|
DHCP Attribute 119
Howdy folks,
We are moving from a legacy LDAP domain into a fun new Active Directory forest with all these new domains. Funny thing is, the Microsoft DHCP service has no provisions for searching multiple DNS suffixes, which they recommend as a best practice. Loving this! Anyway, I thought that I would look into Cisco's DHCP service. Looks like there is a provision on attribute 119. Here's a snip from RFC3397: ************************************************* 3. Example Below is an example encoding of a search list consisting of "eng.apple.com." and "marketing.apple.com.": +---+---+---+---+---+---+---+---+---+---+---+ |119| 9 | 3 |'e'|'n'|'g'| 5 |'a'|'p'|'p'|'l'| +---+---+---+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+---+---+---+ |119| 9 |'e'| 3 |'c'|'o'|'m'| 0 | 9 |'m'|'a'| +---+---+---+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+---+---+---+ |119| 9 |'r'|'k'|'e'|'t'|'i'|'n'|'g'|xC0|x04| +---+---+---+---+---+---+---+---+---+---+---+ Note: i. The encoding has been split (for this example) into three Domain Search Options. All Domain Search Options are logically concatenated into one block of data before being interpreted by the client. ii. The encoding of "eng.apple.com." ends with a zero, the null root label, to mark the end of the name, as required by RFC 1035. ************************************************* So, my question is: How would I add this to my DHCP scope? I create the pool and see there is an "options" function from which I can choose option 119. Has anyone got this to work correctly? -- Wil my 3¢ |
Re: DHCP Attribute 119
Hi Wil,
Yeah, you should be able to enter (almost) any arbitrary DHCP option into your IOS DHCP server config using the "option" command ... something like ... tucson-ajax(dhcp-config)#option 119 hex 0903[ ... ]c004 substitute the hex for you domain suffixes (null-separated) for the brackets. The example you quote below has three instances of option 119. You probably wouldn't need to do things this way, but I suppose you could if you wanted, using the "instance" keyword. As to whether this is going to WORK for your DHCP clients ... I have no idea. Have fun, Aaron --- ~ Howdy folks, ~ ~ We are moving from a legacy LDAP domain into a fun new Active Directory ~ forest with all these new domains. Funny thing is, the Microsoft DHCP ~ service has no provisions for searching multiple DNS suffixes, which ~ they recommend as a best practice. Loving this! ~ ~ Anyway, I thought that I would look into Cisco's DHCP service. Looks ~ like there is a provision on attribute 119. Here's a snip from RFC3397: ~ ~ ************************************************* ~ 3. Example ~ ~ Below is an example encoding of a search list consisting of ~ "eng.apple.com." and "marketing.apple.com.": ~ ~ +---+---+---+---+---+---+---+---+---+---+---+ ~ |119| 9 | 3 |'e'|'n'|'g'| 5 |'a'|'p'|'p'|'l'| ~ +---+---+---+---+---+---+---+---+---+---+---+ ~ ~ +---+---+---+---+---+---+---+---+---+---+---+ ~ |119| 9 |'e'| 3 |'c'|'o'|'m'| 0 | 9 |'m'|'a'| ~ +---+---+---+---+---+---+---+---+---+---+---+ ~ ~ +---+---+---+---+---+---+---+---+---+---+---+ ~ |119| 9 |'r'|'k'|'e'|'t'|'i'|'n'|'g'|xC0|x04| ~ +---+---+---+---+---+---+---+---+---+---+---+ ~ ~ Note: ~ ~ i. The encoding has been split (for this example) into three ~ Domain Search Options. All Domain Search Options are logically ~ concatenated into one block of data before being interpreted by ~ the client. ~ ~ ii. The encoding of "eng.apple.com." ends with a zero, the null ~ root label, to mark the end of the name, as required by RFC ~ 1035. ~ ************************************************* ~ ~ So, my question is: How would I add this to my DHCP scope? I create the ~ pool and see there is an "options" function from which I can choose ~ option 119. Has anyone got this to work correctly? |
Re: DHCP Attribute 119
