Bug 842360

Summary: dhcpd does not listen for dhcp requests
Product: [openSUSE] openSUSE 12.3 Reporter: Mathias Homann <Mathias.Homann>
Component: NetworkAssignee: Marius Tomaschewski <mt>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: lchiquitto, meissner
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE 12.3   
Whiteboard: maint:released:sle11-sp3:58113
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 842359    
Deadline: 2014-07-09   

Description Mathias Homann 2013-09-25 20:10:12 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0

When running the dhcp server that is included with opensuse 12.3,l it simply "doe not work at all". on closer inspection it turns out that the dhcpd does not listen on port 67... and so it can't serve dhcp requests.

Reproducible: Always

Steps to Reproduce:
1. start dhcpd
2. run dhcpcd-test from another computer
3. observe it failing w/o getting an answer
4. check with netstat -ulpn|grep dhcp that the dhcp server listens on two random udp ports but *not* on port 67
Actual Results:  
running a dhcp server with openSUSE 12.3 does not work at all.

Expected Results:  
it "should just work".
Comment 1 Marius Tomaschewski 2013-09-26 09:35:52 UTC 
Please provide the output of:

   grep ^DHCP /etc/sysconfig/dhcpd

as well as  of:

   ip addr show
Comment 2 Marius Tomaschewski 2013-09-26 09:41:29 UTC 
Please provide also the output of:

    grep -v ^# /etc/dhcpd.conf
Comment 3 Mathias Homann 2013-09-26 10:07:40 UTC 
akari:~ # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP qlen 1000
    link/ether 28:92:4a:34:53:0f brd ff:ff:ff:ff:ff:ff
    inet6 fe80::2a92:4aff:fe34:530f/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 68:05:ca:1b:69:5f brd ff:ff:ff:ff:ff:ff
    inet 192.168.178.20/24 brd 192.168.178.255 scope global eth1
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 28:92:4a:34:53:0f brd ff:ff:ff:ff:ff:ff
    inet 192.168.238.1/24 brd 192.168.238.255 scope global br0
    inet6 2001:6f8:1046:0:d8c2:a0c2:be16:a3c0/64 scope global temporary dynamic 
       valid_lft 86395sec preferred_lft 14395sec
    inet6 2001:6f8:1046:0:49b4:5cd6:21ac:7daf/64 scope global temporary deprecated dynamic 
       valid_lft 86395sec preferred_lft 0sec
    inet6 2001:6f8:1046:0:2a92:4aff:fe34:530f/64 scope global dynamic 
       valid_lft 86395sec preferred_lft 14395sec
    inet6 fe80::2a92:4aff:fe34:530f/64 scope link 
       valid_lft forever preferred_lft forever


akari:~ # grep ^DHCP /etc/sysconfig/dhcpd
DHCPD_INTERFACE="ANY"
DHCPD6_INTERFACE="ANY"
DHCPD_IFUP_RESTART=""
DHCPD6_IFUP_RESTART=""
DHCPD_RUN_CHROOTED="yes"
DHCPD6_RUN_CHROOTED="yes"
DHCPD_CONF_INCLUDE_FILES="/etc/dhcpd.d /etc/named.keys"
DHCPD6_CONF_INCLUDE_FILES="/etc/dhcpd6.d"
DHCPD_RUN_AS=""
DHCPD6_RUN_AS="dhcpd"
DHCPD_OTHER_ARGS=""
DHCPD6_OTHER_ARGS=""
DHCPD_BINARY=""
DHCPD6_BINARY=""


akari:~ # grep -v ^# /etc/dhcpd.conf
option domain-name "eregion.home";
option domain-name-servers 192.168.238.6;
option routers 192.168.238.6;
option ntp-servers 192.168.238.6;
option lpr-servers 192.168.238.6;
option netbios-name-servers 192.168.238.6;
authoritative ;
default-lease-time 14400;
include "/etc/named.keys";
ddns-update-style interim;
ignore client-updates;
ddns-updates on;
subnet 192.168.238.0 netmask 255.255.255.0 {
  range dynamic-bootp 192.168.238.128 192.168.238.254;
  default-lease-time 14400;
  max-lease-time 172800;
  zone eregion.home. { primary 192.168.238.6; key DHCP_UPDATER; }
  zone 238.168.192.in-addr.arpa. { primary 192.168.238.6; key DHCP_UPDATER; }
}
Comment 4 Marius Tomaschewski 2013-09-26 10:59:51 UTC 
OK, thanks!

