date:20170928

Re: [Dnsmasq-discuss] DNSMASQ Not Sending ACK?

2017-09-28 Thread Jason Kary

Hi Folks,

I was able to fix the problem by removing the following code:

lines 1107-1108 in rfc2131.c:

  if (option_addr(opt).s_addr != override.s_addr)
return 0;

Once I commented out this if statement the client was able to obtain the 
correct IP address via DHCP Relay.  The return 0 was causing the dnsmasq 
process to just silently ignore the DHCP Request packet.

I do not understand what the above code is checking for and why it is returning 
0.  Maybe someone can help me the context a bit better?

Take Care
Jason

> On Sep 25, 2017, at 4:11 PM, Jason Kary  wrote:
> 
> Hi Chris,
> 
> I cloned the GIT repository and tested with version 2.78test2-gb697fbb 
> 
> I’m still seeing the server fail to respond to the request message:
> 
> Frame 40189 (388 bytes on wire, 388 bytes captured)
>Arrival Time: Sep 25, 2017 20:59:01.142813000
>[Time delta from previous captured frame: 0.000646000 seconds]
>[Time delta from previous displayed frame: 0.000646000 seconds]
>[Time since reference or first frame: 149.170698000 seconds]
>Frame Number: 40189
>Frame Length: 388 bytes
>Capture Length: 388 bytes
>[Frame is marked: False]
>[Protocols in frame: eth:ip:udp:bootp]
> Ethernet II, Src: 58:ac:78:b1:38:e1 (58:ac:78:b1:38:e1), Dst: 
> 00:0c:29:cf:10:0b (00:0c:29:cf:10:0b)
>Destination: 00:0c:29:cf:10:0b (00:0c:29:cf:10:0b)
>Address: 00:0c:29:cf:10:0b (00:0c:29:cf:10:0b)
> ...0     = IG bit: Individual address (unicast)
> ..0.     = LG bit: Globally unique address 
> (factory default)
>Source: 58:ac:78:b1:38:e1 (58:ac:78:b1:38:e1)
>Address: 58:ac:78:b1:38:e1 (58:ac:78:b1:38:e1)
> ...0     = IG bit: Individual address (unicast)
> ..0.     = LG bit: Globally unique address 
> (factory default)
>Type: IP (0x0800)
> Internet Protocol, Src: 33.33.33.33 (33.33.33.33), Dst: 10.168.101.20 
> (10.168.101.20)
>Version: 4
>Header length: 20 bytes
>Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
>0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
> ..0. = ECN-Capable Transport (ECT): 0
> ...0 = ECN-CE: 0
>Total Length: 374
>Identification: 0xbd9b (48539)
>Flags: 0x00
>0.. = Reserved bit: Not Set
>.0. = Don't fragment: Not Set
>..0 = More fragments: Not Set
>Fragment offset: 0
>Time to live: 255
>Protocol: UDP (0x11)
>Header checksum: 0x4acd [correct]
>[Good: True]
>[Bad : False]
>Source: 33.33.33.33 (33.33.33.33)
>Destination: 10.168.101.20 (10.168.101.20)
> User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
>Source port: bootps (67)
>Destination port: bootps (67)
>Length: 354
>Checksum: 0x95d3 [validation disabled]
>[Good Checksum: False]
>[Bad Checksum: False]
> Bootstrap Protocol
>Message type: Boot Request (1)
>Hardware type: Ethernet
>Hardware address length: 6
>Hops: 1
>Transaction ID: 0x21696b65
>Seconds elapsed: 0
>Bootp flags: 0x (Unicast)
>0...    = Broadcast flag: Unicast
>.000    = Reserved flags: 0x
>Client IP address: 0.0.0.0 (0.0.0.0)
>Your (client) IP address: 0.0.0.0 (0.0.0.0)
>Next server IP address: 0.0.0.0 (0.0.0.0)
>Relay agent IP address: 33.33.33.33 (33.33.33.33)
>Client MAC address: 00:0c:29:65:e0:ea (00:0c:29:65:e0:ea)
>Client hardware address padding: 
>Server host name not given
>Boot file name not given
>Magic cookie: (OK)
>Option: (t=53,l=1) DHCP Message Type = DHCP Request
>Option: (53) DHCP Message Type
>Length: 1
>Value: 03
>Option: (t=54,l=4) DHCP Server Identifier = 10.168.101.20
>Option: (54) DHCP Server Identifier
>Length: 4
>Value: 0AA86514
>Option: (t=50,l=4) Requested IP Address = 10.168.102.128
>Option: (50) Requested IP Address
>Length: 4
>Value: 0AA86680
>Option: (t=55,l=18) Parameter Request List
>Option: (55) Parameter Request List
>Length: 18
>Value: 011C02790F060C28292A1A770379F921FC2A
>1 = Subnet Mask
>28 = Broadcast Address
>2 = Time Offset
>121 = Classless Static Route
>15 = Domain Name
>6 = Domain Name Server
>12 = Host Name
>40 = Network Information Service Domain
>41 = Network Information Service Servers
>42 = Network Time Protocol Servers
>26 = Interface MTU
>119 = Domain Search [TODO]
>3 = Router
>121 = Classless Static Route
>249 = Private/Classless Static Route (Microsoft)
>33 = Static Route
>252 = Private/Proxy autodiscovery
>42 = Network Time Protocol Servers
>Option: (t=82,l=44)

Re: [Dnsmasq-discuss] DNSMASQ Not Sending ACK?

