Annotation of embedaddon/dnsmasq/dnsmasq.conf.example, revision 1.1.1.5
1.1 misho 1: # Configuration file for dnsmasq.
2: #
3: # Format is one option per line, legal options are the same
4: # as the long options legal on the command line. See
5: # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
6:
7: # Listen on this specific port instead of the standard DNS port
8: # (53). Setting this to zero completely disables DNS function,
9: # leaving only DHCP and/or TFTP.
10: #port=5353
11:
12: # The following two options make you a better netizen, since they
13: # tell dnsmasq to filter out queries which the public DNS cannot
14: # answer, and which load the servers (especially the root servers)
15: # unnecessarily. If you have a dial-on-demand link they also stop
16: # these requests from bringing up the link unnecessarily.
17:
18: # Never forward plain names (without a dot or domain part)
19: #domain-needed
20: # Never forward addresses in the non-routed address spaces.
21: #bogus-priv
22:
1.1.1.2 misho 23: # Uncomment these to enable DNSSEC validation and caching:
24: # (Requires dnsmasq to be built with DNSSEC option.)
25: #conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
26: #dnssec
27:
28: # Replies which are not DNSSEC signed may be legitimate, because the domain
29: # is unsigned, or may be forgeries. Setting this option tells dnsmasq to
30: # check that an unsigned reply is OK, by finding a secure proof that a DS
31: # record somewhere between the root and the domain does not exist.
32: # The cost of setting this is that even queries in unsigned domains will need
33: # one or more extra DNS queries to verify.
34: #dnssec-check-unsigned
1.1 misho 35:
36: # Uncomment this to filter useless windows-originated DNS requests
37: # which can trigger dial-on-demand links needlessly.
38: # Note that (amongst other things) this blocks all SRV requests,
39: # so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
40: # This option only affects forwarding, SRV records originating for
41: # dnsmasq (via srv-host= lines) are not suppressed by it.
42: #filterwin2k
43:
44: # Change this line if you want dns to get its upstream servers from
45: # somewhere other that /etc/resolv.conf
46: #resolv-file=
47:
48: # By default, dnsmasq will send queries to any of the upstream
49: # servers it knows about and tries to favour servers to are known
50: # to be up. Uncommenting this forces dnsmasq to try each query
51: # with each server strictly in the order they appear in
52: # /etc/resolv.conf
53: #strict-order
54:
55: # If you don't want dnsmasq to read /etc/resolv.conf or any other
56: # file, getting its servers from this file instead (see below), then
57: # uncomment this.
58: #no-resolv
59:
60: # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
61: # files for changes and re-read them then uncomment this.
62: #no-poll
63:
64: # Add other name servers here, with domain specs if they are for
65: # non-public domains.
66: #server=/localnet/192.168.0.1
67:
68: # Example of routing PTR queries to nameservers: this will send all
69: # address->name queries for 192.168.3/24 to nameserver 10.1.2.3
70: #server=/3.168.192.in-addr.arpa/10.1.2.3
71:
72: # Add local-only domains here, queries in these domains are answered
73: # from /etc/hosts or DHCP only.
74: #local=/localnet/
75:
76: # Add domains which you want to force to an IP address here.
77: # The example below send any host in double-click.net to a local
78: # web-server.
79: #address=/double-click.net/127.0.0.1
80:
81: # --address (and --server) work with IPv6 addresses too.
82: #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
83:
84: # Add the IPs of all queries to yahoo.com, google.com, and their
85: # subdomains to the vpn and search ipsets:
86: #ipset=/yahoo.com/google.com/vpn,search
87:
1.1.1.5 ! misho 88: # Add the IPs of all queries to yahoo.com, google.com, and their
! 89: # subdomains to netfilters sets, which is equivalent to
! 90: # 'nft add element ip test vpn { ... }; nft add element ip test search { ... }'
! 91: #nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search
! 92:
! 93: # Use netfilters sets for both IPv4 and IPv6:
! 94: # This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses.
! 95: #nftset=/yahoo.com/4#ip#test#vpn4
! 96: #nftset=/yahoo.com/6#ip#test#vpn6
! 97:
1.1 misho 98: # You can control how dnsmasq talks to a server: this forces
99: # queries to 10.1.2.3 to be routed via eth1
100: # server=10.1.2.3@eth1
101:
102: # and this sets the source (ie local) address used to talk to
1.1.1.4 misho 103: # 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that
1.1 misho 104: # IP on the machine, obviously).
