[Dnsmasq-discuss] dnsmasq fails to respond to DHCPREQUESTs from some clients

Bernd bb20829 at roadrunner.stream
Sun Nov 20 11:07:16 UTC 2022 

I am running dnsmasq on a router to serve both DHCP and DNS on a small private IPv4 network (10.0.5.0/24). The initial cycle with DHCPDISCOVER works fine for all clients. However, some dhcp clients have an issue with renewal of their leases. While dnsmasq responds just fine for most of the clients when they send a DHCPREQUEST to the address 10.0.5.1 dnsmasq binds to (I'll call them "successful hosts"), it ignores the requests from some of the clients (which I will call "failing hosts"). I can see the unanswered DHCPREQUESTs in the logs of the clients, but nothing related to those requests in the log of dnsmasq. Once the dhcp client on a "failing hosts" falls back to DHCPDISCOVER, dnsmasq will respond immediately and the host gets its lease renewed. I have observed this behavior with one host running dhclient and with another host using systemd-networkd as DHCP client. The "successful hosts" also run one of those two dhcp clients, so the DHCP client does not seem to make the difference between success and failure. 

When running tcpdump on the interface dnsmasq binds to, I see immediate response from dnsmasq for a "successful host" (MAC address obfuscated):

"""
09:20:08.789511 IP 10.0.5.7.bootpc > 10.0.5.1.bootps: BOOTP/DHCP, Request from aa:bb:cc:dd:ee:ff (oui Unknown), length 300
09:20:08.793795 IP 10.0.5.1.bootps > 10.0.5.7.bootpc: BOOTP/DHCP, Reply, length 315

This is what I see for a "failing host" (MAC address obfuscated):

06:09:02.900788 IP 10.0.5.8.bootpc > 10.0.5.1.bootps: BOOTP/DHCP, Request from gg:hh:ii:jj:kk:ll (oui Unknown), length 300
06:09:21.778259 IP 10.0.5.8.bootpc > 10.0.5.1.bootps: BOOTP/DHCP, Request from gg:hh:ii:jj:kk:ll (oui Unknown), length 300
<...many more of those...>
07:42:47.005640 IP 10.0.5.8.bootpc > 10.0.5.1.bootps: BOOTP/DHCP, Request from gg:hh:ii:jj:kk:ll (oui Unknown), length 300
07:42:56.398411 IP 10.0.5.8.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from gg:hh:ii:jj:kk:ll (oui Unknown), length 300
07:42:56.402801 IP 10.0.5.1.bootps > 10.0.5.8.bootpc: BOOTP/DHCP, Reply, length 310
"""

I am running dnsmasq 2.85-1 from Debian 11. This is how my dnsmasq.conf file looks like:

"""
server=8.8.8.8#53
no-resolv
listen-address=10.0.5.1
bind-interfaces
no-hosts
addn-hosts=/etc/hosts-vlan5
expand-hosts
domain=srv
conf-file=/etc/dnsmasq-trustanchor.conf
dnssec
dnssec-check-unsigned
dhcp-range=10.0.5.0,static,4h
dhcp-host=aa:bb:cc:dd:ee:ff,10.0.5.7,server1.srv
dhcp-host=gg:hh:ii:jj:kk:ll,10.0.5.8,server2.srv
<more-lines-like-this>
dhcp-option-force=option:mtu,9000
dhcp-leasefile=/var/lib/misc/dnsmasq-vlan5.leases
dhcp-authoritative
"""

The firewall on the router is configured to allow UDP traffic on ports 67 and 68 which comes in on the NIC dnsmasq binds to:
"""
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp spts:bootps:bootpc dpts:bootps:bootpc
"""
Outgoing network traffic is not restricted on the firewall.

I am not sure whether this is a bug i dnsmasq or a misconfiguration. Any idea why dnsmasq could be ignoring the DHCPREQUSTS to 10.0.5.1 from some DHCP clients and how this can be fixed? Thank you for taking the time.

More information about the Dnsmasq-discuss mailing list