[Dnsmasq-discuss] DHCP always listeing on 0.0.0.0:67

Wed Mar 12 23:41:02 UTC 2025

On Wed, 12 Mar 2025, Joachim Lindenberg via Dnsmasq-discuss wrote:

> I am new on that list and may not have seen previous discussions on 
> this, any pointer appreciated.

Feel free to browse the archive. Something very similar to your 
question was asked within the past week or two:

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/

> DHCP always uses 0.0.0.0:67. Is there any means to restrict DHCP 
> listening as well? My goal is to allow a DHCP relay to listen on same 
> port but a distinct IP on the same interface.

Because a DHCP server has to use a number of tricks to do what it does 
– like sending and receiving broadcast packets, sending unicast packets 
to clients before they're able to respond to an ARP request, etc, a 
DHCP server generally can't bind to a specific address or interface in 
the same way that a run of the mill TCP or UDP server can.

In general, you should probably assume that a single IP stack can only 
support one DHCP server. Fortunately, Linux can do some tricks that 
looks like running multiple IP stacks on a single host using the 
concept of namespaces. It's can be a bit complex to wrap your head 
around, and a simpler solution may be to run a Virtual Machine for your 
other DHCP server, and bridge it onto the host's phsicaly interface.

I'm not entirely sure what you're trying to do, but I'll share a small 
"works-for-me" solution that I've used here for myself in another but 
possibly similar scenario. It's not at all relevant to dnsmasq, except 
it might work in the same manner:

I have an ISC dhcpd server running as my LAN's main DHCP server, but I 
wanted to experiment with ISC Kea for a separate subnet behind another 
router, and thus behind a DHCP relay. I also wanted to run Kea on the 
same Linux host as dhcpd, but as you've experienced, two DHCP servers 
generally can't coexist on the same host. What I did was to set up a 
separate network namespace for Kea to run in. This namespace has a 
single virtual Ethernet device that connects to the "main" host, and 
all routing is done through the main host. The following script sets up 
the namespace, the virtual side of the interface, and starts the server 
running in the given namespace. The host side of the virtual ethernet 
interface (named v-kea on the host side) is configured as 10.0.15.1/30 
using the system's normal network configuration software, which also 
enables IPv4 forwarding. Finally, the router acting as the DHCP relay 
is configured to forward requests to 10.0.15.2.

if [ ! -e /var/run/netns/kea ]; then
/usr/bin/ip -batch - <<EOF
netns add kea
link add v-kea type veth peer name host0 netns kea
EOF

/usr/bin/ip -batch - <<EOF
link set v-kea up
EOF

/usr/bin/ip -netns kea -batch - <<EOF
link set lo up
link set host0 up
addr flush dev host0
addr add 10.0.15.2/30 dev host0
route add default via 10.0.15.1
EOF
fi

exec /usr/bin/ip netns exec kea /usr/bin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf

Perhaps something similar could work for you.

-- 
Peter Tirsek