DHCP 雙機的BUG嗎？

summer820228

有誰用RedHat Linux AS 5 做過DHCP的雙機熱備.  是已經(jīng)穩(wěn)定運行的. 能給個配置文檔嗎?
要求兩臺機器機上地址池是相同的~采用dhcp的Failover協(xié)議
我在實際操作過程中.遇見了這樣一個問題.當一臺DHCP 服務(wù)器Down時.  別一臺服務(wù)器是起了作用.  而且客戶端也能分到地址,但是當客戶端用ipconfig /release 釋放地址之后就會獲得一個新的IP,直到地址池耗盡不能在分到IP.試過了改很多東西都不靈.  有人做過這東西嗎?  網(wǎng)通和電信的DHCP又是怎么做的呢.   不能就一臺吧. 還是有專門開發(fā)的軟件.   有高人賜教嗎？

kns1024wh

將目前工作的進展以及出現(xiàn)問題時的日志具體發(fā)上來，以便大家?guī)湍惴治?/td>

kns1024wh

Introduction

This tutorial will walk you through setting up DHCP fail over on CentOS 5.1 using the default ISC dhcp server, this can easily be adapted to any other Linux distro out there. You will most likely need Failover in environments where network down time can not be tolerated. My home is running a DLNA setup so I need my devices to be able to obtain network parameters at all times.

Since DHCP and DNS often go hand in hand i will be configuring a local DNS server which allows for dynamic updates, such that hostnames will be automatically updated to DNS when ever a lease is granted to a client.

My configuration with use the following please substitute to reflect your own network.

·
Domain name - home.topdog-software.com

·
Network - 192.168.1.0/24

·
DHCP servers - 192.168.1.2,192.168.1.3

·
Gateway - 192.168.1.254

·
DNS servers - 192.168.1.2,192.168.1.3

Install required Packages

·
DHCP

# yum install dhcp -y

·
DNS

# yum install bind bind-chroot caching-nameserver -y

·
NTP

# yum install ntp -y

Configuration

DHCP

Backup your original config on the Master 192.168.1.2:

# cp /etc/dhcpd.conf /etc/dhcpd.conf.orig

Edit the DHCP configuration /etc/dhcpd.conf on the master 192.168.1.2 and add the following, read the comments to understand the options:

authoritative;
# server is authoritative

option domain-name "home.topdog-software.com";
# the domain name issued

option domain-name-servers 192.168.1.2,192.168.1.3;
# name servers issued

option netbios-name-servers 192.168.1.2;
# netbios servers

allow booting;
# allow for booting over the network

allow bootp;
# allow for booting

next-server 192.168.1.2;
# TFTP server for booting

filename "pxelinux.0";
# kernel for network booting

ddns-update-style interim;
# setup dynamic DNS updates

ddns-updates on;

ddns-domainname "home.topdog-software.com";
# domain name for DDNS updates

key rndckey {

algorithm
hmac-md5;

secret
"xxxxxxxxxx";
# get from the /etc/rndc.key file

}

zone home.topdog-software.com
# forward zone to update

{

primary 127.0.0.1;
# update on the local machine

key rndckey;
# key to use for the update

}

zone 1.168.192.in-addr.arpa
# reverse zone to update

{

primary 127.0.0.1;
# update on the local machine

key rndckey;
# key for update

}

failover peer "home-net" {
# fail over configuration

primary;
# This is the primary

address 192.168.1.2;
# primarys ip address

port 647;

peer address 192.168.1.3;
# peer's ip address

peer port 647;

max-response-delay 60;

max-unacked-updates 10;

mclt 3600;

split 128;

load balance max seconds 3;

}

subnet 192.168.1.0 netmask 255.255.255.0
# zone to issue addresses from

{

pool {

failover peer "home-net";
# pool for dhcp leases with failover bootp not allowed

deny dynamic bootp clients;

option routers 192.168.1.254;

range 192.168.1.25 192.168.1.50;

}

pool {

# accomodate our bootp clients here no replication and failover

option routers 192.168.1.254;

range 192.168.1.51 192.168.1.55;

}

allow unknown-clients;

ignore client-updates;

}

Back up your original config on the Slave 192.168.1.3:

