[Dnsmasq-discuss] dnsmasq DHCP behind a DHCP relay, without directly-connected addresses

Simon Kelley simon at thekelleys.org.uk
Thu Aug 11 20:06:35 BST 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OK, so the "ignored" thing was a red-herring, now we have the actual log
s.

You're ASCII art got mangled, so I can't work out exactly what the
network topology is, but the logs show why no address is being allocated
:

dnsmasq-dhcp: 529627704 available DHCP subnet: 10.90.95.65/255.255.255.1
92
dnsmasq-dhcp: 529627704 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
address available

As  0c:c4:7a:8e:1d:62 only has a dhcp-host address on
10.88.177.0/255.255.255.128 but dnsmasq thinks it's on
10.90.95.65/255.255.255.192.

What needs to happen is that the DHCP relay forwards the DHCP discover
packet to dnsmasq, and before it does that, it sets the "giaddr" field
to the relay's address _on_the_subnet_where_the_host_is.

So in this case, giaddr should be set to 10.88.177.1, which would
enable dnsmasq to allocate it an address on that subnet, and not the
subnet where the request arrives at the dnsmasq server.

How is the DHCP relay configured?

Simon.


On 10/08/16 02:25, James Brown wrote:
> Hi Simon:
> 
> The string "ignore" does not occur in my config. Below is the
> current entire config that I'm running on while I test this,
> without the networks re-written into the clearer forms above:
> 
> no-resolv server=8.8.8.8 no-daemon no-hosts log-facility=/dev/null 
> log-dhcp log-queries enable-tftp tftp-root=/srv/install/tftp 
> port=0 dhcp-option=6,10.90.95.113 
> dhcp-range=10.88.81.65,static,255.255.255.192 
> dhcp-range=10.90.95.65,static,255.255.255.192 
> dhcp-range=10.91.78.0,static,255.255.255.192 
> dhcp-range=10.88.177.0,static,255.255.255.128 
> dhcp-host=0c:c4:7a:8e:1d:62,10.88.177.107 
> dhcp-option=3,10.88.177.1
> 
> And the output when trying to boot the machine listed under
> dhcp-host:
> 
> dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile time
> options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua
> TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify 
> dnsmasq-dhcp: DHCP, static leases only on 10.88.177.0, lease time
> 1h dnsmasq-dhcp: DHCP, static leases only on 10.91.78.0, lease time
> 1h dnsmasq-dhcp: DHCP, static leases only on 10.90.95.65, lease
> time 1h dnsmasq-dhcp: DHCP, static leases only on 10.88.81.65,
> lease time 1h dnsmasq-tftp: TFTP root is /srv/install/tftp 
> dnsmasq-dhcp: 529627704 available DHCP subnet:
> 10.90.95.65/255.255.255.192 dnsmasq-dhcp: 529627704
> DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available 
> dnsmasq-dhcp: 529627704 available DHCP subnet:
> 10.90.95.65/255.255.255.192 dnsmasq-dhcp: 529627704
> DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available 
> dnsmasq-dhcp: 4100833080 available DHCP subnet:
> 10.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080
> DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available 
> dnsmasq-dhcp: 4100833080 available DHCP subnet:
> 10.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080
> DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
> 
> On Wed, Aug 3, 2016 at 2:57 PM, Simon Kelley
> <simon at thekelleys.org.uk> wrote: "dnsmasq-dhcp: 1302931552
> DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored"
> 
> Implies that you've somehow configured dnsmasq to ignore this
> client, either with
> 
> dhcp-host=<stuff to id client>,ignore
> 
> or
> 
> dhcp-ignore=<some tags>
> 
> 
> Maybe take a look at the rest of the config you didn't post or post
> it here? Fixing this problem is necessary before looking at the
> subnet address selection stuff, which should be possible using a
> DHCP relay.
> 
> Cheers,
> 
> Simon.
> 
> 
> 
> On 02/08/16 23:43, James Brown wrote:
>>>> I have a setup roughly like the following ASCII-art diagram 
>>>> (numbers and number of VLANs simplified greatly):
>>>> 
>>>> 
>>>> |===== VLAN 1 : 10.0.1.0/24  ======|    |============== VLAN
>>>> 2: 10.0.2.0/24 ==============| |
>>>> | | | |   |------------------|        |-------------| | |
>>>> | admin host   |        |  gateway    | | |   |
>>>> 10.0.1.2/24   | | 10.0.1.1/24 |
>>>> |----------------------------|      | | |------------------|
>>>> | 10.0.2.1/24 |       |   client host | | |
>>>> | etc         |       | should get static lease of |      |
>>>> | |-------------|       | 10.0.2.x |      | | |    |
>>>> |----------------------------|      | 
>>>> |==================================| 
>>>> |=================================================|
>>>> 
