[Bug 876458] Re: dnsmasq started before all interfaces are up
Simon Kelley
simon at thekelleys.org.uk
Mon Jan 2 21:31:40 UTC 2012
On 02/01/12 09:44, Thomas Schweikle wrote:
>> That's exactly what happens without --bind-interface, interfaces which
>> are configured in dnsmasq but don't exist at startup generate a warning
>> only, and start to work when they are created.
>
> This seems to be correct.
>
>> Packets from interfaces which are not configured are ignored.
>
> This isn't correct at all. Assume configuration:
>
> auto vm0
> iface vm0 inet dhcp
> bridge_fd 3
> bridge_hello 2
> bridge_maxage 12
> bridge_stp off
> bridge_ports eth0
>
> auto vm1
> iface vm1 inet static
> address 172.18.1.1
> netmask 255.255.255.0
> bridge_fd 3
> bridge_hello 2
> bridge_maxage 12
> bridge_stp off
> pre-up brctl addbr $IFACE
> post-down brctl delbr $IFACE
>
> auto vm8
> iface vm1 inet static
> address 172.18.8.1
> netmask 255.255.255.0
> bridge_fd 3
> bridge_hello 2
> bridge_maxage 12
> bridge_stp off
> pre-up brctl addbr $IFACE
> post-down brctl delbr $IFACE
>
> and in /etc/dnsmasq.conf:
> localise-queries
> domain-needed
> expand-hosts
> no-negcache
> filterwin2k
> cache-size=150
>
> dhcp-authoritative
> dhcp-fqdn
> dhcp-leasefile=/var/lib/misc/dnsmasq.leases
>
> dhcp-boot=boot/grub/i386-pc/core.0
> dhcp-no-override
> tftp-root=/srv/tftpboot
> enable-tftp
>
> listen-address=127.0.0.1
> resolv-file=/etc/resolv.dhcp
>
> domain=fritz.box
>
> #== Interface vm1
> listen-address=172.18.1.1
> domain=fritz.box,172.18.1.0/24
> dhcp-range=172-18-1,172.18.1.129,172.18.1.200,255.255.255.0,30m
> dhcp-option=net:172-18-1,28,172.18.1.255 # option broadcast address
> dhcp-option=net:172-18-1,3,172.18.1.1 # option default route
> dhcp-option=net:172-18-1,option:domain-search,fritz.box # option domain search (RFC-3397)
> dhcp-option=net:172-18-1,42,172.18.1.1 # option ntp-servers
> dhcp-option=net:172-18-1,6,172.18.1.1 # option domain name servers
> dhcp-option=net:172-18-1,15,fritz.box # option domain name
> dhcp-option=net:172-18-1,40,fritz.box # option nis domain
> dhcp-option=net:172-18-1,23,50 # option ttl
> dhcp-option=net:172-18-1,19,0 # option ip-forwarding off
> dhcp-option=net:172-18-1,44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
> dhcp-option=net:172-18-1,45,0.0.0.0 # netbios datagram distribution server
> dhcp-option=net:172-18-1,46,8 # netbios node type
>
> dhcp-option=net:172-18-1,vendor:PXEClient,1,0.0.0.0
> dhcp-option=net:172-18-1,vendor:MSFT,2,1i # Microsoft: tell client to release the lease
>
> #== Interface vm8
> listen-address=172.18.8.1
> domain=fritz.box,172.18.8.0/24
> dhcp-range=172-18-8,172.18.8.129,172.18.8.200,255.255.255.0,30m
> dhcp-option=net:172-18-8,28,172.18.8.255 # option broadcast address
> dhcp-option=net:172-18-8,3,172.18.8.1 # option default route
> dhcp-option=net:172-18-8,option:domain-search,fritz.box # option domain search (RFC-3397)
> dhcp-option=net:172-18-8,42,172.18.8.1 # option ntp-servers
> dhcp-option=net:172-18-8,6,172.18.8.1 # option domain name servers
> dhcp-option=net:172-18-8,15,fritz.box # option domain name
> dhcp-option=net:172-18-8,40,fritz.box # option nis domain
> dhcp-option=net:172-18-8,23,50 # option ttl
> dhcp-option=net:172-18-8,19,0 # option ip-forwarding off
> dhcp-option=net:172-18-8,44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
> dhcp-option=net:172-18-8,45,0.0.0.0 # netbios datagram distribution server
> dhcp-option=net:172-18-8,46,8 # netbios node type
>
> dhcp-option=net:172-18-8,vendor:PXEClient,1,0.0.0.0
> dhcp-option=net:172-18-8,vendor:MSFT,2,1i # Microsoft: tell client to release the lease
>
>
> dhcp-queries are answered on interfaces connected to all bridges! As soon, as I turn on dnsmasq systems connected via ethernet receive addresses from my dnsmasq dhcp server I'd suppose only being seen from virtual bridges inside the host. If I turn on "bind-interfaces" all is OK again.
>
OK, some of this behaviour, I think I understand, some not.
The first thing to say, is that it's much better to use --interface,
instead of --listen-address to control this stuff with DHCP.
--listen-address works fine for DNS or TFTP, because the client sends
requests to a server address, and the that can be used to filter
incoming requests. If a request is sent to 172.18.8.1 or 172.18.1.1 it
gets answered, other addresses, it is ignored.
This doesn't work for DHCP, because DHCP requests are broadcast to
255.255.255.255. The only thing dnsmasq really knows about a DHCP
request is which interface it arrived on. To do --listen-address
filtering, it uses the primary IP address of that interface. If the
interface doesn't _have_ an IP address, like vm0, it can't do filtering
and answers always. That may be a bug: I need to think about this more,
but the immediate solution is to use
interface=vm1
interface=vm8
instead of listen-address. That always well-defined.
For the DHCP part of dnsmasq, the only difference in behavior between
--bind-interfaces and no --bind-interfaces, is that the sockopt
SO_REUSEADDR is set on the DHCP listening socket whith
--bind-interfaces. I'm not sure if that's having an effect here.
Simon.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/876458
Title:
dnsmasq started before all interfaces are up
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/876458/+subscriptions
More information about the Ubuntu-server-bugs
mailing list