dhclient fails to write resolv.conf

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

dhclient fails to write resolv.conf

ED Fochler
dhclient fails to update resolv.conf if DHCP is served by dnsmasq on linux.

This bug is odd and very specific.  affects at least OpenBSD 5.9 - 6.0 amd64.
Running OpenBSD on core2duo laptop and vm gives me the same behavior.
If dhclient.conf specifies domain-name, domain-name-servers then all is well.
Default behaviour with no dhclient.conf, such as bsd.rd for fresh install, then
gateway and nameserver must be manually filled in despite being given by
DHCP.  Other OSes (mac, linux, windows) on same DHCP service are fine.

/var/db/dhclient.leases shows fully populated information as expected, but
does not populate /etc/resolv.conf by default.  As the lease clearly has the
information, and default behavior should be to fill in DNS information, I am
blaming dhclient.  I have found no other DHCP server which causes this,
and running dnsmasq on OpenBSD does not induce this problem.

dhclient running in foreground throws no errors during this situation.
       
        I hope this is helpful,

                ED.
Reply | Threaded
Open this post in threaded view
|

Re: dhclient fails to write resolv.conf

Stuart Henderson
On 2016/11/15 15:29, ED Fochler wrote:

> dhclient fails to update resolv.conf if DHCP is served by dnsmasq on linux.
>
> This bug is odd and very specific.  affects at least OpenBSD 5.9 - 6.0 amd64.
> Running OpenBSD on core2duo laptop and vm gives me the same behavior.
> If dhclient.conf specifies domain-name, domain-name-servers then all is well.
> Default behaviour with no dhclient.conf, such as bsd.rd for fresh install, then
> gateway and nameserver must be manually filled in despite being given by
> DHCP.  Other OSes (mac, linux, windows) on same DHCP service are fine.
>
> /var/db/dhclient.leases shows fully populated information as expected, but
> does not populate /etc/resolv.conf by default.  As the lease clearly has the
> information, and default behavior should be to fill in DNS information, I am
> blaming dhclient.

It would probably be useful to get a packet capture. Best way would be
to record to a file:

# tcpdump -w /tmp/dhcp.pcap -i <interface> -s 1500 port bootps or bootpc

Upload that somewhere, and reply to bugs@ with the URL. Also include the
output of this:

# tcpdump -vvXnr /tmp/dhcp.pcap

That way we have the decoded version on the list for ease of reading,
and original capture in case it's needed.

>                    I have found no other DHCP server which causes this,
> and running dnsmasq on OpenBSD does not induce this problem.

Is it the same version on dnsmasq on OpenBSD as other OS?

> dhclient running in foreground throws no errors during this situation.
>
> I hope this is helpful,
>
> ED.


Reply | Threaded
Open this post in threaded view
|

Re: dhclient fails to write resolv.conf

kwesterback
In reply to this post by ED Fochler
On Wed, 23 Nov 2016 at 17:08 ED Fochler <[hidden email]> wrote:

> dhclient fails to update resolv.conf if DHCP is served by dnsmasq on linux.
>
> This bug is odd and very specific.  affects at least OpenBSD 5.9 - 6.0
> amd64.
> Running OpenBSD on core2duo laptop and vm gives me the same behavior.
> If dhclient.conf specifies domain-name, domain-name-servers then all is
> well.
> Default behaviour with no dhclient.conf, such as bsd.rd for fresh install,
> then
> gateway and nameserver must be manually filled in despite being given by
> DHCP.  Other OSes (mac, linux, windows) on same DHCP service are fine.
>
> /var/db/dhclient.leases shows fully populated information as expected, but
> does not populate /etc/resolv.conf by default.  As the lease clearly has
> the
> information, and default behavior should be to fill in DNS information, I
> am
> blaming dhclient.  I have found no other DHCP server which causes this,
> and running dnsmasq on OpenBSD does not induce this problem.
>
> dhclient running in foreground throws no errors during this situation.
>
>         I hope this is helpful,
>
>                 ED.
>

Not really helpful at all I'm afraid.

Since the problem only occurs with dnsmasq on linux, I'm blaming that. :-)

In any case, a tcpdump of a DHCP exchange that shows the problem would be
the most helpful bit of information.  Running dhclient with the -L option
to capture the actual offer information dhclient thinks it sees would also
be helpful.

