DHCP port not opened after configuring dnsmasq

Greetings, all :slight_smile:

I'm looking for advice on why I do not see port 67/udp active on my OpenWRT device after configuring dnsmasq?

I installed OpenWrt SNAPSHOT, r15480-56d64d8b5a on a Rpi 4 Model B about 4 months ago. It has two interfaces (LAN + WAN) and is acting as a router / firewall between my home lab (LAN interface) and the home network / ISP router.

Recently I decided to set up dnsmasq for serving DNS & DHCPv4 inside that lab network only. The DNS part works fine and I see 53/tcp & 53/udp bound to the LAN interface; however, there is nothing open on 67/udp, meaning my test DHCP client (also on lab network) doesn't get a response when broadcasting.

Below is my DHCP config:

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/<snip>/'
        option domain '<snip>'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option logqueries '1'
        list server '<snip>'
        list notinterface 'wlan0'
        list notinterface 'wan'
        option noresolv '1'
        option sequential_ip '1'
        option expandhosts '1'
        option logdhcp '1'

config dhcp 'lan1'
        option interface 'lan1'
        option dhcpv4 'server'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option force '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '1'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '7'

And here's the open ports for dnsmasq:

# netstat -nap |grep dns
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1982/dnsmasq
tcp        0      0 <snip>:53        0.0.0.0:*               LISTEN      1982/dnsmasq
tcp        0      0 ::1:53                  :::*                    LISTEN      1982/dnsmasq
tcp        0      0 <snip>:53 :::*                    LISTEN      1982/dnsmasq
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1982/dnsmasq
udp        0      0 <snip>:53        0.0.0.0:*                           1982/dnsmasq
udp        0      0 ::1:53                  :::*                                1982/dnsmasq
udp        0      0 <snip>:53 :::*                                1982/dnsmasq
unix  2      [ ]         DGRAM                      5871 1982/dnsmasq
unix  2      [ ]         DGRAM                      5874 1982/dnsmasq
unix  3      [ ]         STREAM     CONNECTED       5868 1982/dnsmasq 

Am I missing something simple here?

Thanks!

Notes: 1) currently all hosts inside the lab have static IP's and manually configured DNS/gateway). there are no other DHCP servers on the LAN
2) I disabled DHCPv6 in the process of trying to get this to work
3) tcpdump on dhcp client confirms it is sending a broadcast
4) I see no errors or useful messaged in any logs

service dnsmasq restart; logread -e dnsmasq

1 Like

Hi - thanks for the response.

There's nothing of interest in there. Just a bunch of DNS related messages like below...

Mon May  3 09:58:43 2021 daemon.info dnsmasq[1982]: 12 <snip>/44202 forwarded mirror.librelabucm.org to <snip>
Mon May  3 09:58:43 2021 daemon.info dnsmasq[1982]: 11 <snip>/44202 reply mirror.librelabucm.org is 147.96.25.75
Mon May  3 09:58:43 2021 daemon.info dnsmasq[1982]: 12 <snip>/44202 reply mirror.librelabucm.org is ::ffff:147.96.25.75
Mon May  3 13:01:02 2021 daemon.info dnsmasq[1982]: 13 <snip>/33747 query[A] mirrorlist.centos.org from <snip>
Mon May  3 13:01:02 2021 daemon.info dnsmasq[1982]: 13 <snip>/33747 forwarded mirrorlist.centos.org to <snip>
Mon May  3 13:01:02 2021 daemon.info dnsmasq[1982]: 14 <snip>/33747 query[AAAA] mirrorlist.centos.org from <snip>
Mon May  3 13:01:02 2021 daemon.info dnsmasq[1982]: 14 <snip>/33747 forwarded mirrorlist.centos.org to <snip>
Mon May  3 13:01:02 2021 daemon.info dnsmasq[1982]: 13 <snip>/33747 reply mirrorlist.centos.org is 67.219.148.138
Mon May  3 13:01:02 2021 daemon.info dnsmasq[1982]: 13 <snip>/33747 reply mirrorlist.centos.org is 18.225.36.18
Mon May  3 13:01:02 2021 daemon.info dnsmasq[1982]: 13 <snip>/33747 reply mirrorlist.centos.org is 35.180.43.213
Mon May  3 13:01:02 2021 daemon.info dnsmasq[1982]: 13 <snip>/33747 reply mirrorlist.centos.org is 147.75.69.225
Mon May  3 13:01:02 2021 daemon.info dnsmasq[1982]: 13 <snip>/33747 reply mirrorlist.centos.org is 147.75.83.237
Mon May  3 13:01:02 2021 daemon.info dnsmasq[1982]: 13 <snip>/33747 reply mirrorlist.centos.org is 85.236.43.108

This doesn't look right. There are no messages indicating that dnsmasq restarted.

