[Dnsmasq-discuss] "no address range available for DHCP request via br0" when using for IPv6 RA

[Ben Hendin]

I'm running Dnsmasq version 2.85-openssl-5-g989ee98 on an embedded device
(Entware installation)

I am seeing log entries that state the following when clients come onto the
network to request IP addresses via DHCP:

"no address range available for DHCP request via br0"

br0 is a bridged interface that includes the LAN and main WiFi of the
embedded device.

The issue is that I do not use dnsmasq on this device for DHCP on this
interface.
(I do have it configured to deliver dhcp-range information to some other
wireless interfaces.)
The main function on this interface is DNS and to deliver RAs for IPv6.

It appears, in order to deliver RAs to my clients the following lines must
be configured:

---
interface=br0
ra-param=br0,10,600
enable-ra
dhcp-range=lan,::,constructor:br0,ra-stateless,64,600
---

In other words, dhnsmasq must be configured to deliver the "dhcp-range"
option in order to deliver RAs (enable-ra isn't enough)
Because of this you can't use the "no-dhcp-interface=br0" option or else
the dhcp-range and therefore the RA will not get delivered to clients.

When a client joins the network, it requests an IPv4 address, which will
not be served by dnsmasq, but by another authoritative server on the
network.
However, because dnsmasq is configured to provide DHCP services, yet has no
IPv4 range defined it spits out the "no address range available"

I have tried changing the "ra-stateless" option to "slaac" or "ra-only" as
the description of "ra-only" seems to indicate that dnsmasq will then be
made aware it is only to deliver RAs and not DHCP (though perhaps this only
registers for v6).  I have also tried to use "quiet-dhcp" to suppress these
unsuccessfully.   Because the message is still logged, it would fall under
"error or problem" according to "quiet-dhcp" specifications.

Is this behavior expected?  If so, is it considered preferable or should
dnsmasq have some configuration where it should not assume that an IPv4
range being unconfigured is an issue worth notifying about in scenarios
like this?

thank you
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] dnsmasq reverse auth zone transfers

[Petr Menšík]

If dnsmasq on the router is down, what exactly those hosts would be able 
to do? Ping themselves? I expect the casa.lan assigns addresses via DHCP.


dnsmasq can provide zone transfer ability when --auth-zone is used. But 
I would not recommend it for your use. Windows DNS should cache 
previously queried hosts, so even on small downtime it will serve their 
addresses. Abilities of dnsmasq are limited, it is not full fledged 
named server, which can send notifies on every change in dns zone. It 
does not support incremental transfers. Zones would need to query 
dnsmasq for serial number changes. There is some support for auth zone 
and downloads, but forwarding seems better suited to me. Also much more 
tested.


I would expect various incompatibilities with AXFR downloads, because 
dnsmasq implements just small subset of common primary server features.


On 3/31/23 17:32, Juanca wrote:



El vie, 31 mar 2023 a las 17:29, Andrew Miskell 
() escribió:


You technically don’t need a zone transfer, you can use a
conditional forwarder on the Active Directory DNS. Setup a
conditional forwarder for casa.lan and point it to the IP of your
router where dnsmasq is running. After that, when AD DNS receives
a query for anything in the casa.lan domain, it’ll forward the
query to dnsmasq and it’ll respond with the appropriate IP address.

More details:

https://www.interfacett.com/blogs/windows-server-how-to-configure-a-conditional-forwarder-in-dns/


Thanks for your fast response. But in case that casa.lan is down, no 
resolve is made. That is why I'd like to make zone transfers.


Regards


On Mar 31, 2023, at 10:25 AM, Juanca  wrote:



El vie, 31 mar 2023 a las 2:45, Andrew Miskell
() escribió:

What exactly are you trying to accomplish? Your windows
clients to be able to resolve the clients on your router’s
domain (casa.lan) via DNS?
Yes, this is what I need, but I'm unable to list the clients
from the dominio.lab windows server machine.



Sent from my iPhone


On Mar 30, 2023, at 18:45, Juanca 
wrote:


I appreciate these tips

Do you think that I should write a new post?


Thanks!!


Regards

El vie, 31 mar 2023 a las 1:11, Geert Stappers
() escribió:

On Wed, Mar 29, 2023 at 06:25:25PM +0200, Juanca wrote:
> Hi,
>
> I'm using dnsmasq in muy tomato router (mips arch).
This is the main dns
> sever for my home (casa.lan). Also, I've a windows
server lab, with a
> domain and it's own dns server as well (dominio.lab).
I need the windows
> server to be able to get all the dns clients from main
dns server in my
> router, so I'm trying to make a transfer zone from
router to windows dns
> server. I'm facing some issues, and I've just read
that dnsmasq does not
> provide reverse zone transfer. I've also just found a
fork that says toi be
> able to make it possible (basezen/dnsmasq: Fork of
Simon Kelley's dnsmasq
> to add IPv6 zone transfer. Proposed patch (github.com
)
> ), but it seems
quite complicated for
> me to compile and make it work in my router.
>
> As you can see, I'm not an expert in dns stuff, so
it's being difficult to
> me to understand all options, and the way I should be
configuring it.
>
> What I really need is to make my windows server be
able to "get and see"
> all my dnsmasq router's dns clients (for example, in
case my router shuts
> down, and my windows server's clients should be able
to resolve router's
> dns clients). Also, I'd need the very same, but
viceversa, so in case of my
> windows server fails, my dnsmasq router's dns server
is able to resolve my
> windows server's dns clients.
>
> My question is..
> is it able for me to get it working without needing
any patch?

