I've read a small number of blogs with admins leveraging DNSProxy to respond to DHCP clients with additional options (such as PXE) without having to do any configuration on the primary DHCP server.
On my home network, I really just want to leave the default DHCP service on my orbi router alone and let it do what it normally does without having to hack it or modify it in any way.
Ideally, I'd be able to run a linux host on my network with DNSMasq and a TFTP server to respond to PXE boot. I've tried this on Ubuntu and Rocky Linux and I can't seem to figure out why dnsmasq doesn't respond.
The Orbi router is 192.168.1.254 and the PXE/TFTP/DNSMasq box is 192.168.1.17
This is my configuration in dnsmasq:
$ cat /etc/dnsmasq.conf conf-dir=/etc/dnsmasq.d port=0 log-dhcp log-queries interface=enp1s0,lo # DHCP Proxy dhcp-range=192.168.1.0,proxy,255.255.255.0 # PXE dhcp-boot=pxelinux,,192.168.1.17 # TFTP Options tftp-root=/var/lib/tftpboot No matter what I try, it seems that booting up a node doesn't get a response for PXE boot / boot from network...
From the logs, I can see that DNSMasq is intercepting the DHCP request broadcast packets as it logs a message when the request is made (last line):
$ sudo journalctl -efu dnsmasq -- Logs begin at Mon 2021-07-12 22:25:44 EDT. -- Jul 12 22:48:28 localhost.localdomain systemd[1]: Started DNS caching server.. Jul 12 22:48:28 localhost.localdomain dnsmasq[5229]: started, version 2.79 DNS disabled Jul 12 22:48:28 localhost.localdomain dnsmasq[5229]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify Jul 12 22:48:28 localhost.localdomain dnsmasq-dhcp[5229]: DHCP, proxy on subnet 192.168.1.0 Jul 12 22:48:35 localhost.localdomain dnsmasq-dhcp[5229]: 3411263825 available DHCP subnet: 192.168.1.0/255.255.255.0 Trying to do some basic debugging... I'm logging into another linux box (192.168.1.80) to use nmap for testing dhcp and I can't seem to get the additional DHCP options from the DNSMasq box:
$ sudo nmap --script broadcast-dhcp-discover -e eth0 Starting Nmap 7.80 ( https://nmap.org ) at 2021-07-13 02:26 UTC Pre-scan script results: | broadcast-dhcp-discover: | Response 1 of 1: | IP Offered: 192.168.1.21 | DHCP Message Type: DHCPOFFER | Server Identifier: 192.168.1.254 | IP Address Lease Time: 1d00h00m00s | Subnet Mask: 255.255.255.0 | Router: 192.168.1.254 |_ Domain Name Server: 192.168.1.254 WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 1.10 seconds When I run tcpdump from the DNSMasq box, I can see a packet being broadcasted from the test box (first packet below) and a response from the router (second packet) but not from the DNSMasq box's IP address:
$ sudo tcpdump -i enp1s0 port 67 or port 68 -e -n dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp1s0, link-type EN10MB (Ethernet), capture size 262144 bytes 22:26:49.849265 dc:a6:32:64:61:49 > Broadcast, ethertype IPv4 (0x0800), length 358: 192.168.1.80.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from de:ad:c0:de:ca:fe, length 316 22:26:50.138984 78:d2:94:50:e9:12 > Broadcast, ethertype IPv4 (0x0800), length 342: 192.168.1.254.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 Not sure what I'm doing wrong and perhaps this is not the right way to do what I am trying to do. Any advice would be greatly appreciated.
