Re: dhclient fails to write resolv.conf

Kenneth Westerback Thu, 24 Nov 2016 14:40:14 -0800

As is shown by the -L file, your DHCP server is configured incorrectly
(a.k.a. in violation of the DHCP RFC's). In particular it is specifically
FORBIDDEN to pay any attention to the static route option in the presence
of a classless-static-routes option. So configuring the server to NOT have
a default route in the classless-static-routes option is an error that must
be fixed at the server.


As RFC 3442 says

"If the DHCP server returns both a Classless Static Routes option and a
Router option, the DHCP client MUST ignore the Router option."

We abide by the RFC. Unfortunately some other OS's do not.

.... Ken

On Thu, 24 Nov 2016 at 17:28 ED Fochler <[email protected]> wrote:

>
> > On 2016, Nov 23, at 6:49 PM, Stuart Henderson <[email protected]>
> wrote:
> >
> > It would probably be useful to get a packet capture…
>
> A packet capture can be grabbed fro here:
> http://liquidbinary.com/dhcpuploads/dhcp.pcap
>
> I am now certain I misidentified the nature of the bug.  It’s not
> linux that is to blame, but classless-static-routes, dhcp option
> number 121, from RFC3442.
>
> On my network segment that has a static route handed out
> by the DHCP server, OpenBSD sees the lease, and refuses to
> do anything with it.  I think that behavior is wrong, and not
> intended.
>
> Effective lease is entirely correct, dhclient silently fails to
> implement anything in routes, /etc/resolv.conf.
>
>   and thank you for the tcpdump incantation.
>
>         ED.
>
>
> Following Inline: leasefile as logged by dhclient-L  and
> tcpdump expanded.
>
> offered {
>   interface "em0";
>   fixed-address 172.16.50.83;
>   next-server 172.16.50.1;
>   option subnet-mask 255.255.255.0;
>   option routers 172.16.50.1;
>   option domain-name-servers 172.16.50.1;
>   option domain-name "linux.dnstest.biz";
>   option broadcast-address 172.16.50.255;
>   option dhcp-lease-time 7200;
>   option dhcp-message-type 5;
>   option dhcp-server-identifier 172.16.50.1;
>   option dhcp-renewal-time 3600;
>   option dhcp-rebinding-time 6300;
>   option dhcp-client-identifier 1:0:c:29:ac:91:e5;
>   option classless-static-routes 10.40.1.0/24 172.16.50.5;
>   renew 4 2016/11/24 23:01:47 UTC;
>   rebind 4 2016/11/24 23:46:47 UTC;
>   expire 5 2016/11/25 00:01:47 UTC;
> }
> effective {
>   interface "em0";
>   fixed-address 172.16.50.83;
>   next-server 172.16.50.1;
>   option subnet-mask 255.255.255.0;
>   option routers 172.16.50.1;
>   option domain-name-servers 172.16.50.1;
>   option domain-name "linux.dnstest.biz";
>   option broadcast-address 172.16.50.255;
>   option dhcp-lease-time 7200;
>   option dhcp-message-type 5;
>   option dhcp-server-identifier 172.16.50.1;
>   option dhcp-renewal-time 3600;
>   option dhcp-rebinding-time 6300;
>   option dhcp-client-identifier 1:0:c:29:ac:91:e5;
>   option classless-static-routes 10.40.1.0/24 172.16.50.5;
>   renew 4 2016/11/24 23:01:47 UTC;
>   rebind 4 2016/11/24 23:46:47 UTC;
>   expire 5 2016/11/25 00:01:47 UTC;
> }
>
>
>
> 17:01:47.601656 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok]
> xid:0x94414a69 vend-rfc1048 DHCP:DISCOVER PR:SM+BR+TZ+121+DG+DN+119+NS+HN
> CID:1.0.12.41.172.145.229 [tos 0x10] (ttl 128, id 0, len 328)
>   0000: 4510 0148 0000 0000 8011 3996 0000 0000  E..H......9.....
>   0010: ffff ffff 0044 0043 0134 de4c 0101 0600  .....D.C.4.L....
>   0020: 9441 4a69 0000 0000 0000 0000 0000 0000  .AJi............
