On 29/11/2023 23:09, Chris Friesen via Dnsmasq-discuss wrote:
Hi,
I was just wondering whether the --interface and --except-interface
options to dnsmasq would also apply to messages like DHCPDISCOVER and
DHCPREQUEST which are broadcast to 255.255.255.255.
In my particular case I have an existing dnsmasq instance that is
running, and I want to add a second dnsmasq instance to handle DHCP
requests coming from a specific subset of interfaces. I don't want the
primary dnsmasq instance to see the requests coming in on those
interfaces, and I don't want the second dnsmasq instance to see requests
coming in on the other interfaces.
As a concrete example, suppose I have network interfaces eth0/eth1/eth2
and I have instance A of dnsmasq which is run as "dnsmasq
--except-interface eth2", and instance B of dnsmasq which is run as
"dnsmasq --interface eth2 --except-interface lo".
If a broadcast DHCPDISCOVER or DHCPREQUEST comes in on eth0/eth1 which
dnsmasq instance(s) will see it?
If a broadcast DHCPDISCOVER or DHCPREQUEST comes in on eth2 which
dnsmasq instance(s) will see it?
If a broadcast DHCPDISCOVER or DHCPREQUEST is emitted by an entity on
the local host which dnsmasq instance(s) will see it?
Thanks,
Chris Friesen
As you've surmised, making more than one dnsmasq/DHCP instance on a
server work is tricky.
It can be done, but only in a very specific way.
Each dnsmasq instance must be configured to serve exactly one interface,
using the --interface config option.
Under these circumstances, dnsmasq will log
DHCP, sockets bound exclusively to interface <interface>
at startup.
Your example will not work, because your instance A is binding to more
than one interface. To fix this you need to start separate dnsmasq
instances for eth0 and eth1, or you need to bridge eth0 and eth1 to
single bridge interface and configure dnsmasq to listen on that.
The reason behind this is that the dnsmasq DHCP subsystem uses one
socket, which listens on the wildcard address (so that broadcasts to
255.255.255.255 arrive, amongst other reasons.) In the "exactly one
interface" state, dnsmasq can also bind that socket to a physical
interface, using the SO_BINDTODEVICE socket option, which allows the
multiple-server setup to work. SO_BINDTODEVICE only allows one device,
hence the one interface limitation.
Cheers,
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
