[Dnsmasq-discuss] dhcp-host precedence request due multiple matches

Neal P. Murphy neal.p.murphy at alum.wpi.edu
Tue Jun 22 03:54:03 UTC 2021

On Mon, 21 Jun 2021 11:57:48 -0400
wkitty42 at gmail.com wrote:

> On 6/21/21 8:42 AM, Jesus M Diaz wrote:
> > so, if I have two virtual computers running over the same hardware, what should 
> > be used as identifier for dnsmasq? the physical mac-address (just one, as it is 
> > just one physical card)? the dhcp-client-id or hostname (configurable as per 
> > logical device level)?  
> each VM has its own MAC on its own (possibly) virtual NIC ;)

To expand on this just a bit for 'small' users (desktop systems)...

If one runs multiple VMs on a system, it's usually best and least cornfusing to prepare L2 bridges (which are really virtual network switches) on the host and connect each VM to the desired bridge (or bridges if the VM has multiple virtual NICs). Each bridge takes (I think) the MAC addr of the first real NIC slaved to it; if no NIC is slaved to it, the bridge gets a random 'locally administered' MAC addr. A bridge is still quite usable without a real NIC slaved to it; traffic on the bridge just cannot reach the 'real world' and IPs used on that LAN cannot conflict with IPs used in the real world (IOW, good for testing).

Each VM should be configured to have a static 'locally administered' MAC address. I encode the VM ID# and the NIC's number (in the VM) into the MAC address so I know which VM and which of its NICs is involved in traffic.

In short, if one assigns static and unique MAC addrs to virtual NICs, those MAC addrs can be used as identifiers.

However, it is probably better to use GUIDs for real and virtual systems. With a GUID, one can change NICs and MAC addrs as desired and still get the same IP address(es) assigned; MAC addr cloning shouldn't be needed. Using GUIDs should also reduce administration time. One caveat: the client *and* the server must retain the GUID(s). If either one forgets/loses the client's GUID, a new IP addr from the pool is likely to be assigned.

With four bridges and 20-30 VMs, I can easily configure multiple virtual firewalls in complex arrangements when testing new firewall releases.


More information about the Dnsmasq-discuss mailing list