105: # server=10.1.2.3@192.168.1.1#55
106:
107: # If you want dnsmasq to change uid and gid to something other
108: # than the default, edit the following lines.
109: #user=
110: #group=
111:
112: # If you want dnsmasq to listen for DHCP and DNS requests only on
113: # specified interfaces (and the loopback) give the name of the
114: # interface (eg eth0) here.
115: # Repeat the line for more than one interface.
116: #interface=
117: # Or you can specify which interface _not_ to listen on
118: #except-interface=
119: # Or which to listen on by address (remember to include 127.0.0.1 if
120: # you use this.)
121: #listen-address=
122: # If you want dnsmasq to provide only DNS service on an interface,
123: # configure it as shown above, and then use the following line to
124: # disable DHCP and TFTP on it.
125: #no-dhcp-interface=
126:
127: # On systems which support it, dnsmasq binds the wildcard address,
128: # even when it is listening on only some interfaces. It then discards
129: # requests that it shouldn't reply to. This has the advantage of
130: # working even when interfaces come and go and change address. If you
131: # want dnsmasq to really bind only the interfaces it is listening on,
132: # uncomment this option. About the only time you may need this is when
133: # running another nameserver on the same machine.
134: #bind-interfaces
135:
136: # If you don't want dnsmasq to read /etc/hosts, uncomment the
137: # following line.
138: #no-hosts
139: # or if you want it to read another file, as well as /etc/hosts, use
140: # this.
141: #addn-hosts=/etc/banner_add_hosts
142:
143: # Set this (and domain: see below) if you want to have a domain
144: # automatically added to simple names in a hosts-file.
145: #expand-hosts
146:
147: # Set the domain for dnsmasq. this is optional, but if it is set, it
148: # does the following things.
149: # 1) Allows DHCP hosts to have fully qualified domain names, as long
150: # as the domain part matches this setting.
151: # 2) Sets the "domain" DHCP option thereby potentially setting the
152: # domain of all systems configured by DHCP
153: # 3) Provides the domain part for "expand-hosts"
154: #domain=thekelleys.org.uk
155:
156: # Set a different domain for a particular subnet
157: #domain=wireless.thekelleys.org.uk,192.168.2.0/24
158:
159: # Same idea, but range rather then subnet
160: #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
161:
162: # Uncomment this to enable the integrated DHCP server, you need
163: # to supply the range of addresses available for lease and optionally
164: # a lease time. If you have more than one network, you will need to
165: # repeat this for each network on which you want to supply DHCP
166: # service.
167: #dhcp-range=192.168.0.50,192.168.0.150,12h
168:
169: # This is an example of a DHCP range where the netmask is given. This
170: # is needed for networks we reach the dnsmasq DHCP server via a relay
171: # agent. If you don't know what a DHCP relay agent is, you probably
172: # don't need to worry about this.
173: #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
174:
175: # This is an example of a DHCP range which sets a tag, so that
176: # some DHCP options may be set only for this network.
177: #dhcp-range=set:red,192.168.0.50,192.168.0.150
178:
179: # Use this DHCP range only when the tag "green" is set.
180: #dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
181:
182: # Specify a subnet which can't be used for dynamic address allocation,
183: # is available for hosts with matching --dhcp-host lines. Note that
184: # dhcp-host declarations will be ignored unless there is a dhcp-range
185: # of some type for the subnet in question.
186: # In this case the netmask is implied (it comes from the network
187: # configuration on the machine running dnsmasq) it is possible to give
188: # an explicit netmask instead.
189: #dhcp-range=192.168.0.0,static
190:
191: # Enable DHCPv6. Note that the prefix-length does not need to be specified
192: # and defaults to 64 if missing/
193: #dhcp-range=1234::2, 1234::500, 64, 12h
194:
195: # Do Router Advertisements, BUT NOT DHCP for this subnet.
196: #dhcp-range=1234::, ra-only
197:
198: # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
199: # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
200: # hosts. Use the DHCPv4 lease to derive the name, network segment and
201: # MAC address and assume that the host will also have an
1.1.1.4 misho 202: # IPv6 address calculated using the SLAAC algorithm.
