In local.freebsd-hackers, you wrote: > We've recently found a problem with dhclient that can DoS a DHCP > server. If you have schg flags set on /etc/resolv.conf to stop dhcp > overwriting your existing nameservers, the problem occurs. > Basically, the client just keeps rejecting the IP details it has > received from the server and requesting another. The server marks the > record as used, and moves onto the next one. Over the course of a couple > of minutes, you can pretty much mark an entire class C as in use.
The problem of read-only resolv.conf is already documented in the PR database and I think recently somebody started thinking about a solution. Check http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/38778 That the server runs out of IPs is his probably his own fault. It should be configured to not eat up all IPs when a host which already has obtained a lease requests another one but simply hand out the old one or deny the request... Stijn: Could you add your suggestion to the above PR? -- http://www-i2.informatik.rwth-aachen.de/stolz/ *** PGP *** S/MIME rage against the finite state machine To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
