<div dir="ltr"><div dir="ltr"><div><div>Simon,</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">dhcp-host=set:wierd,<MAC address of my cellphone>,192.168.6.7</blockquote><div class="gmail_signature"><br></div><div class="gmail_signature">Are you sure that this is correct? According to the manual, the signature of <font face="monospace">dhcp-host</font> is this:</div></div><div class="gmail_signature"><br></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div dir="ltr"><div class="gmail_signature"><font face="monospace">--dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,tag:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]</font></div></div></blockquote><div dir="ltr"><br></div><div>The relevant bit: <span style="font-family:monospace"><hwaddr>,set:<tag>,<ipaddr></span></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr"><br></div><div class="gmail_attr">But your example is: <span style="font-family:monospace">set:<tag>,</span><span style="font-family:monospace"><hwaddr>,</span><span style="font-family:monospace"><ipaddr></span></div><div dir="ltr" class="gmail_attr"><br></div><div class="gmail_attr">-Rich</div><div class="gmail_attr"><br></div><div dir="ltr" class="gmail_attr">On Thu, Oct 27, 2022 at 6:49 AM Simon Kelley <<a href="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
On 27/10/2022 01:34, Rich Otero wrote:<br>
> Thanks for the reply.<br>
> <br>
> My first theory was that there must be a routing problem, but after <br>
> thinking through it, I still can't see the problem. Maybe a network <br>
> diagram would be useful. Here's a quick drawing: <br>
> <a href="https://docs.google.com/drawings/d/1jo6834EdFt3SWwzRkrY-eWhwmFIDDYTiKFM8fpgMwSY/edit?usp=sharing" rel="noreferrer" target="_blank">https://docs.google.com/drawings/d/1jo6834EdFt3SWwzRkrY-eWhwmFIDDYTiKFM8fpgMwSY/edit?usp=sharing</a> <<a href="https://docs.google.com/drawings/d/1jo6834EdFt3SWwzRkrY-eWhwmFIDDYTiKFM8fpgMwSY/edit?usp=sharing" rel="noreferrer" target="_blank">https://docs.google.com/drawings/d/1jo6834EdFt3SWwzRkrY-eWhwmFIDDYTiKFM8fpgMwSY/edit?usp=sharing</a>> (If you prefer a PNG or PDF attachment instead, let me know.)<br>
<br>
Oh no. VLANs. to add to the confusion!<br>
<br>
That would appear to be workable.<br>
> <br>
> The dnsmasq server is dev-router (top right section of the diagram). It <br>
> previously had the IP address <a href="http://172.18.15.1/24" rel="noreferrer" target="_blank">172.18.15.1/24</a> <<a href="http://172.18.15.1/24" rel="noreferrer" target="_blank">http://172.18.15.1/24</a>>. <br>
> When it had that address, the DHCP client rack7-pdu1 (bottom center) <br>
> would receive the expected lease for <a href="http://172.18.15.106/24" rel="noreferrer" target="_blank">172.18.15.106/24</a> <br>
> <<a href="http://172.18.15.106/24" rel="noreferrer" target="_blank">http://172.18.15.106/24</a>> and the gateway 172.18.15.1. The change that <br>
> you're questioning (yellow highlight) was to remove 172.18.15.1 from <br>
> dev-router and add it to usb-ms01 (upper left). (This is a "stack" of <br>
> three switches, but they behave as a single, logical layer 2 switch.)<br>
<br>
<br>
<br>
> <br>
> In this new config, rack7-pdu1 does receive DHCP responses from dnsmasq <br>
> and it gets a lease. It's just the /wrong/ lease, one from the DHCP <br>
> pool, not the reserved IP address that we expect it to get.<br>
<br>
Yes, there's something going awry with your shared-network <br>
configuration. I just did a test on my router and added<br>
<br>
dhcp-range=192.168.6.1,static,255.255.255.0<br>
shared-network=br-lan,192.168.6.0<br>
dhcp-host=set:wierd,<MAC address of my cellphone>,192.168.6.7<br>
dhcp-option=tag:wierd,option:router,172.18.6.1<br>
<br>
to the configuration.<br>
<br>
Cycling the wifi on the phone logs<br>
<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 <br>
available DHCP range: 192.168.8.133 -- 192.168.8.252<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 <br>
available DHCP subnet: <a href="http://192.168.6.1/255.255.255.0" rel="noreferrer" target="_blank">192.168.6.1/255.255.255.0</a><br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 <br>
vendor class: android-dhcp-11<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 <br>
DHCPREQUEST(br-lan) 192.168.6.7 ec:08:e5:98:55:41<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 <br>
tags: wierd, known, br-lan<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 <br>