I've applied your configuration with small modifications and it works
for me so far:

+ #include "/etc/named.keys";
+ ddns-updates off;

-   zone eregion.home. { primary 192.168.238.6; key DHCP_UPDATER; }
-   zone 238.168.192.in-addr.arpa. { primary 192.168.238.6; key DHCP_UPDATER; }
+  #zone eregion.home. { primary 192.168.238.6; key DHCP_UPDATER; }
+  #zone 238.168.192.in-addr.arpa. { primary 192.168.238.6; key DHCP_UPDATER; }


Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: Copyright 2004-2013 Internet Systems Consortium.
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: All rights reserved.
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: For info, please visit https://www.isc.org/software/dhcp/
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: Wrote 0 leases to leases file.
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: Listening on LPF/br0/52:54:00:69:15:31/192.168.238.0/24
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: Sending on   LPF/br0/52:54:00:69:15:31/192.168.238.0/24
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: 
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: No subnet declaration for eth1 (no IPv4 addresses).
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: ** Ignoring requests on eth1.  If this is not what
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: you want, please write a subnet declaration
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10295]: in your dhcpd.conf file for the network segment
Sep 26 12:41:48 trinity9.lab31.mat-home.net dhcpd[10193]: Starting ISC DHCPv4 4.x Server [chroot]..done

trinity9:~ # ps ax | grep dhcpd
10296 ?        Ss     0:00 /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf /db/dhcpd.leases
10579 pts/0    S+     0:00 grep --color=auto dhcpd
trinity9:~ # netstat -aunp | grep 67
udp        0      0 0.0.0.0:67              0.0.0.0:*                           10296/dhcpd         

BTW: It complains about eth1 a bit because the kernel still has cached
results. With:

echo "net.ipv6.conf.eth1.disable_ipv6 = 1" >> /etc/sysconfig/network/ifsysctl

[the bridge port] this should be better...

It is better to use DHCPD_INTERFACE="br0", because the dhcpd requires
a restart, when the br0 interface is restarted [removed+created].
Then the /etc/sysconfig/network/if-up.d/60-dhcpd-restart-hook is able
to restart the dhcpd on br0 restarts.
Without this, the server may remain bound to the removed bridge ifindex
and will receive no packets any more after a bridge restart.

Can you provide the log messages from a server start / output of:

    journalctl --no-pager -u dhcpd.service

as well?
Comment 5 Marius Tomaschewski 2013-09-26 11:10:32 UTC 
I've generated a /etc/named.keys and replaced /etc/dhcpd.conf with yours
and it seems to work fine:

trinity9:~ # grep DHCP_UPDATER /etc/named.keys
key DHCP_UPDATER {
trinity9:~ # grep ^DHCP /etc/sysconfig/dhcpd
DHCPD_INTERFACE="ANY"
DHCPD6_INTERFACE=""
DHCPD_IFUP_RESTART=""
DHCPD6_IFUP_RESTART=""
DHCPD_RUN_CHROOTED="yes"
DHCPD6_RUN_CHROOTED="yes"
DHCPD_CONF_INCLUDE_FILES="/etc/dhcpd.d /etc/named.keys"
DHCPD6_CONF_INCLUDE_FILES="/etc/dhcpd6.d"
DHCPD_RUN_AS=""
DHCPD6_RUN_AS="dhcpd"
DHCPD_OTHER_ARGS=""
DHCPD6_OTHER_ARGS=""
DHCPD_BINARY=""
DHCPD6_BINARY=""
trinity9:~ # systemctl status dhcpd.service
dhcpd.service - LSB: ISC DHCP 4.x Server
	  Loaded: loaded (/etc/init.d/dhcpd)
	  Active: active (running) since Thu, 2013-09-26 13:07:32 CEST; 1s ago
	 Process: 3066 ExecStop=/etc/init.d/dhcpd stop (code=exited, status=0/SUCCESS)
	 Process: 3080 ExecStart=/etc/init.d/dhcpd start (code=exited, status=0/SUCCESS)
	  CGroup: name=systemd:/system/dhcpd.service
		  └ 3184 /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf /db/dhcpd.leases

Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: Listening on LPF/br0/52:54:00:69:15:31/192.168.238.0/24
Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: Sending on   LPF/br0/52:54:00:69:15:31/192.168.238.0/24
Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: 
Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: No subnet declaration for eth1 (no IPv4 addresses).
Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: ** Ignoring requests on eth1.  If this is not what
Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: you want, please write a subnet declaration
Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: in your dhcpd.conf file for the network segment
Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: to which interface eth1 is attached. **
Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: 
Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3080]: Starting ISC DHCPv4 4.x Server [chroot]..done
Sep 26 13:07:32 trinity9.lab31.mat-home.net systemd[1]: Started LSB: ISC DHCP 4.x Server.

Please provide your logs.
Comment 6 Mathias Homann 2013-09-26 11:35:26 UTC 
(this is right after a reboot)

akari:~ # grep "^2013-09-26.*dhcpd" /var/log/messages
2013-09-26T13:30:42.613594+02:00 akari dhcpd: Internet Systems Consortium DHCP Server 4.2.5-P1
2013-09-26T13:30:42.614357+02:00 akari dhcpd: Copyright 2004-2013 Internet Systems Consortium.
2013-09-26T13:30:42.617500+02:00 akari dhcpd: All rights reserved.
2013-09-26T13:30:42.617527+02:00 akari dhcpd: For info, please visit https://www.isc.org/software/dhcp/
2013-09-26T13:30:42.674528+02:00 akari dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
2013-09-26T13:30:42.690489+02:00 akari dhcpd: Internet Systems Consortium DHCP Server 4.2.5-P1
2013-09-26T13:30:42.691493+02:00 akari dhcpd: Copyright 2004-2013 Internet Systems Consortium.
2013-09-26T13:30:42.691519+02:00 akari dhcpd: All rights reserved.
2013-09-26T13:30:42.691635+02:00 akari dhcpd: For info, please visit https://www.isc.org/software/dhcp/


akari:~ # journalctl --no-pager -u dhcpd.service
-- Logs begin at Thu, 2013-09-26 13:29:59 CEST, end at Thu, 2013-09-26 13:31:37 CEST. --
Sep 26 13:30:42 akari.eregion.home dhcpd[6455]: Internet Systems Consortium DHCP Server 4.2.5-P1
Sep 26 13:30:42 akari.eregion.home dhcpd[6455]: Copyright 2004-2013 Internet Systems Consortium.
Sep 26 13:30:42 akari.eregion.home dhcpd[6455]: All rights reserved.
Sep 26 13:30:42 akari.eregion.home dhcpd[6455]: For info, please visit https://www.isc.org/software/dhcp/
Sep 26 13:30:42 akari.eregion.home dhcpd[6455]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Sep 26 13:30:42 akari.eregion.home dhcpd[6664]: Internet Systems Consortium DHCP Server 4.2.5-P1
Sep 26 13:30:42 akari.eregion.home dhcpd[6664]: Copyright 2004-2013 Internet Systems Consortium.
Sep 26 13:30:42 akari.eregion.home dhcpd[6664]: All rights reserved.
Sep 26 13:30:42 akari.eregion.home dhcpd[6664]: For info, please visit https://www.isc.org/software/dhcp/


akari:~ # netstat -tulpen|grep dhcpd
udp        0      0 0.0.0.0:34453           0.0.0.0:*                           0          18180      6664/dhcpd          
udp        0      0 :::64105                :::*                                0          18181      6664/dhcpd          

akari:~ # chkconfig dhcpd
dhcpd  on

and in ps auxf i see the dhcpd running, but not forking away from its init script...
Comment 7 Marius Tomaschewski 2013-09-26 12:15:08 UTC 
Hmm... there are no bind(port/interace) lines like:

Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: Listening on
LPF/br0/52:54:00:69:15:31/192.168.238.0/24
Sep 26 13:07:32 trinity9.lab31.mat-home.net dhcpd[3183]: Sending on  
LPF/br0/52:54:00:69:15:31/192.168.238.0/24

in your log...