# cp /etc/dhcpd.conf /etc/dhcpd.conf.orig

Edit the DHCP configuration /etc/dhcpd.conf on the slave 192.168.1.3 and add the following, read the comments to understand the options:

authoritative;
# server is authoritative

option domain-name "home.topdog-software.com";
# the domain name issued

option domain-name-servers 192.168.1.2,192.168.1.3;
# name servers issued

option netbios-name-servers 192.168.1.2;
# netbios servers

allow booting;
# allow for booting over the network

allow bootp;
# allow for booting

next-server 192.168.1.2;
# TFTP server for booting

filename "pxelinux.0";
# kernel for network booting

ddns-update-style interim;
# setup dynamic DNS updates

ddns-updates on;

ddns-domainname "home.topdog-software.com";
# domain name for DDNS updates

key rndckey {

algorithm
hmac-md5;

secret

"xxxxxxxxxx";
# get from the /etc/rndc.key file on the master

}

zone home.topdog-software.com
# forward zone to update

{

primary 192.168.1.2;
# update on the local machine

key rndckey;
# key to use for the update

}

zone 1.168.192.in-addr.arpa
# reverse zone to update

{

primary 192.168.1.2;

# update on the local machine

key rndckey;
# key for update

}

failover peer "home-net" {
# fail over configuration

secondary;

# This is the secondary

address 192.168.1.3;
# our ip address

port 647;

peer address 192.168.1.2;
# primary's ip address

peer port 647;

max-response-delay 60;

max-unacked-updates 10;

mclt 3600;

load balance max seconds 3;

}

subnet 192.168.1.0 netmask 255.255.255.0
# zone to issue addresses from

{

pool {

failover peer "home-net";

# pool for dhcp leases with failover bootp not allowed

deny dynamic bootp clients;

option routers 192.168.1.254;

range 192.168.1.25 192.168.1.50;

}

pool {

# accomodate our bootp clients here no replication and failover

option routers 192.168.1.254;

range 192.168.1.51 192.168.1.55;

}

allow unknown-clients;

ignore client-updates;

}

DNS

Back up the the Bind configuration on the master:

# cp /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.caching-nameserver.conf.orig

Edit the configuration to reflect the config below.

options {

directory

"/var/named";

dump-file
"/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

query-source
port 53;

query-source-v6 port 53;

allow-query
{ localhost; localnets; };

};

include "/etc/rndc.key";

include "/etc/named.rfc1912.zones";

zone "home.topdog-software.com" {

type master;

file "data/home.topdog-software.com.hosts";

allow-transfer { 192.168.1.3; };

allow-update { key "rndckey"; };

allow-query { any; };

};

zone "1.168.192.in-addr.arpa" {

type master;

file "data/1.168.192.in-addr.arpa.hosts";

allow-transfer { 192.168.1.3; };

allow-update { key "rndckey"; };

allow-query { any; };

};

Back up the the Bind configuration on the slave:

# cp /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.caching-nameserver.conf.orig

Edit the configuration to reflect the config below.

options {

directory
"/var/named";

dump-file
"/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

query-source
port 53;

query-source-v6 port 53;

allow-query
{ localhost; localnets; };

};

include "/etc/rndc.key";

include "/etc/named.rfc1912.zones";

zone "home.topdog-software.com" {

type slave;

masters { 192.168.1.2; };

file "data/home.topdog-software.com.hosts";

};

zone "1.168.192.in-addr.arpa" {

type slave;

masters { 192.168.1.2; };

file "data/1.168.192.in-addr.arpa.hosts";

};

Create the zone files on the master

·
/var/named/chroot/var/named/data/home.topdog-software.com.hosts

·
$ORIGIN .

·
$TTL 38400

·
home.topdog-software.com IN SOA ns1.home.topdog-software.com. andrew.topdog.za.net. (

·

2008061629 ; serial

·


10800
; refresh (3 hours)

·

3600
; retry (1 hour)

·

604800
; expire (1 week)

·

38400
; minimum (10 hours 40 minutes)

·


)

·

NS
ns1.home.topdog-software.com.

·

NS
ns2.home.topdog-software.com.

·
ns1
IN
A 192.168.1.2

·
ns2
IN
A 192.168.1.3

·
/var/named/chroot/var/named/data/1.168.192.in-addr.arpa.hosts

·
$ORIGIN .

