[Dibbler] Content of duid

Simon Hobson linux at thehobsons.co.uk
Tue Jun 26 18:05:17 CEST 2012


There was a 'fairly heated' discussion over on the ISC DHCP Users 
List not too long ago about DUIDs. As I recall, opinion seemed to be 
divided into those who believe that the use of MAC addresses is evil 
and we should all be using DUIDs - and those who think that in the 
real world the MAC address is no worse (and potentially better, less 
volatile, commonly available before a system is connected and turned 
on) than most DUIDs, and necessary for anyone trying to track 
equipment.

If you read the relevant RFCs, it is expressly forbidden to look into 
the DUID even though it's format is defined. Eg, if the client is 
using DUID-LL or DUID-LLT then it's forbidden to extract the MAC from 
that. I believe that most clients don't use DUID-LL or DUID-LLT 
anyway.


For the OP, the RFC is very clear - you cannot under any 
circumstances use the DUID (of any type) for anything but a straight 
match. In practical terms, that means you'll need to power up and 
connect the client, see what DUID it comes up with, and then you can 
copy/paste that to match against. You can only match against the 
whole thing (ie <something> == <something else>) and not look inside 
it (ie substring<something>,... == <something else>).

Bear in mind that the RFCs specify that DUID-LLT and DUID-LL should 
only be used by the client where there is no persistent storage (and 
for LL, no clock either). For many devices, if the user were to reset 
it or re-install the OS etc, then the DUID may well change. On many 
devices, the user may well be able to easily change it - more easily 
than changing the MAC.

Can't help with config of the server though.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.


More information about the Dibbler mailing list