DHCP sometimes gives real DNS server IP, not local DNS forwarder IP



  • 2.1-BETA0 (i386)
    built on Sun Nov 4 18:14:57 EST 2012
    FreeBSD 8.3-RELEASE-p4

    Lately (a few weeks maybe) I have noticed that DHCP clients sometimes get the actual DNS servers from DHCP, and not the LAN address (the DNS Forwarder). I "ipconfig/release" then "ipconfig /renew" and it comes good. It always gets the LAN address as the DHCP server and the correct IP address that has been statically mapped in the pfSense DHCP server, so I don't think there is another DHCP server accidentally on the LAN.

    The DHCP log looks fine, but it doesn't log all the parameters it gave out:

    Nov 9 09:47:58 	dhcpd: DHCPINFORM from 10.49.80.164 via vr0
    Nov 9 09:47:58 	dhcpd: DHCPACK to 10.49.80.164 (84:2b:2b:87:4f:63) via vr0
    Nov 9 09:49:07 	dhcpd: DHCPINFORM from 10.49.80.164 via vr0
    Nov 9 09:49:07 	dhcpd: DHCPACK to 10.49.80.164 (84:2b:2b:87:4f:63) via vr0
    Nov 9 09:51:48 	dhcpd: DHCPDISCOVER from 00:16:e6:0f:9e:48 via vr0
    Nov 9 09:51:48 	dhcpd: DHCPOFFER on 10.49.80.159 to 00:16:e6:0f:9e:48 via vr0
    Nov 9 09:51:48 	dhcpd: DHCPREQUEST for 10.49.80.159 (10.49.80.250) from 00:16:e6:0f:9e:48 via vr0
    Nov 9 09:51:48 	dhcpd: DHCPACK on 10.49.80.159 to 00:16:e6:0f:9e:48 via vr0
    Nov 9 09:53:12 	dhcpd: DHCPRELEASE of 10.49.80.164 from 84:2b:2b:87:4f:63 via vr0 (not found)
    Nov 9 09:53:16 	dhcpd: DHCPDISCOVER from 84:2b:2b:87:4f:63 via vr0
    Nov 9 09:53:16 	dhcpd: DHCPOFFER on 10.49.80.164 to 84:2b:2b:87:4f:63 via vr0
    Nov 9 09:53:16 	dhcpd: DHCPREQUEST for 10.49.80.164 (10.49.80.250) from 84:2b:2b:87:4f:63 via vr0
    Nov 9 09:53:16 	dhcpd: DHCPACK on 10.49.80.164 to 84:2b:2b:87:4f:63 via vr0
    Nov 9 09:53:23 	dhcpd: DHCPINFORM from 10.49.80.164 via vr0
    Nov 9 09:53:23 	dhcpd: DHCPACK to 10.49.80.164 (84:2b:2b:87:4f:63) via vr0
    Nov 9 09:54:21 	dhcpd: DHCPRELEASE of 10.49.80.164 from 84:2b:2b:87:4f:63 via vr0 (not found)
    Nov 9 09:54:24 	dhcpd: DHCPDISCOVER from 84:2b:2b:87:4f:63 via vr0
    Nov 9 09:54:24 	dhcpd: DHCPOFFER on 10.49.80.164 to 84:2b:2b:87:4f:63 via vr0
    Nov 9 09:54:24 	dhcpd: DHCPREQUEST for 10.49.80.164 (10.49.80.250) from 84:2b:2b:87:4f:63 via vr0
    Nov 9 09:54:24 	dhcpd: DHCPACK on 10.49.80.164 to 84:2b:2b:87:4f:63 via vr0
    

    This is "ipconfig/all" when I have the problem:

    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : 84-2B-2B-87-4F-63
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::2c13:66c:8e7c:1ccd%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.49.80.164(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Friday, November 09, 2012 9:51:34 AM
       Lease Expires . . . . . . . . . . : Friday, November 09, 2012 11:51:34 AM
       Default Gateway . . . . . . . . . : 10.49.80.250
       DHCP Server . . . . . . . . . . . : 10.49.80.250
       DHCPv6 IAID . . . . . . . . . . . : 243542827
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CE-CD-D4-84-2B-2B-87-4F-63
    
       DNS Servers . . . . . . . . . . . : 208.67.222.222
                                           208.67.220.220
       NetBIOS over Tcpip. . . . . . . . : Enabled
    

    and after release/renew:

    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . : ibp.infn
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : 84-2B-2B-87-4F-63
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::2c13:66c:8e7c:1ccd%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.49.80.164(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Friday, November 09, 2012 9:52:43 AM
       Lease Expires . . . . . . . . . . : Friday, November 09, 2012 11:52:43 AM
       Default Gateway . . . . . . . . . : 10.49.80.250
       DHCP Server . . . . . . . . . . . : 10.49.80.250
       DHCPv6 IAID . . . . . . . . . . . : 243542827
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CE-CD-D4-84-2B-2B-87-4F-63
    
       DNS Servers . . . . . . . . . . . : 10.49.80.250
       NetBIOS over Tcpip. . . . . . . . : Enabled
    

    Has anyone else noticed this?
    I know there have been changes in some of the DHCP or DNS stuff lately - but maybe that was just the DHCP client that pfSense uses to get an IP address on WAN etc.
    Is it maybe something to do with DHCP not always knowing if DNS Forwarder is enabled/running?


  • LAYER 8 Global Moderator

    You notice there is no specific dns suffix when you get other dns servers.

    I would sniff the traffic actually and verify that server is sending bad and not sending missing info.

    This will also verify its not a different dns server since you will see the mac in the sniffs of the dhcp server your talking to.

    I am running
    2.1-BETA0 (i386)
    built on Fri Nov 2 10:50:45 EDT 2012
    FreeBSD 8.3-RELEASE-p4

    And have never seen such an issue - curious why such a low lease time? 2 hours seems a bit low unless you change information often?


Log in to reply