1.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2+++ b/dnsmasq.conf Sat Apr 27 01:57:33 2024 +0000
1.3@@ -0,0 +1,689 @@
1.4+# Configuration file for dnsmasq.
1.5+#
1.6+# Format is one option per line, legal options are the same
1.7+# as the long options legal on the command line. See
1.8+# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
1.9+
1.10+# Listen on this specific port instead of the standard DNS port
1.11+# (53). Setting this to zero completely disables DNS function,
1.12+# leaving only DHCP and/or TFTP.
1.13+#port=5353
1.14+
1.15+# The following two options make you a better netizen, since they
1.16+# tell dnsmasq to filter out queries which the public DNS cannot
1.17+# answer, and which load the servers (especially the root servers)
1.18+# unnecessarily. If you have a dial-on-demand link they also stop
1.19+# these requests from bringing up the link unnecessarily.
1.20+
1.21+# Never forward plain names (without a dot or domain part)
1.22+#domain-needed
1.23+# Never forward addresses in the non-routed address spaces.
1.24+#bogus-priv
1.25+
1.26+# Uncomment these to enable DNSSEC validation and caching:
1.27+# (Requires dnsmasq to be built with DNSSEC option.)
1.28+#conf-file=/usr/share/dnsmasq/trust-anchors.conf
1.29+#dnssec
1.30+
1.31+# Replies which are not DNSSEC signed may be legitimate, because the domain
1.32+# is unsigned, or may be forgeries. Setting this option tells dnsmasq to
1.33+# check that an unsigned reply is OK, by finding a secure proof that a DS
1.34+# record somewhere between the root and the domain does not exist.
1.35+# The cost of setting this is that even queries in unsigned domains will need
1.36+# one or more extra DNS queries to verify.
1.37+#dnssec-check-unsigned
1.38+
1.39+# Uncomment this to filter useless windows-originated DNS requests
1.40+# which can trigger dial-on-demand links needlessly.
1.41+# Note that (amongst other things) this blocks all SRV requests,
1.42+# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
1.43+# This option only affects forwarding, SRV records originating for
1.44+# dnsmasq (via srv-host= lines) are not suppressed by it.
1.45+#filterwin2k
1.46+
1.47+# Change this line if you want dns to get its upstream servers from
1.48+# somewhere other that /etc/resolv.conf
1.49+#resolv-file=
1.50+
1.51+# By default, dnsmasq will send queries to any of the upstream
1.52+# servers it knows about and tries to favour servers to are known
1.53+# to be up. Uncommenting this forces dnsmasq to try each query
1.54+# with each server strictly in the order they appear in
1.55+# /etc/resolv.conf
1.56+#strict-order
1.57+
1.58+# If you don't want dnsmasq to read /etc/resolv.conf or any other
1.59+# file, getting its servers from this file instead (see below), then
1.60+# uncomment this.
1.61+#no-resolv
1.62+
1.63+# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
1.64+# files for changes and re-read them then uncomment this.
1.65+#no-poll
1.66+
1.67+# Add other name servers here, with domain specs if they are for
1.68+# non-public domains.
1.69+#server=/localnet/192.168.0.1
1.70+
1.71+# Example of routing PTR queries to nameservers: this will send all
1.72+# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
1.73+#server=/3.168.192.in-addr.arpa/10.1.2.3
1.74+
1.75+# Add local-only domains here, queries in these domains are answered
1.76+# from /etc/hosts or DHCP only.
1.77+#local=/localnet/
1.78+
1.79+# Add domains which you want to force to an IP address here.
1.80+# The example below send any host in double-click.net to a local
1.81+# web-server.
1.82+#address=/double-click.net/127.0.0.1
1.83+
1.84+# --address (and --server) work with IPv6 addresses too.
