DHCP and setting the client hostname

[jf987]

Hi all,

New to UT, not new to networks. Reference picture below if it matters.

I am trying to understand what is normally an easy operation, but does not seem to be as straightforward with UT. I suspect I am missing a new-to-UT idiot box somewhere that makes this simple . . otherwise surely someone would have asked by now, and I could find the answer in forums and web searches.

In a nutshell: UT does not seem to give me the option to set the client hostname in DHCP leases.

In a long-winded version: I want to be able to monitor what's going on not by IP or by self-reported client device names (which are entertaining..) but by the name I am assigning. I want to see those names in the dashboard, in the logs, etc. Right now I get a random blend of names I have assigned, names from clients, and just plain IP addresses. That's rather annoying and less than useful.

In a normal environment (pfSense, for ex) I would go and create a set of DHCP lease names, save them off, and for central infrastructure assign static MAC <-> IP mappings. These would then also appear in my local DNS, and everything is fine.

In UT, I edited the "Devices" page . . . and that didn't seem to do anything. And that "Last Hostname" keeps going back to randomly-stuffed client names. I made static DHCP entries for everything .. and then realized that the static mapping takes "Description" and not "Hostname" as the extra field. That's interesting . . . I've forcibly rebooted devices, and it didn't change the situation.

So what am I missing? I want a nice simple table somewhere, that carries through all of the UT internals, that is based on something like:

<Mac Addr> : Hostname : <optional static DHCP IP addr >

but cannot seem to find anything like this. Am I missing something? It seems like I would have to set entries in Devices, and then make every device a static DHCP assignment, and then go manually a DNS entry for that same hostname from Devices to the same IP from the DHCP leases . . . am I crazy?

Do I really need to move DHCP back to my pfSense box, and not on UT, to get this to work? Is that a best-practices model? And if it is, how do I get UT to recognize those names in dashboards and rules and so on?

Color me puzzled. Thanks to anyone that can point me to what it is that I'm sure I've missed somewhere . . .

Network topology diagram attached.

[Bollar]

I believe there are two ways to do this.

1. Create a Config: Network: DNS Server entry. The name entered here will override the hostname returned by the device by DHCP.
2. Add a Hostname via the Devices List button at the top right of the admin screen. In this list, Last Hostname is what was returned by DHCP or the static DNS entry in option 1. Whatever you enter in Hostname will override it.

[jf987]

Hi,

#1 - that was my question at the end of the note . . In order for a DNS entry to work like that, each client needs a static IP. For that to make sense, and for DNS to be reflected back in the UT logs and reports, I need a Devices entry. So for every single device on my network, I have to [a] make a Devices entry with a hostname; [b] make a static DHCP lease; and [3] make a DNS entry that maps the same hostname and DHCP static IP. There's no lesser way or central way of managing this and having it auto-populate to the various other settings . . . ?

#2 - Back in my original note, I mentioned that I did this . . and most clients seem to ignore it. So it doesn't seem to work as I expected it to.

Thanks!

[Jim.Alles]

...to Untangle, and the forums!

In a nutshell: UT does not seem to give me the option to set the client hostname in DHCP leases.

This is a correct statement, not in the GUI.

As @Bollar stated,
The Hostname column in Devices will propagate to the hosts table, and be used throughout NGFW reports. Don't forget to hit save. Also, it may be useful to refresh your browser, but I haven't found that to be a problem.

I think it will do what you want, and reliably.
http://wiki.untangle.com/index.php/Devices

TL;DR:
You just have to separate the different functionality of all of the various uses of the term 'hostname'.

• NGFW reports
• DHCP enumeration
• DNS resolution
• Host (Client) identification

You have correctly observed that the hostname that was learned automatically by DNS/DHCP is retained in the NGFW 'last hostname' column. It is typically the hostname set on the client. This does not have to be the same name that DNS uses, but generally is.

The clients don't care what name NGFW uses for them in reports.

However,
The new NGFW 'hostname' column entries in reports does not propagate to the DNS/DHCP services, which are provided by dnsmasq.

DNS and DHCP entries are aware of each other in dnsmasq. It is possible to override a hostname provided by a client by setting a dhcp-host= option in the config file. We have access to that in "Custom dnsmasq options." at #config/network/advanced/dns_and_dhcp

Code:

dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][tag:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
Specify per host parameters for the DHCP server. This allows a machine with a particular hardware address to be always allocated the same hostname, IP address and lease time. A hostname specified like this overrides any supplied by the DHCP client on the machine. It is also allowable to omit the hardware address and include the hostname, in which case the IP address and lease times will apply to any machine claiming that name. For example --dhcp-host=00:20:e0:3b:13:af,wap,infinite tells dnsmasq to give the machine with hardware address 00:20:e0:3b:13:af the name wap, and an infinite DHCP lease. --dhcp-host=lap,192.168.0.199 tells dnsmasq to always allocate the machine lap the IP address 192.168.0.199.

From http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

This might be useful if you reach services inside your LAN with a FQDN.

However,
dnsmasq does not support DHCP option 012, so the DHCP server cannot set the hostname on the host, even if the client is capable of asking for it.

[Jim.Alles]

I think it will do what you want, and reliably.

I have found something perplexing.
When a device is bypassed with a bypass rule by way of client tagging (100% of traffic), even though it has a hostname entry in both the device table and static DNS, it shows up as an IP address only in the Sessions report.

[sky-knight]

Yes, because reports is bypassed just like everything else.

[Jim.Alles]

Yes, because reports is bypassed just like everything else.

nope. reports isn't up there. it is a "Service Apps"
(e.g. bypassed stuff is reported).

EDIT: It also doesn't show up in the Hosts table, even though it has active sessions.

[Jim.Alles]

You just have to separate the different functionality of all of the various uses of the term 'hostname'.

• NGFW reports
• DHCP enumeration
• DNS resolution
• Host (Client) identification

What is neat that the Host Details in the Current Hosts table has a host of information (pun intended, sorry) about all of the different hostnames, and which of those sources is selected.

hosts.png

So a more complete list is:

• The device itself
• Device table
• DHCP
• Directory Connector
• DNS
• OpenVPN
• Reports

[LaurentR]

Yes, because reports is bypassed just like everything else.

I learned in a recent thread that there is an option specifically for that in Config/Advanced/Options: "Log bypassed sessions". It is set by default.

It's funny, because the sessions still show up in App or Bw Control reports, but they're pretty anonymous because they are not identified by the various L7 functions.

[sky-knight]

I learned in a recent thread that there is an option specifically for that in Config/Advanced/Options: "Log bypassed sessions". It is set by default.

It's funny, because the sessions still show up in App or Bw Control reports, but they're pretty anonymous because they are not identified by the various L7 functions.

Yes, and that logging eats buckets of additional drive space. But yes, that's the purpose of bypass, to turn off the layer 7 stuff, so you don't get all the information you do otherwise.