Discussion:
[Dnsmasq-discuss] Detect conflicting DHCP servers
james garner
2012-03-09 09:25:54 UTC
Permalink
Dear list,

our DHCP requests are handled by dnsmasq on the main server. Every now and
then a technically illiterate person connects a device to the network that
by default acts as DHCP-server, may it be a print server or a switch. Is
there a way to tell dnsmasq to periodically scan for other DHCP-servers and
give a warning if necessary?
Thanks
r***@gmail.com
2012-03-09 20:38:07 UTC
Permalink
Contacting DHCP servers is a task for a DHCP client, not a DHCP server.
There are a number of scripts available which will send a request and
listen to all responses (not just the first), generating an alert if any
unexpected nodes responded. Google "rogue DHCP detect".
Post by james garner
Dear list,
our DHCP requests are handled by dnsmasq on the main server. Every now and
then a technically illiterate person connects a device to the network that
by default acts as DHCP-server, may it be a print server or a switch. Is
there a way to tell dnsmasq to periodically scan for other DHCP-servers and
give a warning if necessary?
Thanks
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Conrad Kostecki
2012-03-09 20:50:49 UTC
Permalink
Hello!
I've here an WLAN-AP from Cisco. It's the WAP4410N.
It supports nativly IPv6 and DHCPv6.

My Problem is, it seems not got get an IP from DNSMasq for IPv6. As I
have SSH on this AP, i debugged a little bit.
There is the client "dhcp6c" installed.

The config there is:
interface br0 {
send rapid-commit;
request dns-servers;
request domain;
};

I am attaching verbose log files of dnsmasq-dhcp and dhcp6c. Can someone
look into it? Is this a problem with dnsmasq, or is this the fault of
Cisco and dhcp6c? As I see in the log, there seems to be given an IP to
my AP, but my AP does not use it?

Thanks!
Conrad
Simon Kelley
2012-03-09 21:08:11 UTC
Permalink
Post by Conrad Kostecki
Hello!
I've here an WLAN-AP from Cisco. It's the WAP4410N.
It supports nativly IPv6 and DHCPv6.
My Problem is, it seems not got get an IP from DNSMasq for IPv6. As I
have SSH on this AP, i debugged a little bit.
There is the client "dhcp6c" installed.
interface br0 {
send rapid-commit;
request dns-servers;
request domain;
};
It it possible to alter that config? If so can you try without "send
rapid-commit", to see if that improves things?

Cheers,

Simon.
Conrad Kostecki
2012-03-09 21:14:01 UTC
Permalink
Hi Simon,
yes, i can alter it. I've removed this line, but it did not help :(

Conrad
Post by Simon Kelley
Post by Conrad Kostecki
Hello!
I've here an WLAN-AP from Cisco. It's the WAP4410N.
It supports nativly IPv6 and DHCPv6.
My Problem is, it seems not got get an IP from DNSMasq for IPv6. As I
have SSH on this AP, i debugged a little bit.
There is the client "dhcp6c" installed.
interface br0 {
send rapid-commit;
request dns-servers;
request domain;
};
It it possible to alter that config? If so can you try without "send
rapid-commit", to see if that improves things?
Cheers,
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Simon Kelley
2012-03-09 21:21:26 UTC
Permalink
Post by Conrad Kostecki
Hi Simon,
yes, i can alter it. I've removed this line, but it did not help :(
Ah well, worth a try.

I haven't tested the WIDE dhcp6 client at all. I'll install it here in
the next couple of days and see if I can reproduce the problem.

Later....


Cheers,

Simon.
Conrad Kostecki
2012-03-10 00:17:06 UTC
Permalink
Post by Simon Kelley
nt at all. I'll install it here in
the next couple of days and see if I can reproduce the problem.
Later....
Cheers,
Simon.
Hi Simon,
thanks for your time! :)
FYI: When I use dibbler-server, my cisco wlan-ap gets an ipv6-address
leased with default config.

Conrad
Simon Kelley
2012-03-10 18:14:19 UTC
Permalink
Post by Conrad Kostecki
Post by Simon Kelley
nt at all. I'll install it here in
the next couple of days and see if I can reproduce the problem.
Later....
Cheers,
Simon.
Hi Simon,
thanks for your time! :)
FYI: When I use dibbler-server, my cisco wlan-ap gets an ipv6-address
leased with default config.
OK, I'm confused. I just installed WIDE dhcp client: the current version
in Debian, which is 20080615-11.1 That seems to correspond with the
latest release on Sourceforge.

It looks similar to what you have: the client is called dhcp6c, and the
config file format looks similar, but not the same, I have to use

request domain-name-servers;
request domain-name;

to avoid a syntax error. Making those changes, it does stateless mode
successfully. To make it ask for a lease I have to add

send ia-na 100;

id-assoc na 100 { };

to the configuration. That then seems to work OK, in rapid-commit mode
and otherwise.

Whatever client you have, it's not quite the same as I have. Are there
any more clues available as to what we're dealing with?

As an alternative approach, could you get complete packet dumps of the
client talking to Dibbler, and trying to talk to dnsmasq, so we can see
what the differences are?

The easiest way to get the dumps is to run tcpdump on the machine
running dnsmasq with a command like

tcpdump -i eth1 -s0 -w /tmp/dump 'udp port 547'

After the DHCP interaction, control-c the tcpdump command and send me
the /tmp/dump file off-list.


Cheers,

Simon.
Simon Kelley
2012-03-10 18:41:12 UTC
Permalink
I forgot to say in my previous message: I have debugging logging turned
on in WIDE dhcp6c and it's very obvious that Conrad's client is closely
related to the client I'm running: there are not two client called
dhcp6c, but Conrad's version WIDE dhcp6c is significantly different to
the one in Debian.

Simon.

Loading...