changeset 4: |
01197b7b0878 |
parent: |
71488d7123d0
|
child: |
0c85895d4e27 |
author: |
Richard Westhaver <ellis@rwest.io> |
date: |
Wed, 12 Jun 2024 14:31:01 -0400 |
permissions: |
-rw-r--r-- |
description: |
add skelfile |
1 # Configuration file for dnsmasq. 3 # Format is one option per line, legal options are the same 4 # as the long options legal on the command line. See 5 # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. 7 # Listen on this specific port instead of the standard DNS port 8 # (53). Setting this to zero completely disables DNS function, 9 # leaving only DHCP and/or TFTP. 12 # The following two options make you a better netizen, since they 13 # tell dnsmasq to filter out queries which the public DNS cannot 14 # answer, and which load the servers (especially the root servers) 15 # unnecessarily. If you have a dial-on-demand link they also stop 16 # these requests from bringing up the link unnecessarily. 18 # Never forward plain names (without a dot or domain part) 20 # Never forward addresses in the non-routed address spaces. 23 # Uncomment these to enable DNSSEC validation and caching: 24 # (Requires dnsmasq to be built with DNSSEC option.) 25 #conf-file=/usr/share/dnsmasq/trust-anchors.conf 28 # Replies which are not DNSSEC signed may be legitimate, because the domain 29 # is unsigned, or may be forgeries. Setting this option tells dnsmasq to 30 # check that an unsigned reply is OK, by finding a secure proof that a DS 31 # record somewhere between the root and the domain does not exist. 32 # The cost of setting this is that even queries in unsigned domains will need 33 # one or more extra DNS queries to verify. 34 #dnssec-check-unsigned 36 # Uncomment this to filter useless windows-originated DNS requests 37 # which can trigger dial-on-demand links needlessly. 38 # Note that (amongst other things) this blocks all SRV requests, 39 # so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk. 40 # This option only affects forwarding, SRV records originating for 41 # dnsmasq (via srv-host= lines) are not suppressed by it. 44 # Change this line if you want dns to get its upstream servers from 45 # somewhere other that /etc/resolv.conf 48 # By default, dnsmasq will send queries to any of the upstream 49 # servers it knows about and tries to favour servers to are known 50 # to be up. Uncommenting this forces dnsmasq to try each query 51 # with each server strictly in the order they appear in 55 # If you don't want dnsmasq to read /etc/resolv.conf or any other 56 # file, getting its servers from this file instead (see below), then 60 # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv 61 # files for changes and re-read them then uncomment this. 64 # Add other name servers here, with domain specs if they are for 66 #server=/localnet/192.168.0.1 68 # Example of routing PTR queries to nameservers: this will send all 69 # address->name queries for 192.168.3/24 to nameserver 10.1.2.3 70 #server=/3.168.192.in-addr.arpa/10.1.2.3 72 # Add local-only domains here, queries in these domains are answered 73 # from /etc/hosts or DHCP only. 76 # Add domains which you want to force to an IP address here. 77 # The example below send any host in double-click.net to a local 79 #address=/double-click.net/127.0.0.1 81 # --address (and --server) work with IPv6 addresses too. 82 #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83 84 # Add the IPs of all queries to yahoo.com, google.com, and their 85 # subdomains to the vpn and search ipsets: 86 #ipset=/yahoo.com/google.com/vpn,search 88 # Add the IPs of all queries to yahoo.com, google.com, and their 89 # subdomains to netfilters sets, which is equivalent to 90 # 'nft add element ip test vpn { ... }; nft add element ip test search { ... }' 91 #nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search 93 # Use netfilters sets for both IPv4 and IPv6: 94 # This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses. 95 #nftset=/yahoo.com/4#ip#test#vpn4 96 #nftset=/yahoo.com/6#ip#test#vpn6 98 # You can control how dnsmasq talks to a server: this forces 99 # queries to 10.1.2.3 to be routed via eth1 100 # server=10.1.2.3@eth1 102 # and this sets the source (ie local) address used to talk to 103 # 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that 104 # IP on the machine, obviously). 105 # server=10.1.2.3@192.168.1.1#55 107 # If you want dnsmasq to change uid and gid to something other 108 # than the default, edit the following lines. 112 # If you want dnsmasq to listen for DHCP and DNS requests only on 113 # specified interfaces (and the loopback) give the name of the 114 # interface (eg eth0) here. 115 # Repeat the line for more than one interface. 