[Dnsmasq-discuss] bind-interfaces does not apply on dhcp relay agent

Simon Kelley simon at thekelleys.org.uk
Wed Aug 25 14:11:58 UTC 2021

On 24/08/2021 08:05, Tom Yan wrote:
> I'm trying to have both a dhcp server and a dhcp relay agent running
> on the same host, which should bind to a different interface
> respectively. While `bind-interfaces` appears to work for the dhcp
> server, it seems to be ignored for the dhcp relay agent.
> `bind-dynamic` has a similar problem as well. If the binding *was
> actually delayed* because of the option, even the dhcp server will not
> bind to an interface (but simply ``).
> Are these known limitations or bugs?

Sort of. It's complicated for DHCP. Because DHCP has to talk to
no-configured hosts, it has to cope with strange packets with things
like source addresses and destination
addresses. The normal method of binding to the local address of an
interface doesn't therefore work well, and is not done, even when
--bind-interfaces is set. The DHCP server always uses a single socket
bound to

This nearly always works, except when it doesn't. The main place it
doesn't is when running multiple DHCP servers, and there is a mitigation
for that: if the configuration states that exactly _one_ interface is
all that can ever be used for DHCP then the DHCP socket gets nailed to
that one, physical, interface. (not to the address, to the actual
interface.) If that happens, a message something like

DHCP, sockets bound exclusively to interface br-lan

is logged at start-up.

That doesn't help you, since you are trying to do DHCP (as a relay and
as a server) on two different interfaces.

Doing that would, in theory, be possible, but it would be a significant
change to the existing code.

The best immediate suggestion I can make is to use dnsmasq as the DHCP
server, and run a stand-alone relay (I have one, called dhcp-helper) and
the ISC suite included a relay too. Try both, they do low level stuff in
different ways, and one may work when the other doesn't.

> P.S. Btw it's sad that there's not something like `no-dns-interface`...

>From a POV of completeness, or would it actually be useful?



