Discussion:
[Dnsmasq-discuss] why does dnsmasq reject lease request?
Will Parsons
2017-02-01 22:39:25 UTC
Permalink
I have two DNS servers on a single network - one on the router provided by
the ISP and one running dnsmasq on one of my own machines (which I'd like to
be preferred if it's available).

Dnsmasq is configured to give out a static address for each host I have
configured by keeping a list of MAC addresses in /etc/ethers and using that
to associate an Ethernet address with a host.

It sometimes rejects a lease request for reasons I cannot understand. The
following example is case of a machine called "oenone" trying to obtain a
lease:

First, the relevant parts of dnsmasq.conf are:

domain-needed
bogus-priv
filterwin2k
resolv-file=/usr/local/etc/resolv.conf
local=/local/
addn-hosts=/usr/local/etc/hosts
expand-hosts
domain=varronet
dhcp-range=10.0.0.2,10.0.0.63,12h
read-ethers
dhcp-option=3,10.0.0.1
dhcp-option=6,10.0.0.7
dhcp-authoritative
log-queries
log-dhcp

=============
/etc/ethers contains:
08:00:27:57:c5:96 oenone

=============
/usr/local/etc/hosts contains:
10.0.0.13 oenone oenone.local

=============

The dhcp log contains:

Feb 1 15:17:48 anukis dnsmasq-dhcp[792]: 2515125253 available DHCP range: 10.0.0.2 -- 10.0.0.63
Feb 1 15:17:48 anukis dnsmasq-dhcp[792]: 2515125253 client provides name: oenone
Feb 1 15:17:48 anukis dnsmasq-dhcp[792]: 2515125253 DHCPREQUEST(wlan0) 10.0.0.13 08:00:27:57:c5:96
Feb 1 15:17:48 anukis dnsmasq-dhcp[792]: 2515125253 DHCPNAK(wlan0) 10.0.0.13 08:00:27:57:c5:96 wrong server-ID
Feb 1 15:17:48 anukis dnsmasq-dhcp[792]: 2515125253 broadcast response
Feb 1 15:17:48 anukis dnsmasq-dhcp[792]: 2515125253 sent size: 1 option: 53 message-type 6
Feb 1 15:17:48 anukis dnsmasq-dhcp[792]: 2515125253 sent size: 4 option: 54 server-identifier 10.0.0.7
Feb 1 15:17:48 anukis dnsmasq-dhcp[792]: 2515125253 sent size: 15 option: 56 message 77:72:6f:6e:67:20:73:65:72:76:65:72:2d:49...
Feb 1 15:17:59 anukis dnsmasq-dhcp[792]: 667454177 available DHCP range: 10.0.0.2 -- 10.0.0.63
Feb 1 15:17:59 anukis dnsmasq-dhcp[792]: 667454177 client provides name: oenone
Feb 1 15:17:59 anukis dnsmasq-dhcp[792]: 667454177 DHCPREQUEST(wlan0) 10.0.0.13 08:00:27:57:c5:96
Feb 1 15:17:59 anukis dnsmasq-dhcp[792]: 667454177 DHCPNAK(wlan0) 10.0.0.13 08:00:27:57:c5:96 wrong server-ID
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 1 15:17:59 anukis dnsmasq-dhcp[792]: 667454177 broadcast response
Feb 1 15:17:59 anukis dnsmasq-dhcp[792]: 667454177 sent size: 1 option: 53 message-type 6
Feb 1 15:17:59 anukis dnsmasq-dhcp[792]: 667454177 sent size: 4 option: 54 server-identifier 10.0.0.7
Feb 1 15:17:59 anukis dnsmasq-dhcp[792]: 667454177 sent size: 15 option: 56 message 77:72:6f:6e:67:20:73:65:72:76:65:72:2d:49...

