Dhclient wants to renew resolv.conf every 60 seconds for WAN
-
Hi everybody, I'm new on this forum but I've been using pfsense since several months, and I've just noticed a bug with DHCP on WAN side.
I have a "bridged" connection with my ISP, making my Pfsense router receiving the public IP address, unfortunately dynamic (always changing each 24 hours).
On other network card, there are my lan and some VLANs. Everything works as expected, except dhclient who wants to "RENEW" and this recreates resolv.conf infinitely, this happens every 60 seconds.
That could explain why a CF card and two USB keys were destroyed within less than 1 year (I use the embedded version 2.2.3 amd64)…
Example of my DHCP log :
Aug 30 02:32:44 dhcpd: Internet Systems Consortium DHCP Server 4.2.8
Aug 30 02:32:44 dhcpd: Copyright 2004-2015 Internet Systems Consortium.
Aug 30 02:32:44 dhcpd: All rights reserved.
Aug 30 02:32:44 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Aug 30 02:32:44 dhcpd: Internet Systems Consortium DHCP Server 4.2.8
Aug 30 02:32:44 dhcpd: Copyright 2004-2015 Internet Systems Consortium.
Aug 30 02:32:44 dhcpd: All rights reserved.
Aug 30 02:32:44 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Aug 30 02:32:44 dhcpd: Wrote 0 deleted host decls to leases file.
Aug 30 02:32:44 dhcpd: Wrote 0 new dynamic host decls to leases file.
Aug 30 02:32:44 dhcpd: Wrote 6 leases to leases file.
Aug 30 02:32:44 dhcpd: Listening on BPF/re1/fc:aa:14:xx:xx:xx/192.168.1.0/24
Aug 30 02:32:44 dhcpd: Sending on BPF/re1/fc:aa:14:xx:xx:xx/192.168.1.0/24
Aug 30 02:32:44 dhcpd: Sending on Socket/fallback/fallback-net
Aug 30 02:33:01 dhclient: RENEW
Aug 30 02:33:01 dhclient: Creating resolv.conf
Aug 30 02:34:01 dhclient: RENEW
Aug 30 02:34:01 dhclient: Creating resolv.conf
Aug 30 02:35:01 dhclient: RENEW
Aug 30 02:35:01 dhclient: Creating resolv.conf
Aug 30 02:36:01 dhclient: RENEW
Aug 30 02:36:01 dhclient: Creating resolv.conf
Aug 30 02:37:01 dhclient: RENEW
Aug 30 02:37:01 dhclient: Creating resolv.conf
Aug 30 02:38:01 dhclient: RENEW
Aug 30 02:38:01 dhclient: Creating resolv.confAgain and again...
My problem is similar to this thread : https://forum.pfsense.org/index.php?topic=31208.0
Anyone can help me ?
Thanks a lot in advance! :) -
well dhcp client renews based on its lease.. What is the time of your lease that your getting from your isp – if its only a couple of minutes.. Thats would would happen.
-
I don't know exactly what is the time of the lease but it could be 60 seconds. it doesn't matter if the DHCP client checks its IP every 60 seconds, even important, in a case where the IP is being changed the loss of internet will be short, but that makes several I/O operations and flood the logs.
I don't have my own modem behind Pfsense, it's my ISP's "freebox", which gather phone and internet (routing and wireless functions are obviously disabled)
How can I prevent dhclient modifying resolv.conf, I specify the DNS servers myself, Allow DNS server list to be overridden by DHCP/PPP on WAN is unchecked.
-
Perhaps you could contact your ISP and ask them? Yeah, setting lease time to absurdly low values will cause I/O and produce log noise…
-
I don't know if they will give me correct answers, they have a poor technical support
Is it the normal behaviour of dhclient to renew resolv.conf at the end of the lease time?