>>>> ?We have multiple VLANs each of which has its own subnet.
>>>> They're bridged by a single multi-homed gateway (actually, an
>>>> HA pair of them, but whatever). The gateway is running
>>>> dhrelay3 and forwarding DHCP requests to the admin host in
>>>> the administrative VLAN, which is running dnsmasq with a
>>>> database of addresses to hand out.? I would prefer to be able
>>>> to avoid having to put that database on the gateway and have
>>>> a bunch of dynamic host configuration on a router. The admin
>>>> host is single-homed.
>>>> 
>>>> The dnsmasq config looks like the following (I've removed
>>>> most of the entries and config to simplify the question):
>>>> 
>>>> port = 0 dhcp-range=10.0.1.0,static,255.255.255.0 
>>>> dhcp-range=10.0.2.0,static,255.255.255.0
>>>> dhcp-option=6,10.0.2.3 dhcp-option=3,10.0.2.1
>>>> dhcp-host=00:aa:bb:cc:dd:ee,10.2.0.86
>>>> 
>>>> Unfortunately, dnsmasq seems to refuse to hand out addresses
>>>> from a non-directly-connected subnet. When the requests come
>>>> in from 00:aa:bb:cc:dd:ee, I just get the following logged:
>>>> 
>>>> dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile
>>>> time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
>>>> DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC
>>>> loop-detect inotify dnsmasq-dhcp: DHCP, static leases only on
>>>> 10.0.1.0, lease time 1h dnsmasq-dhcp: DHCP, static leases
>>>> only on 10.0.2.0, lease time 1h dnsmasq-dhcp: DHCP, static
>>>> leases only on 10.0.3.0, lease time 1h dnsmasq-dhcp:
>>>> 1302931552 available DHCP subnet: 10.0.1.0/255.255.255.0
>>>> dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0) 
>>>> 00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 1302931552 available
>>>> DHCP subnet: 10.0.1.0/255.255.255.0 dnsmasq-dhcp: 1302931552 
>>>> DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 
>>>> 4279941416 available DHCP subnet: 10.0.1.0/255.255.255.0 
>>>> dnsmasq-dhcp: 4279941416 DHCPDISCOVER(bond0)
>>>> 00:aa:bb:cc:dd:ee ignored
>>>> 
>>>> ?Tcpdump of the packets being received by ?the host look
>>>> roughly like the following:
>>>> 
>>>> 22:23:57.987953 IP (tos 0x0, ttl 64, id 48608, offset 0,
>>>> flags [DF], proto UDP (17), length 328) 10.0.1.1.bootps >
>>>> admin.bootps: BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui
>>>> Unknown), length 300, hops 1, xid 0x4ec4ba20, secs 24, Flags
>>>> [none] Gateway-IP 10.0.1.1 Client-Ethernet-Address
>>>> 00:aa:bb:cc:dd:ee (oui Unknown) Vendor-rfc1048 Extensions
>>>> Magic Cookie 0x63825363 DHCP-Message Option 53, length 1:
>>>> Discover Parameter-Request Option 55, length 13: Subnet-Mask,
>>>> BR, Time-Zone, Classless-Static-Route Domain-Name, 
>>>> Domain-Name-Server, Hostname, YD YS, NTP, MTU, Option 119 
>>>> Default-Gateway
>>>> 
>>>> ?I would like for the admin host (10.0.1.1/24) to be able to
>>>> hand out IP addresses to hosts in any VLAN without having to
>>>> multi-home it. Is this just impossible in dnsmasq, or is
>>>> there some magic option that will tell it to hand out IP
>>>> addresses on a non-connected subnet when the request goes
>>>> through a relay?
>>>> 
>>>> I've attempted to go through the source code, but even once
>>>> I figured out the idiosyncratic indentation style of
>>>> rfc2131.c, I still can't figure out precisely where the logic
>>>> to generate this message lives.
>>>> 
>>>> ?Thanks for any help y'all can provide.?
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Dnsmasq-discuss mailing list
>>>> Dnsmasq-discuss at lists.thekelleys.org.uk 
>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>>
>>
>>
>>>> 
_______________________________________________
>> Dnsmasq-discuss mailing list 
>> Dnsmasq-discuss at lists.thekelleys.org.uk 
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJXrMy7AAoJEBXN2mrhkTWiNWEP/0r2KXUyWqYHP1ULlQyiDny8
LXQSkvPp/FeyExHQdunvtkyXnmKfHpUkNSl8b5zhYyH1xouobHwe9DTdju6qRb79
gfMRRRS7R1wRzemzfE872/zRpXPI9kCZoWuh3ff2AewqXKwjkdWtgURghF0A5AfW
gVNYYIjnASj88EGVlsRwL/u4fULc34peAYuFZ0qnw1qjZPt3otaWLtu2iz2qCG1x
oHMCC+r2XiaHGSxcUxwYOj2vbKGEb3axcFtSQvrsrS7MjeHHy8Q7GP6D8kN/N7ir
vtohdof709/75WJG7BPh2o6fKe1+4cujM7YojbcGsakqXSPnCzZm7FNfjdPXoj4c
oYKAFdPnebzza8aQbrD0lf3ssDvbp+LMWEGosjyw4uNX0YMZm+qPykALXReL4dbT
OC8cIT36grNrdW4ajL1VgisgqDbt4FEAKFAXdWvVodI4h00Ohul9hPBYT1Jmn30t
rdlI+uZZosQ17d/uXYudU8v/trkrKNhh/BDYBWCvGRvK2zWDNUA/53uUcVOneI56
co3LF9W6/9Um6edulGbFNPuOBpWCLN75DU2yTmgmUlyVPk+yu+g9mcgGyz7RvqNI
NRDsVDhv4oF4kp7/QkGqE+/EFyeTLrzGMgvoKy6wV+uc+0olHlKaiJ31e45XOhxL
RIftDYws8P9cYt5rmWYh
=qm0U
-----END PGP SIGNATURE-----

More information about the Dnsmasq-discuss mailing list