2017-09-28 Thread Jason Kary

Hi Folks,

I wanted to follow up and see if anyone is available to help debug this issue?  
I won’t have the test bed available to me to help out for much longer.

Is there some sort of debug that I could collect to help with the analysis?

Take Care
Jason

> On Sep 25, 2017, at 4:11 PM, Jason Kary  wrote:
> 
> Hi Chris,
> 
> I cloned the GIT repository and tested with version 2.78test2-gb697fbb 
> 
> I’m still seeing the server fail to respond to the request message:
> 
> Frame 40189 (388 bytes on wire, 388 bytes captured)
>Arrival Time: Sep 25, 2017 20:59:01.142813000
>[Time delta from previous captured frame: 0.000646000 seconds]
>[Time delta from previous displayed frame: 0.000646000 seconds]
>[Time since reference or first frame: 149.170698000 seconds]
>Frame Number: 40189
>Frame Length: 388 bytes
>Capture Length: 388 bytes
>[Frame is marked: False]
>[Protocols in frame: eth:ip:udp:bootp]
> Ethernet II, Src: 58:ac:78:b1:38:e1 (58:ac:78:b1:38:e1), Dst: 
> 00:0c:29:cf:10:0b (00:0c:29:cf:10:0b)
>Destination: 00:0c:29:cf:10:0b (00:0c:29:cf:10:0b)
>Address: 00:0c:29:cf:10:0b (00:0c:29:cf:10:0b)
> ...0     = IG bit: Individual address (unicast)
> ..0.     = LG bit: Globally unique address 
> (factory default)
>Source: 58:ac:78:b1:38:e1 (58:ac:78:b1:38:e1)
>Address: 58:ac:78:b1:38:e1 (58:ac:78:b1:38:e1)
> ...0     = IG bit: Individual address (unicast)
> ..0.     = LG bit: Globally unique address 
> (factory default)
>Type: IP (0x0800)
> Internet Protocol, Src: 33.33.33.33 (33.33.33.33), Dst: 10.168.101.20 
> (10.168.101.20)
>Version: 4
>Header length: 20 bytes
>Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
>0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
> ..0. = ECN-Capable Transport (ECT): 0
> ...0 = ECN-CE: 0
>Total Length: 374
>Identification: 0xbd9b (48539)
>Flags: 0x00
>0.. = Reserved bit: Not Set
>.0. = Don't fragment: Not Set
>..0 = More fragments: Not Set
>Fragment offset: 0
>Time to live: 255
>Protocol: UDP (0x11)
>Header checksum: 0x4acd [correct]
>[Good: True]
>[Bad : False]
>Source: 33.33.33.33 (33.33.33.33)
>Destination: 10.168.101.20 (10.168.101.20)
> User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
>Source port: bootps (67)
>Destination port: bootps (67)
>Length: 354
>Checksum: 0x95d3 [validation disabled]
>[Good Checksum: False]
>[Bad Checksum: False]
> Bootstrap Protocol
>Message type: Boot Request (1)
>Hardware type: Ethernet
>Hardware address length: 6
>Hops: 1
>Transaction ID: 0x21696b65
>Seconds elapsed: 0
>Bootp flags: 0x (Unicast)
>0...    = Broadcast flag: Unicast
>.000    = Reserved flags: 0x
>Client IP address: 0.0.0.0 (0.0.0.0)
>Your (client) IP address: 0.0.0.0 (0.0.0.0)
>Next server IP address: 0.0.0.0 (0.0.0.0)
>Relay agent IP address: 33.33.33.33 (33.33.33.33)
>Client MAC address: 00:0c:29:65:e0:ea (00:0c:29:65:e0:ea)
>Client hardware address padding: 
>Server host name not given
>Boot file name not given
>Magic cookie: (OK)
>Option: (t=53,l=1) DHCP Message Type = DHCP Request
>Option: (53) DHCP Message Type
>Length: 1
>Value: 03
>Option: (t=54,l=4) DHCP Server Identifier = 10.168.101.20
>Option: (54) DHCP Server Identifier
>Length: 4
>Value: 0AA86514
>Option: (t=50,l=4) Requested IP Address = 10.168.102.128
>Option: (50) Requested IP Address
>Length: 4
>Value: 0AA86680
>Option: (t=55,l=18) Parameter Request List
>Option: (55) Parameter Request List
>Length: 18
>Value: 011C02790F060C28292A1A770379F921FC2A
>1 = Subnet Mask
>28 = Broadcast Address
>2 = Time Offset
>121 = Classless Static Route
>15 = Domain Name
>6 = Domain Name Server
>12 = Host Name
>40 = Network Information Service Domain
>41 = Network Information Service Servers
>42 = Network Time Protocol Servers
>26 = Interface MTU
>119 = Domain Search [TODO]
>3 = Router
>121 = Classless Static Route
>249 = Private/Classless Static Route (Microsoft)
>33 = Static Route
>252 = Private/Proxy autodiscovery
>42 = Network Time Protocol Servers
>Option: (t=82,l=44) Agent Information Option
>Option: (82) Agent Information Option
>Length: 44
>Value: 010A01080006004C4F2A002F020658AC78B138E1970A0062...
>Agent Circuit ID: 01080006004C4F2A002F
>Agent Remote ID: 58AC78B138E1
>DHCPv4 Virtual Subnet Selection: 006262742D76786

