DNSMasq Custom configs not working

The issue I am facing:
I'm trying to add Option 66 to my Pi.holes DHCP server I've made a 10-TFTP.conf file and added the option to it and it worked for all of 5 minutes then suddenly stopped giving out the IP for option 66. I've also even added the option to the 02-pihole-dhcp.conf file to the same resault. It worked for all of 5 minutes and stopped. Even restarting the system does nothing now.

Details about my system:
8GB RAM
i5 4460S

What I have changed since installing Pi-hole:
Added Adblock Lists, Enabled DHCP, Enabled DNSSEC, Changed WebGUI Port to 8080. Server/computer is also running UISP (Ubiquiti's Network managment software)

It would help if you posted exactly what you've added to what file ?

sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.*

And did you reload settings after making the changes ?

sudo service pihole-FTL reload

If install nmap:

sudo apt install nmap

What does below show (adjust eth0 interface if other!) ?

sudo nmap -e eth0 --script broadcast-dhcp-discover

All services were restarted and even the server/computer its self was rebooted and yet still nothing.

/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/10-TFTP.conf:dhcp-option=66,"192.168.1.98"
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-authoritative
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-range=192.168.1.20,192.168.1.80,12h
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-option=option:router,192.168.1.1
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-option=66,"192.168.1.98"
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-leasefile=/etc/pihole/dhcp.leases
/etc/dnsmasq.d/02-pihole-dhcp.conf:domain=kuenet
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-rapid-commit
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-option=option6:dns-server,[::]
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-range=::100,::1ff,constructor:enp2s0,ra-                                            names,slaac,12h
/etc/dnsmasq.d/02-pihole-dhcp.conf:ra-param=*,0,0
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/custom.list
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:dhcp-name-match=set:hostname-ignore,wpad
/etc/dnsmasq.d/01-pihole.conf:dhcp-name-match=set:hostname-ignore,localhost
/etc/dnsmasq.d/01-pihole.conf:dhcp-ignore-names=tag:hostname-ignore
/etc/dnsmasq.d/01-pihole.conf:server=4.2.2.1
/etc/dnsmasq.d/01-pihole.conf:server=4.2.2.2
/etc/dnsmasq.d/01-pihole.conf:server=8.26.56.26
/etc/dnsmasq.d/01-pihole.conf:server=8.20.247.20
/etc/dnsmasq.d/01-pihole.conf:server=9.9.9.9
/etc/dnsmasq.d/01-pihole.conf:server=149.112.112.112
/etc/dnsmasq.d/01-pihole.conf:server=1.1.1.1
/etc/dnsmasq.d/01-pihole.conf:server=1.0.0.1
/etc/dnsmasq.d/01-pihole.conf:server=64.6.64.6
/etc/dnsmasq.d/01-pihole.conf:server=64.6.65.6
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:dnssec
/etc/dnsmasq.d/01-pihole.conf:trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7                                            C65D08458E880409BBC683457104237C7F8EC8D
/etc/dnsmasq.d/01-pihole.conf:interface=enp2s0
/etc/dnsmasq.d/01-pihole.conf:server=/use-application-dns.net/

And this is the result I get from nmap.

kuenet@kuenet:~$ sudo nmap -e enp2s0 --script broadcast-dhcp-discover

Starting Nmap 7.40 ( https://nmap.org ) at 2020-11-21 16:37 AEDT
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 3.29 seconds

I've tested the DHCP with some windows based software and that is not showing option 66 as present.

