~davewalker/ubuntu/lucid/dnsmasq/bug674645

« back to all changes in this revision

Viewing changes to man/dnsmasq.8

Committer: Bazaar Package Importer
Author(s): Simon Kelley
Date: 2009-02-07 19:25:23 UTC
mfrom: (10.1.3 sid)
Revision ID: james.westby@ubuntu.com-20090207192523-zut5qet639v1httx

http://bugs.debian.org/514397

* Fix bashism in init script. (closes: #514397)
* Tweak logging in init script.

files added:
contrib/lease-access

contrib/lease-access/README

contrib/lease-access/lease.access.patch

files removed:
src/isc.c

files modified:
CHANGELOG

Makefile

bld/Makefile

contrib/webmin/dnsmasq.wbm

dbus/DBus-interface

dbus/dnsmasq.conf

debian/changelog

debian/control

debian/default

debian/init

debian/postinst

debian/postrm

debian/readme

debian/rules

dnsmasq.conf.example

doc.html

man/dnsmasq.8

man/es/dnsmasq.8

man/fr/dnsmasq.8

po/de.po

po/es.po

po/fi.po

po/fr.po

po/id.po

po/it.po

po/no.po

po/pl.po

po/pt_BR.po

po/ro.po

src/bpf.c

src/cache.c

src/config.h

src/dbus.c

src/dhcp.c

src/dnsmasq.c

src/dnsmasq.h

src/forward.c

src/helper.c

src/lease.c

src/log.c

src/netlink.c

src/network.c

src/option.c

src/rfc1035.c

src/rfc2131.c

src/tftp.c

src/util.c

Show diffs side-by-side

added added

removed removed

man/dnsmasq.8

which do not appear in the global DNS can be resolved and also answers

DNS queries for DHCP configured hosts.

.PP

The dnsmasq DHCP server supports static address assignments, multiple

networks, DHCP-relay and RFC3011 subnet specifiers. It automatically

The dnsmasq DHCP server supports static address assignments and multiple

networks. It automatically

sends a sensible default set of DHCP options, and can be configured to

send any desired set of DHCP options, including vendor-encapsulated

options. It includes a secure, read-only,

208

which are not found in /etc/hosts or the DHCP leases file are answered

209

with "no such domain" rather than being forwarded upstream.

210

.TP

211

.B \-V, --alias=<old-ip>,<new-ip>[,<mask>]

211

.B \-V, --alias=[<old-ip>]|[<start-ip>-<end-ip>],<new-ip>[,<mask>]

212

Modify IPv4 addresses returned from upstream nameservers; old-ip is

213

replaced by new-ip. If the optional mask is given then any address

214

which matches the masked old-ip will be re-written. So, for instance

215

.B --alias=1.2.3.0,6.7.8.0,255.255.255.0

216

will map 1.2.3.56 to 6.7.8.56 and 1.2.3.67 to 6.7.8.67. This is what

217

Cisco PIX routers call "DNS doctoring".

217

Cisco PIX routers call "DNS doctoring". If the old IP is given as

218

range, then only addresses in the range, rather than a whole subnet,

219

are re-written. So

220

.B --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0

221

maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40

218

222

.TP

219

223

.B \-B, --bogus-nxdomain=<ipaddr>

220

224

Transform replies which contain the IP address given into "No such

385

389

.B --naptr-record=<name>,<order>,<preference>,<flags>,<service>,<regexp>[,<replacement>]

386

390

Return an NAPTR DNS record, as specified in RFC3403.

387

391

.TP

392

.B --cname=<cname>,<target>

393

Return a CNAME record which indicates that <cname> is really

394

<target>. There are significant limitations on the target; it must be a

395

DNS name which is known to dnsmasq from /etc/hosts (or additional

396

hosts files) or from DHCP. If the target does not satisfy this

397

criteria, the whole cname is ignored. The cname must be unique, but it

398

is permissable to have more than one cname pointing to the same target.

399

.TP

388

400

.B --interface-name=<name>,<interface>

389

401

Return a DNS record associating the name with the primary address on

390

402

the given interface. This flag specifies an A record for the given

465

477

refers to the host with client identifier 01:02:03:04. It is also

466

478

allowed to specify the client ID as text, like this:

467

479

.B --dhcp-host=id:clientidastext,.....

480

468

481

The special option id:* means "ignore any client-id

469

482

and use MAC addresses only." This is useful when a client presents a client-id sometimes

470

483

but not others.

484

471

485

If a name appears in /etc/hosts, the associated address can be

472

486

allocated to a DHCP lease, but only if a

473

487

.B --dhcp-host

478

492

.B --dhcp-host=00:20:e0:3b:13:af,ignore

479

493

This is

480

494

useful when there is another DHCP server on the network which should

481

be used by some machines. The net:<network-id> sets the network-id tag

482

whenever this dhcp-host directive is in use.This can be used to

495

be used by some machines.

