1
|
1
|
# Configuration file for dnsmasq. |
|
2
|
# |
|
3
|
# Format is one option per line, legal options are the same |
|
4
|
# as the long options legal on the command line. See |
|
5
|
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. |
|
6
|
|
|
7
|
# Listen on this specific port instead of the standard DNS port |
|
8
|
# (53). Setting this to zero completely disables DNS function, |
|
9
|
# leaving only DHCP and/or TFTP. |
|
10
|
#port=5353 |
|
11
|
|
|
12
|
# The following two options make you a better netizen, since they |
|
13
|
# tell dnsmasq to filter out queries which the public DNS cannot |
|
14
|
# answer, and which load the servers (especially the root servers) |
|
15
|
# unnecessarily. If you have a dial-on-demand link they also stop |
|
16
|
# these requests from bringing up the link unnecessarily. |
|
17
|
|
|
18
|
# Never forward plain names (without a dot or domain part) |
|
19
|
#domain-needed |
|
20
|
# Never forward addresses in the non-routed address spaces. |
|
21
|
#bogus-priv |
|
22
|
|
|
23
|
# Uncomment these to enable DNSSEC validation and caching: |
|
24
|
# (Requires dnsmasq to be built with DNSSEC option.) |
|
25
|
#conf-file=/usr/share/dnsmasq/trust-anchors.conf |
|
26
|
#dnssec |
|
27
|
|
|
28
|
# Replies which are not DNSSEC signed may be legitimate, because the domain |
|
29
|
# is unsigned, or may be forgeries. Setting this option tells dnsmasq to |
|
30
|
# check that an unsigned reply is OK, by finding a secure proof that a DS |
|
31
|
# record somewhere between the root and the domain does not exist. |
|
32
|
# The cost of setting this is that even queries in unsigned domains will need |
|
33
|
# one or more extra DNS queries to verify. |
|
34
|
#dnssec-check-unsigned |
|
35
|
|
|
36
|
# Uncomment this to filter useless windows-originated DNS requests |
|
37
|
# which can trigger dial-on-demand links needlessly. |
|
38
|
# Note that (amongst other things) this blocks all SRV requests, |
|
39
|
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. |
|
40
|
# This option only affects forwarding, SRV records originating for |
|
41
|
# dnsmasq (via srv-host= lines) are not suppressed by it. |
|
42
|
#filterwin2k |
|
43
|
|
|
44
|
# Change this line if you want dns to get its upstream servers from |
|
45
|
# somewhere other that /etc/resolv.conf |
|
46
|
#resolv-file= |
|
47
|
|
|
48
|
# By default, dnsmasq will send queries to any of the upstream |
|
49
|
# servers it knows about and tries to favour servers to are known |
|
50
|
# to be up. Uncommenting this forces dnsmasq to try each query |
|
51
|
# with each server strictly in the order they appear in |
|
52
|
# /etc/resolv.conf |
|
53
|
#strict-order |
|
54
|
|
|
55
|
# If you don't want dnsmasq to read /etc/resolv.conf or any other |
|
56
|
# file, getting its servers from this file instead (see below), then |
|
57
|
# uncomment this. |
|
58
|
#no-resolv |
|
59
|
|
|
60
|
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv |
|
61
|
# files for changes and re-read them then uncomment this. |
|
62
|
#no-poll |
|
63
|
|
|
64
|
# Add other name servers here, with domain specs if they are for |
|
65
|
# non-public domains. |
|
66
|
#server=/localnet/192.168.0.1 |
|
67
|
|
|
68
|
# Example of routing PTR queries to nameservers: this will send all |
|
69
|
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3 |
|
70
|
#server=/3.168.192.in-addr.arpa/10.1.2.3 |
|
71
|
|
|
72
|
# Add local-only domains here, queries in these domains are answered |
|
73
|
# from /etc/hosts or DHCP only. |
|
74
|
#local=/localnet/ |
|
75
|
|
|
76
|
# Add domains which you want to force to an IP address here. |
|
77
|
# The example below send any host in double-click.net to a local |
|
78
|
# web-server. |
|
79
|
#address=/double-click.net/127.0.0.1 |
|
80
|
|
|
81
|
# --address (and --server) work with IPv6 addresses too. |
|
82
|
#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83 |
|
83
|
|
|
84
|
# Add the IPs of all queries to yahoo.com, google.com, and their |
|
85
|
# subdomains to the vpn and search ipsets: |
|
86
|
#ipset=/yahoo.com/google.com/vpn,search |
|
87
|
|
|
88
|
# Add the IPs of all queries to yahoo.com, google.com, and their |
|
89
|
# subdomains to netfilters sets, which is equivalent to |
|
