xref: /src/external/mpl/dhcp/dist/README

	      Internet Systems Consortium DHCP Distribution
			     Version 4.4.3
			     9 March 2022

			      README FILE

You should read this file carefully before trying to install or use
the ISC DHCP Distribution.

			  TABLE OF CONTENTS

	1	WHERE TO FIND DOCUMENTATION
	2	RELEASE STATUS
	3	BUILDING THE DHCP DISTRIBUTION
	 3.1	 UNPACKING IT
	 3.2	 CONFIGURING IT
	  3.2.1	  DYNAMIC DNS UPDATES
	  3.2.2   LOCALLY DEFINED OPTIONS
	 3.3	 BUILDING IT
	4	INSTALLING THE DHCP DISTRIBUTION
	5	USING THE DHCP DISTRIBUTION
	 5.1	  FIREWALL RULES
	 5.2	 LINUX
	  5.2.1	  IF_TR.H NOT FOUND
	  5.2.2	  SO_ATTACH_FILTER UNDECLARED
	  5.2.3	  PROTOCOL NOT CONFIGURED
	  5.2.4	  BROADCAST
	  5.2.6	  IP BOOTP AGENT
	  5.2.7	  MULTIPLE INTERFACES
     5.3    ATF
	6	SUPPORT
	 6.1	 HOW TO REPORT BUGS
	7	HISTORY

		      WHERE TO FIND DOCUMENTATION

Documentation for this software includes this README file, the
RELNOTES file, and the manual pages, which are in the server, common,
client and relay subdirectories.  The README file (this file) includes
late-breaking operational and system-specific information that you
should read even if you don't want to read the manual pages, and that
you should *certainly* read if you run into trouble.  Internet
standards relating to the DHCP protocol are listed in the References
document that is available in html, txt and xml formats in doc/
subdirectory.  You will have the best luck reading the manual pages if
you build this software and then install it, although you can read
them directly out of the distribution if you need to.

DHCP server documentation is in the dhcpd man page.  Information about
the DHCP server lease database is in the dhcpd.leases man page.
Server configuration documentation is in the dhcpd.conf man page as
well as the dhcp-options man page.   A sample DHCP server
configuration is in the file server/dhcpd.conf.example.   The source for
the dhcpd, dhcpd.leases and dhcpd.conf man pages is in the server/ sub-
directory in the distribution.   The source for the dhcp-options.5
man page is in the common/ subdirectory.

DHCP Client documentation is in the dhclient man page.  DHCP client
configuration documentation is in the dhclient.conf man page and the
dhcp-options man page.  The DHCP client configuration script is
documented in the dhclient-script man page.   The format of the DHCP
client lease database is documented in the dhclient.leases man page.
The source for all these man pages is in the client/ subdirectory in
the distribution.   In addition, the dhcp-options man page should be
referred to for information about DHCP options. The client component
is End-of-Life and will not be part of future releases.

DHCP relay agent documentation is in the dhcrelay man page, the source
for which is distributed in the relay/ subdirectory. The relay component
is End-of-Life and will not be part of future releases.

KEA Migration Assistant documentation, including how to build, install
and use it, is included in the keama/ directory.

To read installed manual pages, use the man command.  Type "man page"
where page is the name of the manual page.   This will only work if
you have installed the ISC DHCP distribution using the ``make install''
command (described later).

If you want to read manual pages that aren't installed, you can type
``nroff -man page |more'' where page is the filename of the
unformatted manual page.  The filename of an unformatted manual page
is the name of the manual page, followed by '.', followed by some
number - 5 for documentation about files, and 8 for documentation
about programs.   For example, to read the dhcp-options man page,
you would type ``nroff -man common/dhcp-options.5 |more'', assuming
your current working directory is the top level directory of the ISC
DHCP Distribution.

Please note that the pathnames of files to which our manpages refer
will not be correct for your operating system until after you iterate
'make install' (so if you're reading a manpage out of the source
directory, it may not have up-to-date information).

