On 8/18/25 14:46, Florent Fourcot wrote:
Hello,
We are observing wrong IPv4 attributions by dnsmasq. We don't have (yet)
a ready-to-use reproducer, but the scenario is this one:
* Dnsmasq is configured to distribute addresses on two interfaces:
* eth1.211 with subnet 10.188.0.1/16
* eth1.2395 with subnet 10.191.95.0/24
Configuration is this one:
interface=eth1.211
dhcp-range=eth1.211,10.188.1.1,10.188.255.254,604800
interface=eth1.2395
dhcp-range=eth1.2395,10.191.95.2,10.191.95.254,24h
The bug is triggered only when eth1.2395 does not exists. dnsmasq is
emitting a warning on startup: "warning: interface eth1.2395 does not
currently exist".
Bad network attribution does not start immediately. Dnsmasq can be
running without any issue for several days. But at one point, IP of 2395
are being distributed to eth1.211 client. It looks like something
trigger a bug in network detection. Here are the log of the first user
receiving a bad IP address:
DHCPREQUEST(eth1.211) 10.228.2.57 aa:bb:cc:ed:f2:89 # this request is
not valid
DHCPNAK(eth1.211) 10.228.2.57 aa:bb:cc:ed:f2:89 address not available
DHCPDISCOVER(eth1.211) aa:bb:cc:ed:f2:89
DHCPOFFER(eth1.211) 10.191.95.64 aa:bb:cc:ed:f2:89 # IP address for
eth1.2395 interface, not eth1.211
DHCPREQUEST(eth1.211) 10.191.95.64 aa:bb:cc:ed:f2:89
DHCPACK(eth1.211) 10.191.95.64 aa:bb:cc:ed:f2:89
After this first bad lease, a lot of client a receiving this kind of not
working IP addresses. A restart of dnsmasq fixes this issue.
Our current workaround is to never run dnsmasq with a missing interface,
but I think that something interesting can be found with this issue. We
are running dnsmasq version 2.92.
Please do not hesitate if I can provide more logs or configuration. We
will try to generate a reproducer, but it does not look very easy.
Adding log-dhcp to you dnsmasq config will generate more logged data
that could be useful.
My first suspicion here is netmasks. If dnsmasq's idea of the netmasks
on the two interfaces is different from what you think it is, that could
explain what's going on.
Dnsmasq usually derives the netmask from interface config, so if the
netmasks on your interfaces are wrong, that could be the source of the
problem.
It's also worth explicitly configuring the netmask in the dhcp ranges
dhcp-range=eth1.211,10.188.1.1,10.188.255.254,255.255.0.0,604800
dhcp-range=eth1.2395,10.191.95.2,10.191.95.254,255.255.255.0,24h
to see if that fixes things.
Cheers,
Simon.
Best regards,
Florent Fourcot
_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
