DNSMasq Custom configs not working

The issue I am facing:
I'm trying to add Option 66 to my Pi.holes DHCP server I've made a 10-TFTP.conf file and added the option to it and it worked for all of 5 minutes then suddenly stopped giving out the IP for option 66. I've also even added the option to the 02-pihole-dhcp.conf file to the same resault. It worked for all of 5 minutes and stopped. Even restarting the system does nothing now.

Details about my system:
8GB RAM
i5 4460S

What I have changed since installing Pi-hole:
Added Adblock Lists, Enabled DHCP, Enabled DNSSEC, Changed WebGUI Port to 8080. Server/computer is also running UISP (Ubiquiti's Network managment software)

It would help if you posted exactly what you've added to what file ?

sudo grep -v '^\s*#\|^\s*$' -R /etc/dnsmasq.*

And did you reload settings after making the changes ?

sudo service pihole-FTL reload

If install nmap:

sudo apt install nmap

What does below show (adjust eth0 interface if other!) ?

sudo nmap -e eth0 --script broadcast-dhcp-discover

All services were restarted and even the server/computer its self was rebooted and yet still nothing.

/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/10-TFTP.conf:dhcp-option=66,"192.168.1.98"
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-authoritative
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-range=192.168.1.20,192.168.1.80,12h
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-option=option:router,192.168.1.1
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-option=66,"192.168.1.98"
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-leasefile=/etc/pihole/dhcp.leases
/etc/dnsmasq.d/02-pihole-dhcp.conf:domain=kuenet
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-rapid-commit
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-option=option6:dns-server,[::]
/etc/dnsmasq.d/02-pihole-dhcp.conf:dhcp-range=::100,::1ff,constructor:enp2s0,ra-                                            names,slaac,12h
/etc/dnsmasq.d/02-pihole-dhcp.conf:ra-param=*,0,0
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/custom.list
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:cache-size=10000
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:dhcp-name-match=set:hostname-ignore,wpad
/etc/dnsmasq.d/01-pihole.conf:dhcp-name-match=set:hostname-ignore,localhost
/etc/dnsmasq.d/01-pihole.conf:dhcp-ignore-names=tag:hostname-ignore
/etc/dnsmasq.d/01-pihole.conf:server=4.2.2.1
/etc/dnsmasq.d/01-pihole.conf:server=4.2.2.2
/etc/dnsmasq.d/01-pihole.conf:server=8.26.56.26
/etc/dnsmasq.d/01-pihole.conf:server=8.20.247.20
/etc/dnsmasq.d/01-pihole.conf:server=9.9.9.9
/etc/dnsmasq.d/01-pihole.conf:server=149.112.112.112
/etc/dnsmasq.d/01-pihole.conf:server=1.1.1.1
/etc/dnsmasq.d/01-pihole.conf:server=1.0.0.1
/etc/dnsmasq.d/01-pihole.conf:server=64.6.64.6
/etc/dnsmasq.d/01-pihole.conf:server=64.6.65.6
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:dnssec
/etc/dnsmasq.d/01-pihole.conf:trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7                                            C65D08458E880409BBC683457104237C7F8EC8D
/etc/dnsmasq.d/01-pihole.conf:interface=enp2s0
/etc/dnsmasq.d/01-pihole.conf:server=/use-application-dns.net/

And this is the result I get from nmap.

kuenet@kuenet:~$ sudo nmap -e enp2s0 --script broadcast-dhcp-discover

Starting Nmap 7.40 ( https://nmap.org ) at 2020-11-21 16:37 AEDT
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 3.29 seconds

I've tested the DHCP with some windows based software and that is not showing option 66 as present.