1.1 misho 203: #dhcp-range=1234::, ra-names
204:
205: # Do Router Advertisements, BUT NOT DHCP for this subnet.
206: # Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
207: #dhcp-range=1234::, ra-only, 48h
208:
209: # Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
210: # so that clients can use SLAAC addresses as well as DHCP ones.
211: #dhcp-range=1234::2, 1234::500, slaac
212:
213: # Do Router Advertisements and stateless DHCP for this subnet. Clients will
214: # not get addresses from DHCP, but they will get other configuration information.
215: # They will use SLAAC for addresses.
216: #dhcp-range=1234::, ra-stateless
217:
218: # Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
219: # from DHCPv4 leases.
220: #dhcp-range=1234::, ra-stateless, ra-names
221:
222: # Do router advertisements for all subnets where we're doing DHCPv6
1.1.1.4 misho 223: # Unless overridden by ra-stateless, ra-names, et al, the router
1.1 misho 224: # advertisements will have the M and O bits set, so that the clients
225: # get addresses and configuration from DHCPv6, and the A bit reset, so the
226: # clients don't use SLAAC addresses.
227: #enable-ra
228:
229: # Supply parameters for specified hosts using DHCP. There are lots
230: # of valid alternatives, so we will give examples of each. Note that
231: # IP addresses DO NOT have to be in the range given above, they just
232: # need to be on the same network. The order of the parameters in these
233: # do not matter, it's permissible to give name, address and MAC in any
234: # order.
235:
236: # Always allocate the host with Ethernet address 11:22:33:44:55:66
237: # The IP address 192.168.0.60
238: #dhcp-host=11:22:33:44:55:66,192.168.0.60
239:
240: # Always set the name of the host with hardware address
241: # 11:22:33:44:55:66 to be "fred"
242: #dhcp-host=11:22:33:44:55:66,fred
243:
244: # Always give the host with Ethernet address 11:22:33:44:55:66
245: # the name fred and IP address 192.168.0.60 and lease time 45 minutes
246: #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
247:
248: # Give a host with Ethernet address 11:22:33:44:55:66 or
249: # 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
250: # that these two Ethernet interfaces will never be in use at the same
251: # time, and give the IP address to the second, even if it is already
252: # in use by the first. Useful for laptops with wired and wireless
253: # addresses.
254: #dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
255:
256: # Give the machine which says its name is "bert" IP address
257: # 192.168.0.70 and an infinite lease
258: #dhcp-host=bert,192.168.0.70,infinite
259:
260: # Always give the host with client identifier 01:02:02:04
261: # the IP address 192.168.0.60
262: #dhcp-host=id:01:02:02:04,192.168.0.60
263:
1.1.1.4 misho 264: # Always give the InfiniBand interface with hardware address
1.1.1.3 misho 265: # 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the
266: # ip address 192.168.0.61. The client id is derived from the prefix
267: # ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of
268: # hex digits of the hardware address.
269: #dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61
270:
1.1 misho 271: # Always give the host with client identifier "marjorie"
272: # the IP address 192.168.0.60
273: #dhcp-host=id:marjorie,192.168.0.60
274:
275: # Enable the address given for "judge" in /etc/hosts
276: # to be given to a machine presenting the name "judge" when
277: # it asks for a DHCP lease.
278: #dhcp-host=judge
279:
280: # Never offer DHCP service to a machine whose Ethernet
281: # address is 11:22:33:44:55:66
282: #dhcp-host=11:22:33:44:55:66,ignore
283:
284: # Ignore any client-id presented by the machine with Ethernet
285: # address 11:22:33:44:55:66. This is useful to prevent a machine
286: # being treated differently when running under different OS's or
287: # between PXE boot and OS boot.
288: #dhcp-host=11:22:33:44:55:66,id:*
289:
290: # Send extra options which are tagged as "red" to
291: # the machine with Ethernet address 11:22:33:44:55:66
292: #dhcp-host=11:22:33:44:55:66,set:red
293:
294: # Send extra options which are tagged as "red" to
295: # any machine with Ethernet address starting 11:22:33:
296: #dhcp-host=11:22:33:*:*:*,set:red
297:
298: # Give a fixed IPv6 address and name to client with
299: # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
300: # Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
1.1.1.4 misho 301: # Note also that the [] around the IPv6 address are obligatory.
