Proper way to disable DHCP and DNS servers completely

bernd-wechner · April 10, 2021, 11:47am

This seems to have been asked again and and again and I have found no clear solution bare the superbly elegant one posted here in this closed thread that I am continuing:

Kudos to @trendy for actually clarifying the simple easy way to do this. Like many I have OpenWRT installed on some WAPs/switches and I don't want them playing any role at all whatsoever in dhcp or dns service, just be WAPS and switches.

But here's the crunch, I check the completeness of the disable with netstat to see what's listening and after disabling and stopping dnsmasq and odhcp as @trendy suggested I still see:

# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      959/uhttpd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      810/dropbear
tcp        0      0 :::80                   :::*                    LISTEN      959/uhttpd
tcp        0      0 :::22                   :::*                    LISTEN      810/dropbear
udp        0      0 :::546                  :::*                                1188/odhcp6c

Yes, odhcp6c is still listening on port 546. Grrrr.

But:

How and where can odhcp6 be disabled and stopped?

Not a huge priority as we're not using IPv6 actively here yet, but ... be nice to see it go.

anon50098793 · April 10, 2021, 11:51am

uci show network; uci show dhcp

(remove/randomize uniq mac addresses, passwords, usernames)

dsouza · April 10, 2021, 11:56am

@bernd-wechner have you checked some other tips from the page below?

I personally ended up doing a custom build removing all packages not needed for an access point (removed all IPv6 support, dnsmasq, firewall, etc and installed only base LuCI).

vgaetera · April 10, 2021, 12:03pm

It's normal for DHCPv6 client.
Don't confuse client and server.

bernd-wechner · April 10, 2021, 12:03pm

# uci show network; uci show dhcp
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='yada yada'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='dhcp'
network.lan_eth0_1_dev=device
network.lan_eth0_1_dev.name='eth0.1'
network.lan_eth0_1_dev.macaddr='macmac'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan_eth0_2_dev=device
network.wan_eth0_2_dev.name='eth0.2'
network.wan_eth0_2_dev.macaddr='macmac'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 3 4 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='6t'
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'

Is that useful? A lot of detail and background reading demanded for me to understand all these settings (even then the docs are not always fulfilling alas).

bernd-wechner · April 10, 2021, 12:07pm

Oh, I see. The c in odhcp6c is for "client"? Correct?

Puzzles me why a DHCP client has a IPv6 listener and not an IPv4 listener and why it needs a listener at all (isn't the DHCP request broadcast and the DHCP offer also broadcast on the local LAN?) Just curious - ever learning and ever curious.

hnyman · April 10, 2021, 12:15pm

It is the ipv6 client toward wan. The way how your router gets its wan ipv6 addresses.

vgaetera · April 10, 2021, 12:15pm

bernd-wechner · April 10, 2021, 12:18pm

Ah, well, it's not WAN facing. But I guess if the LAN DHCP server started issuing IPv6 addresses it's still used for that too. But from what @vgaetera suggests this is part of the IPV6 protocol suite (A reconfigure message) which perhaps doesn't exist in the IPv4 DHCP protocol and hence no listener needed.

trendy · April 10, 2021, 6:51pm

If you are configuring a dumbAP as you say, it is mentioned in steps 3 and 4 how to disable them.