Discussion:
[Dnsmasq-discuss] dnsmasq DHCP behind a DHCP relay, without directly-connected addresses
James Brown
2016-08-02 22:43:33 UTC
Permalink
I have a setup roughly like the following ASCII-art diagram (numbers and
number of VLANs simplified greatly):


|===== VLAN 1 : 10.0.1.0/24 ======| |============== VLAN 2: 10.0.2.0/24
==============|
| | |
|
| |------------------| |-------------|
|
| | admin host | | gateway |
|
| | 10.0.1.2/24 | | 10.0.1.1/24 |
|----------------------------| |
| |------------------| | 10.0.2.1/24 | | client host
| |
| | etc | | should get static
lease of | |
| |-------------| | 10.0.2.x
| |
| | |
|----------------------------| |
|==================================|
|=================================================|

​We have multiple VLANs each of which has its own subnet. They're bridged
by a single multi-homed gateway (actually, an HA pair of them, but
whatever). The gateway is running dhrelay3 and forwarding DHCP requests to
the admin host in the administrative VLAN, which is running dnsmasq with a
database of addresses to hand out.​ I would prefer to be able to avoid
having to put that database on the gateway and have a bunch of dynamic host
configuration on a router. The admin host is single-homed.

The dnsmasq config looks like the following (I've removed most of the
entries and config to simplify the question):

port = 0
dhcp-range=10.0.1.0,static,255.255.255.0
dhcp-range=10.0.2.0,static,255.255.255.0
dhcp-option=6,10.0.2.3
dhcp-option=3,10.0.2.1
dhcp-host=00:aa:bb:cc:dd:ee,10.2.0.86

Unfortunately, dnsmasq seems to refuse to hand out addresses from a
non-directly-connected subnet. When the requests come in from
00:aa:bb:cc:dd:ee, I just get the following logged:

dnsmasq: started, version 2.76 DNS disabled
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq-dhcp: DHCP, static leases only on 10.0.1.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.0.2.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.0.3.0, lease time 1h
dnsmasq-dhcp: 1302931552 available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored
dnsmasq-dhcp: 1302931552 available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored
dnsmasq-dhcp: 4279941416 available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 4279941416 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored

​Tcpdump of the packets being received by ​the host look roughly like the
following:

22:23:57.987953 IP (tos 0x0, ttl 64, id 48608, offset 0, flags [DF], proto
UDP (17), length 328)
10.0.1.1.bootps > admin.bootps: BOOTP/DHCP, Request from
00:aa:bb:cc:dd:ee (oui Unknown), length 300, hops 1, xid 0x4ec4ba20, secs
24, Flags [none]
Gateway-IP 10.0.1.1
Client-Ethernet-Address 00:aa:bb:cc:dd:ee (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway

​I would like for the admin host (10.0.1.1/24) to be able to hand out IP
addresses to hosts in any VLAN without having to multi-home it. Is this
just impossible in dnsmasq, or is there some magic option that will tell it
to hand out IP addresses on a non-connected subnet when the request goes
through a relay?

I've attempted to go through the source code, but even once I figured out
the idiosyncratic indentation style of rfc2131.c, I still can't figure out
precisely where the logic to generate this message lives.

​Thanks for any help y'all can provide.​
--
James Brown
​Intermittent Network ​
Engineer
Simon Kelley
2016-08-03 21:57:03 UTC
Permalink
"dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored"

Implies that you've somehow configured dnsmasq to ignore this client,
either with

dhcp-host=<stuff to id client>,ignore

or

dhcp-ignore=<some tags>


Maybe take a look at the rest of the config you didn't post or post it
here? Fixing this problem is necessary before looking at the subnet
address selection stuff, which should be possible using a DHCP relay.

