Ted Unangst wrote: >[...] I just want to say "pretend this option did not arrive." > >Diff below adds a little support for an ignore keyword. Like >supersede, except don't actually use the supplied value.
Put another way, dhclient has a "default permit" policy (it will use any nameserver information sent by the dhcp server even when you didn't ask the server for that information in the first place), and you want to add a blacklist on top of that (in other words, manually enumerate badness in /etc/dhclient.conf). I think it would be much better for dhclient to have a "default deny" policy (always ignore any information coming from the server that you didn't ask for) and use what is actually requested by dhclient from the server as a whitelist. See here http://marc.info/?l=openbsd-tech&m=131302612614702&w=2 for a previous message of mine on that topic, and here http://marc.info/?l=openbsd-misc&m=131914644924795&w=2 for another discussion. Brynet wrote: >I was under the impression that if you added an "request" statement >excluding the 'domain-name-servers' option the server would honour that and >only offer the options you've explictly requested.. No, in practice many dhcp servers will send you nameserver information even when you don't ask for it (I guess it's ISPs' way of saying they think they know better than their users what's good for them...) >Does something like this work for you? > >interface "em0" { > request subnet-mask, broadcast-address, routers, domain-name-servers; >} > >interface "em1" { > request subnet-mask, broadcast-address, routers; >} This would work if dhclient were using a "default deny" policy. Unfortunately it doesn't, so your suggestion doesn't work. Philippe
