current-users: Re: NetBSD-1.4: DHCP setup

Subject: Re: NetBSD-1.4: DHCP setup
To: David Maxwell <david@fundy.ca>
From: Ted Lemon <mellon@isc.org>
List: current-users
Date: 05/20/1999 10:21:24
> Assuming a fairly new DHCPD, it should ping the address before giving
> it out.

You aren't supposed to use an address that the DHCP server owns unless
you've been given a lease on it.  If you do, it causes problems for
the network administrator even if the DHCP server prevents actual harm
from coming to the users of the IP address - when the DHCP server gets
an ICMP echo reply from an address it thinks should not be in use, it
removes that address from its list of available addresses and won't
assign it again unless things get desperate.  The server administrator
will see tons of annoying log messages about it.  Using an address in
this way will likely be seen as misuse of the network, and could have
negative repercussions for you if your network support staff don't
have a sense of humour about it.

And if things go the wrong way, the server won't be able to prevent
you from causing harm - what if, for example, you leave that
declaration in your dhcpd.conf file but wind up getting a different
address from the DHCP server next time you boot.  The client that got
your old address continues to use it and renew it with the DHCP
server.

A few days later, the DHCP server happens to be down for an update
when you start up your client.  Your client can't get its new address,
so it tries the lease you left dangling in your dhcpd.conf file,
confirms that it's valid for the network it's connected to, and starts
using it.  Now you have two machines with the same IP address, and you
start getting ARP wars.

Of course, you're a savvy NetBSD user, so maybe you happen to notice
the log messages on the console about the problem, but what about the
poor, defenseless Win95 user who did nothing wrong and has a
legitimate right to the address you've stolen, whose network has
suddenly and for no apparent reason become unreliable?   What about
all the telnet sessions that user had open that die as a result of
your decision?   What about the homework that person loses, or the
hack that person was working on that is lost and has to be redone?

Yes, in reality, this may never happen, but why do something wrong
with potentially negative consequences for somebody other than you,
who had no reason to expect such consequences and no defense against
them?  If you need a permanent IP address, request one from your
network administrator, or if you are your network administrator,
assign yourself one.

			       _MelloN_