- 浏览: 1439617 次
- 性别:
- 来自: 郑州
文章分类
最新评论
-
getelephantbyid:
make 无法通过.....
php-5.3,php-5.4的thttpd2.25b补丁,及编译方法 -
getelephantbyid:
patch -p1 ../php-5.4.7_thttpd-2 ...
php-5.3,php-5.4的thttpd2.25b补丁,及编译方法 -
zander:
zander 写道c 语言是静态类型语言还是动态类型语言阅读理 ...
什么是动态语言和静态语言? -
zander:
c 语言是静态类型语言还是动态类型语言
什么是动态语言和静态语言? -
lunajiayou:
很有道理,赞一个
跟着苍蝇会找到厕所,跟着蜜蜂会找到花朵
Possibly the single most annoying misconfiguration of the ISC DHCP Server today is forgetting to set the 'authoritative;' directive, when doing so is appropriate.
When a DHCP server believes that a client is requesting an address that is not appropriate for the subnet to which it is attached, for example because a user's laptop received a lease from their home network the night prior, the server is expected to send a DHCPNAK in response to the client's DHCPREQUEST. This causes the client to immediately fall back to INIT state, forget its old lease, and start over from scratch as though it never had one. Out of the box, on a default configuration, ISC DHCP does not do this, and you are expected to configure 'authoritative;' on a line somewhere in your dhcpd.conf if you want this behaviour.
This means that the client will not start getting a lease until it gives up, on its own volition, on its old lease. Client implementations being different, there is nothing barring the client from trying to hold on to its old lease until it reaches its expiry time! Most clients however don't make you wait quite that long, and time out after several minutes.
If ISC DHCP's default configuration directive included this behaviour, than one of its chief uses, as a rogue DHCP server on college campuses, would cause extreme havoc and mayhem and possibly the deaths of several undergraduate students who don't realize the horror of attracting their operators' attentions.
So, if your DHCP server is the only one on the network, or the only one that SHOULD be on the network, or in general if you are in charge of the network to which it is attached and are therefore smart enough to not have more than one (or one failover pair) DHCP server, then you need to set 'authoritative'.
That said, it's still possible that ISC DHCP won't send a DHCPNAK in response to some queries. In particular, to requests for addresses that are within the DHCP server's subnet ranges, and are therefore reasonable for the network to which the client is attached, but do not appear in any pool statement, or host statement's fixed-address, or so forth. Quite often this ocurrs when DHCP pools are migrated, and the DHCP server is just trying to play nice in the event that another DHCP server is in charge of a different pool on the same subnet (and somehow your clients are configured to be smart enough to choose which lease to ask for).
You can tell that this is happening because ISC DHCPD will log a line indicating "Unknown lease."
To elicit DHCPNAKs from the server in this case, you need to configure a denial in the old pool's scope, as this example:
lease-file-name "/var/db/dhcpd.leases"; ddns-update-style none; authoritative; option domain-name "your.domain"; option domain-name-servers 10.0.0.2, 10.0.0.3; default-lease-time 3100; # 51 minutes. max-lease-time 604800; # 1 week subnet 10.0.0.0 netmask 255.255.255.0 { option routers 10.0.0.1; option subnet-mask 255.255.255.0; option broadcast-address 10.0.0.255; # The latest input from layer-9 required us to shift the dynamic # range from the top half of the subnet down to the bottom half. # This pool clause will elicit NAKs for the old leases while the # clients migrate. Remember to remove this once they've all booted # once or expired. pool { range 10.0.0.1 10.0.0.127; deny all clients; } pool { range 10.0.0.128 10.0.0.254; } }
发表评论
-
google pagespeed禁用改写html文件的cache头
2019-09-04 19:51 434这会禁用html文件的缓存,无法读取last-modifi ... -
macos 安装imagick解决php不能显示验证码的问题
2018-11-04 04:15 1156需要选安装pear,然后用pecl install imagi ... -
linux入侵检测
2018-07-07 22:58 639一、检查系统日志 l ... -
yii的安全策略
2018-07-06 04:02 400web根目录下.htaccess 写道 Options ... -
免费Web防火墙
2018-07-06 01:21 5591,modsecurity 基于apache 历史最悠久 ... -
两款免费好用的Web渗透工具
2018-07-06 01:12 9431,OWASP Zed Attack Proxy (ZAP ... -
apache2反向代理
2018-06-12 18:46 796开启以下两个模块 a2enmod proxy a2enm ... -
扩展Aws云主机磁盘大小
2018-03-05 21:17 1327进入ELASTIC BLOCK STORE-》卷 选中要修 ... -
ubuntu时区设置
2018-02-25 10:41 659查看当前时区 timedatectl 修改时区 dpk ... -
macos 10.13 dmg下载和安装盘制作
2018-02-05 19:58 9901https://bbs.feng.com/read-htm-t ... -
windows升级后 iis服务无效 IIS-W3SVC-WP 无法读取配置文件
2017-12-01 11:35 1554通过使用以管理员身份运行选项打开 Windows PowerS ... -
vmware中运行的macos连接iphone
2017-09-30 17:53 2232需要iphone插在usb2.0端口上,并且虚拟机usb兼容性 ... -
