[Dnsmasq-discuss] dnsmasq fails to respond to DHCPREQUESTs from some clients

Sun Nov 27 07:34:02 UTC 2022

Is the question I asked below appropriate for this mailing list? Or do you think there is a better place to ask this question?

On Sunday, November 20, 2022 12:07 CET, "Bernd" <bb20829 at roadrunner.stream> wrote:

> I am running dnsmasq on a router to serve both DHCP and DNS on a small private IPv4 network (10.0.5.0/24). The initial cycle with DHCPDISCOVER works fine for all clients. However, some dhcp clients have an issue with renewal of their leases. While dnsmasq responds just fine for most of the clients when they send a DHCPREQUEST to the address 10.0.5.1 dnsmasq binds to (I'll call them "successful hosts"), it ignores the requests from some of the clients (which I will call "failing hosts"). I can see the unanswered DHCPREQUESTs in the logs of the clients, but nothing related to those requests in the log of dnsmasq. Once the dhcp client on a "failing hosts" falls back to DHCPDISCOVER, dnsmasq will respond immediately and the host gets its lease renewed. I have observed this behavior with one host running dhclient and with another host using systemd-networkd as DHCP client. The "successful hosts" also run one of those two dhcp clients, so the DHCP client does not seem to make the difference between success and failure. 
> 
> When running tcpdump on the interface dnsmasq binds to, I see immediate response from dnsmasq for a "successful host" (MAC address obfuscated):
> 
> """
> 09:20:08.789511 IP 10.0.5.7.bootpc > 10.0.5.1.bootps: BOOTP/DHCP, Request from aa:bb:cc:dd:ee:ff (oui Unknown), length 300
> 09:20:08.793795 IP 10.0.5.1.bootps > 10.0.5.7.bootpc: BOOTP/DHCP, Reply, length 315
> 
> This is what I see for a "failing host" (MAC address obfuscated):
> 
> 06:09:02.900788 IP 10.0.5.8.bootpc > 10.0.5.1.bootps: BOOTP/DHCP, Request from gg:hh:ii:jj:kk:ll (oui Unknown), length 300
> 06:09:21.778259 IP 10.0.5.8.bootpc > 10.0.5.1.bootps: BOOTP/DHCP, Request from gg:hh:ii:jj:kk:ll (oui Unknown), length 300
> <...many more of those...>
> 07:42:47.005640 IP 10.0.5.8.bootpc > 10.0.5.1.bootps: BOOTP/DHCP, Request from gg:hh:ii:jj:kk:ll (oui Unknown), length 300
> 07:42:56.398411 IP 10.0.5.8.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from gg:hh:ii:jj:kk:ll (oui Unknown), length 300
> 07:42:56.402801 IP 10.0.5.1.bootps > 10.0.5.8.bootpc: BOOTP/DHCP, Reply, length 310
> """
> 
> I am running dnsmasq 2.85-1 from Debian 11. This is how my dnsmasq.conf file looks like:
> 
> """
> server=8.8.8.8#53
> no-resolv
> listen-address=10.0.5.1
> bind-interfaces
> no-hosts
> addn-hosts=/etc/hosts-vlan5
> expand-hosts
> domain=srv
> conf-file=/etc/dnsmasq-trustanchor.conf
> dnssec
> dnssec-check-unsigned
> dhcp-range=10.0.5.0,static,4h
> dhcp-host=aa:bb:cc:dd:ee:ff,10.0.5.7,server1.srv
> dhcp-host=gg:hh:ii:jj:kk:ll,10.0.5.8,server2.srv
> <more-lines-like-this>
> dhcp-option-force=option:mtu,9000
> dhcp-leasefile=/var/lib/misc/dnsmasq-vlan5.leases
> dhcp-authoritative
> """
> 
> The firewall on the router is configured to allow UDP traffic on ports 67 and 68 which comes in on the NIC dnsmasq binds to:
> """
> target     prot opt source               destination         
> ACCEPT     udp  --  anywhere             anywhere             udp spts:bootps:bootpc dpts:bootps:bootpc
> """
> Outgoing network traffic is not restricted on the firewall.
> 
> I am not sure whether this is a bug i dnsmasq or a misconfiguration. Any idea why dnsmasq could be ignoring the DHCPREQUSTS to 10.0.5.1 from some DHCP clients and how this can be fixed? Thank you for taking the time.