09/24/96, 4FAX# 5934 Configuration Of The DHCP Server SPECIAL NOTICES Information in this document is correct to the best of our knowledge at the time of this writing. Please send feedback by fax to "AIXServ Information" at (512) 823-4009. Please use this information with care. IBM will not be responsible for damages of any kind resulting from its use. The use of this information is the sole responsibility of the customer and depends on the customer's ability to eval- uate and integrate this information into the customer's operational environment. ABOUT THIS DOCUMENT This document describes basic setup and configuration tips for the DHCP server in conjunction with tcpip. This informa- tion applies to: o AIX version 4.1.4 o AIX version 4.2.0 This document was written and tested with the above oper- ating systems. The provided explanations, techniques, and procedures have been reviewed for technical accuracy and applicability. Though the techniques and information con- tained in this item may work on other levels of the oper- ating system, it has not necessarily been tested. Normal precautions should be taken in adopting these same tech- niques and procedures in your own environment. Configuration Of The DHCP Server 1 09/24/96, 4FAX# 5934 TABLE OF CONTENTS Configuration Of The DHCP Server . . . . . . . . . . . 2 SECTION 1: Different Configurations: . . . . . . . . . 3 CASE 1: Basic DHCP server configuration. Simple ipaddress range. . . . . . . . . . . . . . . . . . . 3 CASE 2: Simple ipaddress range with subnets and sub-ranges. . . . . . . . . . . . . . . . . . . . . 5 CASE 3: Client ipaddress assignment and exclusion. . 6 CASE 4: Multiple network assignments. . . . . . . . 7 CASE 5: Bootp client support. . . . . . . . . . . . 8 CASE 6: DDNS and the Nameserver configuration. . . . 8 SECTION 2: Code related information: . . . . . . . . . 10 SECTION 3: . . . . . . . . . . . . . . . . . . . . . . 12 Troubleshooting and errors commonly found in the DHCP server log file. . . . . . . . . . . . . . . . . . . . 12 SECTION 4: . . . . . . . . . . . . . . . . . . . . . . 13 Reader's Comments . . . . . . . . . . . . . . . . . . . 15 CONFIGURATION OF THE DHCP SERVER There are numerous configurations and network topologies to consider when configuring a DHCP server. The server config- uration file /etc/dhcpsd.cnf contains entries for logging information, options to return, machines to configure, and other items. Recommended Reading and Documentation: Any AIX 4.1.4 or 4.2.0 system with InfoExplorer contains a detailed description of the DHCP server, client and relay agent proc- esses and their respective configuration file formats. Other related information is found in InfoExplorer using the TCP/IP and DNS search paths. Configuration Of The DHCP Server 2 09/24/96, 4FAX# 5934 SECTION 1: DIFFERENT CONFIGURATIONS: CASE 1: Basic DHCP server configuration. Simple ipaddress range. File: /etc/dhcpsd.cnf NOTE: This information does not contain the usual documen- tation found inside the /etc/dhcpsd.cnf file. Please change option 15 to your domain name. EXAMPLE #1 network 144.21.13.0 144.21.13.191-144.21.13.222 { option 1 255.255.255.0 option 3 144.21.13.11 option 6 144.21.13.31 option 15 austin.ibm.com } numLogFiles 4 logFileSize 100 logFileName /usr/tmp/dhcpsd.log logItem SYSERR logItem OBJERR logItem PROTERR logItem WARNING logItem EVENT logItem ACTION logItem INFO logItem ACNTING logItem TRACE leaseTimeDefault 30 minute leaseExpireInterval 3 minute supportBOOTP Yes supportUnlistedClients Yes The