.... Ken
Reply | Threaded
Open this post in threaded view
|

Re: dhclient fails to write resolv.conf

ED Fochler
In reply to this post by Stuart Henderson

> On 2016, Nov 23, at 6:49 PM, Stuart Henderson <[hidden email]> wrote:
>
> It would probably be useful to get a packet capture…

A packet capture can be grabbed fro here:
http://liquidbinary.com/dhcpuploads/dhcp.pcap

I am now certain I misidentified the nature of the bug.  It’s not
linux that is to blame, but classless-static-routes, dhcp option
number 121, from RFC3442.

On my network segment that has a static route handed out
by the DHCP server, OpenBSD sees the lease, and refuses to
do anything with it.  I think that behavior is wrong, and not
intended.  

Effective lease is entirely correct, dhclient silently fails to
implement anything in routes, /etc/resolv.conf.

  and thank you for the tcpdump incantation.

        ED.


Following Inline: leasefile as logged by dhclient-L  and
tcpdump expanded.

offered {
  interface "em0";
  fixed-address 172.16.50.83;
  next-server 172.16.50.1;
  option subnet-mask 255.255.255.0;
  option routers 172.16.50.1;
  option domain-name-servers 172.16.50.1;
  option domain-name "linux.dnstest.biz";
  option broadcast-address 172.16.50.255;
  option dhcp-lease-time 7200;
  option dhcp-message-type 5;
  option dhcp-server-identifier 172.16.50.1;
  option dhcp-renewal-time 3600;
  option dhcp-rebinding-time 6300;
  option dhcp-client-identifier 1:0:c:29:ac:91:e5;
  option classless-static-routes 10.40.1.0/24 172.16.50.5;
  renew 4 2016/11/24 23:01:47 UTC;
  rebind 4 2016/11/24 23:46:47 UTC;
  expire 5 2016/11/25 00:01:47 UTC;
}
effective {
  interface "em0";
  fixed-address 172.16.50.83;
  next-server 172.16.50.1;
  option subnet-mask 255.255.255.0;
  option routers 172.16.50.1;
  option domain-name-servers 172.16.50.1;
  option domain-name "linux.dnstest.biz";
  option broadcast-address 172.16.50.255;
  option dhcp-lease-time 7200;
  option dhcp-message-type 5;
  option dhcp-server-identifier 172.16.50.1;
  option dhcp-renewal-time 3600;
  option dhcp-rebinding-time 6300;
  option dhcp-client-identifier 1:0:c:29:ac:91:e5;
  option classless-static-routes 10.40.1.0/24 172.16.50.5;
  renew 4 2016/11/24 23:01:47 UTC;
  rebind 4 2016/11/24 23:46:47 UTC;
  expire 5 2016/11/25 00:01:47 UTC;
}



17:01:47.601656 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] xid:0x94414a69 vend-rfc1048 DHCP:DISCOVER PR:SM+BR+TZ+121+DG+DN+119+NS+HN CID:1.0.12.41.172.145.229 [tos 0x10] (ttl 128, id 0, len 328)
  0000: 4510 0148 0000 0000 8011 3996 0000 0000  E..H......9.....
  0010: ffff ffff 0044 0043 0134 de4c 0101 0600  .....D.C.4.L....
  0020: 9441 4a69 0000 0000 0000 0000 0000 0000  .AJi............
  0030: 0000 0000 0000 0000 000c 29ac 91e5 0000  ..........).....
  0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0100: 0000 0000 0000 0000 6382 5363 3501 0137  ........c.Sc5..7
  0110: 0901 1c02 7903 0f77 060c 3d07 0100 0c29  ....y..w..=....)
  0120: ac91 e5ff 0000 0000 0000 0000 0000 0000  ................
  0130: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0140: 0000 0000 0000 0000                      ........

