2.2. dhcpd.leases --- DHCP lease database

2.2.1. Description

dhcpd(8) keeps a persistent database of leases that it has assigned. This database is a free-form ASCII file containing a series of lease declarations. Every time a lease is acquired, renewed or released, its new value is recorded at the end of the lease file. So if more than one declaration appears for a given lease, the last one in the file is the current one.

dhcpd(8) requires that a lease database file be present before it will start. To create the initial lease database, an empty file may be created at the path /var/lib/lease/dhcpd.leases using the touch(1) program:

# touch /var/lib/lease/dhcpd.leases

In order to prevent the lease database from growing without bound, the file is rewritten from time to time. First, a temporary lease database is created and all known leases are dumped to it. Then, the old lease database is renamed to /var/lib/lease/dhcpd.leases~. Finally, the newly written lease database is moved into place.

In order to process both DHCPv4 and DHCPv6 messages, two separate instances of the dhcpd(8) process will need to be run. Each of these instances will need its own lease file. dhcpd's -lf command line argument may be used to specify a different lease filename for one or both servers.

2.2.2. Format

Lease descriptions are stored in a format that is parsed by the same recursive descent parser used to read the dhcpd.conf(5) and dhclient.conf(5) files. Lease files can contain lease declarations, and also group and subgroup declarations, host declarations and failover state declarations. Group, subgroup, and host declarations are used to record objects created using the OMAPI protocol.

The lease file is a log-structured file --- whenever a lease changes, the contents of that lease are written to the end of the file. This means that it is entirely possible and quite reasonable for there to be two or more declarations of the same lease in the lease file at the same time. In that case, the instance of that particular lease that appears last in the file is the one that is in effect.

Group, subgroup, and host declarations in the lease file are handled in a similar manner, except that if any of these objects are deleted, a rubout is written to the lease file. This is just the same declaration, with { deleted; } in the scope of the declaration. When the lease file is rewritten, any such rubouts that can be eliminated are eliminated. It is possible to delete a declaration in the dhcpd.conf(5) file; in this case, the rubout can never be eliminated from the dhcpd.leases file.

2.2.3. Common statements for lease declarations

While the lease file formats for DHCPv4 and DHCPv6 are different they share many common statements and structures. This section describes the common statements while the succeeding sections describe the protocol specific statements.

2.2.3.1. Dates

A date is specified in two ways, depending on the configuration value for the db-time-format parameter. If it was set to default, then the date fields appear as follows:

<weekday> <year>/<month>/<day> <hour>:<minute>:<second>

The weekday is present to make it easy for a human to tell when a lease expires --- it is specified as a number from 0 to 6, with 0 being Sunday. The day of week is ignored on input. The year is specified with the century, so it should generally be four digits except for really long leases. The month is specified as a number starting with 1 for January. The day of the month is likewise specified starting with 1. The hour is a number between 0 and 23, the minute a number between 0 and 59, and the second also a number between 0 and 59.

Lease times are specified in Universal Coordinated Time (UTC), not in the local time zone. There is probably nowhere in the world where the times recorded on a lease are always the same as wall clock times. On most POSIX machines, the current time in UTC can be displayed by running the date(1) program:

# date -u

If the db-time-format was configured to local, then the date fields appear as follows:

epoch <seconds-since-epoch>; # <day-name> <month-name> <day-number> <hours>:<minutes>:<seconds> <year>

The <seconds-since-epoch> value is as according to the system's local clock (often referred to as "unix time"). The # symbol starts a comment that describes what actual time this is as according to the system's configured timezone, at the time the value was written. It is provided only for human inspection.

If a lease will never expire, date is written as the literal never instead of an actual date.

2.2.3.2. General variables

As part of the processing of a lease, information may be attached to the lease structure, for example, the DDNS information, or if a variable is specified in the configuration file. Some of these, like the DDNS information, have specific descriptions below. For others, such as any variables that are specified, a generic line of the following will be included.

set <variable> = <value>;

The set statement sets the value of a variable on the lease. For general information on variables, see the dhcp-eval(5) manual page.

