DHCP sometimes gives real DNS server IP, not local DNS forwarder IP

phil.davis

2.1-BETA0 (i386)
built on Sun Nov 4 18:14:57 EST 2012
FreeBSD 8.3-RELEASE-p4

Lately (a few weeks maybe) I have noticed that DHCP clients sometimes get the actual DNS servers from DHCP, and not the LAN address (the DNS Forwarder). I "ipconfig/release" then "ipconfig /renew" and it comes good. It always gets the LAN address as the DHCP server and the correct IP address that has been statically mapped in the pfSense DHCP server, so I don't think there is another DHCP server accidentally on the LAN.

The DHCP log looks fine, but it doesn't log all the parameters it gave out:

Nov 9 09:47:58 	dhcpd: DHCPINFORM from 10.49.80.164 via vr0
Nov 9 09:47:58 	dhcpd: DHCPACK to 10.49.80.164 (84:2b:2b:87:4f:63) via vr0
Nov 9 09:49:07 	dhcpd: DHCPINFORM from 10.49.80.164 via vr0
Nov 9 09:49:07 	dhcpd: DHCPACK to 10.49.80.164 (84:2b:2b:87:4f:63) via vr0
Nov 9 09:51:48 	dhcpd: DHCPDISCOVER from 00:16:e6:0f:9e:48 via vr0
Nov 9 09:51:48 	dhcpd: DHCPOFFER on 10.49.80.159 to 00:16:e6:0f:9e:48 via vr0
Nov 9 09:51:48 	dhcpd: DHCPREQUEST for 10.49.80.159 (10.49.80.250) from 00:16:e6:0f:9e:48 via vr0
Nov 9 09:51:48 	dhcpd: DHCPACK on 10.49.80.159 to 00:16:e6:0f:9e:48 via vr0
Nov 9 09:53:12 	dhcpd: DHCPRELEASE of 10.49.80.164 from 84:2b:2b:87:4f:63 via vr0 (not found)
Nov 9 09:53:16 	dhcpd: DHCPDISCOVER from 84:2b:2b:87:4f:63 via vr0
Nov 9 09:53:16 	dhcpd: DHCPOFFER on 10.49.80.164 to 84:2b:2b:87:4f:63 via vr0
Nov 9 09:53:16 	dhcpd: DHCPREQUEST for 10.49.80.164 (10.49.80.250) from 84:2b:2b:87:4f:63 via vr0
Nov 9 09:53:16 	dhcpd: DHCPACK on 10.49.80.164 to 84:2b:2b:87:4f:63 via vr0
Nov 9 09:53:23 	dhcpd: DHCPINFORM from 10.49.80.164 via vr0
Nov 9 09:53:23 	dhcpd: DHCPACK to 10.49.80.164 (84:2b:2b:87:4f:63) via vr0
Nov 9 09:54:21 	dhcpd: DHCPRELEASE of 10.49.80.164 from 84:2b:2b:87:4f:63 via vr0 (not found)
Nov 9 09:54:24 	dhcpd: DHCPDISCOVER from 84:2b:2b:87:4f:63 via vr0
Nov 9 09:54:24 	dhcpd: DHCPOFFER on 10.49.80.164 to 84:2b:2b:87:4f:63 via vr0
Nov 9 09:54:24 	dhcpd: DHCPREQUEST for 10.49.80.164 (10.49.80.250) from 84:2b:2b:87:4f:63 via vr0
Nov 9 09:54:24 	dhcpd: DHCPACK on 10.49.80.164 to 84:2b:2b:87:4f:63 via vr0

This is "ipconfig/all" when I have the problem:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 84-2B-2B-87-4F-63
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2c13:66c:8e7c:1ccd%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.49.80.164(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, November 09, 2012 9:51:34 AM
   Lease Expires . . . . . . . . . . : Friday, November 09, 2012 11:51:34 AM
   Default Gateway . . . . . . . . . : 10.49.80.250
   DHCP Server . . . . . . . . . . . : 10.49.80.250
   DHCPv6 IAID . . . . . . . . . . . : 243542827
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CE-CD-D4-84-2B-2B-87-4F-63

   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled

and after release/renew:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : ibp.infn
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 84-2B-2B-87-4F-63
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2c13:66c:8e7c:1ccd%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.49.80.164(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, November 09, 2012 9:52:43 AM
   Lease Expires . . . . . . . . . . : Friday, November 09, 2012 11:52:43 AM
   Default Gateway . . . . . . . . . : 10.49.80.250
   DHCP Server . . . . . . . . . . . : 10.49.80.250
   DHCPv6 IAID . . . . . . . . . . . : 243542827
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CE-CD-D4-84-2B-2B-87-4F-63

   DNS Servers . . . . . . . . . . . : 10.49.80.250
   NetBIOS over Tcpip. . . . . . . . : Enabled

Has anyone else noticed this?
I know there have been changes in some of the DHCP or DNS stuff lately - but maybe that was just the DHCP client that pfSense uses to get an IP address on WAN etc.
Is it maybe something to do with DHCP not always knowing if DNS Forwarder is enabled/running?

johnpoz

You notice there is no specific dns suffix when you get other dns servers.

I would sniff the traffic actually and verify that server is sending bad and not sending missing info.

This will also verify its not a different dns server since you will see the mac in the sniffs of the dhcp server your talking to.

I am running
2.1-BETA0 (i386)
built on Fri Nov 2 10:50:45 EDT 2012
FreeBSD 8.3-RELEASE-p4

And have never seen such an issue - curious why such a low lease time? 2 hours seems a bit low unless you change information often?