90
|
# 'nft add element ip test vpn { ... }; nft add element ip test search { ... }' |
|
91
|
#nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search |
|
92
|
|
|
93
|
# Use netfilters sets for both IPv4 and IPv6: |
|
94
|
# This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses. |
|
95
|
#nftset=/yahoo.com/4#ip#test#vpn4 |
|
96
|
#nftset=/yahoo.com/6#ip#test#vpn6 |
|
97
|
|
|
98
|
# You can control how dnsmasq talks to a server: this forces |
|
99
|
# queries to 10.1.2.3 to be routed via eth1 |
|
100
|
# server=10.1.2.3@eth1 |
|
101
|
|
|
102
|
# and this sets the source (ie local) address used to talk to |
|
103
|
# 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that |
|
104
|
# IP on the machine, obviously). |
|
105
|
# server=10.1.2.3@192.168.1.1#55 |
|
106
|
|
|
107
|
# If you want dnsmasq to change uid and gid to something other |
|
108
|
# than the default, edit the following lines. |
|
109
|
#user= |
|
110
|
#group= |
|
111
|
|
|
112
|
# If you want dnsmasq to listen for DHCP and DNS requests only on |
|
113
|
# specified interfaces (and the loopback) give the name of the |
|
114
|
# interface (eg eth0) here. |
|
115
|
# Repeat the line for more than one interface. |
|
116
|
#interface= |
|
117
|
# Or you can specify which interface _not_ to listen on |
|
118
|
#except-interface= |
|
119
|
# Or which to listen on by address (remember to include 127.0.0.1 if |
|
120
|
# you use this.) |
|
121
|
#listen-address= |
|
122
|
# If you want dnsmasq to provide only DNS service on an interface, |
|
123
|
# configure it as shown above, and then use the following line to |
|
124
|
# disable DHCP and TFTP on it. |
|
125
|
#no-dhcp-interface= |
|
126
|
|
|
127
|
# On systems which support it, dnsmasq binds the wildcard address, |
|
128
|
# even when it is listening on only some interfaces. It then discards |
|
129
|
# requests that it shouldn't reply to. This has the advantage of |
|
130
|
# working even when interfaces come and go and change address. If you |
|
131
|
# want dnsmasq to really bind only the interfaces it is listening on, |
|
132
|
# uncomment this option. About the only time you may need this is when |
|
133
|
# running another nameserver on the same machine. |
|
134
|
#bind-interfaces |
|
135
|
|
|
136
|
# If you don't want dnsmasq to read /etc/hosts, uncomment the |
|
137
|
# following line. |
|
138
|
#no-hosts |
|
139
|
# or if you want it to read another file, as well as /etc/hosts, use |
|
140
|
# this. |
|
141
|
#addn-hosts=/etc/banner_add_hosts |
|
142
|
|
|
143
|
# Set this (and domain: see below) if you want to have a domain |
|
144
|
# automatically added to simple names in a hosts-file. |
|
145
|
#expand-hosts |
|
146
|
|
|
147
|
# Set the domain for dnsmasq. this is optional, but if it is set, it |
|
148
|
# does the following things. |
|
149
|
# 1) Allows DHCP hosts to have fully qualified domain names, as long |
|
150
|
# as the domain part matches this setting. |
|
151
|
# 2) Sets the "domain" DHCP option thereby potentially setting the |
|
152
|
# domain of all systems configured by DHCP |
|
153
|
# 3) Provides the domain part for "expand-hosts" |
|
154
|
#domain=thekelleys.org.uk |
|
155
|
|
|
156
|
# Set a different domain for a particular subnet |
|
157
|
#domain=wireless.thekelleys.org.uk,192.168.2.0/24 |
|
158
|
|
|
159
|
# Same idea, but range rather then subnet |
|
160
|
#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200 |
|
161
|
|
|
162
|
# Uncomment this to enable the integrated DHCP server, you need |
|
163
|
# to supply the range of addresses available for lease and optionally |
|
164
|
# a lease time. If you have more than one network, you will need to |
|
165
|
# repeat this for each network on which you want to supply DHCP |
|
166
|
# service. |
|
167
|
#dhcp-range=192.168.0.50,192.168.0.150,12h |
|
168
|
|
|
169
|
# This is an example of a DHCP range where the netmask is given. This |
|
170
|
# is needed for networks we reach the dnsmasq DHCP server via a relay |
|
171
|
# agent. If you don't know what a DHCP relay agent is, you probably |
|
172
|
# don't need to worry about this. |
|
173
|
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h |
|
174
|
|
|
175
|