following two lines of code should appear on one line. updateDNS "/usr/sbin/dhcpaction '%s' '%s' '%s' '%s' BOTH NONIM >> /tmp/updns.out 2>&1 " Configuration Of The DHCP Server 3 09/24/96, 4FAX# 5934 EXAMPLE #2 network 144.21.0.0 24 { subnet 144.21.16.0 144.21.16.191-144.21.16.222 { option 1 255.255.255.0 option 3 144.21.16.11 option 6 144.21.13.31 option 15 austin.ibm.com } } numLogFiles 4 logFileSize 100 logFileName /usr/tmp/dhcpsd.log logItem SYSERR logItem OBJERR logItem PROTERR logItem WARNING logItem EVENT logItem ACTION logItem INFO logItem ACNTING logItem TRACE leaseTimeDefault 30 minute leaseExpireInterval 3 minute supportBOOTP Yes supportUnlistedClients Yes The following two lines of code should appear on one line. updateDNS "/usr/sbin/dhcpaction '%s' '%s' '%s' '%s' BOTH NONIM >> /tmp/updns.out 2>&1 " Configuration Of The DHCP Server 4 09/24/96, 4FAX# 5934 CASE 2: Simple ipaddress range with subnets and sub-ranges. File: /etc/dhcpsd.cnf NOTE: This information does not contain the usual documen- tation found inside the /etc/dhcpsd.cnf file. NOTE: Please change option 15 to your domain name. network 171.28.0.0 24 { option 1 255.255.255.0 option 6 144.21.13.31 option 15 subdomain.austin.ibm.com subnet 171.28.4.0 171.28.4.220-171.28.4.250 { option 3 171.28.4.10 } subnet 171.28.7.0 171.28.7.220-171.28.7.250 { option 3 171.28.7.10 } subnet 171.28.16.0 171.28.16.220-171.28.16.250 { option 3 171.28.16.10 } subnet 171.28.17.0 171.28.17.220-171.28.17.250 { option 3 171.28.17.10 } } numLogFiles 4 logFileSize 100 logFileName /usr/tmp/dhcpsd.log logItem SYSERR logItem OBJERR logItem PROTERR logItem WARNING logItem EVENT logItem ACTION logItem INFO logItem ACNTING logItem TRACE leaseTimeDefault 30 minute leaseExpireInterval 3 minute supportBOOTP Yes supportUnlistedClients Yes The following two lines of code should appear on one line. updateDNS "/usr/sbin/dhcpaction '%s' '%s' '%s' '%s' BOTH NONIM >> /tmp/updns.out 2>&1 " Configuration Of The DHCP Server 5 09/24/96, 4FAX# 5934 CASE 3: Client ipaddress assignment and exclusion. File: /etc/dhcpsd.cnf NOTE: This information does not contain the usual documen- tation found inside the /etc/dhcpsd.cnf file. NOTE: Please change option 15 to your domain name. The 'Client assignment' line shows how to give this client the same ipaddress every time. Only this client can receive this ipaddress. The 'Client exclusion' line shows how to deny or exclude this ipaddress. No client can receive this ipaddress. The server status will show 'Not Available' for this ipaddress. network 144.21.0.0 24 { subnet 144.21.16.0 144.21.16.195-144.21.16.220 { client 1 0x00aa00c12c2d 144.21.16.199 # Client assignment client 0 0 144.21.16.200 # Client exclusion option 1 255.255.255.0 option 3 144.21.16.11 option 6 144.21.13.31 option 15 austin.ibm.com } } numLogFiles 4 logFileSize 100 logFileName /usr/tmp/dhcpsd.log logItem SYSERR logItem OBJERR logItem PROTERR logItem WARNING logItem EVENT logItem ACTION logItem INFO logItem ACNTING logItem TRACE leaseTimeDefault 30 minute leaseExpireInterval 3 minute supportBOOTP Yes supportUnlistedClients Yes The following two lines of code should appear on one line. updateDNS "/usr/sbin/dhcpaction '%s' '%s' '%s' '%s' BOTH NONIM >> /tmp/updns.out 2>&1 " Configuration Of The DHCP Server 6 09/24/96, 4FAX# 5934 CASE 4: Multiple network assignments. File: /etc/dhcpsd.cnf NOTE: Please change option 15 to your domain name. network 144.21.13.0 144.21.13.191-144.21.13.222 { option 1 255.255.255.0 option 3 144.21.13.11 option 6 