Solved

DHCP clients get wrong DNS after setting up separate PXE boot server

Posted on 2013-07-01
17
2,874 Views
Last Modified: 2013-07-16
My Setup:
Router: Routerboard 1100hx2
RouterOS:version  6
 TFTP boot server running  in Ubuntu 12.04

I am trying to run FOG imaging solution .32. Everything works fine and I can PXE boot PC's and image PC's but sometimes other PC's on the network pull the wrong DNS, thus disconnecting them from Internet.  I guess this comes from running two DHCP servers on the same network. In my previous router DD-WRT this was fixed by adding DNSMasq options. This router is completely different.

I have tried setting the DHCP Server>nextserver to the address of my TFTP server (192.168.0.45). and the serverbootfile to pxelinux.0. I have not added any other settings. Also I have tried setting whatever DNS settings I could find in the configs of 192.168.0.45.
0
Comment
Question by:Jeff swicegood
  • 7
  • 4
  • 3
  • +1
17 Comments
 
LVL 5

Assisted Solution

by:d_nedelchev
d_nedelchev earned 500 total points
ID: 39293080
First you must set up the PXE server as proxyDHCP so that it wouldn't interfere with the other DHCP service on the subnet. You must modify your dhcp-range in the dnsmasq configuration file as follows:


# This range(s) is for the public interface, where dnsmasq functions
# as a proxy DHCP server providing boot information but no IP leases.
# Any ip in the subnet will do, so you may just put your server NIC ip here.
# Since dnsmasq is not providing true DHCP services, you do not want it
# handing out IP addresses.  Just put your servers IP address for the interface
# that is connected to the network on which the FOG clients exist.
# If this setting is incorrect, the dnsmasq may not start, rendering
# your proxyDHCP ineffective.

dhcp-range=192.168.0.45,proxy

Check out Using FOG with an unmodifiable DHCP server/ Using FOG with no DHCP server for more detailed information.

As for the DNS, I cannot say anything for certain, given the information available. But I'm pretty sure that if you set up your DHCP and proxyDHCP services correct you should have no wrong DNS settings served on your network.

Cheers.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 39293697
You should not run 2 dhcp servers on the same network, unless they are set to work together (failover etc).
To understand the interaction between PXE and DHCP servers, check my article and its comments:
http://www.experts-exchange.com/Networking/Misc/A_2978-PXEClient-what-is-it-for-Can-I-use-PXE-without-it.html
0
 
LVL 3

Expert Comment

by:rajeev2353
ID: 39295721
hi,

 you can enter this line to dhcp.conf file and run your fog by client system.

if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
   next-server Fog Server ip;
   filename "pxelinux.0";
 }
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 39296788
what rajeev2353 suggested will make ALL your PXE client  booting with pxelinux.0 from "Fog Server IP".
But this will NOT have an impact on the DNS settings that DHCP server sends.
In my opinion, you should remove all DNS settings from the PXE server and keep only the DNS settings that the DHCP Server sends to clients.
Also, the PXE server should not send IP config (including DNS, gateway) etc., just the Network Boot Program name and location (tftp server), along with specific PXE/Fog settings.
If you use dnsmasq as your PXE server, use d_nedelchev's advice, it is what you need.
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 39297765
Ok. I have set up proxyDHCP let me test it for a few days. Also where do I remove the DNS settings on the PXE server, dhcpd.conf?
0
 
LVL 5

Assisted Solution

by:d_nedelchev
d_nedelchev earned 500 total points
ID: 39298044
In a proxyDHCP scenario the general idea is that one DHCP server is auhoritative for the scope (doing what every DHCP server does), and another one acts as a proxyDHCP and provides only information required for BOOTP/PXE.

In this case the proxyDHCP server does not offer any IP address, subnet mask, default gateway, upstream DNS servers, etc. The proxyDHCP server only replies to clients with several options related strictly to the PXE service. So setting up the combination of DHCP and proxyDHCP correctly should be sufficient in your case.

See the following article: Preboot eXecution Environment -  proxyDHCP
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 39298173
What service acts as a proxyDHCP server ? dhcpd or dnsmasq ?
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 39298957
Dnsmasq.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 3

Expert Comment

by:rajeev2353
ID: 39298976
hi,
please see your dns enty in your dhcp.conf

and please send me dhcp.conf and dns cofiguration image.
0
 
LVL 5

Assisted Solution

by:d_nedelchev
d_nedelchev earned 500 total points
ID: 39299383
One more thing, that the last comment of  vivigatt ID: 39298173 reminded me of.