·
$TTL 38400
; 10 hours 40 minutes

·
1.168.192.in-addr.arpa
IN SOA
ns1.home.topdog-software.com. andrew.topdog.za.net. (

·

2008061644 ; serial

·

10800
; refresh (3 hours)

·


3600
; retry (1 hour)

·

604800
; expire (1 week)

·

38400
; minimum (10 hours 40 minutes)

·

)

·

NS
ns1.home.topdog-software.com.

·

NS
ns2.home.topdog-software.com.

·
2
IN
PTR ns1.home.topdog-software.com.

·
3
IN
PTR ns2.home.topdog-software.com.

NTP

NTP is required because the two DHCP servers need to be in sync for fail over as well as DDNS to take place. You can run a full fledged NTP server if you want, i will only provide you with instructions on using cron to sync NTP to an external NTP server every hour. You need to do this on BOTH servers.

·
create a file /etc/cron.hourly/timesync and add the following:

·
#!/bin/bash

·
#

·
ntpdate -s 0.rhel.pool.ntp.org

·
make the file executable and run it for the first time:

# /etc/cron.hourly/timesync

Finally

Well we are done, let's fire up the services and begin testing.

·
on the master:

# service named start
# service dhcpd start

·
on the slave:

# service named start
# service dhcpd start

You should see the following in your logs on the master:

Jun 16 13:58:56 kudusoft dhcpd: failover peer home-net: I move from recover to startup

Jun 16 13:58:56 kudusoft dhcpd: dhcpd startup succeeded

Jun 16 13:58:56 kudusoft dhcpd: failover peer home-net: I move from startup to recover

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer moves from unknown-state to recover

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: requesting full update from peer

Jun 16 13:59:12 kudusoft dhcpd: Sent update request all message to home-net

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer moves from recover to recover

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: requesting full update from peer

Jun 16 13:59:12 kudusoft dhcpd: Update request all from home-net: sending update

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: peer update completed.

Jun 16 13:59:12 kudusoft dhcpd: failover peer home-net: I move from recover to recover-done

Jun 16 13:59:13 kudusoft dhcpd: Sent update done message to home-net

Jun 16 13:59:13 kudusoft dhcpd: failover peer home-net: peer moves from recover to recover-done

Jun 16 13:59:13 kudusoft dhcpd: failover peer home-net: I move from recover-done to normal

Jun 16 13:59:13 kudusoft dhcpd: failover peer home-net: peer moves from recover-done to normal

Jun 16 13:59:14 kudusoft dhcpd: pool 914eb10 192.168.1/24 total 26
free 25
backup 0
lts -12

Jun 16 13:59:14 kudusoft dhcpd: pool 914eb10 192.168.1/24
total 26
free 25
backup 0
lts 12

And on the slave:

Jun 16 13:59:12 shaka dhcpd: Sending on
Socket/fallback/fallback-net

Jun 16 13:59:12 shaka dhcpd: failover peer home-net: I move from recover to startup

Jun 16 13:59:12 shaka dhcpd: failover peer home-net: peer moves from unknown-state to recover

Jun 16 13:59:12 shaka dhcpd: dhcpd startup succeeded

Jun 16 13:59:12 shaka dhcpd: failover peer home-net: requesting full update from peer

Jun 16 13:59:12 shaka dhcpd: failover peer home-net: I move from startup to recover

Jun 16 13:59:12 shaka dhcpd: Sent update request all message to home-net

Jun 16 13:59:12 shaka dhcpd: Sent update done message to home-net

Jun 16 13:59:12 shaka dhcpd: Update request all from home-net: nothing pending

Jun 16 13:59:12 shaka dhcpd: failover peer home-net: peer moves from recover to recover-done

Jun 16 13:59:14 shaka dhcpd: failover peer home-net: peer update completed.

Jun 16 13:59:14 shaka dhcpd: failover peer home-net: I move from recover to recover-done

Jun 16 13:59:14 shaka dhcpd: failover peer home-net: peer moves from recover-done to normal

Jun 16 13:59:14 shaka dhcpd: failover peer home-net: I move from recover-done to normal

Jun 16 13:59:14 shaka dhcpd: pool 9d78ad8 192.168.1/24 total 26
free 25
backup 0
lts 12