1.1 misho 302: #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
303:
304: # Ignore any clients which are not specified in dhcp-host lines
305: # or /etc/ethers. Equivalent to ISC "deny unknown-clients".
306: # This relies on the special "known" tag which is set when
307: # a host is matched.
308: #dhcp-ignore=tag:!known
309:
310: # Send extra options which are tagged as "red" to any machine whose
311: # DHCP vendorclass string includes the substring "Linux"
312: #dhcp-vendorclass=set:red,Linux
313:
314: # Send extra options which are tagged as "red" to any machine one
315: # of whose DHCP userclass strings includes the substring "accounts"
316: #dhcp-userclass=set:red,accounts
317:
318: # Send extra options which are tagged as "red" to any machine whose
319: # MAC address matches the pattern.
320: #dhcp-mac=set:red,00:60:8C:*:*:*
321:
322: # If this line is uncommented, dnsmasq will read /etc/ethers and act
323: # on the ethernet-address/IP pairs found there just as if they had
324: # been given as --dhcp-host options. Useful if you keep
325: # MAC-address/host mappings there for other purposes.
326: #read-ethers
327:
328: # Send options to hosts which ask for a DHCP lease.
329: # See RFC 2132 for details of available options.
330: # Common options can be given to dnsmasq by name:
331: # run "dnsmasq --help dhcp" to get a list.
332: # Note that all the common settings, such as netmask and
333: # broadcast address, DNS server and default route, are given
334: # sane defaults by dnsmasq. You very likely will not need
335: # any dhcp-options. If you use Windows clients and Samba, there
336: # are some options which are recommended, they are detailed at the
337: # end of this section.
338:
339: # Override the default route supplied by dnsmasq, which assumes the
340: # router is the same machine as the one running dnsmasq.
341: #dhcp-option=3,1.2.3.4
342:
343: # Do the same thing, but using the option name
344: #dhcp-option=option:router,1.2.3.4
345:
346: # Override the default route supplied by dnsmasq and send no default
347: # route at all. Note that this only works for the options sent by
348: # default (1, 3, 6, 12, 28) the same line will send a zero-length option
349: # for all other option numbers.
350: #dhcp-option=3
351:
352: # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
353: #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
354:
355: # Send DHCPv6 option. Note [] around IPv6 addresses.
356: #dhcp-option=option6:dns-server,[1234::77],[1234::88]
357:
358: # Send DHCPv6 option for namservers as the machine running
359: # dnsmasq and another.
360: #dhcp-option=option6:dns-server,[::],[1234::88]
361:
362: # Ask client to poll for option changes every six hours. (RFC4242)
363: #dhcp-option=option6:information-refresh-time,6h
364:
1.1.1.3 misho 365: # Set option 58 client renewal time (T1). Defaults to half of the
366: # lease time if not specified. (RFC2132)
1.1.1.4 misho 367: #dhcp-option=option:T1,1m
1.1.1.3 misho 368:
369: # Set option 59 rebinding time (T2). Defaults to 7/8 of the
370: # lease time if not specified. (RFC2132)
1.1.1.4 misho 371: #dhcp-option=option:T2,2m
1.1.1.3 misho 372:
1.1 misho 373: # Set the NTP time server address to be the same machine as
374: # is running dnsmasq
375: #dhcp-option=42,0.0.0.0
376:
377: # Set the NIS domain name to "welly"
378: #dhcp-option=40,welly
379:
380: # Set the default time-to-live to 50
381: #dhcp-option=23,50
382:
383: # Set the "all subnets are local" flag
384: #dhcp-option=27,1
385:
386: # Send the etherboot magic flag and then etherboot options (a string).
387: #dhcp-option=128,e4:45:74:68:00:00
388: #dhcp-option=129,NIC=eepro100
389:
390: # Specify an option which will only be sent to the "red" network
391: # (see dhcp-range for the declaration of the "red" network)
392: # Note that the tag: part must precede the option: part.
