DNSMasq ignores a client on SDN simple zone

[JimP]

I have set a simple SND zone and a network in it: 10.20.20.0/24.

dhcp-option=tag:myZone-10.20.20.0-24,option:router,10.20.20.1
dhcp-range=set:myZone-10.20.20.0-24,10.20.20.0,static,255.255.255.0,infinite
log-dhcp
interface=myZone

Two clients out of three in in the zone do receive DHCP lease. this is for Ubuntu with desktop:

feb 03 07:55:28 dv dnsmasq-dhcp[917158]: 444172515 available DHCP subnet: 10.20.20.0/255.255.255.0
feb 03 07:55:28 dv dnsmasq-dhcp[917158]: 444172515 client provides name: lu
feb 03 07:55:28 dv dnsmasq-dhcp[917158]: 444172515 DHCPREQUEST(myNet) 10.20.20.103 bc:24:11:43:e3:42
feb 03 07:55:28 dv dnsmasq-dhcp[917158]: 444172515 tags: myNet-10.20.20.0-24, known, myNet
feb 03 07:55:28 dv dnsmasq-dhcp[917158]: 444172515 DHCPACK(myNet) 10.20.20.103 bc:24:11:43:e3:42 lu
feb 03 07:55:28 dv dnsmasq-dhcp[917158]: 444172515 requested options: 1:netmask, 2:time-offset, 6:dns-server, 12:hostname,

One client out of three does not receive DHCP lease, Ubuntu without desktop:

feb 03 07:55:43 dv dnsmasq-dhcp[917158]: 3819140195 client provides name: dev
feb 03 07:55:43 dv dnsmasq-dhcp[917158]: 3819140195 DHCPDISCOVER(hackNet) bc:24:11:8d:7a:4c ignored

What do I do so the client receives a DHCP lease?

 

[shanreich]

What is the output of the following command? Oftentimes it can help resutarting the client, since it regenerates and reloads the dnsmasq configuration. Hot reload with running VMs is sometimes a bit tricky due to we have to reload the ethers file for dnsmasq.

cat /etc/dnsmasq.d/<zone_name>/ethers

 

[JimP]

What is the output of the following command? Oftentimes it can help resutarting the client, since it regenerates and reloads the dnsmasq configuration. Hot reload with running VMs is sometimes a bit tricky due to we have to reload the ethers file for dnsmasq.

cat /etc/dnsmasq.d/<zone_name>/ethers

Yep, `ethers` lacks this VM. But why?
Multiple `dnsmasq` and VM restarting do not result in adding the host to the `ethers`.

 

[shanreich]

Is there an entry for the VM in the IPAM? How does the VM configuration look like?

 

[JimP]

After rebooting Proxmox host the problem VM is added to ethers and works. May be some bug is involved.

Before reboot there WAS a lease in IPAM, but not in ethers.

In problematic VM I have also used manual `dhclient ens18` lease obtaining. `dnsmasq` ignored requests (because of no entry in `ethers`).

 

[pdag]

I experienced the same problem as JimP. Restarting the VM did not help but restarting the Proxmox host did.

 

[ptrzn]

Same problem here, reboot doesn't solve it. The IPAM screen/ethers contain correct values, BOOTPC packets arrive on the bridge but seems as if dnsmasq doesn't receive them.

 

[shanreich]

Same problem here, reboot doesn't solve it. The IPAM screen/ethers contain correct values, BOOTPC packets arrive on the bridge but seems as if dnsmasq doesn't receive them.

Are they showing up in the logs? You can check via

journalctl -u dnsmasq@<ZONE>

 

[ptrzn]

Are they showing up in the logs? You can check via

No, they do not. I tried straceing the dnsmasq process, there's no activity at all. For debugging I'm running this instance (other dnsmasq processes are not running):

dnsmasq --no-daemon         
        --interface=myZone         
        --bind-interfaces         
        --dhcp-range=10.11.22.10,10.11.22.250,12h         
        --log-queries         
        --log-dhcp         
        --port=0

If I run this on any other host connected to the same bridge, dhclients can connect correctly, just not when running on the PVE host. Tried nuking/recreating the zone/vnet from scratch (it's a clean installation), rebooting the host. Really bizarre.

 

[shanreich]

Do you have any firewall running on the host?

 

[ptrzn]

Do you have any firewall running on the host?

It is enabled on the DC and host level but there weren't rules defined for DHCP. I now added the port 67/68 rules and BAM! Problem solved. Thank you for pointing this out.