if option dhcp-user-class = "accounting" { max-lease-time 17600; option domain-name "accounting.example.org"; option domain-name-servers ns1.accounting.example.org, ns2.accounting.example.org; } elsif option dhcp-user-class = "sales" { max-lease-time 17600; option domain-name "sales.example.org"; option domain-name-servers ns1.sales.example.org, ns2.sales.example.org; } elsif option dhcp-user-class = "engineering" { max-lease-time 17600; option domain-name "engineering.example.org"; option domain-name-servers ns1.engineering.example.org, ns2.engineering.example.org; } else { max-lease-time 600; option domain-name "misc.example.org"; option domain-name-servers ns1.misc.example.org, ns2.misc.example.org; }
On the client side, an example of conditional evaluation might be:
# example.org filters DNS at its firewall, so we have to use their DNS # servers when we connect to their network. If we are not at # example.org, prefer our own DNS server. if not option domain-name = "example.org" { prepend domain-name-servers 127.0.0.1; }
The if statement and the elsif continuation statement both take boolean expressions as their arguments. That is, they take expressions that, when evaluated, produce a boolean result. If the expression evaluates to true, then the statements enclosed in braces following the if statement are executed, and all subsequent elsif and else clauses are skipped. Otherwise, each subsequent elsif clause's expression is checked, until an elsif clause is encountered whose test evaluates to true. If such a clause is found, the statements in braces following it are executed, and then any subsequent elsif and else clauses are skipped. If all the if and elsif clauses are checked but none of their expressions evaluate true, then if there is an else clause, the statements enclosed in braces following the else are evaluated. Boolean expressions that evaluate to null are treated as false in conditionals.
data-expression-1 == _d_a_t_a_-_e_x_p_r_e_s_s_i_o_n_-_2
The == operator compares the values of two data expressions, returning true if they are the same, false if they are not. If either the left-hand side or the right-hand side are null, the result is also null.
boolean-expression-1 aanndd _b_o_o_l_e_a_n_-_e_x_p_r_e_s_s_i_o_n_-_2
The aanndd operator evaluates to true if the boolean expression on the left-hand side and the boolean expression on the right-hand side both evaluate to true. Otherwise, it evaluates to false. If either the expression on the left-hand side or the expression on the right-hand side are null, the result is null.
boolean-expression-1 oorr _b_o_o_l_e_a_n_-_e_x_p_r_e_s_s_i_o_n_-_2
The oorr operator evaluates to true if either the boolean expression on the left-hand side or the boolean expression on the right-hand side evaluate to true. Otherwise, it evaluates to false. If either the expression on the left-hand side or the expression on the right-hand side are null, the result is null.
not _b_o_o_l_e_a_n_-_e_x_p_r_e_s_s_i_o_n_<_/_b_> _<_p_> _T_h_e nnoott operator evaluates to true if _b_o_o_l_e_a_n_-_e_x_p_r_e_s_s_i_o_n evaluates to false, and returns false if _b_o_o_l_e_a_n_-_e_x_p_r_e_s_s_i_o_n evaluates to true. If _b_o_o_l_e_a_n_-_e_x_p_r_e_s_s_i_o_n evaluates to null, the result is also null.
exists _o_p_t_i_o_n_-_n_a_m_e
The eexxiissttss expression returns true if the specified option exists in the incoming DHCP packet being processed. known
The kknnoowwnn expression returns true if the client whose request is currently being processed is known - that is, if there's a host declaration for it. static
The ssttaattiicc expression returns true if the lease assigned to the client whose request is currently being processed is derived from a static address assignment.