393: #dhcp-option = tag:red, option:ntp-server, 192.168.1.1
394:
395: # The following DHCP options set up dnsmasq in the same way as is specified
396: # for the ISC dhcpcd in
1.1.1.5 ! misho 397: # https://web.archive.org/web/20040313070105/http://us1.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
1.1 misho 398: # adapted for a typical dnsmasq installation where the host running
399: # dnsmasq is also the host running samba.
400: # you may want to uncomment some or all of them if you use
401: # Windows clients and Samba.
402: #dhcp-option=19,0 # option ip-forwarding off
403: #dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
404: #dhcp-option=45,0.0.0.0 # netbios datagram distribution server
405: #dhcp-option=46,8 # netbios node type
406:
407: # Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
408: #dhcp-option=252,"\n"
409:
410: # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
411: # probably doesn't support this......
412: #dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
413:
414: # Send RFC-3442 classless static routes (note the netmask encoding)
415: #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
416:
417: # Send vendor-class specific options encapsulated in DHCP option 43.
418: # The meaning of the options is defined by the vendor-class so
419: # options are sent only when the client supplied vendor class
420: # matches the class given here. (A substring match is OK, so "MSFT"
421: # matches "MSFT" and "MSFT 5.0"). This example sets the
422: # mtftp address to 0.0.0.0 for PXEClients.
423: #dhcp-option=vendor:PXEClient,1,0.0.0.0
424:
425: # Send microsoft-specific option to tell windows to release the DHCP lease
426: # when it shuts down. Note the "i" flag, to tell dnsmasq to send the
427: # value as a four-byte integer - that's what microsoft wants. See
428: # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
429: #dhcp-option=vendor:MSFT,2,1i
430:
431: # Send the Encapsulated-vendor-class ID needed by some configurations of
432: # Etherboot to allow is to recognise the DHCP server.
433: #dhcp-option=vendor:Etherboot,60,"Etherboot"
434:
435: # Send options to PXELinux. Note that we need to send the options even
436: # though they don't appear in the parameter request list, so we need
437: # to use dhcp-option-force here.
438: # See http://syslinux.zytor.com/pxe.php#special for details.
439: # Magic number - needed before anything else is recognised
440: #dhcp-option-force=208,f1:00:74:7e
441: # Configuration file name
442: #dhcp-option-force=209,configs/common
443: # Path prefix
444: #dhcp-option-force=210,/tftpboot/pxelinux/files/
445: # Reboot time. (Note 'i' to send 32-bit value)
446: #dhcp-option-force=211,30i
447:
448: # Set the boot filename for netboot/PXE. You will only need
1.1.1.4 misho 449: # this if you want to boot machines over the network and you will need
450: # a TFTP server; either dnsmasq's built-in TFTP server or an
1.1 misho 451: # external one. (See below for how to enable the TFTP server.)
452: #dhcp-boot=pxelinux.0
453:
454: # The same as above, but use custom tftp-server instead machine running dnsmasq
455: #dhcp-boot=pxelinux,server.name,192.168.1.100
456:
1.1.1.4 misho 457: # Boot for iPXE. The idea is to send two different
458: # filenames, the first loads iPXE, and the second tells iPXE what to
459: # load. The dhcp-match sets the ipxe tag for requests from iPXE.
460: #dhcp-boot=undionly.kpxe
461: #dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
462: #dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php
1.1 misho 463:
1.1.1.4 misho 464: # Encapsulated options for iPXE. All the options are
1.1 misho 465: # encapsulated within option 175
466: #dhcp-option=encap:175, 1, 5b # priority code
467: #dhcp-option=encap:175, 176, 1b # no-proxydhcp
468: #dhcp-option=encap:175, 177, string # bus-id
469: #dhcp-option=encap:175, 189, 1b # BIOS drive code
470: #dhcp-option=encap:175, 190, user # iSCSI username
471: #dhcp-option=encap:175, 191, pass # iSCSI password
472:
473: # Test for the architecture of a netboot client. PXE clients are
474: # supposed to send their architecture as option 93. (See RFC 4578)
475: #dhcp-match=peecees, option:client-arch, 0 #x86-32
476: #dhcp-match=itanics, option:client-arch, 2 #IA64
477: #dhcp-match=hammers, option:client-arch, 6 #x86-64
478: #dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
479:
480: # Do real PXE, rather than just booting a single file, this is an
481: # alternative to dhcp-boot.