# This is an example of a DHCP range which sets a tag, so that |
|
176
|
# some DHCP options may be set only for this network. |
|
177
|
#dhcp-range=set:red,192.168.0.50,192.168.0.150 |
|
178
|
|
|
179
|
# Use this DHCP range only when the tag "green" is set. |
|
180
|
#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h |
|
181
|
|
|
182
|
# Specify a subnet which can't be used for dynamic address allocation, |
|
183
|
# is available for hosts with matching --dhcp-host lines. Note that |
|
184
|
# dhcp-host declarations will be ignored unless there is a dhcp-range |
|
185
|
# of some type for the subnet in question. |
|
186
|
# In this case the netmask is implied (it comes from the network |
|
187
|
# configuration on the machine running dnsmasq) it is possible to give |
|
188
|
# an explicit netmask instead. |
|
189
|
#dhcp-range=192.168.0.0,static |
|
190
|
|
|
191
|
# Enable DHCPv6. Note that the prefix-length does not need to be specified |
|
192
|
# and defaults to 64 if missing/ |
|
193
|
#dhcp-range=1234::2, 1234::500, 64, 12h |
|
194
|
|
|
195
|
# Do Router Advertisements, BUT NOT DHCP for this subnet. |
|
196
|
#dhcp-range=1234::, ra-only |
|
197
|
|
|
198
|
# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and |
|
199
|
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack |
|
200
|
# hosts. Use the DHCPv4 lease to derive the name, network segment and |
|
201
|
# MAC address and assume that the host will also have an |
|
202
|
# IPv6 address calculated using the SLAAC algorithm. |
|
203
|
#dhcp-range=1234::, ra-names |
|
204
|
|
|
205
|
# Do Router Advertisements, BUT NOT DHCP for this subnet. |
|
206
|
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.) |
|
207
|
#dhcp-range=1234::, ra-only, 48h |
|
208
|
|
|
209
|
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA |
|
210
|
# so that clients can use SLAAC addresses as well as DHCP ones. |
|
211
|
#dhcp-range=1234::2, 1234::500, slaac |
|
212
|
|
|
213
|
# Do Router Advertisements and stateless DHCP for this subnet. Clients will |
|
214
|
# not get addresses from DHCP, but they will get other configuration information. |
|
215
|
# They will use SLAAC for addresses. |
|
216
|
#dhcp-range=1234::, ra-stateless |
|
217
|
|
|
218
|
# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses |
|
219
|
# from DHCPv4 leases. |
|
220
|
#dhcp-range=1234::, ra-stateless, ra-names |
|
221
|
|
|
222
|
# Do router advertisements for all subnets where we're doing DHCPv6 |
|
223
|
# Unless overridden by ra-stateless, ra-names, et al, the router |
|
224
|
# advertisements will have the M and O bits set, so that the clients |
|
225
|
# get addresses and configuration from DHCPv6, and the A bit reset, so the |
|
226
|
# clients don't use SLAAC addresses. |
|
227
|
#enable-ra |
|
228
|
|
|
229
|
# Supply parameters for specified hosts using DHCP. There are lots |
|
230
|
# of valid alternatives, so we will give examples of each. Note that |
|
231
|
# IP addresses DO NOT have to be in the range given above, they just |
|
232
|
# need to be on the same network. The order of the parameters in these |
|
233
|
# do not matter, it's permissible to give name, address and MAC in any |
|
234
|
# order. |
|
235
|
|
|
236
|
# Always allocate the host with Ethernet address 11:22:33:44:55:66 |
|
237
|
# The IP address 192.168.0.60 |
|
238
|
#dhcp-host=11:22:33:44:55:66,192.168.0.60 |
|
239
|
|
|
240
|
# Always set the name of the host with hardware address |
|
241
|
# 11:22:33:44:55:66 to be "fred" |
|
242
|
#dhcp-host=11:22:33:44:55:66,fred |
|
243
|
|
|
244
|
# Always give the host with Ethernet address 11:22:33:44:55:66 |
|
245
|
# the name fred and IP address 192.168.0.60 and lease time 45 minutes |
|
246
|
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m |
|
247
|
|
|
248
|
# Give a host with Ethernet address 11:22:33:44:55:66 or |
|
249
|
# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume |
|
250
|
# that these two Ethernet interfaces will never be in use at the same |
|
251
|
# time, and give the IP address to the second, even if it is already |
|
252
|
# in use by the first. Useful for laptops with wired and wireless |
|
253
|
# addresses. |
|
254
|
#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60 |
|
255
|
|
|
256
|
# Give the machine which says its name is "bert" IP address |
|
257
|
# 192.168.0.70 and an infinite lease |
|
258
|
#dhcp-host=bert,192.168.0.70,infinite |
|
259
|
|
|
260
|
# Always give the host with client identifier 01:02:02:04 |
|
261
|
# the IP address 192.168.0.60 |
|
262
|
#dhcp-host=id:01:02:02:04,192.168.0.60 |
|
263
|
|
|
264
|
# Always give the InfiniBand interface with hardware address |
|
265
|
# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the |
|
266
|
# ip address 192.168.0.61. The client id is derived from the prefix |
|
267
|
# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of |
|
268
|
# hex digits of the hardware address. |
|
269
|
#dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61 |
|
270
|
|
|
271
|
# Always give the host with client identifier "marjorie" |
|
272
|
# the IP address 192.168.0.60 |
|
273
|
#dhcp-host=id:marjorie,192.168.0.60 |
|
274
|
|
|
275
|
# Enable the address given for "judge" in /etc/hosts |
|
276
|
# to be given to a machine presenting the name "judge" when |
|
277
|
# it asks for a DHCP lease. |
|
278
|
#dhcp-host=judge |
|
279
|
|
|
280
|
# Never offer DHCP service to a machine whose Ethernet |
|
281
|
# address is 11:22:33:44:55:66 |
|
282
|
#dhcp-host=11:22:33:44:55:66,ignore |
|
283
|
|
|
284
|
# Ignore any client-id presented by the machine with Ethernet |
|
285
|
# address 11:22:33:44:55:66. This is useful to prevent a machine |
|
286
|
# being treated differently when running under different OS's or |
|
287
|
# between PXE boot and OS boot. |
|
288
|
#dhcp-host=11:22:33:44:55:66,id:* |
|
289
|
|
|
290
|
# Send extra options which are tagged as "red" to |
|
291
|
# the machine with Ethernet address 11:22:33:44:55:66 |
|
292
|
#dhcp-host=11:22:33:44:55:66,set:red |
|
293
|
|
|
294
|
# Send extra options which are tagged as "red" to |
|
295
|
# any machine with Ethernet address starting 11:22:33: |
|
296
|
#dhcp-host=11:22:33:*:*:*,set:red |
|
297
|
|
|
298
|
# Give a fixed IPv6 address and name to client with |
|
299
|
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 |
|
300
|
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients. |
|
301
|
# Note also that the [] around the IPv6 address are obligatory. |
|
302
|
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] |
|
303
|
|
|
304
|
# Ignore any clients which are not specified in dhcp-host lines |
|
305
|
# or /etc/ethers. Equivalent to ISC "deny unknown-clients". |
|
306
|
# This relies on the special "known" tag which is set when |
|
307
|
# a host is matched. |
|
308
|
#dhcp-ignore=tag:!known |
|
309
|
|
|
310
|
# Send extra options which are tagged as "red" to any machine whose |
|
311
|
# DHCP vendorclass string includes the substring "Linux" |
|
312
|
#dhcp-vendorclass=set:red,Linux |
|
313
|
|
|
314
|
# Send extra options which are tagged as "red" to any machine one |
|
315
|
# of whose DHCP userclass strings includes the substring "accounts" |
|
316
|
#dhcp-userclass=set:red,accounts |
|
317
|
|
|
318
|
# Send extra options which are tagged as "red" to any machine whose |
|
319
|
# MAC address matches the pattern. |
|
320
|
#dhcp-mac=set:red,00:60:8C:*:*:* |
|
321
|
|
|
322
|
# If this line is uncommented, dnsmasq will read /etc/ethers and act |
|
323
|
# on the ethernet-address/IP pairs found there just as if they had |
|
324
|
# been given as --dhcp-host options. Useful if you keep |
|
325
|
# MAC-address/host mappings there for other purposes. |
|
326
|
#read-ethers |
|
327
|
|
|
328
|
# Send options to hosts which ask for a DHCP lease. |
|
329
|
# See RFC 2132 for details of available options. |
|
330
|
# Common options can be given to dnsmasq by name: |
|
331
|
# run "dnsmasq --help dhcp" to get a list. |
|
332
|
# Note that all the common settings, such as netmask and |
|
333
|
# broadcast address, DNS server and default route, are given |
|
334
|
# sane defaults by dnsmasq. You very likely will not need |
|
335
|
# any dhcp-options. If you use Windows clients and Samba, there |
|
336
|
# are some options which are recommended, they are detailed at the |
|
337
|
# end of this section. |
|
338
|
|
|
339
|
# Override the default route supplied by dnsmasq, which assumes the |
|
340
|