Cheers,

Simon.
Post by James Brown
I have a setup roughly like the following ASCII-art diagram
10.0.2.0/24 ==============| | |
| | | |------------------| |-------------| | | |
admin host | | gateway | | | | 10.0.1.2/24 |
| 10.0.1.1/24 | |----------------------------| | |
|------------------| | 10.0.2.1/24 | | client host |
| | | etc | | should
get static lease of | | |
|-------------| | 10.0.2.x | | |
| | |----------------------------| |
|==================================|
|=================================================|
?We have multiple VLANs each of which has its own subnet. They're
bridged by a single multi-homed gateway (actually, an HA pair of
them, but whatever). The gateway is running dhrelay3 and forwarding
DHCP requests to the admin host in the administrative VLAN, which
is running dnsmasq with a database of addresses to hand out.? I
would prefer to be able to avoid having to put that database on the
gateway and have a bunch of dynamic host configuration on a router.
The admin host is single-homed.
The dnsmasq config looks like the following (I've removed most of
port = 0 dhcp-range=10.0.1.0,static,255.255.255.0
dhcp-range=10.0.2.0,static,255.255.255.0 dhcp-option=6,10.0.2.3
dhcp-option=3,10.0.2.1 dhcp-host=00:aa:bb:cc:dd:ee,10.2.0.86
Unfortunately, dnsmasq seems to refuse to hand out addresses from
a non-directly-connected subnet. When the requests come in from
dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile time
options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua
TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq-dhcp: DHCP, static leases only on 10.0.1.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.0.2.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.0.3.0, lease time 1h
10.0.1.0/255.255.255.0 dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0)
00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 1302931552 available DHCP
subnet: 10.0.1.0/255.255.255.0 dnsmasq-dhcp: 1302931552
4279941416 available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 4279941416 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee
ignored
?Tcpdump of the packets being received by ?the host look roughly
22:23:57.987953 IP (tos 0x0, ttl 64, id 48608, offset 0, flags
BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui Unknown), length
300, hops 1, xid 0x4ec4ba20, secs 24, Flags [none] Gateway-IP
10.0.1.1 Client-Ethernet-Address 00:aa:bb:cc:dd:ee (oui Unknown)
Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message
Option 53, length 1: Discover Parameter-Request Option 55, length
13: Subnet-Mask, BR, Time-Zone, Classless-Static-Route Domain-Name,
Domain-Name-Server, Hostname, YD YS, NTP, MTU, Option 119
Default-Gateway
?I would like for the admin host (10.0.1.1/24) to be able to hand
out IP addresses to hosts in any VLAN without having to multi-home
it. Is this just impossible in dnsmasq, or is there some magic
option that will tell it to hand out IP addresses on a
non-connected subnet when the request goes through a relay?
I've attempted to go through the source code, but even once I
figured out the idiosyncratic indentation style of rfc2131.c, I
still can't figure out precisely where the logic to generate this
message lives.
?Thanks for any help y'all can provide.?
_______________________________________________ Dnsmasq-discuss
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
James Brown
2016-08-10 01:25:10 UTC
Permalink
Hi Simon:

The string "ignore" does not occur in my config. Below is the current
entire config that I'm running on while I test this, without the
networks re-written into the clearer forms above:

no-resolv
server=8.8.8.8
no-daemon
no-hosts
log-facility=/dev/null
log-dhcp
log-queries
enable-tftp
tftp-root=/srv/install/tftp
port=0
dhcp-option=6,10.90.95.113
dhcp-range=10.88.81.65,static,255.255.255.192
dhcp-range=10.90.95.65,static,255.255.255.192
dhcp-range=10.91.78.0,static,255.255.255.192
dhcp-range=10.88.177.0,static,255.255.255.128
dhcp-host=0c:c4:7a:8e:1d:62,10.88.177.107
dhcp-option=3,10.88.177.1

And the output when trying to boot the machine listed under dhcp-host:

