dhcpy6d-example.conf

# dhcpy6d example configuration
#
# The first section [dhcpy6d] contains general options.
# All sections whose name starts with "address_" are address
# definitions. These are used in the sections named something
# like "class_". These contain definitions for classes of clients.
# The membership of clients of a class is defined in the client
# configuration from client config file or config database.
# Addresses contain various properties best seen on examples
# down below. Classes contain extra properties like nameservers
# for clients and filters.
# There is one predefined class: "default". If not set in a
# [class_default] section all clients which have no configuration
# or match no filter are automatically of this class. If
# [class_default] is not set the address "default" is used which
# also can be defined in an [address_default] section.

[dhcpy6d]

# GENERAL OPTIONS

# Server interface - multiple interfaces have to be separated by spaces.
interface = eth0

# Multicast address to listen at
# sensible default for local subnet is ff02::1:2.
#mcast = ff02::1:2

# Port to listen at - like multicast address also defined by RFC.
#port = 547

# Not used yet.
#address = ::1

# Server DUID - if not set there will be one generated every
# time dhcpy6d starts. This might cause trouble for Windows
# clients because they go crazy about the changed server DUID.
# Please note that the commandline argument --duid overrides this
# setting. This is the case in Debian /etc/init.d/dhcpy6d script
# which uses the generated DUID value from /etc/default/dhcpy6d.
#serverduid = 0001000100000000000000000000

# Server preference is 255 as default.
#server_preference = 255

# non-privileged user/group
user = dhcpy6d
group = dhcpy6d

# Nameserver for option 23 - there can be several specified
# separated by spaces.
nameserver = fd01:db8::53

# Domain to be used for option 39 - host FQDN
domain = local

# Domain search list for option 24 - domain search list. If omited the value
# of option "domain" above is taken as default
domain_search_list = foo.com bar.com

# Do logging.
log = yes
# Log to console.
log_console = no
# Path to logfile.
log_file = dhcpy6d.log
# Log to syslog daemon
log_syslog = no
# Syslog facility
log_syslog_facility = daemon
# A remote server syslog socket or a local unix socket
log_syslog_destination = remote-server:514

# Log discovered MAC/LLIP pairs of clients
log_mac_llip = no

# Configuration of clients can be stored in text file or in MySQL or
# SQLite database. See delivered config.sql and volatile.sql for
# database schemes.
# Use for small environment could be to get config from text file
# and store leases in SQLite database. Larger setups might have use
# for config and volatile data in MySQL database.
# Store config type is one of "file", "mysql", "sqlite" or "none".
# if "none" no client configuration is used.
store_config = file
# Dito for store volatile data like leases and MAC-LLIPs-mapping -
# one of "mysql" or "sqlite".
store_volatile = mysql

# Path to file used for configuration of clients.
store_file_config = clients.conf

# Data used for MySQL storage
# host
store_mysql_host = localhost
# database
store_mysql_db = dhcpy6d
# user
store_mysql_user = dhcpy6d
# password
store_mysql_password = dhcpy6d

# Paths to SQLite database files.
# config.sqlite and volatile.sqlite are included in source folder.
store_sqlite_config = config.sqlite
store_sqlite_volatile = volatile.sqlite

# Authentication information needed for reconfigure requests does
# not work so it can safely be ignored.
# If it would work it had to be some 128 bit key.
#authentication_information = 00000000000000000000000000000000

# Flag to let dhcpy6d really answer to client requests -
# might be of use for debugging and testing.
really_do_it = yes

# Declare which attributes of a requesting client should be checked
# to prove its identity. Default is "mac", but "duid" and "hostname"
# are allowed too. It is even possible to mix them, separated by
# spaces.
#identification = mac duid hostname
identification = mac

# Declare if all checked attributes have to match or is it enough if
# some do. Options are "match_all" and "match_some". The latter
# might be interesting if there are some dualboot clients whose MAC
# addresses match but their DUIDs don't.
identification_mode = match_all

# DYNAMIC DNS UPDATES

# This works at the moment only for ISC Bind nameservers.
# Do dynamic DNS updates. Default is "no".
dns_update = no

# RNDC key name for DNS Update.
dns_rndc_key = rndc-key

# RNDC secret - mostly some MD5-hash. Take it from
# nameservers' /etc/rndc.key.
dns_rndc_secret = 0000000000000000000

# Nameserver to talk to.
dns_update_nameserver = ::1

# Regarding RFC 4704 5. there are 3 kinds of client behaviour
# for N O S bits:
# - client wants to update DNS itself -> sends 0 0 0
# - client wants server to update DNS -> sends 0 0 1
# - client wants no server DNS update -> sends 1 0 0
# Ignore client ideas about DNS (if at all, what name to use,
# self-updating...) 
dns_ignore_client = yes

# Use client supplied hostname - yes or no. It is no problem to
# override client desires.
dns_use_client_hostname = no

# IA_NA/IA_TA OPTIONS

# These lifetimes are also used as default for addresses which
# have no extra defined lifetimes.
# Lifetimes can be defined in address definitions.
# RENEW (T1) and REBIND (T2) timers can be defined in
# class definitions.