# router is the same machine as the one running dnsmasq. |
|
341
|
#dhcp-option=3,1.2.3.4 |
|
342
|
|
|
343
|
# Do the same thing, but using the option name |
|
344
|
#dhcp-option=option:router,1.2.3.4 |
|
345
|
|
|
346
|
# Override the default route supplied by dnsmasq and send no default |
|
347
|
# route at all. Note that this only works for the options sent by |
|
348
|
# default (1, 3, 6, 12, 28) the same line will send a zero-length option |
|
349
|
# for all other option numbers. |
|
350
|
#dhcp-option=3 |
|
351
|
|
|
352
|
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5 |
|
353
|
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5 |
|
354
|
|
|
355
|
# Send DHCPv6 option. Note [] around IPv6 addresses. |
|
356
|
#dhcp-option=option6:dns-server,[1234::77],[1234::88] |
|
357
|
|
|
358
|
# Send DHCPv6 option for namservers as the machine running |
|
359
|
# dnsmasq and another. |
|
360
|
#dhcp-option=option6:dns-server,[::],[1234::88] |
|
361
|
|
|
362
|
# Ask client to poll for option changes every six hours. (RFC4242) |
|
363
|
#dhcp-option=option6:information-refresh-time,6h |
|
364
|
|
|
365
|
# Set option 58 client renewal time (T1). Defaults to half of the |
|
366
|
# lease time if not specified. (RFC2132) |
|
367
|
#dhcp-option=option:T1,1m |
|
368
|
|
|
369
|
# Set option 59 rebinding time (T2). Defaults to 7/8 of the |
|
370
|
# lease time if not specified. (RFC2132) |
|
371
|
#dhcp-option=option:T2,2m |
|
372
|
|
|
373
|
# Set the NTP time server address to be the same machine as |
|
374
|
# is running dnsmasq |
|
375
|
#dhcp-option=42,0.0.0.0 |
|
376
|
|
|
377
|
# Set the NIS domain name to "welly" |
|
378
|
#dhcp-option=40,welly |
|
379
|
|
|
380
|
# Set the default time-to-live to 50 |
|
381
|
#dhcp-option=23,50 |
|
382
|
|
|
383
|
# Set the "all subnets are local" flag |
|
384
|
#dhcp-option=27,1 |
|
385
|
|
|
386
|
# Send the etherboot magic flag and then etherboot options (a string). |
|
387
|
#dhcp-option=128,e4:45:74:68:00:00 |
|
388
|
#dhcp-option=129,NIC=eepro100 |
|
389
|
|
|
390
|
# Specify an option which will only be sent to the "red" network |
|
391
|
# (see dhcp-range for the declaration of the "red" network) |
|
392
|
# Note that the tag: part must precede the option: part. |
|
393
|
#dhcp-option = tag:red, option:ntp-server, 192.168.1.1 |
|
394
|
|
|
395
|
# The following DHCP options set up dnsmasq in the same way as is specified |
|
396
|
# for the ISC dhcpcd in |
|
397
|
# https://web.archive.org/web/20040313070105/http://us1.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt |
|
398
|
# adapted for a typical dnsmasq installation where the host running |
|
399
|
# dnsmasq is also the host running samba. |
|
400
|
# you may want to uncomment some or all of them if you use |
|
401
|
# Windows clients and Samba. |
|
402
|
#dhcp-option=19,0 # option ip-forwarding off |
|
403
|
#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) |
|
404
|
#dhcp-option=45,0.0.0.0 # netbios datagram distribution server |
|
405
|
#dhcp-option=46,8 # netbios node type |
|
406
|
|
|
407
|
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave. |
|
408
|
#dhcp-option=252,"\n" |
|
409
|
|
|
410
|
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client |
|
411
|
# probably doesn't support this...... |
|
412
|
#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com |
|
413
|
|
|
414
|
# Send RFC-3442 classless static routes (note the netmask encoding) |
|
415
|
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8 |
|
416
|
|
|
417
|
# Send vendor-class specific options encapsulated in DHCP option 43. |
|
418
|
# The meaning of the options is defined by the vendor-class so |
|
419
|
# options are sent only when the client supplied vendor class |
|
420
|
# matches the class given here. (A substring match is OK, so "MSFT" |
|
421
|
# matches "MSFT" and "MSFT 5.0"). This example sets the |
|
422
|
# mtftp address to 0.0.0.0 for PXEClients. |
|
423
|
#dhcp-option=vendor:PXEClient,1,0.0.0.0 |
|
424
|
|
|
425
|
# Send microsoft-specific option to tell windows to release the DHCP lease |
|
426
|
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the |
|
427
|
# value as a four-byte integer - that's what microsoft wants. See |
|
428
|