[Dnsmasq-discuss] multiple upstream servers from behind NAT

2017-09-28 Thread Jeff

I have a server my.natted.server NAT'ed behind a public firewall, with
config lines for both of my upstream ISP nameservers:
server=
server=

I chose to use both ISP nameservers for redundancy, but this is not a
requirement.

I see dnsmasq query either upstream server, without issue. Here are 2
successful examples:

successful example:
15:41:50.958340 IP my.natted.server.54406 > ns01.my-isp.com.domain:
21145+ A? www.apple.com. (31)
15:41:50.987324 IP ns01.my-isp.com.domain > my.natted.server.54406:
21145 4/0/0 CNAME www.apple.com.edgekey.net., CNAME
www.apple.com.edgekey.net.globalredir.akadns.net., CNAME
e6858.dsce9.akamaiedge.net., A 23.36.67.187 (182)

successful example:
15:44:04.098088 IP my.natted.server.41451 > ns02.my-isp.com.domain:
30158+ A? www.apple.com. (31)
15:44:04.125471 IP ns02.my-isp.com.domain > my.natted.server.41451:
30158 4/0/0 CNAME www.apple.com.edgekey.net., CNAME
www.apple.com.edgekey.net.globalredir.akadns.net., CNAME
e6858.dsce9.akamaiedge.net., A 23.222.204.41 (182)

Occasionally I see a failure where dnsmasq sends out queries to both
upstream ISP nameservers, instructing each to reply to the same port.
The first one to reply "wins" and the 2nd to replay elicits an ICMP
"port unreachable". Here are 2 failure examples:

failure example:
15:36:49.835378 IP my.natted.server.17990 > ns01.my-isp.com.domain:
65330+ A? ns01.my-isp.com. (35)
15:36:49.835391 IP my.natted.server.17990 > ns02.my-isp.com.domain:
65330+ A? ns01.my-isp.com. (35)
15:36:49.863241 IP ns02.my-isp.com.domain > my.natted.server.17990:
65330 1/0/0 A 71.10.216.1 (51)
15:36:49.867784 IP ns01.my-isp.com.domain > my.natted.server.17990:
65330 1/0/0 A 71.10.216.1 (51)
15:36:49.867804 IP my.natted.server > ns01.my-isp.com: ICMP
my.natted.server udp port 17990 unreachable, length 87

failure example:
15:37:32.910884 IP my.natted.server.48523 > ns01.my-isp.com.domain:
51470+ A? ns02.my-isp.com. (35)
15:37:32.910915 IP my.natted.server.48523 > ns02.my-isp.com.domain:
51470+ A? ns02.my-isp.com. (35)
15:37:32.938315 IP ns01.my-isp.com.domain > my.natted.server.48523:
51470 1/0/0 A 71.10.216.2 (51)
15:37:32.942897 IP ns02.my-isp.com.domain > my.natted.server.48523:
51470 1/0/0 A 71.10.216.2 (51)
15:37:32.942930 IP my.natted.server > ns02.my-isp.com: ICMP
my.natted.server udp port 48523 unreachable, length 87

Question:
Is this an issue with:
1) My dnsmasq configuration?
2) dnsmasq?
3) my NAT'ing firewall?

Question:
For the failure examples above, is the DNS client successfully
resolving the query?
(implies the ICMP responses can be safely ignored)

I am running dnsmasq-2.66 on CentOS-7 Linux.

TIA,
Jeff

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] DNSMASQ Not Sending ACK?

Re: [Dnsmasq-discuss] DNSMASQ Not Sending ACK?

[Dnsmasq-discuss] multiple upstream servers from behind NAT

3 matches

Site Navigation

Mail list logo

Footer information