[Dnsmasq-discuss] Some clients appear not to do addr-in-use checks, making --no-ping risky

Alkis Georgopoulos alkisg at gmail.com
Tue Apr 17 23:26:04 BST 2012

Simon thanks a lot for your reply,

Uh first of all sorry for the previously lame Subject: line, it looks 
like I pasted the list mail over it. :(

 > Why is using --no-ping risky for LTSP? DHCP clients will still do
 > address-in-use checks and dnsmasq handles DHCPDECLINE messages
 > resulting from those checks happily.

It's possible that I'm doing the wrong tests, but so far I think that my 
netbook's Intel PXE stack, iPXE, and dhclient, DON'T do address-in-use 
checks (the DHCP RFC says that they SHOULD, not that they MUST).

Here is one of my test cases and its logs:

1) PC running dnsmasq:
dnsmasq.conf: --no-ping, dhcp-range=,,8h
(just one IP available, to ensure I get a collision)

2) Another PC with a static IP of

3) A netbooted atom netbook with Intel UNDI, PXE-2.1 (build 082), for 
Realtek RTL8100E/8101E Fast Ethernet Network Adapter v1.02.

In short, the client got assigned the address, and it 
happily accepted it without doing an address-in-use check.

Detailed wireshark log:
       1 0.000000            DHCP 
   592    DHCP Discover - Transaction ID 0x4d6d4d81
       2 0.000594       DHCP 
   427    DHCP Offer    - Transaction ID 0x4d6d4d81
       3 2.059552            DHCP 
   592    DHCP Request  - Transaction ID 0x4d6d4d81
       4 2.133730       DHCP 
   427    DHCP ACK      - Transaction ID 0x4d6d4d81
       5 2.169515       DHCP 
   592    DHCP Request  - Transaction ID 0x4d6d4d81
       6 2.169952       DHCP 
   344    DHCP ACK      - Transaction ID 0x4d6d4d81
       7 3.212544    RealtekS_6d:4d:81                           ARP 
   62     Who has  Tell
       8 3.212573    Clevo_80:5d:24                              ARP 
   44 is at 00:90:f5:80:5d:24
       9 3.212875          TFTP 
   72     Read Request, File: /pxelinux.0, Transfer type: octet, 

...etc, neither side pinged to see if someone already uses 
it. Clevo_ is the PC running dnsmasq.

 > This [local cache poisoning] doesn't apply when the DNS
 > server is not the local machine, which is likely for LTSP.

While the clients boot, true, dnsmasq runs in a "remote" machine, but 
after the users log in, their sessions are on the server (like in 
XDMCP), so dnsmasq is local there.

Thanks again,

More information about the Dnsmasq-discuss mailing list