substring (_d_a_t_a_-_e_x_p_r,, _o_f_f_s_e_t,, _l_e_n_g_t_h))
The ssuubbssttrriinngg operator evaluates the data expression and returns the substring of the result of that evaluation that starts _o_f_f_s_e_t bytes from the beginning, continuing for _l_e_n_g_t_h bytes. _O_f_f_s_e_t and _l_e_n_g_t_h are both numeric expressions. If _d_a_t_a_-_e_x_p_r, _o_f_f_s_e_t or _l_e_n_g_t_h evaluate to null, then the result is also null. If _o_f_f_s_e_t is greater than or equal to the length of the evaluated data, then a zero-length data string is returned. If _l_e_n_g_t_h is greater than the remaining length of the evaluated data after _o_f_f_s_e_t, then a data string containing all data from _o_f_f_s_e_t to the end of the evaluated data is returned.
suffix (_d_a_t_a_-_e_x_p_r,, _l_e_n_g_t_h))
The ssuuffffiixx operator evaluates _d_a_t_a_-_e_x_p_r and returns the last _l_e_n_g_t_h bytes of the result of that evaluation. _L_e_n_g_t_h is a numeric expression. If _d_a_t_a_-_e_x_p_r or _l_e_n_g_t_h evaluate to null, then the result is also null. If _s_u_f_f_i_x evaluates to a number greater than the length of the evaluated data, then the evaluated data is returned.
option _o_p_t_i_o_n_-_n_a_m_e
The ooppttiioonn operator returns the contents of the specified option in the packet to which the server is responding.
config-option _o_p_t_i_o_n_-_n_a_m_e
The ccoonnffiigg--ooppttiioonn operator returns the value for the specified option that the DHCP client or server has been configured to send.
hardware
The hhaarrddwwaarree operator returns a data string whose first element is the type of network interface indicated in packet being considered, and whose subsequent elements are client's link-layer address. If there is no packet, or if the RFC2131 _h_l_e_n field is invalid, then the result is null. Hardware types include ethernet (1), token-ring (6), and fddi (8). Hardware types are specified by the IETF, and details on how the type numbers are defined can be found in RFC2131 (in the ISC DHCP distribution, this is included in the doc/ subdirectory).
packet (_o_f_f_s_e_t,, _l_e_n_g_t_h))
The ppaacckkeett operator returns the specified portion of the packet being considered, or null in contexts where no packet is being considered. _O_f_f_s_e_t and _l_e_n_g_t_h are applied to the contents packet as in the ssuubbssttrriinngg operator.
string
A string, enclosed in quotes, may be specified as a data expression, and returns the text between the quotes, encoded in ASCII. The backslash ('\') character is treated specially, as in C programming: '\t' means TAB, '\r' means carriage return, '\n' means newline, and '\b' means bell. Any octal value can be specified with '\nnn', where nnn is any positive octal number less than 0400. Any hexadecimal value can be specified with '\xnn', where nn is any positive hexadecimal number less than or equal to 0xff.
colon-separated hexadecimal list
A list of hexadecimal octet values, separated by colons, may be specified as a data expression.
concat (_d_a_t_a_-_e_x_p_r_1,, ......,, _d_a_t_a_-_e_x_p_r_N)) The expressions are evaluated, and the results of each evaluation are concatenated in the sequence that the subexpressions are listed. If any subexpression evaluates to null, the result of the concatenation is null.
reverse (_n_u_m_e_r_i_c_-_e_x_p_r_1,, _d_a_t_a_-_e_x_p_r_2)) The two expressions are evaluated, and then the result of evaluating the data expression is reversed in place, using hunks of the size specified in the numeric expression. For example, if the numeric expression evaluates to four, and the data expression evaluates to twelve bytes of data, then the reverse expression will evaluate to twelve bytes of data, consisting of the last four bytes of the the input data, followed by the middle four bytes, followed by the first four bytes.
leased-address In any context where the client whose request is being processed has been assigned an IP address, this data expression returns that IP address.
binary-to-ascii (_n_u_m_e_r_i_c_-_e_x_p_r_1,, _n_u_m_e_r_i_c_-_e_x_p_r_2,,</bb>> <>_d_a_t_a_-_e_x_p_r_1,, _d_a_t_a_-_e_x_p_r_2)) Converts the result of evaluating data-expr2 into a text string containing one number for each element of the result of evaluating data-expr2. Each number is separated from the other by the result of evaluating data-expr1. The result of evaluating numeric-expr1 specifies the base (2 through 16) into which the numbers should be converted. The result of evaluating numeric-expr2 specifies the width in bits of each number, which may be either 8, 16 or 32.