				RELEASE STATUS

Version 4.4.3 is a maintenance release of the DHCP client, relay and
server. It is the final release for the client and relay components,
which have reached end-of-life and will no longer be maintained.

		    BUILDING THE DHCP DISTRIBUTION

			     UNPACKING IT

To build the DHCP Distribution, unpack the compressed tar file using
the tar utility and the gzip command - type something like:

	gunzip dhcp-4.4.3.tar.gz
	tar xvf dhcp-4.4.3.tar

			    CONFIGURING IT

Now, cd to the dhcp-4.4.3 subdirectory that you've just created and
configure the source tree by typing:

	./configure

If the configure utility can figure out what sort of system you're
running on, it will create a custom Makefile for you for that
system; otherwise, it will complain.  If it can't figure out what
system you are using, that system is not supported - you are on
your own.

Several options may be enabled or disabled via the configure command.
You can get a list of these by typing:

	./configure --help

If you want to use dynamic shared libraries automake, autoconf
(aka GNU autotools) and libtool must be available. The DHCP
distribution provides 3 configure.ac* files: the -lt version
has no libtool support and was copied to the configure.ac
standard file in the distribution. To enable libtool support
you should perform these steps:

	cp configure.ac+lt configure.ac
	autoreconf -i

after you can use the regenerated configure as usual
(with libtool support (--enable-libtool) on by default):

	./configure

For compatibility (and people who don't read this documentation)
the --enable-libtool configuration file is supported even by
the distributed configure (and off by default). The previous
steps are performed and the regenerated configure called with
almost the same parameters (this "almost" makes the use of
this feature not recommended).

Note you can't go back from with libtool support to without libtool
support by restoring configure.ac and rerun autoreconf. If you
want or need to restore the without libtool support state the
required way is to simply restore the whole distribution.

			 DYNAMIC DNS UPDATES

A fully-featured implementation of dynamic DNS updates is included in
this release.  It uses libraries from BIND and, to avoid issues with
different versions, includes the necessary BIND version.  The appropriate
BIND libraries will be compiled and installed in the bind subdirectory
as part of the make step.  In order to build the necessary libraries you
will need to have "gmake" available on your build system.


There is documentation for the DDNS support in the dhcpd.conf manual
page - see the beginning of this document for information on finding
manual pages.

		       LOCALLY DEFINED OPTIONS

In previous versions of the DHCP server there was a mechanism whereby
options that were not known by the server could be configured using
a name made up of the option code number and an identifier:
"option-nnn"   This is no longer supported, because it is not future-
proof.   Instead, if you want to use an option that the server doesn't
know about, you must explicitly define it using the method described
in the dhcp-options man page under the DEFINING NEW OPTIONS heading.

			     BUILDING IT

Once you've run configure, just type ``make'', and after a while
you should have a dhcp server.  If you get compile errors on one
of the supported systems mentioned earlier, please let us know.
If you get warnings, it's not likely to be a problem - the DHCP
server compiles completely warning-free on as many architectures
as we can manage, but there are a few for which this is difficult.
If you get errors on a system not mentioned above, you will need
to do some programming or debugging on your own to get the DHCP
Distribution working.

If you cross compile you have to follow the instructions from
the BIND README, in particular you must set the BUILD_CC
environment variable.

		   INSTALLING THE DHCP DISTRIBUTION

Once you have successfully gotten the DHCP Distribution to build, you
can install it by typing ``make install''.   If you already have an old
version of the DHCP Distribution installed, you may want to save it
before typing ``make install''.

		     USING THE DHCP DISTRIBUTION

			    FIREWALL RULES

If you are running the DHCP server or client on a computer that's also
acting as a firewall, you must be sure to allow DHCP packets through
the firewall.  In particular, your firewall rules _must_ allow packets
from IP address 0.0.0.0 to IP address 255.255.255.255 from UDP port 68
to UDP port 67 through.  They must also allow packets from your local
firewall's IP address and UDP port 67 through to any address your DHCP
server might serve on UDP port 68.  Finally, packets from relay agents
on port 67 to the DHCP server on port 67, and vice versa, must be
permitted.