Feb 1 15:18:05 anukis dnsmasq-dhcp[792]: 667454177 available DHCP range: 10.0.0.2 -- 10.0.0.63
Feb 1 15:18:05 anukis dnsmasq-dhcp[792]: 667454177 client provides name: oenone
Feb 1 15:18:05 anukis dnsmasq-dhcp[792]: 667454177 DHCPREQUEST(wlan0) 10.0.0.13 08:00:27:57:c5:96
Feb 1 15:18:05 anukis dnsmasq-dhcp[792]: 667454177 DHCPNAK(wlan0) 10.0.0.13 08:00:27:57:c5:96 wrong server-ID
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Feb 1 15:18:05 anukis dnsmasq-dhcp[792]: 667454177 broadcast response
Feb 1 15:18:05 anukis dnsmasq-dhcp[792]: 667454177 sent size: 1 option: 53 message-type 6
Feb 1 15:18:05 anukis dnsmasq-dhcp[792]: 667454177 sent size: 4 option: 54 server-identifier 10.0.0.7
Feb 1 15:18:05 anukis dnsmasq-dhcp[792]: 667454177 sent size: 15 option: 56 message 77:72:6f:6e:67:20:73:65:72:76:65:72:2d:49...

=============

I can't understand why dnsmasq is rejecting the DHCPREQUEST.
Jim Alles
2017-02-02 14:00:42 UTC
Permalink
Hello Will,

You would need a wireshark capture to see the issue here, the log does not
tell the whole story.

It would appear that both DHCP servers are answering the clients's requests.

We don't know your network configuration, or how the ISP's 'router' is set
up to be able to say for sure.
But you should limit the IP range of each to avoid the other.

What I do, is use dnsmasq in a (mostly) open source GUI wrapper called NGFW
by Untangle. It can replace the NAT/router/firewall/DNS/DHCP services of
the ISP device, if you get it (ISP device) into bridged mode. You would
have to provide for a Wi-Fi Access Point separately.

What is your ISP?

Nice .conf, for home, BTW.

Jim A.
Post by Will Parsons
I have two DNS servers on a single network - one on the router provided by
the ISP and one running dnsmasq on one of my own machines (which I'd like to
be preferred if it's available).
Simon Kelley
2017-02-02 16:25:30 UTC
Permalink
Some possible confusion here between DNS servers and DHCP servers. If
the two _DNS_ servers the OP refers to are both also DHCP servers,
then Jim's advice is good. If the OP has two DNS servers, one of which
is dnsmasq which is also acting as the DHCP server (which is how I
read it) then the problem looks like a broken DHCP client, which is
attempting to restart using a DHCP lease it has on some other DHCP
server.

On receipt of the DHCPNAK reply, it should react by doing a
DHCPDISCOVER and find a DHCP server and lease from scratch, rather
then continually retrying. A work around may be to remove whatever
state the broken DHCP client has (/var/lib/dhcp or similar, forget
leases using the GUI in Windows/Apple, factory reset for IoT-type stuff.

Cheers,

Simon.
Post by Jim Alles
Hello Will,
You would need a wireshark capture to see the issue here, the log
does not tell the whole story.
It would appear that both DHCP servers are answering the clients's requests.
We don't know your network configuration, or how the ISP's 'router'
is set up to be able to say for sure. But you should limit the IP
range of each to avoid the other.
What I do, is use dnsmasq in a (mostly) open source GUI wrapper
called NGFW by Untangle. It can replace the
NAT/router/firewall/DNS/DHCP services of the ISP device, if you get
it (ISP device) into bridged mode. You would have to provide for a
Wi-Fi Access Point separately.
What is your ISP?
Nice .conf, for home, BTW.
Jim A.
On Wed, Feb 1, 2017 at 5:39 PM, Will Parsons
I have two DNS servers on a single network - one on the router
provided by the ISP and one running dnsmasq on one of my own
machines (which I'd like to be preferred if it's available).
_______________________________________________ Dnsmasq-discuss
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Loading...