DHCPACK(br-lan) 192.168.6.7 ec:08:e5:98:55:41<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 <br>
requested options: 1:netmask, 3:router, 6:dns-server, 15:domain-name,<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 <br>
requested options: 26:mtu, 28:broadcast, 51:lease-time, 58:T1,<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 <br>
requested options: 59:T2, 43:vendor-encap, 114, 108:ipv6-only<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 next <br>
server: 192.168.8.129<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 sent <br>
size: 1 option: 53 message-type 5<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 sent <br>
size: 4 option: 54 server-identifier 192.168.8.129<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 sent <br>
size: 4 option: 51 lease-time 1h<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 sent <br>
size: 4 option: 58 T1 30m<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 sent <br>
size: 4 option: 59 T2 52m30s<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 sent <br>
size: 4 option: 1 netmask 255.255.255.0<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 sent <br>
size: 4 option: 28 broadcast 192.168.6.255<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 sent <br>
size: 4 option: 6 dns-server 192.168.8.129<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 sent <br>
size: 3 option: 15 domain-name lan<br>
Thu Oct 27 11:41:33 2022 <a href="http://daemon.info" rel="noreferrer" target="_blank">daemon.info</a> dnsmasq-dhcp[12412]: 448025700 sent <br>
size: 4 option: 3 router 172.18.6.1<br>
<br>
Which seems to be doing the right thing, and implies that there's no <br>
gross bugs in the dnsmasq code. (It's amazing how often someone trying, <br>
and failing to do something off-the-wall reveals a bug, which is why I <br>
try and look at these odd cases.)<br>
<br>
When I first tried this, I had the dhcp-rapid-commit option set, and <br>
strange things were happening, which I'll look into now, so make sure <br>
you don't have that. (I might have found a bug for my efforts).<br>
<br>
I'd suggest using shared-network, leaving log-dhcp on, and looking for the<br>
<br>
<br>
available DHCP subnet: <a href="http://192.168.6.1/255.255.255.0" rel="noreferrer" target="_blank">192.168.6.1/255.255.255.0</a><br>
<br>
in the logs. If you don't have that, it ain't going to work. Note the <br>
stipulation that that relevant dhcp-range MUST have a subnet.<br>
<br>
Cheers,<br>
<br>
Simon.<br>
<br>
> <br>
> What is [rack7-pdu1] going to do when it wants to send a packet? It<br>
> doesn't have any more specific route, so it wants to send it to the<br>
> default route of 172.18.15.1. How does it do that? It sends an ARP<br>
> out of its one-and-only interface asking "who has [172.18.15.1]" and<br>
> there will be no answer, because [172.18.15.1] is no longer on that<br>
> network segment, it's been moved "upstream".<br>
> <br>
> <br>
> But 172.18.15.1 /is/ in the same segment. It's the address of the VLAN <br>
> 199 interface of usb-ms01. Hosts at the bottom of the diagram, which are <br>
> downstream from a VLAN 199 access port, can ping 172.18.15.1.<br>
> <br>
> -Rich<br>
> <br>
> On Wed, Oct 26, 2022 at 5:20 PM Simon Kelley <<a href="mailto:simon@thekelleys.org.uk" target="_blank">simon@thekelleys.org.uk</a> <br>
> <mailto:<a href="mailto:simon@thekelleys.org.uk" target="_blank">simon@thekelleys.org.uk</a>>> wrote:<br>
> <br>
> <br>
> <br>
> On 25/10/2022 19:14, Rich Otero via Dnsmasq-discuss wrote:<br>
> > We have an Ubuntu v16.04.5 server with dnsmasq v2.75. The server<br>
> acts as<br>
> > a router for approximately 140 IP subnets and dnsmasq provides<br>
> DHCP and<br>
> > DNS for those subnets. The server has two network interfaces,<br>
> which are<br>
> > basically an "upstream" interface (eno1) that has routes out of<br>
> the LAN<br>
> > and a "downstream" interface (enp2s0) that has an IP address in<br>
> every<br>
> > subnet that is managed by dnsmasq.<br>
> ><br>
> > First, I'll describe the configuration of the server. Most of the<br>
> > downstream subnets are portions of <a href="http://172.18.0.0/16" rel="noreferrer" target="_blank">172.18.0.0/16</a><br>
> <<a href="http://172.18.0.0/16" rel="noreferrer" target="_blank">http://172.18.0.0/16</a>> <<a href="http://172.18.0.0/16" rel="noreferrer" target="_blank">http://172.18.0.0/16</a> <<a href="http://172.18.0.0/16" rel="noreferrer" target="_blank">http://172.18.0.0/16</a>>>.<br>
