[Dnsmasq-discuss] Multiple interfaces responding to DHCP requests
Nick Howitt
nick at howitts.co.uk
Thu May 13 20:31:21 UTC 2021
On 13/05/2021 19:26, Geert Stappers via Dnsmasq-discuss wrote:
>
> On Thu, May 13, 2021 at 01:05:07PM +0100, Nick Howitt wrote:
>> I am trying to help someone who has a set up with three LAN's, all on
>> different subnets and all acting as DHCP servers. He is getting an odd
>> result that when a device on the enp2s0 LAN requests an IP, both enp2s0 and
>> enp3s0 respond with IP's. I've never seen this before and my own server does
>> not act this way.
>>
>> From an nmap scan from a device on the enp2s0 LAN:
>> ubuntu-local at latitude-e7470:~$ sudo nmap --script=broadcast-dhcp-discover -e enp0s31f6
>> Starting Nmap 7.91 ( https://nmap.org <https://nmap.org> ) at 2021-05-08 11:23 EDT
>> Pre-scan script results:
>> | broadcast-dhcp-discover:
>> | Response 1 of 2:
>> | Interface: enp0s31f6
>> | IP Offered: 192.168.1.214
>> | DHCP Message Type: DHCPOFFER
>> | Server Identifier: 192.168.1.1
>> | IP Address Lease Time: 2m00s
>> | Renewal Time Value: 1m00s
>> | Rebinding Time Value: 1m45s
>> | Domain Name: emdentalb.local
>> | Domain Name Server: 192.168.1.1
>> | Router: 192.168.1.1
>> | Broadcast Address: 192.168.1.255
>> | Subnet Mask: 255.255.255.0
>> | Response 2 of 2:
>> | Interface: enp0s31f6
>> | IP Offered: 192.168.168.215
>> | DHCP Message Type: DHCPOFFER
>> | Server Identifier: 192.168.168.1
>> | IP Address Lease Time: 2m00s
>> | Renewal Time Value: 1m00s
>> | Rebinding Time Value: 1m45s
>> | Domain Name: emdentalb.local
>> | Domain Name Server: 192.168.168.1
>> | Router: 192.168.168.1
>> | Broadcast Address: 192.168.168.255
>> |_ Subnet Mask: 255.255.255.0
>> WARNING: No targets were specified, so 0 hosts scanned.
>> Nmap done: 0 IP addresses (0 hosts up) scanned in 10.29 seconds
>>
>> From the dnsmasq log:
>> May 8 11:23:39 dnsmasq-dhcp[7226]: DHCPDISCOVER(enp2s0) de:ad:c0:de:ca:fe
>> May 8 11:23:39 dnsmasq-dhcp[7226]: DHCPOFFER(enp2s0) 192.168.1.214 de:ad:c0:de:ca:fe
>> May 8 11:23:42 dnsmasq-dhcp[7226]: DHCPDISCOVER(enp3s0) de:ad:c0:de:ca:fe
>> May 8 11:23:42 dnsmasq-dhcp[7226]: DHCPOFFER(enp3s0) 192.168.168.215 de:ad:c0:de:ca:fe
>>
>> His current configs (so not at the time of the logs as they have been
>> tweaked to troubleshoot):
>> /etc/dnsmasq.conf:
>> bogus-priv
>> cache-size=5000
>> conf-dir=/etc/dnsmasq.d
>> dhcp-authoritative
>> dhcp-lease-max=1000
>> domain-needed
>> domain=######.local
>> expand-hosts
>> log-facility=/var/log/dnsmasq
>> no-negcache
>> port=53
>> read-ethers
>> resolv-file=/etc/resolv-peerdns.conf
>> strict-order
>> user=nobody
>>
>> /etc/dnsmasq.d/dhcp.conf:
>> dhcp-option=enp2s0,1,255.255.255.0
>> dhcp-option=enp2s0,28,192.168.1.255
>> dhcp-option=enp2s0,3,192.168.1.1
>> dhcp-option=enp2s0,6,192.168.1.250
>> dhcp-range=enp2s0,192.168.1.100,192.168.1.199,infinite
>>
>> dhcp-option=enp3s0,1,255.255.255.0
>> dhcp-option=enp3s0,28,192.168.168.255
>> dhcp-option=enp3s0,3,192.168.168.1
>> dhcp-option=enp3s0,6,192.168.1.1,192.168.168.1
>> dhcp-range=enp3s0,192.168.168.50,192.168.168.99,48h
>>
>> dhcp-option=enp4s0,1,255.255.255.0
>> dhcp-option=enp4s0,28,192.168.169.255
>> dhcp-option=enp4s0,3,192.168.169.1
>> dhcp-option=enp4s0,6,192.168.169.1
>> dhcp-range=enp4s0,192.168.169.100,192.168.169.254,24h
>>
>> The infinite leases was an attempt to get round the problem as the devices
>> were picking up IP's from the wrong LAN.
>>
>> Do you know what is wrong here?
>
>
>> How can I troubleshoot?
>
>
>> I have a similar dual LAN set up and it works as expected with each
>> LAN only responding with its own LAN DHCP settings.
>
> That means the "problem" is outside dnsmasq.
>
>
>> Both of us are running dnsmasq-2.76-10.el7_7.1.x86_64.
>>
>> Thanks,
>
> Feel welcome to report back.
OK, but if the problem is outside dnsmasq, why does dnsmasq log two
DHCPDISCOVERs and DHCPOFFERs? Could he have a networking problem with
the two LAN's bridged somewhere? I thought that would cause a routing
loop and everything would fail anyway. Perhaps I can ask him to unplug
the cable to enp3s0 and see if the problem goes away.
More information about the Dnsmasq-discuss
mailing list