-
Hmmm yeah, poor support and idiotic settings. Kindly post the output of this:
tail -n 20 /var/db/dhclient.leases.* | grep dhcp-lease-time -
The output is :
$ tail -n 20 /var/db/dhclient.leases.* | grep dhcp-lease-time option dhcp-lease-time 600;I tried also a cat /var/db/dhclient.lases.*
The output is the following :
lease {
interface "re0";
fixed-address 82.250.119.XXX;
next-server 82.250.119.254;
option subnet-mask 255.255.255.0;
option routers 82.250.119.254;
option domain-name-servers 212.27.40.241,212.27.40.240;
option broadcast-address 82.250.119.255;
option dhcp-lease-time 600;
option dhcp-message-type 5;
option dhcp-server-identifier 82.250.119.254;
option dhcp-renewal-time 60;
option dhcp-rebinding-time 300;
renew 0 2015/8/30 12:55:57;
rebind 0 2015/8/30 12:59:57;
expire 0 2015/8/30 13:04:57;
} -
yeah my lease is 7200 seconds or 2 hours.. So about every hour it would renew.
Well that was an older lease.. Might be better to post the whole lease file for your wan nic
So for example the end of the file was old lease
My current lease is
lease {
interface "em0";
fixed-address 24.13.xx.xx;
option subnet-mask 255.255.248.0;
option routers 24.13.176.1;
option domain-name-servers 75.75.75.75,75.75.76.76;
option host-name "pfSense";
option domain-name "hsd1.il.comcast.net.";
option broadcast-address 255.255.255.255;
option dhcp-lease-time 345600;
option dhcp-message-type 5;
option dhcp-server-identifier 69.252.202.7;
renew 0 2015/8/30 15:07:27;
rebind 2 2015/9/1 03:07:27;
expire 2 2015/9/1 15:07:27;
}Which you can see has a long LEASE!!!
-
In my last edit of my previous post, I put the last lease but the file is full of leases and the date you can read at the end of each lease are diffrent of 1 minutes for all of them :
lease {
interface "re0";
fixed-address 82.250.119.XXX;
next-server 82.250.119.254;
option subnet-mask 255.255.255.0;
option routers 82.250.119.254;
option domain-name-servers 212.27.40.241,212.27.40.240;
option broadcast-address 82.250.119.255;
option dhcp-lease-time 600;
option dhcp-message-type 5;
option dhcp-server-identifier 82.250.119.254;
option dhcp-renewal-time 60;
option dhcp-rebinding-time 300;
renew 0 2015/8/30 12:53:57;
rebind 0 2015/8/30 12:57:57;
expire 0 2015/8/30 13:02:57;
}
lease {
interface "re0";
fixed-address 82.250.119.XXX;
next-server 82.250.119.254;
option subnet-mask 255.255.255.0;
option routers 82.250.119.254;
option domain-name-servers 212.27.40.241,212.27.40.240;
option broadcast-address 82.250.119.255;
option dhcp-lease-time 600;
option dhcp-message-type 5;
option dhcp-server-identifier 82.250.119.254;
option dhcp-renewal-time 60;
option dhcp-rebinding-time 300;
renew 0 2015/8/30 12:54:57;
rebind 0 2015/8/30 12:58:57;
expire 0 2015/8/30 13:03:57;
}
lease {
interface "re0";
fixed-address 82.250.119.XXX;
next-server 82.250.119.254;
option subnet-mask 255.255.255.0;
option routers 82.250.119.254;
option domain-name-servers 212.27.40.241,212.27.40.240;
option broadcast-address 82.250.119.255;
option dhcp-lease-time 600;
option dhcp-message-type 5;
option dhcp-server-identifier 82.250.119.254;
option dhcp-renewal-time 60;
option dhcp-rebinding-time 300;
renew 0 2015/8/30 12:55:57;
rebind 0 2015/8/30 12:59:57;
expire 0 2015/8/30 13:04:57;
} -
yeah all of those are really short LEASES!!!
See this
option dhcp-renewal-time 60;That is what is causing your problem… And your lease is only 600 seconds or 10 minutes anyway..
Seems like your isp is NUTS!!! Why they should need someone to renew or only have leases for those amounts of times is crazy.. Is this some sort of cell connection or wireless connection?
-
How can I change this ? Is it function or config file to override my ISP's dhcp leases ?
Seems like your isp is NUTS!!! Why they should need someone to renew or only have leases for those amounts of times is crazy.. Is this some sort of cell connection or wireless connection?
