[Dnsmasq-discuss] Problem when WinXP firewall is activated (d oes not reply to ping)

Simon Kelley simon at thekelleys.org.uk
Fri Dec 8 10:03:50 GMT 2006 

Raphaël HUCK wrote:
>>>> That does look like WinXP might be broken: I'd be interested in the
>>>> results of your tests.
> 
> With a Linux host (192.168.1.20) and a Windows host (192.168.1.21)
> connected to the router (192.168.1.1) and having their IP addresses via
> DHCP from dnsmasq, I stopped dnsmasq, unplugged the cables to the Linux
> and Windows hosts, started Wireshark on both Linux and Windows host,
> then plugged both cables back, and started dnsmasq.
> 
> Here's what happens (I put the time when each packet occur after the
> previous packet from the same host):
> 
> windows 0.0.0.0 -> 255.255.255.255 - DHCP Request
> windows 0.0.0.0 -> 255.255.255.255 - DHCP Request (4 sec later)
> windows 0.0.0.0 -> 255.255.255.255 - DHCP Request (9 sec later)
> 
> windows         -> Broadcast       - ARP Who has 192.168.1.21?
>                                      Gratuitous ARP (16 sec later)
> 
> windows         -> Broadcast       - ARP Who has 192.168.1.21?
>                                      Gratuitous ARP (1 sec later)
> 
> windows         -> Broadcast       - ARP Who has 192.168.1.21?
>                                      Gratuitous ARP (1 sec later)
> 
> windows         -> Broadcast       - ARP Who has 192.168.1.1?
>                                      Tell 192.168.1.21 (1 sec later)
> 
> router          -> windows         - ARP 192.168.1.1 is at xxx
> 
> windows 192.168.1.21-> 192.168.1.1 - ICMP Echo (ping) request
>                                                 (0 sec later)
> 
> router  192.168.1.1-> 192.168.1.21 - ICMP Echo (ping) reply
> 
> 
> 
> The Windows host seems to send broadcast DHCPREQUEST rebinding messages
> [Option: (t=50,l=4) Requested IP Address = 192.168.1.21], and after
> having no replies after 3 tries, checks 3 times if its currents IP
> address (192.168.1.21) is attributed with someone else via an ARP request.
> 
> As it doesn't have any reply, it does an ARP request with the DHCP
> server IP address (router), then pings it to check if it's still up.
> 
> As nobody has its current IP address (192.168.1.21) and the DHCP server
> is still up (and maybe its lease is not yet expired), it decided to keep
> 192.168.1.21.
> 
> Am I right?
> 

Yes, that's right. Dnsmasq sees the rebinding request but it knows
nothing about the lease (since the lease database is empty at this
point) so it assumes the lease is held on some other DHCP server and
keeps quiet.

If you give dnsmasq permission to assume that it is the only DHCP server
on the network (by setting the dhcp-authoritative flag) then it will
behave differently and acknowledge the lease, even though it knows
nothing about it. That is probably more useful behaviour in this case.

The best solution is to make the lease database persistent, using  the
technique developed for DD-WRT.


Cheers,

Simon.

More information about the Dnsmasq-discuss mailing list