144.21.13.31 option 15 austin.ibm.com } network 144.21.0.0 24 { subnet 144.21.16.0 144.21.16.195-144.21.16.220 { option 1 255.255.255.0 option 3 144.21.16.11 option 6 144.21.13.31 option 15 austin.ibm.com } } network 171.28.0.0 24 { option 1 255.255.255.0 option 6 144.21.13.31 option 15 austin.ibm.com subnet 171.28.4.0 171.28.4.220-171.28.4.250 { option 3 171.28.4.10 } subnet 171.28.7.0 171.28.7.220-171.28.7.250 { option 3 171.28.7.10 } subnet 171.28.16.0 171.28.16.220-171.28.16.250 { option 3 171.28.16.10 } subnet 171.28.17.0 171.28.17.220-171.28.17.250 { option 3 171.28.17.10 } } #Log file and trace information. See other examples in other cases. The following two lines of code should appear on one line. updateDNS "/usr/sbin/dhcpaction '%s' '%s' '%s' '%s' BOTH NONIM >> /tmp/updns.out 2>&1 " Configuration Of The DHCP Server 7 09/24/96, 4FAX# 5934 CASE 5: Bootp client support. File: /etc/dhcpsd.cnf NOTE: This information does not contain the usual documen- tation found inside the /etc/dhcpsd.cnf file. supportBOOTP Yes supportUnlistedClients Yes These lines are not mutually exclusive. They should both be 'yes' to support bootp clients. /usr/sbin/bootptodhcp is a co nverter routine for bootp client support. The following steps should be taken to support bootp clients: 1. Configure bootp clients in /etc/bootptab . Make sure this works. 2. Comment out the bootp line in the /etc/inetd.conf file. 3. Run /usr/sbin/bootptodhcp 4. Edit the /etc/dhcpsd.cnf file and add SA records for the bootp clients in the form: sa=ipaddress where ipaddress is the bootp server. 5. Start dhcpsd daemon. IX58812 for a problem with a backslash "\" in /etc/bootptab. CASE 6: DDNS and the Nameserver configuration. File: /etc/dhcpsd.cnf NOTE: This information does not contain the usual documen- tation found inside the /etc/dhcpsd.cnf file. The following two lines of code should appear on one line. updateDNS "/usr/sbin/dhcpaction '%s' '%s' '%s' '%s' BOTH NONIM >> This line must be uncommented in the /etc/dhcpsd.cnf file. The nameserver must support DDNS. At the time of this writing, AIX v4.1.4 and AIX v4.2.0 are the only operating systems that support DDNS. No other vendor's OS supports DDNS with the exception of WindowsNT beta v4. This beta or test version of WindowsNT may support DDNS. Please perform the following steps for DHCP and DDNS: /etc/dhcpsd.cnf file: 1. Uncomment the line that reads: The following two lines of code should appear on one line. Configuration Of The DHCP Server 8 09/24/96, 4FAX# 5934 updateDNS "/usr/sbin/dhcpaction '%s' '%s' '%s' '%s' PTR NONIM >> The 'PTR' means the pointer record will be updated. This is the default value. If you want to update the 'A' record and the pointer record, you should change the 'PTR' to 'BOTH'. That line will read: The following two lines of code should appear on one line. updateDNS "/usr/sbin/dhcpaction '%s' '%s' '%s' '%s' BOTH NONIM >> 2. Change the /etc/named.boot file as follows: primary domainname.com /etc/named.data dynamic controlled primary in-addr.arpa /etc/named.rev dynamic controlled The 'dynamic' keyword is required for the named.rev line if the updateDNS line shows the 'PTR' update. Since the updateDNS line shows 'BOTH NONIM' then the 'dynamic' keyword is required for the named.data and named.rev lines in the /etc/named.boot file. Add the keyword 'controlled' to the dynamic lines as it acts like secured and allows updates. Refresh the named subsystem: 'refresh -s named' DDNS is documented in Info-Explorer using the following search path: 'List