@matthewfearnley said in DHCP server - allowing Static Mappings within pool range?:

This is something that is possible on Windows DHCP servers

Technically I think it's required on Windows...basically Windows does make it a reservation (they even call it that) and pfSense (ISC dhcpd) doesn't. And yes it is very handy for assigning an IP to, say, a printer that a printer tech set up as DHCP without asking us... 🙄

@gertjan said in DHCP static mappings that don’t specify hostnames:

@bp81 said in DHCP static mappings that don’t specify hostnames:

I am observing that any client that has a static mapping set but has the hostname field blank in the mapping does not get registered in dns. Non static clients will get registered as expected.

Ask pfSense what it is doing, and it will tell us :

/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid interface1 interface2 .....

The DHCP server config file /var/dhcpd/etc/dhcpd.conf shows me how known static leases are setup for the dhcpd process.
I guess, when creating a static based MAC lease, the info is used to create a /var/dhcpd/etc/dhcpd.conf so dhcpd knows about it, and at the same time a line is added to /etc/hosts.
/etc/hosts is read by unbound when it starts executing.

Take a look at the /var/dhcpd/var/db/dhcpd.leases file.
You will find some leases like :

lease 192.168.1.71 { starts 4 2022/07/21 09:10:02; ends 5 2022/07/22 09:10:02; cltt 4 2022/07/21 11:47:01; binding state active; next binding state free; rewind binding state free; hardware ethernet 18:e7:b0:cc:bc:d9; uid "\001\030\345\260\039\005\341"; client-hostname "iPhone-12-Jullien"; }

and other leases do not have a client-hostname at all.
Or worse, do have a client-hostname, but this name is not DNS-hostname format compatible.
Understand that the client-hostname is given to the dhcpd server by the device, using it's dhcp client. The client-hostname can be setup by the person who admins the device. If the device even has this capability. Many device have a client-hostname hard coded, or omit it.

My /var/dhcpd/var/db/dhcpd.leases file contains 276 leases, and only 12 have a client-hostname given by a device.

So : using the client-hostname given by the client is ..... not a safe solution.

@bp81 said in DHCP static mappings that don’t specify hostnames:

I am observing that any client that has a static mapping set but has the hostname field blank

There was a forum thread a while ago about this question.
Or was it : give MAC and hostname but no IPv4 in a static .... ? Don't recall.

Consider the "DNS" as a phone book.
One rule, no exception. Planet earth goes down ? Still no exceptions.
The rule is :
Phone number <=> Name.
If one of the two is missing the system goes belly up.
DNS down is bad for business (but a very popular amusement, see the forum, it''s an on going occupation for many)

So, I guess pfSense want you (forces you) to give a host name. That's the name that can be checked against DNS name compliance. That's the one being used in for DNS.

You can change this behaviour of course, no need to inform the dhcpd process with a setting. It's all 'pfSense GUI' scripted somewhere in the PHP files.

But take note : if you decide to add some script logic that uses the "client-hostname" (the name given by the client) then you need some other process that parses the /var/dhcpd/var/db/dhcpd.leases and now you have opened a can of worms. Just read the several thouands of forum post about this process :

[/usr/local/sbin/dhcpleases -c /usr/local/bin/php-cgi -f /usr/local/sbin/prefixes.php -l /var/dhcpd/var/db/dhcpd.leases

This process is activated when you select this option :
cd729aba-4fc9-4b9c-af35-d7bc5b3c9d92-image.png

This process stops and unbound (your local DNS !) every time a DHCP lease comes in, or gets renewed.

Now you know why I strongly advice to disable this option :

7db176b8-31f7-4071-9d1b-529db9fa7fd7-image.png

for every device that you have to know by hostname, pick an easy DNS hostname, and make a static MAC lease.
I know this isn't the perfect solution, but it's the one that works, is easy to maintain, and unbound will restart far less often, so DNS keeps on working, and the cache gets build and stays valid.

This one :

a26ab38c-7ba1-4263-8bb0-5a5f9e192d9a-image.png

is 'harmless' as /etc/hosts only gets read when unbound starts.

In short, it appears it is not possible to create the behavior I'm looking for. It's not terribly important to us, it just would've been nice.

The background on our infrastructure is that we have a mixed environment administered by Active Directory and Windows DNS. We have Windows workstations, laptops, and servers, but we also have some Linux and FreeBSD systems, as well as some IoT devices. Hostname resolution of Windows machines in Windows DNS is easy; Active Directory joined workstations have a group policy set to register their hostnames in Windows DNS.