>   0030: 0000 0000 0000 0000 000c 29ac 91e5 0000  ..........).....
>   0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0100: 0000 0000 0000 0000 6382 5363 3501 0137  ........c.Sc5..7
>   0110: 0901 1c02 7903 0f77 060c 3d07 0100 0c29  ....y..w..=....)
>   0120: ac91 e5ff 0000 0000 0000 0000 0000 0000  ................
>   0130: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0140: 0000 0000 0000 0000                      ........
>
> 17:01:47.602775 172.16.50.1.67 > 172.16.50.83.68: [udp sum ok]
> xid:0x94414a69 Y:172.16.50.83 S:172.16.50.1 vend-rfc1048 DHCP:OFFER
> SID:172.16.50.1 LT:7200 RN:3600 RB:6300 SM:255.255.255.0 BR:172.16.50.255
> DG:172.16.50.1 NS:172.16.50.1 DN:"linux.dnstest.biz"
> T121:403318785,2886742533 [tos 0xc0] (ttl 64, id 22281, len 349)
>   0000: 45c0 015d 5709 0000 4011 6552 ac10 3201  E..][email protected].
>   0010: ac10 3253 0043 0044 0149 1ce0 0201 0600  ..2S.C.D.I......
>   0020: 9441 4a69 0000 0000 0000 0000 ac10 3253  .AJi..........2S
>   0030: ac10 3201 0000 0000 000c 29ac 91e5 0000  ..2.......).....
>   0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0100: 0000 0000 0000 0000 6382 5363 3501 0236  ........c.Sc5..6
>   0110: 04ac 1032 0133 0400 001c 203a 0400 000e  ...2.3.... :....
>   0120: 103b 0400 0018 9c01 04ff ffff 001c 04ac  .;..............
>   0130: 1032 ff03 04ac 1032 0106 04ac 1032 010f  .2.....2.....2..
>   0140: 116c 696e 7578 2e64 6e73 7465 7374 2e62  .linux.dnstest.b
>   0150: 697a 7908 180a 2801 ac10 3205 ff         izy...(...2..
>
> 17:01:47.604833 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok]
> xid:0x94414a69 vend-rfc1048 DHCP:REQUEST RQ:172.16.50.83 SID:172.16.50.1
> PR:SM+BR+TZ+121+DG+DN+119+NS+HN CID:1.0.12.41.172.145.229 [tos 0x10] (ttl
> 128, id 0, len 328)
>   0000: 4510 0148 0000 0000 8011 3996 0000 0000  E..H......9.....
>   0010: ffff ffff 0044 0043 0134 5e28 0101 0600  .....D.C.4^(....
>   0020: 9441 4a69 0000 0000 0000 0000 0000 0000  .AJi............
>   0030: 0000 0000 0000 0000 000c 29ac 91e5 0000  ..........).....
>   0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0100: 0000 0000 0000 0000 6382 5363 3501 0332  ........c.Sc5..2
>   0110: 04ac 1032 5336 04ac 1032 0137 0901 1c02  ...2S6...2.7....
>   0120: 7903 0f77 060c 3d07 0100 0c29 ac91 e5ff  y..w..=....)....
>   0130: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0140: 0000 0000 0000 0000                      ........
>
> 17:01:47.607782 172.16.50.1.67 > 172.16.50.83.68: [udp sum ok]
> xid:0x94414a69 Y:172.16.50.83 S:172.16.50.1 vend-rfc1048 DHCP:ACK
> SID:172.16.50.1 LT:7200 RN:3600 RB:6300 SM:255.255.255.0 BR:172.16.50.255
> DG:172.16.50.1 NS:172.16.50.1 DN:"linux.dnstest.biz"
> T121:403318785,2886742533 [tos 0xc0] (ttl 64, id 22282, len 349)
>   0000: 45c0 015d 570a 0000 4011 6551 ac10 3201  E..][email protected].
>   0010: ac10 3253 0043 0044 0149 19e0 0201 0600  ..2S.C.D.I......
>   0020: 9441 4a69 0000 0000 0000 0000 ac10 3253  .AJi..........2S
>   0030: ac10 3201 0000 0000 000c 29ac 91e5 0000  ..2.......).....
>   0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0100: 0000 0000 0000 0000 6382 5363 3501 0536  ........c.Sc5..6
>   0110: 04ac 1032 0133 0400 001c 203a 0400 000e  ...2.3.... :....
>   0120: 103b 0400 0018 9c01 04ff ffff 001c 04ac  .;..............
>   0130: 1032 ff03 04ac 1032 0106 04ac 1032 010f  .2.....2.....2..
>   0140: 116c 696e 7578 2e64 6e73 7465 7374 2e62  .linux.dnstest.b
>   0150: 697a 7908 180a 2801 ac10 3205 ff         izy...(...2..
>
>
>

Re: dhclient fails to write resolv.conf

Reply via email to