[Dnsmasq-discuss] illegal domain in dhcp-config directive

[Simon Kelley]

Jason Dixon wrote:
> On Tue, Jul 29, 2008 at 07:40:52AM -0400, Jason Dixon wrote:
> 
>>On Tue, Jul 29, 2008 at 07:48:32AM +0100, Simon Kelley wrote:
>>
>>>Jason Dixon wrote:
>>>
>>>>Thanks to the recent vulnerability, I'm upgrading an older dnsmasq
>>>>system from version 2.34 to 2.45.  I've installed it and attempted to
>>>>run it, but I get the following error.
>>>>
>>>>dnsmasq: illegal domain 04-06.lab.foobar.com in dhcp-config directive.
>>>>
>>>>The same configuration works fine with 2.34, so I presume something has
>>>>changed in the configuration syntax or default settings.  I haven't
>>>>found anything on Google or in the FAQ about this error, nor do I see
>>>>any "dhcp-config" directives in our config files or the sample config.
>>>>Here is the relevant line from our config:
>>>>
>>>>dhcp-host=00:0c:29:02:1f:06,ubuntu-8.04-06.lab.foobar.com,172.16.0.105
>>>>
>>>>It doesn't appear to be anything specifically with that line.  We have a
>>>>couple hundred of these loaded by dnsmasq.  If I comment out that one,
>>>>the next preceding one will error.  I'm not experienced with dnsmasq, so
>>>>I'm putting myself at the mercy of this list.  Any help will be greatly
>>>>appreciated.  :)
>>>
>>>As far as I can see, this error can only be occuring because the domain  
>>>part of the name your applying to that host doesn't match the domain  
>>>specified for dnsmasq to use by the domain=<domain> config option.
>>>
>>>AFAIK dnsmasq has never allowed you to send a FQDN to a host unless it  
>>>matches the domain setting (this is to avoid hosts impersonating, eg  
>>>www.microsoft.com) but the check in this case has been moved from  
>>>run-time, where it will log an error, to a fatal error at start-up
>>>
>>>The fix may be as simple as adding
>>>
>>>domain=04-06.lab.foobar.com
>>>
>>>(and you can remove the domain parts from all the dhcp-host lines as  
>>>well, if you wish. If they stay, they must match the domain given)
>>
>>We have mixed domains in our configuration.  I see the following line in
>>the main dnsmasq.conf, which would account for most of the dhcp-host
>>entries:
>>
>>local=/lab.foobar.com/wifi.foobar.com/
>>
>>I see no domain directives anywhere.  I suspect that adding
>>04-06.lab.foobar.com to the local directive might be sufficient, but I'm
>>just guessing.  And yes, this configuration works fine with
>>dnsmasq-2.34.
> 
> 
> I tried various changes to our configuration but couldn't find a working
> set.  I'm including a subset of our configuration here so you can see
> what might be causing the issue.  The only bits I've left out include
> redundant information (e.g. dhcp-host).  Just to reiterate, this works
> under 2.34 but is broken under 2.45.
> 
> 
> # cat /etc/dnsmasq.conf | grep -v '^$' | grep -v '^\#'
> filterwin2k
> local=/lab.foobar.com/wifi.foobar.com/
> interface=eth0
> expand-hosts
> dhcp-option=3,172.16.0.1
> dhcp-option=42,0.0.0.0
> conf-file=/etc/dnsmasq.lab.conf
> conf-file=/etc/dnsmasq.wifi.conf
> 
> # cat /etc/dnsmasq.lab.conf | grep -v '^$' | grep -v '^\#'
> dhcp-range=lab,172.16.0.10,172.16.0.81,12h
> dhcp-option=lab,15,lab.foobar.com
> dhcp-host=00:0e:0c:bc:17:70,lab01.lab.foobar.com,172.16.0.10
> dhcp-host=00:0c:29:ff:96:a7,solaris.lab.foobar.com,172.16.0.6
> dhcp-host=00:0c:29:ff:96:xx,windows.lab.foobar.com,172.16.0.7
> dhcp-host=00:0c:29:db:8a:b3,centos.lab.foobar.com,172.16.0.5
> dhcp-host=00:0c:29:3c:58:01,centos-4.4-01.lab.foobar.com,172.16.0.82
> 
> # cat /etc/dnsmasq.wifi.conf | grep -v '^$' | grep -v '^\#'
> dhcp-range=wifi,172.16.0.200,172.16.0.250,3d
> dhcp-option=wifi,15,wifi.foobar.com
> 
> 
> Thanks,
> 

Are the names in your dhcp-host entries _all_ "<name>.lab.foobar.com"?
If so, the simply adding

domain=lab.foobar.com

will fix things. I imagine that under 2.34 you will have seen lots of 
complaints logged about this, 2.45 has turned soft errors into hard ones.

If there are names in more than one domain, the problem in more 
complicated to fix: you may need to try the new "multi-domain" code.


Cheers,

Simon.