Dnsmasq bug, leasetime always 2 min

I think there is a bug in dnsmasq on

OpenWrt 23.05.3 r23809-234f1a2efa 

The lease time is ignored if set in luci

This is the configuration generated by uci

dhcp-range=set:lan,192.168.2.100,192.168.2.149,255.255.255.0,12h

But with the command

sudo nmap --script broadcast-dhcp-discover

It always return

|     IP Address Lease Time: 2m00s
|     Renewal Time Value: 1m00s
|     Rebinding Time Value: 1m45s

If i set

dhcp-option=lan,51,43200
dhcp-option=lan,58,21600
dhcp-option=lan,59,37800

Lease time is set correctly, but Renewal and Rebinding no

|     IP Address Lease Time: 12h00m00s
|     Renewal Time Value: 1m00s
|     Rebinding Time Value: 1m45s

I am testing on Glinet MT6000 and Netgear DM200, both same versione of openwrt, same result

let's see your config file:

cat /etc/config/dhcp

On my 23.05.3 mt7621 device, these are functioning as expected, perhaps something else might be interfering in dnsmasq config?

opkg info dnsmasq | grep Version
Version: 2.90-2
grep set:wifi /var/etc/dnsmasq.conf.cfg*
dhcp-range=set:wifi,10.53.20.100,10.53.20.249,255.255.255.0,1h
sudo nmap --script broadcast-dhcp-discover
Starting Nmap 7.95 ( https://nmap.org ) at 2024-05-17 10:26 AEST
Pre-scan script results:
| broadcast-dhcp-discover: 
|   Response 1 of 1: 
|     Interface: enp8s0.20
|     IP Offered: 10.53.20.249
|     DHCP Message Type: DHCPOFFER
|     Server Identifier: 10.53.20.1
|     IP Address Lease Time: 1h00m00s
|     Renewal Time Value: 30m00s
|     Rebinding Time Value: 52m30s

These are referred to as T1 and T2 in the dnsmasq source: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=src/rfc2131.c;h=68834ea503ff7610c10bd27673e1bf9773ca463c;hb=b6769234bca9b0eabfe4768832b88d2cdb187092


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option noping '1'
	option port '0'
	option noresolv '1'
	list interface 'lan'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '50'
	option leasetime '12h'
	option dhcpv4 'server'
	option ra 'server'
	option ra_useleasetime '1'
	list dhcp_option '6,8.8.4.4,1.1.1.1'
	list dhcp_option '51,43200'
	list dhcp_option '58,21600'
	list dhcp_option '59,37800'
	list dhcp_option '3,192.168.2.250'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'


Why are you setting these options??

The leastime parameter is right there (accessible from both LuCI and CLI).

Also...

If the DHCP server is running on the gateway (i.e. 192.168.2.250 in your case), you do not need to specify option 3.

1 Like

Why don’t you install and run tcpdump on the router and see how it’s responding? I suspect the problem is with nmap.

tcpdump -i lan -nvv udp and port 67
1 Like

If i don't set

	list dhcp_option '51,43200'

I receive

|     IP Address Lease Time: 2m00s

I already used wireshark on my pc and i'm receiving two field about lease time when using option 51:

  • first field 51 with 2min
  • second field 51 with 12h

Here you are wireshark dump

Dynamic Host Configuration Protocol (Offer)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xa3452f6a
    Seconds elapsed: 0
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.2.149
    Next server IP address: 192.168.2.250
    Relay agent IP address: 0.0.0.0
    Client MAC address: de:ad:c0:XX:XX:XX (de:ad:c0:XX:XX:XX)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Offer)
        Length: 1
        DHCP: Offer (2)
    Option: (54) DHCP Server Identifier (192.168.2.250)
        Length: 4
        DHCP Server Identifier: 192.168.2.250
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (120s) 2 minutes
    Option: (58) Renewal Time Value
        Length: 4
        Renewal Time Value: (60s) 1 minute
    Option: (59) Rebinding Time Value
        Length: 4
        Rebinding Time Value: (105s) 1 minute, 45 seconds
    Option: (1) Subnet Mask (255.255.255.0)
        Length: 4
        Subnet Mask: 255.255.255.0
    Option: (28) Broadcast Address (192.168.2.255)
        Length: 4
        Broadcast Address: 192.168.2.255
    Option: (15) Domain Name
        Length: 3
        Domain Name: lan
    Option: (3) Router
        Length: 4
        Router: 192.168.2.250
    Option: (51) IP Address Lease Time
        Length: 4
        IP Address Lease Time: (43200s) 12 hours
    Option: (6) Domain Name Server
        Length: 8
        Domain Name Server: 8.8.4.4
        Domain Name Server: 1.1.1.1
    Option: (255) End
        Option End: 255

How you can see there are two Option: (51) IP Address Lease Time

I did not change anything on OpenWRT and I receive

|     IP Address Lease Time: 12h00m00s
|     Renewal Time Value: 6h00m00s
|     Rebinding Time Value: 10h30m00s

Is there a reason you aren't allowing checks if an address is already in use on the network? I would suggest getting rid of this option.

My idea was to capture from the router to observe what dnsmasq is sending, versus what your nmap client is receiving. May or may not be the same.

Have you verified that there isn’t another dhcp server on the network?

I see gateway differs from "openwrt" - can you help more with your network topology. Also check you do not have DHCP relay somewhere on the network.

TCPDUMP

root@MT6000:/etc# tcpdump -i br-lan -nvv udp and port 67
tcpdump: listening on br-lan, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:50:47.263063 IP (tos 0x0, ttl 64, id 62685, offset 0, flags [DF], proto UDP (17), length 344)
    192.168.2.91.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from de:ad:c0:de:ca:fe, length 316, xid 0x608a961f, Flags [Broadcast] (0x8000)
	  Client-Ethernet-Address de:ad:c0:de:ca:fe
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Discover
	    Parameter-Request (55), length 64: 
	      Unknown (252), Subnet-Mask (1), Time-Zone (2), Default-Gateway (3)
	      Time-Server (4), IEN-Name-Server (5), Domain-Name-Server (6), LOG (7)
	      CS (8), LPR-Server (9), IM (10), RL (11)
	      Hostname (12), BS (13), DP (14), Domain-Name (15)
	      SS (16), RP (17), EP (18), IPF (19)
	      SRT (20), PF (21), RSZ (22), TTL (23)
	      MTU-Timeout (24), MTU-Table (25), MTU (26), LSN (27)
	      BR (28), MD (29), MS (30), Router-Discovery (31)
	      RSA (32), Static-Route (33), UT (34), AT (35)
	      IE (36), TT (37), KI (38), KG (39)
	      YD (40), YS (41), NTP (42), Vendor-Option (43)
	      Netbios-Name-Server (44), WDD (45), Netbios-Node (46), Netbios-Scope (47)
	      XFS (48), XDM (49), Requested-IP (50), Lease-Time (51)
	      OO (52), DHCP-Message (53), Server-ID (54), Parameter-Request (55)
	      MSG (56), MSZ (57), RN (58), RB (59)
	      Vendor-Class (60), Client-ID (61), BF (67), TFTP (66)
	    Lease-Time (51), length 4: 1
16:50:50.267243 IP (tos 0xc0, ttl 64, id 59854, offset 0, flags [none], proto UDP (17), length 328)
    192.168.2.240.67 > 255.255.255.255.68: [bad udp cksum 0xc4dd -> 0x633f!] BOOTP/DHCP, Reply, length 300, xid 0x608a961f, Flags [Broadcast] (0x8000)
	  Your-IP 192.168.2.149
	  Server-IP 192.168.2.240
	  Client-Ethernet-Address de:ad:c0:de:ca:fe
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Offer
	    Server-ID (54), length 4: 192.168.2.240
	    Lease-Time (51), length 4: 120
	    RN (58), length 4: 60
	    RB (59), length 4: 105
	    Subnet-Mask (1), length 4: 255.255.255.0
	    BR (28), length 4: 192.168.2.255
	    Default-Gateway (3), length 4: 192.168.2.240
	    Domain-Name (15), length 3: "lan"


/etc/config/dhcp

root@MT6000:/etc# cat /etc/config/dhcp 

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	list interface 'lan'
	option port '0'
	option noresolv '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '50'
	option leasetime '12h'
	option dhcpv4 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'


Check no toher dhcp server on the network

root@MT6000:/etc# /etc/init.d/dnsmasq restart
udhcpc: started, v1.36.1
udhcpc: broadcasting discover
udhcpc: no lease, failing

