|
version 1.1.1.1, 2013/07/29 19:37:40
|
version 1.1.1.4, 2021/03/17 00:56:46
|
|
Line 20
|
Line 20
|
| # Never forward addresses in the non-routed address spaces. |
# Never forward addresses in the non-routed address spaces. |
| #bogus-priv |
#bogus-priv |
| |
|
| |
# Uncomment these to enable DNSSEC validation and caching: |
| |
# (Requires dnsmasq to be built with DNSSEC option.) |
| |
#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf |
| |
#dnssec |
| |
|
| |
# Replies which are not DNSSEC signed may be legitimate, because the domain |
| |
# is unsigned, or may be forgeries. Setting this option tells dnsmasq to |
| |
# check that an unsigned reply is OK, by finding a secure proof that a DS |
| |
# record somewhere between the root and the domain does not exist. |
| |
# The cost of setting this is that even queries in unsigned domains will need |
| |
# one or more extra DNS queries to verify. |
| |
#dnssec-check-unsigned |
| |
|
| # Uncomment this to filter useless windows-originated DNS requests |
# Uncomment this to filter useless windows-originated DNS requests |
| # which can trigger dial-on-demand links needlessly. |
# which can trigger dial-on-demand links needlessly. |
| # Note that (amongst other things) this blocks all SRV requests, |
# Note that (amongst other things) this blocks all SRV requests, |
|
Line 78
|
Line 90
|
| # server=10.1.2.3@eth1 |
# server=10.1.2.3@eth1 |
| |
|
| # and this sets the source (ie local) address used to talk to |
# and this sets the source (ie local) address used to talk to |
| # 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that | # 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that |
| # IP on the machine, obviously). |
# IP on the machine, obviously). |
| # server=10.1.2.3@192.168.1.1#55 |
# server=10.1.2.3@192.168.1.1#55 |
| |
|
|
Line 177
|
Line 189
|
| # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack |
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack |
| # hosts. Use the DHCPv4 lease to derive the name, network segment and |
# hosts. Use the DHCPv4 lease to derive the name, network segment and |
| # MAC address and assume that the host will also have an |
# MAC address and assume that the host will also have an |
| # IPv6 address calculated using the SLAAC alogrithm. | # IPv6 address calculated using the SLAAC algorithm. |
| #dhcp-range=1234::, ra-names |
#dhcp-range=1234::, ra-names |
| |
|
| # Do Router Advertisements, BUT NOT DHCP for this subnet. |
# Do Router Advertisements, BUT NOT DHCP for this subnet. |
|
Line 198
|
Line 210
|
| #dhcp-range=1234::, ra-stateless, ra-names |
#dhcp-range=1234::, ra-stateless, ra-names |
| |
|
| # Do router advertisements for all subnets where we're doing DHCPv6 |
# Do router advertisements for all subnets where we're doing DHCPv6 |
| # Unless overriden by ra-stateless, ra-names, et al, the router | # Unless overridden by ra-stateless, ra-names, et al, the router |
| # advertisements will have the M and O bits set, so that the clients |
# advertisements will have the M and O bits set, so that the clients |
| # get addresses and configuration from DHCPv6, and the A bit reset, so the |
# get addresses and configuration from DHCPv6, and the A bit reset, so the |
| # clients don't use SLAAC addresses. |
# clients don't use SLAAC addresses. |
|
Line 239
|
Line 251
|
| # the IP address 192.168.0.60 |
# the IP address 192.168.0.60 |
| #dhcp-host=id:01:02:02:04,192.168.0.60 |
#dhcp-host=id:01:02:02:04,192.168.0.60 |
| |
|
| |
# Always give the InfiniBand interface with hardware address |
| |
# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the |
| |
# ip address 192.168.0.61. The client id is derived from the prefix |
| |
# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of |
| |
# hex digits of the hardware address. |
| |
#dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61 |
| |
|
| # Always give the host with client identifier "marjorie" |
# Always give the host with client identifier "marjorie" |
| # the IP address 192.168.0.60 |
# the IP address 192.168.0.60 |
| #dhcp-host=id:marjorie,192.168.0.60 |
#dhcp-host=id:marjorie,192.168.0.60 |
|
Line 269
|
Line 288
|
| # Give a fixed IPv6 address and name to client with |
# Give a fixed IPv6 address and name to client with |
| # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 |
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 |
| # Note the MAC addresses CANNOT be used to identify DHCPv6 clients. |
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients. |
| # Note also the they [] around the IPv6 address are obilgatory. | # Note also that the [] around the IPv6 address are obligatory. |
| #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] |
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] |
| |
|
| # Ignore any clients which are not specified in dhcp-host lines |
# Ignore any clients which are not specified in dhcp-host lines |
|
Line 333
|
Line 352
|
| # Ask client to poll for option changes every six hours. (RFC4242) |
# Ask client to poll for option changes every six hours. (RFC4242) |
| #dhcp-option=option6:information-refresh-time,6h |
#dhcp-option=option6:information-refresh-time,6h |
| |
|
| |
# Set option 58 client renewal time (T1). Defaults to half of the |
| |
# lease time if not specified. (RFC2132) |
| |
#dhcp-option=option:T1,1m |
| |
|
| |
# Set option 59 rebinding time (T2). Defaults to 7/8 of the |
| |
# lease time if not specified. (RFC2132) |
| |