I think I'm going to try the following:
ip dhcp pool somePool domain-name domain1.com option 119 instance 1 ascii "domain2.com" option 119 instance 2 ascii "domain3.com" Seems reasonable... I'll let ya'll know! Wil my 3¢ |
Re: DHCP Attribute 119
~ I think I'm going to try the following:
~ ~ ip dhcp pool somePool ~ domain-name domain1.com ~ option 119 instance 1 ascii "domain2.com" ~ option 119 instance 2 ascii "domain3.com" ~ ~ Seems reasonable... I'll let ya'll know! ~ ~ Wil ~ my 3¢ I don't think THAT's going to work, since (per the RFC excerpt you posted), it looks like the value of this option has to begin with 0x0903 and end in 0xc004. But let us know how it goes. Aaron |
Re: DHCP Attribute 119
FYI: I could not get the bugger to work so I opened a TAC case, here is
the reply: "As per our conversation and your request, I wanted to confirm that Microsoft Windows systems have not implemented this feature yet. I have verified this with a colleague at Microsoft." Basically, the server can give the information but only if the client requests it. M$ implementation does not request it so the server never sends it. Now the question is, why the heck would Microsoft put this in their "Best Practices" and not make any provisions for it? Wil my 3¢ |
Re: DHCP Attribute 119
On Fri, 13 Jan 2006 15:34:36 -0800, Wil <wil@SPAM.THIS> wrote:
~ FYI: I could not get the bugger to work so I opened a TAC case, here is ~ the reply: ~ ~ "As per our conversation and your request, I wanted to confirm that ~ Microsoft Windows systems have not implemented this feature yet. I have ~ verified this with a colleague at Microsoft." ~ ~ Basically, the server can give the information but only if the client ~ requests it. M$ implementation does not request it so the server never ~ sends it. Now the question is, why the heck would Microsoft put this in ~ their "Best Practices" and not make any provisions for it? ~ ~ Wil ~ my 3¢ Heh ... well, thanks for following up. Without Cisco tech support, how would anyone get their Microsoft questions answered? Cheers, Aaron |
Re: DHCP Attribute 119
Aaron Leonard wrote:
> Heh ... well, thanks for following up. > > Without Cisco tech support, how would anyone get their Microsoft > questions answered? > > Cheers, > > Aaron Sad but true Wil my 3¢ |
I made this work on Windows 2003 DHCP server
OK, I got this to work. It is super ugly to do, but possible.
Windows 2003 DHCP server allows you to make a custom option. Right click on the server and select "SET PREDEFINED OPTIONS" For option class "DHCP STANDARD OPTIONS" Select ADD NAME: Domain Search List (or whatever) Data Type: BYTE (check "array") Code: 119 Description: Whatever Now: Select the option name "119 Domain Search List" Select EDIT ARRAY Now, enter in, byte by byte, the data for the domain search list following the RFC rules. Example: for foo.com, if would be 0x9 0x03 0x66 0x6f 0x6f 0x3 0x63 0x6f 0x6d 0x00 (total length) [(length of item) (ascii hex)] [0x0] (Bonus bizzarity: You have to enter the array elements in reverse order, since they add to the front of the array, not the back) Refer to the RFC on how to craft the right hex string. FINALLY: Add to the server options or scope options to use the newly created option 119. Clear as mud, right? |
Quote:
Hi, Did somebody actually made that work, I've read (option 119) RFC3397 and (Long names in DHCP) 3396 and understood perfectly how the bit are composed. But here, following the exact steps described above, I could not make it work. The server is configured with the option, but the server simply does not send out this option to the client. I have a screenshot of everything (ethereal and configuration)... but don't know how to show it... Cheers, Vincent STEEG |
Quote:
Tony |
| All times are GMT. The time now is 02:40 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.