[Dnsmasq-discuss] Defending IP address
Hi, I have a number of IoT devices. Occasionally, when they try to set up the DHCP lease, some of them send wrong packets. The device effectively claims the IP address of the DHCP server. From the system log: May 4 05:39:59 srv1 dhcpcd[449]: eth0: hardware address xx:xx:xx:xx:xx::ce claims 192.168.1.10 where 192.168.1.10 is the address of the DHCP server. If a second package arrives within 10 seconds, May 4 05:40:08 srv1 dhcpcd[449]: eth0: hardware address xx:xx:xx:xx:xx::e7 claims 192.168.1.10 dnsmasq shuts down the network connection dhcpcd[449]: eth0: 10 second defence failed for 192.168.1.10 dnsmasq-dhcp[24169]: DHCPRELEASE(eth0) 192.168.1.96 xx:xx:xx:xx:xx::e7 avahi-daemon[373]: Withdrawing address record for 192.168.1.10 on eth0. avahi-daemon[373]: Leaving mDNS multicast group on interface eth0.IPv4 with address 192.168.1.10. avahi-daemon[373]: Interface eth0.IPv4 no longer relevant for mDNS. dhcpcd[449]: eth0: deleting route to 192.168.1.0/24 dhcpcd[449]: eth0: deleting default route via 192.168.1.1 and slowly the LAN collapses. How can I prevent dnsmasq from EVER giving up its own IP address? -- Johan ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
Hi Johan, On 05/05/2023 08:40, Johan Vromans wrote: > Hi, > > I have a number of IoT devices. Occasionally, when they try to set up the > DHCP lease, some of them send wrong packets. The device effectively claims > the IP address of the DHCP server. From the system log: > > May 4 05:39:59 srv1 dhcpcd[449]: eth0: hardware address > xx:xx:xx:xx:xx::ce claims 192.168.1.10 > > where 192.168.1.10 is the address of the DHCP server. > > If a second package arrives within 10 seconds, > > May 4 05:40:08 srv1 dhcpcd[449]: eth0: hardware address > xx:xx:xx:xx:xx::e7 claims 192.168.1.10 > > dnsmasq shuts down the network connection Actually, it is dhcpcd that drops the address, not dnsmasq. > dhcpcd[449]: eth0: 10 second defence failed for 192.168.1.10 > dnsmasq-dhcp[24169]: DHCPRELEASE(eth0) 192.168.1.96 xx:xx:xx:xx:xx::e7 > avahi-daemon[373]: Withdrawing address record for 192.168.1.10 on eth0. > avahi-daemon[373]: Leaving mDNS multicast group on interface eth0.IPv4 with > address 192.168.1.10. avahi-daemon[373]: Interface eth0.IPv4 no longer > relevant for mDNS. dhcpcd[449]: eth0: deleting route to 192.168.1.0/24 > dhcpcd[449]: eth0: deleting default route via 192.168.1.1 > > and slowly the LAN collapses. > > How can I prevent dnsmasq from EVER giving up its own IP address? Set static IP on the interface and do not run dhcpcd. The problem is with dhcpcd releasing the address, not with dnsmasq. Cheers, Geoff. > > -- Johan > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
Hi Geoff, Thanks for your reply. > Set static IP on the interface and do not run dhcpcd. The problem is > with dhcpcd releasing the address, not with dnsmasq. I have this in my /etc/dhcpcd.conf: interface eth0 static ip_address=192.168.1.10/24 static routers=192.168.1.1 I do not run /sbin/dhclient, only /sbin/dhcpcd and dnsmasq. Should I do anything else? -- Johan ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
On Fri, May 05, 2023 at 11:54:31AM +0200, Johan Vromans wrote: > Hi Geoff, > > Thanks for your reply. > > > Set static IP on the interface and do not run dhcpcd. The problem is > > with dhcpcd releasing the address, not with dnsmasq. > > I have this in my /etc/dhcpcd.conf: > > interface eth0 > static ip_address=192.168.1.10/24 > static routers=192.168.1.1 > > I do not run /sbin/dhclient, only /sbin/dhcpcd and dnsmasq. > > Should I do anything else? Set static IP on the interface and do not run dhcpcd. The problem is with dhcpcd releasing the address, not with dnsmasq. Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