17:01:47.602775 172.16.50.1.67 > 172.16.50.83.68: [udp sum ok] xid:0x94414a69 Y:172.16.50.83 S:172.16.50.1 vend-rfc1048 DHCP:OFFER SID:172.16.50.1 LT:7200 RN:3600 RB:6300 SM:255.255.255.0 BR:172.16.50.255 DG:172.16.50.1 NS:172.16.50.1 DN:"linux.dnstest.biz" T121:403318785,2886742533 [tos 0xc0] (ttl 64, id 22281, len 349)
  0000: 45c0 015d 5709 0000 4011 6552 ac10 3201  E..]W...@.eR..2.
  0010: ac10 3253 0043 0044 0149 1ce0 0201 0600  ..2S.C.D.I......
  0020: 9441 4a69 0000 0000 0000 0000 ac10 3253  .AJi..........2S
  0030: ac10 3201 0000 0000 000c 29ac 91e5 0000  ..2.......).....
  0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0100: 0000 0000 0000 0000 6382 5363 3501 0236  ........c.Sc5..6
  0110: 04ac 1032 0133 0400 001c 203a 0400 000e  ...2.3.... :....
  0120: 103b 0400 0018 9c01 04ff ffff 001c 04ac  .;..............
  0130: 1032 ff03 04ac 1032 0106 04ac 1032 010f  .2.....2.....2..
  0140: 116c 696e 7578 2e64 6e73 7465 7374 2e62  .linux.dnstest.b
  0150: 697a 7908 180a 2801 ac10 3205 ff         izy...(...2..

17:01:47.604833 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] xid:0x94414a69 vend-rfc1048 DHCP:REQUEST RQ:172.16.50.83 SID:172.16.50.1 PR:SM+BR+TZ+121+DG+DN+119+NS+HN CID:1.0.12.41.172.145.229 [tos 0x10] (ttl 128, id 0, len 328)
  0000: 4510 0148 0000 0000 8011 3996 0000 0000  E..H......9.....
  0010: ffff ffff 0044 0043 0134 5e28 0101 0600  .....D.C.4^(....
  0020: 9441 4a69 0000 0000 0000 0000 0000 0000  .AJi............
  0030: 0000 0000 0000 0000 000c 29ac 91e5 0000  ..........).....
  0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0100: 0000 0000 0000 0000 6382 5363 3501 0332  ........c.Sc5..2
  0110: 04ac 1032 5336 04ac 1032 0137 0901 1c02  ...2S6...2.7....
  0120: 7903 0f77 060c 3d07 0100 0c29 ac91 e5ff  y..w..=....)....
  0130: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0140: 0000 0000 0000 0000                      ........

17:01:47.607782 172.16.50.1.67 > 172.16.50.83.68: [udp sum ok] xid:0x94414a69 Y:172.16.50.83 S:172.16.50.1 vend-rfc1048 DHCP:ACK SID:172.16.50.1 LT:7200 RN:3600 RB:6300 SM:255.255.255.0 BR:172.16.50.255 DG:172.16.50.1 NS:172.16.50.1 DN:"linux.dnstest.biz" T121:403318785,2886742533 [tos 0xc0] (ttl 64, id 22282, len 349)
  0000: 45c0 015d 570a 0000 4011 6551 ac10 3201  E..]W...@.eQ..2.
  0010: ac10 3253 0043 0044 0149 19e0 0201 0600  ..2S.C.D.I......
  0020: 9441 4a69 0000 0000 0000 0000 ac10 3253  .AJi..........2S
  0030: ac10 3201 0000 0000 000c 29ac 91e5 0000  ..2.......).....
  0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
  0100: 0000 0000 0000 0000 6382 5363 3501 0536  ........c.Sc5..6
  0110: 04ac 1032 0133 0400 001c 203a 0400 000e  ...2.3.... :....
  0120: 103b 0400 0018 9c01 04ff ffff 001c 04ac  .;..............
  0130: 1032 ff03 04ac 1032 0106 04ac 1032 010f  .2.....2.....2..
  0140: 116c 696e 7578 2e64 6e73 7465 7374 2e62  .linux.dnstest.b
  0150: 697a 7908 180a 2801 ac10 3205 ff         izy...(...2..


Reply | Threaded
Open this post in threaded view
|

Re: dhclient fails to write resolv.conf

kwesterback
As is shown by the -L file, your DHCP server is configured incorrectly
(a.k.a. in violation of the DHCP RFC's). In particular it is specifically
FORBIDDEN to pay any attention to the static route option in the presence
of a classless-static-routes option. So configuring the server to NOT have
a default route in the classless-static-routes option is an error that must
be fixed at the server.

As RFC 3442 says

"If the DHCP server returns both a Classless Static Routes option and a
Router option, the DHCP client MUST ignore the Router option."

