[Dnsmasq-discuss] dnsmasq DHCP behind a DHCP relay, without directly-connected addresses

James Brown jbrown at easypost.com
Wed Aug 10 02:25:10 BST 2016


Hi Simon:

The string "ignore" does not occur in my config. Below is the current
entire config that I'm running on while I test this, without the
networks re-written into the clearer forms above:

no-resolv
server=8.8.8.8
no-daemon
no-hosts
log-facility=/dev/null
log-dhcp
log-queries
enable-tftp
tftp-root=/srv/install/tftp
port=0
dhcp-option=6,10.90.95.113
dhcp-range=10.88.81.65,static,255.255.255.192
dhcp-range=10.90.95.65,static,255.255.255.192
dhcp-range=10.91.78.0,static,255.255.255.192
dhcp-range=10.88.177.0,static,255.255.255.128
dhcp-host=0c:c4:7a:8e:1d:62,10.88.177.107
dhcp-option=3,10.88.177.1

And the output when trying to boot the machine listed under dhcp-host:

dnsmasq: started, version 2.76 DNS disabled
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN
DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect
inotify
dnsmasq-dhcp: DHCP, static leases only on 10.88.177.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.91.78.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.90.95.65, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.88.81.65, lease time 1h
dnsmasq-tftp: TFTP root is /srv/install/tftp
dnsmasq-dhcp: 529627704 available DHCP subnet: 10.90.95.65/255.255.255.192
dnsmasq-dhcp: 529627704 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
address available
dnsmasq-dhcp: 529627704 available DHCP subnet: 10.90.95.65/255.255.255.192
dnsmasq-dhcp: 529627704 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
address available
dnsmasq-dhcp: 4100833080 available DHCP subnet: 10.90.95.65/255.255.255.192
dnsmasq-dhcp: 4100833080 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
address available
dnsmasq-dhcp: 4100833080 available DHCP subnet: 10.90.95.65/255.255.255.192
dnsmasq-dhcp: 4100833080 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
address available