On Fri, May 05, 2023 at 12:11:32PM +0200, Geert Stappers wrote: > On Fri, May 05, 2023 at 11:54:31AM +0200, Johan Vromans wrote: } } } } dhcpcd[449]: eth0 10 second defense failed for 192.168.1.10 } } } } and slowly the LAN collapses > > > Set static IP on the interface and do not run dhcpcd. The problem is > > > with dhcpcd releasing the address, not with dnsmasq. > > > > I have this in my /etc/dhcpcd.conf: > > > > interface eth0 > > static ip_address=192.168.1.10/24 > > static routers=192.168.1.1 > > > > I do not run /sbin/dhclient, only /sbin/dhcpcd and dnsmasq. > > > > Should I do anything else? > > Set static IP on the interface and do not run dhcpcd. > The problem is with dhcpcd releasing the address, not with dnsmasq. > On second thought: The problem could be how dhcpcd and dnsmasq work together. Or more likely: The problem could be how dhcpcd and dnsmasq are configured. So far we have seen (parts of) dhcpcd configuration and no dnsmasq configuration at al. Groeten Geert Stappers Willing to review Johans config of dnsmasq and dhcpcd. -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
On Fri, 5 May 2023 11:54:31 +0200, Johan Vromans wrote: > > do not run dhcpcd. All docs tell me to set the static address in the /etc/dhcpcd.conf, this is confusing. I've now disabled dhcpcd and put the static address in /etc/network/interfaces. Thanks Johan ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
On Fri, 5 May 2023 11:54:31 +0200, Johan Vromans wrote: > do not run dhcpcd. On 05.05.23 13:33, Johan Vromans wrote: All docs tell me to set the static address in the /etc/dhcpcd.conf, this is confusing. I've now disabled dhcpcd and put the static address in /etc/network/interfaces. you use dhcpd to configure other machines over network, not your own. and, dnsmasq is not dhcpd. While it can act as dhcp server, the same applies as above. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Christian Science Programming: "Let God Debug It!". ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
uh...@fantomas.sk wrote: > you use dhcpd to configure other machines over network, not your own. > > and, dnsmasq is not dhcpd. While it can act as dhcp server, the same applies > as above. Apparently the syntax Johan has listed is not standard dhcpd.conf syntax (at least not that I could find in dhcpd.conf man). It does however seem to be part of the Raspbian Pi Jesse release (of which I am unable to find man documentation online): https://raspberrypi.stackexchange.com/questions/137443/dhcpcd-conf-inform-vs-static-ip-vs-request-how-should-you-really-setup-a-static In this OS apparently you *DO* set static configuration for the host in the dhcpd configuration. ?! The above link appears to reference quite a few issues with these configurations and perhaps a better forum for Johan's issues (?) ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
On 05.05.2023 14:32:12, "Matus UHLAR - fantomas" wrote: On 05.05.23 13:33, Johan Vromans wrote: All docs tell me to set the static address in the /etc/dhcpcd.conf, this is confusing. I've now disabled dhcpcd and put the static address in /etc/network/interfaces. you use dhcpd to configure other machines over network, not your own. and, dnsmasq is not dhcpd. While it can act as dhcp server, the same applies as above. I guess paying attention to spelling is literally crucial here, letter by letter. ;) Roy Marples's DHCP client daemon dhcpcd is not the same as ISC's DHCP server daemon dhcpd. It would seem to me that Johan Vromans has been using the former: I think I recognise the syntax. @Johan: From those lines you've shared, Johan, that should have been sufficient to configure a static IP address on eth0. Unless there would have been some additional lines (unshared so far) in dhcpcd.conf which would have invalidated them, or possibly pre-existing /etc/network/interfaces contents interfering with dhcpcd. Furthermore, additonal network management tools may also have been or still be involved, like NetworkManager or netplan on some varieties of Debian based distros. If you'd still require assistance, it may help to share your exact OS distribution, version and release. Kind regards, Buck ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