We abide by the RFC. Unfortunately some other OS's do not.

.... Ken

On Thu, 24 Nov 2016 at 17:28 ED Fochler <[hidden email]> wrote:

>
> > On 2016, Nov 23, at 6:49 PM, Stuart Henderson <[hidden email]>
> wrote:
> >
> > It would probably be useful to get a packet capture…
>
> A packet capture can be grabbed fro here:
> http://liquidbinary.com/dhcpuploads/dhcp.pcap
>
> I am now certain I misidentified the nature of the bug.  It’s not
> linux that is to blame, but classless-static-routes, dhcp option
> number 121, from RFC3442.
>
> On my network segment that has a static route handed out
> by the DHCP server, OpenBSD sees the lease, and refuses to
> do anything with it.  I think that behavior is wrong, and not
> intended.
>
> Effective lease is entirely correct, dhclient silently fails to
> implement anything in routes, /etc/resolv.conf.
>
>   and thank you for the tcpdump incantation.
>
>         ED.
>
>
> Following Inline: leasefile as logged by dhclient-L  and
> tcpdump expanded.
>
> offered {
>   interface "em0";
>   fixed-address 172.16.50.83;
>   next-server 172.16.50.1;
>   option subnet-mask 255.255.255.0;
>   option routers 172.16.50.1;
>   option domain-name-servers 172.16.50.1;
>   option domain-name "linux.dnstest.biz";
>   option broadcast-address 172.16.50.255;
>   option dhcp-lease-time 7200;
>   option dhcp-message-type 5;
>   option dhcp-server-identifier 172.16.50.1;
>   option dhcp-renewal-time 3600;
>   option dhcp-rebinding-time 6300;
>   option dhcp-client-identifier 1:0:c:29:ac:91:e5;
>   option classless-static-routes 10.40.1.0/24 172.16.50.5;
>   renew 4 2016/11/24 23:01:47 UTC;
>   rebind 4 2016/11/24 23:46:47 UTC;
>   expire 5 2016/11/25 00:01:47 UTC;
> }
> effective {
>   interface "em0";
>   fixed-address 172.16.50.83;
>   next-server 172.16.50.1;
>   option subnet-mask 255.255.255.0;
>   option routers 172.16.50.1;
>   option domain-name-servers 172.16.50.1;
>   option domain-name "linux.dnstest.biz";
>   option broadcast-address 172.16.50.255;
>   option dhcp-lease-time 7200;
>   option dhcp-message-type 5;
>   option dhcp-server-identifier 172.16.50.1;
>   option dhcp-renewal-time 3600;
>   option dhcp-rebinding-time 6300;
>   option dhcp-client-identifier 1:0:c:29:ac:91:e5;
>   option classless-static-routes 10.40.1.0/24 172.16.50.5;
>   renew 4 2016/11/24 23:01:47 UTC;
>   rebind 4 2016/11/24 23:46:47 UTC;
>   expire 5 2016/11/25 00:01:47 UTC;
> }
>
>
>
> 17:01:47.601656 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok]
> xid:0x94414a69 vend-rfc1048 DHCP:DISCOVER PR:SM+BR+TZ+121+DG+DN+119+NS+HN
> CID:1.0.12.41.172.145.229 [tos 0x10] (ttl 128, id 0, len 328)
>   0000: 4510 0148 0000 0000 8011 3996 0000 0000  E..H......9.....
>   0010: ffff ffff 0044 0043 0134 de4c 0101 0600  .....D.C.4.L....
>   0020: 9441 4a69 0000 0000 0000 0000 0000 0000  .AJi............
>   0030: 0000 0000 0000 0000 000c 29ac 91e5 0000  ..........).....
>   0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0100: 0000 0000 0000 0000 6382 5363 3501 0137  ........c.Sc5..7
>   0110: 0901 1c02 7903 0f77 060c 3d07 0100 0c29  ....y..w..=....)
>   0120: ac91 e5ff 0000 0000 0000 0000 0000 0000  ................
>   0130: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0140: 0000 0000 0000 0000                      ........
