Running on OpenWrt 21.02.0 r16279-5cc0535800. I'm a bit confused when not adding a DHCP config entry in /etc/config/dhcp for a certain interface. For example I have the following interfaces:
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option device 'br-lan'
list dns '192.168.1.1'
option ipaddr '192.168.1.1'
config interface 'macvlan'
option proto 'static'
option defaultroute '0'
option netmask '255.255.255.255'
option device 'br-lan.20'
option ipaddr '192.168.1.2'
Which belongs to the same subnet. In the dhcp config file, I had this configuration only (which is only for the interface lan):
From time to time I would have some weird problem happening on a small percentage of connected devices, they would have their gateway IP set to 192.168.1.2 instead of 192.168.1.1. But my thoughts was that because there isn't a DHCP config entry for interface macvlan, it should not be serving any DHCP advertisements on it, however I was surprised that this was not true when I ran tcpdump and checked with netstat -apn that dnsmasq was listening on all interfaces and serving on both interfaces. I was able to solve this by creating a DHCP entry for macvlan and setting option ignore '1'.
My question is, should I always be doing this for any interface I don't want DHCP handling on? Even the WAN interfaces for example? And why is it that if I don't configure a DHCP entry for the interface, that the dnsmasq assumes that it is alright to serve DHCP on the interface, wouldn't this be considered a bit of security concern?
I created a new vlan subinterface to test and dhcp was not activated on it. However you have an ip overlap on the 2 interfaces there and it makes sense that something like this might happen.
That's the default wan though right? Cause I have wanb and wanc in addition to wan (another internet link and wireguard vpn link). These were created from the luci GUI, and I'm checking the dhcp config and there are no entries for them there (only wan has a config).
That's what i thought at first, I was under the impression that by leaving the dhcp entry empty for the interface it would mean that dnsmasq won't be listening on the interface, but apparently it is not the case
Sorry I misunderstood, now I get what you meant. Your idea does work but I'm disliking it because of having too many config places to achieve my goal. I mean there is the option ignore '1' in dhcp config, then there is the interface option in dnsmasq config. From the GUI side of things, I'm liking the "Ignore interface" under interface dhcp settings more as it feels more confident. The DNS "General Settings">"Listen Interfaces" is barely a text box without autocomplete and feels hidden with all of the other options around it, plus it makes me wonder what "interface" here means, like are they "OpenWRT interfaces" or the ip a interfaces (cause in OpenWRT 21 they changed how interfaces work, but I'm guessing that it's the ip a interfaces)?
In any case, I'll be sticking with the "Ignore interface" or option ignore '1', so thank you all for sharing and clarifying things for me.