Ifblog (ponderings 2.0)

Saturday, December 15, 2007

DHCP Trouble on Debian

Filed under: Debian, Linux, Sysadmin, Ubuntu — ifireball @ 17:00

Here is one annoying little problem with Debian I do believe should have gone away years ago.

I’ve just finished installing a new machine on my home network with Debian 4.0, since I use “dnsmasq” as a combined DNS/DHCP server on my network, the installation had no trouble using DHCP to pull an address for my new machine, however, following the installation I tried connecting to the new machine from another machine using it’s hostname, since dnsmasq is configured to automatically register its DHCP clients in DNS this should have just worked, alas, it didn’t.

As it turns out, Debian doesn’t send the machine’s hostname on DHCP requests by default, I guess that this might be a smart thing to do security-wise, so I looked into the “/etc/netwok/interfaces” file’s (Debian’s network configuration file) manpage looking for a way to change that default behavior.

As it turns out there is indeed such a way, one cad add a “hostname” directive to the “interfaces” file to enable sending the hostname with the DHCP request, however there are 2 key problems here:

  1. You most manually specify the name to be sent in the configuration file rather the have it pulled from the machine’s configuration.
  2. Even worse, that feature doesn’t seem to be supported by “dhcp3-client“, the default DHCP client installed with Debian.

As it turns out the way around this (other then installing a different DHCP client) is to modify dhcp3-client‘s own configuration file, “/etc/dhcp3/dhclient.conf” and add a line resembling the following:

send host-name "myhostname";

As you can see, in this case you are forced to specify the hostname in the configuration file as well.

One may ask why is all this important, well, I can see a few reasons:

  1. One reason the ability to send hostname with a DHCP request is rather important, is that some DHCP servers (notably Microsoft’s) do not hand out configuration unless the hostname is specified.
  2. One might argue that registering the hostname sent on a DHCP request in DNS, is not that important since one uses DHCP for workstations to which one does not typically attempt to connect with a hostname (or at all), however:
    • DHCP is typically also used for cluster nodes
    • Registering workstation names in DNS is important since various services such as SSH perform reverse-DNS resolution as a part of the authentication process
  3. While going to “/etc/network/interfaces” is what I’d expect when using Debian (I’d install Ubuntu if I didn’t want that level of control) having to go beyond it into the DHCP-client’s own internal files is not the kind of user-experience I’d expect from a stable and rather recent Debian release.
  4. I seem to recall that this problem exists on Ubuntu as well, this might prevent Ubuntu/Debian workstations from working correctly on an Active Directory domain, after years of effort spent on making these distributions “just work” on the desktop this is unacceptable.
  5. With regard to having the specify the hostname in the configuration files, this could become a rather nasty trap for the unwary system administrator who might try to modify the machine’s hostname in the future.

Solving this problem on the distribution level is rather simple, I see a few ways of going about it:

  1. Have the “hostname” directive in “/etc/netwok/interfaces” work with “dhcp3-client” as well, and maybe add an “auto-hostname” directive to allow one to have the hostname taken from the system’s configuration, all this could be implement with some quit trivial scripting, RedHad, for example, seems to accomplish that just fine.
  2. Have the default DHCP client in Debian be one that supports the “hostname” directive.
  3. One can argue that not sending the hostname with the DHCP request does not provide any additional security, it might be a wiser security/functionality trade-off to simply have the hostname sent by default.

To sum this up, I’m rather annoyed with this issue, in my view this is a rather trivial problem that should have been fixed years ago.

Update: Looking around the web I found this bug report, the reports are quite ancient, starting as early as Jul. 2002, but it seems that it was fixed in Ubuntu in Feb. 2007, by having the following line included in “/etc/dhcp3/dhclient.conf” by default (note how it also solves the problem of specifying the hostname in the file):

send host-name "<hostname>";

Its unclear if the fix made it into Debian, it seems they are still waiting for the upstream to include it, I do hope it’ll make it into the next version (god knows when would that be…), it clearly didn’t make it to the current one.

About these ads

10 Comments »

  1. I’m trying to do the same thing but adding

    send host-name “”;

    or even

    send host-name “myhost”;

    aren’t working. By working, I mean that I cannot do an nslookup (or ping or anything) from, for example, a windows box on that hostname and get anything. The name server is the same on the linux debian box and the windows box, and if I mess up the dhclient.conf file, it complains, so I know it’s processing the file, it just doesn’t seem to be setting the hostname in such a way that the DNS server knows how to resolve it. Ideas?

    Comment by rcronk — Tuesday, May 13, 2008 @ 01:17

  2. P.S. The first “send host-name” should have a less-than sign and a greater-than sign with “hostname” between them inside the seemingly empty quotes. Looks like it thought I was trying to do HTML or something in my comment.

    Comment by rcronk — Tuesday, May 13, 2008 @ 01:19

  3. To be able to DNS-resolve names of hosts with addresses assigned with DHCP, you need to setup some kind of link between your DHCP and DNS servers. If you’re using “dnsmasq” then your DNS server IS your DHCP server and that “link” is a simple configuration option. Other DNS/DHCP servers have other means to accomplish that, an interesting discussion of its own, but not the issue here.

