[Dnsmasq-discuss] two dnsmasq servers providing dhcp for one domain
simon at thekelleys.org.uk
Fri Jul 17 14:21:05 BST 2009
Anand Kameswaran wrote:
> Maybe this is a lot more straightforward than I am thinking, but I'm not
> sure how I should configure DHCP, once I start using DHCP helper.
> Let me try and explain the setup. Each embedded device has 2 physical
> NIC cards. Eth0 and Eth1. Eth0 is used for public communincations and
> the VPN tunnels are setup between the two devices eth0 interfaces. Eth1
> had multiple virtual adapters to handle the subnetting, ie.
> eth1:1...eth1:n depending on the number of required subnets.
> Now when configuring DNSMasq I had run into an oddity. The machines
> absolutely should not provide DHCP over eth0 as that would impact the
> public network. Initially I configured dnsmasq to explicitly listen on
> all eth1.x interfaces, but it didn't work. However, when I configured
> dnsmasq to only exclude eth0 everything worked fine.
> Here is the crux of the problem using dhcp_helper. So device 1 is
> providing DHCP/DNS. I need to assign a different subnet for nodes on
> device 2 than for device 1, so that routing can occur over the tunnels.
> Obviously each side of the vpn tunnels needs unique subnets. That is
> one problem, although I know dnsmasq can serve up addresses in multiple
> ranges. The real problem I suspect is that requests from nodes on
> device two, sent over broadcast will probably be received physically on
> eth0. ALthough their is in fact a "tunnel" device as well. (btw using
> GRE tunnels for the VPN - not encrypted as I am only concerned about
> network segregation not security)
> Now I'm not really a good networking guy - so forgive me if my
> terminology is slightly off, but hopefully my problem is clear. And I
> am not really to clear on how to configure dnsmasq once I have DHCP
> helper working. I need those requests that come over the DHCP_Helper to
> get a different subnet. Any suggestions?
You're worrying too much. It all happens automagically. Set up
dhcp-helper to listen for broadcasts on the correct interface and bounce
them to dnsmasq. When dhcp-helper does this, it puts the address of the
interface on which the broadcast was received into the packet, in the
giaddr field. When dnsmasq gets a packet with giaddr set, it uses that
address to decide which subnet to allocate an address on, not the
interface that dnsmasq received the packet on.
dnsmasq, just list all the subnets you will need as dhcp-ranges.
dhcp-helper, select the interfaces to listen for broadcasts using -i
<interface> and/or -e <interface> and tell dhcp-helper where to send the
packets to with -s <ip-addr of server running dnsmasq>
If the dnsmasq server is multi-homed you can use any of its addresses,
as long as they are routable from the relay. The address of any
interface that dhcp-helper is listening on must be routable from the
host running dnsmasq.
More information about the Dnsmasq-discuss