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true |
|
429
|
#dhcp-option=vendor:MSFT,2,1i |
|
430
|
|
|
431
|
# Send the Encapsulated-vendor-class ID needed by some configurations of |
|
432
|
# Etherboot to allow is to recognise the DHCP server. |
|
433
|
#dhcp-option=vendor:Etherboot,60,"Etherboot" |
|
434
|
|
|
435
|
# Send options to PXELinux. Note that we need to send the options even |
|
436
|
# though they don't appear in the parameter request list, so we need |
|
437
|
# to use dhcp-option-force here. |
|
438
|
# See http://syslinux.zytor.com/pxe.php#special for details. |
|
439
|
# Magic number - needed before anything else is recognised |
|
440
|
#dhcp-option-force=208,f1:00:74:7e |
|
441
|
# Configuration file name |
|
442
|
#dhcp-option-force=209,configs/common |
|
443
|
# Path prefix |
|
444
|
#dhcp-option-force=210,/tftpboot/pxelinux/files/ |
|
445
|
# Reboot time. (Note 'i' to send 32-bit value) |
|
446
|
#dhcp-option-force=211,30i |
|
447
|
|
|
448
|
# Set the boot filename for netboot/PXE. You will only need |
|
449
|
# this if you want to boot machines over the network and you will need |
|
450
|
# a TFTP server; either dnsmasq's built-in TFTP server or an |
|
451
|
# external one. (See below for how to enable the TFTP server.) |
|
452
|
#dhcp-boot=pxelinux.0 |
|
453
|
|
|
454
|
# The same as above, but use custom tftp-server instead machine running dnsmasq |
|
455
|
#dhcp-boot=pxelinux,server.name,192.168.1.100 |
|
456
|
|
|
457
|
# Boot for iPXE. The idea is to send two different |
|
458
|
# filenames, the first loads iPXE, and the second tells iPXE what to |
|
459
|
# load. The dhcp-match sets the ipxe tag for requests from iPXE. |
|
460
|
#dhcp-boot=undionly.kpxe |
|
461
|
#dhcp-match=set:ipxe,175 # iPXE sends a 175 option. |
|
462
|
#dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php |
|
463
|
|
|
464
|
# Encapsulated options for iPXE. All the options are |
|
465
|
# encapsulated within option 175 |
|
466
|
#dhcp-option=encap:175, 1, 5b # priority code |
|
467
|
#dhcp-option=encap:175, 176, 1b # no-proxydhcp |
|
468
|
#dhcp-option=encap:175, 177, string # bus-id |
|
469
|
#dhcp-option=encap:175, 189, 1b # BIOS drive code |
|
470
|
#dhcp-option=encap:175, 190, user # iSCSI username |
|
471
|
#dhcp-option=encap:175, 191, pass # iSCSI password |
|
472
|
|
|
473
|
# Test for the architecture of a netboot client. PXE clients are |
|
474
|
# supposed to send their architecture as option 93. (See RFC 4578) |
|
475
|
#dhcp-match=peecees, option:client-arch, 0 #x86-32 |
|
476
|
#dhcp-match=itanics, option:client-arch, 2 #IA64 |
|
477
|
#dhcp-match=hammers, option:client-arch, 6 #x86-64 |
|
478
|
#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64 |
|
479
|
|
|
480
|
# Do real PXE, rather than just booting a single file, this is an |
|
481
|
# alternative to dhcp-boot. |
|
482
|
#pxe-prompt="What system shall I netboot?" |
|
483
|
# or with timeout before first available action is taken: |
|
484
|
#pxe-prompt="Press F8 for menu.", 60 |
|
485
|
|
|
486
|
# Available boot services. for PXE. |
|
487
|
#pxe-service=x86PC, "Boot from local disk" |
|
488
|
|
|
489
|
# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server. |
|
490
|
#pxe-service=x86PC, "Install Linux", pxelinux |
|
491
|
|
|
492
|
# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4. |
|
493
|
# Beware this fails on old PXE ROMS. |
|
494
|
#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4 |
|
495
|
|
|
496
|
# Use bootserver on network, found my multicast or broadcast. |
|
497
|
#pxe-service=x86PC, "Install windows from RIS server", 1 |
|
498
|
|
|
499
|
# Use bootserver at a known IP address. |
|
500
|
#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4 |
|
501
|
|
|
502
|
# If you have multicast-FTP available, |
|
503
|
# information for that can be passed in a similar way using options 1 |
|
504
|
# to 5. See page 19 of |
|
505
|
# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf |
|
506
|
|
|
507
|
|
|
508
|
# Enable dnsmasq's built-in TFTP server |
|
509
|
#enable-tftp |
|
510
|
|
|
511
|
# Set the root directory for files available via FTP. |
|
512
|
#tftp-root=/var/ftpd |
|
513
|
|
|
514
|
# Do not abort if the tftp-root is unavailable |
|
515
|
#tftp-no-fail |