(In case you have configured the FOG server with DHCP when you first installed it.)

It is a good idea to remove the isc-dhcp-server service from the FOG machine, if you have not done so already. Just to be sure that nothing interferes with the dnsmasq service.

And just to check the proxyDHCP:
netstat -apn | grep -i 'dnsmasq'

You should see something like this:
udp        0      0 0.0.0.0:4011            0.0.0.0:*                           5559/dnsmasq
udp        0      0 0.0.0.0:67              0.0.0.0:*                           5559/dnsmasq
unix  2      [ ]         DGRAM                    16963    5559/dnsmasq

Open in new window

0
 
LVL 16

Expert Comment

by:vivigatt
ID: 39299633
Note that binding dnsmasq to UDP 4011 is useful ONLY if a dhcp service runs on the same host (but it can't really be a problem from the server's point of view. Now, from the client point of view, this is another story and my article explains it all). See my article http://www.experts-exchange.com/Networking/Misc/A_2978-PXEClient-what-is-it-for-Can-I-use-PXE-without-it.html to understand why.
0
 
LVL 3

Expert Comment

by:rajeev2353
ID: 39301213
hi,
what is your actual problem,
1. fog server dhcp       => if dhcp is in same host fog server ip enter in your dhcp file
2. dns                          => if dns not work please see your dns configuration( if this is in your system)
3. pxe boot               => fog client always runs by pxe-boot for image store.
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 39303299
Rajeev,

The problem id that fog dhcp was handing out dns settings (that didn't work) to clients that were not PXE booting.

d_nedelchev
netstat -apn | grep -i 'dnsmasq' output looks good. isc-dhcp-server is removed. But, after removing it, PXE clients get "TFTP open timeout."
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 39303329
Ok, problem solved. I had to uncomment "# enable tftp"

My ltsp.conf

# Sample configuration for dnsmasq to function as a proxyDHCP server,
# enabling LTSP clients to boot when an external, unmodifiable DHCP
# server is present.
# The main dnsmasq configuration is in /etc/dnsmasq.conf;
# the contents of this script are added to the main configuration.
# You may modify the file to suit your needs.

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Dnsmasq can also function as a TFTP server. You may uninstall
# tftpd-hpa if you like, and uncomment the next line:
# enable-tftp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# The boot filename.
dhcp-boot=pxelinux.0

# rootpath option, for NFS
dhcp-option=17,/images

# kill multicast
dhcp-option=vendor:PXEClient,6,2b

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Press F8 for boot menu", 3

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
pxe-service=X86PC, "Boot from network", pxelinux

# A boot service type of 0 is special, and will abort the
# net boot procedure and continue booting from local media.
pxe-service=X86PC, "Boot from local hard disk", 0

# If an integer boot service type, rather than a basename is given, then the
# PXE client will search for a suitable boot service for that type on the
# network. This search may be done by multicast or broadcast, or direct to a
# server if its IP address is provided.
# pxe-service=x86PC, "Install windows from RIS server", 1

# This range(s) is for the public interface, where dnsmasq functions
# as a proxy DHCP server providing boot information but no IP leases.
# Any ip in the subnet will do, so you may just put your server NIC ip here.
# Since dnsmasq is not providing true DHCP services, you do not want it
# handing out IP addresses.  Just put your servers IP address for the interface
# that is connected to the network on which the FOG clients exist.
# If this setting is incorrect, the dnsmasq may not start, rendering
# your proxyDHCP ineffective.
dhcp-range=192.168.0.45,proxy

# This range(s) is for the private network on 2-NIC servers,
# where dnsmasq functions as a normal DHCP server, providing IP leases.
# dhcp-range=192.168.0.20,192.168.0.250,8h

# For static client IPs, and only for the private subnets,
# you may put entries like this:
# dhcp-host=00:20:e0:3b:13:af,10.160.31.111,client111,infinite

Open in new window

0
 
LVL 1

Accepted Solution

by:
Jeff swicegood earned 0 total points
ID: 39303330
As far as the main problem, I will have to test it for a few days.
0
 
LVL 1

Author Comment

by:Jeff swicegood
ID: 39319190
Accidentally chose my own comment along with his.
0
 
LVL 1

Author Closing Comment

by:Jeff swicegood
ID: 39329128
I guess that solved it.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

How to fix error ""Failed to validate the vCentre certificate. Either install or verify the certificate by using the vSphere Data Protection Configuration utility" when you are trying to connect to VDP instance from Vcenter.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now