dnsmasq: started, version 2.76 DNS disabled
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN
DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect
inotify
dnsmasq-dhcp: DHCP, static leases only on 10.88.177.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.91.78.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.90.95.65, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.88.81.65, lease time 1h
dnsmasq-tftp: TFTP root is /srv/install/tftp
dnsmasq-dhcp: 529627704 available DHCP subnet: 10.90.95.65/255.255.255.192
dnsmasq-dhcp: 529627704 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
address available
dnsmasq-dhcp: 529627704 available DHCP subnet: 10.90.95.65/255.255.255.192
dnsmasq-dhcp: 529627704 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
address available
dnsmasq-dhcp: 4100833080 available DHCP subnet: 10.90.95.65/255.255.255.192
dnsmasq-dhcp: 4100833080 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
address available
dnsmasq-dhcp: 4100833080 available DHCP subnet: 10.90.95.65/255.255.255.192
dnsmasq-dhcp: 4100833080 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
address available
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
"dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored"
Implies that you've somehow configured dnsmasq to ignore this client,
either with
dhcp-host=<stuff to id client>,ignore
or
dhcp-ignore=<some tags>
Maybe take a look at the rest of the config you didn't post or post it
here? Fixing this problem is necessary before looking at the subnet
address selection stuff, which should be possible using a DHCP relay.
Cheers,
Simon.
Post by James Brown
I have a setup roughly like the following ASCII-art diagram
10.0.2.0/24 ==============| | |
| | | |------------------| |-------------| | | |
admin host | | gateway | | | | 10.0.1.2/24 |
| 10.0.1.1/24 | |----------------------------| | |
|------------------| | 10.0.2.1/24 | | client host |
| | | etc | | should
get static lease of | | |
|-------------| | 10.0.2.x | | |
| | |----------------------------| |
|==================================|
|=================================================|
?We have multiple VLANs each of which has its own subnet. They're
bridged by a single multi-homed gateway (actually, an HA pair of
them, but whatever). The gateway is running dhrelay3 and forwarding
DHCP requests to the admin host in the administrative VLAN, which
is running dnsmasq with a database of addresses to hand out.? I
would prefer to be able to avoid having to put that database on the
gateway and have a bunch of dynamic host configuration on a router.
The admin host is single-homed.
The dnsmasq config looks like the following (I've removed most of
port = 0 dhcp-range=10.0.1.0,static,255.255.255.0
dhcp-range=10.0.2.0,static,255.255.255.0 dhcp-option=6,10.0.2.3
dhcp-option=3,10.0.2.1 dhcp-host=00:aa:bb:cc:dd:ee,10.2.0.86
Unfortunately, dnsmasq seems to refuse to hand out addresses from
a non-directly-connected subnet. When the requests come in from
dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile time
options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua
TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq-dhcp: DHCP, static leases only on 10.0.1.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.0.2.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.0.3.0, lease time 1h
10.0.1.0/255.255.255.0 dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0)
00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 1302931552 available DHCP
subnet: 10.0.1.0/255.255.255.0 dnsmasq-dhcp: 1302931552
4279941416 available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 4279941416 DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored
?Tcpdump of the packets being received by ?the host look roughly
22:23:57.987953 IP (tos 0x0, ttl 64, id 48608, offset 0, flags
BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui Unknown), length
300, hops 1, xid 0x4ec4ba20, secs 24, Flags [none] Gateway-IP
10.0.1.1 Client-Ethernet-Address 00:aa:bb:cc:dd:ee (oui Unknown)
Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message
Option 53, length 1: Discover Parameter-Request Option 55, length
13: Subnet-Mask, BR, Time-Zone, Classless-Static-Route Domain-Name,
Domain-Name-Server, Hostname, YD YS, NTP, MTU, Option 119
Default-Gateway
?I would like for the admin host (10.0.1.1/24) to be able to hand
out IP addresses to hosts in any VLAN without having to multi-home
it. Is this just impossible in dnsmasq, or is there some magic
option that will tell it to hand out IP addresses on a
non-connected subnet when the request goes through a relay?
I've attempted to go through the source code, but even once I
figured out the idiosyncratic indentation style of rfc2131.c, I
still can't figure out precisely where the logic to generate this
message lives.
?Thanks for any help y'all can provide.?
_______________________________________________ Dnsmasq-discuss
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJXomivAAoJEBXN2mrhkTWic7EP/2NNS6u50qG4MFf/FHjcY2TT
obJoqXpBQJsC/0Dn7Jf19ovTjnALpJKvDy8llDIs753Uav9LpYWHyTB19hz+HI+l
44p2TIv5ZHK1oBxfvJxBgd1v9Aow58r18NzV8ppTRuLdZwFNM2Ej5MXMD1pu3R9q
ir3nJvuXb9CAx3AVWEzAPIL8eNrTI8vstb62uuQOieeb34+xXXs00vmKE52gVy/U
t+4K4iz3R4gbPW0fwTD4ztMla+mJ64D/Ga8xqB0xs/RXMTFbd5QYM+2CiL7WXEb1
RQk4zdbGTCKS2o3aKCxrQuhvwPPd88pXeji4Bu/MZ91H8aRnm2KiAy7E0mtxRGXx
S0vu8KGF5R+bLME5qAMr5rVqMt6ReCOse8UZx8t0N9XUPvwjV7MMR92Lj25HzZlT
/Nb7VhglFb9WsG3668LoCcb3wsjxFvtqNvlPElWNgveP1/pSYus4/r1wXoGgk49O
sTDDJtg5EygGdqce5TnmTbVoSw6ByXSGtZEGuvHJQ8UzbtBC39ySnO/6QakSsykA
/sKXk4qcBdwHh23jyaO6ZKjupmebd5Cw9GlXPMv+Z4mjLmkfjgRu4ojrWCXDeYVA
LKuhIlozayjUJNmzVMmYiwkAtwRyfBSsqNUgGeadDfGep0/Tje9IxHRFUeILyMDJ
LOnMO9Q68dhTYil9uBAZ
=H2WT
-----END PGP SIGNATURE-----
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
--
James Brown
Engineer
Simon Kelley
2016-08-11 19:06:35 UTC
Permalink
OK, so the "ignored" thing was a red-herring, now we have the actual log
s.

You're ASCII art got mangled, so I can't work out exactly what the
network topology is, but the logs show why no address is being allocated
:

dnsmasq-dhcp: 529627704 available DHCP subnet: 10.90.95.65/255.255.255.1
92
dnsmasq-dhcp: 529627704 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
address available

As 0c:c4:7a:8e:1d:62 only has a dhcp-host address on
10.88.177.0/255.255.255.128 but dnsmasq thinks it's on
10.90.95.65/255.255.255.192.