To get non-Windows systems registered in DNS, we are using some scripting to read the dhcp leases file and dhcp config file from dhcpd, then doing some filtering to determine which leases belong to non-Windows devices and dynamically register those in Windows DNS. This is being done with a powershell script. The end result being that we now have resolution by hostname for every single device provisioned by DHCP in our network (and that is ALL devices at this point. We don't do manual IP address assignment on any system at this point). The scripting based solution works very nicely, it just would've been nice if we had the option to assign an IP address via DHCP static reservation without having to assign a hostname in the static reservation. That creates a condition where, when I create static reservations, I have to remember to leave the hostname field blank for Windows machines (which will register their DNS hostnames directly with AD DNS) but specify hostnames in the reservations for non-Windows systems.

It's not really that big of a deal, it would just be more convenient to be able to write my DHCP reservations in a consistent manner for all entries rather than having one kind of entry for Windows systems and a different kind of entry for non-Windows systems.

Moved to general

We have seen the same issue after upgrading from 2.5.2 to 2.6.0. The first VLAN in the configuration file doesn't have the problem, all the VLAN after have the extra filename options. It is odd that the filename is different. I haven't found where it is getting that option from.

subnet 192.168.240.0 netmask 255.255.252.0 { pool { option domain-name-servers 192.168.243.254; deny dynamic bootp clients; failover peer "dhcp_lan"; filename "legacy.donotuse"; range 192.168.240.80 192.168.243.249; }

@quasaur said in All IPv6 Home Network:

Enjoying my SG-1100.
I wish to switch everything to IPv6 using each host’s MAC as the last three segments of the interface ID.

Unfortunately, it appears that pfSense requires the DUID of a DHCP client to assign it a static address, and no one on the planet seems to know how to get that from a MacBook running Monterey…not even Apple!

PLEASE HELP!

Screenshot 2022-02-17 at 19.49.55.png

Run the following from the terminal:-

sudo plutil -p /var/db/dhcpclient/DUID_IA.plist

andyk@mac-pro ~ % sudo plutil -p /var/db/dhcpclient/DUID_IA.plist { "DUID" => {length = 14, bytes = 0x000100012743ca95003ee1c1af07} "HostUUID" => {length = 16, bytes = 0x8d4aa329f7175da2ac8fc3e713f04f63} "IAIDList" => [ 0 => "en0" 1 => "en1" 2 => "en2" ] } andyk@mac-pro ~ %

@quasaur So you mean having a single supernet broadcast domain with e.g /22 mask and have many / 24 "subnets" with a /22 mask and single gateway?
If yes, it can be done, BUT the issue would be tha you need to manage all mac addresses manually.
It can be done but it is very cumbersome, especially in the long run.
You are better off segmenting your lans with vlans and use single dhcp on pf to manage them all.
You cant have rules between them as long as they are on the same physical interface too

Ah, yes that would do it. The static values override whatever is in the main config. So leaving it empty there would not override 'none' set in the main config.

Steve

Yes you could use pools in one subnet and filter them differently using aliases but you can't filter traffic between the clients on one subnet that way. Traffic would just go between them directly without passing through pfSense. Only one interface.
Really you need to use VLANs in there to separate the traffic at layer 2.

Steve

@scilek said in DHCP server listens on all IPs:

@bingo600 said in DHCP server listens on all IPs:

If i had that issue , I'd prob. end up running the specific DHCP & FreeRadius on a separate server , and connect that to the specific L2 Lan.

Or even better, get hold of an old laptop, install Debian on it and move FreeRADIUS and other utilities to that one. I can't think of anything else right now. What would you recommend?

That was what i meant with "server"

A raspberry-pi could do it , but i'd not use such a "beast" for production , primarily due to the SD card.
If it had M2 or EMMC yes , but SD in a prod environment ... Naah.

/Bingo

Ah, nice result. Thanks for persisting!

That was most of the problem. I also had to change the VID of each port on the switch and it worked after that.

Thank you for the help.

@kiokoman

Thank you for your quick and clear reply!
This helped me out a lot, I didn't realize we could add "Send options" in such a way!

I haven't managed to get a public IP yet but am getting closer and closer :)

Have a great day

Less important, but I am reducing cable usage on my switch by using 1 10GbE link instead of four 1 Gb links.

If the client sends that as its hostname.. Then ok - but dhcp leases shouldn't be showing a fqdn.. It would only be showing the hostname.

If you want client amazon-random# to show up as alexa-name in your dhcp lease. The correct solution is to either have that specific client send that hostname to the dhcpd, which I don't think you can do on alexa. Or tell the dhcp server to use hostname xyz in the host name when you set a reservation.

If your setting reservations for your clients, and register that in dhcp settings - then all your dns is taken care of.

@gsemet
In Interfaces > Bridges you can define a new bridge and add interfaces to it. The go to Interface Assignments, assing an interface to the new bridge and enable it. No further settings are needed on the bridge interface.
But befor you have to ensure that there is no configuration on the vlan 10 interface. It has only to be enabled.

However, with this setting results in the vlan 10 going down, when WAN goes down. To avoid that you can move the IP settings from the WAN interface to the bridge.