# Multiple dhcp servers, how to let dhcpcd select one?

## ekki_123

Hi.

Not strictly related to Gentoo, but since I am running it on all my machines...

Due to circumstances I occasionally have two dhcp servers on my local segment. How do I tell dhcpcd to use only a specific one?

I already checked the man page of dhcpcd, the -r option doesn't seem to do what I want. Checked this forum (and others), no joy.

Any hint?

Many thanks,

Ekki

----------

## alex.blackbit

you will not be able to configure that on the client side in a sane manner.

dhcp is designed to have only one (logical) server per network segment at a given time.

you will have to configure the dhcp servers in a way that only one feels responsible for the mac address of your client.

that is possible on fully features dhcp servers, but of course not on those of cheap dsl routers and the like.

----------

## whig

I would suggest firewall out the unwanted traffic (responses) on the clients, but I don't know the specific rule.

----------

## ekki_123

 *alex.blackbit wrote:*   

> you will not be able to configure that on the client side in a sane manner.
> 
> dhcp is designed to have only one (logical) server per network segment at a given time.
> 
> you will have to configure the dhcp servers in a way that only one feels responsible for the mac address of your client.
> ...

 

Ok, thanks.

Yep, both are those cheap DSL routers, not configurable. So I will most likely follow the advice by whig and block the requests in a firewall.

Cheers,

Ekki

----------

## ekki_123

 *whig wrote:*   

> I would suggest firewall out the unwanted traffic (responses) on the clients, but I don't know the specific rule.

 

Ok, I think that's the easiest way, thanks. I will have the bridge between the two networks have all dhcp related stuff blocking. Time to get the firewall docs out...

Cheers,

Ekki

----------

## alex.blackbit

i suggest to use net-firewall/shorewall as a frontend to iptables for your convenience.

----------

## UberLord

Using dhcpcd-5 you can use the blacklist option in /etc/dhcpcd.conf

```

#We have a rogue DHCP server, so ignore it

blacklist 192.168.1.4
```

----------

## think4urs11

 *UberLord wrote:*   

> Using dhcpcd-5 you can use the blacklist option in /etc/dhcpcd.conf
> 
> ```
> #We have a rogue DHCP server, so ignore itblacklist 192.168.1.4
> ```
> ...

 

Mhh not thaaaat much helpful. Normally when there's a rogue DHCP server you don't know its ip/mac address beforehand but only when it is too late already. (And if you do the better way is to disable it - means fix the problem, not cure the symptoms)

Is there something available/planned to configure (a list of) allowed DHCP servers instead, i.e. a DHCP-Server-whitelist instead of a blacklist?

----------

## alex.blackbit

UberLord,

when can we expect dhcpcd-5 to be unmasked?

----------

## UberLord

 *alex.blackbit wrote:*   

> UberLord,
> 
> when can we expect dhcpcd-5 to be unmasked?

 

When OpenRC goes stable I guess.

dhcpcd-5 will not work with baselayout-1, and the baselayout maintainers have chosen not to do anything.

On the other hand, as OpenRC as been ~arch for a long time now, we could unmask it to ~arch.

----------

## UberLord

 *Think4UrS11 wrote:*   

>  *UberLord wrote:*   Using dhcpcd-5 you can use the blacklist option in /etc/dhcpcd.conf
> 
> ```
> #We have a rogue DHCP server, so ignore itblacklist 192.168.1.4
> ```
> ...

 

Yes, a blacklist is reactive, but that's the nature of the beast.

The blacklist was only really implemented because we have a very very bad ADSL router from BT at work where the internal DHCP server is impossible to turn off and it NAKs the main DHCP server. The modem only lasted a few days because of that, but it demonstrated why it was needed.

You can also specify a CIDR for blacklist, so to eliminate the whole 192.168 range

```
# We never get addresses from the common 192.168 block, so reject them

blacklist 192.168.0.0/24
```

A whitelist is certainly possible.

Why not open a ticket at http://roy.marples.name/projects/dhcpcd/newticket and I'll see what can be done?

----------

## UberLord

 *UberLord wrote:*   

> A whitelist is certainly possible.
> 
> Why not open a ticket at http://roy.marples.name/projects/dhcpcd/newticket and I'll see what can be done?

 

Whitelist implemented  :Smile: 

http://roy.marples.name/projects/dhcpcd/changeset/64aa37ca92021264fb234bbe6db17de3d1ba8748

----------

