/
dhcpy6d-example.conf
297 lines (249 loc) · 9.3 KB
/
dhcpy6d-example.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
# dhcpy6d example configuration
#
# The first section [dhcpy6d] contains general options.
# All sections whose name starts with "address_" are address
# definitions. These are used in the sections named something
# like "class_". These contain definitions for classes of clients.
# The membership of clients of a class is defined in the client
# configuration from client config file or config database.
# Addresses contain various properties best seen on examples
# down below. Classes contain extra properties like nameservers
# for clients and filters.
# There is one predefined class: "default". If not set in a
# [class_default] section all clients which have no configuration
# or match no filter are automatically of this class. If
# [class_default] is not set the address "default" is used which
# also can be defined in an [address_default] section.
[dhcpy6d]
# GENERAL OPTIONS
# Server interface - multiple interfaces have to be separated by spaces.
interface = eth0
# Multicast address to listen at
# sensible default for local subnet is ff02::1:2.
#mcast = ff02::1:2
# Port to listen at - like multicast address also defined by RFC.
#port = 547
# Not used yet.
#address = ::1
# Server DUID - if not set there will be one generated every
# time dhcpy6d starts. This might cause trouble for Windows
# clients because they go crazy about the changed server DUID.
# Please note that the commandline argument --duid overrides this
# setting. This is the case in Debian /etc/init.d/dhcpy6d script
# which uses the generated DUID value from /etc/default/dhcpy6d.
#serverduid = 0001000100000000000000000000
# Server preference is 255 as default.
#server_preference = 255
# non-privileged user/group
user = dhcpy6d
group = dhcpy6d
# Nameserver for option 23 - there can be several specified
# separated by spaces.
nameserver = fd01:db8::53
# Domain to be used for option 39 - host FQDN
domain = local
# Domain search list for option 24 - domain search list. If omited the value
# of option "domain" above is taken as default
domain_search_list = foo.com bar.com
# Do logging.
log = yes
# Log to console.
log_console = no
# Path to logfile.
log_file = dhcpy6d.log
# Log to syslog daemon
log_syslog = no
# Syslog facility
log_syslog_facility = daemon
# A remote server syslog socket or a local unix socket
log_syslog_destination = remote-server:514
# Log discovered MAC/LLIP pairs of clients
log_mac_llip = no
# Configuration of clients can be stored in text file or in MySQL or
# SQLite database. See delivered config.sql and volatile.sql for
# database schemes.
# Use for small environment could be to get config from text file
# and store leases in SQLite database. Larger setups might have use
# for config and volatile data in MySQL database.
# Store config type is one of "file", "mysql", "sqlite" or "none".
# if "none" no client configuration is used.
store_config = file
# Dito for store volatile data like leases and MAC-LLIPs-mapping -
# one of "mysql" or "sqlite".
store_volatile = mysql
# Path to file used for configuration of clients.
store_file_config = clients.conf
# Data used for MySQL storage
# host
store_mysql_host = localhost
# database
store_mysql_db = dhcpy6d
# user
store_mysql_user = dhcpy6d
# password
store_mysql_password = dhcpy6d
# Paths to SQLite database files.
# config.sqlite and volatile.sqlite are included in source folder.
store_sqlite_config = config.sqlite
store_sqlite_volatile = volatile.sqlite
# Authentication information needed for reconfigure requests does
# not work so it can safely be ignored.
# If it would work it had to be some 128 bit key.
#authentication_information = 00000000000000000000000000000000
# Flag to let dhcpy6d really answer to client requests -
# might be of use for debugging and testing.
really_do_it = yes
# Declare which attributes of a requesting client should be checked
# to prove its identity. Default is "mac", but "duid" and "hostname"
# are allowed too. It is even possible to mix them, separated by
# spaces.
#identification = mac duid hostname
identification = mac
# Declare if all checked attributes have to match or is it enough if
# some do. Options are "match_all" and "match_some". The latter
# might be interesting if there are some dualboot clients whose MAC
# addresses match but their DUIDs don't.
identification_mode = match_all
# DYNAMIC DNS UPDATES
# This works at the moment only for ISC Bind nameservers.
# Do dynamic DNS updates. Default is "no".
dns_update = no
# RNDC key name for DNS Update.
dns_rndc_key = rndc-key
# RNDC secret - mostly some MD5-hash. Take it from
# nameservers' /etc/rndc.key.
dns_rndc_secret = 0000000000000000000
# Nameserver to talk to.
dns_update_nameserver = ::1