> > The /16 is split into halves, <a href="http://172.18.0.0/17" rel="noreferrer" target="_blank">172.18.0.0/17</a><br>
> <<a href="http://172.18.0.0/17" rel="noreferrer" target="_blank">http://172.18.0.0/17</a>> <<a href="http://172.18.0.0/17" rel="noreferrer" target="_blank">http://172.18.0.0/17</a> <<a href="http://172.18.0.0/17" rel="noreferrer" target="_blank">http://172.18.0.0/17</a>>><br>
> and<br>
> > <a href="http://172.18.128.0/17" rel="noreferrer" target="_blank">172.18.128.0/17</a> <<a href="http://172.18.128.0/17" rel="noreferrer" target="_blank">http://172.18.128.0/17</a>> <<a href="http://172.18.128.0/17" rel="noreferrer" target="_blank">http://172.18.128.0/17</a><br>
> <<a href="http://172.18.128.0/17" rel="noreferrer" target="_blank">http://172.18.128.0/17</a>>>. Then the lower half is split<br>
> > into many /24s (<a href="http://172.18.0.0/24" rel="noreferrer" target="_blank">172.18.0.0/24</a> <<a href="http://172.18.0.0/24" rel="noreferrer" target="_blank">http://172.18.0.0/24</a>><br>
> <<a href="http://172.18.0.0/24" rel="noreferrer" target="_blank">http://172.18.0.0/24</a> <<a href="http://172.18.0.0/24" rel="noreferrer" target="_blank">http://172.18.0.0/24</a>>>, <a href="http://172.18.1.0/24" rel="noreferrer" target="_blank">172.18.1.0/24</a><br>
> <<a href="http://172.18.1.0/24" rel="noreferrer" target="_blank">http://172.18.1.0/24</a>><br>
> > <<a href="http://172.18.1.0/24" rel="noreferrer" target="_blank">http://172.18.1.0/24</a> <<a href="http://172.18.1.0/24" rel="noreferrer" target="_blank">http://172.18.1.0/24</a>>>, <a href="http://172.18.2.0/24" rel="noreferrer" target="_blank">172.18.2.0/24</a><br>
> <<a href="http://172.18.2.0/24" rel="noreferrer" target="_blank">http://172.18.2.0/24</a>> <<a href="http://172.18.2.0/24" rel="noreferrer" target="_blank">http://172.18.2.0/24</a><br>
> <<a href="http://172.18.2.0/24" rel="noreferrer" target="_blank">http://172.18.2.0/24</a>>>, and so<br>
> > on). The server's downstream interface then has the ".1" address of<br>
> > every subnet:<br>
> ><br>
> > (some lines are grepped out to make this easier to read)<br>
> > 3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc<br>
> > pfifo_fast state UP group default qlen 1000<br>
> > inet <a href="http://10.139.100.1/24" rel="noreferrer" target="_blank">10.139.100.1/24</a> <<a href="http://10.139.100.1/24" rel="noreferrer" target="_blank">http://10.139.100.1/24</a>><br>
> <<a href="http://10.139.100.1/24" rel="noreferrer" target="_blank">http://10.139.100.1/24</a> <<a href="http://10.139.100.1/24" rel="noreferrer" target="_blank">http://10.139.100.1/24</a>>> brd<br>
> > 10.139.100.255 scope global enp2s0<br>
> > inet <a href="http://10.139.200.1/23" rel="noreferrer" target="_blank">10.139.200.1/23</a> <<a href="http://10.139.200.1/23" rel="noreferrer" target="_blank">http://10.139.200.1/23</a>><br>
> <<a href="http://10.139.200.1/23" rel="noreferrer" target="_blank">http://10.139.200.1/23</a> <<a href="http://10.139.200.1/23" rel="noreferrer" target="_blank">http://10.139.200.1/23</a>>> brd<br>
> > 10.139.201.255 scope global enp2s0<br>
> > inet <a href="http://10.43.10.1/24" rel="noreferrer" target="_blank">10.43.10.1/24</a> <<a href="http://10.43.10.1/24" rel="noreferrer" target="_blank">http://10.43.10.1/24</a>><br>
> <<a href="http://10.43.10.1/24" rel="noreferrer" target="_blank">http://10.43.10.1/24</a> <<a href="http://10.43.10.1/24" rel="noreferrer" target="_blank">http://10.43.10.1/24</a>>> brd 10.43.10.255<br>
> > scope global enp2s0<br>
> > inet <a href="http://10.43.6.1/24" rel="noreferrer" target="_blank">10.43.6.1/24</a> <<a href="http://10.43.6.1/24" rel="noreferrer" target="_blank">http://10.43.6.1/24</a>><br>
> <<a href="http://10.43.6.1/24" rel="noreferrer" target="_blank">http://10.43.6.1/24</a> <<a href="http://10.43.6.1/24" rel="noreferrer" target="_blank">http://10.43.6.1/24</a>>> brd 10.43.6.255 scope<br>
> > global enp2s0<br>
> > inet <a href="http://10.43.12.1/24" rel="noreferrer" target="_blank">10.43.12.1/24</a> <<a href="http://10.43.12.1/24" rel="noreferrer" target="_blank">http://10.43.12.1/24</a>><br>
> <<a href="http://10.43.12.1/24" rel="noreferrer" target="_blank">http://10.43.12.1/24</a> <<a href="http://10.43.12.1/24" rel="noreferrer" target="_blank">http://10.43.12.1/24</a>>> brd 10.43.12.255<br>
> > scope global enp2s0<br>
> > inet <a href="http://10.43.16.1/24" rel="noreferrer" target="_blank">10.43.16.1/24</a> <<a href="http://10.43.16.1/24" rel="noreferrer" target="_blank">http://10.43.16.1/24</a>><br>