Jun 16 13:59:14 shaka dhcpd: pool response: 12 leases

summer820228

請問三樓的哥們，這是你們單位現(xiàn)在所用的嗎？  您試過嗎？
我的DHCP的做法和你給我發(fā)的文檔基本一樣,  兩臺機器之間可以互交換信息的. 只不過是當一臺DHCP掛了的時候. 如果用戶使用ipconfig /release 釋放地址之后就會獲得一個新的IP,直到地址池耗盡不能在分到IP.    我也不能期待用戶不用這個命令啊~~~  呵呵.

summer820228

我不要從網(wǎng)上貼的~哪位高手幫幫忙~

bingosek

我做過，而且在3對服務(wù)器上部署過，配置我有時間再發(fā)

建議你檢查一下tcp port，我記得好像兩邊是不一樣的

bingosek

另外，電信使用專業(yè)的dhcp設(shè)備，不是服務(wù)器＋linux＋ISC dhcp做的

summer820228

port 647;

peer port 647;

您指的是這個端口嗎?  一樣的. 還有不一樣的我都試過.  

效果是一樣的.  很迷茫~

能把你的配置發(fā)上來看一下嗎?  真的很急啊.  謝謝你了

summer820228

Mar 27 18:34:50 Server2 dhcpd: timeout waiting for failover peer dhcp
Mar 27 18:34:50 Server2 dhcpd: peer dhcp: disconnected
Mar 27 18:34:50 Server2 dhcpd: failover peer dhcp: I move from normal to communications-interrupted
Mar 27 18:35:07 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:08 Server2 dhcpd: DHCPOFFER on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:08 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 (192.168.30.22) from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:08 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:10 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:10 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:16 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:16 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:19 Server2 dhcpd: DHCPREQUEST for 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:19 Server2 dhcpd: DHCPACK on 10.102.129.5 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1
Mar 27 18:35:26 Server2 dhcpd: DHCPRELEASE of 10.102.129.5 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1 (found)
Mar 27 18:35:31 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:32 Server2 dhcpd: DHCPOFFER on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:36 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:36 Server2 dhcpd: DHCPOFFER on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPOFFER on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPREQUEST for 10.102.129.6 (192.168.30.22) from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:45 Server2 dhcpd: DHCPACK on 10.102.129.6 to 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1
Mar 27 18:35:55 Server2 dhcpd: DHCPRELEASE of 10.102.129.6 from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via eth1 (found)
Mar 27 18:36:02 Server2 dhcpd: DHCPDISCOVER from 00:23:ae:0a:ca:b9 (Hostname Unsuitable for Printing) via 10.102.129.1: peer holds all free leases
Mar 27 18:37:05 Server2 last message repeated 4 times

summer820228

# All times in this file are in UTC (GMT), not your local timezone.   This is
# not a bug, so please don't ask about it.   There is no portable way to
# store leases in the local timezone, so please don't request this as a
# feature.   If this is inconvenient or confusing to you, we sincerely
# apologize.   Seriously, though - don't ask.
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-V3.0.5-RedHat

failover peer "dhcp" state {
  my state communications-interrupted at 5 2009/03/27 10:34:50;
  partner state normal at 5 2009/03/27 10:29:52;
  mclt 3600;
}
lease 10.102.129.5 {
  starts 5 2009/03/27 10:35:19;
  ends 5 2009/03/27 10:35:26;
  tstp 5 2009/03/27 19:35:19;
  tsfp 5 2009/03/27 19:33:49;
  cltt 5 2009/03/27 10:35:19;
  binding state released;
  next binding state free;
  hardware ethernet 00:23:ae:0a:ca:b9;
  uid "\001\000#\256\012\312\271";
}
lease 10.102.129.6 {
  starts 5 2009/03/27 10:35:45;
  ends 5 2009/03/27 10:35:55;
  tstp 5 2009/03/27 17:05:45;
  tsfp 5 2009/03/27 10:29:52;
  cltt 5 2009/03/27 10:35:45;
  binding state released;
  next binding state free;
  hardware ethernet 00:23:ae:0a:ca:b9;
  uid "\001\000#\256\012\312\271";
}
failover peer "dhcp" state {
  my state communications-interrupted at 5 2009/03/27 10:34:50;
  partner state normal at 5 2009/03/27 10:29:52;
  mclt 3600;
}
failover peer "dhcp" state {
  my state communications-interrupted at 5 2009/03/27 10:34:50;
  partner state normal at 5 2009/03/27 10:29:52;
  mclt 3600;
}