brotli压缩算法说明
2017-06-09 02:36 1225brotli是新一代的HTTP压缩算法,用于替代gzip,相 ... -
TCP Fast Open说明
2017-06-09 02:34 6995相关介绍 https://lwn.net/Article ... -
使用strongswan建立基于ikev2 eap-mschapv2的ipsec服务器
2017-04-17 23:14 3088sudo apt-get install strongsw ... -
使用strongswan/xl2tpd建立ipsec/l2tp服务器
2017-04-17 22:32 6034sudo apt-get install strongsw ... -
SecureFX中文件名乱码的解决
2014-08-28 03:23 3283原始贴子:https://forums.vandyke.c ... -
禁用htc one m7官方内核的写保护
2014-08-26 14:52 1246老外写的内核模块源码:https://github.com ... -
windows和office的kms激活方法(windows 企业版,office vl版可用)
2013-03-17 19:28 21windows 激活windows 8slmgr.vbs /i ... -
windows 8 64bit 离线官安装 .net framework 3.5
2013-01-23 11:32 1899因为国内网络问题不可能在线安装成功,所以就有了这么多麻烦。 ...
相关推荐
21. The maximum emission rate is 500 packets/sec and the maximum transmission rate is 350 packets/sec. The corresponding traffic intensity is 500/350 =1.43 > 1. Loss will eventually occur for each ...
Ubuntu Server is a complete, free server operating system that just works, with the extra Ubuntu polish, innovation, and simplicity that administrators love. Now, there’s a definitive, ...
This title serves as an authoritative guide to Microsofts new "SQL Server 2012 Analysis Services" BI product and is written by key members of the Microsoft Analysis Services product development team....
More than a comprehensive, authoritative reference, Microsoft Exchange Server 2013 Unleashed presents hundreds of helpful tips and tricks based on the authors’ unsurpassed early adopter experience ...
This title serves as an authoritative guide to Microsofts new "SQL Server 2012 Analysis Services" BI product and is written by key members of the Microsoft Analysis Services product development team....
This title serves as an authoritative guide to Microsofts new "SQL Server 2012 Analysis Services" BI product and is written by key members of the Microsoft Analysis Services product development team....
This title serves as an authoritative guide to Microsofts new "SQL Server 2012 Analysis Services" BI product and is written by key members of the Microsoft Analysis Services product development team....
This title serves as an authoritative guide to Microsofts new "SQL Server 2012 Analysis Services" BI product and is written by key members of the Microsoft Analysis Services product development team....
This book is your authoritative hands-on practical guide for increasing your enterprise Java and cloud application productivity while decreasing development time. It's a no nonsense guide with case ...
The complete, authoritative guide to protecting your Windows 2000 Network. Updated coverage of an international bestseller and series flagship Covers more methods of attack and hacker secrets ...
Pro Spring Boot 2 An Authoritative Guide to Building MicroServices, Web and Enterprise Applications, and Best Practices
Also referred to as a Local DNS (LDNS) or a caching DNS server -- is often located near the DNS client, caching DNS answers received from Authoritative DNS servers, speeding future resolution ...
This title serves as an authoritative guide to Microsofts new "SQL Server 2012 Analysis Services" BI product and is written by key members of the Microsoft Analysis Services product development team....
This title serves as an authoritative guide to Microsofts new "SQL Server 2012 Analysis Services" BI product and is written by key members of the Microsoft Analysis Services product development team....
This title serves as an authoritative guide to Microsofts new "SQL Server 2012 Analysis Services" BI product and is written by key members of the Microsoft Analysis Services product development team....
This title serves as an authoritative guide to Microsofts new "SQL Server 2012 Analysis Services" BI product and is written by key members of the Microsoft Analysis Services product development team....
1.The Tiny Web server (tiny.tar). 2.Expands with tar xvf tiny.tar into a directory called ./tiny that contains everything you need to test the Tiny web server, ...3.The authoritative list of MIME types.
This asset is a great starting point to develop your own multiplayer CCG/TCG and also to learn about how such a project can be architected and implemented. Features - Server-authoritative ...
This book is the authoritative source on implementing Continuous Delivery practices using Microsoft’s Visual Studio and TFS 2015. Microsoft MVP authors Mathias Olausson and Jakob Ehn translate the ...
Engine VR Cookbook is your complete, authoritative guide to building stunning experiences on any Unreal Engine 4-compatible VR hardware. Renowned VR developer and instructor Mitch McCaffrey brings ...