DHCP Options

Last week we upgraded our Call Manager and I had to mess around with DHCP to get some phones working correctly. I’ve been meaning to write an entry about our DHCP server configuration so I figured I would take some time to document what we do at the Circus.

We use ISC BIND and DHCP, let me explain our setup. We have two DNS/DHCP servers. The DNS servers are in master/slave and the DHCP servers are failover peers in primary/secondary. However, every time I update the DHCP configuration I didn’t want to have to think too hard about updating the the peer. So I set up the configuration files for DHCP so that I would only have to copy one file with all of the changes from one DHCP server to the other.

The configuration that is different for each server resides in /etc/dhcpd.conf and all other configuration that is shared resides in /etc/dhcpd/dhcpd.master.conf. When I make a change like adding a subnet to DHCP I only have to copy /etc/dhcpd/dhcpd.master.conf from one sever to the other and my configuration stays in sync.

The only difference between the two /etc/dhcpd.conf configuration files is the IP address of the peer and primary versus secondary.

# /etc/dhcpd.conf

# Everything that is only in the master is in this file.

# It's own ip address
subnet netmask {

failover peer "dhcp-failover" {
        primary; # declare this to be the primary server
        port 520;
        peer address;
        peer port 520;
        max-response-delay 30;
        max-unacked-updates 10;
        load balance max seconds 3;
        mclt 1800;
        split 128;

# All the common stuff is here.  Just copy the file below
# over to the slave when you make changes.
include "/etc/dhcpd/dhcpd.master.conf";

The master file is common to both DHCP servers. Whenever you make a change to one, just copy it over to the other DHCP server and they will always be in sync.

# /etc/dhcpd/dhcpd.master.conf
# This dhcpd server is the _real_ deal.

# Update using DDNS
# Tells the client where to send the forward update.
ddns-domainname "dynamic.circus.org";
ddns-update-style interim;
ddns-updates on;

# Leases
default-lease-time 345600;  # 4 days
max-lease-time 604800;  # 7 days

# Make sure we don't double up addresses by someone picking their own.
ping-check true;

# Where to look for DNS.
option domain-name-servers,;

# Windows
option netbios-name-servers;

# Netware
option slp-directory-agent true;

# What is my suffix.
option domain-name "dynamic.circus.org";

# DO NOT CHANGE THIS. This enables remote logging.
# Logging is for another post.
log-facility local3;

# The key for updating
key circus.key {
        algorithm hmac-md5;
        secret "SuperSecret";

# Don't let the clients screw up DDNS, let the server update.
ignore client-updates;

# Spectralink documentation says option 66 but we had to set option 150 
# in order to get them to load code from tftp.
# These options are from Spectralink:
#Option      Purpose
#   1        Subnet Mask
#   3        Default Gateway
#   6        DNS Server
#   7        Syslog Server
#  15        Domain Name
#  42        NTP (Network Time Protocol)
#  66        TFTP Server
# 151        SVP Server
# 152        OAI Gateway

option phone-tftp-server code 66 = ip-address;
option cm-tftp-server code 150 = array of ip-address;
option spectralink-svp code 151 = array of ip-address;
option spectralink-oai code 152 = ip-address;

# Notice that these configuration options are scoped.
class "spectralink" {
        match if substring (option vendor-class-identifier, 0, 11) = 

        option phone-tftp-server;
        option cm-tftp-server,;
        option spectralink-svp,;
        option spectralink-oai;

# Cisco IP phones
# These options are handed only to Cisco phones and are separate from the 
# Spectralink phones above.  
class "cisco-voip" {
        match if substring (option vendor-class-identifier, 0, 28) = 
        "Cisco Systems, Inc. IP Phone";

        option phone-tftp-server;
        option cm-tftp-server,;

# Cisco LWAPs look for option 43 to find the WLC, it is an array of ip addresses. 
option cisco-wlc code 43 = array of ip-address;
option cisco-wlc,,;

# To allow PXE boot.
allow booting;
allow bootp;
class "pxeclients" {
       match if substring(option vendor-class-identifier, 0, 9) = 
       filename "linux-install/rhel-5-es/initrd.img";

# Begin subnet definitions

# Spectralink wireless phones
        subnet netmask {
                option subnet-mask;
                option broadcast-address;
                option routers;
                pool {
                        failover peer "dhcp-failover";
                        deny dynamic bootp clients;

# Big Campus other side of town, this is a shared-network declaration.
shared-network bigcampus {
       subnet netmask {
                option subnet-mask;
                option broadcast-address;
                option routers;
                pool {
                        failover peer "dhcp-failover";
                        deny dynamic bootp clients;
        subnet netmask {
                option subnet-mask;
                option broadcast-address;
                option routers;
                pool {
                        failover peer "dhcp-failover";
                        deny dynamic bootp clients;
                        host guest-conference-room {
                                hardware ethernet 55:19:cc:d7:fe:d7;

If you have gotten this far then you are definitely interested in DNS/DHCP. Let me plug the training that ISC provides as the best training course I have ever attended. The labs are not trivial as they are in some Cisco classes and the lecturers were awesome. The trainers were two individuals who run two different root servers on the net. They knew DNS/DHCP inside and out.

Each day we had lunch with some great resources, like Paul Vixie one day, the developers for BIND another, the DHCP developers the third day and the support staff the fourth. Each had their own spin on any question you asked and I left knowing a great deal about how I wanted to reconfigure our DNS/DHCP infrastructure.

This entry was posted in Linux. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s