>
> 17:01:47.602775 172.16.50.1.67 > 172.16.50.83.68: [udp sum ok]
> xid:0x94414a69 Y:172.16.50.83 S:172.16.50.1 vend-rfc1048 DHCP:OFFER
> SID:172.16.50.1 LT:7200 RN:3600 RB:6300 SM:255.255.255.0 BR:172.16.50.255
> DG:172.16.50.1 NS:172.16.50.1 DN:"linux.dnstest.biz"
> T121:403318785,2886742533 [tos 0xc0] (ttl 64, id 22281, len 349)
>   0000: 45c0 015d 5709 0000 4011 6552 ac10 3201  E..]W...@.eR..2.
>   0010: ac10 3253 0043 0044 0149 1ce0 0201 0600  ..2S.C.D.I......
>   0020: 9441 4a69 0000 0000 0000 0000 ac10 3253  .AJi..........2S
>   0030: ac10 3201 0000 0000 000c 29ac 91e5 0000  ..2.......).....
>   0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0100: 0000 0000 0000 0000 6382 5363 3501 0236  ........c.Sc5..6
>   0110: 04ac 1032 0133 0400 001c 203a 0400 000e  ...2.3.... :....
>   0120: 103b 0400 0018 9c01 04ff ffff 001c 04ac  .;..............
>   0130: 1032 ff03 04ac 1032 0106 04ac 1032 010f  .2.....2.....2..
>   0140: 116c 696e 7578 2e64 6e73 7465 7374 2e62  .linux.dnstest.b
>   0150: 697a 7908 180a 2801 ac10 3205 ff         izy...(...2..
>
> 17:01:47.604833 0.0.0.0.68 > 255.255.255.255.67: [udp sum ok]
> xid:0x94414a69 vend-rfc1048 DHCP:REQUEST RQ:172.16.50.83 SID:172.16.50.1
> PR:SM+BR+TZ+121+DG+DN+119+NS+HN CID:1.0.12.41.172.145.229 [tos 0x10] (ttl
> 128, id 0, len 328)
>   0000: 4510 0148 0000 0000 8011 3996 0000 0000  E..H......9.....
>   0010: ffff ffff 0044 0043 0134 5e28 0101 0600  .....D.C.4^(....
>   0020: 9441 4a69 0000 0000 0000 0000 0000 0000  .AJi............
>   0030: 0000 0000 0000 0000 000c 29ac 91e5 0000  ..........).....
>   0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0100: 0000 0000 0000 0000 6382 5363 3501 0332  ........c.Sc5..2
>   0110: 04ac 1032 5336 04ac 1032 0137 0901 1c02  ...2S6...2.7....
>   0120: 7903 0f77 060c 3d07 0100 0c29 ac91 e5ff  y..w..=....)....
>   0130: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0140: 0000 0000 0000 0000                      ........
>
> 17:01:47.607782 172.16.50.1.67 > 172.16.50.83.68: [udp sum ok]
> xid:0x94414a69 Y:172.16.50.83 S:172.16.50.1 vend-rfc1048 DHCP:ACK
> SID:172.16.50.1 LT:7200 RN:3600 RB:6300 SM:255.255.255.0 BR:172.16.50.255
> DG:172.16.50.1 NS:172.16.50.1 DN:"linux.dnstest.biz"
> T121:403318785,2886742533 [tos 0xc0] (ttl 64, id 22282, len 349)
>   0000: 45c0 015d 570a 0000 4011 6551 ac10 3201  E..]W...@.eQ..2.
>   0010: ac10 3253 0043 0044 0149 19e0 0201 0600  ..2S.C.D.I......
>   0020: 9441 4a69 0000 0000 0000 0000 ac10 3253  .AJi..........2S
>   0030: ac10 3201 0000 0000 000c 29ac 91e5 0000  ..2.......).....
>   0040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   00f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
>   0100: 0000 0000 0000 0000 6382 5363 3501 0536  ........c.Sc5..6
>   0110: 04ac 1032 0133 0400 001c 203a 0400 000e  ...2.3.... :....
>   0120: 103b 0400 0018 9c01 04ff ffff 001c 04ac  .;..............
>   0130: 1032 ff03 04ac 1032 0106 04ac 1032 010f  .2.....2.....2..
>   0140: 116c 696e 7578 2e64 6e73 7465 7374 2e62  .linux.dnstest.b
>   0150: 697a 7908 180a 2801 ac10 3205 ff         izy...(...2..
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: dhclient fails to write resolv.conf