#dhcp-option=option:T2,2m |
| |
|
| # Set the NTP time server address to be the same machine as |
# Set the NTP time server address to be the same machine as |
| # is running dnsmasq |
# is running dnsmasq |
| #dhcp-option=42,0.0.0.0 |
#dhcp-option=42,0.0.0.0 |
|
Line 409
|
Line 436
|
| #dhcp-option-force=211,30i |
#dhcp-option-force=211,30i |
| |
|
| # Set the boot filename for netboot/PXE. You will only need |
# Set the boot filename for netboot/PXE. You will only need |
| # this is you want to boot machines over the network and you will need | # this if you want to boot machines over the network and you will need |
| # a TFTP server; either dnsmasq's built in TFTP server or an | # a TFTP server; either dnsmasq's built-in TFTP server or an |
| # external one. (See below for how to enable the TFTP server.) |
# external one. (See below for how to enable the TFTP server.) |
| #dhcp-boot=pxelinux.0 |
#dhcp-boot=pxelinux.0 |
| |
|
| # The same as above, but use custom tftp-server instead machine running dnsmasq |
# The same as above, but use custom tftp-server instead machine running dnsmasq |
| #dhcp-boot=pxelinux,server.name,192.168.1.100 |
#dhcp-boot=pxelinux,server.name,192.168.1.100 |
| |
|
| # Boot for Etherboot gPXE. The idea is to send two different | # Boot for iPXE. The idea is to send two different |
| # filenames, the first loads gPXE, and the second tells gPXE what to | # filenames, the first loads iPXE, and the second tells iPXE what to |
| # load. The dhcp-match sets the gpxe tag for requests from gPXE. | # load. The dhcp-match sets the ipxe tag for requests from iPXE. |
| #dhcp-match=set:gpxe,175 # gPXE sends a 175 option. | #dhcp-boot=undionly.kpxe |
| #dhcp-boot=tag:!gpxe,undionly.kpxe | #dhcp-match=set:ipxe,175 # iPXE sends a 175 option. |
| #dhcp-boot=mybootimage | #dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php |
| |
|
| # Encapsulated options for Etherboot gPXE. All the options are | # Encapsulated options for iPXE. All the options are |
| # encapsulated within option 175 |
# encapsulated within option 175 |
| #dhcp-option=encap:175, 1, 5b # priority code |
#dhcp-option=encap:175, 1, 5b # priority code |
| #dhcp-option=encap:175, 176, 1b # no-proxydhcp |
#dhcp-option=encap:175, 176, 1b # no-proxydhcp |
|
Line 474
|
Line 501
|
| # Set the root directory for files available via FTP. |
# Set the root directory for files available via FTP. |
| #tftp-root=/var/ftpd |
#tftp-root=/var/ftpd |
| |
|
| |
# Do not abort if the tftp-root is unavailable |
| |
#tftp-no-fail |
| |
|
| # Make the TFTP server more secure: with this set, only files owned by |
# Make the TFTP server more secure: with this set, only files owned by |
| # the user dnsmasq is running as will be send over the net. |
# the user dnsmasq is running as will be send over the net. |
| #tftp-secure |
#tftp-secure |
|
Line 495
|
Line 525
|
| # (using /etc/hosts) then that name can be specified as the |
# (using /etc/hosts) then that name can be specified as the |
| # tftp_servername (the third option to dhcp-boot) and in that |
# tftp_servername (the third option to dhcp-boot) and in that |
| # case dnsmasq resolves this name and returns the resultant IP |
# case dnsmasq resolves this name and returns the resultant IP |
| # addresses in round robin fasion. This facility can be used to | # addresses in round robin fashion. This facility can be used to |
| # load balance the tftp load among a set of servers. |
# load balance the tftp load among a set of servers. |
| #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name |
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name |
| |
|
|
Line 517
|
Line 547
|
| # http://www.isc.org/files/auth.html |
# http://www.isc.org/files/auth.html |
| #dhcp-authoritative |
#dhcp-authoritative |
| |
|
| |
# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039. |
| |
# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit |
| |
# option with a DHCPACK including a Rapid Commit option and fully committed address |
| |
# and configuration information. This must only be enabled if either the server is |
| |
# the only server for the subnet, or multiple servers are present and they each |
| |
# commit a binding for all clients. |
| |
#dhcp-rapid-commit |
| |
|
| # Run an executable when a DHCP lease is created or destroyed. |
# Run an executable when a DHCP lease is created or destroyed. |
| # The arguments sent to the script are "add" or "del", |
# The arguments sent to the script are "add" or "del", |
| # then the MAC address, the IP address and finally the hostname |
# then the MAC address, the IP address and finally the hostname |
|
Line 628
|
Line 666
|
| # Include another lot of configuration options. |
# Include another lot of configuration options. |
| #conf-file=/etc/dnsmasq.more.conf |
#conf-file=/etc/dnsmasq.more.conf |
| #conf-dir=/etc/dnsmasq.d |
#conf-dir=/etc/dnsmasq.d |
| |
|
| |
# Include all the files in a directory except those ending in .bak |
| |
#conf-dir=/etc/dnsmasq.d,.bak |
| |
|
| |
# Include all files in a directory which end in .conf |
| |
#conf-dir=/etc/dnsmasq.d/,*.conf |
| |
|
| |
# If a DHCP client claims that its name is "wpad", ignore that. |
| |
# This fixes a security hole. see CERT Vulnerability VU#598349 |
| |
#dhcp-name-match=set:wpad-ignore,wpad |
| |
#dhcp-ignore-names=tag:wpad-ignore |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnsmasq.conf.example CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq