|
version 1.1.1.3, 2016/11/02 09:57:01
|
version 1.1.1.5, 2023/09/27 11:02:07
|
|
Line 85
|
Line 85
|
| # subdomains to the vpn and search ipsets: |
# subdomains to the vpn and search ipsets: |
| #ipset=/yahoo.com/google.com/vpn,search |
#ipset=/yahoo.com/google.com/vpn,search |
| |
|
| |
# Add the IPs of all queries to yahoo.com, google.com, and their |
| |
# subdomains to netfilters sets, which is equivalent to |
| |
# 'nft add element ip test vpn { ... }; nft add element ip test search { ... }' |
| |
#nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search |
| |
|
| |
# Use netfilters sets for both IPv4 and IPv6: |
| |
# This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses. |
| |
#nftset=/yahoo.com/4#ip#test#vpn4 |
| |
#nftset=/yahoo.com/6#ip#test#vpn6 |
| |
|
| # You can control how dnsmasq talks to a server: this forces |
# You can control how dnsmasq talks to a server: this forces |
| # queries to 10.1.2.3 to be routed via eth1 |
# queries to 10.1.2.3 to be routed via eth1 |
| # server=10.1.2.3@eth1 |
# server=10.1.2.3@eth1 |
| |
|
| # and this sets the source (ie local) address used to talk to |
# and this sets the source (ie local) address used to talk to |
| # 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that | # 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that |
| # IP on the machine, obviously). |
# IP on the machine, obviously). |
| # server=10.1.2.3@192.168.1.1#55 |
# server=10.1.2.3@192.168.1.1#55 |
| |
|
|
Line 123
|
Line 133
|
| # running another nameserver on the same machine. |
# running another nameserver on the same machine. |
| #bind-interfaces |
#bind-interfaces |
| |
|
| # Accept DNS queries only from hosts whose address is on a local |
|
| # subnet, ie a subnet for which an interface exists on the server. |
|
| # This option only has effect if there are no --interface |
|
| # --except-interface, --listen-address or --auth-server options. |
|
| local-service |
|
| |
|
| # If you don't want dnsmasq to read /etc/hosts, uncomment the |
# If you don't want dnsmasq to read /etc/hosts, uncomment the |
| # following line. |
# following line. |
| #no-hosts |
#no-hosts |
|
Line 195 local-service
|
Line 199 local-service
|
| # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack |
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack |
| # hosts. Use the DHCPv4 lease to derive the name, network segment and |
# hosts. Use the DHCPv4 lease to derive the name, network segment and |
| # MAC address and assume that the host will also have an |
# MAC address and assume that the host will also have an |
| # IPv6 address calculated using the SLAAC alogrithm. | # IPv6 address calculated using the SLAAC algorithm. |
| #dhcp-range=1234::, ra-names |
#dhcp-range=1234::, ra-names |
| |
|
| # Do Router Advertisements, BUT NOT DHCP for this subnet. |
# Do Router Advertisements, BUT NOT DHCP for this subnet. |
|
Line 216 local-service
|
Line 220 local-service
|
| #dhcp-range=1234::, ra-stateless, ra-names |
#dhcp-range=1234::, ra-stateless, ra-names |
| |
|
| # Do router advertisements for all subnets where we're doing DHCPv6 |
# Do router advertisements for all subnets where we're doing DHCPv6 |
| # Unless overriden by ra-stateless, ra-names, et al, the router | # Unless overridden by ra-stateless, ra-names, et al, the router |
| # advertisements will have the M and O bits set, so that the clients |
# advertisements will have the M and O bits set, so that the clients |
| # get addresses and configuration from DHCPv6, and the A bit reset, so the |
# get addresses and configuration from DHCPv6, and the A bit reset, so the |
| # clients don't use SLAAC addresses. |
# clients don't use SLAAC addresses. |
|
Line 257 local-service
|
Line 261 local-service
|
| # the IP address 192.168.0.60 |
# the IP address 192.168.0.60 |
| #dhcp-host=id:01:02:02:04,192.168.0.60 |
#dhcp-host=id:01:02:02:04,192.168.0.60 |
| |
|
| # Always give the Infiniband interface with hardware address | # Always give the InfiniBand interface with hardware address |
| # 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the |
# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the |
| # ip address 192.168.0.61. The client id is derived from the prefix |
# ip address 192.168.0.61. The client id is derived from the prefix |
| # ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of |
# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of |
|
Line 294 local-service
|
Line 298 local-service
|
| # Give a fixed IPv6 address and name to client with |
# Give a fixed IPv6 address and name to client with |
| # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 |
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 |
| # Note the MAC addresses CANNOT be used to identify DHCPv6 clients. |
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients. |
| # Note also the they [] around the IPv6 address are obilgatory. | # Note also that the [] around the IPv6 address are obligatory. |
| #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] |
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] |
| |
|
| # Ignore any clients which are not specified in dhcp-host lines |
# Ignore any clients which are not specified in dhcp-host lines |
|
Line 360 local-service
|
Line 364 local-service
|
| |
|
| # Set option 58 client renewal time (T1). Defaults to half of the |
# Set option 58 client renewal time (T1). Defaults to half of the |
| # lease time if not specified. (RFC2132) |
# lease time if not specified. (RFC2132) |
| #dhcp-option=option:T1:1m | #dhcp-option=option:T1,1m |
| |
|
| # Set option 59 rebinding time (T2). Defaults to 7/8 of the |
