Incorrect subnet config broke DHCP

Started by OzziGoblin, March 22, 2025, 10:50:01 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 22, 2025, 10:50:01 AM
Hi
I had an unfortunate incident this evening, wasn't concentrating and changed one of the vlan subnets to use a /29 address range and had configured the available addresses to be x.x.x.2 - x.x.x.20  Not sure why but this broke the network and it took me a while to determine that DHCP was broken.
Once I discovered that I was able to get into the console and troubleshoot.

Is this a bug????

I don't mean to raise issues that aren't but I didn't expect it to break DHCP.

Thanks
March 22, 2025, 11:31:56 AM #1
Quote from: OzziGoblin on March 22, 2025, 10:50:01 AMuse a /29 address range and had configured the available addresses to be x.x.x.2 - x.x.x.20

How is this supposed to work? A /29 is 8 addresses, 6 of which are usable.

x.x.x.0 ... x.x.x.7. 1 - 6 usable.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 22, 2025, 11:47:16 AM #2
As Patrick said.

You basically committed a violation, this is not a BUG.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
March 22, 2025, 08:56:57 PM #3
My Appologies everyone, I know the configuration error is entirely my fault, I've only known OpnSense to be extremely reliable and robust and all errors I've experienced have been of my own making.

My surprise though, was that a misconfiguration of 1 of the DHCP scopes, broke the DHCP service and renedered the firewall unable to assign any IP on the remaining 5 scopes I have configured.  I would have expected it to be confined the misconfigured scope, and that's why I wondered if it was a bug.

Sorry
March 23, 2025, 02:29:32 AM #4
Did it crash the DHCP server?
Did you check if it was still running?
March 23, 2025, 10:19:16 AM #5
HI, the DHCP service wouldn't start while the configuration was incorrect.

It took me a while to figure out what was wrong but easy to fix once I assigned a static IP to my computer and connected to the console.
March 23, 2025, 11:51:25 AM #6 Last Edit: March 24, 2025, 07:30:03 AM by Patrick M. Hausen
You are right in your expectation that a misconfiguration in one "instance" of DHCP should not break it for all other interfaces.

Unfortunately most Unix services have been written in a way that there are actually no separate instances. At startup the server reads the configuration file. Sendmail, BIND, Unbound, DHCPd, ...

And if there is a syntax error or a semantic misconfiguration aywhere, it simply refuses to start.

Fail early, fail hard was the mantra of the day. And it still has some relevenace. Picture a typo in a certain parameter in a database configuration. And also that this parameter is necessary or your data will be destroyed. What's better? The database silently ignoring unknown options or aborting startup because of them?

Big problem with things that rely on YAML like e.g. Ansible. Misplace an indentation or make a typo - that will not produce a syntax error, it's still valid YAML. And Ansible will just silently ignore anything in the dictionary that the plays do not explicitly use. Have fun debugging that 🙂
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 24, 2025, 06:31:29 AM #7
thanks for that feedback, I'll have to be more careful now that I know that :-)
March 24, 2025, 08:29:55 PM #8
It still means the server went from running to reloading config to stopping.
The server no longer starting was a clue. I wonder if there were more clues in the logs wrt the mismatch.
Print
Go Up Pages1
User actions