DHCP server
-
I find it intriguing that a server OS like FreeBSD does not ship with a DHCP server in the base package. Is there a reason I am missing?
-
the more you add to base, the more difficult it becomes to deliver something "secure" out of the box ?
that is one of the reasons, pfSense has packages. i would be easier to include them all in base, but it would be hell to keep it somewhat secure.
-
I was thinking more along the lines that you would not include a web server because there are so many different web servers, but that there is only one main dhcp server used by both Linux and BSD's. The ICS one with many versions in use.
I do notice that debian ships without a dhcp server included as well.
No big deal at all I was just wondering if there was a back story.
-
Generally you want your base system to only include system critical services. Once the system is up and running, you can install anything else. What if you're using FreeBSD for an embedded video player. Why would you want a DHCP server?
-
So I am revisiting this issue after a couple of debian scratch builds. I noticed that FreeBSD can also use dnsmasq as a dhcp server? Any plus or minus for small home use.
-
@Phishfry:
So I am revisiting this issue after a couple of debian scratch builds. I noticed that FreeBSD can also use dnsmasq as a dhcp server? Any plus or minus for small home use.
dnsmasq is a DNS forwarder - it can only ask an upstream DNS server to do DNS resolution for it, get answers back, cache them and give to the clients. The thing called "DNS Forwarder" in the pfSense menus is dnsmasq.
unbound is a DNS Resolver - it will ask the root servers and follow the chain of com, company, xyz, www… to get the DNS resolution "from the horses mouth" so to speak. That is the thing called "DNS Resolver" in the pfSense menus. You can checkthe "Enable forwarding mode" box and it too will turn into just a forwarder.
For standard home use either should be fine. dnsmasq relies on the upstream DNS server (often your ISP one) being reliable and not doing funny things with your requests. If you want to use DNSSEC and thus get a more secure chain of DNS resolution then unbound is needed.
-
Sorry Phil, I edited my question and removed the 'unbound' portion.
I was setting up debian and the instructions used dnsmasq as a dhcp server and it made me think about using it with FreeBSD instead of ISC for dhcp.
It can act as a dhcp server, correct? Is it bad usage for a small Access Point box?
-
This is the webpage that got me thinking of using something other than the ICS offering.
https://wiki.freebsd.org/BernardSpil/DHCP_DNS
-
Phishfry: It's normally used for DHCP on things like DD-WRT. So, I'd assume it somehow works. :D
-
Thanks, I should have asked this question in the FreeBSD forum…
I am glad to see OpenWRT using it too. That means it must be lean... -
the more you add to base, the more difficult it becomes to deliver something "secure" out of the box ?
That's a part of it, but the larger reason is that the more you add to the definition of something, the more difficult it becomes to maintain. It also becomes difficult to substitute superior implementations, because people come to depend on the existing, perhaps well-documented configuration and other behavior.
-
@Phishfry:
I was thinking more along the lines that you would not include a web server because there are so many different web servers, but that there is only one main dhcp server used by both Linux and BSD's. The ICS one with many versions in use.
I think you mean ISC, not ICS.
Also, ISC has a better DHCP server in development, named "Kea".
Several of us here (Netgate) used to work at "AT&T WiFi Services" (nee: Wayport) and know what it takes to have a DHCP server that can support a very large number of simultaneous clients (e.g. at a large sporting event such as the Super Bowl, or supporting other situations where a large number of mobile devices (smartphones) exist.
(Incidentally, Kea is also the name of one of my huskies.)
It's on my list to contribute a port of Kea to FreeBSD. Maybe that comes to pfSense, maybe not.
-
@Phishfry:
I was thinking more along the lines that you would not include a web server because there are so many different web servers, but that there is only one main dhcp server used by both Linux and BSD's. The ICS one with many versions in use.
I do notice that debian ships without a dhcp server included as well.
No big deal at all I was just wondering if there was a back story.
This might have to do with the pupose of the server.
dhcp is used mostly by internal networks - such as bootp, nfs, samba, etc.. maybe one reason, a good one by my account.
Then these days, dhcp is nearly certain on internet routers by ISPs.So, two dhcp servers on the same network is trouble
so is the fact that dhcp is tied into so many bootp, dns, and other servers/services
So - dhcp is NOT internet friendly, NOT isolated to a few calls such as a database server, and really a joy-kill comes to improper config - NO NETWORK!
Limited but essential,No, I have no idea why FreeDSB does not ship with dhcp
Debian ships with NO UNECESSARY servers - like ??? Wow!
Go Debian!