From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 0B3E21FF15C
	for <inbox@lore.proxmox.com>; Wed, 13 Nov 2024 20:09:50 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id AEB5D1C151;
	Wed, 13 Nov 2024 20:09:49 +0100 (CET)
Message-ID: <b0f4bf82-c871-4485-90b1-0d5879f6d6eb@proxmox.com>
Date: Wed, 13 Nov 2024 20:09:47 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Alexandre Derumier <aderumier@odiso.com>
References: <20231219083216.2551645-1-aderumier@odiso.com>
Content-Language: en-US
From: Stefan Hanreich <s.hanreich@proxmox.com>
In-Reply-To: <20231219083216.2551645-1-aderumier@odiso.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.658 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH pve-network 0/7] add dhcp support for all
 zones
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

I can see this working with Simple and EVPN zone where the host has an
IP because he is acting as a gateway.

But for VLAN / QinQ / VXLAN the way it is currently implemented is
confusing imo, since we are 'abusing' the gateway field for what is
essentially a bind address for dnsmasq.

There is already 'dhcp-dns-server' which configures the DNS server that
dnsmasq sends. Maybe we could add 'dhcp-default-gateway' as well, so
users can configure a default gateway that dnsmasq should send for those
zones if they have a central external firewall in that VLAN.

And then maybe make the bind address explicit for VLAN / VXLAN / QinQ by
moving it from gateway to 'dhcp-bind-address' and document that this
address is then reserved? This would also solve the IPv6 issue, wouldn't it?

Another issue is that the host is sending itself as default gateway and
DNS server in those zones, which we should probably not do (we turn off
forwarding on the interfaces, but it also overwrites resolv.conf, which
can be quite confusing I think). That should be easy to change (I have
it on my machine already).

I have the changes ready on my machine, but I wanted to ask for your
opinion as well, I can also just send them tomorrow and you can review
them if you like.


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel