DHCP server is configured with incorrect netmask

[sy-be]

Versions

Pi-hole version is v5.18.2 (Latest: v5.18.2)
web version is v5.21 (Latest: v5.21)
FTL version is v5.25.1 (Latest: v5.25.1)

Platform

• OS and version: Raspbian GNU/Linux 11 (bullseye)

• Platform: Raspberry Pi

Expected behavior

When configured with the web UI, DHCP server should be configured (dnsmasq) with correct settings for netmask

Actual behavior / bug

Configuration line for dhcp-range does not include netmask

Steps to reproduce

Steps to reproduce the behavior:

1. Go to 'Settings/DHCP'
2. Click on 'Enable DHCP server' then click save
3. Check the FTL log
4. See error: WARNING in dnsmasq core: DHCP range 192.168.0.100 -- 192.168.0.251 is not consistent with netmask 255.255.255.255

Debug Token

• URL:

Screenshots

Additional context

Generated config file for dnsmasq:

$ cat /etc/dnsmasq.d/02-pihole-dhcp.conf
###############################################################################
#  DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE.  #
#            ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE             #
###############################################################################
dhcp-authoritative
dhcp-range=192.168.0.100,192.168.0.251,24h
dhcp-option=option:router,192.168.0.1
dhcp-leasefile=/etc/pihole/dhcp.leases
#quiet-dhcp

domain=home
local=/home/
#quiet-dhcp6
#enable-ra
dhcp-option=option6:dns-server,[::]
dhcp-range=::,constructor:eth0,ra-names,ra-stateless,64

My static IP configuration in dhcpcd.conf:

interface eth0
static ip_address=192.168.0.10/24
#static ip6_address=fd51:42f8:caae:d92e::ff/64
static routers=192.168.0.1
static domain_name_servers=8.8.8.8 fd51:42f8:caae:d92e::1

The issue causes clients to fail to lease an IP. The configuration line for dhcp-range must include netmask, e.g.: dhcp-range=192.168.0.100,192.168.0.251,255.255.255.0,24h

[rdwebdesign]

not consistent with netmask 255.255.255.255

Are you typing 255.255.255.255 or 255.255.255.0 or 0.0.0.0 as your netmask?

[sy-be]

As mentioned above, in my dhcpcd.conf I use /24 CIDR notation to indicate my netmask (which translates to 255.255.255.0). It could be that dnsmasq incorrectly infers it, maybe in that case this issue is for dnsmasq rather than here. Let me know if that's the case I'll open the issue in the corresponding repo.

[DL6ER]

Netmask is optional:

For directly connected networks (ie, networks on which the machine running dnsmasq has an interface) the netmask is optional: dnsmasq will determine it from the interface configuration.

(from man dnsmasq)

Please check ip a if the interface configuration you applied resulted in the correct subnet. I don't recall having seen issues with wrongly inferred subnets before. (edit: just to be clear - this should absolutely not say that there cannot be an issue here!)

It's also worth checking out the very first lines in /var/log/pihole/pihole.log after a restart of pihole-FTL

[sy-be]

my ip configuration looks valid:

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether xxxxx brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 2a02:c7c:ecda:dd00:b793:9fa1:61e3:852e/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 3171sec preferred_lft 3171sec
    inet6 fd66:90e3:aae6:0:5268:6542:2752:10ca/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::b7ee:3e84:99bd:71e4/64 scope link 
       valid_lft forever preferred_lft forever

pihole.log:

