dnsmasq host requires frequent client dhcpcd restart

[dartleader]

Hey everyone,

I'm using gentoo as a home router, and using dnsmasq I am having fairly frequent disconnects of hosts which requires me to log in to each host and run dhcpcd -k && dhcpcd -L in order to reconnect. The hosts encountering this issue are all listed in my /etc/dnsmasq.conf file as follows:

Code: Select all

dhcp-host=[mac address],hellahax,192.168.0.100,infinite
dhcp-host=[mac address],blackomen,192.168.0.101,infinite
dhcp-host=[mac address],regicide,192.168.0.102,infinite
dhcp-host=[mac address],regicide,192.168.0.103,infinite
dhcp-host=[mac address],pirate,192.168.0.106,infinite
dhcp-host=[mac address],pirate,192.168.0.107,infinite
dhcp-host=[mac address],batocera,192.168.0.108,infinite

Generally, the behaviour I've noticed is after a few hours, and especially if left unattended, the hosts will no longer be able to connect to the external internet, and will have a "Temporary failure in name resolution"; sometimes I can fix this by sending a ping out to an internet site such as www.gentoo.org, but usually I need to use dhcpcd to renew my lease as above.

In addition, periodically my gentoo router will stop listening on ssh and disconnect me. If I scan it and watch with nmap, I can see it starts listening on the default port 22 for a few minutes before listening on the port I specified in my ssh conf file, 51018. I'm not sure if sshd is crashing for some reason or what is up.

Does anyone have any ideas? Thanks. I've been running dnsmasq in debug mode and logging everything into a file, but don't see anything particularly useful in there. Could this be a problem on the client side?

[OldTango]

Hey everyone,

I'm using gentoo as a home router, and using dnsmasq I am having fairly frequent disconnects of hosts which requires me to log in to each host and run dhcpcd -k && dhcpcd -L in order to reconnect. The hosts encountering this issue are all listed in my /etc/dnsmasq.conf file as follows:

Code: Select all

dhcp-host=[mac address],hellahax,192.168.0.100,infinite
dhcp-host=[mac address],blackomen,192.168.0.101,infinite
dhcp-host=[mac address],regicide,192.168.0.102,infinite
dhcp-host=[mac address],regicide,192.168.0.103,infinite
dhcp-host=[mac address],pirate,192.168.0.106,infinite
dhcp-host=[mac address],pirate,192.168.0.107,infinite
dhcp-host=[mac address],batocera,192.168.0.108,infinite

Generally, the behaviour I've noticed is after a few hours, and especially if left unattended, the hosts will no longer be able to connect to the external internet, and will have a "Temporary failure in name resolution"; sometimes I can fix this by sending a ping out to an internet site such as www.gentoo.org, but usually I need to use dhcpcd to renew my lease as above.

In addition, periodically my gentoo router will stop listening on ssh and disconnect me. If I scan it and watch with nmap, I can see it starts listening on the default port 22 for a few minutes before listening on the port I specified in my ssh conf file, 51018. I'm not sure if sshd is crashing for some reason or what is up.

Does anyone have any ideas? Thanks. I've been running dnsmasq in debug mode and logging everything into a file, but don't see anything particularly useful in there. Could this be a problem on the client side?

Is this something that started recently with an update or has this been a ongoing problem. What version of DNSmasq are you running. Also does dmesg provide any useful information. Give us more information about your setup as this could be caused by a bad config setting, resolve issue or a hardware problem (ie flaky switch or NIC) even a bad cable. Also posting your entire dnsmasq and sshd .configs would be helpful.

Best Tango.....

[penguinomicon]

Please post full dnsmasq and dhcpcd configs (skip comments, redact sensitive information,) along with the network topology.

I have a suspicion it could be due to dhcpcd trying to listen on the same interface to the LAN where dnsmasq is also serving dhcp, hard to say without more context.

If my suspicion is correct, it's probably just a matter of tightening up the configs so dhcpcd only points outwards at the WAN and dnsmasq only points inwards at the LAN.

(I'm currently rebuilding my router from Void Linux to Gentoo.)

[dartleader]

dnsmasq-2.92_p2

/etc/dnsmasq.conf

Code: Select all

domain-needed
bogus-priv
interface=enp4s0
domain=[domain]
dhcp-range=enp4s0,192.168.0.100,192.168.0.150,12h
dhcp-host=[mac address],[host],192.168.0.100,infinite
dhcp-host=[mac address],[host],192.168.0.101,infinite
dhcp-host=[mac address],[host],192.168.0.102,infinite	# Wired
dhcp-host=[mac address],[host],192.168.0.103,infinite	# Wireless
dhcp-host=[mac address],[host],192.168.0.106,infinite	# Wired
dhcp-host=[mac address],[host],192.168.0.107,infinite	# Wireless
dhcp-host=[mac address],[host],192.168.0.108,infinite
log-queries

My network topology connects to the external internet through my ISP-provided modem; that modem is hardwired to my gentoo router which has a dual NIC. The second NIC from my gentoo router is hardwired to an old wireless router, which is reconfigured to act as a switch and simply passes any traffic directly through; my headless server, primary workstation and a small NUC which I have set up as a video game emulator/movie machine are all hardwired to the wireless router. I have two laptops which connect to the wireless router wirelessly. I hope that makes sense; I tried finding ascii drawings to paste but the formatting on all of them got screwed up and were illegible. :/

[penguinomicon]

I think you mistakenly posted sshd config instead of dhcpcd config?

For the record, I've got my fresh gentoo router working now. Here are the relevant dnsmasq and dhcpcd configs on my side.

