Forcing PXE Clients not to broadcast for extra DHCP options

We have a site-wide PXE boot setup that manages workstations everywhere (using Altiris). Occasionally I want to netboot a specific non-managed boot loader from a specific TFTP server just by configuring the DHCP options for that host.

By default the PXE client will request (via broadcast) an address. Our primary ISC DHCP server answers this request. The PXE specification, however, allows for additional DHCP servers that don’t provide addresses but do provide boot options (i.e. TFTP server and filename) to clients. These additional options (coming from Altiris) override those provided in the original DHCP response by our primary ISC DHCP server.

After a quick read through the PXE specification I discovered this workaround to force a specific client to use the provided TFTP server/filename in the original DHCP response. PXE clients will accept (in the original DHCP response) a discovery control setting. You can use this to disable the secondary broadcast behaviour and force the PXE client to do as it was instructed by the primary DHCP server. This option is an encapsulated vendor option so we need to configure it in dhcpd.conf, thus:

# PXE Vendor Option Space:
option space PXE;
option PXE.discovery-control   code 6 = unsigned integer 8;

Then, when defining a client you toggle on the appropriate bits:

host jmcdesk {
      hardware ethernet     00:23:ae:61:13:d6;
      next-server ;
      filename              "pxelinux.0";
      vendor-option-space   PXE;
      option                PXE.discovery-control 11;

The option in question is PXE_DISCOVERY_CONTROL from the Preboot Execution Environment (PXE) Specification Version 2.1. The value eleven (11) informs the client to skip broadcast/multicast discovery and to use the boot filename from the original DHCP request.