Lease times and renewals [refer to Re: [Dnsmasq-discuss] Secondary/tertiary dns servers in dhcp offers?]

Simon Kelley
Wed, 17 Nov 2004 13:44:34 +0000

Rory Campbell-Lange wrote:
> I have added the work-around. Any news on the potential confusion you
> refer to?

I have a fix which you are welcome to try out (but you probably don't
need it - see below.)
> My plan is to move everyone in the office to a specified mac address/ip
> address pairing, monitored by arpwatch, and then give unspecified hosts
> an ip address which I will block from accessing the servers through
> tcp-wrappers.
> Just to check, I intend doing the following 
>     dhcp-host=...10.0.0..50
>     ...through to...
>     dhcp-host=...10.0.0..150
>     dhcp-range=alien,,
> and blocking alien from the servers.
> Is this likely to work?

It will work fine, but note that you don't need


The dhcp-range does two things, it enables DHCP on the subnet given, and
it gives the range of addresses available for dynamic allocation. The
fact that the your dhcp-host options are outside the range doesn't
matter, as long as they are on the same subnet as the dhcp range.

In your case you don't want unknown hosts to be dynamically allocated in
the 50-100 range, so you should not include a dhcp-range over those

A few other points which might be useful.

1) The subnet enabled by a dhcp-range of course depends on the netmask
as well as the address. Dnsmasq normally gets this from the interface
configuration, so on a machine with an interface configured as
with a netmask then you can put dhcp-hosts anywhere from to If the interface netmask was then the
range would be to It's possible to overide the
netmask from the interface by putting it in the dhcp-range option


and that is mandatory when serving DHCP to a remote network via a DHCP

2) If you want to enable DHCP on a subnet for static hosts not allow
dynamic address allocation at all, you can do this:


3) If you want to keep you list of machines in a seperate config file,
there are two ways to do it, either include it from the main file with
conf-file=, or tell dnsmasq to read /etc/ethers and keep the list there.



> Rory