482: #pxe-prompt="What system shall I netboot?"
483: # or with timeout before first available action is taken:
484: #pxe-prompt="Press F8 for menu.", 60
485:
486: # Available boot services. for PXE.
487: #pxe-service=x86PC, "Boot from local disk"
488:
489: # Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
490: #pxe-service=x86PC, "Install Linux", pxelinux
491:
492: # Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
493: # Beware this fails on old PXE ROMS.
494: #pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
495:
496: # Use bootserver on network, found my multicast or broadcast.
497: #pxe-service=x86PC, "Install windows from RIS server", 1
498:
499: # Use bootserver at a known IP address.
500: #pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
501:
502: # If you have multicast-FTP available,
503: # information for that can be passed in a similar way using options 1
504: # to 5. See page 19 of
505: # http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
506:
507:
508: # Enable dnsmasq's built-in TFTP server
509: #enable-tftp
510:
511: # Set the root directory for files available via FTP.
512: #tftp-root=/var/ftpd
513:
1.1.1.3 misho 514: # Do not abort if the tftp-root is unavailable
515: #tftp-no-fail
516:
1.1 misho 517: # Make the TFTP server more secure: with this set, only files owned by
518: # the user dnsmasq is running as will be send over the net.
519: #tftp-secure
520:
521: # This option stops dnsmasq from negotiating a larger blocksize for TFTP
522: # transfers. It will slow things down, but may rescue some broken TFTP
523: # clients.
524: #tftp-no-blocksize
525:
526: # Set the boot file name only when the "red" tag is set.
527: #dhcp-boot=tag:red,pxelinux.red-net
528:
529: # An example of dhcp-boot with an external TFTP server: the name and IP
530: # address of the server are given after the filename.
531: # Can fail with old PXE ROMS. Overridden by --pxe-service.
532: #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
533:
534: # If there are multiple external tftp servers having a same name
535: # (using /etc/hosts) then that name can be specified as the
536: # tftp_servername (the third option to dhcp-boot) and in that
537: # case dnsmasq resolves this name and returns the resultant IP
1.1.1.4 misho 538: # addresses in round robin fashion. This facility can be used to
1.1 misho 539: # load balance the tftp load among a set of servers.
540: #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
541:
542: # Set the limit on DHCP leases, the default is 150
543: #dhcp-lease-max=150
544:
545: # The DHCP server needs somewhere on disk to keep its lease database.
546: # This defaults to a sane location, but if you want to change it, use
547: # the line below.
548: #dhcp-leasefile=/var/lib/misc/dnsmasq.leases
549:
550: # Set the DHCP server to authoritative mode. In this mode it will barge in
551: # and take over the lease for any client which broadcasts on the network,
552: # whether it has a record of the lease or not. This avoids long timeouts
553: # when a machine wakes up on a new network. DO NOT enable this if there's
554: # the slightest chance that you might end up accidentally configuring a DHCP
555: # server for your campus/company accidentally. The ISC server uses
556: # the same option, and this URL provides more information:
557: # http://www.isc.org/files/auth.html
558: #dhcp-authoritative
559:
1.1.1.4 misho 560: # Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039.
561: # In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit
562: # option with a DHCPACK including a Rapid Commit option and fully committed address
563: # and configuration information. This must only be enabled if either the server is
564: # the only server for the subnet, or multiple servers are present and they each
565: # commit a binding for all clients.
566: #dhcp-rapid-commit
567:
1.1 misho 568: # Run an executable when a DHCP lease is created or destroyed.
569: # The arguments sent to the script are "add" or "del",
570: # then the MAC address, the IP address and finally the hostname
571: # if there is one.
572: #dhcp-script=/bin/echo
573:
574: # Set the cachesize here.
575: #cache-size=150
576:
577: # If you want to disable negative caching, uncomment this.
578: #no-negcache
579:
580: # Normally responses which come from /etc/hosts and the DHCP lease
581: # file have Time-To-Live set as zero, which conventionally means
582: # do not cache further. If you are happy to trade lower load on the
583: # server for potentially stale date, you can set a time-to-live (in
584: # seconds) here.