Sending packet:
  op=BOOTREQUEST chaddr=91:9C:21:A4:8D:AC hops=0 xid=0243FC7B secs=0 flags=8000
  ciaddr=0.0.0.0 yiaddr=0.0.0.0 siaddr=0.0.0.0 giaddr=0.0.0.0 sname= file=
  1 options:
     53 (DHCP Message Type): discover
Received packet from 192.168.1.98:67:
  op=BOOTREPLY chaddr=91:9C:21:A4:8D:AC hops=0 xid=0243FC7B secs=0 flags=8000
  ciaddr=0.0.0.0 yiaddr=192.168.1.20 siaddr=192.168.1.98 giaddr=0.0.0.0 sname=192.168.1.98 file=
  10 options:
     53 (DHCP Message Type): offer
     54 (Server Identifier): 192.168.1.98
     51 (IP Address Lease Time): 43200 (12 hours)
     58 (Renewal (T1) Time Value): 21600 (6 hours)
     59 (Rebinding (T2) Time Value): 37800 (10 hours and 30 minutes)
      1 (Subnet Mask): 255.255.255.0
     28 (Broadcast Address Option): 192.168.1.255
      6 (Domain Name Server Option): 192.168.1.98
     15 (Domain Name): kuenet
      3 (Router Option): 192.168.1.1

Aha, your running an older nmap version 7.40 thats known not to work doing dhcp-discovery.
Could try run apt update/upgrade to see if a newer version nmap is available:

sudo apt update && sudo apt upgrade

You have above two same options configured in two different files.
Ditch that last one!
And dont edit the original "pihole" files manually!
They will get overwritten when making changes via the web GUI or Pi-hole updates.
That 10-TFTP.conf file will do just fine.

Also dont use double quotes " to enclose the 192.168.1.98 address eg:
EDIT: I made mistake, you should use double quotes as documented.
I copy/pasted your details from here and they must have inadvertently contained Windows CR codes or other hidden characters causing my attempt with double quotes to fail ... and also maybe your attempts!
Below works for me so should also work for you if you copy/paste below commands:

pi@ph5:~ $ sudo tee /etc/dnsmasq.d/10-TFTP.conf <<< $'dhcp-option=66,"192.168.1.98"'
dhcp-option=66,"192.168.1.98"

pi@ph5:~ $ pihole-FTL --test
dnsmasq: syntax check OK.

pi@ph5:~ $ sudo service pihole-FTL reload
pi@ph5:~ $

pi@ph5:~ $ sudo nmap -e eth0 --script broadcast-dhcp-discover
Starting Nmap 7.70 ( https://nmap.org ) at 2020-11-21 23:21 CET
Pre-scan script results:
| broadcast-dhcp-discover:
|   Response 1 of 1:
|     IP Offered: 10.0.0.252
|     DHCP Message Type: DHCPOFFER
|     Server Identifier: 10.0.0.4
|     IP Address Lease Time: 2m00s
|     Renewal Time Value: 1m00s
|     Rebinding Time Value: 1m45s
|     Subnet Mask: 255.255.255.0
|     Broadcast Address: 10.0.0.255
|     Domain Name: dehakkelaar.nl
|     TFTP Server Name: 192.168.1.98\x00
|     Router: 10.0.0.1
|_    Domain Name Server: 10.0.0.4, 10.0.0.4, 10.0.0.4
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 10.44 seconds

EDIT2: Ow ps. I noticed when running nmap on the same host that runs the DHCP service, that TFTP option disappears in the nmap output after a minute or so for some unknown reason.
But running nmap from a client machine, it shows that TFPT option consistently

2 Likes

Welp I'll be Honest I dont know what changed but its working now but only from certain clients. But the ones I want working are working haha Thanks for the help there mate!

1 Like

@DL6ER Can the pihole-FTL dhcp-discover assist here as well?

Depends :wink:

Trying to get below to show DHCP options but it wont:

sudo pihole-FTL -- --help dhcp

The dnsmasq version does:

pi@ph5:~ $ dnsmasq --help dhcp
Known DHCP options:
  1 netmask
  2 time-offset
  3 router
  6 dns-server
[..]
 66 tftp-server

I see the (yet experimental) pihole dhcp-discover as a tool to find out whether other DHCP servers may also propagate DNS servers that could potentially be used to bypass Pi-hole.

Requesting arbitrary DHCP options may certainly be possible and useful at times, but it's well beyond Pi-hole's scope.

This does not work because pihole-FTL implies passing -k to dnsmasq, so your command will effectively be

dnsmasq -k --help dhcp

which won't work, either.

edit This will be fixed by


The command will show everything the server offers. TFTP details will be among them.

