[Dnsmasq-discuss] dnsmasq DHCP behind a DHCP relay, without directly-connected addresses

James Brown jbrown at easypost.com
Tue Aug 2 23:43:33 BST 2016


I have a setup roughly like the following ASCII-art diagram (numbers and
number of VLANs simplified greatly):


|===== VLAN 1 : 10.0.1.0/24  ======|    |============== VLAN 2: 10.0.2.0/24
==============|
|                                  |    |
              |
|   |------------------|        |-------------|
              |
|   |     admin host   |        |  gateway    |
              |
|   |    10.0.1.2/24   |        | 10.0.1.1/24 |
|----------------------------|      |
|   |------------------|        | 10.0.2.1/24 |       |   client host
       |      |
|                               | etc         |       | should get static
lease of |      |
|                               |-------------|       | 10.0.2.x
        |      |
|                                  |    |
|----------------------------|      |
|==================================|
 |=================================================|

​We have multiple VLANs each of which has its own subnet. They're bridged
by a single multi-homed gateway (actually, an HA pair of them, but
whatever). The gateway is running dhrelay3 and forwarding DHCP requests to
the admin host in the administrative VLAN, which is running dnsmasq with a
database of addresses to hand out.​ I would prefer to be able to avoid
having to put that database on the gateway and have a bunch of dynamic host
configuration on a router. The admin host is single-homed.

The dnsmasq config looks like the following (I've removed most of the
entries and config to simplify the question):

port = 0
dhcp-range=10.0.1.0,static,255.255.255.0
dhcp-range=10.0.2.0,static,255.255.255.0
dhcp-option=6,10.0.2.3
dhcp-option=3,10.0.2.1
dhcp-host=00:aa:bb:cc:dd:ee,10.2.0.86

Unfortunately, dnsmasq seems to refuse to hand out addresses from a
non-directly-connected subnet. When the requests come in from
00:aa:bb:cc:dd:ee, I just get the following logged:

dnsmasq: started, version 2.76 DNS disabled
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq-dhcp: DHCP, static leases only on 10.0.1.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.0.2.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.0.3.0, lease time 1h
dnsmasq-dhcp: 1302931552 available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored
dnsmasq-dhcp: 1302931552 available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored
dnsmasq-dhcp: 4279941416 available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 4279941416 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored

​Tcpdump of the packets being received by ​the host look roughly like the
following:

22:23:57.987953 IP (tos 0x0, ttl 64, id 48608, offset 0, flags [DF], proto
UDP (17), length 328)
    10.0.1.1.bootps > admin.bootps: BOOTP/DHCP, Request from
00:aa:bb:cc:dd:ee (oui Unknown), length 300, hops 1, xid 0x4ec4ba20, secs
24, Flags [none]
 Gateway-IP 10.0.1.1
 Client-Ethernet-Address 00:aa:bb:cc:dd:ee (oui Unknown)
 Vendor-rfc1048 Extensions
   Magic Cookie 0x63825363
   DHCP-Message Option 53, length 1: Discover
   Parameter-Request Option 55, length 13:
     Subnet-Mask, BR, Time-Zone, Classless-Static-Route
     Domain-Name, Domain-Name-Server, Hostname, YD
     YS, NTP, MTU, Option 119
     Default-Gateway

​I would like for the admin host (10.0.1.1/24) to be able to hand out IP
addresses to hosts in any VLAN without having to multi-home it. Is this
just impossible in dnsmasq, or is there some magic option that will tell it
to hand out IP addresses on a non-connected subnet when the request goes
through a relay?

I've attempted to go through the source code, but even once I figured out
the idiosyncratic indentation style of rfc2131.c, I still can't figure out
precisely where the logic to generate this message lives.

​Thanks for any help y'all can provide.​
-- 
James Brown
​Intermittent Network ​
Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160802/1592ec0d/attachment.html>


More information about the Dnsmasq-discuss mailing list