    Comment by ifireball — Tuesday, May 13, 2008 @ 12:24

  4. If you are trying to have “dnsmasq” resolve DHCP-assigned IP addresses, and you’ve had a machine pull an address without sending a hostname, it takes some juggling to fix it:
    1. Force-release the machine’s IP address with “ifdown” and “dhclient -r …”
    2. Fix the client’s “dhclient.conf” as described above
    3. Delete the client’s lease from the “/var/lib/misc/dnsmasq.leases” file on the DNS/DHCP server
    4. Restart dnsmasq
    5. Have the client obtain a new IP address, if all goes well you should see the client’s hostname in the leases file on the DHCP server, and dnsmasq should be able to DNS-resolve the name.

    Comment by ifireball — Tuesday, May 13, 2008 @ 12:41

  5. Thanks for the replies. I am at work and the DHCP and DNS servers are most likely windows-based and owned by I.T. My windows boxes can get DHCP IP addresses and they are also then able to be resolved by other systems just fine. So my question is why only my debian (the only linux I’m using) boxes who are getting a DHCP IP address not getting resolved by other boxes on my network but all of my windows-based boxes are getting resolved just fine? I have added:

    send host-name “myhost”;

    to the dhclient.conf file and if I mess up the syntax on that line, it complains, so I know it’s the right file I’m messing with. But it ends up having no effect on me being able to access that box by name from another box.

    I can ping my debian box from a windows box if I do it by it’s DHCP IP address but if I try to do an nslookup, ping, tracert from that windows box, the DNS says either:

    can’t find 10.103.4.30: Non-existent domain

    or

    can’t find rdx64.whatever.com: Non-existent domain

    or

    can’t find rdx64: Non-existent domain

    I don’t think it’s the DNS/DCHP configuration since it works with my windows boxes. If someone can help me figure this out, I would be very grateful and I’ll run around telling every linux geek I know – nobody here at my work seems to know how to get this working either.

    Comment by rcronk — Tuesday, May 13, 2008 @ 19:30

  6. P.S. I went around to the linux gurus just now and found out that Microsoft’s DHCP/DNS servers followed an older version of the spec that had a security hole in it that was fixed in the spec but Microsoft decided to leave the DHCP/DNS security hole there but plug it up via active directory, etc. Therefore, the linux DHCP clients and the Microsoft DHCP/DNS servers don’t work together because their specs don’t match. Or something like that. Um, that sucks.

    He was unaware of a workaround other than getting a reserved IP/name associated with that box’s mac address or use static IP for it. Um, those options pretty much suck as well.

    Does ANYONE have a fix for this? We’ve sent people to the moon – hasn’t anyone figured out how to get a windows-based DHCP/DNS server to resolve a linux box’s name to its IP? If not, that’s just amazing to me. I hope someone has a workaround or else I’ll have to fall back on reserved DNS entries. :(

    Comment by rcronk — Tuesday, May 13, 2008 @ 19:49

  7. Unfortunately, as far as I could find out, the Windows DHCP server does not register clients with the DNS server at all. Instead, the Windows clients register themselves with some undisclosed variant of the DynDNS protocol (E.g. MS won’t let you know how to implement this on Linux, someone armed with a network sniffer might be able to do this, but they seem to prefer implementing Samba…).
    You could work around this somewhat for machines running on the same LAN segment by installing Samba, that way name resolution would be done VIA NetBios broadcasts.
    Since all the Linux/UNIX machines on the networks I work on are servers, they tend to have static IPs anyway and we simply register those with the DNS manually.

    P.s. We indeed send people to the moon, but making Linux work with MS products is more akin to achieving world peace…

    Comment by ifireball — Tuesday, May 13, 2008 @ 20:09

  8. Thanks again for your re-confirmation that MS and Linux don’t play well together. Good point on the world peace comment. :)

    I’m just surprised that I had to go through so much head banging to find this out. It seemed I didn’t know what to look for and so I didn’t find what I needed. What is the most popular site that would have a description of this problem so I will know to go there next time I’m banging my head on these types of things? Thanks again.

    Comment by rcronk — Tuesday, May 13, 2008 @ 20:37

  9. Unfortunately I don’t know of a site that contains a through examination of Windows and Linux interoperability issues.
    Information, especially with regard to Windows` internal working is sparse and scattered all over.
    I do find that a good place to start when dealing with such issues is the Samba web site.

    Comment by ifireball — Wednesday, May 14, 2008 @ 20:58

  10. […] dhclient will send the literal text <HOSTNAME> to the DHCP server). As reported here and here, this works on Ubuntu Feisty and above, being part of a patch to (ironically) fix a […]

    Pingback by How does my DHCP server know my machine's hostname when I didn't define one in dhclient.conf? - Just just easy answers — Friday, September 6, 2013 @ 20:06


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 349 other followers

%d bloggers like this: