Steve H. wrote:
On Monday 04 February 2008 09:04:22 pm richardvo...@gmail.com wrote:
It's not a safeguard. It is *necessary* to ensure correct handling of
relays.
This basically sounds like a policy decision on relays. For instance, people
in my situation would _like_ the 'incorrect handling' you speak of. While I
appreciate the effort you took in coming up with the example, I think it
muddies things more. Having 2 different sub-nets, with 2 different security
requirements served via a single dhcp server just seems like asking for
trouble (In my case, all the machine have the same security risks - all are
public servers). Anyway, thanks for clarifying the thought process behind
the behavior. I do appreciate all the time you've taken to explain things
Of course that will work. DHCP relays are always used to serve nodes
beyond the next-hop, never from the same subnet (in the same subnet no
relay is needed).
Ok - since I have to eat an address on every subnet, I might as well assign
them directly to the DNSMasq interface, and skip the relays. Then DNSMasq
should be happy. I was hoping to avoid this as it eats an I.P. address, and
requires me to remember to add a new I.P. to the DNSMasq interface everytime
I get a new sub-net. However, that would be less trouble then having to do
that _and_ configure a relay for each new subnet.
Thanks again for all the help,
Steve
I'm happy to leave the argument about what should happen to others, but
it might help to understand that process by which the current behaviour
is generated.
The inference system that generates an IP address goes like this.
Start with all DHCP ranges.
Eliminate those which don't include an address on the same subnet as one
of the addresses of the arrival interface, or the address of the relay (
if the packet arrived via relay)
If no DHCP ranges left, log an error "no address range available....."
Search for a dhcp-host line which matches the host (MAC address or name)
and has an address in the subnet corresponding to one of the remaining
DHCP ranges.
If a dhcp-host line is found, use that address, otherwise allocate a
free address from one of the remaining DHCP ranges.
Note that in this scheme it's fine to have a more than one dhcp-host
line associated with (eg) a MAC address, allowing a host to have a fixed
IP on each subnet which it might appear on. If dhcp-host lines trump
everything, then this facility is lost.
Cheers,
Simon.
