3
dnsmasq \- A lightweight DHCP and caching DNS server.
9
is a lightweight DNS and DHCP server. It is intended to provide coupled DNS and DHCP service to a
12
Dnsmasq accepts DNS queries and either answers them from a small, local,
13
cache or forwards them to a real, recursive, DNS server. It loads the
14
contents of /etc/hosts so that local hostnames
15
which do not appear in the global DNS can be resolved and also answers
16
DNS queries for DHCP configured hosts.
18
The dnsmasq DHCP server supports static address assignments, multiple
19
networks, DHCP-relay and RFC3011 subnet specifiers. It automatically
20
sends a sensible default set of DHCP options, and can be configured to
21
send any desired set of DHCP options. It also supports BOOTP.
26
Note that in general missing parameters are allowed and switch off
27
functions, for instance "--pid-file=" disables writing a PID file. On
28
BSD, unless the GNU getopt library is linked, the long form of the
29
options does not work on the command line; it is still recognised in
30
the configuration file.
33
Don't read the hostnames in /etc/hosts.
35
.B \-H, --addn-hosts=<file>
36
Additional hosts file. Read the specified file as well as /etc/hosts. If -h is given, read
37
only the specified file. This option may be repeated for more than one
38
additional hosts file.
40
.B \-T, --local-ttl=<time>
41
When replying with information from /etc/hosts or the DHCP leases
42
file dnsmasq by default sets the time-to-live field to zero, meaning
43
that the requestor should not itself cache the information. This is
44
the correct thing to do in almost all situations. This option allows a
45
time-to-live (in seconds) to be given for these replies. This will
46
reduce the load on the server at the expense of clients using stale
47
data under some circumstances.
49
.B \-k, --keep-in-foreground
50
Do not go into the background at startup but otherwise run as
51
normal. This is intended for use when dnsmasq is run under daemontools.
54
Debug mode: don't fork to the background, don't write a pid file,
55
don't change user id, generate a complete cache dump on receipt on
56
SIGUSR1, log to stderr as well as syslog, don't fork new processes
57
to handle TCP queries.
60
Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on receipt of SIGUSR1.
62
.B \-x, --pid-file=<path>
63
Specify an alternate path for dnsmasq to record its process-id in. Normally /var/run/dnsmasq.pid.
65
.B \-u, --user=<username>
66
Specify the userid to which dnsmasq will change after startup. Dnsmasq must normally be started as root, but it will drop root
67
priviledges after startup by changing id to another user. Normally this user is "nobody" but that
68
can be over-ridden with this switch.
70
.B \-g, --group=<groupname>
71
Specify the group which dnsmasq will run
72
as. The defaults to "dip", if available, to facilitate access to
73
/etc/ppp/resolv.conf which is not normally world readable.
76
Print the version number.
79
Listen on <port> instead of the standard DNS port (53). Useful mainly for
82
.B \-P, --edns-packet-max=<size>
83
Specify the largest EDNS.0 UDP packet which is supported by the DNS
84
forwarder. Defaults to 1280, which is the RFC2671-recommended maximum
87
.B \-Q, --query-port=<query_port>
88
Send outbound DNS queries from, and listen for their replies on, the specific UDP port <query_port> instead of using one chosen at runtime. Useful to simplify your
89
firewall rules; without this, your firewall would have to allow connections from outside DNS servers to a range of UDP ports, or dynamically adapt to the
90
port being used by the current dnsmasq instance.
92
.B \-i, --interface=<interface name>
93
Listen only on the specified interface(s). Dnsmasq automatically adds
94
the loopback (local) interface to the list of interfaces to use when
101
options are given dnsmasq listens on all available interfaces except any
103
.B \--except-interface
104
options. If IP alias interfaces (eg "eth1:0") are used with
107
.B --except-interface
110
option will be automatically set. This is required for deeply boring
113
.B \-I, --except-interface=<interface name>
114
Do not listen on the specified interface. Note that the order of
118
.B --except-interface
119
options does not matter and that
120
.B --except-interface
121
options always override the others.