No I use my ADSL line (my ISP is "Free") not a game word :P
I'm agree, totally nuts
-
They have added some advanced stuff to dhcp client options.. And you can request stuff, etc.. But I have not had time to play with it.. I would not suggest over riding what they give you for a lease locally because they would just drop the lease on their end if not renewed.. And then someone else could get your same IP and that would cause problems
You can try requesting specific setting.. But if they do not comply you prob best to call them..
This is a FREE isp?? Anyone can use it? If so that might explain really really short leases – they have limited IP space and want to make sure if your not on you loose your IP..
-
Free is the name of my ISP, they have plenty IPs but they gives static IPs only for their subscribers located in areas where the telephone exchange is "dégroupé" means they have their own DSLAMs and I'm located where the telephone exchange is held by the historical ISP, so Free have decided to assign dynamic IP for customers which are not connected to their devices…
Their modem (at home) distribute the public IP for the first network card which ask it, so anything I connect on their modem will receive the same public IP (and there'll be a conflict) it's not a PPP connection on pfsense.
Of course I've disabled routing on their modem.I have the possibility to ask them a static IP, but I would prefer try to solve this issue using software. The other solution is to use a NAT behind pfsense but it's not very clean.
Do you have any idea to "hack" the dhcp leases ? Why do I get so much leases on /var/db/dhclient.leases.* ?
-
Your ISP are positively a bunch of clueless idiots. There are advanced settings for DHCP client, but I very much doubt they'll be honored. (By default, 7200 secs lease is requested when those advanced settings are untouched. You are getting 10 minutes and even 1 minute renewal time!!! Totally crazy!!! ISP => full retard!!!
-
Your ISP are positively a bunch of clueless idiots. There are advanced settings for DHCP client, but I very much doubt they'll be honored. (By default, 7200 secs lease is requested when those advanced settings are untouched. You are getting 10 minutes and even 1 minute renewal time!!! Totally crazy!!! ISP => full retard!!!
Indeed ;D
What about the field "Option modifiers" in advanced settings of WAN ? is there a way to override anyway the renewal ?
The perfect configuration would a large lease, and when the gateway is down within the lease, let dhclient trying to renew its lease. The IP address changes is on 24 hours after the modem has got the ADSL link, again a crazy rule
-
I think these are just useless for you. With this kind of settings, they'll hand out your "24hours" IP to anyone as soon as you fail to renew the lease on those preset idiotic intervals. Request a static IP or switch ISPs, I'd say.
-
Again you can not just go changing your end of what the dhcp server gave you.. If it gave you a lease of X and you tell your client no use Y that is longer than X your most likely going to run into problems.
As to why you might see more than one entry in leases.. Could be other dhcp servers.. Could be that you did a reboot or something of pfsense and just got a new lease vs renew of old one.. Lots of reasons.. I don't think there is any code to clean up that leases file ever? Guess you could do it manually if bothered you?
So I deleted everything in the file and then released and renewed my wan and now just show one lease
[2.2.4-RELEASE][root@pfSense.local.lan]/root: cat /var/db/dhclient.leases.em0
lease {
interface "em0";
fixed-address 24.13.x.x;
option subnet-mask 255.255.248.0;
option routers 24.13.x.x;
option domain-name-servers 75.75.75.75,75.75.76.76;
option host-name "pfSense";
option domain-name "hsd1.il.comcast.net.";
option broadcast-address 255.255.255.255;
option dhcp-lease-time 176803;
option dhcp-message-type 5;
option dhcp-server-identifier 69.252.202.7;
renew 1 2015/8/31 14:34:06;
rebind 2 2015/9/1 08:59:06;
expire 2 2015/9/1 15:07:28;
}
[2.2.4-RELEASE][root@pfSense.local.lan]/root: -
The history on those lease files is kept by design.
The DHCP client may decide after some period of time (see PROTOCOL TIMING) that it is not going to succeed in contacting a server. At that time, it consults its own database of old leases and tests each one that has not yet timed out by pinging the listed router for that lease to see if that lease could work. -
Done, now I have a static IP (it's been a while that I had to do it) I will disable DHCP on WAN, but the problem of short leases is still ongoing with pfsense.
@johnpoz No, every entry are (was) for the WAN.
-
What short leases? Shouldn't have your WAN set up as DHCP at all when your IP is static. You need to get rid of DHCP altogether with this ISP.