of Books' 'AIX V4.1 System Management Guide: Communications and Networks' 'TCPIP Name Resolution' EXAMPLE /ETC/NAMED.BOOT FILE: primary ztrans.com /etc/named.data dynamic controlled primary 0.0.127.in-addr.arpa /etc/named.local primary 32.3.9.in-addr.arpa /etc/named.rev cache . /etc/named.ca Configuration Of The DHCP Server 9 09/24/96, 4FAX# 5934 SECTION 2: CODE RELATED INFORMATION: To check the code level installed on your DHCP server, run the command: lslpp -h bos.net.tcp.server The output for base level of AIX v4.1.4 shows: Fileset Level Action Status Date Time ------------------------------------------------------------ Path: /usr/lib/objrepos bos.net.tcp.server 4.1.4.0 COMMIT COMPLETE 10/18/95 06:54:42 Path: /etc/objrepos bos.net.tcp.server 4.1.4.0 COMMIT COMPLETE 10/18/95 06:58:18 The latest version of bos.net.tcp.server as of 7-17-96 is: 4.1.4.12 The latest version of bos.net.tcp.client as of 7-17-96 is: 4.1.4.13 A system with the latest fixes will show the following levels for the tcpip subsystems: lslpp -h bos.net.tcp.server Fileset Level Action Status Date Time ------------------------------------------------------------- Path: /usr/lib/objrepos bos.net.tcp.server 4.1.4.0 COMMIT COMPLETE 02/20/96 19:08:59 4.1.4.6 COMMIT COMPLETE 02/26/96 15:16:24 4.1.4.8 APPLY COMPLETE 04/08/96 23:29:58 4.1.4.9 COMMIT COMPLETE 01/01/70 02:20:47 4.1.4.11 COMMIT COMPLETE 07/13/96 17:44:28 4.1.4.12 COMMIT COMPLETE 07/13/96 19:27:09 lslpp -h bos.net.tcp.client Fileset Level Action Status Date Time -------------------------------------------------------------- Path: /usr/lib/objrepos bos.net.tcp.client 4.1.4.0 COMMIT COMPLETE 02/20/96 15:30:29 4.1.4.6 COMMIT COMPLETE 02/26/96 15:15:59 4.1.4.9 COMMIT COMPLETE 03/21/96 18:25:26 4.1.4.10 APPLY COMPLETE 04/08/96 23:31:32 4.1.4.12 COMMIT COMPLETE 01/01/70 02:20:46 4.1.4.13 COMMIT COMPLETE 07/13/96 17:44:24 The following fixes have been identified and released. These fixes bring the tcpip subsystems (tcp.server, tcp.client) to versions higher than 4.1.4.0: Configuration Of The DHCP Server 10 09/24/96, 4FAX# 5934 APAR DESCRIPTION PTF -------------------------------------------------------------- named: IX52536 AIX 4.1.4.0 MAINTENANCE LEVEL U439825 IX55067 ZONE IS NOT ALSO AUTH OF UPDATES U440912 IX54609 NAMED CAN DUMP CORE WHEN DOING A DUMP U440912 IX55069 NEED TO PUT BACK -T FUNCTIONALITY IN NEW NAMED PORT U440912 IX55215 NAMED DIES ON READING INCORRECT DATA FILE U440912 IX55267 NAMED DOES NOT DO ZONE TRANSFERS U441125 IX57233 NAMED-XFEER DOESN'T HANDLE SIG AND KEY RECORDS U442872 IX56497 DNS CERT ADVISORY UPDATE FOR DNS 4.9.3 not ready dhcpsd: IX52536 AIX 4.1.4.0 MAINTENANCE LEVEL U439825 IX55066 DHCP:DHCPSD HAS PROTOCOL LEVEL PROBLEMS U440912 WITH DHCPREQUESTS/GWS IX57083 X-STATIONS NOT BOOTING WITH DHCPSD U442872 IX58989 DHCP server fails in bridged ethernet to fddi U444117 IX58990 DHCP server fails in bridged tokenring to fddi U444117 dhcprd: IX52536 AIX 4.1.4.0 MAINTENANCE LEVEL U439825 IX55072 DHCP:DHCPRD DOESN'T EXIST IF CONFIG IS EMPTY U440912 IX55068 DHCPRD DOESN'T HAVE GOOD DEFAULT LOGGING VALUESU441683 IX55077 DHCP:MSG SET 1 MSG 37 IN DHCPRD MISSPELLED U440912 dhcpcd: IX52536 AIX 4.1.4.0 MAINTENANCE LEVEL U439825 IX55073 DHCP:THE CLEINT DOESN'T START IF NO INTERFACES UP U440957 IX55075 DHCP:IP_DHCPMODE IS STILL ON WHEN DHCPCD EXITS U441683 IX55071 DHCP:DHCPCD DOESN'T SET DOMAIN IN /ETC/RESOLV.CONF U440957 IX55271 REMOVE PROPER NAME FROM DHCPCD.INI U440957 dhcpaction: IX55070 DHCP:DHCPACTION NEEDS TO REMOVE TRAILING DOTS U440957 