123
.B \-a, --listen-address=<ipaddr>
124
Listen on the given IP address(es). Both
128
options may be given, in which case the set of both interfaces and
129
addresses is used. Note that if no
133
is, dnsmasq will not automatically listen on the loopback
134
interface. To achieve this, its IP address, 127.0.0.1, must be
135
explicitly given as a
139
.B \-z, --bind-interfaces
140
On systems which support it, dnsmasq binds the wildcard address,
141
even when it is listening on only some interfaces. It then discards
142
requests that it shouldn't reply to. This has the advantage of
143
working even when interfaces come and go and change address. This
144
option forces dnsmasq to really bind only the interfaces it is
145
listening on. About the only time when this is useful is when
146
running another nameserver (or another instance of dnsmasq) on the
147
same machine or when using IP
148
alias. Specifying interfaces with IP alias automatically turns this
149
option on. Setting this option also enables multiple instances of
150
dnsmasq which provide DHCP service to run in the same machine.
152
.B \-y, --localise-queries
153
Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was
154
recieved. If a name in /etc/hosts has more than one address associated with
155
it, and at least one of those addresses is on the same subnet as the
156
interface to which the query was sent, then return only the
157
address(es) on that subnet. This allows for a server to have multiple
158
addresses in /etc/hosts corresponding to each of its interfaces, and
159
hosts will get the correct address based on which network they are
160
attached to. Currently this facility is limited to IPv4.
163
Bogus private reverse lookups. All reverse lookups for private IP ranges (ie 192.168.x.x, etc)
164
which are not found in /etc/hosts or the DHCP leases file are answered
165
with "no such domain" rather than being forwarded upstream.
167
.B \-V, --alias=<old-ip>,<new-ip>[,<mask>]
168
Modify IPv4 addresses returned from upstream nameservers; old-ip is
169
replaced by new-ip. If the optional mask is given then any address
170
which matches the masked old-ip will be re-written. So, for instance
171
.B --alias=1.2.3.0,6.7.8.0,255.255.255.0
172
will map 1.2.3.56 to 6.7.8.56 and 1.2.3.67 to 6.7.8.67. This is what
173
Cisco PIX routers call "DNS doctoring".
175
.B \-B, --bogus-nxdomain=<ipaddr>
176
Transform replies which contain the IP address given into "No such
177
domain" replies. This is intended to counteract a devious move made by
178
Versign in September 2003 when they started returning the address of
179
an advertising web page in response to queries for unregistered names,
180
instead of the correct NXDOMAIN response. This option tells dnsmasq to
181
fake the correct response when it sees this behaviour. As at Sept 2003
182
the IP address being returnd by Verisign is 64.94.110.11
184
.B \-f, --filterwin2k
185
Later versions of windows make periodic DNS requests which don't get sensible answers from
186
the public DNS and can cause problems by triggering dial-on-demand links. This flag turns on an option
187
to filter such requests. The requests blocked are for records of types SOA and SRV, and type ANY where the
188
requested name has underscores, to catch LDAP requests.
190
.B \-r, --resolv-file=<file>
191
Read the IP addresses of the upstream nameservers from <file>, instead of
192
/etc/resolv.conf. For the format of this file see
194
the only lines relevant to dnsmasq are nameserver ones. Dnsmasq can
195
be told to poll more than one resolv.conf file, the first file name specified
196
overrides the default, subsequent ones add to the list. This is only
197
allowed when polling; the file with the currently latest modification
198
time is the one used.
201
Don't read /etc/resolv.conf. Get upstream servers only from the command
202
line or the dnsmasq configuration file.
204
.B \-o, --strict-order
205
By default, dnsmasq will send queries to any of the upstream servers
206
it knows about and tries to favour servers to are known to
207
be up. Setting this flag forces dnsmasq to try each query with each
208
server strictly in the order they appear in /etc/resolv.conf
211
Don't poll /etc/resolv.conf for changes.
