DHCPDECLINE message ignored by UTM

I have two networks at home, one for the house, one for the outbuildings. UTM uses the hostname to refer to a MAC/IP pair, and the hostnames must be unique. That means when i connect my wireless devices to the wireless LAN outside, they cannot use the assigned IP address as it is on a different physical network. I do not want any dynamic addressing for known devices.  I see the following options:

   1) use an MS DHCP server. this will do what I need out of the box (same MAC in multiple subnets) but I need a Windows server license, and it's stupidly expensive.

   2) define the host twice using different names, once for each network, with an appropriate address in each case. It works, but it's inelegant and means I have to know which network a device is on to connect to it, because its DNS entry will be based on its logical location. This is another way of saying that the device's name is not the same as its DNS registration, and that is not a good design.

   3) collapse the networks. Yes, I can, and it will work, but my UTM has 3 physical ports and it makes sense to use them like this. Most of the devices outside do not talk to the devices inside, hence the segmentation makes sense (to me anyway).

   4) use a different DHCP implementation. Should work (no idea what to pick, nor how to configure it, but I'm a quick study) but that would mean I'm realistically going to need a DNS server too, and another VM to manage (both of which i'd also need for #1 in fact).

i don't particularly want any of these, as I want UTM to do everything and cope with my network design. Anyone have any suggestions as to how I can overcome this issue before I implement #3? 

As an aside, why does UTM ignore the DHCPDECLINE messages that clients send back when they discover the IP they have been assigned is already in use?  RFC 2131 requires a DHCP server to react to such a message (mark it as unavailable), and it seems odd that this would not be implemented.

As you may guess, i was caught out by doing things the Microsoft way, assigning static assignments from the pool. The reason noobs like me do this is because it's easy - you set up your scope, connect your devices, then use the obvious button to convert them to static mappings. Any easy way out for anyone failing to read the manual is to get your devices set up as statics, but change the scope as you do it (i.e. increase the start IP as you do each device, or group of leases). i have about 30 currently, my scope now starts at 31, and i have nothing in my lease table (if I do, it suggests a rogue client / server that needs investigating).

Thanks.

Dave

 

  • Hi, Dave, and welcome to the UTM Community!

    You've presented us with your solution which you cannot enact with the UTM.  Perhaps if you presented the desired result, we could find a way to create a solution with the UTM.

    Cheers - Bob

  • What are you trying to accomplish by having static ips in both segments?  The whole point of DNS is to make ip addresses unimpotant.

    A bridge configuration will give you what you want, but you seem to want a security boundary.

  • In reply to BAlfson:

    Wow - totally forgot about this until today's post. What I wanted to achieve was to allow my mobile devices to flip between networks when going from the house to the outbuilding whilst keeping the same name, and i couldn't see how to do it. UTM makes statics easy, and I want to control IP / device pairs where possible. I move my client to the outbuilding, and it changes access points. it does a DHCP renew, and it gets NAKd. it does a DHCPDISCOVER, and is offered an IP on the new network, but loses the name registration. The source of this was a desire to control the access of my son's devices to a single name. I did work around it by using multiple host registrations with addresses in different networks, and just applied my rules to them both. 

    I eventually had another reason to move to a single network (bad choice of TV meant that it could also not see the other network where my media lives). searching logs with one network is so much easier too, as i now only have one IP per device to worry about.

    Regards

    Dave

  • In reply to DouglasFoster:

    I want static IPs to make it easier to identify log entries for certain devices (phones and iPads) and having one or two known addresses will make that easier. The DNS name doesn't appear in the logs.

    Regards

    Dave

  • In reply to Dave Curr:

    Documentation says that host names will appear in the web logs if a DNS forward (for ip3.ip2.ip1.in-addr.arpa) is configured to whatever internal DNS server has the PTR information.   It sounds like you are using UTM for DHCP, so it should have everything it needs for both DNS and Reverse DNS.  But it does not show host names?   Wonder why not.

  • In reply to Dave Curr:

    "The source of this was a desire to control the access of my son's devices to a single name. I did work around it by using multiple host registrations with addresses in different networks, and just applied my rules to them both."

    This is the best solution, Dave.  Instead of monitoring the logs, use Reporting and make custom reports.  That way, you'll see the names of your Host definitions instead of the IPs.

    Cheers - Bob