uh...@fantomas.sk wrote: you use dhcpd to configure other machines over network, not your own. and, dnsmasq is not dhcpd. While it can act as dhcp server, the same applies as above. On 05.05.23 08:42, Ben Hendin wrote: Apparently the syntax Johan has listed is not standard dhcpd.conf syntax (at least not that I could find in dhcpd.conf man). yeah, my fault! it's dhcpcd - dhcp client not dhcpd - dhcp server! I'm sorry OP. It does however seem to be part of the Raspbian Pi Jesse release (of which I am unable to find man documentation online): https://raspberrypi.stackexchange.com/questions/137443/dhcpcd-conf-inform-vs-static-ip-vs-request-how-should-you-really-setup-a-static In this OS apparently you *DO* set static configuration for the host in the dhcpd configuration. ?! The above link appears to reference quite a few issues with these configurations and perhaps a better forum for Johan's issues (?) this is correct - dhsmasq it not a dhcp client and we don't need to know how dhcpcd works. perhaps dhcpcd really sets static IP without requesting it over the network (which is exactly what should be done when you are DHCP server for that network). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
On Fri, 05 May 2023 14:56:40 +, "Buck Horn" wrote: > Roy Marples's DHCP client daemon >dhcpcd > is not the same as ISC's DHCP server daemon >dhcpd. > > It would seem to me that Johan Vromans has been using the former: > I think I recognise the syntax. Yes, that's correct. The system is a Raspberry Pi running Raspbian. It is DHCP/DNS server (dnsmasq) for my LAN. As said earlier, all information [for this type of system] points towards setting the static address in /etc/dhcpcd.conf and apparently dhcpcd handles this situation. At least, this has been working for several years without problems. Until now, that is, thanks to some buggy(?) IoT devices. I now have the static address setting in /etc/network/interfaces and disabled dhcpcd so everything is fine again, and hopefully more robust. Thanks all for your valuable feedback that helped me to find the problem and its solution. -- Johan ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
On Fri, May 05, 2023 at 08:47:14PM +0200, Johan Vromans wrote: > On Fri, 05 May 2023 14:56:40 +, "Buck Horn" wrote: > > > Roy Marples's DHCP client daemon > >dhcpcd > > is not the same as ISC's DHCP server daemon > >dhcpd. > > > > It would seem to me that Johan Vromans has been using the former: > > I think I recognise the syntax. > > Yes, that's correct. The system is a Raspberry Pi running Raspbian. It is > DHCP/DNS server (dnsmasq) for my LAN. > > As said earlier, all information [for this type of system] points towards > setting the static address in /etc/dhcpcd.conf and apparently dhcpcd > handles this situation. At least, this has been working for several years > without problems. Until now, that is, thanks to some buggy(?) IoT devices. It is too early to blame the IoT devices. > I now have the static address setting in /etc/network/interfaces and > disabled dhcpcd so everything is fine again, and hopefully more robust. > > Thanks all for your valuable feedback that helped me to find the problem > and its solution. https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q2/017057.html has: } } On second thought: }The problem could be how dhcpcd and dnsmasq work together. } } Or more likely: }The problem could be how dhcpcd and dnsmasq are configured. } } } So far we have seen (parts of) dhcpcd configuration } and no dnsmasq configuration at al. } That text in other words: Share with the dnsmasq mailinglist (archive) the dnsmasq configuration. The original problem is most likely solvable with the original dhcpcd configuration in-place. Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Defending IP address
On Fri, 5 May 2023 22:13:24 +0200, Geert Stappers wrote: > It is too early to blame the IoT devices. I don't blame them... They merely revealed there's something fishy. > The original problem is most likely solvable with the original dhcpcd > configuration in-place. Strange that you keep pointing towards dnsmasq, while Geoff already clearly explained that it is not dnsmasq, but dhcpcd that drops the address. But if it makes you happy, I've attached the dnsmasq configs. I left out the hosts part, it's just a long series of xx:xx:xx:xx:xx:xx,192.168.1.nnn,hostname.squirrel.nl,24h -- Johan dnsmasq.conf Description: Binary data dnsmasq_d_dhcp.conf Description: Binary data dnsmasq_d_tftp.conf Description: Binary data ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