$ sudo head -100 /var/log/pihole/pihole.log.1 
May  5 10:08:05 dnsmasq[11242]: started, version pi-hole-v2.90+1 cachesize 10000
May  5 10:08:05 dnsmasq[11242]: DNS service limited to local subnets
May  5 10:08:05 dnsmasq[11242]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
May  5 10:08:05 dnsmasq[11242]: using nameserver 8.8.8.8#53
May  5 10:08:05 dnsmasq[11242]: using nameserver 8.8.4.4#53
May  5 10:08:05 dnsmasq[11242]: using only locally-known addresses for onion
May  5 10:08:05 dnsmasq[11242]: using only locally-known addresses for bind
May  5 10:08:05 dnsmasq[11242]: using only locally-known addresses for invalid
May  5 10:08:05 dnsmasq[11242]: using only locally-known addresses for localhost
May  5 10:08:05 dnsmasq[11242]: using only locally-known addresses for test
May  5 10:08:05 dnsmasq[11242]: read /etc/hosts - 8 names
May  5 10:08:05 dnsmasq[11242]: read /etc/pihole/custom.list - 0 names
May  5 10:08:05 dnsmasq[11242]: failed to load names from /etc/pihole/local.list: No such file or directory
May  5 10:08:06 dnsmasq[11242]: read /etc/hosts - 8 names
May  5 10:08:06 dnsmasq[11242]: read /etc/pihole/custom.list - 0 names
May  5 10:08:06 dnsmasq[11242]: read /etc/pihole/local.list - 0 names
May  5 10:11:28 dnsmasq[11704]: started, version pi-hole-v2.90+1 cachesize 10000
May  5 10:11:28 dnsmasq[11704]: DNS service limited to local subnets
May  5 10:11:28 dnsmasq[11704]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
May  5 10:11:28 dnsmasq-dhcp[11704]: DHCP, IP range 192.168.0.100 -- 192.168.0.251, lease time 1d
May  5 10:11:28 dnsmasq[11704]: using nameserver 8.8.8.8#53
May  5 10:11:28 dnsmasq[11704]: using nameserver 8.8.4.4#53
May  5 10:11:28 dnsmasq[11704]: using only locally-known addresses for onion
May  5 10:11:28 dnsmasq[11704]: using only locally-known addresses for bind
May  5 10:11:28 dnsmasq[11704]: using only locally-known addresses for invalid
May  5 10:11:28 dnsmasq[11704]: using only locally-known addresses for localhost
May  5 10:11:28 dnsmasq[11704]: using only locally-known addresses for test
May  5 10:11:28 dnsmasq[11704]: using only locally-known addresses for home
May  5 10:11:28 dnsmasq[11704]: read /etc/hosts - 16 names
May  5 10:11:28 dnsmasq[11704]: read /etc/pihole/custom.list - 0 names
May  5 10:11:28 dnsmasq[11704]: read /etc/pihole/local.list - 0 names
May  5 10:11:45 dnsmasq-dhcp[11704]: DHCP range 192.168.0.100 -- 192.168.0.251 is not consistent with netmask 255.255.255.255
May  5 10:11:48 dnsmasq-dhcp[11704]: DHCPDISCOVER(eth0) 28:87:ba:47:bb:f6 
May  5 10:11:48 dnsmasq-dhcp[11704]: DHCPOFFER(eth0) 192.168.0.163 28:87:ba:47:bb:f6 
May  5 10:11:48 dnsmasq-dhcp[11704]: DHCP range 192.168.0.100 -- 192.168.0.251 is not consistent with netmask 255.255.255.255
May  5 10:11:48 dnsmasq-dhcp[11704]: DHCPDISCOVER(eth0) 28:87:ba:47:bb:f6 
May  5 10:11:48 dnsmasq-dhcp[11704]: DHCPOFFER(eth0) 192.168.0.163 28:87:ba:47:bb:f6 
May  5 10:11:48 dnsmasq-dhcp[11704]: DHCP range 192.168.0.100 -- 192.168.0.251 is not consistent with netmask 255.255.255.255
May  5 10:11:48 dnsmasq-dhcp[11704]: DHCPREQUEST(eth0) 192.168.0.163 28:87:ba:47:bb:f6 
May  5 10:11:48 dnsmasq-dhcp[11704]: DHCPACK(eth0) 192.168.0.163 28:87:ba:47:bb:f6 deco-XE75
May  5 10:11:51 dnsmasq-dhcp[11704]: DHCP range 192.168.0.100 -- 192.168.0.251 is not consistent with netmask 255.255.255.255
May  5 10:11:54 dnsmasq-dhcp[11704]: DHCPDISCOVER(eth0) 58:2f:40:7f:e5:98 
May  5 10:11:54 dnsmasq-dhcp[11704]: DHCPOFFER(eth0) 192.168.0.213 58:2f:40:7f:e5:98 
May  5 10:11:54 dnsmasq-dhcp[11704]: DHCP range 192.168.0.100 -- 192.168.0.251 is not consistent with netmask 255.255.255.255
May  5 10:11:54 dnsmasq-dhcp[11704]: DHCPDISCOVER(eth0) 58:2f:40:7f:e5:98 
May  5 10:11:54 dnsmasq-dhcp[11704]: DHCPOFFER(eth0) 192.168.0.213 58:2f:40:7f:e5:98 
May  5 10:11:54 dnsmasq-dhcp[11704]: DHCP range 192.168.0.100 -- 192.168.0.251 is not consistent with netmask 255.255.255.255
May  5 10:11:54 dnsmasq-dhcp[11704]: DHCPREQUEST(eth0) 192.168.0.213 58:2f:40:7f:e5:98 
May  5 10:11:54 dnsmasq-dhcp[11704]: DHCPACK(eth0) 192.168.0.213 58:2f:40:7f:e5:98 
May  5 10:11:56 dnsmasq-dhcp[11704]: DHCP range 192.168.0.100 -- 192.168.0.251 is not consistent with netmask 255.255.255.255
May  5 10:11:56 dnsmasq-dhcp[11704]: DHCPREQUEST(eth0) 192.168.0.33 3c:22:fb:28:6c:97 
May  5 10:11:56 dnsmasq-dhcp[11704]: DHCPNAK(eth0) 192.168.0.33 3c:22:fb:28:6c:97 wrong network
May  5 10:11:57 dnsmasq-dhcp[11704]: DHCP range 192.168.0.100 -- 192.168.0.251 is not consistent with netmask 255.255.255.255
May  5 10:11:57 dnsmasq-dhcp[11704]: DHCPREQUEST(eth0) 192.168.0.21 00:05:cd:b9:e4:86 
May  5 10:11:57 dnsmasq-dhcp[11704]: DHCPNAK(eth0) 192.168.0.21 00:05:cd:b9:e4:86 wrong network
...

As you see, plenty of netmask errors.

I'll see if there's a known issue with dnsmasq!

[sy-be]

ifconfig output for visibility (correct netmask):

$ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.10  netmask 255.255.255.0  broadcast 192.168.0.255
        ether xxxx  txqueuelen 1000  (Ethernet)
        RX packets 888789  bytes 187132200 (178.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 280002  bytes 93815792 (89.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[sy-be]

Can't find any upstream known issues, but I think it'd be great to be able to set the netmask explicitly rather than rely on dnsmasqs auto detection mechanism.

[DL6ER]

The upcoming Pi-hole v6 already has exactly this as you've seen in the PR you originally posted your observation in. I also thought we had some debugging output concerning the detected netmask but this may have also only been added to v6 code which is under development for years by now.

It'd be great if you could join the public Pi-hole v6 beta, the more feedback we get, the smoother the final release will be. And we promise fast turnaround time in case any bugs are found! It's never faster in during an ongoing beta round.

[sy-be]

Thanks for your input here and I'll check the v6 beta out and might join! Closing this issue in the meantime.