[Dnsmasq-discuss] [PATCH] Nack requests for unknown leases.
Simon Kelley
simon at thekelleys.org.uk
Mon Apr 24 21:51:13 BST 2017
On 24/04/17 10:16, Alin Năstac wrote:
> On Sun, Apr 23, 2017 at 5:46 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
>> On 20/04/17 10:34, Alin Nastac wrote:
>>> Hosts that migrate from one network to another could request their
>>> old IP address which might be already in use by another statically
>>> configured host. Currently non-authoritative dnsmasq servers will
>>> ignore such requests, but ISC DHCP client will send discovery packets
>>> next carrying the same requested IP address and dnsmasq will end up
>>> allocating a new lease for it without checking first if is already
>>> used by another host.
>>
>>
>> When the client sends the discovery packet, dnsmasq will notice that the
>> requested address is in use by another client, and offer a different
>> address instead.
>
> You did not understood the scenario. The host that already use the
> requested IP address is statically configured to use it (in other
> words dnsmasq does not have a lease for the given IP address).
>
> While at it, you might consider fixing the scenario in which a client
> fills a DHCP discovery message with an option-50 containing an IP
> address that is already used by another statically configured host.
>
At the DHCPDISCOVER stage, both the server and the client are supposed
to check if an address in in use. The server sends an ICMP echo request
and checks there's no answer. The client sends an ARP who-has request.
These checks should be enough to avoid address-stealing, but it's also
best not to overlap address ranges configured for DHCP allocation with
addresses of non-DHCP configured hosts.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list