117 # Or you can specify which interface _not_ to listen on 119 # Or which to listen on by address (remember to include 127.0.0.1 if 122 # If you want dnsmasq to provide only DNS service on an interface, 123 # configure it as shown above, and then use the following line to 124 # disable DHCP and TFTP on it. 127 # On systems which support it, dnsmasq binds the wildcard address, 128 # even when it is listening on only some interfaces. It then discards 129 # requests that it shouldn't reply to. This has the advantage of 130 # working even when interfaces come and go and change address. If you 131 # want dnsmasq to really bind only the interfaces it is listening on, 132 # uncomment this option. About the only time you may need this is when 133 # running another nameserver on the same machine. 136 # If you don't want dnsmasq to read /etc/hosts, uncomment the 139 # or if you want it to read another file, as well as /etc/hosts, use 141 #addn-hosts=/etc/banner_add_hosts 143 # Set this (and domain: see below) if you want to have a domain 144 # automatically added to simple names in a hosts-file. 147 # Set the domain for dnsmasq. this is optional, but if it is set, it 148 # does the following things. 149 # 1) Allows DHCP hosts to have fully qualified domain names, as long 150 # as the domain part matches this setting. 151 # 2) Sets the "domain" DHCP option thereby potentially setting the 152 # domain of all systems configured by DHCP 153 # 3) Provides the domain part for "expand-hosts" 154 #domain=thekelleys.org.uk 156 # Set a different domain for a particular subnet 157 #domain=wireless.thekelleys.org.uk,192.168.2.0/24 159 # Same idea, but range rather then subnet 160 #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200 162 # Uncomment this to enable the integrated DHCP server, you need 163 # to supply the range of addresses available for lease and optionally 164 # a lease time. If you have more than one network, you will need to 165 # repeat this for each network on which you want to supply DHCP 167 #dhcp-range=192.168.0.50,192.168.0.150,12h 169 # This is an example of a DHCP range where the netmask is given. This 170 # is needed for networks we reach the dnsmasq DHCP server via a relay 171 # agent. If you don't know what a DHCP relay agent is, you probably 172 # don't need to worry about this. 173 #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h 175 # This is an example of a DHCP range which sets a tag, so that 176 # some DHCP options may be set only for this network. 177 #dhcp-range=set:red,192.168.0.50,192.168.0.150 179 # Use this DHCP range only when the tag "green" is set. 180 #dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h 182 # Specify a subnet which can't be used for dynamic address allocation, 183 # is available for hosts with matching --dhcp-host lines. Note that 184 # dhcp-host declarations will be ignored unless there is a dhcp-range 185 # of some type for the subnet in question. 186 # In this case the netmask is implied (it comes from the network 187 # configuration on the machine running dnsmasq) it is possible to give 188 # an explicit netmask instead. 189 #dhcp-range=192.168.0.0,static 191 # Enable DHCPv6. Note that the prefix-length does not need to be specified 192 # and defaults to 64 if missing/ 193 #dhcp-range=1234::2, 1234::500, 64, 12h 195 # Do Router Advertisements, BUT NOT DHCP for this subnet. 196 #dhcp-range=1234::, ra-only 198 # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and 199 # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack 200 # hosts. Use the DHCPv4 lease to derive the name, network segment and 201 # MAC address and assume that the host will also have an 202 # IPv6 address calculated using the SLAAC algorithm. 203 #dhcp-range=1234::, ra-names 205 # Do Router Advertisements, BUT NOT DHCP for this subnet. 206 # Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.) 207 #dhcp-range=1234::, ra-only, 48h 209 # Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA 210 # so that clients can use SLAAC addresses as well as DHCP ones. 211 #dhcp-range=1234::2, 1234::500, slaac 213 # Do Router Advertisements and stateless DHCP for this subnet. Clients will 214 # not get addresses from DHCP, but they will get other configuration information. 215 # They will use SLAAC for addresses. 216 #dhcp-range=1234::, ra-stateless 218 # Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses 219 # from DHCPv4 leases. 220 #dhcp-range=1234::, ra-stateless, ra-names 222 # Do router advertisements for all subnets where we're doing DHCPv6 223 # Unless overridden by ra-stateless, ra-names, et al, the router 224 # advertisements will have the M and O bits set, so that the clients 225 # get addresses and configuration from DHCPv6, and the A bit reset, so the 226 # clients don't use SLAAC addresses. 