DHCP server static mapped clients do not receive custom DNS servers
When I add a static mapped DHCP client, then put 2 custom DNS servers for that client (e.g. 220.127.116.11 and 18.104.22.168 to override the usual pfSense LAN IP as the DNS server) the dhcpd.conf file gets good looking stuff written to it. But when the client gets a DHCP lease it gets the specified static IP address correctly but the DNS servers are are those for the ordinary pool, not the custom ones.
Sample /var/dhcpd/etc/dhcpd.conf is attached which looks good - see "host s_lan_3" which has 22.214.171.124 and 126.96.36.199 specified. But when it gets its DHCP lease it just gets 10.49.0.250 as the DNS server (which is LAN IP).
Tested on 2.1.5 and 2.2-BETA 7-Oct-2014 with the same issue.
It seems like a real bug in dnsmasq or maybe the conf file has to be written a bit differently or?
#4 Updated by Phillip Davis almost 6 years ago
Oh dear - I was thinking this was going to be a nice clear bug, since I noticed it on my test 2.2 system, then did similar on a production 2.1.5 system and got the same problem - dhcpd.conf looks good, but "ipconfig /all" on the client shows it did not get handed the custom DNS servers.
I will try harder tomorrow with a few different clients and see if I can characterize it better...
#6 Updated by Phillip Davis almost 6 years ago
It is related to the client requesting DHCP "option 252", which is related to web-proxy auto-discovery - http://tools.ietf.org/html/draft-ietf-wrec-wpad-01
On my Windows laptop, a release-renew of the lease results in a good looking packet capture of DHCP request and response. In the example packet capture the client has static-mapped IP 10.52.0.12 and is given that IP correctly by pfSense DHCP server.
Domain-Name-Server is specifically set in pfSense DHCP config to 10.49.48.1 and that is delivered correctly to the client (events at 16:15:52 in the packet capture).
Then at 16:15:56 there is another DHCP request from the client that has added "Option 252" on the end of the list of things it asks for. I believe that might be generated by a web browser (Firefox...) that wants to check for a possible proxy server. The reply to this from the DHCP server has Domain-Name-Server 10.49.32.1 - that is the DNS specified for the pool/subnet as a whole.
So under conditions like this, the DHCP server responds with the incorrect Domain-Name-Server value - what sort of bug is that?
Anyway, the pfSense-generated dhcpd.conf looks fine. Where should I look upstream to find the relevant source code and see if I can track down the cause of the bug?
#7 Updated by Phillip Davis almost 6 years ago
Domain-Name-Server is specifically set in pfSense DHCP config to 10.49.48.*250* and that is delivered correctly to the client (events at 16:15:52 in the packet capture).
Detail in post 6 should NOT be 10.49.48.1, it should be 10.49.48.250 - as per the packet capture. (There seems to be no way to update a dodgy comment on a bug)
#8 Updated by Chris Buechler almost 6 years ago
Phil - do you not see a pencil to the right of your comment? That's how you can edit previous posts. I thought it was set so anyone can edit their own posts.
On the issue at hand, that's an ISC dhcpd issue from the sounds of it. We're configuring it correctly, it works correctly in general, for some reason in that circumstance w/wpad it doesn't do what it's configured to do. It seems maybe this is referring to the same (or similar) issue?
#9 Updated by Phillip Davis almost 6 years ago
Had a look at dhcp.c ISC source code and submitted a bug report. Then after more research I found this:
Extend the DHCPINFORM processing to honor the subnet selection option
and take host declarations into account.
Thanks to Christof Chen for testing and submitting the patch.
This was committed to master of ISC-DHCP on 2013-12-14 and is in V4.3.n
The code diffs look like a really good thing to actually even bother looking up the host-specific options when responding to an INFORM from the client. The previous code did not even try, so it was not a little bug, more a missing feature.
The 35015 code does not appear in the V4.2.n branch. FreeBSD 10.1 pfSense 2.2 has V4.2.6 (and V4.2.7 is current-stable on ISC web site), so neither of those will have this fix/enhancement.
I expect this will be fixed when FreeBSD and pfSense is using V4.3.n of ISC-DHCP - maybe the 4.3.n series is not yet production-stable???
Anyway, this can be closed here, as the issue is dealt with upstream and the fix should flow into FreeBSD and pfSense over time.
#10 Updated by Phillip Davis almost 6 years ago
Received this text in email today from email@example.com :
Yes 4.3 added this functionality. There was a bug
in the earlier versions of it that we fixed in 4.3.2.
Marking this as resolved. If you try 4.3.2 or later
and find a problem you can either re-open this
ticket or open a new ticket.
When FreeBSD and then pfSense end up with ISC DHCP 4.3.2 or later then this should work.