On Wed, Aug 3, 2016 at 2:57 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> "dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored"
>
> Implies that you've somehow configured dnsmasq to ignore this client,
> either with
>
> dhcp-host=<stuff to id client>,ignore
>
> or
>
> dhcp-ignore=<some tags>
>
>
> Maybe take a look at the rest of the config you didn't post or post it
> here? Fixing this problem is necessary before looking at the subnet
> address selection stuff, which should be possible using a DHCP relay.
>
> Cheers,
>
> Simon.
>
>
>
> On 02/08/16 23:43, James Brown wrote:
>> I have a setup roughly like the following ASCII-art diagram
>> (numbers and number of VLANs simplified greatly):
>>
>>
>> |===== VLAN 1 : 10.0.1.0/24  ======|    |============== VLAN 2:
>> 10.0.2.0/24 ==============| |                                  |
>> | | |   |------------------|        |-------------| | |   |
>> admin host   |        |  gateway    | | |   |    10.0.1.2/24   |
>> | 10.0.1.1/24 | |----------------------------|      | |
>> |------------------|        | 10.0.2.1/24 |       |   client host |
>> | |                               | etc         |       | should
>> get static lease of |      | |
>> |-------------|       | 10.0.2.x |      | |
>> |    | |----------------------------|      |
>> |==================================|
>> |=================================================|
>>
>> ?We have multiple VLANs each of which has its own subnet. They're
>> bridged by a single multi-homed gateway (actually, an HA pair of
>> them, but whatever). The gateway is running dhrelay3 and forwarding
>> DHCP requests to the admin host in the administrative VLAN, which
>> is running dnsmasq with a database of addresses to hand out.? I
>> would prefer to be able to avoid having to put that database on the
>> gateway and have a bunch of dynamic host configuration on a router.
>> The admin host is single-homed.
>>
>> The dnsmasq config looks like the following (I've removed most of
>> the entries and config to simplify the question):
>>
>> port = 0 dhcp-range=10.0.1.0,static,255.255.255.0
>> dhcp-range=10.0.2.0,static,255.255.255.0 dhcp-option=6,10.0.2.3
>> dhcp-option=3,10.0.2.1 dhcp-host=00:aa:bb:cc:dd:ee,10.2.0.86
>>
>> Unfortunately, dnsmasq seems to refuse to hand out addresses from
>> a non-directly-connected subnet. When the requests come in from
>> 00:aa:bb:cc:dd:ee, I just get the following logged:
>>
>> dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile time
>> options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua
>> TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
>> dnsmasq-dhcp: DHCP, static leases only on 10.0.1.0, lease time 1h
>> dnsmasq-dhcp: DHCP, static leases only on 10.0.2.0, lease time 1h
>> dnsmasq-dhcp: DHCP, static leases only on 10.0.3.0, lease time 1h
>> dnsmasq-dhcp: 1302931552 available DHCP subnet:
>> 10.0.1.0/255.255.255.0 dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0)
>> 00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 1302931552 available DHCP
>> subnet: 10.0.1.0/255.255.255.0 dnsmasq-dhcp: 1302931552
>> DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp:
>> 4279941416 available DHCP subnet: 10.0.1.0/255.255.255.0
>> dnsmasq-dhcp: 4279941416 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee
>> ignored
>>
>> ?Tcpdump of the packets being received by ?the host look roughly
>> like the following:
>>
>> 22:23:57.987953 IP (tos 0x0, ttl 64, id 48608, offset 0, flags
>> [DF], proto UDP (17), length 328) 10.0.1.1.bootps > admin.bootps:
>> BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui Unknown), length
>> 300, hops 1, xid 0x4ec4ba20, secs 24, Flags [none] Gateway-IP
>> 10.0.1.1 Client-Ethernet-Address 00:aa:bb:cc:dd:ee (oui Unknown)
>> Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message
>> Option 53, length 1: Discover Parameter-Request Option 55, length
>> 13: Subnet-Mask, BR, Time-Zone, Classless-Static-Route Domain-Name,
>> Domain-Name-Server, Hostname, YD YS, NTP, MTU, Option 119
>> Default-Gateway
>>
>> ?I would like for the admin host (10.0.1.1/24) to be able to hand
>> out IP addresses to hosts in any VLAN without having to multi-home
>> it. Is this just impossible in dnsmasq, or is there some magic
>> option that will tell it to hand out IP addresses on a
>> non-connected subnet when the request goes through a relay?
>>
>> I've attempted to go through the source code, but even once I
>> figured out the idiosyncratic indentation style of rfc2131.c, I
>> still can't figure out precisely where the logic to generate this
>> message lives.
>>
>> ?Thanks for any help y'all can provide.?
>>
>>
>>
>> _______________________________________________ Dnsmasq-discuss
>> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBCAAGBQJXomivAAoJEBXN2mrhkTWic7EP/2NNS6u50qG4MFf/FHjcY2TT
> obJoqXpBQJsC/0Dn7Jf19ovTjnALpJKvDy8llDIs753Uav9LpYWHyTB19hz+HI+l
> 44p2TIv5ZHK1oBxfvJxBgd1v9Aow58r18NzV8ppTRuLdZwFNM2Ej5MXMD1pu3R9q
> ir3nJvuXb9CAx3AVWEzAPIL8eNrTI8vstb62uuQOieeb34+xXXs00vmKE52gVy/U
> t+4K4iz3R4gbPW0fwTD4ztMla+mJ64D/Ga8xqB0xs/RXMTFbd5QYM+2CiL7WXEb1
> RQk4zdbGTCKS2o3aKCxrQuhvwPPd88pXeji4Bu/MZ91H8aRnm2KiAy7E0mtxRGXx
> S0vu8KGF5R+bLME5qAMr5rVqMt6ReCOse8UZx8t0N9XUPvwjV7MMR92Lj25HzZlT
> /Nb7VhglFb9WsG3668LoCcb3wsjxFvtqNvlPElWNgveP1/pSYus4/r1wXoGgk49O
> sTDDJtg5EygGdqce5TnmTbVoSw6ByXSGtZEGuvHJQ8UzbtBC39ySnO/6QakSsykA
> /sKXk4qcBdwHh23jyaO6ZKjupmebd5Cw9GlXPMv+Z4mjLmkfjgRu4ojrWCXDeYVA
> LKuhIlozayjUJNmzVMmYiwkAtwRyfBSsqNUgGeadDfGep0/Tje9IxHRFUeILyMDJ
> LOnMO9Q68dhTYil9uBAZ
> =H2WT
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



-- 
James Brown
Engineer



More information about the Dnsmasq-discuss mailing list