dhcpsconf: IX56898 DHCPSCONF CORE DUMPS U441947 =============================================================== U440912 = 4.1.4.4 tcp.server U441947 = 4.1.4.7 tcp.server U442872 = 4.1.4.8 tcp.server U444117 = 4.1.4.12 tcp.server U440957 = 4.1.4.4 tcp.client U441723 = 4.1.4.8 tcp.client U443181 = 4.1.4.13 tcp.client =============================================================== Configuration Of The DHCP Server 11 09/24/96, 4FAX# 5934 SECTION 3: TROUBLESHOOTING AND ERRORS COMMONLY FOUND IN THE DHCP SERVER LOG FILE. Error message #1: ------------------------------------------------------------ INFO: getPortNum: dhcps/udp unknown service, assuming port 67 SYSERR: createMailbox: bind socket failed - The socket name is already in use. SYSERR: main: cannot create transport facility. Exit dhcpsd. log: END ------------------------------------------------------------- When the above error is received, it is common for the dhcpsd process to die. This error is common when bootp is running under inetd. bootpd and dhcpsd cannot run at the same time. The dhcpsd process uses the same service port as bootps; however, dhcpsd is not an inetd subserver and is started in the /etc/rc.tcpip file not /etc/inetd.conf. The boot ps line in /etc/inetd.conf must be commented out with the '#'. inetd must be refreshed using the command: refresh -s inetd . The bootps line in /etc/services remains as is: bootps 67/udp # bootp server port Error message #2: ------------------------------------------------------------ TRACE: am_queryClient: client 1-0x00aa00c12c2d is not known to address mapper, ask clientele TRACE: cl_queryClientele: client 1-0x00aa00c12c2d rejected in clientele list OBJERR: am_queryClient: clientele failed when queried about client 1-0x00aa00c12c2d INFO: processDISCOVER: client 1-0x00aa00c12c2d authentication failed ACTION: reply_generator: no reply is generated TRACE: main: No reply is to be generated ------------------------------------------------------------- This error was generated when the DHCP server configuration file shows the following 2 lines: supportBOOTP Yes supportUnlistedClients No This error was corrected by changing the line: supportUnlistedClients Yes Configuration Of The DHCP Server 12 09/24/96, 4FAX# 5934 Error message #3: ------------------------------------------------------------ 09/05/96 09:39:38 SYSERR: ....initUserComm: bind usercomm socket failed - The socket name is not available on this system. 09/05/96 09:39:38 SYSERR: ..main: cannot create user communications socket. Exit ------------------------------------------------------------- The above error occurs when the value for 'hostid' is incor- rect. There may be an incorrect entry in /etc/hosts etc... The hostid must be a valid address for at least one of the networks defined in /etc/dhcpsd.cnf. The 'hostid' command returns, in hex, the value if the system's ipaddress. The hex value 0x8123cae3 can be converted to decimal and be equal to 129.35.202.227. This is a valid ipaddress for a DHCP server. SECTION 4: a) DHCP Client on AIX and the SMIT interface. The SMIT interface on AIX ONLY applies to the DHCP client configuration. The DHCP server configuration uses a motif interface run by the command: /usr/sbin/dhcpsconf. However, the above server configuration examples can be modified into your own environment using 'vi' or any editing tool which may be quicker and more effective than running the DHCP server motif interface. The SMIT fastpath: 'smit tcpip' will bring you to a screen where you can select DHCP as