213
.B \-D, --domain-needed
214
Tells dnsmasq to never forward queries for plain names, without dots
215
or domain parts, to upstream nameservers. If the name is not knowm
216
from /etc/hosts or DHCP then a "not found" answer is returned.
218
.B \-S, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source>[#<port>]]]
219
Specify IP address of upsream severs directly. Setting this flag does
220
not suppress reading of /etc/resolv.conf, use -R to do that. If one or
222
optional domains are given, that server is used only for those domains
223
and they are queried only using the specified server. This is
224
intended for private nameservers: if you have a nameserver on your
225
network which deals with names of the form
226
xxx.internal.thekelleys.org.uk at 192.168.1.1 then giving the flag
227
.B -S /.internal.thekelleys.org.uk/192.168.1.1
228
will send all queries for
229
internal machines to that nameserver, everything else will go to the
230
servers in /etc/resolv.conf. An empty domain specification,
232
has the special meaning of "unqualified names only" ie names without any
233
dots in them. A non-standard port may be specified as
235
address using a # character.
236
More than one -S flag is allowed, with
237
repeated domain or ipaddr parts as required.
239
Also permitted is a -S
240
flag which gives a domain but no IP address; this tells dnsmasq that
241
a domain is local and it may answer queries from /etc/hosts or DHCP
242
but should never forward queries on that domain to any upstream
247
to make configuration files clearer in this case.
249
The optional second IP address after the @ character tells
250
dnsmasq how to set the source address of the queries to this
251
nameserver. It should be an address belonging to the machine on which
252
dnsmasq is running otherwise this server line will be logged and then
253
ignored. The query-port flag is ignored for any servers which have a
254
source address specified but the port may be specified directly as
255
part of the source address.
257
.B \-A, --address=/<domain>/[domain/]<ipaddr>
258
Specify an IP address to return for any host in the given domains.
259
Queries in the domains are never forwarded and always replied to
260
with the specified IP address which may be IPv4 or IPv6. To give
261
both IPv4 and IPv6 addresses for a domain, use repeated -A flags.
262
Note that /etc/hosts and DHCP leases override this for individual
263
names. A common use of this is to redirect the entire doubleclick.net
264
domain to some friendly local web server to avoid banner ads. The
265
domain specification works in the same was as for --server, with the
266
additional facility that /#/ matches any domain. Thus
267
--address=/#/1.2.3.4 will always return 1.2.3.4 for any query not
268
answered from /etc/hosts or DHCP and not sent to an upstream
269
nameserver by a more specific --server directive.
271
.B \-m, --mx-host=<mx name>[[,<hostname>],<preference>]
272
Return an MX record named <mx name> pointing to the given hostname (if
274
the host specified in the --mx-target switch
275
or, if that switch is not given, the host on which dnsmasq
276
is running. The default is useful for directing mail from systems on a LAN
277
to a central server. The preference value is optional, and defaults to
278
1 if not given. More than one MX record may be given for a host.
280
.B \-t, --mx-target=<hostname>
281
Specify the default target for the MX record returned by dnsmasq. See
282
--mx-host. If --mx-target is given, but not --mx-host, then dnsmasq
283
returns a MX record containing the MX target for MX queries on the
284
hostname of the machine on which dnsmasq is running.
287
Return an MX record pointing to itself for each local
288
machine. Local machines are those in /etc/hosts or with DHCP leases.
291
Return an MX record pointing to the host given by mx-target (or the
292
machine on which dnsmasq is running) for each
293
local machine. Local machines are those in /etc/hosts or with DHCP
296
.B \-W, --srv-host=<_service>.<_prot>.[<domain>],[<target>[,<port>[,<priority>[,<weight>]]]]
297
Return a SRV DNS record. See RFC2782 for details. If not supplied, the
298
domain defaults to that given by
300
The default for the target domain is empty, and the default for port
301
is one and the defaults for
302
weight and priority are zero. Be careful if transposing data from BIND
303
zone files: the port, weight and priority numbers are in a different
304
order. More than one SRV record for a given service/domain is allowed,
305
all that match are returned. Specifying at least one
307
option also turns on replies to SOA queries for the
310
option. The data in these is stereotyped, but is enough for resolvers
311
to deduce that the domain is a valid one for resolving SRV records.
313
.B \-Y, --txt-record=<name>[[,<text>],<text>]
314
Return a TXT DNS record. The value of TXT record is a set of strings,
315
so any number may be included, split by commas.
317
.B \-c, --cache-size=<cachesize>
318
Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
320
.B \-N, --no-negcache
321
Disable negative caching. Negative caching allows dnsmasq to remember
322
"no such domain" answers from upstream nameservers and answer
323
identical queries without forwarding them again. This flag disables
326
.B \-F, --dhcp-range=[[net:]network-id,]<start-addr>,<end-addr>[[,<netmask>],<broadcast>][,<default lease time>]
327
Enable the DHCP server. Addresses will be given out from the range
328
<start-addr> to <end-addr> and from statically defined addresses given
331
options. If the lease time is given, then leases
332
will be given for that length of time. The lease time is on seconds,
333
or minutes (eg 45m) or hours (eg 1h) or the literal "infinite". This
334
option may be repeated, with different addresses, to enable DHCP
335
service to more than one network. For directly connected networks (ie,
336
networks on which the machine running dnsmasq has an interface) the
337
netmask is optional. It is, however, required for networks which
338
recieve DHCP service via a relay agent. The broadcast address is
339
always optional. On some broken systems, dnsmasq can listen on only
340
one interface when using DHCP, and the name of that interface must be
343
option. This limitation currently affects OpenBSD. It is always
344
allowed to have more than one dhcp-range in a single subnet. The optional
345
network-id is a alphanumeric label which marks this network so that
346
dhcp options may be specified on a per-network basis.
347
When it is prefixed with 'net:' then its meaning changes from setting
348
a tag to matching it.
349
The end address may be replaced by the keyword
351
which tells dnsmasq to enable DHCP for the network specified, but not
352
to dynamically allocate IP addresses. Only hosts which have static
355
or from /etc/ethers will be served.
357
.B \-G, --dhcp-host=[[<hwaddr>]|[id:[<client_id>][*]]][net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
358
Specify per host parameters for the DHCP server. This allows a machine
359
with a particular hardware address to be always allocated the same
360
hostname, IP address and lease time. A hostname specified like this
361
overrides any supplied by the DHCP client on the machine. It is also
362
allowable to ommit the hardware address and include the hostname, in
363
which case the IP address and lease times will apply to any machine
364
claiming that name. For example
365
.B --dhcp-host=00:20:e0:3b:13:af,wap,infinite
366
tells dnsmasq to give
367
the machine with ethernet address 00:20:e0:3b:13:af the name wap, and
368
an infinite DHCP lease.
369
.B --dhcp-host=lap,192.168.0.199
371
dnsmasq to always allocate the machine lap the IP address
372
192.168.0.199. Addresses allocated like this are not constrained to be
373
in the range given by the --dhcp-range option, but they must be on the
374
network being served by the DHCP server. It is allowed to use client identifiers rather than
375
hardware addresses to identify hosts by prefixing with 'id:'. Thus:
376
.B --dhcp-host=id:01:02:03:04,.....
377
refers to the host with client identifier 01:02:03:04. It is also
378
allowed to specify the client ID as text, like this:
379
.B --dhcp-host=id:clientidastext,.....