# Set option 59 rebinding time (T2). Defaults to 7/8 of the |
| # lease time if not specified. (RFC2132) |
# lease time if not specified. (RFC2132) |
| #dhcp-option=option:T2:2m | #dhcp-option=option:T2,2m |
| |
|
| # Set the NTP time server address to be the same machine as |
# Set the NTP time server address to be the same machine as |
| # is running dnsmasq |
# is running dnsmasq |
|
Line 390 local-service
|
Line 394 local-service
|
| |
|
| # The following DHCP options set up dnsmasq in the same way as is specified |
# The following DHCP options set up dnsmasq in the same way as is specified |
| # for the ISC dhcpcd in |
# for the ISC dhcpcd in |
| # http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt | # https://web.archive.org/web/20040313070105/http://us1.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt |
| # adapted for a typical dnsmasq installation where the host running |
# adapted for a typical dnsmasq installation where the host running |
| # dnsmasq is also the host running samba. |
# dnsmasq is also the host running samba. |
| # you may want to uncomment some or all of them if you use |
# you may want to uncomment some or all of them if you use |
|
Line 442 local-service
|
Line 446 local-service
|
| #dhcp-option-force=211,30i |
#dhcp-option-force=211,30i |
| |
|
| # Set the boot filename for netboot/PXE. You will only need |
# Set the boot filename for netboot/PXE. You will only need |
| # this is you want to boot machines over the network and you will need | # this if you want to boot machines over the network and you will need |
| # a TFTP server; either dnsmasq's built in TFTP server or an | # a TFTP server; either dnsmasq's built-in TFTP server or an |
| # external one. (See below for how to enable the TFTP server.) |
# external one. (See below for how to enable the TFTP server.) |
| #dhcp-boot=pxelinux.0 |
#dhcp-boot=pxelinux.0 |
| |
|
| # The same as above, but use custom tftp-server instead machine running dnsmasq |
# The same as above, but use custom tftp-server instead machine running dnsmasq |
| #dhcp-boot=pxelinux,server.name,192.168.1.100 |
#dhcp-boot=pxelinux,server.name,192.168.1.100 |
| |
|
| # Boot for Etherboot gPXE. The idea is to send two different | # Boot for iPXE. The idea is to send two different |
| # filenames, the first loads gPXE, and the second tells gPXE what to | # filenames, the first loads iPXE, and the second tells iPXE what to |
| # load. The dhcp-match sets the gpxe tag for requests from gPXE. | # load. The dhcp-match sets the ipxe tag for requests from iPXE. |
| #dhcp-match=set:gpxe,175 # gPXE sends a 175 option. | #dhcp-boot=undionly.kpxe |
| #dhcp-boot=tag:!gpxe,undionly.kpxe | #dhcp-match=set:ipxe,175 # iPXE sends a 175 option. |
| #dhcp-boot=mybootimage | #dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php |
| |
|
| # Encapsulated options for Etherboot gPXE. All the options are | # Encapsulated options for iPXE. All the options are |
| # encapsulated within option 175 |
# encapsulated within option 175 |
| #dhcp-option=encap:175, 1, 5b # priority code |
#dhcp-option=encap:175, 1, 5b # priority code |
| #dhcp-option=encap:175, 176, 1b # no-proxydhcp |
#dhcp-option=encap:175, 176, 1b # no-proxydhcp |
|
Line 531 local-service
|
Line 535 local-service
|
| # (using /etc/hosts) then that name can be specified as the |
# (using /etc/hosts) then that name can be specified as the |
| # tftp_servername (the third option to dhcp-boot) and in that |
# tftp_servername (the third option to dhcp-boot) and in that |
| # case dnsmasq resolves this name and returns the resultant IP |
# case dnsmasq resolves this name and returns the resultant IP |
| # addresses in round robin fasion. This facility can be used to | # addresses in round robin fashion. This facility can be used to |
| # load balance the tftp load among a set of servers. |
# load balance the tftp load among a set of servers. |
| #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name |
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name |
| |
|
|
Line 553 local-service
|
Line 557 local-service
|
| # http://www.isc.org/files/auth.html |
# http://www.isc.org/files/auth.html |
| #dhcp-authoritative |
#dhcp-authoritative |
| |
|
| |
# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039. |
| |
# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit |
| |
# option with a DHCPACK including a Rapid Commit option and fully committed address |
| |
# and configuration information. This must only be enabled if either the server is |
| |
# the only server for the subnet, or multiple servers are present and they each |
| |
# commit a binding for all clients. |
| |
#dhcp-rapid-commit |
| |
|
| # Run an executable when a DHCP lease is created or destroyed. |
# Run an executable when a DHCP lease is created or destroyed. |
| # The arguments sent to the script are "add" or "del", |
# The arguments sent to the script are "add" or "del", |
| # then the MAC address, the IP address and finally the hostname |
# then the MAC address, the IP address and finally the hostname |
|
Line 670 local-service
|
Line 682 local-service
|
| |
|
| # Include all files in a directory which end in .conf |
# Include all files in a directory which end in .conf |
| #conf-dir=/etc/dnsmasq.d/,*.conf |
#conf-dir=/etc/dnsmasq.d/,*.conf |
| |
|
| |
# If a DHCP client claims that its name is "wpad", ignore that. |
| |
# This fixes a security hole. see CERT Vulnerability VU#598349 |
| |
#dhcp-name-match=set:wpad-ignore,wpad |
| |
#dhcp-ignore-names=tag:wpad-ignore |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnsmasq.conf.example CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq