[Dnsmasq-discuss] Repeated assignment, ignored dhcp-host, and failed DNS lookup
Lovelady, Dennis E.
dlovelady1 at dtcc.com
Tue Oct 9 12:22:54 BST 2012
>> How would I know if a rogue DHCP server has appeared on the net?
>
> I don't think it's likely, at the moment. My guess is that the DHCP server
> is at the same IP address on both the networks, and when the machine
> came back up, it sent the DHCPINFORM to the DHCP server address, then
> took the response as confirmation that the lease was still valid.
> This is a bit of a gray area, but the client isn't strictly allowed to do that:
> it should send a DHCPREQUEST. (strictly, it should entry
> INIT-REBOOT state)
You should give yourself more credit, Simon! :)
Turns out, my ISP had replaced the modem/router while I was away (this is in an apartment, and the leasing office let the tech in while I was at my real home, and I had complained to the ISP about intermittent connection). Of course, that device had its own DHCP by default. Prompted by your query, I found and resolved the issue quickly by disabling that DHCP and using
ifconfig /release; service network restart
(or equivalent) on all devices.
Thanks so much for your guidance; this was one that didn't make any sense to me at all, until my eyes were opened again.
Dennis
-----Original Message-----
From: Simon Kelley [mailto:simon at thekelleys.org.uk]
Sent: Monday, October 08, 2012 4:52 PM
To: Lovelady, Dennis E.
Cc: dnsmasq-discuss at lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] Repeated assignment, ignored dhcp-host, and failed DNS lookup
On 08/10/12 17:30, Lovelady, Dennis E. wrote:
> Hi, Simon:
>
> I have all the logs going back to June, 2011. (That represents about
> 70,000 lines of dnsmasq-related messages.) What would you like to see
> from those?
>
> The m1330c/w system was on a different network yesterday morning, and
> moved back to this network in the evening. Absolutely possible that
> it is hanging on to its prior lease, though I didn't think those
> survived a boot after a network switch. You would absolutely know,
> though, and I take it from your response that that's probably what
> happened. I'll refresh the lease this PM if not back to "normal" by
> then.
A lease will survive a client reboot, but I'd expect a reboot to cause a system to at least confirm a lease. Could you look through your dnsmasq logs to see what, if anything dnsmasq logged about this machine when it booted up on this network?
> How would I know if a rogue DHCP server has appeared on the net? I'm
> assuming you're on the right track since the answer to the remaining
> question is:
I don't think it's likely, at the moment. My guess is that the DHCP server is at the same IP address on both the networks, and when the machine came back up, it sent the DHCPINFORM to the DHCP server address, then took the response as confirmation that the lease was still valid.
This is a bit of a gray area, but the client isn't strictly allowed to do that: it should send a DHCPREQUEST. (strictly, it should entry INIT-REBOOT state)
> /var/lib/misc/dnsmasq.leases is empty!!!!
That makes sense: dnsmasq will still reply to DHCPINFORM without a lease, and the DHCPINFORM won't create a lease. Once the lease expires at the client end, or you force it too, then stuff should re-sync.
If rebooting the client caused it to send only DHCPINFORM requests, then we have some grounds to complain to Microsoft.
Simon.
<BR>_____________________________________________________________
<FONT size=2><BR>
DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted
by this email.</FONT>
More information about the Dnsmasq-discuss
mailing list