Knowledge Base ISC Main Website Ask a Question/Contact ISC
DHCP 4.2.2 Release Notes
Author: Reference Number: AA-00432 Views: 10634 Created: 2011-08-10 13:10 Last Updated: 2011-09-09 00:02 0 Rating/ Voters

Introduction

DHCP 4.2.2 is the current  release of DHCP 4.2.

This document summarizes changes from DHCP  4.2.1 to DHCP 4.2.2. Please see the CHANGES file in the source code release for a complete list of all changes.

Download

The latest release of ISC DHCP  software can always be found on our web site at http://www.isc.org/downloads/all. There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems.

Support

Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo.

New Features

- Strict checks for content of domain-name DHCPv4 option can now be   configured during compilation time. Even though RFC2132 does not allow   to store more than one domain in domain-name option, such behavior is   now enabled by default, but this may change some time in the future.  See ACCEPT_LIST_IN_DOMAIN_NAME define in includes/site.h.  [ISC-Bugs #24167]

- Add the option "--no-pid" to the client, relay and server code,  to disable writing a pid file.  Add the option "-pf pidfile"  to the relay to allow the user to supply the pidfile name at  runtime.  Add the "with-relay6-pid-file" option to configure  to allow the user to supply the pidfile name for the relay  in v6 mode at configure time.  [ISC-Bugs #23351] [ISC-Bugs #17541]


Security Fixes

! Two packets were found that cause a server to halt.  The code  has been updated to properly process or reject the packets as  appropriate.  Thanks to David Zych at University of Illinois  for reporting this issue.  [ISC-Bugs #24960]  One CVE number for each class of packet.  CVE-2011-2748  CVE-2011-2749


Bug Fixes

- DNS Update fix. A misconfigured server could crash during DNS update  processing if the configuration included overlapping pools or  multiple fixed-address entries for a single address.  This issue  affected both IPv4 and IPv6. The fix allows a server to detect such  conditions, provides the user with extra information and recommended  steps to fix the problem.  If the user enables the appropriate option  in site.h then server will be terminated  [ISC-Bugs #23595]

- DHCPv6 server now responds properly if client asks for a prefix that  is already assigned to a different client. [ISC-Bugs #23948]

- 'dhclient' no longer waits a random interval after first starting up to  begin in the INIT state.  This conforms to RFC 2131, but elects not to  implement a 'SHOULD' direction in section 4.1. [ISC-Bugs #19660]  

- Added 'initial-delay' parameter that specifies maximum amount of time   before client goes to the INIT state. The default value is 0. In previous   versions of the code client could wait up to 5 seconds. The old behavior   may be restored by using 'initial-delay 5;' in the client config file.  [ISC-Bugs #19660]

- ICMP ping-check should now sit closer to precisely the number of seconds  configured (or default 1), due to making use of the new microsecond  scale timer internally to dhcpd.  This corrects a bug where the server  may immediately timeout an ICMP ping-check if it was made late in the  current second. [ISC-Bugs #19660]

- The DHCP client will schedule renewal and rebinding events in  microseconds if the DHCP server provided a lease-time that would result  in sub-1-second timers.  This corrects a bug where a 2-second or lower  lease-time would cause the DHCP client to enter an infinite loop by  scheduling renewal at zero seconds. [ISC-Bugs #19660]

- Client lease records are recorded at most once every 15 seconds.  This  keeps the client from filling the lease database disk quickly on very small  lease times. [ISC-Bugs #19660]

- To defend against RFC 2131 non-compliant DHCP servers which fail to  advertise a lease-time (either mangled, or zero in value) the DHCP  client now adds the server to the reject list ACL and returns to INIT  state to hopefully find an RFC 2131 compliant server (or retry in INIT  forever). [ISC-Bugs #19660]

- Parameters configured to evaluate from user defined function calls can  now be correctly written to dhcpd.leases (as on 'on events' or dynamic  host records inserted via OMAPI).  [ISC-Bugs #22266]

- If a 'next-server' parameter is configured in a dynamic host record via  OMAPI as a domain name, the syntax written to disk is now correctly parsed  upon restart.  [ISC-Bugs #22266]

- The DHCP server now responds to DHCPLEASEQUERY messages from agents using  IP addresses not covered by a subnet in configuration.  Whether or not to  respond to such an agent is still governed by the 'allow leasequery;'  configuration parameter, in the case of an agent not covered by a configured  subnet the root configuration area is examined. Server now also returns  vendor-class-id option, if client sent it. [ISC-Bugs #21094]


Documentation Fixes

  [ISC-Bugs #17959] add text to AIX section describing how to have it send  responses to the all-ones address.

  [ISC-Bugs #19615] update the includes in dhcpctl/dhcpctl.3 to be more correct

  [ISC-Bugs #20676] update dhcpd.conf.5 to include the RFC numbers for DDNS

- Linux Packet Filter interface improvement. sockaddr_pkt structure is used,   rather than sockaddr. Packet etherType is now forced to ETH_P_IP.   [ISC-Bugs #18975]


Known Issues In This Release

In order to support asynchronous DDNS in 4.2.0 we modified how the DDNS code interacts with leases. Some of these changes interact badly with configurations that include multiple instances of the same lease and can cause a server to crash. We have included some code to help identify and log these issues and are continuing work on a better fix. However these are mis-configurations and the only complete fix is to modfiy your configuration file to avoid them. You should verify that any address is in only one range, pool or fixed address statement. For example an IPv6 address should not be in a range for both a temporary address pool and a non-temporary address pool. While this issue can cause the server to crash, it is not a security issue as it requires a specific type of mis-configuration in the configuration file.


Thank You

Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/supportisc. For information on how to install, configure and run this software, as well as how to find documentation and report bugs, please consult the README file.





© 2001-2017 Internet Systems Consortium

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback
  • There is no feedback for this article
Quick Jump Menu