Sending packet:
  op=BOOTREQUEST chaddr=91:9C:21:A4:8D:AC hops=0 xid=0243FC7B secs=0 flags=8000
  ciaddr=0.0.0.0 yiaddr=0.0.0.0 siaddr=0.0.0.0 giaddr=0.0.0.0 sname= file=
  1 options:
     53 (DHCP Message Type): discover
Received packet from 192.168.1.98:67:
  op=BOOTREPLY chaddr=91:9C:21:A4:8D:AC hops=0 xid=0243FC7B secs=0 flags=8000
  ciaddr=0.0.0.0 yiaddr=192.168.1.20 siaddr=192.168.1.98 giaddr=0.0.0.0 sname=192.168.1.98 file=
  10 options:
     53 (DHCP Message Type): offer
     54 (Server Identifier): 192.168.1.98
     51 (IP Address Lease Time): 43200 (12 hours)
     58 (Renewal (T1) Time Value): 21600 (6 hours)
     59 (Rebinding (T2) Time Value): 37800 (10 hours and 30 minutes)
      1 (Subnet Mask): 255.255.255.0
     28 (Broadcast Address Option): 192.168.1.255
      6 (Domain Name Server Option): 192.168.1.98
     15 (Domain Name): kuenet
      3 (Router Option): 192.168.1.1

Aha, your running an older nmap version 7.40 thats known not to work doing dhcp-discovery.
Could try run apt update/upgrade to see if a newer version nmap is available:

sudo apt update && sudo apt upgrade

You have above two same options configured in two different files.
Ditch that last one!
And dont edit the original "pihole" files manually!
They will get overwritten when making changes via the web GUI or Pi-hole updates.
That 10-TFTP.conf file will do just fine.

Also dont use double quotes " to enclose the 192.168.1.98 address eg:
EDIT: I made mistake, you should use double quotes as documented.
I copy/pasted your details from here and they must have inadvertently contained Windows CR codes or other hidden characters causing my attempt with double quotes to fail ... and also maybe your attempts!
Below works for me so should also work for you if you copy/paste below commands:

pi@ph5:~ $ sudo tee /etc/dnsmasq.d/10-TFTP.conf <<< $'dhcp-option=66,"192.168.1.98"'
dhcp-option=66,"192.168.1.98"

pi@ph5:~ $ pihole-FTL --test
dnsmasq: syntax check OK.

pi@ph5:~ $ sudo service pihole-FTL reload
pi@ph5:~ $

pi@ph5:~ $ sudo nmap -e eth0 --script broadcast-dhcp-discover
Starting Nmap 7.70 ( https://nmap.org ) at 2020-11-21 23:21 CET
Pre-scan script results:
| broadcast-dhcp-discover:
|   Response 1 of 1:
|     IP Offered: 10.0.0.252
|     DHCP Message Type: DHCPOFFER
|     Server Identifier: 10.0.0.4
|     IP Address Lease Time: 2m00s
|     Renewal Time Value: 1m00s
|     Rebinding Time Value: 1m45s
|     Subnet Mask: 255.255.255.0
|     Broadcast Address: 10.0.0.255
|     Domain Name: dehakkelaar.nl
|     TFTP Server Name: 192.168.1.98\x00
|     Router: 10.0.0.1
|_    Domain Name Server: 10.0.0.4, 10.0.0.4, 10.0.0.4
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 10.44 seconds

EDIT2: Ow ps. I noticed when running nmap on the same host that runs the DHCP service, that TFTP option disappears in the nmap output after a minute or so for some unknown reason.
But running nmap from a client machine, it shows that TFPT option consistently

2 Likes

Welp I'll be Honest I dont know what changed but its working now but only from certain clients. But the ones I want working are working haha Thanks for the help there mate!

1 Like

@DL6ER Can the pihole-FTL dhcp-discover assist here as well?

Depends :wink:

Trying to get below to show DHCP options but it wont:

sudo pihole-FTL -- --help dhcp

The dnsmasq version does:

pi@ph5:~ $ dnsmasq --help dhcp
Known DHCP options:
  1 netmask
  2 time-offset
  3 router
  6 dns-server
[..]
 66 tftp-server

I see the (yet experimental) pihole dhcp-discover as a tool to find out whether other DHCP servers may also propagate DNS servers that could potentially be used to bypass Pi-hole.

Requesting arbitrary DHCP options may certainly be possible and useful at times, but it's well beyond Pi-hole's scope.

This does not work because pihole-FTL implies passing -k to dnsmasq, so your command will effectively be

dnsmasq -k --help dhcp

which won't work, either.

edit This will be fixed by


The command will show everything the server offers. TFTP details will be among them.

This ensure we have textual descriptions for all possible DHCP options supported by dnsmasq.