Answer for question about dnsmasq-dhcp

Published in

ukinau

4 min readMar 10, 2018

As “dnsmasq” is very popular software nowadays and this software provide DNS and DHCP services. But this post dedicate on DHCP service side.

As official doc said, It’s light weight program and It’s pretty easy to use it if we just want to use dnsmasq for a certain subnet on specific interface and pre-defined MAC, IP Address pairs.

But if you want to use it in more complicated situation, the information about it dramatically decreased. I was struggling with it and reading the source code as well as document. So let me write down some answers for what I had a question before start to investigate

Disable DNS Service

It can achieve by specifying “ — port=0”

Multiple dnsmasq in a node

You can run multiple dnsmasq. But you have to run with “ — bind-interface” or “ — bind-dynamic” option in order for dnsmasq to open socket with SO_REUSEADDR, otherwise the dnsmasq will cause error “Address already in use”.
One thing you have to notice here is If you run multiple dnsmasq, your dhcp client often failed to do unicast DHCP request (updating DHCP lease), because SO_REUSEADDR behaviour. it’s not big problem because usually dhcp client will request with BROADCAST if client failed to do unicast DHCP request.

Adding/Changing “MAC — IP ” pair can be applied dynamically

You can achieve it by specifying “— dhcp-hostsdir”.
If you specify this option with directory, dnsmasq monitor the existence/changes of files with inotify and then reload the file automatically without any signal. But removing file from directory is not automatically affected.

Removing “MAC — IP” pair can be applied dynamically

As I wrote above, adding/changing is automatically affected but removing file from directory which is specified at “ — dhcp-hostsdir”. But removing file need the SIGHUP signal to make it affect

Adding/Changing DHCP option can be applied dynamically

same rule as “ — dhcp-hostsdir” other than option name. As for dhcp option you have to specify “ — dhcp-optsdir”.

Removing DHCP option can be applied dynamically

same rule as “ — dhcp-hostsdir” other than option name. As for dhcp option you have to specify “ — dhcp-optsdir”.

dhcp-range option is required option?

This option is required option. You have to pass this option if you want to enable DHCP service on dnsmasq

dhcp-range can specify multiple times

We can specify “ — dhcp-range” option multiple times, which means 1 dnsmasq support multiple subnet.

Turn off dynamic allocation for IP Address

We can turn off dynamic allocation for specific subnet by specifying “static” as mode, see the format.

— dhcp-range=<start-addr>[,<end-addr>|<mode>][,<netmask>[,<broadcast>]]

As you can see, if we specify mode, we can not specify end-address at the same time. the reason of this behaviour is if you want to turn off dynamic allocation, end-addr should be completely useless because all ip address this dnsmasq would dispense are maintained in configuration file or “ — dhcp-hostsdir” so we don’t have to tell end-address to dnsmasq in the first place.

About netmask/broadcast for dhcp-range

netmask/broadcast value will be guessed by NIC to receive DHCP packet if you don’t pass these to “ — dhcp-range”.

The netmask of dhcp-range is used to judge whether dnsmasq should reply or not. If NIC’s IP is in same network as dhcp-range’s start_address (https://github.com/imp/dnsmasq/blob/master/src/dhcp.c#L501-L561), dnsmasq will allocate ip from the ip pool of start - end_address and reply. If NIC’s IP receiving DHCP packet is not in any network of dhcp-range, dnsmasq will ignore it.

This netmask/broadcast will also be used in reply dhcp packet and client will assign/use that netmask and broadcast, which means if you specify netmask with /28 here, client will get /28 ip address regardless of Host NIC’s IP.
But this netmask to be leased for client actually can be overridden by “dhcp-option=netmask,<netmask>”

“ — dhcp-range” for any subnet like magic code

If you want to do this, you have to declare 2 dhcp-range at least and specify netmask in dhcp-option as previous question mentioned otherwise client will get the ip with /1 cidr notation.

why do we have to specify 2 dhcp-range?
This is because dnsmasq have no way to differentiate between netmask 0 the user specified and netmask 0 as default value and dnsmasq will use netmask of NIC’s IP if netmask is 0. So we have to pass something netmask other than 0.0.0.0. That’s why you have to specify following options to support all subnets

--dhcp-range=0.0.0.0,static,128.0.0.0
--dhcp-range=128.0.0.0,static,128.0.0.0

If you pass above two dhcp-range, your dnsmasq will start to least IP for all subnets.
For now, we have to pass 2 parameters but probably it will be improved so that we can use --dhcp-range=0.0.0.0,static,0.0.0.0 in the future
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/012070.html