|
516
|
|
|
517
|
# Make the TFTP server more secure: with this set, only files owned by |
|
518
|
# the user dnsmasq is running as will be send over the net. |
|
519
|
#tftp-secure |
|
520
|
|
|
521
|
# This option stops dnsmasq from negotiating a larger blocksize for TFTP |
|
522
|
# transfers. It will slow things down, but may rescue some broken TFTP |
|
523
|
# clients. |
|
524
|
#tftp-no-blocksize |
|
525
|
|
|
526
|
# Set the boot file name only when the "red" tag is set. |
|
527
|
#dhcp-boot=tag:red,pxelinux.red-net |
|
528
|
|
|
529
|
# An example of dhcp-boot with an external TFTP server: the name and IP |
|
530
|
# address of the server are given after the filename. |
|
531
|
# Can fail with old PXE ROMS. Overridden by --pxe-service. |
|
532
|
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3 |
|
533
|
|
|
534
|
# If there are multiple external tftp servers having a same name |
|
535
|
# (using /etc/hosts) then that name can be specified as the |
|
536
|
# tftp_servername (the third option to dhcp-boot) and in that |
|
537
|
# case dnsmasq resolves this name and returns the resultant IP |
|
538
|
# addresses in round robin fashion. This facility can be used to |
|
539
|
# load balance the tftp load among a set of servers. |
|
540
|
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name |
|
541
|
|
|
542
|
# Set the limit on DHCP leases, the default is 150 |
|
543
|
#dhcp-lease-max=150 |
|
544
|
|
|
545
|
# The DHCP server needs somewhere on disk to keep its lease database. |
|
546
|
# This defaults to a sane location, but if you want to change it, use |
|
547
|
# the line below. |
|
548
|
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases |
|
549
|
|
|
550
|
# Set the DHCP server to authoritative mode. In this mode it will barge in |
|
551
|
# and take over the lease for any client which broadcasts on the network, |
|
552
|
# whether it has a record of the lease or not. This avoids long timeouts |
|
553
|
# when a machine wakes up on a new network. DO NOT enable this if there's |
|
554
|
# the slightest chance that you might end up accidentally configuring a DHCP |
|
555
|
# server for your campus/company accidentally. The ISC server uses |
|
556
|
# the same option, and this URL provides more information: |
|
557
|
# http://www.isc.org/files/auth.html |
|
558
|
#dhcp-authoritative |
|
559
|
|
|
560
|
# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039. |
|
561
|
# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit |
|
562
|
# option with a DHCPACK including a Rapid Commit option and fully committed address |
|
563
|
# and configuration information. This must only be enabled if either the server is |
|
564
|
# the only server for the subnet, or multiple servers are present and they each |
|
565
|
# commit a binding for all clients. |
|
566
|
#dhcp-rapid-commit |
|
567
|
|
|
568
|
# Run an executable when a DHCP lease is created or destroyed. |
|
569
|
# The arguments sent to the script are "add" or "del", |
|
570
|
# then the MAC address, the IP address and finally the hostname |
|
571
|
# if there is one. |
|
572
|
#dhcp-script=/bin/echo |
|
573
|
|
|
574
|
# Set the cachesize here. |
|
575
|
#cache-size=150 |
|
576
|
|
|
577
|
# If you want to disable negative caching, uncomment this. |
|
578
|
#no-negcache |
|
579
|
|
|
580
|
# Normally responses which come from /etc/hosts and the DHCP lease |
|
581
|
# file have Time-To-Live set as zero, which conventionally means |
|
582
|
# do not cache further. If you are happy to trade lower load on the |
|
583
|
# server for potentially stale date, you can set a time-to-live (in |
|
584
|
# seconds) here. |
|
585
|
#local-ttl= |
|
586
|
|
|
587
|
# If you want dnsmasq to detect attempts by Verisign to send queries |
|
588
|
# to unregistered .com and .net hosts to its sitefinder service and |
|
589
|
# have dnsmasq instead return the correct NXDOMAIN response, uncomment |
|
590
|
# this line. You can add similar lines to do the same for other |
|
591
|
# registries which have implemented wildcard A records. |
|
592
|
#bogus-nxdomain=64.94.110.11 |
|
593
|
|
|
594
|
# If you want to fix up DNS results from upstream servers, use the |
|
595
|
# alias option. This only works for IPv4. |
|
596