229 # Supply parameters for specified hosts using DHCP. There are lots 230 # of valid alternatives, so we will give examples of each. Note that 231 # IP addresses DO NOT have to be in the range given above, they just 232 # need to be on the same network. The order of the parameters in these 233 # do not matter, it's permissible to give name, address and MAC in any 236 # Always allocate the host with Ethernet address 11:22:33:44:55:66 237 # The IP address 192.168.0.60 238 #dhcp-host=11:22:33:44:55:66,192.168.0.60 240 # Always set the name of the host with hardware address 241 # 11:22:33:44:55:66 to be "fred" 242 #dhcp-host=11:22:33:44:55:66,fred 244 # Always give the host with Ethernet address 11:22:33:44:55:66 245 # the name fred and IP address 192.168.0.60 and lease time 45 minutes 246 #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m 248 # Give a host with Ethernet address 11:22:33:44:55:66 or 249 # 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume 250 # that these two Ethernet interfaces will never be in use at the same 251 # time, and give the IP address to the second, even if it is already 252 # in use by the first. Useful for laptops with wired and wireless 254 #dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60 256 # Give the machine which says its name is "bert" IP address 257 # 192.168.0.70 and an infinite lease 258 #dhcp-host=bert,192.168.0.70,infinite 260 # Always give the host with client identifier 01:02:02:04 261 # the IP address 192.168.0.60 262 #dhcp-host=id:01:02:02:04,192.168.0.60 264 # Always give the InfiniBand interface with hardware address 265 # 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the 266 # ip address 192.168.0.61. The client id is derived from the prefix 267 # ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of 268 # hex digits of the hardware address. 269 #dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61 271 # Always give the host with client identifier "marjorie" 272 # the IP address 192.168.0.60 273 #dhcp-host=id:marjorie,192.168.0.60 275 # Enable the address given for "judge" in /etc/hosts 276 # to be given to a machine presenting the name "judge" when 277 # it asks for a DHCP lease. 280 # Never offer DHCP service to a machine whose Ethernet 281 # address is 11:22:33:44:55:66 282 #dhcp-host=11:22:33:44:55:66,ignore 284 # Ignore any client-id presented by the machine with Ethernet 285 # address 11:22:33:44:55:66. This is useful to prevent a machine 286 # being treated differently when running under different OS's or 287 # between PXE boot and OS boot. 288 #dhcp-host=11:22:33:44:55:66,id:* 290 # Send extra options which are tagged as "red" to 291 # the machine with Ethernet address 11:22:33:44:55:66 292 #dhcp-host=11:22:33:44:55:66,set:red 294 # Send extra options which are tagged as "red" to 295 # any machine with Ethernet address starting 11:22:33: 296 #dhcp-host=11:22:33:*:*:*,set:red 298 # Give a fixed IPv6 address and name to client with 299 # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 300 # Note the MAC addresses CANNOT be used to identify DHCPv6 clients. 301 # Note also that the [] around the IPv6 address are obligatory. 302 #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] 304 # Ignore any clients which are not specified in dhcp-host lines 305 # or /etc/ethers. Equivalent to ISC "deny unknown-clients". 306 # This relies on the special "known" tag which is set when 308 #dhcp-ignore=tag:!known 310 # Send extra options which are tagged as "red" to any machine whose 311 # DHCP vendorclass string includes the substring "Linux" 312 #dhcp-vendorclass=set:red,Linux 314 # Send extra options which are tagged as "red" to any machine one 315 # of whose DHCP userclass strings includes the substring "accounts" 316 #dhcp-userclass=set:red,accounts 318 # Send extra options which are tagged as "red" to any machine whose 319 # MAC address matches the pattern. 320 #dhcp-mac=set:red,00:60:8C:*:*:* 322 # If this line is uncommented, dnsmasq will read /etc/ethers and act 323 # on the ethernet-address/IP pairs found there just as if they had 324 # been given as --dhcp-host options. Useful if you keep 325 # MAC-address/host mappings there for other purposes. 328 # Send options to hosts which ask for a DHCP lease. 329 # See RFC 2132 for details of available options. 330 # Common options can be given to dnsmasq by name: 331 # run "dnsmasq --help dhcp" to get a list. 332 # Note that all the common settings, such as netmask and 333 # broadcast address, DNS server and default route, are given 334 # sane defaults by dnsmasq. You very likely will not need 335 # any dhcp-options. If you use Windows clients and Samba, there 336 # are some options which are recommended, they are detailed at the 337 # end of this section. 