15
15
which do not appear in the global DNS can be resolved and also answers
16
16
DNS queries for DHCP configured hosts.
18
The dnsmasq DHCP server supports static address assignments, multiple
19
networks, DHCP-relay and RFC3011 subnet specifiers. It automatically
18
The dnsmasq DHCP server supports static address assignments and multiple
19
networks. It automatically
20
20
sends a sensible default set of DHCP options, and can be configured to
21
21
send any desired set of DHCP options, including vendor-encapsulated
22
22
options. It includes a secure, read-only,
208
208
which are not found in /etc/hosts or the DHCP leases file are answered
209
209
with "no such domain" rather than being forwarded upstream.
211
.B \-V, --alias=<old-ip>,<new-ip>[,<mask>]
211
.B \-V, --alias=[<old-ip>]|[<start-ip>-<end-ip>],<new-ip>[,<mask>]
212
212
Modify IPv4 addresses returned from upstream nameservers; old-ip is
213
213
replaced by new-ip. If the optional mask is given then any address
214
214
which matches the masked old-ip will be re-written. So, for instance
215
215
.B --alias=1.2.3.0,6.7.8.0,255.255.255.0
216
216
will map 1.2.3.56 to 6.7.8.56 and 1.2.3.67 to 6.7.8.67. This is what
217
Cisco PIX routers call "DNS doctoring".
217
Cisco PIX routers call "DNS doctoring". If the old IP is given as
218
range, then only addresses in the range, rather than a whole subnet,
220
.B --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
221
maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
219
223
.B \-B, --bogus-nxdomain=<ipaddr>
220
224
Transform replies which contain the IP address given into "No such
385
389
.B --naptr-record=<name>,<order>,<preference>,<flags>,<service>,<regexp>[,<replacement>]
386
390
Return an NAPTR DNS record, as specified in RFC3403.
392
.B --cname=<cname>,<target>
393
Return a CNAME record which indicates that <cname> is really
394
<target>. There are significant limitations on the target; it must be a
395
DNS name which is known to dnsmasq from /etc/hosts (or additional
396
hosts files) or from DHCP. If the target does not satisfy this
397
criteria, the whole cname is ignored. The cname must be unique, but it
398
is permissable to have more than one cname pointing to the same target.
388
400
.B --interface-name=<name>,<interface>
389
401
Return a DNS record associating the name with the primary address on
390
402
the given interface. This flag specifies an A record for the given
465
477
refers to the host with client identifier 01:02:03:04. It is also
466
478
allowed to specify the client ID as text, like this:
467
479
.B --dhcp-host=id:clientidastext,.....
468
481
The special option id:* means "ignore any client-id
469
482
and use MAC addresses only." This is useful when a client presents a client-id sometimes
471
485
If a name appears in /etc/hosts, the associated address can be
472
486
allocated to a DHCP lease, but only if a
478
492
.B --dhcp-host=00:20:e0:3b:13:af,ignore
480
494
useful when there is another DHCP server on the network which should
481
be used by some machines. The net:<network-id> sets the network-id tag
482
whenever this dhcp-host directive is in use.This can be used to
495
be used by some machines.
497
The net:<network-id> sets the network-id tag
498
whenever this dhcp-host directive is in use. This can be used to
483
499
selectively send DHCP options just for this host. When a host matches any
484
500
dhcp-host directive (or one implied by /etc/ethers) then the special
485
501
network-id tag "known" is set. This allows dnsmasq to be configured to
490
506
.B --dhcp-host=00:20:e0:3b:13:*,ignore
491
507
will cause dnsmasq to ignore a range of hardware addresses. Note that
492
508
the "*" will need to be escaped or quoted on a command line, but not
493
in the configuration file. Hardware addresses normally match any
509
in the configuration file.
511
Hardware addresses normally match any
494
512
network (ARP) type, but it is possible to restrict them to a single
495
513
ARP type by preceding them with the ARP-type (in HEX) and "-". so
496
514
.B --dhcp-host=06-00:20:e0:3b:13:af,1.2.3.4
497
515
will only match a
498
516
Token-Ring hardware address, since the ARP-address type for token ring
519
As a special case, it is possible to include more than one
520
hardware address. eg:
521
.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2
522
This allows an IP address to be associated with
523
multiple hardware addresses, and gives dnsmasq permission to abandon a
524
DHCP lease to one of the hardware addresses when another one asks for
525
a lease. Beware that this is a dangerous thing to do, it will only
526
work reliably if only one of the hardware addresses is active at any
527
time and there is no way for dnsmasq to enforce this. It is, for instance,
528
useful to allocate a stable IP address to a laptop which
529
has both wired and wireless interfaces.
501
531
.B --dhcp-hostsfile=<file>
502
532
Read DHCP host information from the specified file. The file contains
519
549
options containing the same information. /etc/ethers is re-read when
520
550
dnsmasq receives SIGHUP.
522
.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],][<opt>|option:<opt-name>],[<value>[,<value>]]
552
.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][encap:<opt>,][vendor:[<vendor-class>],][<opt>|option:<opt-name>],[<value>[,<value>]]
523
553
Specify different or extra options to DHCP clients. By default,
524
554
dnsmasq sends some standard options to DHCP clients, the netmask and
525
555
broadcast address are set to the same as the host running dnsmasq, and
579
609
possible to omit the vendorclass completely;
580
610
.B --dhcp-option=vendor:,1,0.0.0.0
581
611
in which case the encapsulated option is always sent.
613
Options may be encapsulated within other options: for instance
614
.B --dhcp-option=encap:175, 190, "iscsi-client0"
615
will send option 175, within which is the option 190. If multiple
616
options are given which are encapsulated with the same option number
617
then they will be correctly combined into one encapsulated option.
618
encap: and vendor: are may not both be set in the same dhcp-option.
582
620
The address 0.0.0.0 is not treated specially in
583
encapsulated vendor class options.
621
encapsulated options.
585
.B --dhcp-option-force=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],]<opt>,[<value>[,<value>]]
623
.B --dhcp-option-force=[<network-id>,[<network-id>,]][encap:<opt>,][vendor:[<vendor-class>],]<opt>,[<value>[,<value>]]
586
624
This works in exactly the same way as
588
626
except that the option will always be sent, even if the client does
634
672
.B --dhcp-subscrid=<network-id>,<subscriber-id>
635
673
Map from RFC3993 subscriber-id relay agent options to network-id tags.
637
.B --dhcp-match=<network-id>,<option number>
638
Set the network-id tag if the client sends a DHCP option of the given
639
number. This can be used to identify particular clients which send
640
information using private option numbers.
675
.B --dhcp-match=<network-id>,<option number>|option:<option name>[,<value>]
676
Without a value, set the network-id tag if the client sends a DHCP
677
option of the given number or name. When a value is given, set the tag only if
678
the option is sent and matches the value. The value may be of the form
679
"01:ff:*:02" in which case the value must match (apart from widcards)
680
but the option sent may have unmatched data past the end of the
681
value. The value may also be of the same form as in
683
in which case the option sent is treated as an array, and one element
686
--dhcp-match=efi-ia32,option:client-arch,6
688
will set the tag "efi-ia32" if the the number 6 appears in the list of
689
architectures sent by the client in option 93. (See RFC 4578 for
690
details.) If the value is a string, substring matching is used.
642
692
.B \-J, --dhcp-ignore=<network-id>[,<network-id>]
643
693
When all the given network-ids match the set of network-ids derived
693
743
for the client. Finally, two port numbers allows arbitrary
694
744
specification of both server and client ports for DHCP.
696
.B \-3, --bootp-dynamic
746
.B \-3, --bootp-dynamic[=<network-id>[,<network-id>]]
697
747
Enable dynamic allocation of IP addresses to BOOTP clients. Use this
698
748
with care, since each address allocated to a BOOTP client is leased
699
749
forever, and therefore becomes permanently unavailable for re-use by
750
other hosts. if this is given without tags, then it unconditionally
751
enables dynamic allocation. With tags, only when the tags are all
752
set. It may be repeated with different tag sets.
702
754
.B \-5, --no-ping
703
755
By default, the DHCP server will attempt to ensure that an address in
711
763
the netid tags used to determine them.