496

497

The net:<network-id> sets the network-id tag

498

whenever this dhcp-host directive is in use. This can be used to

483

499

selectively send DHCP options just for this host. When a host matches any

484

500

dhcp-host directive (or one implied by /etc/ethers) then the special

485

501

network-id tag "known" is set. This allows dnsmasq to be configured to

490

506

.B --dhcp-host=00:20:e0:3b:13:*,ignore

491

507

will cause dnsmasq to ignore a range of hardware addresses. Note that

492

508

the "*" will need to be escaped or quoted on a command line, but not

493

in the configuration file. Hardware addresses normally match any

509

in the configuration file.

510

511

Hardware addresses normally match any

494

512

network (ARP) type, but it is possible to restrict them to a single

495

513

ARP type by preceding them with the ARP-type (in HEX) and "-". so

496

514

.B --dhcp-host=06-00:20:e0:3b:13:af,1.2.3.4

497

515

will only match a

498

516

Token-Ring hardware address, since the ARP-address type for token ring

499

is 6.

517

is 6.

518

519

As a special case, it is possible to include more than one

520

hardware address. eg:

521

.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2

522

This allows an IP address to be associated with

523

multiple hardware addresses, and gives dnsmasq permission to abandon a

524

DHCP lease to one of the hardware addresses when another one asks for

525

a lease. Beware that this is a dangerous thing to do, it will only

526

work reliably if only one of the hardware addresses is active at any

527

time and there is no way for dnsmasq to enforce this. It is, for instance,

528

useful to allocate a stable IP address to a laptop which

529

has both wired and wireless interfaces.

500

530

.TP

501

531

.B --dhcp-hostsfile=<file>

502

532

Read DHCP host information from the specified file. The file contains

519

549

options containing the same information. /etc/ethers is re-read when

520

550

dnsmasq receives SIGHUP.

521

551

.TP

522

.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],][<opt>|option:<opt-name>],[<value>[,<value>]]

552

.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][encap:<opt>,][vendor:[<vendor-class>],][<opt>|option:<opt-name>],[<value>[,<value>]]

523

553

Specify different or extra options to DHCP clients. By default,

524

554

dnsmasq sends some standard options to DHCP clients, the netmask and

525

555

broadcast address are set to the same as the host running dnsmasq, and

579

609

possible to omit the vendorclass completely;

580

610

.B --dhcp-option=vendor:,1,0.0.0.0

581

611

in which case the encapsulated option is always sent.

612

613

Options may be encapsulated within other options: for instance

614

.B --dhcp-option=encap:175, 190, "iscsi-client0"

615

will send option 175, within which is the option 190. If multiple

616

options are given which are encapsulated with the same option number

617

then they will be correctly combined into one encapsulated option.

618

encap: and vendor: are may not both be set in the same dhcp-option.

619

582

620

The address 0.0.0.0 is not treated specially in

583

encapsulated vendor class options.

621

encapsulated options.

584

622

.TP

585

.B --dhcp-option-force=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],]<opt>,[<value>[,<value>]]

623

.B --dhcp-option-force=[<network-id>,[<network-id>,]][encap:<opt>,][vendor:[<vendor-class>],]<opt>,[<value>[,<value>]]

586

624

This works in exactly the same way as

587

625

.B --dhcp-option

588

626

except that the option will always be sent, even if the client does

634

672

.B --dhcp-subscrid=<network-id>,<subscriber-id>

635

673

Map from RFC3993 subscriber-id relay agent options to network-id tags.

636

674

.TP

637

.B --dhcp-match=<network-id>,<option number>

638

Set the network-id tag if the client sends a DHCP option of the given

639

number. This can be used to identify particular clients which send

640

information using private option numbers.

675

.B --dhcp-match=<network-id>,<option number>|option:<option name>[,<value>]

676

Without a value, set the network-id tag if the client sends a DHCP

677

option of the given number or name. When a value is given, set the tag only if

678

the option is sent and matches the value. The value may be of the form

679

"01:ff:*:02" in which case the value must match (apart from widcards)

680

but the option sent may have unmatched data past the end of the

681

value. The value may also be of the same form as in

682

.B dhcp-option

683

in which case the option sent is treated as an array, and one element

684

must match, so

685

686

--dhcp-match=efi-ia32,option:client-arch,6

687

688

will set the tag "efi-ia32" if the the number 6 appears in the list of

689

architectures sent by the client in option 93. (See RFC 4578 for

690

details.) If the value is a string, substring matching is used.

641

691

.TP

642

692

.B \-J, --dhcp-ignore=<network-id>[,<network-id>]

643

693

When all the given network-ids match the set of network-ids derived

693

743

for the client. Finally, two port numbers allows arbitrary

694

744

specification of both server and client ports for DHCP.

695

745

.TP

696

.B \-3, --bootp-dynamic

746

.B \-3, --bootp-dynamic[=<network-id>[,<network-id>]]

697

747

Enable dynamic allocation of IP addresses to BOOTP clients. Use this

698

748

with care, since each address allocated to a BOOTP client is leased

699

749

forever, and therefore becomes permanently unavailable for re-use by

700

other hosts.

750

other hosts. if this is given without tags, then it unconditionally

751

enables dynamic allocation. With tags, only when the tags are all

752

set. It may be repeated with different tag sets.

