Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: DISCOVERs from "unkown network segment" - suppress log
messages? (Darren Ankney)
2. Re: DISCOVERs from "unknown network segment" - suppress log
messages? (Sten Carlsen)
3. Re: DISCOVERs from "unkown network segment" - suppress log
messages? (Brennan,Andrew)
----------------------------------------------------------------------
Message: 1
Date: Mon, 28 Nov 2022 09:54:04 -0500
From: Darren Ankney <darren.ank...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DISCOVERs from "unkown network segment" - suppress log
messages?
Message-ID:
<cakabwhjj30huq5cb1eauq8hy1f0syatxoehdqxrnmth-f6n...@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
On Mon, Nov 28, 2022 at 9:36 AM Christina Siegenthaler <t...@ieu.uzh.ch> wrote:
> > As you say, simplest to just firewall the packets and ignore it.
>
> Tried that today, unfortunately to no avail. macOS has pf installed, but
> obviously pf does not / cannot block DHCP packets or the other way round,
> dhcpd grabs the DISCOVERs before pf rules come into effect. So I?m back to
> field one?
>
> Any other ideas?
The only other thing I could suggest would be to make the move to Kea
(https://www.isc.org/kea/) as you can set it to not use raw sockets
(listen on a udp socket instead) which is totally fine if all of your
dhcp traffic originates from one or more relay agents. if any of the
answers are going to be to local broadcast traffic, then raw sockets
would be the only possibility. Discussion about it here in the Kea
manual:
https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html#interface-configuration
If you are able to have the DHCP service listen on a normal UDP
socket, then pf should be able to police the traffic before the DHCP
service is able to grab the packet.
------------------------------
Message: 2
Date: Mon, 28 Nov 2022 16:11:44 +0100
From: Sten Carlsen <st...@s-carlsen.dk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DISCOVERs from "unknown network segment" - suppress log
messages?
Message-ID: <c6b4e06a-cbd8-4be2-9c2a-55aec412b...@s-carlsen.dk>
Content-Type: text/plain; charset="utf-8"
> On 28 Nov 2022, at 15.49, Neufeld, Keith <keith.neuf...@wichita.edu> wrote:
>
>>> Just think given the above, 200 request packets/second relayed to every
>>> DHCP server on the network 8-O That?s some serious wastage of resource.
>>> As you say, simplest to just firewall the packets and ignore it.
>>
>> Tried that today, unfortunately to no avail. macOS has pf installed, but
>> obviously pf does not / cannot block DHCP packets or the other way round,
>> dhcpd grabs the DISCOVERs before pf rules come into effect. So I?m back to
>> field one?
>>
>> Any other ideas?
>
> I'd be inclined to make a dhcpd.conf-not-our-subnets containing subnet
> declarations with no pools for all the other subnets that show up in your
> logs and "include" it into your dhcpd.conf .
>
> I've had mixed success with "ignore booting" over the years (some versions of
> the server it works, some it doesn't and I still get logs), but I'd
> definitely put it into each of the subnet declarations for wishful thinking.
> I know you already tried it in an individual host declaration, but still
> worth trying in a subnet.
I would use this option and also look into the allow/deny section of the man.
Also I would look at the authoritative statement to not send DHCPNAKs to
everybody else (or maybe do it to underline the situation).
After this I would look at filtering the log files to remove all the irrelevant
stuff before they are saved or looked at.
>
> Lacking an "ignore unknown subnets" configuration mechanism, it seems like
> this might work and be next best.
>
> --
> Keith Neufeld
> Director of Networking and Telecommunications
> Wichita State University
>
> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20221128/065c825c/attachment-0001.htm>
------------------------------
Message: 3
Date: Mon, 28 Nov 2022 15:14:13 +0000
From: "Brennan,Andrew" <andrew.bren...@drexel.edu>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DISCOVERs from "unkown network segment" - suppress log
messages?
Message-ID: <144a0a3c-4552-41f0-ab5b-f734b1636...@drexel.edu>
Content-Type: text/plain; charset="utf-8"
I?m of the mind that ?embedded OS networking? is frequently crap and I don?t
trust them to get anything right, but maybe the end-run here is to have the guy
with the printer simply stick a manually configured, static IP on there?
Or (if feeling malicious), feed the damn printer bad network settings until it
stops asking your server for them?
andrew.
On Nov 28, 2022, at 9:36 AM, Christina Siegenthaler
<t...@ieu.uzh.ch<mailto:t...@ieu.uzh.ch>> wrote:
Tried that today, unfortunately to no avail. macOS has pf installed, but
obviously pf does not / cannot block DHCP packets or the other way round, dhcpd
grabs the DISCOVERs before pf rules come into effect. So I?m back to field one?
Any other ideas?
Thanks, Tina
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20221128/3351184c/attachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 169, Issue 12
*******************************************
