OPNsense Forum

Hi,

I migrated my configuration to Dnsmasq, but I am experiencing some annoyances. There are implicit side-effects of, now legacy, ISC dhcp server configuration, which are hard to track. Even when it is disabled.

1. Neighbors: Static assignments are still being applied from the ISC configuration, even though ISC is disabled and the interfaces are now managed by Dnsmasq. However, Dnsmasq does not apply its own static assignments. ISC has a "static ARP" option.

2. When "Register ISC DHCP4 Leases" is enabled in Unbound, it still overwrites the local domain settings even though ISC itself is disabled. After migrating to Dnsmasq, local hostnames start returning NXDOMAIN. This happens even when "Query Forwarding" for local domains is configured correctly. It works for a few seconds after restarting Unbound, but once a "sync" from the (disabled) ISC service occurs, it begins returning NXDOMAIN again.

First issue can partially be workaround by manually clearing ISC configuration, but this shouldn't be necessary if it is disabled. Partially, because it wouldn't apply static assignments from Dnsmasq.

Likewise, second issue can be workaround by not setting "Register ISC DHCP4 Leases", which is fair, but there should be checks if source of this information (ISC) is actually used/valid. It took me quite some time to find that this option was the culprit.

- Kacper

The first issue just needs a reboot, then the static arp flag will be removed from interfaces it has been set on.

https://github.com/opnsense/core/issues/9838

Quote from: Monviech (Cedrik) on Today at 11:16:14 AMThe first issue just needs a reboot, then the static arp flag will be removed from interfaces it has been set on.

https://github.com/opnsense/core/issues/9838

Static assignments remain persistent, even after reboot.

EDIT: Even removing the ISC plugin and rebooting, doesn't help.

Can you share your interface flags:

ifconfig igc0
(change the interface name in the command to the one that had static arp entries)

If you are still able to recreate the issue you had before fixing it that is.

Trimmed to single entry. Note that the "static arp" on the interface was not enabled/checked. The static assignments are the issue in my case.

root@OPNsense:~ # ifconfig vmx0_vlan10
vmx0_vlan10: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: IoT (opt2)
        options=4000000<MEXTPG>
        ether <mac>
        inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
        groups: vlan
        vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: vmx0
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@OPNsense:~ # arp -a
? (192.168.10.100) at <mac> on vmx0_vlan10 permanent [vlan]

This is caused by this entry, in ISC DHCP interface options.
(https://0x0.st/s/fWm3fdg9C3u5F99HfXDO0A/PQWY.png)
And resulting mapping here, from permanent arp entry.
(https://0x0.st/s/cFah1tE1GKSwZkFey4Wo5w/PQW4.png)

If theres still issues please post in the github issue with your findings.

To some degree I understand the problem at hand but I'm wondering why you find your manually configured static ARP entries suboptimal? Are you still using ISC? Do you need these static entries? You could also remove the MAC address which would make them not feed into the Neighbor table.


Cheers,
Franco

Quote from: franco on Today at 01:25:52 PMTo some degree I understand the problem at hand

I think you are missing the point here.

Quote from: franco on Today at 01:25:52 PMbut I'm wondering why you find your manually configured static ARP entries suboptimal?

Because, I don't want them "anymore". The configuration page for them is NOT accessible when ISC is disabled. I need to disable Dnsmasq for the given interface, to access this configuration again.

All I need is static DHCP assignments, with ISC static arp was bonus on top.

Quote from: franco on Today at 01:25:52 PMAre you still using ISC?

No. That is the point.

Quote from: franco on Today at 01:25:52 PMDo you need these static entries?

No. But after disabling ISC, it is not clear where they are coming from and how to remove those entries. UI elements are completely not available, even more so if you remove the ISC DHCP plugin completely.

Quote from: franco on Today at 01:25:52 PMYou could also remove the MAC address which would make them not feed into the Neighbor table.

I know how to workaround the issue, but once ISC is disabled it is no longer possible, without reenabling it (at least temporary). It makes stale configuration, no longer accessible from user interface to affect the arp table.

EDIT: and ofc, on top of that there is the fact that static arp is not possible with ISC alternatives, currently.

> Because, I don't want them "anymore". The configuration page for them is NOT accessible when ISC is disabled.

Point taken. I was thrown off by the screenshot of the static mappings ISC DHCP page in your first post...

> No. That is the point.

True, but ISC plugin also isn't removed unless I'm mistaken here as well.

Incidentally I proposed the following change so that the ISC page is accessible again as long as the plugin is installed:

https://github.com/opnsense/core/pull/9755



Cheers,
Franco