Can you attach "grep . /etc/sysconfig/network/ifcfg-[eb]*" output?

Further, please try the following:

1) logger "=== 1 ==="
2) systemctl stop dhcpd.service
3) killproc -9 /usr/sbin/dhcpd # make sure it is stopped
4) SYSTEMD_NO_WRAP=yes bash -x /etc/init.d/dhcpd start &>/tmp/dhcpd.start.xtrace
5) execute steps 2 + 3 again [kill it]
6) logger "=== 6 ==="
7) start it manually using:
      strace -fF -ttt -s512 -o/tmp/dhcpd.strace /usr/sbin/dhcpd -d -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf /db/dhcpd.leases &>/tmp/dhcpd.out
   Use Ctrl-C keys to kill it after ~30 sec.
8) logger "=== 8 ==="
9) attach /tmp/dhcpd.start.xtrace /tmp/dhcpd.out /tmp/dhcpd.strace and
   messages in /var/log/messages since "=== 1 ===" marker
Comment 8 Mathias Homann 2013-09-26 12:22:03 UTC 
/etc/sysconfig/network/ifcfg-br0:BOOTPROTO='static'
/etc/sysconfig/network/ifcfg-br0:BRIDGE='yes'
/etc/sysconfig/network/ifcfg-br0:BRIDGE_FORWARDDELAY='0'
/etc/sysconfig/network/ifcfg-br0:BRIDGE_PORTS='eth0'
/etc/sysconfig/network/ifcfg-br0:BRIDGE_STP='off'
/etc/sysconfig/network/ifcfg-br0:BROADCAST=''
/etc/sysconfig/network/ifcfg-br0:ETHTOOL_OPTIONS=''
/etc/sysconfig/network/ifcfg-br0:IPADDR='192.168.238.1/24'
/etc/sysconfig/network/ifcfg-br0:MTU=''
/etc/sysconfig/network/ifcfg-br0:NETWORK=''
/etc/sysconfig/network/ifcfg-br0:PREFIXLEN='24'
/etc/sysconfig/network/ifcfg-br0:REMOTE_IPADDR=''
/etc/sysconfig/network/ifcfg-br0:STARTMODE='auto'
/etc/sysconfig/network/ifcfg-br0:USERCONTROL='no'
/etc/sysconfig/network/ifcfg-br0:NAME=''
/etc/sysconfig/network/ifcfg-eth0:BOOTPROTO='static'
/etc/sysconfig/network/ifcfg-eth0:BROADCAST=''
/etc/sysconfig/network/ifcfg-eth0:ETHTOOL_OPTIONS=''
/etc/sysconfig/network/ifcfg-eth0:IPADDR='0.0.0.0/32'
/etc/sysconfig/network/ifcfg-eth0:MTU=''
/etc/sysconfig/network/ifcfg-eth0:NAME='82574L Gigabit Network Connection'
/etc/sysconfig/network/ifcfg-eth0:NETMASK=''
/etc/sysconfig/network/ifcfg-eth0:NETWORK=''
/etc/sysconfig/network/ifcfg-eth0:REMOTE_IPADDR=''
/etc/sysconfig/network/ifcfg-eth0:STARTMODE='auto'
/etc/sysconfig/network/ifcfg-eth0:USERCONTROL='no'
/etc/sysconfig/network/ifcfg-eth0:PREFIXLEN=''
/etc/sysconfig/network/ifcfg-eth1:BOOTPROTO='dhcp'
/etc/sysconfig/network/ifcfg-eth1:BROADCAST=''
/etc/sysconfig/network/ifcfg-eth1:ETHTOOL_OPTIONS=''
/etc/sysconfig/network/ifcfg-eth1:IPADDR=''
/etc/sysconfig/network/ifcfg-eth1:MTU=''
/etc/sysconfig/network/ifcfg-eth1:NAME='NetXtreme BCM5723 Gigabit Ethernet PCIe'
/etc/sysconfig/network/ifcfg-eth1:NETWORK=''
/etc/sysconfig/network/ifcfg-eth1:REMOTE_IPADDR=''
/etc/sysconfig/network/ifcfg-eth1:STARTMODE='auto'
/etc/sysconfig/network/ifcfg-eth1:USERCONTROL='no'
/etc/sysconfig/network/ifcfg-eth1:NETMASK='255.255.255.0'
/etc/sysconfig/network/ifcfg-eth1:PREFIXLEN='32'
Comment 9 Mathias Homann 2013-09-26 12:27:41 UTC 
I tried the sequence of commands, and it hangs at #3, seems dhcpd does not fork... see bnc#842358
Comment 10 Mathias Homann 2013-09-26 12:36:18 UTC 
got it...