713
765
.B \-l, --dhcp-leasefile=<path>
714
Use the specified file to store DHCP lease information. If this option
715
is given but no dhcp-range option is given then dnsmasq version 1
716
behaviour is activated. The file given is assumed to be an ISC dhcpd
717
lease file and parsed for leases which are then added to the DNS
718
system if they have a hostname. This functionality may have been
719
excluded from dnsmasq at compile time, in which case an error will
720
occur. In any case note that ISC leasefile integration is a deprecated
721
feature. It should not be used in new installations, and will be
722
removed in a future release.
766
Use the specified file to store DHCP lease information.
724
768
.B \-6 --dhcp-script=<path>
725
769
Whenever a new DHCP lease is created, or an old one destroyed, the
726
binary specified by this option is run. The arguments to the process
770
executable specified by this option is run. The arguments to the process
727
771
are "add", "old" or "del", the MAC
728
address of the host (or "<null>"), the IP address, and the hostname,
772
address of the host, the IP address, and the hostname,
729
773
if known. "add" means a lease has been created, "del" means it has
730
774
been destroyed, "old" is a notification of an existing lease when
731
775
dnsmasq starts or a change to MAC address or hostname of an existing
732
776
lease (also, lease length or expiry and client-id, if leasefile-ro is set).
733
The process is run as root (assuming that dnsmasq was originally run as
777
If the MAC address is from a network type other than ethernet,
778
it will have the network type prepended, eg "06-01:23:45:67:89:ab" for
779
token ring. The process is run as root (assuming that dnsmasq was originally run as
734
780
root) even if dnsmasq is configured to change UID to an unprivileged user.
735
781
The environment is inherited from the invoker of dnsmasq, and if the
736
782
host provided a client-id, this is stored in the environment variable
737
DNSMASQ_CLIENT_ID. If the client provides vendor-class or user-class
783
DNSMASQ_CLIENT_ID. If the fully-qualified domain name of the host is
784
known, the domain part is stored in DNSMASQ_DOMAIN.
785
If the client provides vendor-class or user-class
738
786
information, these are provided in DNSMASQ_VENDOR_CLASS and
739
787
DNSMASQ_USER_CLASS0..DNSMASQ_USER_CLASSn variables, but only for
740
788
"add" actions or "old" actions when a host resumes an existing lease,
785
833
on BSD platforms, and is necessary when using "old style" bridging, since
786
834
packets arrive at tap interfaces which don't have an IP address.
788
.B \-s, --domain=<domain>
789
Specifies the domain for the DHCP server. This has two effects;
836
.B \-s, --domain=<domain>[,<address range>]
837
Specifies DNS domains for the DHCP server. Domains may be be given
838
unconditionally (without the IP range) or for limited IP ranges. This has two effects;
790
839
firstly it causes the DHCP server to return the domain to any hosts
791
840
which request it, and secondly it sets the domain which it is legal
792
841
for DHCP-configured hosts to claim. The intention is to constrain
804
853
both as "laptop" and "laptop.thekelleys.org.uk". If the domain is
805
854
given as "#" then the domain is read from the first "search" directive
806
in /etc/resolv.conf (or equivalent).
855
in /etc/resolv.conf (or equivalent). The address range can be of the form
856
<ip address>,<ip address> or <ip address>/<netmask> or just a single
859
which can change the behaviour of dnsmasq with domains.
862
In the default mode, dnsmasq inserts the unqualified names of
863
DHCP clients into the DNS. For this reason, the names must be unique,
864
even if two clients which have the same name are in different
865
domains. If a second DHCP client appears which has the same name as an
866
existing client, the name is transfered to the new client. If
868
is set, this behaviour changes: the unqualified name is no longer
869
put in the DNS, only the qualified name. Two DHCP clients with the
870
same name may both keep the name, provided that the domain part is
871
different (ie the fully qualified names differ.) To ensure that all
872
names have a domain part, there must be at least
874
without an address specified when
809
879
Enable the TFTP server function. This is deliberately limited to that
1007
1077
used to allocate the address, one from any matching
1079
(and "known" if a dhcp-host matches)
1080
the tag "bootp" for BOOTP requests, a tag whose name is the
1081
name if the interface on which the request arrived,
1009
1082
and possibly many from matching vendor classes and user
1010
1083
classes sent by the DHCP client. Any