DHCP log “not authoritative for subnet…”

Running ISC DHCP server in Debian, I stumbled upon the following log messages while looking for something entirely different:


Jan 18 13:13:45 eltonoverip dhcpd: DHCPRELEASE of 10.19.1.60 from f0:bf:97:dd:6a:a6 via eth1 (not found)
Jan 18 13:13:59 eltonoverip dhcpd: DHCPDISCOVER from f0:bf:97:dd:6a:a6 via eth1
Jan 18 13:13:59 eltonoverip dhcpd: DHCPOFFER on 10.19.1.60 to f0:bf:97:dd:6a:a6 via eth1
Jan 18 13:13:59 eltonoverip dhcpd: DHCPREQUEST for 10.19.1.60 (10.19.1.1) from f0:bf:97:dd:6a:a6 via eth1
Jan 18 13:13:59 eltonoverip dhcpd: DHCPACK on 10.19.1.60 to f0:bf:97:dd:6a:a6 via eth1
Jan 18 13:14:03 eltonoverip dhcpd: DHCPINFORM from 10.19.1.60 via eth1: not authoritative for subnet 10.19.1.0
Jan 18 13:14:06 eltonoverip dhcpd: DHCPINFORM from 10.19.1.60 via eth1: not authoritative for subnet 10.19.1.0

The Fix: I added authoritative; to the DHCP config file /etc/dhcp/dhcpd.conf

Basically, the configuration looks like the following:


subnet 10.19.1.0 netmask 255.255.255.0 {
  option domain-name-servers 10.19.1.1;
  #option routers 10.19.1.1; #temporary network, no routing needed
  range 10.19.1.101 10.19.1.149;
  default-lease-time 1800;
  max-lease-time 1800;
  authoritative;

  host laptop_name {
    hardware ethernet f0:bf:97:ee:8a:b9;
    fixed-address 10.19.1.60;
  }

}

Note that, this has no effect on devices with a statically configured IP address (rogue or not), since they do not make a DHCP request. Now that we have the server set as the authoritative server for that subnet, the server will respond a DHCP NACK message and prompt clients who request an IP address outside of the scope or range to do a DHCP discover.

The example configuration above includes a DHCP reservation, in case you need your DHCP server assign an IP address for a specific client.

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

CAPTCHA