# Default preferred lifetime in seconds
preferred_lifetime = 43200
# default valid lifetime in seconds
valid_lifetime = 64800
# T1
t1 = 21600
# T2
t2 = 32400

# information refresh time for option 32 
information_refresh_time = 3600

# DEFINITION OF AVAILABLE ADDRESSES

# Addresses are defined by patterns of static and variable parts.
#
# There are different categories: "random", "range", "id", "mac":
#
# $random64$ - calculate random 64 bit interface identifier address
# part. maybe future a version will allow shorter random
# $range$ - use range addresses - only in the last octet of address
# $id$ - if configuration of clients contain some kind of ID 
# it can be used for one octet
# $mac$ - puts MAC address into 3 octets - works only on local subnet
#
# Categories and variables used in pattern must match!
# The two options every address definition must have are category
# and pattern.

# 1. Example: definition of a normal locally and globally connected
# valid client

# a globally unique address
[address_global] 
# For privacy a global address might better be randomly created.
category = random
# This pattern results in an address like this:
# 2001:0db8:0000:0000:d3f6:834a:03d5:139c.
pattern = 2001:db8::$random64$
# IA type is mostly non-temporary as default so it is not necessary
# to declare here.
ia_type = na
# Lifetimes can be set in seconds for every defined address.
preferred_lifetime = 32400
valid_lifetime = 43200

# A unique local address
[address_local_valid]
# For easier internal management put MAC address into address.
category = mac
# Given MAC 01:02:03:04:05:06 this pattern results in an address
# like this: fd01:db8:0000:0000:babe:0102:0304:0506.
pattern = fd01:db8::babe:$mac$
# Update these addresses in Bind DNS - defaults to "no"
dns_update = yes
# Zone to update.
dns_zone = example.com
# Reverse zone to update
dns_rev_zone = 1.0.d.f.ip6.arpa

# Define a class for normal valid clients.
[class_valid_client]
# These clients get 2 Addresses, one internal ULA and one global.
# Different addresses should be separated by spaces.
# Note that "address_" from address definition section is omitted
# here!
addresses = global local_valid
# Some internal example nameserver.
nameserver = fd01:db8::53

# 2. Example: definition of a class for invalid clients

[address_local_invalid]
# Invalid clients will get addresses of a range.
category = range
# Definition of range.
range = 1000-1fff
# Local address for invalid clients will get another prefix
# Resulting addresses look like
# fd01:0db8:0bad:0000:0000:0000:0000:1000
pattern = fd01:db8:bad::$range$
# Lifetimes of address are shorter for faster reaction to status
# changes.
preferred_lifetime = 2700
valid_lifetime = 3600

# Class for invalid clients
[class_invalid_client]
addresses = local_invalid
# Extra nameserver for invalid clients.
nameserver = fd01:db8:bad::53
# Short interval of address refresh attempts.
t1 = 600
t2 = 900

# 3. Example: definition of filtered clients

[address_filtered]
# Filtered clients will get addresses of a range.
category = range
# Definition of range.
range = 1000-1fff
# Local address for filtered clients will get another prefix
# Resulting addresses look like
# fd01:0db8:0000:0000:babe:0000:0000:1000
pattern = fd01:db8::babe:0:0:$range$

[class_filtered_clients]
addresses = filtered
# Filters are regular expessions.
# See http://docs.python.org/howto/regex.html
# There are three types of filters allowed:
# filter_hostname
# filter_mac
# filter_duid
# With this setting all clients which transmit a hostname starting
# with "windows" will get an address of range
# fd01:db8::beef:0:0:1000 to fd01:db8::beef:0:01fff
filter_hostname = windows.*

# 4. Example: default addresses for all unknown clients

# It should be enough if address_default is defined, only if
# unknown clients should get
# extra nameservers etc. a class_default has to be set.

[address_default]
category = mac
# Given MAC 01:02:03:04:05:06 this pattern results in an
# address like this: fd01:db8:dead:0bad:beef:0102:0304:0506.
pattern = fd01:db8:dead:bad:beef:$mac$