I just tried with an iphone and it seems to work

root@MT6000:/etc# tcpdump -i br-lan -nvv udp and port 67
tcpdump: listening on br-lan, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:05:25.176887 IP (tos 0x0, ttl 255, id 7977, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from XX:XX:XX:XX:XX:XX, length 300, xid 0x6ef7735c, secs 2, Flags [none] (0x0000)
	  Client-Ethernet-Address XX:XX:XX:XX:XX:XX
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Discover
	    Parameter-Request (55), length 9: 
	      Subnet-Mask (1), Classless-Static-Route (121), Default-Gateway (3), Domain-Name-Server (6)
	      Domain-Name (15), Unknown (108), URL (114), Unknown (119)
	      Unknown (252)
	    MSZ (57), length 2: 1500
	    Client-ID (61), length 7: ether XX:XX:XX:XX:XX:XX
	    Lease-Time (51), length 4: 7776000
17:05:27.294880 IP (tos 0x0, ttl 255, id 7978, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from XX:XX:XX:XX:XX:XX, length 300, xid 0x6ef7735c, secs 4, Flags [none] (0x0000)
	  Client-Ethernet-Address XX:XX:XX:XX:XX:XX
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Discover
	    Parameter-Request (55), length 9: 
	      Subnet-Mask (1), Classless-Static-Route (121), Default-Gateway (3), Domain-Name-Server (6)
	      Domain-Name (15), Unknown (108), URL (114), Unknown (119)
	      Unknown (252)
	    MSZ (57), length 2: 1500
	    Client-ID (61), length 7: ether XX:XX:XX:XX:XX:XX
	    Lease-Time (51), length 4: 7776000
17:05:28.181317 IP (tos 0xc0, ttl 64, id 32261, offset 0, flags [none], proto UDP (17), length 328)
    192.168.2.240.67 > 192.168.2.148.68: [bad udp cksum 0x881a -> 0x4011!] BOOTP/DHCP, Reply, length 300, xid 0x6ef7735c, secs 2, Flags [none] (0x0000)
	  Your-IP 192.168.2.148
	  Server-IP 192.168.2.240
	  Client-Ethernet-Address XX:XX:XX:XX:XX:XX
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Offer
	    Server-ID (54), length 4: 192.168.2.240
	    Lease-Time (51), length 4: 43200
	    RN (58), length 4: 21600
	    RB (59), length 4: 37800
	    Subnet-Mask (1), length 4: 255.255.255.0
	    BR (28), length 4: 192.168.2.255
	    Default-Gateway (3), length 4: 192.168.2.240
	    Domain-Name (15), length 3: "lan"
17:05:28.181564 IP (tos 0xc0, ttl 64, id 32262, offset 0, flags [none], proto UDP (17), length 328)
    192.168.2.240.67 > 192.168.2.148.68: [bad udp cksum 0x881a -> 0x400f!] BOOTP/DHCP, Reply, length 300, xid 0x6ef7735c, secs 4, Flags [none] (0x0000)
	  Your-IP 192.168.2.148
	  Server-IP 192.168.2.240
	  Client-Ethernet-Address XX:XX:XX:XX:XX:XX
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Offer
	    Server-ID (54), length 4: 192.168.2.240
	    Lease-Time (51), length 4: 43200
	    RN (58), length 4: 21600
	    RB (59), length 4: 37800
	    Subnet-Mask (1), length 4: 255.255.255.0
	    BR (28), length 4: 192.168.2.255
	    Default-Gateway (3), length 4: 192.168.2.240
	    Domain-Name (15), length 3: "lan"
17:05:29.190240 IP (tos 0x0, ttl 255, id 7979, offset 0, flags [none], proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from XX:XX:XX:XX:XX:XX, length 300, xid 0x6ef7735c, secs 6, Flags [none] (0x0000)
	  Client-Ethernet-Address XX:XX:XX:XX:XX:XX
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Request
	    Parameter-Request (55), length 9: 
	      Subnet-Mask (1), Classless-Static-Route (121), Default-Gateway (3), Domain-Name-Server (6)
	      Domain-Name (15), Unknown (108), URL (114), Unknown (119)
	      Unknown (252)
	    MSZ (57), length 2: 1500
	    Client-ID (61), length 7: ether XX:XX:XX:XX:XX:XX
	    Requested-IP (50), length 4: 192.168.2.148
	    Server-ID (54), length 4: 192.168.2.240
17:05:29.190817 IP (tos 0xc0, ttl 64, id 32357, offset 0, flags [none], proto UDP (17), length 328)
    192.168.2.240.67 > 192.168.2.148.68: [bad udp cksum 0x881a -> 0x3d0d!] BOOTP/DHCP, Reply, length 300, xid 0x6ef7735c, secs 6, Flags [none] (0x0000)
	  Your-IP 192.168.2.148
	  Server-IP 192.168.2.240
	  Client-Ethernet-Address XX:XX:XX:XX:XX:XX
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: ACK
	    Server-ID (54), length 4: 192.168.2.240
	    Lease-Time (51), length 4: 43200
	    RN (58), length 4: 21600
	    RB (59), length 4: 37800
	    Subnet-Mask (1), length 4: 255.255.255.0
	    BR (28), length 4: 192.168.2.255
	    Default-Gateway (3), length 4: 192.168.2.240
	    Domain-Name (15), length 3: "lan"

Maybe the Nmap script has flags that make it behave differently.

Remove these three lines:

Okay, i discovered that nmap script is requesting a leastime of 1 during the dhcp discover

	    Lease-Time (51), length 4: 1

So the DHCP server is accommodating it.

How comes your DHCP server IP nibbles all the time?

Because I have a modem with small flash and i cannot install tcpdump, so i tested on mt6000, i disabled the dhcp server on the modem and enabled it on mt6000

Anyway, problem solved, it is nmap script requesting a short lease time

So yo admit you had two dhcp servers in the network.