What needs to happen is that the DHCP relay forwards the DHCP discover
packet to dnsmasq, and before it does that, it sets the "giaddr" field
to the relay's address _on_the_subnet_where_the_host_is.

So in this case, giaddr should be set to 10.88.177.1, which would
enable dnsmasq to allocate it an address on that subnet, and not the
subnet where the request arrives at the dnsmasq server.

How is the DHCP relay configured?

Simon.
Post by James Brown
The string "ignore" does not occur in my config. Below is the
current entire config that I'm running on while I test this,
no-resolv server=8.8.8.8 no-daemon no-hosts log-facility=/dev/null
log-dhcp log-queries enable-tftp tftp-root=/srv/install/tftp
port=0 dhcp-option=6,10.90.95.113
dhcp-range=10.88.81.65,static,255.255.255.192
dhcp-range=10.90.95.65,static,255.255.255.192
dhcp-range=10.91.78.0,static,255.255.255.192
dhcp-range=10.88.177.0,static,255.255.255.128
dhcp-host=0c:c4:7a:8e:1d:62,10.88.177.107
dhcp-option=3,10.88.177.1
And the output when trying to boot the machine listed under
dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile time
options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua
TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
dnsmasq-dhcp: DHCP, static leases only on 10.88.177.0, lease time
1h dnsmasq-dhcp: DHCP, static leases only on 10.91.78.0, lease time
1h dnsmasq-dhcp: DHCP, static leases only on 10.90.95.65, lease
time 1h dnsmasq-dhcp: DHCP, static leases only on 10.88.81.65,
lease time 1h dnsmasq-tftp: TFTP root is /srv/install/tftp
10.90.95.65/255.255.255.192 dnsmasq-dhcp: 529627704
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
10.90.95.65/255.255.255.192 dnsmasq-dhcp: 529627704
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
10.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
10.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
On Wed, Aug 3, 2016 at 2:57 PM, Simon Kelley
DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored"
Implies that you've somehow configured dnsmasq to ignore this
client, either with
dhcp-host=<stuff to id client>,ignore
or
dhcp-ignore=<some tags>
Maybe take a look at the rest of the config you didn't post or post
it here? Fixing this problem is necessary before looking at the
subnet address selection stuff, which should be possible using a
DHCP relay.
Cheers,
Simon.
Post by James Brown
I have a setup roughly like the following ASCII-art diagram
|===== VLAN 1 : 10.0.1.0/24 ======| |============== VLAN
2: 10.0.2.0/24 ==============| |
| | | | |------------------| |-------------| | |
| admin host | | gateway | | | |
10.0.1.2/24 | | 10.0.1.1/24 |
|----------------------------| | | |------------------|
| 10.0.2.1/24 | | client host | | |
| etc | | should get static lease of | |
| |-------------| | 10.0.2.x | | | | |
|----------------------------| |
|==================================|
|=================================================|
?We have multiple VLANs each of which has its own subnet.
They're bridged by a single multi-homed gateway (actually, an
HA pair of them, but whatever). The gateway is running
dhrelay3 and forwarding DHCP requests to the admin host in
the administrative VLAN, which is running dnsmasq with a
database of addresses to hand out.? I would prefer to be able
to avoid having to put that database on the gateway and have
a bunch of dynamic host configuration on a router. The admin
host is single-homed.
The dnsmasq config looks like the following (I've removed
port = 0 dhcp-range=10.0.1.0,static,255.255.255.0
dhcp-range=10.0.2.0,static,255.255.255.0
dhcp-option=6,10.0.2.3 dhcp-option=3,10.0.2.1
dhcp-host=00:aa:bb:cc:dd:ee,10.2.0.86
Unfortunately, dnsmasq seems to refuse to hand out addresses
from a non-directly-connected subnet. When the requests come
dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile
time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC
loop-detect inotify dnsmasq-dhcp: DHCP, static leases only on
10.0.1.0, lease time 1h dnsmasq-dhcp: DHCP, static leases
only on 10.0.2.0, lease time 1h dnsmasq-dhcp: DHCP, static
1302931552 available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0)
00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 1302931552 available
DHCP subnet: 10.0.1.0/255.255.255.0 dnsmasq-dhcp: 1302931552
4279941416 available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 4279941416 DHCPDISCOVER(bond0)
00:aa:bb:cc:dd:ee ignored
?Tcpdump of the packets being received by ?the host look
22:23:57.987953 IP (tos 0x0, ttl 64, id 48608, offset 0,
flags [DF], proto UDP (17), length 328) 10.0.1.1.bootps >
admin.bootps: BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui
Unknown), length 300, hops 1, xid 0x4ec4ba20, secs 24, Flags
[none] Gateway-IP 10.0.1.1 Client-Ethernet-Address
00:aa:bb:cc:dd:ee (oui Unknown) Vendor-rfc1048 Extensions
Discover Parameter-Request Option 55, length 13: Subnet-Mask,
BR, Time-Zone, Classless-Static-Route Domain-Name,
Domain-Name-Server, Hostname, YD YS, NTP, MTU, Option 119
Default-Gateway
?I would like for the admin host (10.0.1.1/24) to be able to
hand out IP addresses to hosts in any VLAN without having to
multi-home it. Is this just impossible in dnsmasq, or is
there some magic option that will tell it to hand out IP
addresses on a non-connected subnet when the request goes
through a relay?
I've attempted to go through the source code, but even once
I figured out the idiosyncratic indentation style of
rfc2131.c, I still can't figure out precisely where the logic
to generate this message lives.
?Thanks for any help y'all can provide.?
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Post by James Brown
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
James Brown
2016-08-11 20:01:44 UTC
Permalink
This post might be inappropriate. Click to display it.
Simon Kelley
2016-08-11 22:51:49 UTC
Permalink
In this sort of setup, the only way any DHCP server can determine
which subnet the client is on, and therefore what address is assign
to it, is via the giaddr field set by the relay. That's the function
of the relay: to tell the DHCP server where the DHCP client is,
otherwise simple ip-layer routing would do.