follows: Use DHCP for TCPIP Configuration & Startup. After selecting the interface, the Client configuration is set in this screen. Execution of this screen will pass the hostname of this client to the DHCP server for DDNS updates and start the dhcpcd (client daemon) process. The /etc/rc.net file and /etc/rc.tcpip file both are modified to run DHCP as a client. The vari- able modified in the /etc/rc.net file is: USE_DHCP="1". The line which starts /usr/sbin/dhcpcd is uncommented in the /etc/rc.tcpip file. SIDE AFFECTS If the DHCP Client service is started using the SMIT inter- face, but the system administrator/user never intended for this system to be a DHCP Client or run DHCP services, you will find unusual behavior and a corrupt configuration after a system reboot. Two symptoms of this is the hostname is changed to loopback or localhost and the default route no longer exists. You can run 'ps -ef | grep dhcpcd' and see if the client process is running. 'netstat -rn' will verify the routing table. Configuration Of The DHCP Server 13 09/24/96, 4FAX# 5934 b) Turning DHCP off. There are 2 ways to stop the Client service: 1. Edit the /etc/rc.net file and set the variable USE_DHCP="0" and edit the /etc/rc.tcpip file and comment out the line which starts /usr/sbin/dhcpcd. Run 'ps -ef | grep dhcpcd' to obtain the process id for dhcpcd then run 'kill -9 pid' where pid is the process id for dhcpcd. At this point, the DHCP Client service is not running and will not start up on the next reboot, but you need to reconfigure tcpip on the interface to get the correct hostname and default route set. Run 'smit tcpip' and select: Minimum Configuration & Startup to reconfigure tcpip. 2. You can use the SMIT fastpath 'smit dhcpcd' and select: Stop Using the dhcpcd Subsystem. Select 'BOTH' and this will perform the same steps in #1 above; however, you will need to reconfigure tcpip on the interface to get the correct hostname and default route set. Run 'smit tcpip' and select: Minimum Configuration & Startup to reconfigure tcpip. Configuration Of The DHCP Server 14 09/24/96, 4FAX# 5934 READER'S COMMENTS Please fax this form to (512) 823-4009, attention "AIXServ Informa- tion". You may also e-mail comments to: elizabet@austin.ibm.com. These comments should include the same customer information requested below. Use this form to tell us what you think about this document. If you have found errors in it, or if you want to express your opinion about it (such as organization, subject matter, appearance) or make sug- gestions for improvement, this is the form to use. If you need technical assistance, contact your local branch office, point of sale, or 1-800-CALL-AIX (for information about support offer- ings). These services may be billable. Faxes on a variety of sub- jects may be ordered free of charge from 1-800-IBM-4FAX. Outside the U.S. call 415-855-4329 using a fax machine phone. When you send comments to IBM, you grant IBM a nonexclusive right to use or distribute your comments in any way it believes appropriate without incurring any obligation to you. NOTE: If you have a problem report or item number, supplying that number may help us determine why a procedure did or did not work in your specific situation. Problem Report or Item #: Branch Office or Customer #: Be sure to print your name and fax number below if you would like a reply: Name: Fax Number: ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ END OF DOCUMENT (dhcp.server.config.tcp, 4FAX# 5934) Configuration Of The DHCP Server 15