[Dnsmasq-discuss] DHCP packet received on enp6s0 which has no address

Wed Jan 3 15:12:05 UTC 2024

Hi,

I've setup dnsmasq in a systemd-nspawn container with two interfaces, one provided by the host
system, enp6s0, and one virtual interface generated by systemd-nspawn, host0.

OS: Debian 12.
dnsmasq: version 2.89

The container's purpose is to provide basic networking functionality for my LAN, which I deemed to
be DNS and DHCP by dnsmasq and revery http/https proxying by nginx. Additional web services are
provided in additional systemd-nspawn containers which are only reachable using the host0
interface. This interface is not reachable from the LAN.

Because systemd-nspawn allows name resolution using LLMNR I want systemd-resolved to do name
resolution on host0 while dnsmasq provides DNS and DHCP on enp6s0 for the LAN.

As far as I understand, systemd-resolved does not bind to enp6s0 on port 53. Here the somewhat
shortened output of `ss -tlpn | grep systemd`:

> LISTEN 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve"))
> LISTEN 4096 127.0.0.54:53 0.0.0.0:* users:(("systemd-resolve"))
> LISTEN 0.0.0.0:5355 0.0.0.0:* users:(("systemd-resolve")
> LISTEN [::]:5355 [::]:* users:(("systemd-resolve"))

I still have to configure dnsmasq to not bind to 0.0.0.0. This is my /etc/dnsmasq.d/dns.conf:

```
domain-needed
bogus-priv

interface=enp6s0
listen-address=10.23.40.53,fd00::2e2:69ff:fe61:fe9f
no-dhcp-interface=host0
except-interface=lo
bind-interfaces

log-queries=extra
cache-size=1000
dnssec

no-resolv
expand-hosts
no-negcache

servers-file=/etc/dnsmasq.d/google.dns
#servers-file=/etc/dnsmasq.d/quad9.dns
conf-file=/usr/share/dnsmasq-base/trust-anchors.conf
```

I explicitly tell it to provide its service only on enp6s0 and even except lo from the interfaces
as systemd-resolved listens there. I tell it to not provide DHCP on host0 as the container host's
systemd-resolved provides DHCP for the containers.

I first had the config without the listen-address directive. But then it only bound to the
link-local address 169.x.y.z on enp6s0. I then disabled link-local adresses on enp6s0 but dnsmasq
didn't bind to the address 10.23.40.53 at all. So I added the listen-address. It … worked …
somehow. Here the somewhat shortened output of `ss -tlpn | grep dnsmasq`: (UNCONN is udp, LISTEN is
tcp):

> UNCONN 10.23.40.53:53 0.0.0.0:* users:(("dnsmasq"))
> UNCONN 0.0.0.0%enp6s0:67 0.0.0.0:* users:(("dnsmasq"))
> UNCONN 10.23.40.53:69 0.0.0.0:* users:(("dnsmasq"))
> UNCONN 0.0.0.0%enp6s0:4011 0.0.0.0:* users:(("dnsmasq"))
> UNCONN [fd00::2e2:69ff:fe61:fe9f]:53 [::]:* users:(("dnsmasq"))
> UNCONN [fe80::2e2:69ff:fe61:fe9f]%enp6s0:53 [::]:* users:(("dnsmasq"))
> UNCONN [fd00::2e2:69ff:fe61:fe9f]:69 [::]:* users:(("dnsmasq"))
> UNCONN [fe80::2e2:69ff:fe61:fe9f]%enp6s0:69 [::]:* users:(("dnsmasq"))
> LISTEN 10.23.40.53:53 0.0.0.0:* users:(("dnsmasq"))
> LISTEN [fd00::2e2:69ff:fe61:fe9f]:53 [::]:* users:(("dnsmasq"))
> LISTEN [fe80::2e2:69ff:fe61:fe9f]%enp6s0:53 [::]:* users:(("dnsmasq"))

I didn't check DNS functionality as I tried to get DHCP working. In the log I got
> DHCP packet received on enp6s0 which has no address

I stared at the man page for longer than might be good for me but I didn't come to a solution. Web
searches weren't that helpful either as most hits to this message are related to either Pi-Hole or
OpenWRT which both use different approaches to configure dnsmasq.

I guess the error message is connected to dnsmasq not binding to my configured IP address unless
stated explicitly. I don't know if that's a thing but dnsmasq seems unable to detect this IP
address. FWIW I configured the IP address using systemd-networkd.

I hope somebody might give me some clues why dnsmasq is not working as intended by me (yeah, it's
doing what I'm telling it to do, I know ;) ).

Bests,
Masin