2.2.3.3. DDNS Variables

ddns-text

This variable is used to record the value of the client's identification record when the server has updated DNS for a particular lease. The TXT record is used with the interim DDNS update style.

ddns-dhcid

This variable is used to record the value of the client's identification record when the server has updated DNS for a particular lease. The DHCID record is used for the standard DDNS update style.

ddns-fwd-name

This variable records the value of the DNS name used in updating the client's address record if a DDNS update has been successfully done by the server. The server may also have used this name to update the client's PTR record.

ddns-client-fqdn

If the server is configured both to use the interim or standard DDNS update style, and to allow clients to update their own FQDNs, then if the client did in fact update its own FQDN, the ddns-client-fqdn variable records the DNS name that the client has indicated it is using. This is the name that the server will have used to update the client's PTR record in this case.

ddns-rev-name

If the server successfully updates the client's PTR record, this variable will record the DNS name that the DHCP server used for the PTR record. The DNS name to which the PTR record points will be either the ddns-fwd-name or the ddns-client-fqdn.

2.2.4. Executable statements

on <event> [ | <event> ... ] { <statement> ... }

The on statement records a list of statements to execute if a certain <event> occurs. The possible events that can occur for an active lease are release and expiry. More than one event can be specified --- if so, the events are separated by | characters.

authoring-byte-order <big-endian|little-endian>;

This statement is automatically added to the top of new lease files by the server. It indicates the internal byte order of the server. This permits lease files generated on a server with one form of byte order to be read by a server with a different form. Lease files which do not contain this entry are simply treated as having the same byte order as the server reading them. If you are migrating lease files generated by a server that predates this statement and is of a different byte order than the your destination server, you can manually add this statement. It must proceed any lease entries. Valid values for this parameter are little-endian and big-endian.

2.2.5. The DHCPv4 lease declaration

lease <ip-address> { <statement> ... }

Each lease declaration includes the single IP address that has been leased to the client. The statements within the braces define the duration of the lease and to whom it is assigned.

starts <date>;

Records the start time of a lease.

See the description of dates in the section titled Common statements for lease declarations.

ends <date>;

Records the end time of a lease.

See the description of dates in the section titled Common statements for lease declarations.

tstp <date>;

Present if the failover protocol is being used. Indicates what time the peer has been told the lease expires.

See the description of dates in the section titled Common statements for lease declarations.

tsfp <date>;

Present if the failover protocol is being used. Indicates the lease expiry time that the peer has acknowledged.

See the description of dates in the section titled Common statements for lease declarations.

atsfp <date>;

The actual time sent from the failover partner.

See the description of dates in the section titled Common statements for lease declarations.

cltt <date>;

The client's last transaction time.

See the description of dates in the section titled Common statements for lease declarations.

hardware <hardware-type> <mac-address>;

Records the MAC address of the network interface on which the lease will be used. It is specified as a series of hexadecimal octets, separated by colons.

uid <client-identifier>;

Records the client identifier used by the client to acquire the lease. Clients are not required to send client identifiers, and this statement only appears if the client did in fact send one. Client identifiers are normally an ARP type (1 for Ethernet) followed by the MAC address, just like in the hardware statement, but this is not required.

The client identifier is recorded as a colon-separated hexadecimal list or as a quoted string. If it is recorded as a quoted string and it contains one or more non-printable characters, those characters are represented as octal escapes --- a backslash character followed by three digits. The format used is determined by the lease-id-format parameter, which defaults to octal.

client-hostname <hostname>;

Most DHCP clients will send their hostname in the host-name option. If a client sends its hostname in this way, the hostname is recorded on the lease with a client-hostname statement. This is not required by the protocol, however, so many specialized DHCP clients do not send a host-name option.

binding state <state>;

