Incorrect DNS servers being assigned to static clients

nem3515

Hello all,

I am using PFsense 2.1 for a small school's Gateway/DHCP/content filter.

I have Snort, Squid and DansGaurdian packages installed and configured.

I have a single LAN interface configured as 10.0.0.1/16

I have a DHCP Pool to hand out addresses in the range of 10.0.5.0-10.0.6.255. This pool assigns OpenDNS dns servers for an additional layer of content filtering on top of DanGaurdian.

For the staff members, I statically assign them an IP in the range of 10.0.3.1-10.0.3.255.  This range is excluded from filtering in DansGaurdian.  When I create a static assignment, I enter in Google's DNS server (8.8.8.8) for the first DNS server and the PFSense box for the second DNS server so staff computers can look up local host names.  DNS Forwarding is enabled and set to register DHCP leases and static mappings; PFsense General DNS settings point to Google's servers (8.8.8.8 and 8.8.4.4). The problem is that a few of the statically assigned clients are given the OpenDNS DNS servers from the DHCP pool.  Most of the the static clients are fine, receiving the DNS servers I statically defined.  I have tried deleting and recreating the static entries for the problem clients but that hasn't helped. Rebooting the clients, Ipconfig /release renew. rebooting the PFSense box. Nothing has helped so far.

The only thing that has kind of worked is when I manually set the DNS servers in the IP4 settings for the interface in the problem client and then set it back to automatically obtain DNS server from DHCP.  For some reason, the client got the correct DNS servers. I then did a ipconfig /release and then /renew and the client once again got the OpenDNS DNS servers.

Any help is appreciated.

kb1ujs

I am having a similar issue where DNS server assignments in static IP reservations are not being honored.  The client in question gets the router IP when DNS forwarding is enabled and the defaults set on the General page when I turn DNS forwarding off.

Ken

kb1ujs

@kb1ujs:

I am having a similar issue where DNS server assignments in static IP reservations are not being honored.  The client in question gets the router IP when DNS forwarding is enabled and the defaults set on the General page when I turn DNS forwarding off.

Ken

I would be more than willing to provide more information about this issue to someone if they would like to look at this issue for me.

Ken

phil.davis

Have a look in /var/dhcpd/etc/dhcpd.conf
See if the domain-name-servers are listed for the various static-mapped entries, similar to what my system can generate below:

host s_lan_35 {
        hardware ethernet 00:0d:b9:24:58:b5;
        fixed-address 10.49.80.154;
        option host-name "Phil-pfSense-Test-02";
        option domain-name-servers 10.49.80.123,10.49.80.134;
}

At least then we will know if there is an issue getting the GUI settings through to config.xml and then dhcpd.conf, or if the issue is with dhcpd not implementing dhcpd.conf settings for some reason.

kb1ujs

Thanks for the response.  I created a static entry with Google's DNS servers defined and was able to find the entry in /var/dhcpd/etc/dhcpd.conf.  I get this entry:

host s_lan_107 {
        hardware ethernet 00:26:18:fb:79:81;
        fixed-address 10.0.9.1;
        option host-name "corei7";
        option domain-name-servers 8.8.8.8,4.4.4.4;

which appears to match what you posted.

When the network on the machine in question is restarted, it picks up the new IP assigned by the static mapping but doesn't get the DNS servers.

Ken

johnpoz

Just as a sanity check - the client is actually set to get its dns from dhcp..  You do know that dns can be set statically even when the IP and mask and gateway are gotten from dhcp.

I did an edit of one of my static dhcp entries via the gui..

host s_lan_2 {
        hardware ethernet 18:03:73:b1:0d:d3;
        fixed-address 192.168.1.100;
        option host-name "i5-w7";
        option routers 192.168.1.253;
        option domain-name-servers 8.8.8.8,8.8.4.4;

Then set this client to be dhcp.. and I have to agree not getting the new dns settings.. even restarted dhcpd on pfsense.

running
2.1-RELEASE (i386)
built on Wed Sep 11 18:16:50 EDT 2013
FreeBSD 8.3-RELEASE-p11

So I have duplicated the problem..  Hmmm strange..  Clearly the option is set in the .conf file and restarted dhcpd.

kb1ujs

To throw another wrinkle into this, it seems to be OS dependent.  My OSX 10.8 clients are getting the proper DNS assignment if I make a static entry for them and set different DNS servers for them.  The problem client is a Windows 7 Pro machine.

John, the Windows box is set to get its DNS from DHCP.  I thought the same thing and went back in just now to check.

Ken

johnpoz

have to do a sniff and see what is in the offer packet..  Maybe it is client related - my testing was on a w7 x64bit ultimate box.

johnpoz

Ok this really looks like client issue to me - I checked the dhcp over via a sniff, and clearly the googledns are offered but the client uses the old setting it had??

I am going to try changing it to say .254 or something vs offering 2 of them. And some other things - but from this below sniff how is it not the client?

johnpoz

ok odd – if you release and renew get whats in the overall scope - even though I didn't even see that offered in the sniff..  But then when you do /renew you get what was in the offer packet?

something in the client to me..