iPXE discussion forum

Full Version: ISC DHCP / HTTP Issues
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi everyone,

To preface, i had my setup working fine with dnsmasq and ipxe via debian. However, dnsmasq is not usable for other scenarios specific to me so I switched over to ISC DHCP.

Following the chainload example, I am using the user-class to to prevent boot loops however it seems the file is not being handled out correctly and I do not understand why, maybe somebody could help or take a look at my config?

Currently what occurs:
-Client boots and runs PXE
-DHCP assigns correctly
-IPXE is loaded
-IPXE configures net0 properly
-IPXE displays "Nothing to boot: No such file or directory"

and my /etc/dhcp/dhcpd.conf is as follows:
Code:
default-lease-time 600;
max-lease-time 7200;

allow booting;

subnet 10.0.0.0 netmask 255.255.255.0 {
  range 10.0.0.81 10.0.0.100;
  option broadcast-address 10.0.0.255;
  option routers 10.0.0.1;             # our router
  option domain-name-servers 10.0.0.1; # our router, again
  if exists user-class and option user-class = "iPXE" {
      filename "undionly.kxpe";
  } else {
      filename "undionly.kpxe";
  }
}

based on what I can see it almost seems like iPXE is not getting the http path to the file however it's also not falling into an infinite loop so it's not reading the filename directive a second time. I am guessing this is a dumb configuration mistake on my behalf, I'd appreciate any help.
I know the official page shows user-class and vendor class, but consider using iPXE specific options instead,
Take a look at https://gist.github.com/robinsmidsrod/4008017

In your current config I can't see any next-server ?
But when in doubt use tcpdump to see what is actually sent on the wire?
As NiKiZe mentioned: You're missing a couple of entries...

The next-server (DHCP Option 66) entry is missing (the address of your TFTP Server); because this entry is missing, PXE will fail everytime, usually with a PXE Error 78.

The root-path (DHCP Option 17) entry is missing (your web server) - if doing http via iPXE directly.
Thank you both. So my config was indeed bad but the issue is actually bigger, you see, my modem is also acting forcefully as a DHCP server (because it has router functionality) and this was replying to the DNS requests in addition to my PXE server. I discovered this with wireshark (as suggested above)... it became evident quickly. Normal PXE is grabbing the right gateway and then loading the iPXE chainload but then iPXE is grabbing the details from the incorrect DHCP server.

As a result the second and final request for the file is replied to by both my ISC-DHCP and my modem's DHCP, and even though ISC-DHCP is set to authoritative, it's not given priority. I did not have this issue with DNSMasq because it was running as a ProxyDHCP which is something that ISC DHCP will not do. For other reasons I need to use ISC DHCP so for anyone with this issue, if you've got a DHCP server on your network then you can't just add a second DHCP server in the same subnet. You can use DNSMasq to handle the DNS Requests set to ProxyDHCP and it'll work fine with iPXE.

If you need to use another DNS server without ProxyDHCP support such as isc-dhcp then the best option appears to be using an embedded script in the chainloadable iPXE file which then does not even require a DHCP replies to proceed. This is the route I am currently taking, it seems like a far superior way to truly harness iPXE anyway!

Thanks everyone.
(2018-12-28 01:40)luis84 Wrote: [ -> ]Thank you both. So my config was indeed bad but the issue is actually bigger, you see, my modem is also acting forcefully as a DHCP server (because it has router functionality) and this was replying to the DNS requests in addition to my PXE server. I discovered this with wireshark (as suggested above)... it became evident quickly. Normal PXE is grabbing the right gateway and then loading the iPXE chainload but then iPXE is grabbing the details from the incorrect DHCP server.

As a result the second and final request for the file is replied to by both my ISC-DHCP and my modem's DHCP, and even though ISC-DHCP is set to authoritative, it's not given priority. I did not have this issue with DNSMasq because it was running as a ProxyDHCP which is something that ISC DHCP will not do. For other reasons I need to use ISC DHCP so for anyone with this issue, if you've got a DHCP server on your network then you can't just add a second DHCP server in the same subnet. You can use DNSMasq to handle the DNS Requests set to ProxyDHCP and it'll work fine with iPXE.

If you need to use another DNS server without ProxyDHCP support such as isc-dhcp then the best option appears to be using an embedded script in the chainloadable iPXE file which then does not even require a DHCP replies to proceed. This is the route I am currently taking, it seems like a far superior way to truly harness iPXE anyway!

Thanks everyone.

I think you are missunderstanding how DHCP works, (or is intended to work)
You should only have one DHCP server on a network, If you have more then the result will be undefined. In practice it becomes the first received response that will be what is used, so a faster machine will be more likely to have its sent DHCP lease be used, rather than a slow router.

Also don't mixup DNS with DHCP, dnsmasq happens to do both, but that is the only one that does AFAIK.
DNS is for name service and has nothing to do with DHCP (except for many DHCP servers updating DNS records when giving out a lease)

In your case you should make sure that the DHCP server in your router is disabled. In most routers this is possible to change, and still have it act like a router.
Right, I do understand, my explanation was just written very late and very tired. In my case I need my router to work as a DHCP server as it remains the primary. I have a mobile PXE imaging station which is usually plugged into switches so this issue does not occur, but on some very obscure networks it needs to plugin to a router instead.

When this happens I don't always have control over the router to turn off DHCP.

This is indeed a fringe scenario and turning off DHCP on the router would be the ideal solution.

What I did end up doing was simply building my own undionly.kpxe with a custom embedded script that has some basic logic to handle loading images from distinct sources and it resolves my weird use case scenario!
Again never put 2 DHCP servers on the same network,
What you want to use here is dnsmasq as you was before in ProxyDHCP mode only.

If you are using ISC dhcpd on someone else's network it could be considered an attack - I as a sysadmin would not be happy about that (to put it mildly)
Reference URL's