A wanted to shift enduser registration to the customers.
To protect our customer I've redacted some information from this example.
We decided to use reserved scope for registration.
a access-list that blokeds that scope from internet acces is in affect and 2 web server take care of registration.
First web server 10.127.0.15 will reply with "Location: http://register.client.com/" to any request.
Secound web server 10.127.0.13 is a LAMP installation.
A script will add static outside address to the dhcpd.conf file after registration.
Sniplet from the ISC dhcpd.conf:
shared-network cpe {
// jail
subnet 172.18.0.0 netmask 255.255.0.0 {
range 172.18.255.2 172.18.255.255;
default-lease-time 60;
max-lease-time 60;
option routers 172.18.0.1;
option broadcast-address 172.18.255.255;
one-lease-per-client true;
}
//outside redacted
subnet 8.8.8.8 netmask 255.255.255.0 {
default-lease-time 60;
max-lease-time 60;
option routers 8.8.8.1;
option broadcast-address 8.8.8.255;
one-lease-per-client true;
}
}
Sniplet from named.conf:
view "jail" {
match-clients { 172.18.255.0/24; }
recursion yes;
zone "." {
type master;
file "jail";
}
}
view "trust" {
match-clients { "any"; };
recursion yes;
zone "." {
type hint;
file "named.ca";
}
}
jail file for bind:
$TTL 60
. IN SOA localhost. root.localhost. (
2005061501; serial
60 ;refresh
60 ; retry
60 ; expire
60 ; default_ttl
)
IN NS localhost.
*. IN A 10.127.0.15
register.client.com IN A 10.127.0.13
Forgot to mention the CMTS bundle:
ip address 172.18.0.1 255.255.0.0
ip address 8.8.8.8 255.255.255.0 secondary
Tested and working on Windows, Mac and Linux.