Ralphred Guru
Joined: 31 Dec 2013 Posts: 574
|
Posted: Mon Sep 23, 2024 9:42 pm Post subject: |
|
|
From a security perspective, only having "just enough addresses" isn't as good as adding Code: | pool {
range [start ip] [end ip];
deny unknown-clients; #<<this
host [hostname1] { hardware ethernet [mac address1]; } #<<and these to identify allowed clients
host [hostname2] { hardware ethernet [mac address2]; }
}#endpool
| into your pool definition, but I'm pretty strict about what gets an IP and what doesn't - normally if you aren't a "know host" you don't get one.
I have a #'d out pool in the middle of the subnet that does allow unknown hosts for when I have guests, add new hardware or am feeling lazy etc.
You should find that if you increase the lease time of the pool (for at least as long as you have things "switched off" normally) you'll end up with a "semi-fixed ip address assignment", as something rebooting will just get it's old address rebound. But if you have a specific device that's giving you grief just use Code: | host hostname {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address aaa.bbb.ccc.ddd;
} | and make it pre-assigned so it doesn't pollute the "free" section of the pool.
I actually use my dhcpd.conf as the "authoritative source" of what is on my network, so it's full of comments and descriptions, and I'm pretty obsessive about updating it for that reason. |
|