As an example of the preceding three types of expressions, to produce the name of a PTR record for the IP address being assigned to a client, one could write the following expression:
concat (binary-to-ascii (10, 8, ".", reverse (1, leased-address)), ".in-addr.arpa.");
encode-int (_n_u_m_e_r_i_c_-_e_x_p_r,, _w_i_d_t_h)) Numeric-expr is evaluated and encoded as a data string of the specified width, in network byte order (most significant byte first). If the numeric expression evaluates to the null value, the result is also null.
pick-first-value (_d_a_t_a_-_e_x_p_r_1 [ ... _e_x_p_rn ] )) The pick-first-value function takes any number of data expressions as its arguments. Each expression is evaluated, starting with the first in the list, until an expression is found that does not evaluate to a null value. That expression is returned, and none of the subsequent expressions are evaluated. If all expressions evaluate to a null value, the null value is returned.
host-decl-name The host-decl-name function returns the name of the host declaration that matched the client whose request is currently being processed, if any. If no host declaration matched, the result is the null value.
extract-int (_d_a_t_a_-_e_x_p_r,, _w_i_d_t_h))
The eexxttrraacctt--iinntt operator extracts an integer value in network byte order from the result of evaluating the specified data expression. Width is the width in bits of the integer to extract. Currently, the only supported widths are 8, 16 and 32. If the evaluation of the data expression doesn't provide sufficient bits to extract an integer of the specified size, the null value is returned.
lease-time
The duration of the current lease - that is, the difference between the current time and the time that the lease expires.
number
Any number between zero and the maximum representable size may be specified as a numeric expression.
client-state
The current state of the client instance being processed. This is only useful in DHCP client configuration files. Possible values are:
log (_p_r_i_o_r_i_t_y,, _d_a_t_a_-_e_x_p_r))
Logging statements take only a single data expression argument, so if you want to output multiple data values, you will need to use the ccoonnccaatt operator to concatenate them.
The DHCP client and server have the ability to dynamically update the Domain Name System. Within the configuration files, you can define how you want the Domain Name System to be updated. These updates are RFC 2136 compliant so any DNS server supporting RFC 2136 should be able to accept updates from the DHCP server.
Dynamic DNS (DDNS) updates are performed by using the ddnnss--uuppddaattee expression. The ddnnss--uuppddaattee expression is a boolean expression that takes four parameters. If the update succeeds, the result is true. If it fails, the result is false. The four parameters that the are the resource record type (RR), the left hand side of the RR, the right hand side of the RR and the ttl that should be applied to the record. The simplest example of the use of the function can be found in the reference section of the dhcpd.conf file, where events are described. In this example several statements are being used to make the arguments to the ddnnss--uuppddaattee.
In the example, the first argument to the first Bdns-update expression is a data expression that evaluates to the A RR type. The second argument is constructed by concatenating the DHCP host-name option with a text string containing the local domain, in this case "ssd.example.net". The third argument is constructed by converting the address the client has been assigned from a 32-bit number into an ascii string with each byte separated by a ".". The fourth argument, the TTL, specifies the amount of time remaining in the lease (note that this isn't really correct, since the DNS server will pass this TTL out whenever a request comes in, even if that is only a few seconds before the lease expires).
If the first ddnnss--uuppddaattee statement succeeds, it is followed up with a second update to install a PTR RR. The installation of a PTR record is similar to installing an A RR except that the left hand side of the record is the leased address, reversed, with ".in-addr.arpa" concatenated. The right hand side is the fully qualified domain name of the client to which the address is being leased.