We have noticed that on some systems where we are using a packet
filter, if you set up a firewall that blocks UDP port 67 and 68
entirely, packets sent through the packet filter will not be blocked.
However, unicast packets will be blocked.   This can result in strange
behaviour, particularly on DHCP clients, where the initial packet
exchange is broadcast, but renewals are unicast - the client will
appear to be unable to renew until it starts broadcasting its
renewals, and then suddenly it'll work.   The fix is to fix the
firewall rules as described above.

			   PARTIAL SERVERS

If you have a server that is connected to two networks, and you only
want to provide DHCP service on one of those networks (e.g., you are
using a cable modem and have set up a NAT router), if you don't write
any subnet declaration for the network you aren't supporting, the DHCP
server will ignore input on that network interface if it can.  If it
can't, it will refuse to run - some operating systems do not have the
capability of supporting DHCP on machines with more than one
interface, and ironically this is the case even if you don't want to
provide DHCP service on one of those interfaces.

				LINUX

There are three big LINUX issues: the all-ones broadcast address,
Linux 2.1 ip_bootp_agent enabling, and operations with more than one
network interface.   There are also two potential compilation/runtime
problems for Linux 2.1/2.2: the "SO_ATTACH_FILTER undeclared" problem
and the "protocol not configured" problem.

		    LINUX: PROTOCOL NOT CONFIGURED

If you get the following message, it's because your kernel doesn't
have the Linux packetfilter or raw packet socket configured:

 Make sure CONFIG_PACKET (Packet socket) and CONFIG_FILTER (Socket
 Filtering) are enabled in your kernel configuration

If this happens, you need to configure your Linux kernel to support
Socket Filtering and the Packet socket, or to select a kernel provided
by your Linux distribution that has these enabled (virtually all modern
ones do by default).

			   LINUX: BROADCAST

If you are running a recent version of Linux, this won't be a problem,
but on older versions of Linux (kernel versions prior to 2.2), there
is a potential problem with the broadcast address being sent
incorrectly.

In order for dhcpd to work correctly with picky DHCP clients (e.g.,
Windows 95), it must be able to send packets with an IP destination
address of 255.255.255.255.  Unfortunately, Linux changes an IP
destination of 255.255.255.255 into the local subnet broadcast address
(here, that's 192.5.5.223).

This isn't generally a problem on Linux 2.2 and later kernels, since
we completely bypass the Linux IP stack, but on old versions of Linux
2.1 and all versions of Linux prior to 2.1, it is a problem - pickier
DHCP clients connected to the same network as the ISC DHCP server or
ISC relay agent will not see messages from the DHCP server.   It *is*
possible to run into trouble with this on Linux 2.2 and later if you
are running a version of the DHCP server that was compiled on a Linux
2.0 system, though.

It is possible to work around this problem on some versions of Linux
by creating a host route from your network interface address to
255.255.255.255.   The command you need to use to do this on Linux
varies from version to version.   The easiest version is:

	route add -host 255.255.255.255 dev eth0

On some older Linux systems, you will get an error if you try to do
this.   On those systems, try adding the following entry to your
/etc/hosts file:

255.255.255.255	all-ones

Then, try:

	route add -host all-ones dev eth0

Another route that has worked for some users is:

	route add -net 255.255.255.0 dev eth0

If you are not using eth0 as your network interface, you should
specify the network interface you *are* using in your route command.

			LINUX: IP BOOTP AGENT

Some versions of the Linux 2.1 kernel apparently prevent dhcpd from
working unless you enable it by doing the following:

	      echo 1 >/proc/sys/net/ipv4/ip_bootp_agent


		      LINUX: MULTIPLE INTERFACES

Very old versions of the Linux kernel do not provide a networking API
that allows dhcpd to operate correctly if the system has more than one
broadcast network interface.  However, Linux 2.0 kernels with version
numbers greater than or equal to 2.0.31 add an API feature: the
SO_BINDTODEVICE socket option.  If SO_BINDTODEVICE is present, it is
possible for dhcpd to operate on Linux with more than one network
interface.  In order to take advantage of this, you must be running a
2.0.31 or greater kernel, and you must have 2.0.31 or later system
headers installed *before* you build the DHCP Distribution.