339 # Override the default route supplied by dnsmasq, which assumes the 340 # router is the same machine as the one running dnsmasq. 341 #dhcp-option=3,1.2.3.4 343 # Do the same thing, but using the option name 344 #dhcp-option=option:router,1.2.3.4 346 # Override the default route supplied by dnsmasq and send no default 347 # route at all. Note that this only works for the options sent by 348 # default (1, 3, 6, 12, 28) the same line will send a zero-length option 349 # for all other option numbers. 352 # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5 353 #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5 355 # Send DHCPv6 option. Note [] around IPv6 addresses. 356 #dhcp-option=option6:dns-server,[1234::77],[1234::88] 358 # Send DHCPv6 option for namservers as the machine running 359 # dnsmasq and another. 360 #dhcp-option=option6:dns-server,[::],[1234::88] 362 # Ask client to poll for option changes every six hours. (RFC4242) 363 #dhcp-option=option6:information-refresh-time,6h 365 # Set option 58 client renewal time (T1). Defaults to half of the 366 # lease time if not specified. (RFC2132) 367 #dhcp-option=option:T1,1m 369 # Set option 59 rebinding time (T2). Defaults to 7/8 of the 370 # lease time if not specified. (RFC2132) 371 #dhcp-option=option:T2,2m 373 # Set the NTP time server address to be the same machine as 375 #dhcp-option=42,0.0.0.0 377 # Set the NIS domain name to "welly" 378 #dhcp-option=40,welly 380 # Set the default time-to-live to 50 383 # Set the "all subnets are local" flag 386 # Send the etherboot magic flag and then etherboot options (a string). 387 #dhcp-option=128,e4:45:74:68:00:00 388 #dhcp-option=129,NIC=eepro100 390 # Specify an option which will only be sent to the "red" network 391 # (see dhcp-range for the declaration of the "red" network) 392 # Note that the tag: part must precede the option: part. 393 #dhcp-option = tag:red, option:ntp-server, 192.168.1.1 395 # The following DHCP options set up dnsmasq in the same way as is specified 396 # for the ISC dhcpcd in 397 # https://web.archive.org/web/20040313070105/http://us1.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt 398 # adapted for a typical dnsmasq installation where the host running 399 # dnsmasq is also the host running samba. 400 # you may want to uncomment some or all of them if you use 401 # Windows clients and Samba. 402 #dhcp-option=19,0 # option ip-forwarding off 403 #dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) 404 #dhcp-option=45,0.0.0.0 # netbios datagram distribution server 405 #dhcp-option=46,8 # netbios node type 407 # Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave. 408 #dhcp-option=252,"\n" 410 # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client 411 # probably doesn't support this...... 412 #dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com 414 # Send RFC-3442 classless static routes (note the netmask encoding) 415 #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8 417 # Send vendor-class specific options encapsulated in DHCP option 43. 418 # The meaning of the options is defined by the vendor-class so 419 # options are sent only when the client supplied vendor class 420 # matches the class given here. (A substring match is OK, so "MSFT" 421 # matches "MSFT" and "MSFT 5.0"). This example sets the 422 # mtftp address to 0.0.0.0 for PXEClients. 423 #dhcp-option=vendor:PXEClient,1,0.0.0.0 425 # Send microsoft-specific option to tell windows to release the DHCP lease 426 # when it shuts down. Note the "i" flag, to tell dnsmasq to send the 427 # value as a four-byte integer - that's what microsoft wants. See 428 # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true 429 #dhcp-option=vendor:MSFT,2,1i 431 # Send the Encapsulated-vendor-class ID needed by some configurations of 432 # Etherboot to allow is to recognise the DHCP server. 433 #dhcp-option=vendor:Etherboot,60,"Etherboot" 435 # Send options to PXELinux. Note that we need to send the options even 436 # though they don't appear in the parameter request list, so we need 437 # to use dhcp-option-force here. 438 # See http://syslinux.zytor.com/pxe.php#special for details. 439 # Magic number - needed before anything else is recognised 440 #dhcp-option-force=208,f1:00:74:7e 441 # Configuration file name 442 #dhcp-option-force=209,configs/common 444 #dhcp-option-force=210,/tftpboot/pxelinux/files/ 445 # Reboot time. (Note 'i' to send 32-bit value) 446 #dhcp-option-force=211,30i 448 # Set the boot filename for netboot/PXE. You will only need 449 # this if you want to boot machines over the network and you will need 450 # a TFTP server; either dnsmasq's built-in TFTP server or an 451 # external one. (See below for how to enable the TFTP server.) 452 #dhcp-boot=pxelinux.0 454 # The same as above, but use custom tftp-server instead machine running dnsmasq 455 #dhcp-boot=pxelinux,server.name,192.168.1.100 457 # Boot for iPXE. The idea is to send two different 458 # filenames, the first loads iPXE, and the second tells iPXE what to 459 # load. The dhcp-match sets the ipxe tag for requests from iPXE. 460 #dhcp-boot=undionly.kpxe 461 #dhcp-match=set:ipxe,175 # iPXE sends a 175 option. 462 #dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php 464 # Encapsulated options for iPXE. All the options are 465 # encapsulated within option 175 466 #dhcp-option=encap:175, 1, 5b # priority code 467 #dhcp-option=encap:175, 176, 1b # no-proxydhcp 468 #dhcp-option=encap:175, 177, string # bus-id 469 #dhcp-option=encap:175, 189, 1b # BIOS drive code 470 #dhcp-option=encap:175, 190, user # iSCSI username 471 #dhcp-option=encap:175, 191, pass # iSCSI password 473 # Test for the architecture of a netboot client. PXE clients are 474 # supposed to send their architecture as option 93. (See RFC 4578) 475 #dhcp-match=peecees, option:client-arch, 0 #x86-32 476 #dhcp-match=itanics, option:client-arch, 2 #IA64 477 #dhcp-match=hammers, option:client-arch, 6 #x86-64 478 #dhcp-match=mactels, option:client-arch, 7 #EFI x86-64 480 # Do real PXE, rather than just booting a single file, this is an 481 # alternative to dhcp-boot. 482 #pxe-prompt="What system shall I netboot?" 483 # or with timeout before first available action is taken: 484 #pxe-prompt="Press F8 for menu.", 60 486 # Available boot services. for PXE. 487 #pxe-service=x86PC, "Boot from local disk" 489 # Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server. 490 #pxe-service=x86PC, "Install Linux", pxelinux 492 # Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4. 493 # Beware this fails on old PXE ROMS. 494 #pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4 496 # Use bootserver on network, found my multicast or broadcast. 497 #pxe-service=x86PC, "Install windows from RIS server", 1 499 # Use bootserver at a known IP address. 500 #pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4 502 # If you have multicast-FTP available, 503 # information for that can be passed in a similar way using options 1 504 # to 5. See page 19 of 505 # http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf 508 # Enable dnsmasq's built-in TFTP server 511 # Set the root directory for files available via FTP. 514 # Do not abort if the tftp-root is unavailable 517 # Make the TFTP server more secure: with this set, only files owned by 518 # the user dnsmasq is running as will be send over the net. 521 # This option stops dnsmasq from negotiating a larger blocksize for TFTP 522 # transfers. It will slow things down, but may rescue some broken TFTP 526 # Set the boot file name only when the "red" tag is set. 527 #dhcp-boot=tag:red,pxelinux.red-net 529 # An example of dhcp-boot with an external TFTP server: the name and IP 530 # address of the server are given after the filename. 531 # Can fail with old PXE ROMS. Overridden by --pxe-service. 532 #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3 534 # If there are multiple external tftp servers having a same name 535 # (using /etc/hosts) then that name can be specified as the 536 # tftp_servername (the third option to dhcp-boot) and in that 537 # case dnsmasq resolves this name and returns the resultant IP 538 # addresses in round robin fashion. This facility can be used to 539 # load balance the tftp load among a set of servers. 540 #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name 542 # Set the limit on DHCP leases, the default is 150 545 # The DHCP server needs somewhere on disk to keep its lease database. 546 # This defaults to a sane location, but if you want to change it, use 548 #dhcp-leasefile=/var/lib/misc/dnsmasq.leases 550 # Set the DHCP server to authoritative mode. In this mode it will barge in 551 # and take over the lease for any client which broadcasts on the network, 552 # whether it has a record of the lease or not. This avoids long timeouts 553 # when a machine wakes up on a new network. DO NOT enable this if there's 554 # the slightest chance that you might end up accidentally configuring a DHCP 555 # server for your campus/company accidentally. The ISC server uses 556 # the same option, and this URL provides more information: 557 # http://www.isc.org/files/auth.html 560 # Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039. 