[Dnsmasq-discuss] [PATCH] Nack requests for unknown leases.
Roy Marples
roy at marples.name
Tue Apr 25 10:11:46 BST 2017
On 25/04/2017 08:08, Alin Năstac wrote:
> I'm talking about second case, the "static" one. The use case is this:
> 1) Client A using ISC DHCP client gets a lease from a different LAN called X
> 2) Client A gets disconnected from LAN X and connected to LAN Y where
> dnsmasq DHCP server runs in a non-authoritative mode.
> 3) Client A is connected to LAN Y (where dnsmasq serve as DHCP server)
> and sends a DHCP requests asking for the same IP address used in LAN X
> 4) dnsmasq does not have a lease for that IP address so it ignores the requests
> 5) After a couple of seconds client A sends a DHCP discovery carrying
> the same option-50 as the DHCP requests at step 3
> 6) dnsmasq will happily lease the requested IP address without
> checking if there is another host that use it; unfortunately there is
> another statically configured host B that use the same address.
Irregardless of dnsmasq, ISC dhclient *should* ARP probe to check the
offered address isn't in use. If changing to another DHCP client which
does do this (like say dhcpcd) or fixing dhclient then consider using an
OS which enforces ARP address validation like say NetBSD or Solaris -
not that dhclient will actually do anything about the invalidated
address on these OS's, but that's another topic.
This is important, because dnsmasq could be being a DHCP relay and may
not be able to ICMP ping the requested IP address - hence both sides
need to validate.
Roy
More information about the Dnsmasq-discuss
mailing list