> <<a href="http://10.43.16.1/24" rel="noreferrer" target="_blank">http://10.43.16.1/24</a> <<a href="http://10.43.16.1/24" rel="noreferrer" target="_blank">http://10.43.16.1/24</a>>> brd 10.43.16.255<br>
> > scope global enp2s0<br>
> > inet <a href="http://10.43.17.1/24" rel="noreferrer" target="_blank">10.43.17.1/24</a> <<a href="http://10.43.17.1/24" rel="noreferrer" target="_blank">http://10.43.17.1/24</a>><br>
> <<a href="http://10.43.17.1/24" rel="noreferrer" target="_blank">http://10.43.17.1/24</a> <<a href="http://10.43.17.1/24" rel="noreferrer" target="_blank">http://10.43.17.1/24</a>>> brd 10.43.17.255<br>
> > scope global enp2s0<br>
> > inet <a href="http://172.18.0.1/24" rel="noreferrer" target="_blank">172.18.0.1/24</a> <<a href="http://172.18.0.1/24" rel="noreferrer" target="_blank">http://172.18.0.1/24</a>><br>
> <<a href="http://172.18.0.1/24" rel="noreferrer" target="_blank">http://172.18.0.1/24</a> <<a href="http://172.18.0.1/24" rel="noreferrer" target="_blank">http://172.18.0.1/24</a>>> brd 172.18.0.255<br>
> > scope global enp2s0<br>
> > inet <a href="http://172.18.1.1/24" rel="noreferrer" target="_blank">172.18.1.1/24</a> <<a href="http://172.18.1.1/24" rel="noreferrer" target="_blank">http://172.18.1.1/24</a>><br>
> <<a href="http://172.18.1.1/24" rel="noreferrer" target="_blank">http://172.18.1.1/24</a> <<a href="http://172.18.1.1/24" rel="noreferrer" target="_blank">http://172.18.1.1/24</a>>> brd 172.18.1.255<br>
> > scope global enp2s0<br>
> > inet <a href="http://172.18.2.1/24" rel="noreferrer" target="_blank">172.18.2.1/24</a> <<a href="http://172.18.2.1/24" rel="noreferrer" target="_blank">http://172.18.2.1/24</a>><br>
> <<a href="http://172.18.2.1/24" rel="noreferrer" target="_blank">http://172.18.2.1/24</a> <<a href="http://172.18.2.1/24" rel="noreferrer" target="_blank">http://172.18.2.1/24</a>>> brd 172.18.2.255<br>
> > scope global enp2s0<br>
> ><br>
> > < snip - every /24 of the lower /17 is setup this way ><br>
> ><br>
> > inet <a href="http://172.18.125.1/24" rel="noreferrer" target="_blank">172.18.125.1/24</a> <<a href="http://172.18.125.1/24" rel="noreferrer" target="_blank">http://172.18.125.1/24</a>><br>
> <<a href="http://172.18.125.1/24" rel="noreferrer" target="_blank">http://172.18.125.1/24</a> <<a href="http://172.18.125.1/24" rel="noreferrer" target="_blank">http://172.18.125.1/24</a>>> brd<br>
> > 172.18.125.255 scope global enp2s0<br>
> > inet <a href="http://172.18.126.1/24" rel="noreferrer" target="_blank">172.18.126.1/24</a> <<a href="http://172.18.126.1/24" rel="noreferrer" target="_blank">http://172.18.126.1/24</a>><br>
> <<a href="http://172.18.126.1/24" rel="noreferrer" target="_blank">http://172.18.126.1/24</a> <<a href="http://172.18.126.1/24" rel="noreferrer" target="_blank">http://172.18.126.1/24</a>>> brd<br>
> > 172.18.126.255 scope global enp2s0<br>
> > inet <a href="http://172.18.127.1/24" rel="noreferrer" target="_blank">172.18.127.1/24</a> <<a href="http://172.18.127.1/24" rel="noreferrer" target="_blank">http://172.18.127.1/24</a>><br>
> <<a href="http://172.18.127.1/24" rel="noreferrer" target="_blank">http://172.18.127.1/24</a> <<a href="http://172.18.127.1/24" rel="noreferrer" target="_blank">http://172.18.127.1/24</a>>> brd<br>
> > 172.18.127.255 scope global enp2s0<br>
> > inet <a href="http://172.18.128.1/17" rel="noreferrer" target="_blank">172.18.128.1/17</a> <<a href="http://172.18.128.1/17" rel="noreferrer" target="_blank">http://172.18.128.1/17</a>><br>
> <<a href="http://172.18.128.1/17" rel="noreferrer" target="_blank">http://172.18.128.1/17</a> <<a href="http://172.18.128.1/17" rel="noreferrer" target="_blank">http://172.18.128.1/17</a>>> brd<br>
> > 172.18.255.255 scope global enp2s0<br>
> > inet6 fe80::225:90ff:fed6:368a/64 scope link<br>
> ><br>
> ><br>
> > In /etc/default/dnsmasq, we enable the daemon and set<br>
> > CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new. The main<br>
> > dnsmasq configuration is in this file:<br>
> ><br>
> > # /etc/dnsmasq.d/dev-router<br>
> > local=/<a href="http://dev.editshare.com/" rel="noreferrer" target="_blank">dev.editshare.com/</a> <<a href="http://dev.editshare.com/" rel="noreferrer" target="_blank">http://dev.editshare.com/</a>><br>
> <<a href="http://dev.editshare.com/" rel="noreferrer" target="_blank">http://dev.editshare.com/</a> <<a href="http://dev.editshare.com/" rel="noreferrer" target="_blank">http://dev.editshare.com/</a>>><br>
> > interface=enp2s0<br>