We have heard reports that you must still add routes to 255.255.255.255
in order for the all-ones broadcast to work, even on 2.0.31 kernels.
In fact, you now need to add a route for each interface.   Hopefully
the Linux kernel gurus will get this straight eventually.

Linux 2.1 and later kernels do not use SO_BINDTODEVICE or require the
broadcast address hack, but do support multiple interfaces, using the
Linux Packet Filter.

			     LINUX: OpenWrt

DHCP 4.1 has been tested on OpenWrt 7.09 and 8.09.  In keeping with
standard practice, client/scripts now includes a dhclient-script file
for OpenWrt.  However, this is not sufficient by itself to run dhcp on
OpenWrt; a full OpenWrt package for DHCP is available at
ftp://ftp.isc.org/isc/dhcp/dhcp-4.1.0-openwrt.tar.gz

		    LINUX: 802.1q VLAN INTERFACES

If you're using 802.1q vlan interfaces on Linux, it is necessary to
vconfig the subinterface(s) to rewrite the 802.1q information out of
packets received by the dhcpd daemon via LPF:

	vconfig set_flag eth1.523 1 1

Note that this may affect the performance of your system, since the
Linux kernel must rewrite packets received via this interface.  For
more information, consult the vconfig man pages.


			       ATF

Please see the file DHCP/doc/devel/atf.dox for a description of building
and using these tools.

The optional unit tests use ATF (Automated Testing Framework) including
the atf-run and atf-report tools. ATF deprecated these tools in
version 0.19 and removed these tools from its sources in version 0.20,
requiring you to get an older version, use Kyua with an ATF compatibility
package or use the version included in the Bind sources.

			       SUPPORT

The Internet Systems Consortium DHCP server is developed and distributed
by ISC in the public trust, thanks to the generous donations of its
sponsors.  ISC now also offers commercial quality support contracts for
ISC DHCP, more information about ISC Support Contracts can be found at
the following URL:

	https://www.isc.org/support/

Please understand that we may not respond to support inquiries unless
you have a support contract.  ISC will continue its practice of always
responding to critical items that effect the entire community, and
responding to all other requests for support upon ISC's mailing lists
on a best-effort basis.

However, ISC DHCP has attracted a fairly sizable following on the
Internet, which means that there are a lot of knowledgeable users who
may be able to help you if you get stuck.  These people generally
read the dhcp-users (a] isc.org mailing list.  Be sure to provide as much
detail in your query as possible.

If you are going to use ISC DHCP, you should probably subscribe to
the dhcp-users or dhcp-announce mailing lists.

WHERE TO SEND FEATURE REQUESTS: We like to hear your feedback.  We may
not respond to it all the time, but we do read it.  If ISC DHCP doesn't
work well for you, or you have an idea that would improve it for your
use, please create an issue at https://gitlab.isc.org/isc-projects/dhcp/issues.
This is also an excellent place to send patches that add new features.

WHERE TO REPORT BUGS: If you want the act of sending in a bug report
to result in you getting help in the form of a fixed piece of
software, you are asking for help.  Your bug report is helpful to us,
but fundamentally you are making a support request, so please use the
addresses described in the previous paragraphs.  If you are _sure_ that
your problem is a bug, and not user error, or if your bug report
includes a patch, you can submit it to our ticketing system at
https://gitlab.isc.org/isc-projects/dhcp/issues.  If you have not received
a notice that the ticket has been resolved, then we're still working on it.
Notice that this is the final release that features client and relay
components. Reporting bugs in them makes limited sense. The ISC team
will not be fixing any issues related to client or relay. They may be
useful for other users to document some problems or perhaps discuss
and share workarounds.

