[Dnsmasq-discuss] DHCP server not responding properly to DHCP-relay from multi-homed host.

Simon Kelley simon at thekelleys.org.uk
Mon May 16 17:27:33 UTC 2022 


On 16/05/2022 17:27, Brad Silva wrote:
> I ran into an issue with DHCP on DNSmsaq 2.85.
> 
> It's running on a host with two IP addresses on the same network.  The 
> primary IP is .12 and the secondary is .10.  DNSmasq was put in place to 
> replace a missing server (long story), so it was setup to listen on the 
> missing server's IP of .10.
> 
> The DHCP Relay device was sending requests to DNSmasq at .10, but 
> DNSmasq was replying to the request using the .12 IP address, which the 
> DHCP relay device promptly ignored.
> 
> I tried fixing the problem using various combinations of "interface=" 
> and "bind-interface", but the reply was always being sent using the 
> primary IP (.12).  I finally reversed the primary and secondary IP 
> addresses and the problem is fixed.
> 
> However, is there a proper way to fix this?
> Or, is this a bug/limitation?

I think bug/limitation is the best way to describe it :)

The DHCP code doesn't bother about the source address in replies at all 
(unlike the DNS code, which takes great care to use the destination 
address of the request as the source address of the reply) It just lets 
the kernel use its default, which is the primary address, as you found.

Most DHCP software ignores the header source address: the address of the 
server to talk back to is in the "server address" field inside the DHCP 
packet anyway, and that's what gets used as the ID of the server. Since 
requests may be broadcast, there's not always a good value to set it to 
anyway.

TL;DR I think your relay is not abiding by Postel's Law, but arguably 
neither is dnsmasq.

It should be possible to make dnsmasq do the obvious better thing, but 
it's not totally trivial since is uses bits of the API which are not 
standard between Linux and BSD-derived systems.

Simon.







> 
> Config file and tcpdump capture below.
> 
> Thanks,
> Brad
> 
> 15:18:22.216760 IP 172.28.141.1.bootps > 172.28.8.10.bootps: BOOTP/DHCP, 
> Request from xx:xx:xx:xx:xx:xx (oui Unknown), length 266
> 15:18:23.578420 IP 172.28.141.1.bootps > 172.28.8.10.bootps: BOOTP/DHCP, 
> Request from xx:xx:xx:xx:xx:xx (oui Unknown), length 266
> 15:18:25.310501 IP 172.28.8.12.bootps > 172.28.141.1.bootps: BOOTP/DHCP, 
> Reply, length 300
> 15:18:25.311037 IP 172.28.8.12.bootps > 172.28.141.1.bootps: BOOTP/DHCP, 
> Reply, length 300
> 15:18:26.137923 IP 172.28.141.1.bootps > 172.28.8.10.bootps: BOOTP/DHCP, 
> Request from xx:xx:xx:xx:xx:xx (oui Unknown), length 308
> 15:18:29.142546 IP 172.28.8.12.bootps > 172.28.141.1.bootps: BOOTP/DHCP, 
> Reply, length 300
> 15:18:29.155150 IP 172.28.141.1.bootps > 172.28.8.10.bootps: BOOTP/DHCP, 
> Request from xx:xx:xx:xx:xx:xx (oui Unknown), length 266
> 15:18:29.155816 IP 172.28.8.12.bootps > 172.28.141.1.bootps: BOOTP/DHCP, 
> Reply, length 300
> 15:18:35.169175 IP 172.28.141.1.bootps > 172.28.8.10.bootps: BOOTP/DHCP, 
> Request from xx:xx:xx:xx:xx:xx (oui Unknown), length 266
> 15:18:35.169933 IP 172.28.8.12.bootps > 172.28.141.1.bootps: BOOTP/DHCP, 
> Reply, length 300
> 
> 
> 
> 
> listen-address=127.0.0.1,172.28.8.10
> #auto-expand simple queries, ones with no domain
> expand-hosts
> interface=eth0:1,lo
> bind-interfaces
> domain=myhouse.net <http://myhouse.net>
> server=172.28.10.205
> dhcp-range=set:tag0,172.28.8.100,172.28.8.200,255.255.255.0,168h
> dhcp-option=tag:tag0,option:router,172.28.8.1
> dhcp-option=tag:tag0,6,172.28.8.172.28..1.10.205
> dhcp-range=set:tag1,172.28.16.100,172.28.16.200,255.255.255.0,168h
> dhcp-option=tag:tag1,option:router,172.28.16.1
> dhcp-option=tag:tag1,6,172.28.8.172.28..1.10.205
> dhcp-range=set:tag2,172.28.140.100,172.28.140.200,255.255.255.0,1h
> dhcp-option=tag:tag2,option:router,172.28.140.1
> dhcp-option=tag:tag2,6,8.8.8.8,8.8.4.4
> dhcp-range=set:tag3,172.28.141.100,172.28.141.200,255.255.255.0,1h
> dhcp-option=tag:tag3,option:router,172.28.141.1
> dhcp-option=tag:tag3,6,8.8.8.8,8.8.4.4
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list