[Dnsmasq-discuss] dnsmasq ignoring some clients

Chris Marget chris at logsoft.com
Thu Oct 2 22:01:59 BST 2008 

On Thu, 2 Oct 2008, Simon Kelley wrote:
> Chris Marget wrote:
> > On Thu, 2 Oct 2008, Simon Kelley wrote:
> >>Chris Marget wrote:
> > 
> > DHCPREQUEST for 255.255.255.255 (1.2.3.4) from 00:16:3e:11:11:11 via nge0: wrong network.
> > DHCPNAK on 255.255.255.255 to 00:16:3e:11:11:11 via nge0
> > DHCPDISCOVER from 00:16:3e:11:11:11 via nge0
> > DHCPOFFER on 192.168.1.81 to 00:16:3e:11:11:11 via nge0
> > DHCPREQUEST for 192.168.1.81 (192.168.1.8) from 00:16:3e:11:11:11 via nge0
> > DHCPACK on 192.168.1.81 to 00:16:3e:11:11:11 via nge0
> 
> Hand-running the first request packet through the dnsmasq code reveals 
> that it's being ignored because the server-identifier (1.2.3.4) doesn't 
> match. RFC-2131 compliant behaviour is to silently ignore any DHCP 
> packets which don't have a correct server-id so in the simple case 
> that's correct.
> 
> Life is made more complicated because the --dhcp-authoritative flag is 
> set, which says, essentially "violate the RFC in a way which provides 
> more useful behaviour on a network with only one DHCP server." For 
> dnsmasq that means accept DHCPREQUEST for clients in INIT-REBOOT 
> RENEWING or REBINDING state, even if they don't have an existing lease.
> It doesn't have any effect when a client is in SELECTING state, which 
> yours, bizarrely, seems to be. It looks like ISC have done things 
> differently, and NAK SELECTING clients with mismatched server-ids when 
> in authoritative mode.
> 
> Since all of this behaviour violates the RFC by design, there's no 
> standard to say who is right. Clearly the ISC behaviour is better in 
> this case, but it's fairly dangerous since it's NAKing a broadcast 
> packet. If there really was another server out there which could respond 
> to the broadcast, then not staying silent will mess things up.
> 
> It's not clear to me if a behaviour change for dnsmasq makes sense. Any 
> contributions from the list would be welcome. Maybe I'll take this to 
> the mailing list where the IETF DHCP gods hang out.

Interesting, thanks Simon!

I've actually used 3 different linux builds from jailtime.org: debian,
cenots and ubuntu.  They all behave the same way.  ...Well, dnsmasq
silently ignores them anyway.

In my envioronment, it's not all that big of a deal to have the ISC
daemon around, only serving up addresses to clients using the xensource
OUI.

...Though it feels a little bit dirty to have two "authoritative"
servers on the LAN!

Thanks again.

/chris

More information about the Dnsmasq-discuss mailing list