You could start playing with agent-id options (which dnsmasq does
support) but is shouldn't be necessary.

If you can try using dhcp-helper, which is a relay agent I wrote: it's
generally easier to get the configuration right with that than with
dhcrelay.

Cheers,

Simon.
Post by James Brown
The relay is just dhcrelay3 running with default options.
10.90.95.121 is the address of the machine running dnsmasq.
/usr/sbin/dhcrelay3 -d -i bond0.1274 -i bond0.1215 -c 12 -A 576 -m
discard 10.90.95.121
Looking at the dhcrelay source code, it looks like it just sets
giaddr to the first ip address assigned on the system running the
741 if (!packet->giaddr.s_addr) 742 packet->giaddr =
ip->addresses[0]
If dnsmasq really does rely on giaddr being set to an address in
the correct subnet, it looks like I may have to replace dhcrelay3.
Unfortunately, it's running on Brocade vRouter (a routing platform
with a Linux control plane based on the earlier Vyatta product and
related to the open-source VyOS product), so that might be tricky.
On Thu, Aug 11, 2016 at 12:06 PM, Simon Kelley
OK, so the "ignored" thing was a red-herring, now we have the
actual log s.
You're ASCII art got mangled, so I can't work out exactly what the
network topology is, but the logs show why no address is being
10.90.95.65/255.255.255.1 92 dnsmasq-dhcp: 529627704
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
As 0c:c4:7a:8e:1d:62 only has a dhcp-host address on
10.88.177.0/255.255.255.128 but dnsmasq thinks it's on
10.90.95.65/255.255.255.192.
What needs to happen is that the DHCP relay forwards the DHCP
discover packet to dnsmasq, and before it does that, it sets the
"giaddr" field to the relay's address
_on_the_subnet_where_the_host_is.
So in this case, giaddr should be set to 10.88.177.1, which would
enable dnsmasq to allocate it an address on that subnet, and not
the subnet where the request arrives at the dnsmasq server.
How is the DHCP relay configured?
Simon.
Post by James Brown
The string "ignore" does not occur in my config. Below is
the current entire config that I'm running on while I test
this, without the networks re-written into the clearer forms
no-resolv server=8.8.8.8 no-daemon no-hosts
log-facility=/dev/null log-dhcp log-queries enable-tftp
tftp-root=/srv/install/tftp port=0
dhcp-option=6,10.90.95.113
dhcp-range=10.88.81.65,static,255.255.255.192
dhcp-range=10.90.95.65,static,255.255.255.192
dhcp-range=10.91.78.0,static,255.255.255.192
dhcp-range=10.88.177.0,static,255.255.255.128
dhcp-host=0c:c4:7a:8e:1d:62,10.88.177.107
dhcp-option=3,10.88.177.1
And the output when trying to boot the machine listed under
dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile
time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC
loop-detect inotify dnsmasq-dhcp: DHCP, static leases only on
10.88.177.0, lease time 1h dnsmasq-dhcp: DHCP, static leases
only on 10.91.78.0, lease time 1h dnsmasq-dhcp: DHCP, static
leases only on 10.90.95.65, lease time 1h dnsmasq-dhcp: DHCP,
static leases only on 10.88.81.65, lease time 1h
529627704 available DHCP subnet: 10.90.95.65/255.255.255.192
dnsmasq-dhcp: 529627704 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62
no address available dnsmasq-dhcp: 529627704 available DHCP
subnet: 10.90.95.65/255.255.255.192 dnsmasq-dhcp: 529627704
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
10.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
10.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
On Wed, Aug 3, 2016 at 2:57 PM, Simon Kelley
DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored"
Implies that you've somehow configured dnsmasq to ignore
this client, either with
dhcp-host=<stuff to id client>,ignore
or
dhcp-ignore=<some tags>
Maybe take a look at the rest of the config you didn't post
or post it here? Fixing this problem is necessary before
looking at the subnet address selection stuff, which should
be possible using a DHCP relay.
Cheers,
Simon.
Post by James Brown
I have a setup roughly like the following ASCII-art
diagram (numbers and number of VLANs simplified
|===== VLAN 1 : 10.0.1.0/24 ======| |==============
VLAN 2: 10.0.2.0/24 ==============| | | | | |
|------------------| |-------------| | | | admin
host | | gateway | | | | 10.0.1.2/24 |
| 10.0.1.1/24 | |----------------------------| | |
