Linux DHCP Server

From Braindisconnect
Jump to navigationJump to search


interface name too long

dhcpd -t /etc/dhcp/dhcpd.conf
 /etc/dhcp/dhcpd.conf: interface name too long (is 20)

This message has nothing to do with your dhcpd.conf file or configuration.
The error is because dhcpd is interpreting the /etc/dhcp/dhcpd.conf as an interface.
The 20 is the character count of "/etc/dhcp/dhcpd.conf" and not the file contents.

Add the -cf to your syntax and so that config file is actually getting tested or just use dhcpd -t.

Correct Syntax

dhcpd -t –cf /etc/dhcp/dhcpd.conf


dhcpd -t

DHCP failing to start

Check your messages log:

tail -f /var/log/message
 Mar 14 19:50:49 server dhcpd: No subnet declaration for eth1 (
 Mar 14 19:50:49 server dhcpd: ** Ignoring requests on eth1.  If this is not what
 Mar 14 19:50:49 server dhcpd:    you want, please write a subnet declaration
 Mar 14 19:50:49 server dhcpd:    in your dhcpd.conf file for the network segment
 Mar 14 19:50:49 server dhcpd:    to which interface eth1 is attached. **
 Mar 14 19:50:49 server dhcpd: 
 Mar 14 19:50:49 server dhcpd: 
 Mar 14 19:50:49 server dhcpd: Not configured to listen on any interfaces!

cat /etc/network/interfaces

# To Router Interface
auto eth1
iface eth1 inet static

This issue is because the interface set for DHCP does have the subnet defined in a declaration statement in dhcp.conf.

At the very least declare the subnet even if you do not plan on serving DHCP to that particular subnet.

subnet netmask {

DHCP and DNS server

Provided by SaruWiki from the original author.

apt-get install isc-dhcp-server

Edited /etc/dhcp/dhcpd.conf. Tested the configuration with

dhcpd -t

(do not put anything behind the -t, it’ll get interpreted as an interface name)

Changed the log facility to local7; created an empty log file

mkdir /var/log/dhcpd
touch /var/log/dhcpd/dhcpd.err
touch /var/log/dhcpd/

Redirected local7 to these files in new log config file /etc/rsyslog.d/local7.conf

local7.err /var/log/dhcpd/dhcpd.err
local7.* -/var/log/dhcpd/

Can’t remove dhcpd messages from syslogs without editing rsyslog.conf though…

Added local7.none to the line filling syslog, so it becomes

*.*;auth,authpriv,local7.none -/var/log/syslog

Also removing dhcp-messages from /var/log/messages in the same way

(is this smart??)

Installed Bind9 using the Debian instructions.

apt-get install bind9 bind9-doc dnsutils

(recommended but not installed: resolvconf, ufw, geoip-bin, rblcheck)

rndc-confgen > /etc/bind/rndc.conf

Copied the key part to ns.amber.lan.key; included that key in named.conf.local with its control statement. Secured the rndc.conf and ns.amber.lan.key files with user root:bind permission 640.

Set the named.conf.options sections for two acls (bogusnets and amberlan), specified interfaces, forwarders/forwarding, permissions based on acls.

Created file db.192.168.67 with the IP numbers/names of the fixed hosts;

created file db.amber.lan with the names/IP numbers of the fixed hosts. Referenced the zones in named.conf.local.

Made the /etc/bind directory writable for bind; made bind:bind the owner of the forward and reverse zone files.

To allow the DCHP server to securely updat DNS, we’ll chdir into /tmp and create a new key:

cd /tmp
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST ddns

This creates two files, Kddns.+157+31433.key and Kddns.+157+31433.private. The two files contain different pieces of text, but the same MD5 key – that’s what we’re after. We open one of the files, find the line that starts with “Key:” and copy the complete string that follows. We put it in file ddns.key with the following content:

    algorithm HMAC-MD5.SIG-ALG.REG.INT;
    secret "<key>";

We install this file to the DHCP and DNS directories using

install -o root -g bind -m 0640 ddns.key /etc/bind/ddns.key
install -o root -g root -m 0640 ddns.key /etc/dhcp/ddns.key

Then remove the created files from /tmp (don’t leave keys like this lying around!)

We tell Bind to allow updates that are signed with this key by including in named.conf.local the line:

include "/etc/bind/ddns.key";

and put two allow-update lines in the forward and reverse zones:

allow-update { amberlan; key DDNS_UPDATE; };

The first term references the “amberlan” ACL, the second one the key.

We tell the DHCP daemon to send signed updates on behalf of all its clients: in dhcpd.conf we insert

ddns-updates on;
ddns-update-style interim;
ignore client-updates;
update-static-leases on;
include "/etc/bind/ddns.key";

Furthermore, we have to specify every zone which is to be updated, including the primary nameserver and the key with which to secure the updates:

zone amber.lan. {
     key DDNS_UPDATE;
zone {
    key DDNS_UPDATE;

Check the configs using

named-checkconf /etc/bind/named.conf
dhcpd -t

Dynamic updates appear in the bind directory in journal files (*.jnl). Sync these to the zone files using

rndc sync -clean