ED Fochler

> On 2016, Nov 24, at 5:38 PM, Kenneth Westerback <[hidden email]> wrote:
>
> As is shown by the -L file, your DHCP server is configured incorrectly (a.k.a. in violation of the DHCP RFC's). In particular it is specifically FORBIDDEN to pay any attention to the static route option in the presence of a classless-static-routes option. So configuring the server to NOT have a default route in the classless-static-routes option is an error that must be fixed at the server.
>
> As RFC 3442 says
>
> "If the DHCP server returns both a Classless Static Routes option and a Router option, the DHCP client MUST ignore the Router option."
>
> We abide by the RFC. Unfortunately some other OS's do not.
>
> .... Ken
>

Thank you for your feedback, Ken.  You were right that my DHCP server
was not redundantly specifying the default route in the classless-static-routes
option.  I am now a better man with a better DHCP server.

There is still a resolv.conf bug, and some questionable behavior.

OpenBSD is implementing routes according to RFC.  However, dhclient
placed both router and classless-static-routes in the Effective section of
the lease, implying that dhclient took the default route from the DHCP
option “router” like everyone else.  If router is not effective, the lease
should probably say so.  dhclient showed no errors of any sort when
run in debug mode for this.  Shouldn’t this information be the point of
showing the effective section of the lease?

dhclient still fails to write resolv.conf when no default route is specified
in classless-static-routes.  An obscure bug to be sure, but still a bug.
Even without a default route, there is no excuse for dhclient not
updating /etc/resolv.conf with the DNS server specified by DHCP.

Speaking with you has made me smarter.  I hope my contribution has value.

        ED.

Reply | Threaded
Open this post in threaded view
|

Re: dhclient fails to write resolv.conf

kwesterback
On Thu, 24 Nov 2016 at 23:46 ED Fochler <[hidden email]> wrote:


> On 2016, Nov 24, at 5:38 PM, Kenneth Westerback <[hidden email]>
wrote:
>
> As is shown by the -L file, your DHCP server is configured incorrectly
(a.k.a. in violation of the DHCP RFC's). In particular it is specifically
FORBIDDEN to pay any attention to the static route option in the presence
of a classless-static-routes option. So configuring the server to NOT have
a default route in the classless-static-routes option is an error that must
be fixed at the server.
>
> As RFC 3442 says
>
> "If the DHCP server returns both a Classless Static Routes option and a
Router option, the DHCP client MUST ignore the Router option."
>
> We abide by the RFC. Unfortunately some other OS's do not.
>
> .... Ken
>

Thank you for your feedback, Ken.  You were right that my DHCP server
was not redundantly specifying the default route in the
classless-static-routes
option.  I am now a better man with a better DHCP server.

There is still a resolv.conf bug, and some questionable behavior.

OpenBSD is implementing routes according to RFC.  However, dhclient
placed both router and classless-static-routes in the Effective section of
the lease, implying that dhclient took the default route from the DHCP
option “router” like everyone else.  If router is not effective, the lease
should probably say so.  dhclient showed no errors of any sort when
run in debug mode for this.  Shouldn’t this information be the point of
showing the effective section of the lease?


Excellent point! I've just committed a fix that removes both DHO_ROUTES and
DHO_STATIC_ROUTES from the effective lease DHO_CLASSLESS options are
present. RFC 3442 says both MUST be ignored.



dhclient still fails to write resolv.conf when no default route is specified
in classless-static-routes.  An obscure bug to be sure, but still a bug.
Even without a default route, there is no excuse for dhclient not
updating /etc/resolv.conf with the DNS server specified by DHCP.


This is a more complex case. Historically OpenBSD only allowed a single
default route and in order to make sure the correct interface was writing
out the resolv.conf file the interface providing the default route got
priority. But this was implemented in a way that meant no default route ==
no resolv.conf being written.

The historical constraint of a single default route is now history. And the
case of no default route being present should not prevent the creation of a
resolv.conf. ALthough whether dhclient should ensure the DNS servers are
reachable is ... interesting.

I will investigate this more. I'm not sure if there will be quick fix. :-(



Speaking with you has made me smarter.  I hope my contribution has value.

        ED.


Shameless flattery is always welcome. :-)

.... Ken