|------------------| | 10.0.2.1/24 | | client
host | | | | etc | | should get static
lease of | | | |-------------| | 10.0.2.x |
| | | | |----------------------------| |
|==================================|
|=================================================|
?We have multiple VLANs each of which has its own
subnet. They're bridged by a single multi-homed gateway
(actually, an HA pair of them, but whatever). The
gateway is running dhrelay3 and forwarding DHCP
requests to the admin host in the administrative VLAN,
which is running dnsmasq with a database of addresses
to hand out.? I would prefer to be able to avoid having
to put that database on the gateway and have a bunch of
dynamic host configuration on a router. The admin host
is single-homed.
The dnsmasq config looks like the following (I've
removed most of the entries and config to simplify the
port = 0 dhcp-range=10.0.1.0,static,255.255.255.0
dhcp-range=10.0.2.0,static,255.255.255.0
dhcp-option=6,10.0.2.3 dhcp-option=3,10.0.2.1
dhcp-host=00:aa:bb:cc:dd:ee,10.2.0.86
Unfortunately, dnsmasq seems to refuse to hand out
addresses from a non-directly-connected subnet. When
the requests come in from 00:aa:bb:cc:dd:ee, I just get
compile time options: IPv6 GNU-getopt no-DBus no-i18n
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth
no-DNSSEC loop-detect inotify dnsmasq-dhcp: DHCP,
static leases only on 10.0.1.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.0.2.0,
lease time 1h dnsmasq-dhcp: DHCP, static leases only on
10.0.3.0, lease time 1h dnsmasq-dhcp: 1302931552
available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0)
00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 1302931552
available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0)
00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 4279941416
available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 4279941416 DHCPDISCOVER(bond0)
00:aa:bb:cc:dd:ee ignored
?Tcpdump of the packets being received by ?the host
22:23:57.987953 IP (tos 0x0, ttl 64, id 48608, offset
0, flags [DF], proto UDP (17), length 328)
10.0.1.1.bootps > admin.bootps: BOOTP/DHCP, Request
from 00:aa:bb:cc:dd:ee (oui Unknown), length 300, hops
1, xid 0x4ec4ba20, secs 24, Flags [none] Gateway-IP
10.0.1.1 Client-Ethernet-Address 00:aa:bb:cc:dd:ee (oui
Unknown) Vendor-rfc1048 Extensions Magic Cookie
0x63825363 DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 13: Subnet-Mask,
BR, Time-Zone, Classless-Static-Route Domain-Name,
Domain-Name-Server, Hostname, YD YS, NTP, MTU, Option
119 Default-Gateway
?I would like for the admin host (10.0.1.1/24) to be
able to hand out IP addresses to hosts in any VLAN
without having to multi-home it. Is this just
impossible in dnsmasq, or is there some magic option
that will tell it to hand out IP addresses on a
non-connected subnet when the request goes through a
relay?
I've attempted to go through the source code, but even
once I figured out the idiosyncratic indentation style
of rfc2131.c, I still can't figure out precisely where
the logic to generate this message lives.
?Thanks for any help y'all can provide.?
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Post by James Brown
Post by James Brown
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
James Brown
2016-08-12 00:13:52 UTC
Permalink
Since I'm using static addresses, it seems like dnsmasq doesn't actually
need to know what subnet the client is in, though. Is there any possibility
of, for static address configuration, just trusting the configuration and
ignoring giaddr?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
In this sort of setup, the only way any DHCP server can determine
which subnet the client is on, and therefore what address is assign
to it, is via the giaddr field set by the relay. That's the function
of the relay: to tell the DHCP server where the DHCP client is,
otherwise simple ip-layer routing would do.
You could start playing with agent-id options (which dnsmasq does
support) but is shouldn't be necessary.
If you can try using dhcp-helper, which is a relay agent I wrote: it's
generally easier to get the configuration right with that than with
dhcrelay.
Cheers,
Simon.
Post by James Brown
The relay is just dhcrelay3 running with default options.
10.90.95.121 is the address of the machine running dnsmasq.