> I'd love to have some tips from you guys.

Tips:
 - Do not ask others what your limits should be ( "able
for me" )
 - Drop restrictions   ( "without needing any ..." )
 - Use open questions  (avoid "get it working [yes/no]"
questions)


> Please, let me know if I should give you any other
information

Tell your audience what they might be missing.
Explain them the cool thing that you want, aim for
common interrest.


> Thanks a 

Re: [Dnsmasq-discuss] dnsmasq reverse auth zone transfers

[Juanca]

Ok

Thanks so much for your help and advice.


Regards

El lun, 3 abr 2023 a las 18:44, Petr Menšík ()
escribió:

> If dnsmasq on the router is down, what exactly those hosts would be able
> to do? Ping themselves? I expect the casa.lan assigns addresses via DHCP.
>
> dnsmasq can provide zone transfer ability when --auth-zone is used. But I
> would not recommend it for your use. Windows DNS should cache previously
> queried hosts, so even on small downtime it will serve their addresses.
> Abilities of dnsmasq are limited, it is not full fledged named server,
> which can send notifies on every change in dns zone. It does not support
> incremental transfers. Zones would need to query dnsmasq for serial number
> changes. There is some support for auth zone and downloads, but forwarding
> seems better suited to me. Also much more tested.
>
> I would expect various incompatibilities with AXFR downloads, because
> dnsmasq implements just small subset of common primary server features.
> On 3/31/23 17:32, Juanca wrote:
>
>
>
> El vie, 31 mar 2023 a las 17:29, Andrew Miskell ()
> escribió:
>
>> You technically don’t need a zone transfer, you can use a conditional
>> forwarder on the Active Directory DNS. Setup a conditional forwarder for
>> casa.lan and point it to the IP of your router where dnsmasq is running.
>> After that, when AD DNS receives a query for anything in the casa.lan
>> domain, it’ll forward the query to dnsmasq and it’ll respond with the
>> appropriate IP address.
>>
>> More details:
>> https://www.interfacett.com/blogs/windows-server-how-to-configure-a-conditional-forwarder-in-dns/
>>
>>
> Thanks for your fast response. But in case that casa.lan is down, no
> resolve is made. That is why I'd like to make zone transfers.
>
> Regards
>
>> On Mar 31, 2023, at 10:25 AM, Juanca  wrote:
>>
>>
>>
>> El vie, 31 mar 2023 a las 2:45, Andrew Miskell ()
>> escribió:
>>
>>> What exactly are you trying to accomplish? Your windows clients to be
>>> able to resolve the clients on your router’s domain (casa.lan) via DNS?
>>> Yes, this is what I need, but I'm unable to list the clients from the
>>> dominio.lab windows server machine.
>>>
>>>
>>>
>>> Sent from my iPhone
>>>
>>> On Mar 30, 2023, at 18:45, Juanca  wrote:
>>>
>>> 
>>> I appreciate these tips
>>>
>>> Do you think that I should write a new post?
>>>
>>>
>>> Thanks!!
>>>
>>>
>>> Regards
>>>
>>> El vie, 31 mar 2023 a las 1:11, Geert Stappers ()
>>> escribió:
>>>
 On Wed, Mar 29, 2023 at 06:25:25PM +0200, Juanca wrote:
 > Hi,
 >
 > I'm using dnsmasq in muy tomato router (mips arch). This is the main
 dns
 > sever for my home (casa.lan). Also, I've a windows server lab, with a
 > domain and it's own dns server as well (dominio.lab). I need the
 windows
 > server to be able to get all the dns clients from main dns server in
 my
 > router, so I'm trying to make a transfer zone from router to windows
 dns
 > server. I'm facing some issues, and I've just read that dnsmasq does
 not
 > provide reverse zone transfer. I've also just found a fork that says
 toi be
 > able to make it possible (basezen/dnsmasq: Fork of Simon Kelley's
 dnsmasq
 > to add IPv6 zone transfer. Proposed patch (github.com)
 > ), but it seems quite
 complicated for
 > me to compile and make it work in my router.
 >
 > As you can see, I'm not an expert in dns stuff, so it's being
 difficult to
 > me to understand all options, and the way I should be configuring it.
 >
 > What I really need is to make my windows server be able to "get and
 see"
 > all my dnsmasq router's dns clients (for example, in case my router
 shuts
 > down, and my windows server's clients should be able to resolve
 router's
 > dns clients). Also, I'd need the very same, but viceversa, so in case
 of my
 > windows server fails, my dnsmasq router's dns server is able to
 resolve my
 > windows server's dns clients.
 >
 > My question is..
 > is it able for me to get it working without needing any patch?

 > I'd love to have some tips from you guys.

 Tips:
  - Do not ask others what your limits should be ( "able for me" )
  - Drop restrictions   ( "without needing any ..." )
  - Use open questions  (avoid "get it working [yes/no]" questions)


 > Please, let me know if I should give you any other information

 Tell your audience what they might be missing.
 Explain them the cool thing that you want, aim for common interrest.


 > Thanks a lot in advance

 No, not accepted.
 Express "thanks" when you get something usefull.


 > Regards
 > Juanca



 Groeten
 Geert Stappers
 --
 Silence is hard to parse

 ___
 Dnsmasq-discuss mailing list
 Dnsmasq-disc