> > domain=<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">dev.editshare.com</a> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a>><br>
> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a>>><br>
> > host-record=<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">dev.editshare.com</a> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a>><br>
> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a>>>,176.58.116.220<br>
> > auth-server=dev-router.editshare.boston,eno1<br>
> > auth-zone=<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">dev.editshare.com</a> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a>><br>
> > <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a><br>
> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a>>>,enp2s0,176.58.116.220<br>
> > server=/<a href="http://qa-ad.dev.editshare.com/172.18.3.99" rel="noreferrer" target="_blank">qa-ad.dev.editshare.com/172.18.3.99</a><br>
> <<a href="http://qa-ad.dev.editshare.com/172.18.3.99" rel="noreferrer" target="_blank">http://qa-ad.dev.editshare.com/172.18.3.99</a>><br>
> > <<a href="http://qa-ad.dev.editshare.com/172.18.3.99" rel="noreferrer" target="_blank">http://qa-ad.dev.editshare.com/172.18.3.99</a><br>
> <<a href="http://qa-ad.dev.editshare.com/172.18.3.99" rel="noreferrer" target="_blank">http://qa-ad.dev.editshare.com/172.18.3.99</a>>><br>
> > dhcp-option=option:domain-name,"<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">dev.editshare.com</a><br>
> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a>><br>
> > <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a>>><br>
> editshare.boston"<br>
> > dhcp-option=option:domain-search,<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">dev.editshare.com</a><br>
> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a>><br>
> > <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a><br>
> <<a href="http://dev.editshare.com" rel="noreferrer" target="_blank">http://dev.editshare.com</a>>>,editshare.boston<br>
> > dhcp-hostsdir=/etc/dhcp-hosts<br>
> > dhcp-optsdir=/etc/dhcp-opts<br>
> > hostsdir=/etc/static-hosts<br>
> > expand-hosts<br>
> ><br>
> ><br>
> > And then we put additional configuration (dhcp-hosts, dhcp-range,<br>
> and so<br>
> > on) into separate files per subnet or supernet. For example, we can<br>
> > examine the <a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">172.18.15.0/24</a> <<a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">http://172.18.15.0/24</a>><br>
> <<a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">http://172.18.15.0/24</a> <<a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">http://172.18.15.0/24</a>>> subnet:<br>
> ><br>
> > # /etc/dnsmasq.d/172.18.0.0-16<br>
> > dhcp-range=172.18.135.0,172.18.255.255,255.255.128.0<br>
> > dhcp-range=172.18.0.0,static,255.255.255.0<br>
> > dhcp-range=172.18.1.0,static,255.255.255.0<br>
> > dhcp-range=172.18.2.0,static,255.255.255.0<br>
> ><br>
> > < snip - every /24 in this range is setup this way ><br>
> ><br>
> > dhcp-range=172.18.14.0,static,255.255.255.0<br>
> > dhcp-range=172.18.15.0,static,255.255.255.0<br>
> > dhcp-range=172.18.16.0,static,255.255.255.0<br>
> ><br>
> > < snip - every /24 in this range is setup this way ><br>
> ><br>
> > dhcp-range=172.18.125.0,static,255.255.255.0<br>
> > dhcp-range=172.18.126.0,static,255.255.255.0<br>
> > dhcp-range=172.18.127.0,static,255.255.255.0<br>
> ><br>
> ><br>
> > (some dhcp-hostsare omitted here to make this easier to read)<br>
> ><br>
> > # /etc/dhcp-hosts/172.18.15.0-24<br>
> > 00:c0:b7:f1:0f:65,rack7-pdu1<br>
> > 00:c0:b7:f1:a3:71,rack7-pdu2<br>
> ><br>
> ><br>
> > (some static-hostsare omitted here to make this easier to read)<br>
> ><br>
> > # /etc/static-hosts/<a href="http://172.18.15." rel="noreferrer" target="_blank">172.18.15.</a> <<a href="http://172.18.15" rel="noreferrer" target="_blank">http://172.18.15</a>.>0-24<br>
> > 172.18.15.106 rack7-pdu1<br>
> > 172.18.15.107 rack7-pdu2<br>
> ><br>
> ><br>
> > (From this point, I'll refer to <a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">172.18.15.0/24</a><br>
> <<a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">http://172.18.15.0/24</a>> <<a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">http://172.18.15.0/24</a> <<a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">http://172.18.15.0/24</a>>><br>
> > as "the 15 subnet.")<br>
> ><br>
> > With the above configuration in place, when rack7-pdu1 is<br>
> connected to<br>