/usr/sbin/dhcrelay3 -d -i bond0.1274 -i bond0.1215 -c 12 -A 576 -m
discard 10.90.95.121
Looking at the dhcrelay source code, it looks like it just sets
giaddr to the first ip address assigned on the system running the
741 if (!packet->giaddr.s_addr) 742 packet->giaddr =
ip->addresses[0]
If dnsmasq really does rely on giaddr being set to an address in
the correct subnet, it looks like I may have to replace dhcrelay3.
Unfortunately, it's running on Brocade vRouter (a routing platform
with a Linux control plane based on the earlier Vyatta product and
related to the open-source VyOS product), so that might be tricky.
On Thu, Aug 11, 2016 at 12:06 PM, Simon Kelley
OK, so the "ignored" thing was a red-herring, now we have the
actual log s.
You're ASCII art got mangled, so I can't work out exactly what the
network topology is, but the logs show why no address is being
10.90.95.65/255.255.255.1 92 dnsmasq-dhcp: 529627704
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
As 0c:c4:7a:8e:1d:62 only has a dhcp-host address on
10.88.177.0/255.255.255.128 but dnsmasq thinks it's on
10.90.95.65/255.255.255.192.
What needs to happen is that the DHCP relay forwards the DHCP
discover packet to dnsmasq, and before it does that, it sets the
"giaddr" field to the relay's address
_on_the_subnet_where_the_host_is.
So in this case, giaddr should be set to 10.88.177.1, which would
enable dnsmasq to allocate it an address on that subnet, and not
the subnet where the request arrives at the dnsmasq server.
How is the DHCP relay configured?
Simon.
Post by James Brown
The string "ignore" does not occur in my config. Below is
the current entire config that I'm running on while I test
this, without the networks re-written into the clearer forms
no-resolv server=8.8.8.8 no-daemon no-hosts
log-facility=/dev/null log-dhcp log-queries enable-tftp
tftp-root=/srv/install/tftp port=0
dhcp-option=6,10.90.95.113
dhcp-range=10.88.81.65,static,255.255.255.192
dhcp-range=10.90.95.65,static,255.255.255.192
dhcp-range=10.91.78.0,static,255.255.255.192
dhcp-range=10.88.177.0,static,255.255.255.128
dhcp-host=0c:c4:7a:8e:1d:62,10.88.177.107
dhcp-option=3,10.88.177.1
dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile
time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC
loop-detect inotify dnsmasq-dhcp: DHCP, static leases only on
10.88.177.0, lease time 1h dnsmasq-dhcp: DHCP, static leases
only on 10.91.78.0, lease time 1h dnsmasq-dhcp: DHCP, static
leases only on 10.90.95.65, lease time 1h dnsmasq-dhcp: DHCP,
static leases only on 10.88.81.65, lease time 1h
529627704 available DHCP subnet: 10.90.95.65/255.255.255.192
dnsmasq-dhcp: 529627704 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62
no address available dnsmasq-dhcp: 529627704 available DHCP
subnet: 10.90.95.65/255.255.255.192 dnsmasq-dhcp: 529627704
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
10.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
10.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080
DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
On Wed, Aug 3, 2016 at 2:57 PM, Simon Kelley
DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored"
Implies that you've somehow configured dnsmasq to ignore
this client, either with
dhcp-host=<stuff to id client>,ignore
or
dhcp-ignore=<some tags>
Maybe take a look at the rest of the config you didn't post
or post it here? Fixing this problem is necessary before
looking at the subnet address selection stuff, which should
be possible using a DHCP relay.
Cheers,
Simon.
Post by James Brown
I have a setup roughly like the following ASCII-art
diagram (numbers and number of VLANs simplified
|===== VLAN 1 : 10.0.1.0/24 ======| |==============
VLAN 2: 10.0.2.0/24 ==============| | | | | |
|------------------| |-------------| | | | admin
host | | gateway | | | | 10.0.1.2/24 |
| 10.0.1.1/24 | |----------------------------| | |
|------------------| | 10.0.2.1/24 | | client
host | | | | etc | | should get static
lease of | | | |-------------| | 10.0.2.x |
| | | | |----------------------------| |
|==================================|
|=================================================|
?We have multiple VLANs each of which has its own
subnet. They're bridged by a single multi-homed gateway
(actually, an HA pair of them, but whatever). The