This ensure we have textual descriptions for all possible DHCP options supported by dnsmasq.

1 Like

Hmm not showing:

pi@noads:~ $ pihole-FTL -v
v4.3.1

pi@noads:~ $ sudo tee /etc/dnsmasq.d/10-TFTP.conf <<< $'dhcp-option=66,"192.168.1.98"'
dhcp-option=66,"192.168.1.98"

pi@noads:~ $ sudo service pihole-FTL reload
pi@noads:~ $

From another Pi with sweet new feature:

pi@ph5:~ $ pihole-FTL -v
v5.3.2

pi@ph5:~ $ pihole-FTL dhcp-discover
Scanning all your interfaces for DHCP servers
Timeout: 10 seconds

* Received 303 bytes from eth0:10.0.0.2
  Offered IP address: 10.0.0.159
  Server IP address: 10.0.0.2
  Relay-agent IP address: N/A
  DHCP options:
   Message type: DHCPOFFER (2)
   server-identifier: 10.0.0.2
   lease-time: 120 ( 2m )
   renewal-time: 60 ( 1m )
   rebinding-time: 105 ( 1m 45s )
   netmask: 255.255.255.0
   broadcast: 10.0.0.255
   dns-server: 10.0.0.2
   domain-name: "dehakkelaar.nl"
   router: 10.0.0.1
   --- end of options ---

DHCP packets received on interface lo: 0
DHCP packets received on interface eth0: 1

pi@ph5:~ $ sudo nmap -e eth0 --script broadcast-dhcp-discover
Starting Nmap 7.70 ( https://nmap.org ) at 2020-12-03 17:59 CET
Pre-scan script results:
| broadcast-dhcp-discover:
|   Response 1 of 1:
|     IP Offered: 10.0.0.252
|     DHCP Message Type: DHCPOFFER
|     Server Identifier: 10.0.0.2
|     IP Address Lease Time: 2m00s
|     Renewal Time Value: 1m00s
|     Rebinding Time Value: 1m45s
|     Subnet Mask: 255.255.255.0
|     Broadcast Address: 10.0.0.255
|     Domain Name Server: 10.0.0.2
|     Domain Name: dehakkelaar.nl
|     Router: 10.0.0.1
|_    TFTP Server Name: 192.168.1.98\x00
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 10.60 seconds

I tried multiple times with same results.
Maybe something odd going on with that TFTP option that I dont know about :smiley:

EDIT: I do get to see the 192.168.1.98 IP when when do a pihole-FTL dhcp-discover:

pi@ph5:~ $ sudo tcpdump -lntXq -i eth0 src 10.0.0.2 and udp port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
IP 10.0.0.2.67 > 255.255.255.255.68: UDP, length 303
        0x0000:  45c0 014b 4bcb 0000 4011 2316 0a00 0002  E..KK...@.#.....
        0x0010:  ffff ffff 0043 0044 0137 080c 0201 0600  .....C.D.7......
        0x0020:  4932 ee9f 0000 8000 0000 0000 0a00 009f  I2..............
        0x0030:  0a00 0002 0000 0000 b827 ebaa 447a 0000  .........'..Dz..
        0x0040:  0000 0000 0000 0000 3139 322e 3136 382e  ........192.168.
        0x0050:  312e 3938 0000 0000 0000 0000 0000 0000  1.98............
        0x0060:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0070:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0080:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0090:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00a0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00b0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00c0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00d0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00e0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x00f0:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0100:  0000 0000 0000 0000 6382 5363 3501 0236  ........c.Sc5..6
        0x0110:  040a 0000 0233 0400 0000 783a 0400 0000  .....3....x:....
        0x0120:  3c3b 0400 0000 6901 04ff ffff 001c 040a  <;....i.........

Try with a version from the last year or so.

Thats just the DHCP server side which seems to do its job according to nmap.
Its the other v5 Pi thats amiss and not reporting that TFTP option for unknown reason.
Or did I understand you wrong ?