> > the network, it is given the IP address <a href="http://172.18.15.106/24" rel="noreferrer" target="_blank">172.18.15.106/24</a><br>
> <<a href="http://172.18.15.106/24" rel="noreferrer" target="_blank">http://172.18.15.106/24</a>><br>
> > <<a href="http://172.18.15.106/24" rel="noreferrer" target="_blank">http://172.18.15.106/24</a> <<a href="http://172.18.15.106/24" rel="noreferrer" target="_blank">http://172.18.15.106/24</a>>>, the default<br>
> gateway address 172.18.15.1, and<br>
> > the DNS server address 172.18.15.1. That's the normal behavior<br>
> that we<br>
> > expect from this configuration, which has been in place for a few<br>
> years.<br>
> ><br>
> > Now I'm introducing changes to that config: We need to<br>
> decommission this<br>
> > server as a router and as a DHCP and DNS server, and those<br>
> services will<br>
> > be migrated to other servers. The first step of our migration<br>
> workflow<br>
> > is to move the default gateway addresses to another router in the<br>
> > network while continuing to use dnsmasq on the current server for<br>
> DHCP<br>
> > and DNS. The 15 subnet contains relatively few hosts and is not<br>
> > sensitive to disruptions, so I am testing the changes for only that<br>
> > subnet until we are satisfied that this process works. I removed<br>
> > <a href="http://172.18.15.1/24" rel="noreferrer" target="_blank">172.18.15.1/24</a> <<a href="http://172.18.15.1/24" rel="noreferrer" target="_blank">http://172.18.15.1/24</a>> <<a href="http://172.18.15.1/24" rel="noreferrer" target="_blank">http://172.18.15.1/24</a><br>
> <<a href="http://172.18.15.1/24" rel="noreferrer" target="_blank">http://172.18.15.1/24</a>>> from enp2s0and added it to an<br>
> > interface of a router upstream. After doing that, we could no longer<br>
> > reach rack7-pdu1 at <a href="http://172.18.15.106/24" rel="noreferrer" target="_blank">172.18.15.106/24</a> <<a href="http://172.18.15.106/24" rel="noreferrer" target="_blank">http://172.18.15.106/24</a>><br>
> <<a href="http://172.18.15.106/24" rel="noreferrer" target="_blank">http://172.18.15.106/24</a> <<a href="http://172.18.15.106/24" rel="noreferrer" target="_blank">http://172.18.15.106/24</a>>>. We<br>
> > suspected that the reason could be that the client wasn't being<br>
> given a<br>
> > default gateway by the DHCP server because the server was no longer<br>
> > directly attached to the 15 subnet, so we tried using dhcp-optionto<br>
> > force including option:routerin the DHCP response. We tried this<br>
> four<br>
> > different ways but could not produce the desired outcome:<br>
> ><br>
> > #1: set the tag for a dhcp-range, apply the tag to dhcp-option<br>
> ><br>
> > # /etc/dnsmasq.d/172.18.0.0-16<br>
> > dhcp-range=set:172.18.15.0-24,172.18.15.0,static,255.255.255.0<br>
> > dhcp-option=tag:172.18.15.0-24,option:router,172.18.15.1<br>
> ><br>
> ><br>
> > #2: set the tag for one dhcp-host, apply the tag to dhcp-range<br>
> and dhcp-opts<br>
> ><br>
> > # /etc/dnsmasq.d/172.18.0.0-16<br>
> > dhcp-range=tag:test,172.18.15.0,static,255.255.255.0<br>
> > # /etc/dhcp-hosts/172.18.15.0-24<br>
> > 00:c0:b7:f1:0f:65,set:test,rack7-pdu1<br>
> > # /etc/dhcp-opts/172.18.15.0-24<br>
> > tag:test,option:router,172.18.15.1<br>
> > # /etc/static-hosts/172.18.15.0-24<br>
> > 172.18.15.106 rack7-pdu1<br>
> ><br>
> ><br>
> > #3: set the tag for a dhcp-range, apply the tag to dhcp-range and<br>
> dhcp-opts<br>
> ><br>
> > # /etc/dnsmasq.d/172.18.0.0-16<br>
> > dhcp-range=tag:test,set:test,172.18.15.0,static,255.255.255.0<br>
> > # /etc/dhcp-hosts/172.18.15.0-24<br>
> > 00:c0:b7:f1:0f:65,rack7-pdu1<br>
> > # /etc/dhcp-opts/172.18.15.0-24<br>
> > tag:test,option:router,172.18.15.1<br>
> > # /etc/static-hosts/172.18.15.0-24<br>
> > 172.18.15.106 rack7-pdu1<br>
> ><br>
> ><br>
> > #4: set the tag for one dhcp-host, apply the tag to dhcp-opts<br>
> ><br>
> > # /etc/dnsmasq.d/172.18.0.0-16<br>
> > dhcp-range=172.18.15.0,static,255.255.255.0<br>
> > # /etc/dhcp-hosts/172.18.15.0-24<br>
> > 00:c0:b7:f1:0f:65,set:test,rack7-pdu1<br>
> > # /etc/dhcp-opts/172.18.15.0-24<br>
> > tag:test,option:router,172.18.15.1<br>
> > # /etc/static-hosts/172.18.15.0-24<br>
> > 172.18.15.106 rack7-pdu1<br>
> ><br>
> ><br>
> > Before each test, I used dhcp_releaseto revoke the client's existing<br>
> > lease. As we watched the dnsmasq.leasesfile, we observed the<br>
> lease being<br>
> > removed and then approximately halfway through the lease period, we<br>
