On 3/28/25 18:33, support | IT visibility wrote:
>
> On 3/24/25 09:47, support | IT visibility via Dnsmasq-discuss wrote:
>> Hi *,
>>
>> I’m using dnsmasq with a few vlan interfaces and each interface is tagged.
>>
>> And running tests with pihole as well as native dnsmasq.
>>
>> An example on how this is setup in both cases (.i.e. pihole as well as
>> native dnsmsaq):
>>
>> =====
>>
>> # Wired - vlan 210
>>
>> interface=eth0.210
>>
>> domain=wired.lan,192.168.210.0/24,local
>>
>> dhcp-range=set:vlan-210,192.168.210.11,192.168.210.99,168h
>>
>> dhcp-option=tag:vlan-210,option:router,192.168.210.241
>>
>> dhcp-option=tag:vlan-210,option:dns-server,192.168.210.235
>>
>> dhcp-option=tag:vlan-210,option:ntp-server,192.168.210.235
>>
>> dhcp-option=tag:vlan-210,option:domain-name,wired.lan
>>
>> =====
>>
>> The idea behind this is that devices with multiple vlan interfaces
>> have their IP’s registered with dhcp and dns.
>>
>> The dhcp part seems to work – all interfaces have the correct IP details.
>>
>> However, the log has numerous wrong-address errors like this (i.e.
>> pihole as well as native dnsmasq):
>>
>> =====
>>
>> Mar 24 09:02:03 dnsmasq-dhcp[49]: DHCPREQUEST(eth0.210)
>> 192.168.210.201
>> bc:24:11:87:be:e5
>>
>> Mar 24 09:02:03 dnsmasq-dhcp[49]: DHCPNAK(eth0.210) 192.168.210.201
>> bc:24:11:87:be:e5 wrong address
>>
>> Mar 24 09:02:03 dnsmasq-dhcp[49]: DHCPDISCOVER(eth0.210)
>> bc:24:11:87:be:e5
>>
>> Mar 24 09:02:03 dnsmasq-dhcp[49]: DHCPOFFER(eth0.210) 192.168.210.201
>> bc:24:11:87:be:e5
>>
>> Mar 24 09:02:03 dnsmasq-dhcp[49]: DHCPREQUEST(eth0.210)
>> 192.168.210.201
>> bc:24:11:87:be:e5
>>
>> Mar 24 09:02:03 dnsmasq-dhcp[49]: DHCPACK(eth0.210) 192.168.210.201
>> bc:24:11:87:be:e5 osiris
>>
>> =====
>>
>> *Question-1*: where are these wrong-address messages coming from?
>>
>> If I look at the dhcp.leases (Pihole) or dnsmasq.leases (native
>> dnsmasq) there is always one entry like this:
>>
>> 1743408124 bc:24:11:87:be:e5 192.168.230.201 osiris *
>>
>> *Question-2*: why is there only an entry from the last vlan interface
>> of (in this example) osiris? And not one for every vlan interface?
>>
>> *Question-3*: the same applies for dns regestrations where there is
>> only an entry for the last vlan interface?
>>
>> I have tried to force this dns regestration for all fqdn’s for each
>> vlan using the following settings (i.e. pihole as well as native dnsmasq):
>>
>> dhcp-ignore-clid
>>
>> dhcp-fqdn
>>
>> dhcp-client-update
>>
>> expand-hosts
>>
>> domain-needed
>>
>> domain=lan
>>
>> local=/lan/
>>
>> Does the above ring any bells? Any suggestion?
>>
>> With warm regards – Will
>>
>>
>
>> Answer 1: Because a lease exists for the relevant MAC address with a different IP address to the address it's requesting.
>>
>> Answer 2: Because the device is using the same MAC address on all the VLANS it's talking through. The MAC address is supposed to be unique: a DHCP
>> server won't allow a MAC address to have more than one lease.
>>
>> Answer 3: Partly the same answer as 2, but even if you use unique MAC addresses (or client-ids) dnsmasq will only associate a DNS name with at most one
>> DHCP lease. That's a design decision.
>
> =====
>
> Thank you for the detailed and to-the-point answers... which makes me wundering:
> If the mac-address is unique and clid is set via the duid option, all interfaces/vlan-domains are registered in DNS.
>
> In addition, the leases file shows all the registrations - including the clid for each interface.
> This showed me that both are unique across all interfaces.
>
> If I then remove the custom mac addresses (leaving the unique clid's in place), only the last one is registered in dns.
> Which is not what I would expect based on what the manual says about the way things are expected to work with clid's.
>
> This was tested with a Debian LXC-container where I replaced ifupdown and isc-dhcp-client with systemd-networkd.
>
> What am I missing/overlooking here?
>>Do you still have dhcp-ignore-clid in >your configuration? That would
>mess what you're trying to do here.
No - this setting was not in the config. Meaning I tested with active clid's.
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