gateway is running dhrelay3 and forwarding DHCP
requests to the admin host in the administrative VLAN,
which is running dnsmasq with a database of addresses
to hand out.? I would prefer to be able to avoid having
to put that database on the gateway and have a bunch of
dynamic host configuration on a router. The admin host
is single-homed.
The dnsmasq config looks like the following (I've
removed most of the entries and config to simplify the
port = 0 dhcp-range=10.0.1.0,static,255.255.255.0
dhcp-range=10.0.2.0,static,255.255.255.0
dhcp-option=6,10.0.2.3 dhcp-option=3,10.0.2.1
dhcp-host=00:aa:bb:cc:dd:ee,10.2.0.86
Unfortunately, dnsmasq seems to refuse to hand out
addresses from a non-directly-connected subnet. When
the requests come in from 00:aa:bb:cc:dd:ee, I just get
compile time options: IPv6 GNU-getopt no-DBus no-i18n
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth
no-DNSSEC loop-detect inotify dnsmasq-dhcp: DHCP,
static leases only on 10.0.1.0, lease time 1h
dnsmasq-dhcp: DHCP, static leases only on 10.0.2.0,
lease time 1h dnsmasq-dhcp: DHCP, static leases only on
10.0.3.0, lease time 1h dnsmasq-dhcp: 1302931552
available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0)
00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 1302931552
available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0)
00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 4279941416
available DHCP subnet: 10.0.1.0/255.255.255.0
dnsmasq-dhcp: 4279941416 DHCPDISCOVER(bond0)
00:aa:bb:cc:dd:ee ignored
?Tcpdump of the packets being received by ?the host
22:23:57.987953 IP (tos 0x0, ttl 64, id 48608, offset
0, flags [DF], proto UDP (17), length 328)
10.0.1.1.bootps > admin.bootps: BOOTP/DHCP, Request
from 00:aa:bb:cc:dd:ee (oui Unknown), length 300, hops
1, xid 0x4ec4ba20, secs 24, Flags [none] Gateway-IP
10.0.1.1 Client-Ethernet-Address 00:aa:bb:cc:dd:ee (oui
Unknown) Vendor-rfc1048 Extensions Magic Cookie
0x63825363 DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 13: Subnet-Mask,
BR, Time-Zone, Classless-Static-Route Domain-Name,
Domain-Name-Server, Hostname, YD YS, NTP, MTU, Option
119 Default-Gateway
?I would like for the admin host (10.0.1.1/24) to be
able to hand out IP addresses to hosts in any VLAN
without having to multi-home it. Is this just
impossible in dnsmasq, or is there some magic option
that will tell it to hand out IP addresses on a
non-connected subnet when the request goes through a
relay?
I've attempted to go through the source code, but even
once I figured out the idiosyncratic indentation style
of rfc2131.c, I still can't figure out precisely where
the logic to generate this message lives.
?Thanks for any help y'all can provide.?
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Post by James Brown
Post by James Brown
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJXrQGEAAoJEBXN2mrhkTWig8kP/1t2SdrDxfYGMRSv646wm0CA
U+glD/7ASlHjmQIzEBDqdIVvVMqxKFEqiAbs6N+Mx/qjyTd6eBrhb2yVhg4pYdA3
e5HcmwMz3WwIbpN5JaAIdThQh/2KJGwegasZt40XzTHs8N5L6IyhTGr/IFJygrY1
fgBI7NCTLUgT8S1zVQg8ziE94IdFMTc1meOPJeqmTZMqkAJkrmShezioBQDb94Ab
uO/aoovQ2BLASBdaaGV0ZdHm4LJGmsI/qwg4JmzbZUhIk+UDXZ6VFY8LPUa4qmtE
vHgIVTg4MQEbqV+nDmiLRMDsJWdTeFem0qWi3TqiEhFfbO7aC1LtgEgtcxud2vi8
wYBU5BlAwMmQzbXofw5A35Gp/DO6d4AklZWQz0U+U+7q8G6taxgDjBJWpPdlLCKY
equBTECbLANn3hrCFGiOFzqpP0eEgbrzUbUumwAbwY6FnnTTQgylZqJY+YgvW6rH
WQhpogwWR0ZxaXddnmc3MhMPfQZF5Q2vlSuXAYqj/6JFKWAGOKx975shqwx5oWj2
WsY3v9692ivFRBvZkb1mftCesySG/JcFf9n4se0stAq4EoJXBHfhkvn59Wlhye9v
rsTUPYdHVMoyoga7WRvMdplylvaSZwBWHr4ajsCUA5jWjR8sEgLNI24tj+kaZsPR
SoyPB8vi8OBRvFfUGYiy
=bsx+
-----END PGP SIGNATURE-----
--
James Brown
Engineer
Simon Kelley
2016-08-12 19:15:31 UTC
Permalink
Post by James Brown
Since I'm using static addresses, it seems like dnsmasq doesn't
actually need to know what subnet the client is in, though. Is
there any possibility of, for static address configuration, just
trusting the configuration and ignoring giaddr?
No, the DHCP server has to be able to determine which subnet(s) the
client is located on. Apart from anything else, dnsmasq supports
multiple static addresses for a client, and choses the one which is
suitable for the clients current subnet.


What you're trying to do with a DHCP relay is completely standard: it
should be possble to make it work.


Cheers,

Simon.

Loading...