701

753

.TP

702

754

.B \-5, --no-ping

703

755

By default, the DHCP server will attempt to ensure that an address in

711

763

the netid tags used to determine them.

712

764

.TP

713

765

.B \-l, --dhcp-leasefile=<path>

714

Use the specified file to store DHCP lease information. If this option

715

is given but no dhcp-range option is given then dnsmasq version 1

716

behaviour is activated. The file given is assumed to be an ISC dhcpd

717

lease file and parsed for leases which are then added to the DNS

718

system if they have a hostname. This functionality may have been

719

excluded from dnsmasq at compile time, in which case an error will

720

occur. In any case note that ISC leasefile integration is a deprecated

721

feature. It should not be used in new installations, and will be

722

removed in a future release.

766

Use the specified file to store DHCP lease information.

723

767

.TP

724

768

.B \-6 --dhcp-script=<path>

725

769

Whenever a new DHCP lease is created, or an old one destroyed, the

726

binary specified by this option is run. The arguments to the process

770

executable specified by this option is run. The arguments to the process

727

771

are "add", "old" or "del", the MAC

728

address of the host (or "<null>"), the IP address, and the hostname,

772

address of the host, the IP address, and the hostname,

729

773

if known. "add" means a lease has been created, "del" means it has

730

774

been destroyed, "old" is a notification of an existing lease when

731

775

dnsmasq starts or a change to MAC address or hostname of an existing

732

776

lease (also, lease length or expiry and client-id, if leasefile-ro is set).

733

The process is run as root (assuming that dnsmasq was originally run as

777

If the MAC address is from a network type other than ethernet,

778

it will have the network type prepended, eg "06-01:23:45:67:89:ab" for

779

token ring. The process is run as root (assuming that dnsmasq was originally run as

734

780

root) even if dnsmasq is configured to change UID to an unprivileged user.

735

781

The environment is inherited from the invoker of dnsmasq, and if the

736

782

host provided a client-id, this is stored in the environment variable

737

DNSMASQ_CLIENT_ID. If the client provides vendor-class or user-class

783

DNSMASQ_CLIENT_ID. If the fully-qualified domain name of the host is

784

known, the domain part is stored in DNSMASQ_DOMAIN.

785

If the client provides vendor-class or user-class

738

786

information, these are provided in DNSMASQ_VENDOR_CLASS and

739

787

DNSMASQ_USER_CLASS0..DNSMASQ_USER_CLASSn variables, but only for

740

788

"add" actions or "old" actions when a host resumes an existing lease,

785

833

on BSD platforms, and is necessary when using "old style" bridging, since

786

834

packets arrive at tap interfaces which don't have an IP address.

787

835

.TP

788

.B \-s, --domain=<domain>

789

Specifies the domain for the DHCP server. This has two effects;

836

.B \-s, --domain=<domain>[,<address range>]

837

Specifies DNS domains for the DHCP server. Domains may be be given

838

unconditionally (without the IP range) or for limited IP ranges. This has two effects;

790

839

firstly it causes the DHCP server to return the domain to any hosts

791

840

which request it, and secondly it sets the domain which it is legal

792

841

for DHCP-configured hosts to claim. The intention is to constrain

803

852

.B dnsmasq

804

853

both as "laptop" and "laptop.thekelleys.org.uk". If the domain is

805

854

given as "#" then the domain is read from the first "search" directive

806

in /etc/resolv.conf (or equivalent).

855

in /etc/resolv.conf (or equivalent). The address range can be of the form

856

<ip address>,<ip address> or <ip address>/<netmask> or just a single

857

<ip address>. See

858

.B --dhcp-fqdn

859

which can change the behaviour of dnsmasq with domains.

860

.TP

861

.B --dhcp-fqdn

862

In the default mode, dnsmasq inserts the unqualified names of

863

DHCP clients into the DNS. For this reason, the names must be unique,

864

even if two clients which have the same name are in different

865

domains. If a second DHCP client appears which has the same name as an

866

existing client, the name is transfered to the new client. If

867

.B --dhcp-fqdn

868

is set, this behaviour changes: the unqualified name is no longer

869

put in the DNS, only the qualified name. Two DHCP clients with the

870

same name may both keep the name, provided that the domain part is

871

different (ie the fully qualified names differ.) To ensure that all

872

names have a domain part, there must be at least

873

.B --domain

874

without an address specified when

875

.B --dhcp-fqdn

876

is set.

807

877

.TP

808

878

.B --enable-tftp

809

879

Enable the TFTP server function. This is deliberately limited to that

1006

1076

.B dhcp-range

1007

1077

used to allocate the address, one from any matching

1008

1078

.B dhcp-host

1079

(and "known" if a dhcp-host matches)

1080

the tag "bootp" for BOOTP requests, a tag whose name is the

1081

name if the interface on which the request arrived,

1009

1082

and possibly many from matching vendor classes and user

1010

1083

classes sent by the DHCP client. Any

1011

1084

.B dhcp-option

Older »