the start script did not copy the file "/etc/bindresvport.blacklist" into the chroot jail, so dhcpd refused to fork, and didn't open port 67 either.



akari:/etc/sysconfig # diff dhcpd~ dhcpd
128c128
< DHCPD_CONF_INCLUDE_FILES="/etc/dhcpd.d /etc/named.keys"
---
> DHCPD_CONF_INCLUDE_FILES="/etc/dhcpd.d /etc/named.keys /etc/bindresvport.blacklist"
154c154
< DHCPD_RUN_AS=""
---
> DHCPD_RUN_AS="dhcpd"
Comment 11 Marius Tomaschewski 2013-09-26 12:42:13 UTC 
Ah.... Thanks!

I'll add /etc/bindresvport.blacklist to the list in the init script.
Hmm... Why does it work in my case [also with DHCPD_RUN_AS="dhcpd"]
and not in yours?!
Comment 12 Mathias Homann 2013-09-26 12:44:33 UTC 
did you run your test in a chroot jail? if not, that's why.
Comment 13 Marius Tomaschewski 2013-09-26 15:59:13 UTC 
yes, always in a chroot (see comment 4, comment 5, comment 7).

I've only set the DHCPD_RUN_AS="" variable, because your config (comment 3) contains it too. But this is not needed to run it as root, for dhcpd user
(DHCPD_RUN_AS="dhcpd") works fine:

trinity9:~ # systemctl status dhcpd.service
dhcpd.service - LSB: ISC DHCP 4.x Server
	  Loaded: loaded (/etc/init.d/dhcpd)
	  Active: active (running) since Thu, 2013-09-26 17:50:01 CEST; 5min ago
	 Process: 2432 ExecStop=/etc/init.d/dhcpd stop (code=exited, status=0/SUCCESS)
	 Process: 14709 ExecStart=/etc/init.d/dhcpd start (code=exited, status=0/SUCCESS)
	  CGroup: name=systemd:/system/dhcpd.service
		  └ 14823 /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup

The /etc/bindresvport.blacklist is not needed:

trinity9:~ # find /var/lib/dhcp/ | grep -v proc
/var/lib/dhcp/
/var/lib/dhcp/var
/var/lib/dhcp/var/run
/var/lib/dhcp/var/run/dhcpd.pid
/var/lib/dhcp/db
/var/lib/dhcp/db/dhcpd.leases~
/var/lib/dhcp/db/dhcpd.leases
/var/lib/dhcp/lib64
/var/lib/dhcp/lib64/libnsl.so.1
/var/lib/dhcp/lib64/libdl.so.2
/var/lib/dhcp/lib64/libnss_files.so.2
/var/lib/dhcp/lib64/libnss_nis.so.2
/var/lib/dhcp/lib64/libnss_compat.so.2
/var/lib/dhcp/lib64/libnss_db.so.2
/var/lib/dhcp/lib64/libnss_nisplus.so.2
/var/lib/dhcp/lib64/libnss_hesiod.so.2
/var/lib/dhcp/lib64/libgcc_s.so.1
/var/lib/dhcp/lib64/libpthread.so.0
/var/lib/dhcp/lib64/libnss_dns.so.2
/var/lib/dhcp/lib64/libresolv.so.2
/var/lib/dhcp/etc
/var/lib/dhcp/etc/host.conf
/var/lib/dhcp/etc/nsswitch.conf
/var/lib/dhcp/etc/resolv.conf
/var/lib/dhcp/etc/gai.conf
/var/lib/dhcp/etc/dhcpd.conf
/var/lib/dhcp/etc/hosts
/var/lib/dhcp/etc/named.keys
/var/lib/dhcp/etc/localtime
/var/lib/dhcp/dev
/var/lib/dhcp/dev/log
/var/lib/dhcp/dev/urandom

Can you attach your /etc/nsswitch.conf and /etc/host.conf?

