr/local/sbin (with the exception of dhclient which is installed in /sbin); and the configuration files would be placed under /etc instead of /usr/local/etc. To build and install ISC DHCP from the ISC tarball, grab the tarball and do the following steps as root:

	# cd /path/to/tarball
	# tar zxf dhcp-3.0.1rc9.tar.gz
	# cd dhcp-3.01rc9/
	# ./configure
	[configure output]
	# make ; make install

The install portion that is included with the ISC DHCP tarball does not include any scripts that would start the DHCP dæmon upon startup; therefore, you will need to hack together a startup script and place it under /usr/local/etc/rc.d. I will provide a very simple startup later in this article.

After the package has been built and installed (either from Ports or from the tarball), the configuration file(s) will need to be created to meet your requirements as well as configuration of the startup options for the dæmon. The configuration file that you would use to configure the DHCP server settings and lease pools is called dhcpd.conf and is located under /usr/local/etc (or /etc for those who installed from the tarball). The configuration syntax resembles a cross between PHP and the BIND configuration syntax.

Below is an example of a basic configuration that would be in dhcpd.conf:

	ddns-update-style none;

	subnet 192.168.1.0 netmask 255.255.255.0 {
		range 192.168.1.50 192.168.1.100;
		default-lease-time 144000;
		max-lease-time 192000;
		option subnet-mask 255.255.255.0;
		option broadcast-address 192.168.1.255;
		option routers 192.168.1.2;
		option domain-name-servers 192.168.1.2;
		option domain-name "foo.org";
	
		host quux {
			hardware ethernet ab:cd:ef:98:76:54;
			fixed-address 192.168.1.150;
		}
	}

I have broken down each line below, explaining what each one means and what it effects.

ddns-update-style none;

This setting disables dynamic DNS updates to be made to the designated DNS server.

subnet 192.168.1.0 netmask 255.255.255.0

Tells the DHCP server that the following block of settings apply to the specified IP subnet.

range 192.168.1.50 192.168.1.100;

Sets the range of IP addresses available in the lease pool.

default-lease-time 144000;

The lease length (in seconds) that the server would set to a lease if it does not receive a lease length from the client.

max-lease-time 192000;

The maximum lease length (in seconds) that the server will set, even though the client may request a longer lease length.

option subnet-mask 255.255.255.0;

The subnet mask of the network to send to the client.

option broadcast-address 192.168.1.255;

Sets the broadcast address of the particular subnet that the client would reside on. This is usually the very last IP address of an IP address range or subnet.

option routers 192.168.1.2;

Sets the default router option for the client.

option domain-name-servers 192.168.1.2, 192.168.1.3;

Sets the domain name server (DNS) list that the client would use for domain name resolution. The list is comma delimited and should be listed in order of first to last preferred server.

option domain-name "foo.org";

Sets the domain name option for the client, which the client would use (if properly supported) for domain name resolution as well what domain name to append to hostnames that are not fully qualified domain names.

host quux

This starts an IP reservation block to give a specific host a specific IP address (as if it were manually set with a static IP address).

hardware ethernet ab:cd:ef:98:76:54;

The Ethernet/MAC address that belongs to the client that would be leased a static address.

fixed-address 192.168.1.100;

The IP address of the reservation that would be given to the assigned client.

For more options and settings along with the syntax for each, refer to the dhcpd-options(5) manual page.

Once you have finished writing out the dhcpd.conf configuration file and have saved it under the proper directory, you are almost ready to set the server to startup the dæmon using an rc script. If you have installed ISC DHCP from a tarball, you will want to skip the following and click here in which you will need to create your own rc script.

If you have installed ISC DHCP from ports, you will need to make changes to the rc configuration file before continuing. Open up the rc.isc-dhcpd.conf file under /usr/local/etc (if the file is not there, copy the rc.isc-dhcpd.conf.sample file to rc.isc-dhcpd.conf) with your favorite text editor. You will see two shell script variables that are set to nothing by default, dhcpd_options and dhcpd_ifaces. Both variables are "sucked" in by the rc script prior to starting up the dæmon. To prevent the dæmon from displaying the copyright/license text each time it starts, add in "-q" (including the quotes) after the dhcpd_options variable. Next, you will want to set the network interface that the dæmon will listen to, which is critical if you will be running the dæmon on a FreeBSD firewall, gateway or router. For example, if the interface that you want to have the dæmon listen to is xl0, add "xl0" right after the dhcpd_ifaces variable. Below is the least that you would need in the file in order for the rc script to start properly:

	dhcpd_options="-q"
	dhcpd_ifaces="xl0"

Once you have saved the file, you are now ready to start up the DHCP dæmon to see if the configuration file is valid or not.

If you installed ISC DHCP from the Ports collection, the installer will automatically place a startup script under /usr/local/etc/rc.d named isc-dhcpd.sh.sample. In order for it to be picked up when the system is starting up, rename it to isc-dhcpd.sh and make sure that it has the executable bit set. Once the file has been renamed, you can startup the dæmon by running the following as root:

	# /usr/local/etc/rc.d/isc-dhcpd.sh start

If you have built and installed the service from a tarball, you will first need to create the isc-dhcpd.sh under /usr/local/etc/rc.d. Instead of storing the interfaces and command options under /usr/local/etc/rc.isc-dhcpd.conf, you will need to store them in the isc-dhcpd.sh. You will need to replace xl0 for the dhcpd_ifaces variable to the interface that you want the DHCP dæmon to listen on for requests.

	#!/bin/sh
	PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
	
	# set startup options here
	dhcpd_ifaces="xl0"
	dhcpd_options="-q"
	
	case "$1" in
	start)
		/usr/sbin/dhcpd ${dhcpd_options} ${dhcpd_ifaces} &&
		echo -n " dhcpd"
		;;
	stop)
		killall -9 dhcpd
		;;
	restart)
		$0 stop
		$0 start
		;;
	else)
		echo "usage: isc-dhcpd.sh {start|stop|restart}"
		;;
	esac

Once the dæmon has started, you will want to check /var/log/messages to make sure that no errors have been dumped into syslog. When the dæmon is running, the active DHCP leases will be stored in /var/db/dhcpd.leases in a format that closely resembles the DHCP dæmon configuration file.

Once you get your DHCP server up and running, there will be times that you will need to configure your server to handle devices that require special BOOTP settings, setup a failover DHCP server for high availability, or any other more advanced configurations. There are quite a few resources that you can refer to to help you out.

Below are a couple of online resources that you can use to either quickly find answers to your questions, or to post a message to a message list to get more detailed answers to more complex questions or issues.

• Nominum's DHCP FAQ: http://www.nominum.com/resources/faqs/dhcp-faq.html
• ISC DHCP FAQ: http://arsinfo.cit.buffalo.edu/FAQ/faq.cgi?pkg=ISC%20DHCP
• ISC DHCP Mailing List: http://isc.org/services/public/lists/dhcp-lists.html

The DHCP Handbook, written by Ralph E. Droms and Ted Lemon, provides an in-depth look at DHCP both on the client and on the server. The book's ISBN is 0672323273 and is published by Sams.

You can also use the manual pages installed with the ISC DHCP port or tarball to help build a working configuration or understand how the dæmon works.

• dhcpd.conf(5)
• dhcpd.leases(5)
• dhcp-options(5)
• dhcp-eval(5)
• dhcpd(8)

Linh Pham [ closedsrc.org | question-articles@closedsrc.org ]