1.85+#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
1.86+
1.87+# Add the IPs of all queries to yahoo.com, google.com, and their
1.88+# subdomains to the vpn and search ipsets:
1.89+#ipset=/yahoo.com/google.com/vpn,search
1.90+
1.91+# Add the IPs of all queries to yahoo.com, google.com, and their
1.92+# subdomains to netfilters sets, which is equivalent to
1.93+# 'nft add element ip test vpn { ... }; nft add element ip test search { ... }'
1.94+#nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search
1.95+
1.96+# Use netfilters sets for both IPv4 and IPv6:
1.97+# This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses.
1.98+#nftset=/yahoo.com/4#ip#test#vpn4
1.99+#nftset=/yahoo.com/6#ip#test#vpn6
1.100+
1.101+# You can control how dnsmasq talks to a server: this forces
1.102+# queries to 10.1.2.3 to be routed via eth1
1.103+# server=10.1.2.3@eth1
1.104+
1.105+# and this sets the source (ie local) address used to talk to
1.106+# 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that
1.107+# IP on the machine, obviously).
1.108+# server=10.1.2.3@192.168.1.1#55
1.109+
1.110+# If you want dnsmasq to change uid and gid to something other
1.111+# than the default, edit the following lines.
1.112+#user=
1.113+#group=
1.114+
1.115+# If you want dnsmasq to listen for DHCP and DNS requests only on
1.116+# specified interfaces (and the loopback) give the name of the
1.117+# interface (eg eth0) here.
1.118+# Repeat the line for more than one interface.
1.119+#interface=
1.120+# Or you can specify which interface _not_ to listen on
1.121+#except-interface=
1.122+# Or which to listen on by address (remember to include 127.0.0.1 if
1.123+# you use this.)
1.124+#listen-address=
1.125+# If you want dnsmasq to provide only DNS service on an interface,
1.126+# configure it as shown above, and then use the following line to
1.127+# disable DHCP and TFTP on it.
1.128+#no-dhcp-interface=
1.129+
1.130+# On systems which support it, dnsmasq binds the wildcard address,
1.131+# even when it is listening on only some interfaces. It then discards
1.132+# requests that it shouldn't reply to. This has the advantage of
1.133+# working even when interfaces come and go and change address. If you
1.134+# want dnsmasq to really bind only the interfaces it is listening on,
1.135+# uncomment this option. About the only time you may need this is when
1.136+# running another nameserver on the same machine.
1.137+#bind-interfaces
1.138+
1.139+# If you don't want dnsmasq to read /etc/hosts, uncomment the
1.140+# following line.
1.141+#no-hosts
1.142+# or if you want it to read another file, as well as /etc/hosts, use
1.143+# this.
1.144+#addn-hosts=/etc/banner_add_hosts
1.145+
1.146+# Set this (and domain: see below) if you want to have a domain
1.147+# automatically added to simple names in a hosts-file.
1.148+#expand-hosts
1.149+
1.150+# Set the domain for dnsmasq. this is optional, but if it is set, it
1.151+# does the following things.
1.152+# 1) Allows DHCP hosts to have fully qualified domain names, as long
1.153+# as the domain part matches this setting.
1.154+# 2) Sets the "domain" DHCP option thereby potentially setting the
1.155+# domain of all systems configured by DHCP
1.156+# 3) Provides the domain part for "expand-hosts"
1.157+#domain=thekelleys.org.uk
1.158+
1.159+# Set a different domain for a particular subnet
1.160+#domain=wireless.thekelleys.org.uk,192.168.2.0/24
1.161+
1.162+# Same idea, but range rather then subnet
1.163+#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
1.164+
1.165+# Uncomment this to enable the integrated DHCP server, you need
1.166+# to supply the range of addresses available for lease and optionally
1.167+# a lease time. If you have more than one network, you will need to
1.168+# repeat this for each network on which you want to supply DHCP
1.169+# service.
1.170+#dhcp-range=192.168.0.50,192.168.0.150,12h
1.171+
1.172+# This is an example of a DHCP range where the netmask is given. This
1.173+# is needed for networks we reach the dnsmasq DHCP server via a relay
1.174+# agent. If you don't know what a DHCP relay agent is, you probably
1.175+# don't need to worry about this.