> > observed dnsmasq give a new lease to the client with an IP<br>
> address from<br>
> > our "catch-all" IP address pool, between 172.18.135.0 and<br>
> 172.18.255.255<br>
> > instead of giving it 172.18.15.106 as expected. When we checked<br>
> the log,<br>
> > we saw that the 15 subnet was not being logged as an "available DHCP<br>
> > subnet:"<br>
> ><br>
> > < snip - every /24 between <a href="http://172.18.18.0/24" rel="noreferrer" target="_blank">172.18.18.0/24</a><br>
> <<a href="http://172.18.18.0/24" rel="noreferrer" target="_blank">http://172.18.18.0/24</a>> <<a href="http://172.18.18.0/24" rel="noreferrer" target="_blank">http://172.18.18.0/24</a> <<a href="http://172.18.18.0/24" rel="noreferrer" target="_blank">http://172.18.18.0/24</a>>><br>
> > and <a href="http://172.18.127.0/24" rel="noreferrer" target="_blank">172.18.127.0/24</a> <<a href="http://172.18.127.0/24" rel="noreferrer" target="_blank">http://172.18.127.0/24</a>><br>
> <<a href="http://172.18.127.0/24" rel="noreferrer" target="_blank">http://172.18.127.0/24</a> <<a href="http://172.18.127.0/24" rel="noreferrer" target="_blank">http://172.18.127.0/24</a>>> was listed before<br>
> this ><br>
> > Oct 19 16:36:48 dnsmasq-dhcp[26972]: 993790843 available DHCP<br>
> > subnet: <a href="http://172.18.17.0/255.255.255.0" rel="noreferrer" target="_blank">172.18.17.0/255.255.255.0</a><br>
> <<a href="http://172.18.17.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.17.0/255.255.255.0</a>> <<a href="http://172.18.17.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.17.0/255.255.255.0</a><br>
> <<a href="http://172.18.17.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.17.0/255.255.255.0</a>>><br>
> > Oct 19 16:36:48 dnsmasq-dhcp[26972]: 993790843 available DHCP<br>
> > subnet: <a href="http://172.18.16.0/255.255.255.0" rel="noreferrer" target="_blank">172.18.16.0/255.255.255.0</a><br>
> <<a href="http://172.18.16.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.16.0/255.255.255.0</a>> <<a href="http://172.18.16.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.16.0/255.255.255.0</a><br>
> <<a href="http://172.18.16.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.16.0/255.255.255.0</a>>><br>
> > Oct 19 16:36:48 dnsmasq-dhcp[26972]: 993790843 available DHCP<br>
> > subnet: <a href="http://172.18.14.0/255.255.255.0" rel="noreferrer" target="_blank">172.18.14.0/255.255.255.0</a><br>
> <<a href="http://172.18.14.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.14.0/255.255.255.0</a>> <<a href="http://172.18.14.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.14.0/255.255.255.0</a><br>
> <<a href="http://172.18.14.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.14.0/255.255.255.0</a>>><br>
> > Oct 19 16:36:48 dnsmasq-dhcp[26972]: 993790843 available DHCP<br>
> > subnet: <a href="http://172.18.13.0/255.255.255.0" rel="noreferrer" target="_blank">172.18.13.0/255.255.255.0</a><br>
> <<a href="http://172.18.13.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.13.0/255.255.255.0</a>> <<a href="http://172.18.13.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.13.0/255.255.255.0</a><br>
> <<a href="http://172.18.13.0/255.255.255.0" rel="noreferrer" target="_blank">http://172.18.13.0/255.255.255.0</a>>><br>
> > < snip - every /24 between <a href="http://172.18.12.0/24" rel="noreferrer" target="_blank">172.18.12.0/24</a><br>
> <<a href="http://172.18.12.0/24" rel="noreferrer" target="_blank">http://172.18.12.0/24</a>> <<a href="http://172.18.12.0/24" rel="noreferrer" target="_blank">http://172.18.12.0/24</a> <<a href="http://172.18.12.0/24" rel="noreferrer" target="_blank">http://172.18.12.0/24</a>>><br>
> > and <a href="http://172.18.0.0/24" rel="noreferrer" target="_blank">172.18.0.0/24</a> <<a href="http://172.18.0.0/24" rel="noreferrer" target="_blank">http://172.18.0.0/24</a>><br>
> <<a href="http://172.18.0.0/24" rel="noreferrer" target="_blank">http://172.18.0.0/24</a> <<a href="http://172.18.0.0/24" rel="noreferrer" target="_blank">http://172.18.0.0/24</a>>> was listed after this ><br>
> ><br>
> ><br>
> > Again we suspected that this must be due to the server not being<br>
> > connected to <a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">172.18.15.0/24</a> <<a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">http://172.18.15.0/24</a>><br>
> <<a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">http://172.18.15.0/24</a> <<a href="http://172.18.15.0/24" rel="noreferrer" target="_blank">http://172.18.15.0/24</a>>>. We tried adding<br>
