DNS Forwarder on CARP doesn't register hostname in DHCP lease on secondary



  • I have two pfsense 2.1 systems running CARP for failover. When a host obtains a DHCP lease, it's name is only being registered in one of the two dhcp servers. Is this by design, a misconfiguration on my part, or a bug?

    Since both servers are answering DHCP requests, this means that one server has a subset of registered names, the other has the converse (it's not perfect, there's some overlap, not sure why).

    If DNS requests go to the VIP, then they only have access to some of the names, the ones that are on the CARP master.

    Is there a reason that the names aren't registered in both DHCP servers?



  • I hate to "bump" questions.

    I would assume that everyone running CARP and dual routers is seeing this same issue. Only one DHCP server serves each request so only one DNS forwarder has current host name information.

    Anyone have any ideas? Is mine not working correctly, or is this just the way it works, and you can't hope to resolve all your hostnames through DNS forwarder?


  • Rebel Alliance Developer Netgate

    Do you have DHCP failover configured? (e.g. both master and slave have the failover IP set to be the peer's address in that subnet)

    They should be exchanging their lease databases in that case so they both know about all leases.

    You'd see a failover status on Status > DHCP Leases for each subnet if you have it setup correctly.



  • Thanks for the response.

    I have the old setup torn down. I did set up DHCP failover, and the leases would be registered in the peer. But the DNS name would NOT be sent to the forwarder.

    I am setting CARP up again from scratch on two new systems. I'll see if I can get it to work with this new, clean install. If I have the same issue, I'll come back here with the details and leave it up so I can answer detailed questions.

    Again, thanks.



  • Did you ever get this resolved?  I have been having the same problem.  The leases get transferred between the machines, but not the hostnames.



  • @prices:

    Did you ever get this resolved?  I have been having the same problem.  The leases get transferred between the machines, but not the hostnames.

    I did NOT ever find a solution to this.

    I have stepped away from CARP at the moment and gone with a dedicated, non-redundant pfSense install on a dual-atom platform.



  • That's too bad.  I am still looking for a solution.  I guess I will keep looking.



  • I just set this up. I am puzzled that the hostname column of the Status:DHCP Leases page on the master is blank. But DNS lookups of DHCP hostnames does work on both firewalls.



  • I'm having this issue still, and the consequences are very frustrating.

    DHCP leases given out by either machine ARE transferred to the other but without the hostname. As a consequence I can only ping (or remote into) hosts by name that have a lease given out by the primary server. Hosts with leases given out by the secondary server aren't available because the DNS lookups go to the primary server (which doesn't have hostnames for the DHCP leases given out by the secondary server).

    How do we contact the developer of that functionality to get this fixed. I'm hoping it's a simple mistake in the code somewhere.

    …or failing that could anyone give me pointers to where I might find the code to attempt to locate the source of the issue myself?

    Thanks,
    Colin



  • Not sure how I missed this thread before, and hadn't noticed this myself until now. People who use HA generally have a requirement for a full blown name server, or strictly use DHCP reservations, which is why aside from a few in this thread, it hadn't been noticed.

    The root of this issue is ISC dhcpd doesn't send the client-hostname to its peer(s). So each system knows only about the hostnames on leases it issued.

    I opened a bug.
    https://redmine.pfsense.org/issues/4061

    Likely need to get dhcpd fixed upstream. If it's easy to patch, we could patch ours in the mean time.

    You're definitely welcome to dig into it. Beyond a cursory review, we're likely not going to be able to do anything in depth on that until post-2.2. I didn't spend a lot of time looking, so some further searching may be productive.



  • @cmb  Thank you for the incredibly fast response. I wasn't expecting a reply so quickly.

    I was planning on switching to static IP's at some point anyway, I guess I'll just have to do it sooner :)

    I did try to take a look, but didn't know where to begin. I managed to fix a bug in the IPFire OS, but I think this one is going to be beyond me.  :'(

    Thanks again  :D



  • Can just make them DHCP reservations in the mean time. Status>DHCP leases, hit the + next to each to add as a static mapping. Though static mappings must be outside the DHCP scope, so it might require a bit of juggling around if you need the IPs to stay the same (or you can just remove that input validation if you want, it'll behave how you need it to in this circumstance, though it won't in many others). The hostnames in the static mappings will resolve correctly on both systems.



  • Hello!
    Has it been any news on this subject?
    I'm having the same problem in my workplace.

    Thanks!



  • I'm seeing the same issue, however it looks like this may have been fixed upstream as of isc-dhcpd version 4.3.5:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810971
    https://lists.isc.org/pipermail/dhcp-users/2016-October/020331.html

    Is it possible as an end user to update and try the new version to see if it fixes the issue?



  • Sorry for the bump, but this thread describes exactly our issue as well

    Has anyone found a workaround for this? If there was a way to get the DNS Resolver to query the master and the slave then i'd be fine with that until isc-dhcp is able to sync the client-hostnames properly, but i couldn't get it to work for me unfortunately


  • Rebel Alliance Developer Netgate

    The hostnames sync properly on 2.4. I haven't tried 2.3.3-p1 but they use the same version of the ISC DHCP server so it should work there, too.



  • Thanks jimp! We are running 2.3.3-p1 and it unfortunately does not appear to work as expected. Do you know of any up to date documentation for setting up DHCP/DDNS specifically in a HA environment, seems some of the config fields are a bit ambiguous and it is entirely possible I set it up incorrectly? I've been using pfSense for years, but this is the first time trying to setup DHCP/DDNS with dual WAN + HA and it's been more difficult than every other aspect of pfSense I've had experience with! I'm hesitant to upgrade to 2.4 on production machines and rather use that as a last resort if I can't get it to work on 2.3.3


  • Rebel Alliance Developer Netgate

    None of that should matter, it hasn't changed in years.

    As long as you have the failover peers configured and the two nodes show a proper normal/normal pool status that should be good enough.



  • We have been using CARP in a HA availability setup for years and have always had the same problem. The hostname is registered on one host but not the other. We have failover peers configured and a normal/normal pool status. We have been using a workaround which has it's own problems. I recently removed the workaround and we are still seeing the same issue. We are running 2.4.3_1. We would love to see a resolution to the problem.


  • Netgate

    The solution is right there. Set up a DDNS server off the firewall and have both nodes update that.

    Locking this ancient thread.


Locked