[Dnsmasq-discuss] Some clients appear not to do addr-in-use checks, making --no-ping risky
Alkis Georgopoulos
alkisg at gmail.com
Tue Apr 17 23:26:04 BST 2012
Simon thanks a lot for your reply,
Uh first of all sorry for the previously lame Subject: line, it looks
like I pasted the list mail over it. :(
> Why is using --no-ping risky for LTSP? DHCP clients will still do
> address-in-use checks and dnsmasq handles DHCPDECLINE messages
> resulting from those checks happily.
It's possible that I'm doing the wrong tests, but so far I think that my
netbook's Intel PXE stack, iPXE, and dhclient, DON'T do address-in-use
checks (the DHCP RFC says that they SHOULD, not that they MUST).
Here is one of my test cases and its logs:
1) PC running dnsmasq: 192.168.67.1
dnsmasq.conf: --no-ping, dhcp-range=192.168.67.11,192.168.67.11,8h
(just one IP available, to ensure I get a collision)
2) Another PC with a static IP of 192.168.67.11.
3) A netbooted atom netbook with Intel UNDI, PXE-2.1 (build 082), for
Realtek RTL8100E/8101E Fast Ethernet Network Adapter v1.02.
In short, the client got assigned the 192.168.67.11 address, and it
happily accepted it without doing an address-in-use check.
Detailed wireshark log:
1 0.000000 0.0.0.0 255.255.255.255 DHCP
592 DHCP Discover - Transaction ID 0x4d6d4d81
2 0.000594 192.168.67.1 255.255.255.255 DHCP
427 DHCP Offer - Transaction ID 0x4d6d4d81
3 2.059552 0.0.0.0 255.255.255.255 DHCP
592 DHCP Request - Transaction ID 0x4d6d4d81
4 2.133730 192.168.67.1 255.255.255.255 DHCP
427 DHCP ACK - Transaction ID 0x4d6d4d81
5 2.169515 192.168.67.11 255.255.255.255 DHCP
592 DHCP Request - Transaction ID 0x4d6d4d81
6 2.169952 192.168.67.1 255.255.255.255 DHCP
344 DHCP ACK - Transaction ID 0x4d6d4d81
7 3.212544 RealtekS_6d:4d:81 ARP
62 Who has 192.168.67.1? Tell 192.168.67.11
8 3.212573 Clevo_80:5d:24 ARP
44 192.168.67.1 is at 00:90:f5:80:5d:24
9 3.212875 192.168.67.11 192.168.67.1 TFTP
72 Read Request, File: /pxelinux.0, Transfer type: octet,
tsize\000=0\000
...etc, neither side pinged 192.168.67.11 to see if someone already uses
it. Clevo_ is the PC running dnsmasq.
> This [local cache poisoning] doesn't apply when the DNS
> server is not the local machine, which is likely for LTSP.
While the clients boot, true, dnsmasq runs in a "remote" machine, but
after the users log in, their sessions are on the server (like in
XDMCP), so dnsmasq is local there.
Thanks again,
Alkis
More information about the Dnsmasq-discuss
mailing list