Assumptions:

• udev renames outward-facing NIC to wan0 and inward-facing 4-port NIC to lan[0-3]
• use netifrc (see gentoo wiki) to bridge lan[0-3] as br0 with all attendant configuration in conf.d/net
• dnscrypt-proxy listening on port 53000
• sysctl allows ipv4 forwarding
• iptables is configured to do NAT between br0 and wan0

/etc/dnsmasq.conf (redacted MAC/IP address pairs for dhcp-hosts)

Code: Select all

domain-needed
bogus-priv
no-resolv
server=127.0.0.1#53000
server=::1#53000
interface=br0
bind-interfaces
expand-hosts
domain=<redacted>
dhcp-range=10.0.0.2,10.0.0.254,255.255.255.0,1h
dhcp-host=<mac-addr-1>,<ip-addr-1>,1h
dhcp-host=<mac-addr-2>,<ip-addr-2>,1h
dhcp-host=<mac-addr-3>,<ip-addr-3>,1h
dhcp-host=<mac-addr-4>,<ip-addr-4>,1h
dhcp-host=<mac-addr-5>,<ip-addr-5>,1h
cache-size=1024
neg-ttl=300
max-ttl=86400
max-cache-ttl=86400
min-cache-ttl=60

/etc/dhcpcd.conf (especially make sure to set allowinterfaces and disable resolv.conf hook. Want resolv.conf to statically use dnsmasq on 127.0.0.1.)

Code: Select all

allowinterfaces wan0

debug

# Sends the hostname to the dhcp server -- which may ignore it.
# We can preemptively set it now in case we decide to use DDNS in future, eg for certificate automation.
hostname

# More of an IPv6 thing, but most distros have standardized on using
# duid instead of clientid for consistency.
duid

# Persist interface configuration when dhcpcd exits.
persistent

nohook resolv.conf

# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu

# Rapid commit support.
# This means, if the server supports it, dhcp handshake is reduced from 4 to 2 messages.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A ServerID is required by RFC2131.
require dhcp_server_identifier

[dartleader]

You were correct, I mistakenly included my sshd config. My /etc/dhcpcd.conf is all the distro defaults, I wasn't aware dhcpcd actually had a .conf file.

I'm going to take a quick read of your config and man dhcpcd.conf and see what I can figure out.

[dartleader]

/etc/dhcpcd.conf

Code: Select all

# Allow users of this group to interact with dhcpcd via the control socket.
controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
#clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
duid

# Persist interface configuration when dhcpcd exits.
persistent

# vendorclassid is set to blank to avoid sending the default of
# dhcpcd-<version>:<os>:<machine>:<platform>
vendorclassid

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search
option static_routes, classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu

# Request a hostname from the network
option host_name

# Most distributions have NTP support.
#option ntp_servers

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private

allowinterfaces eno1
denyinterfaces eno2 eno3 eno4

I have tried this dhcpcd.conf and the issue persists; I'll take another look at the dnsmasq.conf on this machine and compare it to yours. I have several machines at home, so I need to get one working and then copy its configs over I think.

[penguinomicon]

Sure. Another thing that just occurred to me is that your problems could be explained by a dodgy cable/connection or NIC firmware?

I did have a recent incident where the router stopped working for one machine after a while. After banging my head against the wall for a couple of hours, it magically came good after I "re-seated" the workstation's ethernet connection to the wall socket. No problems since then.

And what's the NIC make/model? Any problems in kernel logs?

When you experience the problem, can you still ssh into the router via any NIC? Eg while setting up my router, I made sure I could get in via the wan0 interface before worrying too much about the LAN-side, and then with a machine I control on both sides it's possible to do fairly thorough diagnostics with tools like tcpdump. If you can ssh into the LAN-side but packets aren't being routed to the external network, that's a very different problem to a LAN machine not getting an IP address (or losing its IP address) via dnsmasq-dhcp.

[OldTango]

My setup is similar to your's. I have a Gentoo Machine setup as a Home-Router/Server with a light weight DE. Two NIC's. One NIC hardwired to the WAN (ISP) the other NIC hardwired to the LAN via switches. I set it up years ago using the wiki guide. This single Gentoo machine handles all internal and external traffic VIA firewall rules, dnsmasq and any host files where necessary.

I have never had a need to modify the /etc/ssh/sshd_config or the /etc/dhcpcd.conf file. They are configured using Gentoo's defaults. This way any updates to sshd or dhcpcd don't require any additional work form me after the updates get installed.

Sure. Another thing that just occurred to me is that your problems could be explained by a dodgy cable/connection or NIC firmware?

I did have a recent incident where the router stopped working for one machine after a while. After banging my head against the wall for a couple of hours, it magically came good after I "re-seated" the workstation's ethernet connection to the wall socket. No problems since then.

After 20+ years using my current setup I can say that all but one instance of my network issues have been the result of bad firmware or faulty hardware. One machine having an issue is easy to diagnose and fix. When multiple machines are involved it can be much more difficult to solve.

I once had an 8 port switch where all machines connected to the switch would vanish form the network, (no internet access) and they could not talk to each other, and then later "magically" everything would work normally again. It turned out to be a heat related problem and once I moved the switch to a cooler environment it worked great. Ultimately I replaced the switch with a more modern device and haven't had a problem sense.

The one time I had issues like you are describing came down to a BUG in a dnsmasq release. You can read about it HERE if you like. That BUG no longer exists but the topic may provide some useful or interesting information. You can view the BUG I filed here, #873700

Best Tango.....