Are you using NIS?
Comment 14 Mathias Homann 2013-09-26 18:02:26 UTC 
Well, all I know is that i ran dhcpd with strace, and it hang right after not finding that blacklist file inside the chroot... so I copied it in, and *bang* dhcpd works now.

Yes, the machine in question is a NIS client, and will be a NIS server when I'm done with it.

nsswitch.conf:
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

# passwd: files nis
# shadow: files nis
# group:  files nis

passwd: compat
group:  compat

hosts:  files dns
networks:       files dns

services:       files nis
protocols:      files
rpc:    files
ethers: files
netmasks:       files
netgroup:       files nis
publickey:      files

bootparams:     files
automount:      files nis
aliases:        files nis
shadow: compat



host.conf:
#
# /etc/host.conf - resolver configuration file
#
# Please read the manual page host.conf(5) for more information.
#
#
# The following option is only used by binaries linked against
# libc4 or libc5. This line should be in sync with the "hosts"
# option in /etc/nsswitch.conf.
#
order hosts, bind
#
# The following options are used by the resolver library:
#
multi on
Comment 15 Marius Tomaschewski 2013-09-26 18:29:08 UTC 
(In reply to comment #14)
> Well, all I know is that i ran dhcpd with strace, and it hang right after not
> finding that blacklist file inside the chroot... so I copied it in, and *bang*
> dhcpd works now.
> 
> Yes, the machine in question is a NIS client, and will be a NIS server when
> I'm done with it.

OK, this explains it -- /etc/bindresvport.blacklist says: "bindresvport is
mostly called by RPC services" and NIS is using RPC...
Comment 16 Marius Tomaschewski 2013-09-26 18:34:40 UTC 
Maintenance:

We have to add /etc/bindresvport.blacklist to the chroot-jail file list
in dhcp-server package on 12.x and sles11. Ok?

There may be also a further fix, but for >=12.x only [=systemd].
Comment 18 Bernhard Wiedemann 2013-09-27 15:28:05 UTC 
This is an autogenerated message for OBS integration:
This bug (842360) was mentioned in
https://build.opensuse.org/request/show/201150 Factory / dhcp
Comment 19 Marius Tomaschewski 2014-01-09 15:45:06 UTC 
fixed in factory
+ planned update / pickup when another fix is going to be released

Workaround available: add the /etc/bindresvport.blacklist file to the
DHCPD_CONF_INCLUDE_FILES and DHCPD6_CONF_INCLUDE_FILES variables in
/etc/sysconfig/dhcpd.
Comment 20 Marius Tomaschewski 2014-01-09 15:46:41 UTC 
*** Bug 842359 has been marked as a duplicate of this bug. ***
Comment 21 Swamp Workflow Management 2014-06-11 13:39:55 UTC 
An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2014-07-09.
https://swamp.suse.de/webswamp/wf/57787
Comment 23 Swamp Workflow Management 2014-07-07 15:51:08 UTC 
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-debugsource, dhcp-devel, dhcp-relay, dhcp-server
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 24 Swamp Workflow Management 2014-07-07 19:04:39 UTC 
SUSE-RU-2014:0877-1: An update that has 5 recommended fixes can now be installed.

Category: recommended (low)
Bug References: 835818,842360,868250,868253,878846
CVE References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    dhcp-4.2.4.P2-0.20.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    dhcp-4.2.4.P2-0.20.1
SUSE Linux Enterprise Server 11 SP3 (src):    dhcp-4.2.4.P2-0.20.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    dhcp-4.2.4.P2-0.20.1