380
The special option id:* means "ignore any client-id
381
and use MAC addresses only." This is useful when a client presents a client-id sometimes
383
If a name appears in /etc/hosts, the associated address can be
384
allocated to a DHCP lease, but only if a
386
option specifying the name also exists. The special keyword "ignore"
387
tells dnsmasq to never offer a DHCP lease to a machine. The machine
388
can be specified by hardware address, client ID or hostname, for
390
.B --dhcp-host=00:20:e0:3b:13:af,ignore
392
useful when there is another DHCP server on the network which should
393
be used by some machines. The net:<network-id> parameter enables DHCP options just
394
for this host in the same way as the the network-id in
396
Ethernet addresses (but not client-ids) may have
397
wildcard bytes, so for example
398
.B --dhcp-host=00:20:e0:3b:13:*,ignore
399
will cause dnsmasq to ignore a range of ethernet addresses. Note that
400
the "*" will need to be escaped or quoted on a command line, but not
401
in the configuration file.
403
.B \-Z, --read-ethers
404
Read /etc/ethers for information about hosts for the DHCP server. The
405
format of /etc/ethers is a hardware address, followed by either a
406
hostname or dotted-quad IP address. When read by dnsmasq these lines
407
have exactly the same effect as
409
options containing the same information.
411
.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][vendor:<vendor-class>]<opt>,[<value>[,<value>]]
412
Specfify different or extra options to DHCP clients. By default,
413
dnsmasq sends some standard options to DHCP clients, the netmask and
414
broadcast address are set to the same as the host running dnsmasq, and
415
the DNS server and default route are set to the address of the machine
416
running dnsmasq. If the domain name option has been set, that is sent.
417
This option allows these defaults to be overridden,
418
or other options specified. The <opt> is the number of the option, as
419
specfied in RFC2132. For example, to set the default route option to
421
.B --dhcp-option=3,192.168.4.4
422
and to set the time-server address to 192.168.0.4, do
423
.B --dhcp-option=42,192.168.0.4
424
The special address 0.0.0.0 is taken to mean "the address of the
425
machine running dnsmasq". Data types allowed are comma separated
426
dotted-quad IP addresses, a decimal number, colon-separated hex digits
427
and a text string. If the optional network-ids are given then
428
this option is only sent when all the network-ids are matched.
430
Be careful: no checking is done that the correct type of data for the
431
option number is sent, it is quite possible to
432
persuade dnsmasq to generate illegal DHCP packets with injudicious use
433
of this flag. When the value is a decimal number, dnsmasq must determine how
434
large the data item is. It does this by examining the option number and/or the
435
value, but can be overriden by appending a single letter flag as follows:
436
b = one byte, s = two bytes, i = four bytes. This is mainly useful with
437
encapsulated vendor class options (see below) where dnsmasq cannot determine data size from the option number.
439
Encapsulated Vendor-class options may also be specified using
440
--dhcp-option: for instance
441
.B --dhcp-option=vendor:PXEClient,1,0.0.0.0
442
sends the vendor class "PXEClient" and the encapsulated vendor class-specific option "mftp-address=0.0.0.0" Only one vendor class is allowed for any
443
host, but multiple options are allowed, provided they all have
444
the same vendor class. The address 0.0.0.0 is not treated specially in
445
encapsulated vendor class options.
447
.B \-U, --dhcp-vendorclass=<network-id>,<vendor-class>
448
Map from a vendor-class string to a network id. Most DHCP clients provide a
449
"vendor class" which represents, in some sense, the type of host. This option
450
maps vendor classes to network ids, so that DHCP options may be selectively delivered
451
to different classes of hosts. For example
452
.B dhcp-vendorclass=printers,Hewlett-Packard JetDirect
453
will allow options to be set only for HP printers like so:
454
.B --dhcp-option=printers,3,192.168.4.4
455
The vendor-class string is
456
substring matched against the vendor-class supplied by the client, to
457
allow fuzzy matching.
459
.B \-j, --dhcp-userclass=<network-id>,<user-class>
460
Map from a user-class string to a network id (with substring
461
matching, like vendor classes). Most DHCP clients provide a
462
"user class" which is configurable. This option
463
maps user classes to network ids, so that DHCP options may be selectively delivered
464
to different classes of hosts. It is possible, for instance to use
465
this to set a different printer server for hosts in the class
466
"accounts" than for hosts in the class "engineering".