1.176+#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
1.177+
1.178+# This is an example of a DHCP range which sets a tag, so that
1.179+# some DHCP options may be set only for this network.
1.180+#dhcp-range=set:red,192.168.0.50,192.168.0.150
1.181+
1.182+# Use this DHCP range only when the tag "green" is set.
1.183+#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
1.184+
1.185+# Specify a subnet which can't be used for dynamic address allocation,
1.186+# is available for hosts with matching --dhcp-host lines. Note that
1.187+# dhcp-host declarations will be ignored unless there is a dhcp-range
1.188+# of some type for the subnet in question.
1.189+# In this case the netmask is implied (it comes from the network
1.190+# configuration on the machine running dnsmasq) it is possible to give
1.191+# an explicit netmask instead.
1.192+#dhcp-range=192.168.0.0,static
1.193+
1.194+# Enable DHCPv6. Note that the prefix-length does not need to be specified
1.195+# and defaults to 64 if missing/
1.196+#dhcp-range=1234::2, 1234::500, 64, 12h
1.197+
1.198+# Do Router Advertisements, BUT NOT DHCP for this subnet.
1.199+#dhcp-range=1234::, ra-only
1.200+
1.201+# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
1.202+# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
1.203+# hosts. Use the DHCPv4 lease to derive the name, network segment and
1.204+# MAC address and assume that the host will also have an
1.205+# IPv6 address calculated using the SLAAC algorithm.
1.206+#dhcp-range=1234::, ra-names
1.207+
1.208+# Do Router Advertisements, BUT NOT DHCP for this subnet.
1.209+# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
1.210+#dhcp-range=1234::, ra-only, 48h
1.211+
1.212+# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
1.213+# so that clients can use SLAAC addresses as well as DHCP ones.
1.214+#dhcp-range=1234::2, 1234::500, slaac
1.215+
1.216+# Do Router Advertisements and stateless DHCP for this subnet. Clients will
1.217+# not get addresses from DHCP, but they will get other configuration information.
1.218+# They will use SLAAC for addresses.
1.219+#dhcp-range=1234::, ra-stateless
1.220+
1.221+# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
1.222+# from DHCPv4 leases.
1.223+#dhcp-range=1234::, ra-stateless, ra-names
1.224+
1.225+# Do router advertisements for all subnets where we're doing DHCPv6
1.226+# Unless overridden by ra-stateless, ra-names, et al, the router
1.227+# advertisements will have the M and O bits set, so that the clients
1.228+# get addresses and configuration from DHCPv6, and the A bit reset, so the
1.229+# clients don't use SLAAC addresses.
1.230+#enable-ra
1.231+
1.232+# Supply parameters for specified hosts using DHCP. There are lots
1.233+# of valid alternatives, so we will give examples of each. Note that
1.234+# IP addresses DO NOT have to be in the range given above, they just
1.235+# need to be on the same network. The order of the parameters in these
1.236+# do not matter, it's permissible to give name, address and MAC in any
1.237+# order.
1.238+
1.239+# Always allocate the host with Ethernet address 11:22:33:44:55:66
1.240+# The IP address 192.168.0.60
1.241+#dhcp-host=11:22:33:44:55:66,192.168.0.60
1.242+
1.243+# Always set the name of the host with hardware address
1.244+# 11:22:33:44:55:66 to be "fred"
1.245+#dhcp-host=11:22:33:44:55:66,fred
1.246+
1.247+# Always give the host with Ethernet address 11:22:33:44:55:66
1.248+# the name fred and IP address 192.168.0.60 and lease time 45 minutes
1.249+#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
1.250+
1.251+# Give a host with Ethernet address 11:22:33:44:55:66 or
1.252+# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
1.253+# that these two Ethernet interfaces will never be in use at the same
1.254+# time, and give the IP address to the second, even if it is already
1.255+# in use by the first. Useful for laptops with wired and wireless
1.256+# addresses.
1.257+#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
1.258+
1.259+# Give the machine which says its name is "bert" IP address
1.260+# 192.168.0.70 and an infinite lease
1.261+#dhcp-host=bert,192.168.0.70,infinite
1.262+
1.263+# Always give the host with client identifier 01:02:02:04
1.264+# the IP address 192.168.0.60
1.265+#dhcp-host=id:01:02:02:04,192.168.0.60
1.266+
1.267+# Always give the InfiniBand interface with hardware address
1.268+# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the
1.269+# ip address 192.168.0.61. The client id is derived from the prefix
1.270+# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of
1.271+# hex digits of the hardware address.
1.272+#dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61
1.273+
1.274+# Always give the host with client identifier "marjorie"
1.275+# the IP address 192.168.0.60
1.276+#dhcp-host=id:marjorie,192.168.0.60
1.277+
1.278+# Enable the address given for "judge" in /etc/hosts
1.279+# to be given to a machine presenting the name "judge" when
1.280+# it asks for a DHCP lease.
1.281+#dhcp-host=judge
1.282+
1.283+# Never offer DHCP service to a machine whose Ethernet
1.284+# address is 11:22:33:44:55:66
1.285+#dhcp-host=11:22:33:44:55:66,ignore
1.286+
1.287+# Ignore any client-id presented by the machine with Ethernet
1.288+# address 11:22:33:44:55:66. This is useful to prevent a machine
1.289+# being treated differently when running under different OS's or
1.290+# between PXE boot and OS boot.
1.291+#dhcp-host=11:22:33:44:55:66,id:*
1.292+
1.293+# Send extra options which are tagged as "red" to
1.294+# the machine with Ethernet address 11:22:33:44:55:66
1.295+#dhcp-host=11:22:33:44:55:66,set:red
1.296+
1.297+# Send extra options which are tagged as "red" to
1.298+# any machine with Ethernet address starting 11:22:33:
1.299+#dhcp-host=11:22:33:*:*:*,set:red
1.300+
1.301+# Give a fixed IPv6 address and name to client with
1.302+# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
1.303+# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
1.304+# Note also that the [] around the IPv6 address are obligatory.
1.305+#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
1.306+
1.307+# Ignore any clients which are not specified in dhcp-host lines
1.308+# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
1.309+# This relies on the special "known" tag which is set when
1.310+# a host is matched.
1.311+#dhcp-ignore=tag:!known
1.312+
1.313+# Send extra options which are tagged as "red" to any machine whose
1.314+# DHCP vendorclass string includes the substring "Linux"
1.315+#dhcp-vendorclass=set:red,Linux
1.316+
1.317+# Send extra options which are tagged as "red" to any machine one
1.318+# of whose DHCP userclass strings includes the substring "accounts"
1.319+#dhcp-userclass=set:red,accounts
1.320+
1.321+# Send extra options which are tagged as "red" to any machine whose
1.322+# MAC address matches the pattern.
1.323+#dhcp-mac=set:red,00:60:8C:*:*:*
1.324+
1.325+# If this line is uncommented, dnsmasq will read /etc/ethers and act
1.326+# on the ethernet-address/IP pairs found there just as if they had
1.327+# been given as --dhcp-host options. Useful if you keep
1.328+# MAC-address/host mappings there for other purposes.
1.329+#read-ethers
1.330+
1.331+# Send options to hosts which ask for a DHCP lease.
1.332+# See RFC 2132 for details of available options.
1.333+# Common options can be given to dnsmasq by name:
1.334+# run "dnsmasq --help dhcp" to get a list.
1.335+# Note that all the common settings, such as netmask and
1.336+# broadcast address, DNS server and default route, are given
1.337+# sane defaults by dnsmasq. You very likely will not need
1.338+# any dhcp-options. If you use Windows clients and Samba, there
1.339+# are some options which are recommended, they are detailed at the
1.340+# end of this section.
1.341+
1.342+# Override the default route supplied by dnsmasq, which assumes the
1.343+# router is the same machine as the one running dnsmasq.
1.344+#dhcp-option=3,1.2.3.4
1.345+
1.346+# Do the same thing, but using the option name
1.347+#dhcp-option=option:router,1.2.3.4
1.348+
1.349+# Override the default route supplied by dnsmasq and send no default
1.350+# route at all. Note that this only works for the options sent by
1.351+# default (1, 3, 6, 12, 28) the same line will send a zero-length option
1.352+# for all other option numbers.
1.353+#dhcp-option=3
1.354+
1.355+# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
1.356+#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
1.357+
1.358+# Send DHCPv6 option. Note [] around IPv6 addresses.
1.359+#dhcp-option=option6:dns-server,[1234::77],[1234::88]
1.360+
1.361+# Send DHCPv6 option for namservers as the machine running
1.362+# dnsmasq and another.
1.363+#dhcp-option=option6:dns-server,[::],[1234::88]
1.364+
1.365+# Ask client to poll for option changes every six hours. (RFC4242)
1.366+#dhcp-option=option6:information-refresh-time,6h
1.367+
1.368+# Set option 58 client renewal time (T1). Defaults to half of the
1.369+# lease time if not specified. (RFC2132)
1.370+#dhcp-option=option:T1,1m
1.371+
1.372+# Set option 59 rebinding time (T2). Defaults to 7/8 of the
1.373+# lease time if not specified. (RFC2132)
1.374+#dhcp-option=option:T2,2m
1.375+
1.376+# Set the NTP time server address to be the same machine as
1.377+# is running dnsmasq
1.378+#dhcp-option=42,0.0.0.0
1.379+
1.380+# Set the NIS domain name to "welly"
1.381+#dhcp-option=40,welly
1.382+
1.383+# Set the default time-to-live to 50
1.384+#dhcp-option=23,50
1.385+
1.386+# Set the "all subnets are local" flag
1.387+#dhcp-option=27,1
1.388+
1.389+# Send the etherboot magic flag and then etherboot options (a string).
1.390+#dhcp-option=128,e4:45:74:68:00:00
1.391+#dhcp-option=129,NIC=eepro100
1.392+
1.393+# Specify an option which will only be sent to the "red" network
1.394+# (see dhcp-range for the declaration of the "red" network)
1.395+# Note that the tag: part must precede the option: part.
1.396+#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
1.397+
1.398+# The following DHCP options set up dnsmasq in the same way as is specified
1.399+# for the ISC dhcpcd in
1.400+# https://web.archive.org/web/20040313070105/http://us1.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
1.401+# adapted for a typical dnsmasq installation where the host running
1.402+# dnsmasq is also the host running samba.
1.403+# you may want to uncomment some or all of them if you use
1.404+# Windows clients and Samba.
1.405+#dhcp-option=19,0 # option ip-forwarding off
1.406+#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
1.407+#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
1.408+#dhcp-option=46,8 # netbios node type
1.409+
1.410+# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
1.411+#dhcp-option=252,"\n"
1.412+
1.413+# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
1.414+# probably doesn't support this......
1.415+#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
1.416+
1.417+# Send RFC-3442 classless static routes (note the netmask encoding)
1.418+#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
1.419+
1.420+# Send vendor-class specific options encapsulated in DHCP option 43.
1.421+# The meaning of the options is defined by the vendor-class so
1.422+# options are sent only when the client supplied vendor class
1.423+# matches the class given here. (A substring match is OK, so "MSFT"
1.424+# matches "MSFT" and "MSFT 5.0"). This example sets the
1.425+# mtftp address to 0.0.0.0 for PXEClients.
1.426+#dhcp-option=vendor:PXEClient,1,0.0.0.0
1.427+
1.428+# Send microsoft-specific option to tell windows to release the DHCP lease
1.429+# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
1.430+# value as a four-byte integer - that's what microsoft wants. See
1.431+# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
1.432+#dhcp-option=vendor:MSFT,2,1i
1.433+
1.434+# Send the Encapsulated-vendor-class ID needed by some configurations of
1.435+# Etherboot to allow is to recognise the DHCP server.
1.436+#dhcp-option=vendor:Etherboot,60,"Etherboot"
1.437+
1.438+# Send options to PXELinux. Note that we need to send the options even
1.439+# though they don't appear in the parameter request list, so we need
1.440+# to use dhcp-option-force here.
1.441+# See http://syslinux.zytor.com/pxe.php#special for details.
1.442+# Magic number - needed before anything else is recognised
1.443+#dhcp-option-force=208,f1:00:74:7e
1.444+# Configuration file name
1.445+#dhcp-option-force=209,configs/common
1.446+# Path prefix
1.447+#dhcp-option-force=210,/tftpboot/pxelinux/files/
1.448+# Reboot time. (Note 'i' to send 32-bit value)
1.449+#dhcp-option-force=211,30i
1.450+
1.451+# Set the boot filename for netboot/PXE. You will only need
1.452+# this if you want to boot machines over the network and you will need
1.453+# a TFTP server; either dnsmasq's built-in TFTP server or an
1.454+# external one. (See below for how to enable the TFTP server.)
1.455+#dhcp-boot=pxelinux.0
1.456+
1.457+# The same as above, but use custom tftp-server instead machine running dnsmasq
1.458+#dhcp-boot=pxelinux,server.name,192.168.1.100
1.459+
1.460+# Boot for iPXE. The idea is to send two different
1.461+# filenames, the first loads iPXE, and the second tells iPXE what to
1.462+# load. The dhcp-match sets the ipxe tag for requests from iPXE.
1.463+#dhcp-boot=undionly.kpxe
1.464+#dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
1.465+#dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php
1.466+
1.467+# Encapsulated options for iPXE. All the options are
1.468+# encapsulated within option 175
1.469+#dhcp-option=encap:175, 1, 5b # priority code
1.470+#dhcp-option=encap:175, 176, 1b # no-proxydhcp
1.471+#dhcp-option=encap:175, 177, string # bus-id
1.472+#dhcp-option=encap:175, 189, 1b # BIOS drive code
1.473+#dhcp-option=encap:175, 190, user # iSCSI username
1.474+#dhcp-option=encap:175, 191, pass # iSCSI password
1.475+
1.476+# Test for the architecture of a netboot client. PXE clients are
1.477+# supposed to send their architecture as option 93. (See RFC 4578)
1.478+#dhcp-match=peecees, option:client-arch, 0 #x86-32
1.479+#dhcp-match=itanics, option:client-arch, 2 #IA64
1.480+#dhcp-match=hammers, option:client-arch, 6 #x86-64
1.481+#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
1.482+
1.483+# Do real PXE, rather than just booting a single file, this is an
1.484+# alternative to dhcp-boot.
1.485+#pxe-prompt="What system shall I netboot?"
1.486+# or with timeout before first available action is taken:
1.487+#pxe-prompt="Press F8 for menu.", 60
1.488+
1.489+# Available boot services. for PXE.
1.490+#pxe-service=x86PC, "Boot from local disk"
1.491+
1.492+# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
1.493+#pxe-service=x86PC, "Install Linux", pxelinux
1.494+
1.495+# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
1.496+# Beware this fails on old PXE ROMS.
1.497+#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
1.498+
1.499+# Use bootserver on network, found my multicast or broadcast.
1.500+#pxe-service=x86PC, "Install windows from RIS server", 1
1.501+
1.502+# Use bootserver at a known IP address.
1.503+#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
1.504+
1.505+# If you have multicast-FTP available,
1.506+# information for that can be passed in a similar way using options 1
1.507+# to 5. See page 19 of
1.508+# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
1.509+
1.510+
1.511+# Enable dnsmasq's built-in TFTP server
1.512+#enable-tftp
1.513+
1.514+# Set the root directory for files available via FTP.
1.515+#tftp-root=/var/ftpd
1.516+
1.517+# Do not abort if the tftp-root is unavailable
1.518+#tftp-no-fail
1.519+
1.520+# Make the TFTP server more secure: with this set, only files owned by
1.521+# the user dnsmasq is running as will be send over the net.
1.522+#tftp-secure
1.523+
1.524+# This option stops dnsmasq from negotiating a larger blocksize for TFTP
1.525+# transfers. It will slow things down, but may rescue some broken TFTP
1.526+# clients.
1.527+#tftp-no-blocksize
1.528+
1.529+# Set the boot file name only when the "red" tag is set.
1.530+#dhcp-boot=tag:red,pxelinux.red-net
1.531+
1.532+# An example of dhcp-boot with an external TFTP server: the name and IP
1.533+# address of the server are given after the filename.
1.534+# Can fail with old PXE ROMS. Overridden by --pxe-service.
1.535+#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
1.536+
1.537+# If there are multiple external tftp servers having a same name
1.538+# (using /etc/hosts) then that name can be specified as the
1.539+# tftp_servername (the third option to dhcp-boot) and in that
1.540+# case dnsmasq resolves this name and returns the resultant IP
1.541+# addresses in round robin fashion. This facility can be used to
1.542+# load balance the tftp load among a set of servers.
1.543+#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
1.544+
1.545+# Set the limit on DHCP leases, the default is 150
1.546+#dhcp-lease-max=150
1.547+
1.548+# The DHCP server needs somewhere on disk to keep its lease database.
1.549+# This defaults to a sane location, but if you want to change it, use
1.550+# the line below.
1.551+#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
1.552+
1.553+# Set the DHCP server to authoritative mode. In this mode it will barge in
1.554+# and take over the lease for any client which broadcasts on the network,
1.555+# whether it has a record of the lease or not. This avoids long timeouts
1.556+# when a machine wakes up on a new network. DO NOT enable this if there's
1.557+# the slightest chance that you might end up accidentally configuring a DHCP
1.558+# server for your campus/company accidentally. The ISC server uses
1.559+# the same option, and this URL provides more information:
1.560+# http://www.isc.org/files/auth.html
1.561+#dhcp-authoritative
1.562+
1.563+# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039.
1.564+# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit
1.565+# option with a DHCPACK including a Rapid Commit option and fully committed address
1.566+# and configuration information. This must only be enabled if either the server is
1.567+# the only server for the subnet, or multiple servers are present and they each
1.568+# commit a binding for all clients.
1.569+#dhcp-rapid-commit
1.570+
1.571+# Run an executable when a DHCP lease is created or destroyed.
1.572+# The arguments sent to the script are "add" or "del",
1.573+# then the MAC address, the IP address and finally the hostname
1.574+# if there is one.
1.575+#dhcp-script=/bin/echo
1.576+
1.577+# Set the cachesize here.
1.578+#cache-size=150
1.579+
1.580+# If you want to disable negative caching, uncomment this.
1.581+#no-negcache
1.582+
1.583+# Normally responses which come from /etc/hosts and the DHCP lease
1.584+# file have Time-To-Live set as zero, which conventionally means
1.585+# do not cache further. If you are happy to trade lower load on the
1.586+# server for potentially stale date, you can set a time-to-live (in
1.587+# seconds) here.
1.588+#local-ttl=
1.589+
1.590+# If you want dnsmasq to detect attempts by Verisign to send queries
1.591+# to unregistered .com and .net hosts to its sitefinder service and
1.592+# have dnsmasq instead return the correct NXDOMAIN response, uncomment
1.593+# this line. You can add similar lines to do the same for other
1.594+# registries which have implemented wildcard A records.
1.595+#bogus-nxdomain=64.94.110.11
1.596+
1.597+# If you want to fix up DNS results from upstream servers, use the
1.598+# alias option. This only works for IPv4.
1.599+# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
1.600+#alias=1.2.3.4,5.6.7.8
1.601+# and this maps 1.2.3.x to 5.6.7.x
1.602+#alias=1.2.3.0,5.6.7.0,255.255.255.0
1.603+# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
1.604+#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
1.605+
1.606+# Change these lines if you want dnsmasq to serve MX records.
1.607+
1.608+# Return an MX record named "maildomain.com" with target
1.609+# servermachine.com and preference 50
1.610+#mx-host=maildomain.com,servermachine.com,50
1.611+
1.612+# Set the default target for MX records created using the localmx option.
1.613+#mx-target=servermachine.com
1.614+
1.615+# Return an MX record pointing to the mx-target for all local
1.616+# machines.
1.617+#localmx
1.618+
1.619+# Return an MX record pointing to itself for all local machines.
1.620+#selfmx
1.621+
1.622+# Change the following lines if you want dnsmasq to serve SRV
1.623+# records. These are useful if you want to serve ldap requests for
1.624+# Active Directory and other windows-originated DNS requests.
1.625+# See RFC 2782.
1.626+# You may add multiple srv-host lines.
1.627+# The fields are <name>,<target>,<port>,<priority>,<weight>
1.628+# If the domain part if missing from the name (so that is just has the
1.629+# service and protocol sections) then the domain given by the domain=
1.630+# config option is used. (Note that expand-hosts does not need to be
1.631+# set for this to work.)
1.632+
1.633+# A SRV record sending LDAP for the example.com domain to
1.634+# ldapserver.example.com port 389
1.635+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
1.636+
1.637+# A SRV record sending LDAP for the example.com domain to
1.638+# ldapserver.example.com port 389 (using domain=)
1.639+#domain=example.com
1.640+#srv-host=_ldap._tcp,ldapserver.example.com,389
1.641+
1.642+# Two SRV records for LDAP, each with different priorities
1.643+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
1.644+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
1.645+
1.646+# A SRV record indicating that there is no LDAP server for the domain
1.647+# example.com
1.648+#srv-host=_ldap._tcp.example.com
1.649+
1.650+# The following line shows how to make dnsmasq serve an arbitrary PTR
1.651+# record. This is useful for DNS-SD. (Note that the
1.652+# domain-name expansion done for SRV records _does_not
1.653+# occur for PTR records.)
1.654+#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
1.655+
1.656+# Change the following lines to enable dnsmasq to serve TXT records.
1.657+# These are used for things like SPF and zeroconf. (Note that the
1.658+# domain-name expansion done for SRV records _does_not
1.659+# occur for TXT records.)
1.660+
1.661+#Example SPF.
1.662+#txt-record=example.com,"v=spf1 a -all"
1.663+
1.664+#Example zeroconf
1.665+#txt-record=_http._tcp.example.com,name=value,paper=A4
1.666+
1.667+# Provide an alias for a "local" DNS name. Note that this _only_ works
1.668+# for targets which are names from DHCP or /etc/hosts. Give host
1.669+# "bert" another name, bertrand
1.670+#cname=bertrand,bert
1.671+
1.672+# For debugging purposes, log each DNS query as it passes through
1.673+# dnsmasq.
1.674+#log-queries
1.675+
1.676+# Log lots of extra information about DHCP transactions.
1.677+#log-dhcp
1.678+
1.679+# Include another lot of configuration options.
1.680+#conf-file=/etc/dnsmasq.more.conf
1.681+#conf-dir=/etc/dnsmasq.d
1.682+
1.683+# Include all the files in a directory except those ending in .bak
1.684+#conf-dir=/etc/dnsmasq.d,.bak
1.685+
1.686+# Include all files in a directory which end in .conf
1.687+#conf-dir=/etc/dnsmasq.d/,*.conf
1.688+
1.689+# If a DHCP client claims that its name is "wpad", ignore that.
1.690+# This fixes a security hole. see CERT Vulnerability VU#598349
1.691+#dhcp-name-match=set:wpad-ignore,wpad
1.692+#dhcp-ignore-names=tag:wpad-ignore