Tue May  4 07:18:29 2021 daemon.info dnsmasq[8410]: exiting on receipt of SIGTERM
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: Connected to system UBus
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: started, version 2.84test3 cachesize 9900
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: UBus support enabled: connected to system bus
Tue May  4 07:18:30 2021 daemon.info dnsmasq-dhcp[9046]: DHCP, IP range 172.30.30.200 -- 172.30.30.249, lease time 1d
Tue May  4 07:18:30 2021 daemon.info dnsmasq-dhcp[9046]: DHCP, IP range 172.17.17.100 -- 172.17.17.249, lease time 1h
Tue May  4 07:18:30 2021 daemon.info dnsmasq-dhcp[9046]: DHCP, IP range 10.0.2.100 -- 10.0.2.249, lease time 2h
Tue May  4 07:18:30 2021 daemon.info dnsmasq-tftp[9046]: TFTP root is /tmp/
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain test
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain onion
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain localhost
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain local
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain invalid
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain bind
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using nameserver 10.0.1.1#53 for domain elv
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain mrv
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: reading /tmp/resolv.conf.d/resolv.conf.auto
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain test
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain onion
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain localhost
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain local
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain invalid
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain bind
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using nameserver 10.0.1.1#53 for domain elv
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using only locally-known addresses for domain mrv
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using nameserver 172.30.30.2#53
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using nameserver 10.0.2.3#53
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: using nameserver 10.0.20.1#53
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: read /etc/hosts - 4 addresses
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: read /tmp/hosts/odhcpd - 8 addresses
Tue May  4 07:18:30 2021 daemon.info dnsmasq[9046]: read /tmp/hosts/dhcp.cfg01411c - 64 addresses
Tue May  4 07:18:30 2021 daemon.info dnsmasq-dhcp[9046]: read /etc/ethers - 0 addresses

sorry, I chopped large parts of it out!

See below. There are several difference in the compile time options, although DHCP is there.

Tue May  4 09:39:11 2021 daemon.info dnsmasq[1982]: exiting on receipt of SIGTERM
Tue May  4 09:39:11 2021 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Tue May  4 09:39:11 2021 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: Connected to system UBus
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: started, version 2.82 cachesize 150
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dump
file
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: UBus support enabled: connected to system bus
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: using only locally-known addresses for domain test
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: using only locally-known addresses for domain onion
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: using only locally-known addresses for domain localhost
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: using only locally-known addresses for domain local
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: using only locally-known addresses for domain invalid
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: using only locally-known addresses for domain bind
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: using nameserver <snip>#53
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: using only locally-known addresses for domain <snip>
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: read /etc/hosts - 4 addresses
Tue May  4 09:39:11 2021 daemon.info dnsmasq[3428]: read /tmp/hosts/dhcp.cfg01411c - 10 addresses

DHCP is not there, you don't have any lines with the pool

Tue May  4 07:18:30 2021 daemon.info dnsmasq-dhcp[9046]: DHCP, IP range 172.30.30.200 -- 172.30.30.249, lease time 1d
Tue May  4 07:18:30 2021 daemon.info dnsmasq-dhcp[9046]: DHCP, IP range 172.17.17.100 -- 172.17.17.249, lease time 1h
Tue May  4 07:18:30 2021 daemon.info dnsmasq-dhcp[9046]: DHCP, IP range 10.0.2.100 -- 10.0.2.249, lease time 2h

Is the pool start and limit values correct?
What is the uci show network.lan1 ?

1 Like

I set a small range initially, but it looks ok to me. I also noticed that TFTP service does not start if it's enabled in DHCP config

# uci show dhcp.lan1.start
dhcp.lan1.start='220'
# uci show dhcp.lan1.limit
dhcp.lan1.limit='225'
# uci show network.lan1
network.lan1=interface
network.lan1.type='bridge'
network.lan1.ifname='eth1'
network.lan1.proto='static'
network.lan1.ipaddr='192.168.15.1'
network.lan1.netmask='255.255.255.0'
network.lan1.peerdns='0'
network.lan1.dns='<snip>'

You should not assign an internet nameserver on the lan interface, but on the wan, where it is reachable from.

This is not the last address but the amount of addresses of the pool.
The dhcp server should work out of the box as soon as you first boot OpenWrt on the lan interface, which by default is eth0 on RPi4. So you can try to restore to defaults and try again, however I'd advise to use the community build.

1 Like

Thanks. I made a couple of adjustments based on your feedback but they did not make a difference!

I think I will try the community build :slight_smile:

1 Like