> > <a href="http://172.18.15.254/24" rel="noreferrer" target="_blank">172.18.15.254/24</a> <<a href="http://172.18.15.254/24" rel="noreferrer" target="_blank">http://172.18.15.254/24</a>><br>
> <<a href="http://172.18.15.254/24" rel="noreferrer" target="_blank">http://172.18.15.254/24</a> <<a href="http://172.18.15.254/24" rel="noreferrer" target="_blank">http://172.18.15.254/24</a>>> to enp2s0along with<br>
> > configuration #3, but the outcome was unchanged.<br>
> ><br>
> > We kept reading the docs and searching for advice, and we found the<br>
> > shared-networkoption that was added in v2.81. According to the docs,<br>
> > this seems like it could solve our problem. Since we are using a<br>
> > relatively old version of Ubuntu and we can't upgrade it at this<br>
> time,<br>
> > we downloaded the source for dnsmasq v2.87, compiled it on the<br>
> server<br>
> > (with the only modification being COPTS=’-DHAVE_DBUS<br>
> -DHAVE_DNSSEC’),<br>
> > and replaced the v2.75 binary with the v2.87 binary. We tested both<br>
> > shared-network syntaxes independently:<br>
> ><br>
> > # first attempt: <interface>,<network-address><br>
> > shared-network=enp2s0,172.18.15.0<br>
> ><br>
> > # second attempt: <relay-address>,<network-address><br>
> > shared-network=172.18.128.1,172.18.15.0<br>
> ><br>
> ><br>
> > But the outcome was unchanged in both cases: The lease given to<br>
> > rack7-pdu1 was not for 172.18.15.106. It was an address from the<br>
> DHCP<br>
> > pool in <a href="http://172.18.128.0/17" rel="noreferrer" target="_blank">172.18.128.0/17</a> <<a href="http://172.18.128.0/17" rel="noreferrer" target="_blank">http://172.18.128.0/17</a>><br>
> <<a href="http://172.18.128.0/17" rel="noreferrer" target="_blank">http://172.18.128.0/17</a> <<a href="http://172.18.128.0/17" rel="noreferrer" target="_blank">http://172.18.128.0/17</a>>>.<br>
> ><br>
> > I have also tried adding the IP address to the dhcp-hosts config<br>
> like so:<br>
> ><br>
> > 00:c0:b7:f1:0f:65,set:test,172.18.15.106,rack7-pdu1<br>
> ><br>
> > But that also had no effect.<br>
> ><br>
> > At this point, I'm out of ideas. There must be something in my<br>
> > configuration that isn't correct, but I can't figure out what it<br>
> is. The<br>
> > configuration syntax test always passes unless I've made an obvious<br>
> > typo. Can anyone offer some help, please?<br>
> ><br>
> <br>
> <br>
> This looks like it might be a routing problem. The weasel words are "I<br>
> removed <a href="http://172.18.15.1/24" rel="noreferrer" target="_blank">172.18.15.1/24</a> <<a href="http://172.18.15.1/24" rel="noreferrer" target="_blank">http://172.18.15.1/24</a>> from enp2s0 and added<br>
> it to an<br>
> interface of a router upstream."<br>
> <br>
> <br>
> Now, you have a host which might, or might not, get an address on<br>
> <a href="http://172.18.15.1/24" rel="noreferrer" target="_blank">172.18.15.1/24</a> <<a href="http://172.18.15.1/24" rel="noreferrer" target="_blank">http://172.18.15.1/24</a>> and a default route of<br>
> 172.18.15.1. Let's assume you've<br>
> got the shared=network incantations right and it does. What is it going<br>
> to do when it wants to send a packet? It doesn't have any more specific<br>
> route, so it wants to send it to the default route of 172.18.15.1. How<br>
> does it do that? It sends an ARP out of its one-and-only interface<br>
> asking "who has 192.168.15.1" and there will be no answer, because<br>
> 192.168.15.1 is no longer on that network segment, it's been moved<br>
> "upstream". A default route is only meaningful if it's on the same<br>
> subnet as its owner.<br>
> <br>
> I think you need a different migration strategy.<br>
> <br>
> <br>
> Simon.<br>
> <br>
> > -Rich<br>
> ><br>
> > _______________________________________________<br>
> > Dnsmasq-discuss mailing list<br>
> > <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
> <mailto:<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a>><br>
> ><br>
> <a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a> <<a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a>><br>
> <br>
> _______________________________________________<br>
> Dnsmasq-discuss mailing list<br>
> <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
> <mailto:<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a>><br>
> <a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a> <<a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a>><br>
> <br>
</blockquote></div></div>