[Dnsmasq-discuss] [BUG] Bogus IP address in the syslog messages

Sat Feb 20 15:00:05 GMT 2010

On 2010-02-20 14:19, Simon Kehlley wrote:
> Sergei Zhirikov wrote:
>> Hi,
>>
>> On of the DHCP clients in my network believes that is has the same
>> hostname as the machine where dnsmasq-2.52 is running. That by itself
>> is a result of misconfiguration, but the reaction of dnsmasq seems a
>> bit odd. I get the following messages in syslog when that client
>> tries to renew its lease:
>>
>>
>
>> The messages about not giving the host name are in principle correct.
>> What is odd is that, as you can see, every other time dnsmasq
>> mentions IP address 216.230.6.8, which is totally bogus. There is
>> nothing in the whole network that even remotely resembles that IP
>> address. The content of /etc/hosts is quite trivial:
>>
>> # hosts 127.0.0.1 localhost 172.23.112.1 wafer.softlights.net wafer
>>
>> The problem seems to be just cosmetic, but since it is unclear where
>> the bogus IP address comes from, it is possible that there is a more
>> severe problem (like memory corruption) is hiding behind it.
>>
>> I'm wondering if anyone can reproduce this phenomenon.
>>
>>
>
> What you are seeing is consistent with there being two address entries
> for wafer.local.softlights.net in the DNS cache. You see different
> addresses each time because the order gets swapped on each lookup (to
> implement round-robin) and the DHCP code logs that message and bails on
> the first entry it finds.

The thing is that wafer.local.softlights.net resolves to a single IP address, which is 172.23.112.1.

> That's not a complete explanation (where did the 216.230.6.8 address
> come from?) but it's a bit less scary than a memory corruption.
>
> Try a test query using dig for wafer.local.softlights.net, I suspect you
> will see both addresses returned.

As I said, there is only one IP address. I have also used tcpdump to watch both DHCP and DNS communication. The address 216.230.6.8 does not show up anywhere. (As a sidenote: I found it a bit surprising that despite "not giving name wafer ..." dnsmasq returns that same host name in the DHCPACK message to the client)

> Now try restarting dnsmasq and repeating the dig query. If you get the
> same result you must have some obscure configuration hidden away
> somewhere (--addn-hosts?) If the problem has cleared then we have a
> mystery to solve.

Here comes the funny part. I should have mentioned that in my first message. If I restart dnsmasq the bogus address remains the same most of the time, *but not always*. If I run another dnsmasq binary (I still have one of version 2.51, that I used before the last upgrade) then the bogus address is different from the one I get with 2.52. This makes me think it somehow depends on the memory layout of the running process. Those mysterious addresses are not completely random. All that I have seen so far have form xxx.xxx.6.8.

Of course, I can't be sure it's memory corruption, but it certainly looks very much like one.

By the way, dnsmasq is running on an LFS system, which I have built myself. Every single line in every single configuration file is written by me, that's why I'm quite sure it isn't some obscure configuration issue. Although, I did try "grep -rF '216.230.6.8' /etc", just in case, and it came up with nothing, as I expected.

I'm puzzled...

Regards,
Sergei.