The idea is to prevent clients from receiving a DHCP address if this client (host) is not described in dhcpd.conf .

I didn’t find that functionality in dhcp ( maybe I didn’t look good ), but I don’t feel like cramming crutches.

  • Long time did not take checkers in hand, but it seems, you are mistaken. And we need to reconsider carefully. - Sergey
  • @Sergey poke a checker, then. I mean, with my nose in a dhcp checker. - approximatenumber
  • one
    If all the necessary hosts are registered in conf, and the dynamic range (subnet with range) is not described, then dhcpd simply will not give out IP from and it will not issue them. On the other hand, such a configuration is ugly. I for example keep two subnets on interfaces. One for registered users and another for unknowns (with range). All requests for web from unknown people come to the server which informs them that "your machine is not registered" - Mike
  • @Mike By the way, a good idea - just remove the range , I have not tried this. The solution is not so beautiful, but it is necessary that the host does not have access to the network at all if it is not on the allowed list. - approximatenumber
  • And the host will have access to the physical network. If dhcp does not give him an address, he will take an address from the range 169.254 (regardless of you), and unique and all such hosts will be able to communicate with each other - Mike

1 answer 1

implementations of dhcpd are different. so check with your dhcpd documentation if it supports the deny and allow directives.

An example can be seen, for example, here :

 subnet 10.0.0.0 netmask 255.255.255.0 { option routers 10.0.0.254; # Unknown clients get this pool. pool { option domain-name-servers bogus.example.com; max-lease-time 300; range 10.0.0.200 10.0.0.253; allow unknown-clients; } # Known clients get this pool. pool { option domain-name-servers ns1.example.com, ns2.example.com; max-lease-time 28800; range 10.0.0.5 10.0.0.199; deny unknown-clients; } }
  • deny unknown-clients is the option I missed in the documentation. However, I did not understand why the сервер tag does not fit the DHCP server - approximatenumber
  • about tags, I adhere to the following considerations: “Can there be a„ specialist for this tag “?”. in my opinion, the “server” specialist cannot exist: it is too comprehensive. well, such as the label "computer" or "programming", etc. - aleksandr barakin
  • Perhaps you `re right. Thus, one simply should not allow such abstract and common labels to exist. - approximatenumber
  • as far as I understand, such tags on Stack Overflow are usually called “meta tags”. look for information about them on Stack Overflow in Russian Meta . - aleksandr barakin