[Dnsmasq-discuss] bind-interfaces does not apply on dhcp relay agent
tom.ty89 at gmail.com
Wed Aug 25 14:45:08 UTC 2021
On Wed, 25 Aug 2021 at 22:11, Simon Kelley <simon at thekelleys.org.uk> wrote:
> On 24/08/2021 08:05, Tom Yan wrote:
> > Hi,
> > I'm trying to have both a dhcp server and a dhcp relay agent running
> > on the same host, which should bind to a different interface
> > respectively. While `bind-interfaces` appears to work for the dhcp
> > server, it seems to be ignored for the dhcp relay agent.
> > `bind-dynamic` has a similar problem as well. If the binding *was
> > actually delayed* because of the option, even the dhcp server will not
> > bind to an interface (but simply `0.0.0.0:67`).
> > Are these known limitations or bugs?
> Sort of. It's complicated for DHCP. Because DHCP has to talk to
> no-configured hosts, it has to cope with strange packets with things
> like 0.0.0.0 source addresses and 255.255.255.255 destination
> addresses. The normal method of binding to the local address of an
> interface doesn't therefore work well, and is not done, even when
> --bind-interfaces is set. The DHCP server always uses a single socket
> bound to 0.0.0.0:67
> This nearly always works, except when it doesn't. The main place it
> doesn't is when running multiple DHCP servers, and there is a mitigation
> for that: if the configuration states that exactly _one_ interface is
> all that can ever be used for DHCP then the DHCP socket gets nailed to
> that one, physical, interface. (not to the address, to the actual
> interface.) If that happens, a message something like
> DHCP, sockets bound exclusively to interface br-lan
> is logged at start-up.
> That doesn't help you, since you are trying to do DHCP (as a relay and
> as a server) on two different interfaces.
> Doing that would, in theory, be possible, but it would be a significant
> change to the existing code.
> The best immediate suggestion I can make is to use dnsmasq as the DHCP
> server, and run a stand-alone relay (I have one, called dhcp-helper) and
> the ISC suite included a relay too. Try both, they do low level stuff in
> different ways, and one may work when the other doesn't.
Yeah I thought of that too. Was too lazy to actually study/test
another suite though. Nevertheless I ended up running an additional
instance as the dhcp server in a network namespace and made the
existing non-relaying instance a pure dns forwarder -- I would like to
use the systemd-resolved stub as its upstream server. Everything seems
to work fine now.
> > P.S. Btw it's sad that there's not something like `no-dns-interface`...
> From a POV of completeness, or would it actually be useful?
Well it could be a bit problematic / annoying when one wants to use
dnsmasq for dhcp only, but I guess in most cases everyone just copes
with it in one way or another.
> > Regards,
> > Tom
More information about the Dnsmasq-discuss