[Dnsmasq-discuss] Simplest working "shared-network" configuration? (was Re: dnsmasq on an IPv4 /32 interface)

Paul Gear paul-dnsmasq at gear.email
Sat Jul 10 05:58:13 UTC 2021 

Hi all,

It's been a while since I originally posted about this, and I've done a 
lot of experimenting without landing on a working setup.

I'm trying to get a very simple test case working, where I have a number 
of vnet interfaces, all configured with the link-local address 
169.254.0.1/16, and have dnsmasq allocate the leases out of a different 
range (in this case, I'm using a portion of the documentation prefix, 
203.0.113.0/29).  Here's my configuration:

pid-file=/var/lib/dnsmasq-vnet/dnsmasq-vnet.pid
bind-dynamic
interface=vnet*
log-dhcp
no-hosts
dhcp-range=203.0.113.0, 255.255.255.248, 1d
dhcp-option=option:router,169.254.0.1
shared-network=169.254.0.1,203.0.113.0

As far as I can tell, this is compliant with the directions given in the 
manual section for shared-network.  However, it doesn't work (no DHCP 
offers are sent), and it gives the following logs:

Jul 10 15:37:02 server dnsmasq[314647]: started, version 2.84rc2 
cachesize 150
Jul 10 15:37:02 server dnsmasq[314647]: compile time options: IPv6 
GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack 
ipset auth cryptohash DNSSEC loop-detect inotify dumpfile
Jul 10 15:37:02 server dnsmasq[314647]: warning: interface vnet* does 
not currently exist
Jul 10 15:37:02 server dnsmasq-dhcp[314647]: DHCP, IP range 203.0.113.0 
-- 255.255.255.248, lease time 1d
Jul 10 15:37:02 server dnsmasq[314647]: reading /etc/resolv.conf
Jul 10 15:37:02 server dnsmasq[314647]: using nameserver 127.0.0.53#53
Jul 10 15:37:02 server dnsmasq[314647]: cleared cache
Jul 10 15:37:08 server dnsmasq[314647]: listening on vnet0(#65): 
169.254.0.1 port 53
Jul 10 15:37:09 server dnsmasq[314647]: listening on vnet0(#65): 
fe80::fc54:ff:fe64:2291%vnet0 port 53
Jul 10 15:37:38 server dnsmasq-dhcp[314647]: no address range available 
for DHCP request via vnet0
Jul 10 15:38:11 server dnsmasq-dhcp[314647]: message repeated 5 times: [ 
no address range available for DHCP request via vnet0]
Jul 10 15:38:19 server dnsmasq[314647]: stopped listening on vnet0(#65): 
fe80::fc54:ff:fe64:2291 port 53
Jul 10 15:38:19 server dnsmasq[314647]: stopped listening on vnet0(#65): 
169.254.0.1 port 53

The "listening on" and "stopped listening on" messages correspond to 
when the guest VM is started and stopped, when the vnet0 interface is 
created and destroyed.  There is a start script for the VM which 
automatically adds the required routes described in the manual section 
for shared-network.  (I'll likely move this to the dnsmasq dhcp-script 
once the configuration is working.)

If I add the additional line:

dhcp-range=169.254.0.0, 255.255.0.0, 1d

it behaves essentially the same, with the addition of the rather 
perplexing error message:

Jul 10 15:27:01 server dnsmasq-dhcp[313742]: DHCP range 169.254.0.0 -- 
255.255.0.0 is not consistent with netmask 255.255.0.0

(If I'm reading the manual page correctly, there shouldn't be any need 
for the dhcp-range matching the interface on which the requests arrive, 
but I thought I'd test it just in case.)

What's needed to make shared-network work?

Thanks in advance,
Paul

On 22/9/20 6:51 pm, Paul Gear wrote:
> On 22/9/20 4:22 pm, Nicolas Cavallari wrote:
>> On 21/09/2020 21:32, Paul Gear wrote:
>>> Hi all,
>>>
>>> I've been trying to solve the same problem described in this blog post:
>>> https://blog.fhrnet.eu/2020/03/07/dhcp-server-on-a-32-subnet/
>>>
>>> In a nutshell, the situation is a VM host which performs routing and
>>> firewalling for all its guests, providing an isolated IPv4 /32 (and in
>>> my case an IPv6 /64 or /128 as well) to each VM guest, and using
>>> interface routes on the host to direct traffic to each guest, without
>>> wasting IPv4 addresses on /31 or /30 point-to-point links.
>>> ...
>> This sounds like the use case for shared-network:
>>
>> shared-network=virbr13,192.168.1.26
>>
>> or
>>
>> shared-network=172.16.0.1,192.168.1.26
>>
>> Alternatively, i sent this patch a while ago to be able to ignore any
>> matching, but my use case is different. I can send an updated version if
>> people are interested.
>>
>> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/012070.html
>
> Ah, perfect - thanks very much, Nicolas.
>
> I was doing my testing using the OS-packaged dnsmasq on my laptop, which
> was 2.79.  Looks like shared-network was added in 2.81.  I'll upgrade
> and do some testing, but it looks from the description like this is
> exactly what I'm looking for.
>
> Much appreciated.
>
> Regards,
> Paul
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list