468
.B \ -J, --dhcp-ignore=<network-id>[,<network-id>]
469
When all the given network-ids match the set of network-ids derived
470
from the net, host, vendor and user classes, ignore the host and do
471
not allocate it a DHCP lease.
473
.B \-M, --dhcp-boot=[net:<network-id>,]<filename>,[<servername>[,<server address>]]
474
Set BOOTP options to be returned by the DHCP server. These are needed
475
for machines which network boot, and tell the machine where to collect
476
its initial configuration. If the optional network-id(s) are given,
477
they must match for this configuration to be sent. Note that
478
network-ids are prefixed by "net:" to distinguish them.
480
.B \-X, --dhcp-lease-max=<number>
481
Limits dnsmasq to the specified maximum number of DHCP leases. The
482
default is 150. This limit is to prevent DoS attacks from hosts which
483
create thousands of leases and use lots of memory in the dnsmasq
486
.B \-K, --dhcp-authoritative
487
Should be set when dnsmasq is definatively the only DHCP server on a network.
488
It changes the behaviour from strict RFC compliance so that DHCP requests on
489
unknown leases from unknown hosts are not ignored. This allows new hosts
490
to get a lease without a tedious timeout under all circumstances.
492
.B \-l, --dhcp-leasefile=<path>
493
Use the specified file to store DHCP lease information. If this option
494
is given but no dhcp-range option is given then dnsmasq version 1
495
behaviour is activated. The file given is assumed to be an ISC dhcpd
496
lease file and parsed for leases which are then added to the DNS
497
system if they have a hostname. This functionality may have been
498
excluded from dnsmasq at compile time, in which case an error will occur.
500
.B \-s, --domain=<domain>
501
Specifies the domain for the DHCP server. This has two effects;
502
firstly it causes the DHCP server to return the domain to any hosts
503
which request it, and secondly it sets the domain which it is legal
504
for DHCP-configured hosts to claim. The intention is to constrain hostnames so that an untrusted host on the LAN cannot advertise it's name via dhcp as e.g. "microsoft.com" and capture traffic not meant for it. If no domain suffix is specified, then any DHCP hostname with a domain part (ie with a period) will be disallowed and logged. If suffix is specified, then hostnames with a domain part are allowed, provided the domain part matches the suffix. In addition, when a suffix is set then hostnames without a domain part have the suffix added as an optional domain part. Eg on my network I can set
505
.B --domain-suffix=thekelleys.org.uk
506
and have a machine whose DHCP hostname is "laptop". The IP address for that machine is available from
508
both as "laptop" and "laptop.thekelleys.org.uk". If the domain is
509
given as "#" then the domain is read from the first "search" directive
510
in /etc/resolv.conf (or equivalent).
512
.B \-E, --expand-hosts
513
Add the domain-suffix to simple names (without a period) in /etc/hosts
514
in the same way as for DHCP-derived names.
516
At startup, dnsmasq reads
517
.I /etc/dnsmasq.conf,
520
.I /usr/local/etc/dnsmasq.conf
522
file consists of one option per line, exactly as the long options detailed
523
in the OPTIONS section but without the leading "--". Lines starting with # are comments and ignored. For
524
options which may only be specified once, the configuration file overrides
525
the command line. Use the --conf-file option to specify a different
526
configuration file. The conf-file option is also allowed in
527
configuration files, to include multiple configuration files. Only one
528
level of nesting is allowed. Quoting is allowed in a config file:
529
between " quotes the special meaning of , and # is removed and the
530
following escapes are allowed: \\\\ \\" \\t and \\n. The later two
531
corresponding to newline and tab.
533
When it receives a SIGHUP,
535
clears its cache and then re-loads
540
is set SIGHUP also re-reads
543
does NOT re-read the configuration file.