EDIT: ow forgot to mention, I also had the v5 instance function as the DHCP server with same results.
But had in mind that I experienced mixed results before if run the dhcp-discover on the same host that does DHCP.
Thats why I parked the DHCP service on the old Pi so I could run dhcp-discover on the newer Pi with DHCP service disabled.

Its not even Christmas yet :wink:

pi@ph5:~ $ pihole-FTL -- --help dhcp
Known DHCP options:
  1 netmask
  2 time-offset
  3 router
  6 dns-server
[..]

Reload isn't sufficient when you change any of the config files. You need a full restart of the process (we directly inherited this from dnsmasq where this is the same).

I restarted the pihole-FTL service on the old Pi including the TFTP option.
Same results when do a pihole-FTL dhcp-discover on the newer Pi .. no TFTP.
And again nmap on the newer Pi does show the TFTP option.

EDIT: if its a biggy, dont bother!
Its as Bucking_Horn said before totaly not necessary to display all options.
Its good enough to see DHCP servers active on the net and importantly what DNS servers are advertised.

According to DL6ER's link, the test requests all DHCP options as supported by dnsmasq anyway (apart from the real vendor-specifics, I guess).

However, there are only three mandatory DHCP options a server has to supply with a DHCPOFFER (lease time, server identifier and message type).
All other options may only be presented on request, and even have to be omitted if a DHCP server cannot provide them (see RFC2131 section 4.3.1), so the exact outcome may depend on your dnsmasq configuration.

TFTP parameters (from DHCP's BOOTP predecessor) are a special case though, as they may appear as either a DHCP option or in their respective dedicated separate fields.

Maybe that's why they fail to display reliably (also with nmap)?

The dhcp-discover requests a full DHCP lease. All available information should be contained (even vendor-specific content). All DHCP data is encoded using a type-specific encoding. What I meant is:

  • All DHCP options dnsmasq understands are also understood by FTL in the way of being able to interpret them. E.g., we can decode something like 4679e5d0a5b664e to
    dns-server=192.168.2.1,192.168.2.2
    
  • In addition, we support the (still only drafted) WPAD configuration extension
  • All other (i.e., vendor-specific) options do typically not contain any hints to the specific formatting. FTL will only tell you something like
    Unknown option <optcode> with length <length (bytes)>
    

So, just I get this right: You enabled TFTP in dnsmasq (or pihole-FTL) and a scan from another device didn't pick up these options in the DHCP scan of FTL?

If this is true, I will try setting up a TFTP server myself tomorrow and check what I can find.

If your asking me, yes thats what I experienced.
Enable DHCP + TFTP option on one Pi running pihole-FTL v4.
And do the discovery from another Pi running pihole-FTL v5.

Do you think you actaully need an active TFTP server for the discover to work ?
As posted before, I can see the TFTP option 192.168.1.98 in the reply when do a tcpdump on the host doing the pihole-FTL dhcp-discover but it just wont show.
But it does show when do a nmap dhcp-discover.

Ah, looking at this again, sure, that's the reason.

@deHakkelaar this is also what is/was happening here:

Without dissecting this now in detail, the 192.168.1.98 is the bootp.server (string with fixed length of 64 bytes). Thereafter, you see many 00 (this is the bootp.file field, fixed length of 128 bytes) and finally 6382 5363 (DHCP magic cookie).

will fix this, watch out for the new BOOTP lines before the options themselves:

* Received 300 bytes from eth2:192.168.0.10
  Offered IP address: 192.168.0.224
  Server IP address: 192.168.0.10
  Relay-agent IP address: N/A
  BOOTP server: 192.168.1.98               <-------------------------
  BOOTP file: (empty)                      <-------------------------
  DHCP options:
   Message type: DHCPOFFER (2)
   server-identifier: 192.168.0.10
   lease-time: 120 ( 2m )
   renewal-time: 60 ( 1m )
   rebinding-time: 105 ( 1m 45s )
   netmask: 255.255.255.0
   broadcast: 192.168.0.255
   dns-server: 192.168.0.10
   domain-name: "lan"
   router: 192.168.0.1
   --- end of options ---
3 Likes

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.