561 # In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit 562 # option with a DHCPACK including a Rapid Commit option and fully committed address 563 # and configuration information. This must only be enabled if either the server is 564 # the only server for the subnet, or multiple servers are present and they each 565 # commit a binding for all clients. 568 # Run an executable when a DHCP lease is created or destroyed. 569 # The arguments sent to the script are "add" or "del", 570 # then the MAC address, the IP address and finally the hostname 572 #dhcp-script=/bin/echo 574 # Set the cachesize here. 577 # If you want to disable negative caching, uncomment this. 580 # Normally responses which come from /etc/hosts and the DHCP lease 581 # file have Time-To-Live set as zero, which conventionally means 582 # do not cache further. If you are happy to trade lower load on the 583 # server for potentially stale date, you can set a time-to-live (in 587 # If you want dnsmasq to detect attempts by Verisign to send queries 588 # to unregistered .com and .net hosts to its sitefinder service and 589 # have dnsmasq instead return the correct NXDOMAIN response, uncomment 590 # this line. You can add similar lines to do the same for other 591 # registries which have implemented wildcard A records. 592 #bogus-nxdomain=64.94.110.11 594 # If you want to fix up DNS results from upstream servers, use the 595 # alias option. This only works for IPv4. 596 # This alias makes a result of 1.2.3.4 appear as 5.6.7.8 597 #alias=1.2.3.4,5.6.7.8 598 # and this maps 1.2.3.x to 5.6.7.x 599 #alias=1.2.3.0,5.6.7.0,255.255.255.0 600 # and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40 601 #alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 603 # Change these lines if you want dnsmasq to serve MX records. 605 # Return an MX record named "maildomain.com" with target 606 # servermachine.com and preference 50 607 #mx-host=maildomain.com,servermachine.com,50 609 # Set the default target for MX records created using the localmx option. 610 #mx-target=servermachine.com 612 # Return an MX record pointing to the mx-target for all local 616 # Return an MX record pointing to itself for all local machines. 619 # Change the following lines if you want dnsmasq to serve SRV 620 # records. These are useful if you want to serve ldap requests for 621 # Active Directory and other windows-originated DNS requests. 623 # You may add multiple srv-host lines. 624 # The fields are <name>,<target>,<port>,<priority>,<weight> 625 # If the domain part if missing from the name (so that is just has the 626 # service and protocol sections) then the domain given by the domain= 627 # config option is used. (Note that expand-hosts does not need to be 628 # set for this to work.) 630 # A SRV record sending LDAP for the example.com domain to 631 # ldapserver.example.com port 389 632 #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 634 # A SRV record sending LDAP for the example.com domain to 635 # ldapserver.example.com port 389 (using domain=) 637 #srv-host=_ldap._tcp,ldapserver.example.com,389 639 # Two SRV records for LDAP, each with different priorities 640 #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 641 #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 643 # A SRV record indicating that there is no LDAP server for the domain 645 #srv-host=_ldap._tcp.example.com 647 # The following line shows how to make dnsmasq serve an arbitrary PTR 648 # record. This is useful for DNS-SD. (Note that the 649 # domain-name expansion done for SRV records _does_not 650 # occur for PTR records.) 651 #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" 653 # Change the following lines to enable dnsmasq to serve TXT records. 654 # These are used for things like SPF and zeroconf. (Note that the 655 # domain-name expansion done for SRV records _does_not 656 # occur for TXT records.) 659 #txt-record=example.com,"v=spf1 a -all" 662 #txt-record=_http._tcp.example.com,name=value,paper=A4 664 # Provide an alias for a "local" DNS name. Note that this _only_ works 665 # for targets which are names from DHCP or /etc/hosts. Give host 666 # "bert" another name, bertrand 669 # For debugging purposes, log each DNS query as it passes through 673 # Log lots of extra information about DHCP transactions. 676 # Include another lot of configuration options. 677 #conf-file=/etc/dnsmasq.more.conf 678 #conf-dir=/etc/dnsmasq.d 680 # Include all the files in a directory except those ending in .bak 681 #conf-dir=/etc/dnsmasq.d,.bak 683 # Include all files in a directory which end in .conf 684 #conf-dir=/etc/dnsmasq.d/,*.conf 686 # If a DHCP client claims that its name is "wpad", ignore that. 687 # This fixes a security hole. see CERT Vulnerability VU#598349 688 #dhcp-name-match=set:wpad-ignore,wpad 689 #dhcp-ignore-names=tag:wpad-ignore