545
When it receives a SIGUSR1,
547
writes cache statistics to the system log. It writes the cache size,
548
the number of names which have had to removed from the cache before
549
they expired in order to make room for new names and the total number
550
of names that have been inserted into the cache. In
552
mode or when full logging is enabled (-q), a complete dump of the contents of the cache is made.
554
Dnsmasq is a DNS query forwarder: it it not capable of recursively
555
answering arbitrary queries starting from the root servers but
556
forwards such queries to a fully recursive upstream DNS server which is
557
typically provided by an ISP. By default, dnsmasq reads
560
addresses of the upstream nameservers it should use, since the
561
information is typically stored there. Unless
565
checks the modification time of
569
is used) and re-reads it if it changes. This allows the DNS servers to
570
be set dynamically by PPP or DHCP since both protocols provide the
575
since it may not have been created before a PPP connection exists. Dnsmasq
576
simply keeps checking in case
579
time. Dnsmasq can be told to parse more than one resolv.conf
580
file. This is useful on a laptop, where both PPP and DHCP may be used:
581
dnsmasq can be set to poll both
582
.I /etc/ppp/resolv.conf
584
.I /etc/dhcpc/resolv.conf
585
and will use the contents of whichever changed
586
last, giving automatic switching between DNS servers.
588
Upstream servers may also be specified on the command line or in
589
the configuration file. These server specifications optionally take a
590
domain name which tells dnsmasq to use that server only to find names
591
in that particular domain.
593
In order to configure dnsmasq to act as cache for the host on which it is running, put "nameserver 127.0.0.1" in
595
to force local processes to send queries to
596
dnsmasq. Then either specify the upstream servers directly to dnsmasq
599
options or put their addresses real in another file, say
600
.I /etc/resolv.dnsmasq
601
and run dnsmasq with the
602
.B \-r /etc/resolv.dnsmasq
603
option. This second technique allows for dynamic update of the server
604
addresses by PPP or DHCP.
606
Addresses in /etc/hosts will "shadow" different addresses for the same
607
names in the upstream DNS, so "mycompany.com 1.2.3.4" in /etc/hosts will ensure that
608
queries for "mycompany.com" always return 1.2.3.4 even if queries in
609
the upstream DNS would otherwise return a different address. There is
610
one exception to this: if the upstream DNS contains a CNAME which
611
points to a shadowed name, then looking up the CNAME through dnsmasq
612
will result in the unshadowed address associated with the target of
613
the CNAME. To work around this, add the CNAME to /etc/hosts so that
614
the CNAME is shadowed too.
617
The network-id system works as follows: For each DHCP request, dnsmasq
618
collects a set of valid network-id tags, one from the
620
used to allocate the address, one from any matching
622
and possibly many from matching vendor classes and user
623
classes sent by the DHCP client. Any
625
which has network-id tags will be used in preference to an untagged
627
provided that _all_ the tags match somewhere in the
628
set collected as described above. The prefix '#' on a tag means 'not'
629
so --dhcp=option=#purple,3,1.2.3.4 sends the option when the
630
network-id tag purple is not in the set of valid tags.
632
If the network-id in a
634
is prefixed with 'net:' then its meaning changes from setting a
635
tag to matching it. Thus if there is more than dhcp-range on a subnet,
636
and one is tagged with a network-id which is set (for instance
637
from a vendorclass option) then hosts which set the netid tag will be
638
allocated addresses in the tagged range.
640
The DHCP server in dnsmasq will function as a BOOTP server also,
641
provided that the MAC address and IP address for clients are given,
648
configuration option is present to activate the DHCP server
649
on a particular network. The filename
650
parameter in a BOOTP request is matched against netids in
652
configurations, allowing some control over the options returned to
653
different classes of hosts.
656
.IR /etc/dnsmasq.conf
658
.IR /usr/local/etc/dnsmasq.conf
666
.IR /var/lib/misc/dnsmasq.leases
668
.IR /var/db/dnsmasq.leases
670
.IR /var/run/dnsmasq.pid
675
This manual page was written by Simon Kelley <simon@thekelleys.org.uk>.