The binding state statement declares the lease's binding state. When the DHCP server is not configured to use the failover protocol, a lease's binding state may be active, free or abandoned. The failover protocol adds some additional transitional states, as well as the backup state, indicates that the lease is available for allocation by the failover secondary. Please see dhcpd.conf(5) for more information about abandoned leases.

next binding state <state>;

The next binding state statement indicates what state the lease will move to when the current state expires. The time when the current state expires is specified in the ends statement.

rewind binding state <state>;

This statement is part of an optimization for use with failover. This helps a server rewind a lease to the state most recently transmitted to its peer.

option agent.circuit-id <string>;

option agent.remote-id <string>;

These statements are used to record the circuit ID and remote ID options sent by the relay agent, if the relay agent uses the relay agent information option. This allows these options to be used consistently in conditional evaluations even when the client is contacting the server directly rather than through its relay agent.

vendor-class-identifier variable

The server retains the client-supplied Vendor Class Identifier option for informational purposes, and to render them in DHCPLEASEQUERY responses.

bootp;

Indicates that the BOOTP failover flag should be set. BOOTP dynamic leases are treated differently than normal dynamic leases, as they may only be used by the client to which they are currently allocated.

reserved;

Indicates that the RESERVED failover flag should be set. RESERVED dynamic leases are treated differently than normal dynamic leases, as they may only be used by the client to which they are currently allocated.

Additional options or executable statements may be included, see the description of them in the section titled Common statements for lease declarations.

2.2.6. The DHCPv6 lease (IA) declaration

ia_ta <IAID_DUID> { <statement> ... }

ia_na <IAID_DUID> { <statement> ... }

ia_pa <IAID_DUID> { <statement> ... }

Each lease declaration starts with a tag indicating the type of the lease. ia_ta is for temporary addresses, ia_na is for non-temporary addresses and ia_pd is for prefix delegation. Following this tag is the combined IAID and DUID from the client for this lease.

The <IAID_DUID> value is recorded as a colon-separated hexadecimal list or as a quoted string. If it is recorded as a quoted string and it contains one or more non-printable characters, those characters are represented octal escapes --- a backslash character followed by three octal digits. The format used is governed by the lease-id-format parameter, which defaults to octal.

cltt <date>;

The client's last transaction time.

See the description of dates in the section titled Common statements for lease declarations.

iaaddr <ipv6-address> { <statement> ... }

iaprefix <ipv6-address>/<prefix-length> { <statement> ... }

Within a given lease there can be multiple iaaddr and iaprefix statements. Each will have either an IPv6 address or an IPv6 prefix (an address and a prefix length indicating a CIDR style block of addresses). The following statements may occur within each iaaddr or iaprefix.

binding state <state>;

The binding state statement declares the lease's binding state. In DHCPv6, it will normally be active or expired.

preferred-life <lifetime>;

The IPv6 preferred lifetime associated with this address, in seconds.

max-life <lifetime>;

The valid lifetime associated with this address, in seconds.

ends <date>;

Records the end time of a lease.

See the description of dates in the section titled Common statements for lease declarations.

Additional options or executable statements may be included, see the description of them in the section titled Common statements for lease declarations.

2.2.7. The failover peer state declaration

The state of any failover peering arrangements is also recorded in the lease file, using the failover peer statement:

failover peer <name> state { my state <state> at <date>; peer state <state> at <date>; }

The states of the peer named name is being recorded. Both the state of the running server (my state) and the other failover partner (peer state) are recorded. The following states are possible: unknown-state, partner-down, normal, communications-interrupted, resolution-interrupted, potential-conflict, recover, recover-done, shutdown, paused, and startup.

2.2.8. Files

/var/lib/lease/dhcpd.leases

The DHCP leases file.

/var/lib/lease/dhcpd.leases~

Old DHCP leases file.

/var/lib/lease/dhcpd6.leases

The DHCPv6 leases file.

/var/lib/lease/dhcpd6.leases~

Old DHCPv6 leases file.

2.2.9. See also

dhcpd(8), dhcp-options(5), dhcp-eval(5), dhcpd.conf(5)