Hi, On Wed, 25 Aug 2021 at 22:11, Simon Kelley <si...@thekelleys.org.uk> wrote: > > On 24/08/2021 08:05, Tom Yan wrote: > > Hi, > > > > I'm trying to have both a dhcp server and a dhcp relay agent running > > on the same host, which should bind to a different interface > > respectively. While `bind-interfaces` appears to work for the dhcp > > server, it seems to be ignored for the dhcp relay agent. > > > > `bind-dynamic` has a similar problem as well. If the binding *was > > actually delayed* because of the option, even the dhcp server will not > > bind to an interface (but simply `0.0.0.0:67`). > > > > Are these known limitations or bugs? > > > Sort of. It's complicated for DHCP. Because DHCP has to talk to > no-configured hosts, it has to cope with strange packets with things > like 0.0.0.0 source addresses and 255.255.255.255 destination > addresses. The normal method of binding to the local address of an > interface doesn't therefore work well, and is not done, even when > --bind-interfaces is set. The DHCP server always uses a single socket > bound to 0.0.0.0:67 > > This nearly always works, except when it doesn't. The main place it > doesn't is when running multiple DHCP servers, and there is a mitigation > for that: if the configuration states that exactly _one_ interface is > all that can ever be used for DHCP then the DHCP socket gets nailed to > that one, physical, interface. (not to the address, to the actual > interface.) If that happens, a message something like > > DHCP, sockets bound exclusively to interface br-lan > > is logged at start-up. > > That doesn't help you, since you are trying to do DHCP (as a relay and > as a server) on two different interfaces. > > Doing that would, in theory, be possible, but it would be a significant > change to the existing code. > > The best immediate suggestion I can make is to use dnsmasq as the DHCP > server, and run a stand-alone relay (I have one, called dhcp-helper) and > the ISC suite included a relay too. Try both, they do low level stuff in > different ways, and one may work when the other doesn't.
Yeah I thought of that too. Was too lazy to actually study/test another suite though. Nevertheless I ended up running an additional instance as the dhcp server in a network namespace and made the existing non-relaying instance a pure dns forwarder -- I would like to use the systemd-resolved stub as its upstream server. Everything seems to work fine now. > > > > > > > P.S. Btw it's sad that there's not something like `no-dns-interface`... > > > From a POV of completeness, or would it actually be useful? Well it could be a bit problematic / annoying when one wants to use dnsmasq for dhcp only, but I guess in most cases everyone just copes with it in one way or another. > > > > Cheers, > > Simon. > > > > > Regards, > > Tom > > > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