|
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8 |
|
597
|
#alias=1.2.3.4,5.6.7.8 |
|
598
|
# and this maps 1.2.3.x to 5.6.7.x |
|
599
|
#alias=1.2.3.0,5.6.7.0,255.255.255.0 |
|
600
|
# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40 |
|
601
|
#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 |
|
602
|
|
|
603
|
# Change these lines if you want dnsmasq to serve MX records. |
|
604
|
|
|
605
|
# Return an MX record named "maildomain.com" with target |
|
606
|
# servermachine.com and preference 50 |
|
607
|
#mx-host=maildomain.com,servermachine.com,50 |
|
608
|
|
|
609
|
# Set the default target for MX records created using the localmx option. |
|
610
|
#mx-target=servermachine.com |
|
611
|
|
|
612
|
# Return an MX record pointing to the mx-target for all local |
|
613
|
# machines. |
|
614
|
#localmx |
|
615
|
|
|
616
|
# Return an MX record pointing to itself for all local machines. |
|
617
|
#selfmx |
|
618
|
|
|
619
|
# Change the following lines if you want dnsmasq to serve SRV |
|
620
|
# records. These are useful if you want to serve ldap requests for |
|
621
|
# Active Directory and other windows-originated DNS requests. |
|
622
|
# See RFC 2782. |
|
623
|
# You may add multiple srv-host lines. |
|
624
|
# The fields are <name>,<target>,<port>,<priority>,<weight> |
|
625
|
# If the domain part if missing from the name (so that is just has the |
|
626
|
# service and protocol sections) then the domain given by the domain= |
|
627
|
# config option is used. (Note that expand-hosts does not need to be |
|
628
|
# set for this to work.) |
|
629
|
|
|
630
|
# A SRV record sending LDAP for the example.com domain to |
|
631
|
# ldapserver.example.com port 389 |
|
632
|
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 |
|
633
|
|
|
634
|
# A SRV record sending LDAP for the example.com domain to |
|
635
|
# ldapserver.example.com port 389 (using domain=) |
|
636
|
#domain=example.com |
|
637
|
#srv-host=_ldap._tcp,ldapserver.example.com,389 |
|
638
|
|
|
639
|
# Two SRV records for LDAP, each with different priorities |
|
640
|
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 |
|
641
|
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 |
|
642
|
|
|
643
|
# A SRV record indicating that there is no LDAP server for the domain |
|
644
|
# example.com |
|
645
|
#srv-host=_ldap._tcp.example.com |
|
646
|
|
|
647
|
# The following line shows how to make dnsmasq serve an arbitrary PTR |
|
648
|
# record. This is useful for DNS-SD. (Note that the |
|
649
|
# domain-name expansion done for SRV records _does_not |
|
650
|
# occur for PTR records.) |
|
651
|
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" |
|
652
|
|
|
653
|
# Change the following lines to enable dnsmasq to serve TXT records. |
|
654
|
# These are used for things like SPF and zeroconf. (Note that the |
|
655
|
# domain-name expansion done for SRV records _does_not |
|
656
|
# occur for TXT records.) |
|
657
|
|
|
658
|
#Example SPF. |
|
659
|
#txt-record=example.com,"v=spf1 a -all" |
|
660
|
|
|
661
|
#Example zeroconf |
|
662
|
#txt-record=_http._tcp.example.com,name=value,paper=A4 |
|
663
|
|
|
664
|
# Provide an alias for a "local" DNS name. Note that this _only_ works |
|
665
|
# for targets which are names from DHCP or /etc/hosts. Give host |
|
666
|
# "bert" another name, bertrand |
|
667
|
#cname=bertrand,bert |
|
668
|
|
|
669
|
# For debugging purposes, log each DNS query as it passes through |
|
670
|
# dnsmasq. |
|
671
|
#log-queries |
|
672
|
|
|
673
|
# Log lots of extra information about DHCP transactions. |
|
674
|
#log-dhcp |
|
675
|
|
|
676
|
# Include another lot of configuration options. |
|
677
|
#conf-file=/etc/dnsmasq.more.conf |
|
678
|
#conf-dir=/etc/dnsmasq.d |
|
679
|
|
|
680
|
# Include all the files in a directory except those ending in .bak |
|
681
|
#conf-dir=/etc/dnsmasq.d,.bak |
|
682
|
|
|
683
|
# Include all files in a directory which end in .conf |
|
684
|
#conf-dir=/etc/dnsmasq.d/,*.conf |
|
685
|
|
|
686
|
# If a DHCP client claims that its name is "wpad", ignore that. |
|
687
|
# This fixes a security hole. see CERT Vulnerability VU#598349 |
|
688
|
#dhcp-name-match=set:wpad-ignore,wpad |
|
689
|
#dhcp-ignore-names=tag:wpad-ignore |