# Regarding RFC 4704 5. there are 3 kinds of client behaviour
# for N O S bits:
# - client wants to update DNS itself -> sends 0 0 0
# - client wants server to update DNS -> sends 0 0 1
# - client wants no server DNS update -> sends 1 0 0
# Ignore client ideas about DNS (if at all, what name to use,
# self-updating...)
dns_ignore_client = yes
# Use client supplied hostname - yes or no. It is no problem to
# override client desires.
dns_use_client_hostname = no
# IA_NA/IA_TA OPTIONS
# These lifetimes are also used as default for addresses which
# have no extra defined lifetimes.
# Lifetimes can be defined in address definitions.
# RENEW (T1) and REBIND (T2) timers can be defined in
# class definitions.
# Default preferred lifetime in seconds
preferred_lifetime = 43200
# default valid lifetime in seconds
valid_lifetime = 64800
# T1
t1 = 21600
# T2
t2 = 32400
# information refresh time for option 32
information_refresh_time = 3600
# DEFINITION OF AVAILABLE ADDRESSES
# Addresses are defined by patterns of static and variable parts.
#
# There are different categories: "random", "range", "id", "mac":
#
# $random64$ - calculate random 64 bit interface identifier address
# part. maybe future a version will allow shorter random
# $range$ - use range addresses - only in the last octet of address
# $id$ - if configuration of clients contain some kind of ID
# it can be used for one octet
# $mac$ - puts MAC address into 3 octets - works only on local subnet
#
# Categories and variables used in pattern must match!
# The two options every address definition must have are category
# and pattern.
# 1. Example: definition of a normal locally and globally connected
# valid client
# a globally unique address
[address_global]
# For privacy a global address might better be randomly created.
category = random
# This pattern results in an address like this:
# 2001:0db8:0000:0000:d3f6:834a:03d5:139c.
pattern = 2001:db8::$random64$
# IA type is mostly non-temporary as default so it is not necessary
# to declare here.
ia_type = na
# Lifetimes can be set in seconds for every defined address.
preferred_lifetime = 32400
valid_lifetime = 43200
# A unique local address
[address_local_valid]
# For easier internal management put MAC address into address.
category = mac
# Given MAC 01:02:03:04:05:06 this pattern results in an address
# like this: fd01:db8:0000:0000:babe:0102:0304:0506.
pattern = fd01:db8::babe:$mac$
# Update these addresses in Bind DNS - defaults to "no"
dns_update = yes
# Zone to update.
dns_zone = example.com
# Reverse zone to update
dns_rev_zone = 1.0.d.f.ip6.arpa
# Define a class for normal valid clients.
[class_valid_client]
# These clients get 2 Addresses, one internal ULA and one global.
# Different addresses should be separated by spaces.
# Note that "address_" from address definition section is omitted
# here!
addresses = global local_valid
# Some internal example nameserver.
nameserver = fd01:db8::53
# 2. Example: definition of a class for invalid clients
[address_local_invalid]
# Invalid clients will get addresses of a range.
category = range
# Definition of range.
range = 1000-1fff
# Local address for invalid clients will get another prefix
# Resulting addresses look like
# fd01:0db8:0bad:0000:0000:0000:0000:1000
pattern = fd01:db8:bad::$range$
# Lifetimes of address are shorter for faster reaction to status
# changes.
preferred_lifetime = 2700
valid_lifetime = 3600
# Class for invalid clients
[class_invalid_client]
addresses = local_invalid
# Extra nameserver for invalid clients.
nameserver = fd01:db8:bad::53
# Short interval of address refresh attempts.
t1 = 600
t2 = 900
# 3. Example: definition of filtered clients
[address_filtered]
# Filtered clients will get addresses of a range.
category = range
# Definition of range.
range = 1000-1fff
# Local address for filtered clients will get another prefix
# Resulting addresses look like
# fd01:0db8:0000:0000:babe:0000:0000:1000
pattern = fd01:db8::babe:0:0:$range$
[class_filtered_clients]
addresses = filtered
# Filters are regular expessions.
# See http://docs.python.org/howto/regex.html
# There are three types of filters allowed:
# filter_hostname
# filter_mac
# filter_duid
# With this setting all clients which transmit a hostname starting
# with "windows" will get an address of range
# fd01:db8::beef:0:0:1000 to fd01:db8::beef:0:01fff
filter_hostname = windows.*
# 4. Example: default addresses for all unknown clients
# It should be enough if address_default is defined, only if
# unknown clients should get
# extra nameservers etc. a class_default has to be set.
[address_default]
category = mac
# Given MAC 01:02:03:04:05:06 this pattern results in an
# address like this: fd01:db8:dead:0bad:beef:0102:0304:0506.
pattern = fd01:db8:dead:bad:beef:$mac$