PLEASE DO NOT REPORT BUGS IN OLD SOFTWARE RELEASES!  Fetch the latest
release and see if the bug is still in that version of the software,
and if it is still present, _then_ report it.  ISC release versions
always have three numbers, for example: 1.2.3.  The 'major release' is
1 here, the 'minor release' is 2, and the 'maintenance release' is 3.

PLEASE take a moment to determine where the ISC DHCP distribution
that you're using came from.  ISC DHCP is sometimes heavily modified
by integrators in various operating systems - it's not that we
feel that our software is perfect and incapable of having bugs, but
rather that it is very frustrating to find out after many days trying
to help someone that the sources you're looking at aren't what they're
running.  When in doubt, please retrieve the source distribution from
ISC's web page and install it.

		HOW TO REPORT BUGS OR REQUEST HELP

When you report bugs or ask for help, please provide us complete
information.  A list of information we need follows.  Please read it
carefully, and put all the information you can into your initial bug
report.  This will save us a great deal of time and more informative
bug reports are more likely to get handled more quickly overall.

      1.  The specific operating system name and version of the
	  machine on which the DHCP server or client is running.
      2.  The specific operating system name and version of the
	  machine on which the client is running, if you are having
	  trouble getting a client working with the server.
      3.  If you're running Linux, the version number we care about is
	  the kernel version and maybe the library version, not the
	  distribution version - e.g., while we don't mind knowing
	  that you're running Redhat version mumble.foo, we must know
	  what kernel version you're running, and it helps if you can
	  tell us what version of the C library you're running,
	  although if you don't know that off the top of your head it
	  may be hard for you to figure it out, so don't go crazy
	  trying.
      4.  The specific version of the DHCP distribution you're
	  running, as reported by dhcpd -t.
      5.  Please explain the problem carefully, thinking through what
	  you're saying to ensure that you don't assume we know
	  something about your situation that we don't know.
      6.  Include your dhcpd.conf and dhcpd.leases file as MIME attachments
	  if they're not over 100 kilobytes in size each.  If they are
	  this large, please make them available to us, e.g., via a hidden
	  http:// URL or FTP site.  If you're not comfortable releasing
	  this information due to sensitive contents, you may encrypt
	  the file to our release signing key, available on our website.
      7.  Include a log of your server or client running until it
	  encounters the problem - for example, if you are having
	  trouble getting some client to get an address, restart the
	  server with the -d flag and then restart the client, and
	  send us what the server prints.   Likewise, with the client,
	  include the output of the client as it fails to get an
	  address or otherwise does the wrong thing.   Do not leave
	  out parts of the output that you think aren't interesting.
      8.  If the client or server is dumping core, please run the
	  debugger and get a stack trace, and include that in your
	  bug report.   For example, if your debugger is gdb, do the
	  following:

		gdb dhcpd dhcpd.core
		(gdb) where
		      [...]
		(gdb) quit

	  This assumes that it's the dhcp server you're debugging, and
	  that the core file is in dhcpd.core.

Please see https://www.isc.org/dhcp/ for details on how to subscribe
to the ISC DHCP mailing lists.

			       HISTORY

ISC DHCP was originally written by Ted Lemon under a contract with
Vixie Labs with the goal of being a complete reference implementation
of the DHCP protocol.  Funding for this project was provided by
Internet Systems Consortium. The first release of the ISC DHCP
distribution in December 1997 included just the DHCP server.
Release 2 in June 1999 added a DHCP client and a BOOTP/DHCP relay
agent. DHCP 3 was released in October 2001 and included DHCP failover
support, OMAPI, Dynamic DNS, conditional behaviour, client classing,
and more. Version 3 of the DHCP server was funded by Nominum, Inc.
The 4.0 release in December 2007 introduced DHCPv6 protocol support
for the server and client. The client and relay components reached
their End-of-Life in January 2022.

This product includes cryptographic software written
by Eric Young (eay (a] cryptsoft.com).