585: #local-ttl=
586:
587: # If you want dnsmasq to detect attempts by Verisign to send queries
588: # to unregistered .com and .net hosts to its sitefinder service and
589: # have dnsmasq instead return the correct NXDOMAIN response, uncomment
590: # this line. You can add similar lines to do the same for other
591: # registries which have implemented wildcard A records.
592: #bogus-nxdomain=64.94.110.11
593:
594: # If you want to fix up DNS results from upstream servers, use the
595: # alias option. This only works for IPv4.
596: # This alias makes a result of 1.2.3.4 appear as 5.6.7.8
597: #alias=1.2.3.4,5.6.7.8
598: # and this maps 1.2.3.x to 5.6.7.x
599: #alias=1.2.3.0,5.6.7.0,255.255.255.0
600: # and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
601: #alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
602:
603: # Change these lines if you want dnsmasq to serve MX records.
604:
605: # Return an MX record named "maildomain.com" with target
606: # servermachine.com and preference 50
607: #mx-host=maildomain.com,servermachine.com,50
608:
609: # Set the default target for MX records created using the localmx option.
610: #mx-target=servermachine.com
611:
612: # Return an MX record pointing to the mx-target for all local
613: # machines.
614: #localmx
615:
616: # Return an MX record pointing to itself for all local machines.
617: #selfmx
618:
619: # Change the following lines if you want dnsmasq to serve SRV
620: # records. These are useful if you want to serve ldap requests for
621: # Active Directory and other windows-originated DNS requests.
622: # See RFC 2782.
623: # You may add multiple srv-host lines.
624: # The fields are <name>,<target>,<port>,<priority>,<weight>
625: # If the domain part if missing from the name (so that is just has the
626: # service and protocol sections) then the domain given by the domain=
627: # config option is used. (Note that expand-hosts does not need to be
628: # set for this to work.)
629:
630: # A SRV record sending LDAP for the example.com domain to
631: # ldapserver.example.com port 389
632: #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
633:
634: # A SRV record sending LDAP for the example.com domain to
635: # ldapserver.example.com port 389 (using domain=)
636: #domain=example.com
637: #srv-host=_ldap._tcp,ldapserver.example.com,389
638:
639: # Two SRV records for LDAP, each with different priorities
640: #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
641: #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
642:
643: # A SRV record indicating that there is no LDAP server for the domain
644: # example.com
645: #srv-host=_ldap._tcp.example.com
646:
647: # The following line shows how to make dnsmasq serve an arbitrary PTR
648: # record. This is useful for DNS-SD. (Note that the
649: # domain-name expansion done for SRV records _does_not
650: # occur for PTR records.)
651: #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
652:
653: # Change the following lines to enable dnsmasq to serve TXT records.
654: # These are used for things like SPF and zeroconf. (Note that the
655: # domain-name expansion done for SRV records _does_not
656: # occur for TXT records.)
657:
658: #Example SPF.
659: #txt-record=example.com,"v=spf1 a -all"
660:
661: #Example zeroconf
662: #txt-record=_http._tcp.example.com,name=value,paper=A4
663:
664: # Provide an alias for a "local" DNS name. Note that this _only_ works
665: # for targets which are names from DHCP or /etc/hosts. Give host
666: # "bert" another name, bertrand
667: #cname=bertand,bert
668:
669: # For debugging purposes, log each DNS query as it passes through
670: # dnsmasq.
671: #log-queries
672:
673: # Log lots of extra information about DHCP transactions.
674: #log-dhcp
675:
676: # Include another lot of configuration options.
677: #conf-file=/etc/dnsmasq.more.conf
678: #conf-dir=/etc/dnsmasq.d
1.1.1.3 misho 679:
680: # Include all the files in a directory except those ending in .bak
681: #conf-dir=/etc/dnsmasq.d,.bak
682:
683: # Include all files in a directory which end in .conf
684: #conf-dir=/etc/dnsmasq.d/,*.conf
1.1.1.4 misho 685:
686: # If a DHCP client claims that its name is "wpad", ignore that.
687: # This fixes a security hole. see CERT Vulnerability VU#598349
688: #dhcp-name-match=set:wpad-ignore,wpad
689: #dhcp-ignore-names=tag:wpad-ignore
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnsmasq.conf.example CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq