Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 26 subscribers
  • Views 2236 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall DHCP Options 81

Wolfgang Ritter1

I have a problem to with my DHCP on the XG Firewall and the DNS on a Windows Server.

The DNS Server doesn't update the reverse lookup zone pointer. The solution should be that the DHCP Server are correctly configurated with the Options 81 (RFC4702) DHCP Parameters, which isn't set by standard sets of Sophos DHCP. I found a few descriptions but no one which will me help to do the CLI commands.

So far I found a lot of information but not the right one for me.

A description on the community web  kb123529

My added command in CLI:

console> system dhcp dhcp-options add optioncode 081 optionname FQDN optiontype string

My questions:
1. Now i should bind the new option but what kind of parameter do i have to add where are the description. I think this option is basic option if you work with DHCP and DNS servers. Does someone have information for me?

2. If there any possibility to get this parameters shown on the UI of the DHCP?

3. Is there somewhere a CLI documentation on the web? I didn't find one.

Thanks

Wolfgang



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to lferrara

    Hi Luk

    Thanks for the answer and the link of the CLI documentation.

    I understand just a part of your answer.

    The part with the string is clear after study of the CLI document. It was a misunderstandig from my side, because i thougt it is just the initializing part of two commands which i have seen. My handling example includes also a bind command:

    system dhcp dhcp-options add optioncode 234 optionname dhcp_magic_ip optiontype ipaddress
    system dhcp dhcp-options binding add dhcpname <DHCP-NAME> optionname <SAMPLE-NAME>(234) value <VALUE>

    But what is the FQDN in this case. Is it the dhcp server or a client. I can't think that i have to add for every client the fqdn name. There are a few parameters which i know from the Microsoft UI. Do you have me an example for adding and binding the option 81.

    Thanks
    Wolfgang

Children
  • 0 in reply to Wolfgang Ritter1

    The fqdn is your active directory FQDN name. For example test.local. You can find it from Aftuve directory users and computers, from the main root (top-left).

    From this kb, is the domain name

  • 0 in reply to lferrara

    Hi Luca

    thanks and there are still something wrong. My last try is following:

    system dhcp dhcp-options add optioncode 081 optionname FQDN optiontype test.local

    Now, i get following error: Unknown Parameter 'test.local'

    I tried it with following versions:

    optioncode 81 / optioncode 081
    test.local / 'test.local' / "test.local"

    I got always the same error. What happens if i add the same optioncode again without delete of the first one, with the usage of the wrong FQDN name string.

    Thanks
    Wolfgang

  • 0 in reply to Wolfgang Ritter1

    Sorry, I just find out that i had a mistype of a command part. Will try it again.

  • 0 in reply to Wolfgang Ritter1

    After serveral tries and mistypes :( I found the correct command. My first command was correct, because it is necessary to set the parameter first. The command is:

    system dhcp dhcp-options add optionscode 81 optionname Client_FDQN optiontype string

    You will see it in the list of DHCP options with this command

    system dhcp dhcp-options list

    and the problems start now. I have to bind data to this optionname. This will not work and i think it isn't just the domain name (test.local). There are a few parameters which has to be set. I just tried it with the information from kb123529. The optiontype 252 is not what i need but there are parameters where i don't know which the base is.

    Example:

    system dhcp dhcp-options add optioncode 252 optionname httpserver optiontype string

    system dhcp dhcp-options binding add dhcpname IPPhone_DHCP optionname httpserver(252) value ‘ConfigHttpSrvr=192.168.30.102’

    There is also an option 176 and to this option are a table with the parameters.

    The command as example is:
    system dhcp dhcp-options binding add dhcpname IPPhone_DHCP optionname IPTelephone(176) value ‘MCIPADD=192.168.30.99,MCPORT=1719,TFTPSRVR=192.168.30.201’

    If i want to try with following command for optioncode 81, which values to i have to set. Or where is the description for this option?

    system dhcp dhcp-options binding add dhcpname Default_DHCP_Server optionname Client_FDQN(81) value '?e.g. flag1=S??????=???????'

    Thanks if someone could help me.
    Wolfgang

  • 0 in reply to Wolfgang Ritter1

    Perhaps i can help with following information which i found by CISCO.

    client-fqdn

    81

    blob (sequence of bytes); 4 fields: flags, rcode-1, rcode-2, and domain-name

    And the information according RFC 4702:

    The code for this option is 81.  Len contains the number of octets
   that follow the Len field, and the minimum value is 3 (octets).
    The format of the Client FQDN option is:

        Code   Len    Flags  RCODE1 RCODE2   Domain Name
       +------+------+------+------+------+------+--
       |  81  |   n  |      |      |      |       ...
       +------+------+------+------+------+------+--

   The above figure follows the conventions of [12].

       The format of the 1-octet Flags field is:

        0 1 2 3 4 5 6 7
       +-+-+-+-+-+-+-+-+
       |  MBZ  |N|E|O|S|
       +-+-+-+-+-+-+-+-+

   The "S" bit indicates whether the server SHOULD or SHOULD NOT perform
   the A RR (FQDN-to-address) DNS updates.  A client sets the bit to 0
   to indicate the server SHOULD NOT perform the updates and 1 to
   indicate the server SHOULD perform the updates.  The state of the bit
   in the reply from the server indicates the action to be taken by the
   server; if 1, the server has taken responsibility for A RR updates
   for the FQDN.

   The "O" bit indicates whether the server has overridden the client's
   preference for the "S" bit.  A client MUST set this bit to 0.  A
   server MUST set this bit to 1 if the "S" bit in its reply to the
   client does not match the "S" bit received from the client.

   The "N" bit indicates whether the server SHOULD NOT perform any DNS
   updates.  A client sets this bit to 0 to request that the server
   SHOULD perform updates (the PTR RR and possibly the A RR based on the
   "S" bit) or to 1 to request that the server SHOULD NOT perform any
   DNS updates.  A server sets the "N" bit to indicate whether the
   server SHALL (0) or SHALL NOT (1) perform DNS updates.  If the "N"
   bit is 1, the "S" bit MUST be 0.

   The "E" bit indicates the encoding of the Domain Name field. 1
   indicates canonical wire format, without compression, as described in
   [3], Section 3.1.  This encoding SHOULD be used by clients and MUST
   be supported by servers. 0 indicates a now-deprecated ASCII encoding.
       A server MUST use the same encoding as that used by the client.
       A server that does not support the deprecated ASCII encoding MUST
       ignore Client FQDN options that use that encoding.

   The remaining bits in the Flags field are reserved for future
   assignment.  DHCP clients and servers that send the Client FQDN
   option MUST clear the MBZ bits, and they MUST ignore these bits.

    2.2. The RCODE Fields

       The two 1-octet RCODE1 and RCODE2 fields are deprecated.  A client
   SHOULD set these to 0 when sending the option and SHOULD ignore them
   on receipt.  A server SHOULD set these to 255 when sending the option
   and MUST ignore them on receipt.