|
version 1.1.1.2, 2014/06/15 16:31:38
|
version 1.1.1.3, 2016/11/02 09:57:01
|
|
Line 42 the configuration file.
|
Line 42 the configuration file.
|
| Read and syntax check configuration file(s). Exit with code 0 if all |
Read and syntax check configuration file(s). Exit with code 0 if all |
| is OK, or a non-zero code otherwise. Do not start up dnsmasq. |
is OK, or a non-zero code otherwise. Do not start up dnsmasq. |
| .TP |
.TP |
| |
.B \-w, --help |
| |
Display all command-line options. |
| |
.B --help dhcp |
| |
will display known DHCPv4 configuration options, and |
| |
.B --help dhcp6 |
| |
will display DHCPv6 options. |
| |
.TP |
| .B \-h, --no-hosts |
.B \-h, --no-hosts |
| Don't read the hostnames in /etc/hosts. |
Don't read the hostnames in /etc/hosts. |
| .TP |
.TP |
|
Line 50 Additional hosts file. Read the specified file as well
|
Line 57 Additional hosts file. Read the specified file as well
|
| only the specified file. This option may be repeated for more than one |
only the specified file. This option may be repeated for more than one |
| additional hosts file. If a directory is given, then read all the files contained in that directory. |
additional hosts file. If a directory is given, then read all the files contained in that directory. |
| .TP |
.TP |
| |
.B --hostsdir=<path> |
| |
Read all the hosts files contained in the directory. New or changed files |
| |
are read automatically. See --dhcp-hostsdir for details. |
| |
.TP |
| .B \-E, --expand-hosts |
.B \-E, --expand-hosts |
| Add the domain to simple names (without a period) in /etc/hosts |
Add the domain to simple names (without a period) in /etc/hosts |
| in the same way as for DHCP-derived names. Note that this does not |
in the same way as for DHCP-derived names. Note that this does not |
| apply to domain names in cnames, PTR records, TXT records etc. |
apply to domain names in cnames, PTR records, TXT records etc. |
| .TP |
.TP |
| .B \-T, --local-ttl=<time> |
.B \-T, --local-ttl=<time> |
| When replying with information from /etc/hosts or the DHCP leases | When replying with information from /etc/hosts or configuration or the DHCP leases |
| file dnsmasq by default sets the time-to-live field to zero, meaning |
file dnsmasq by default sets the time-to-live field to zero, meaning |
| that the requester should not itself cache the information. This is |
that the requester should not itself cache the information. This is |
| the correct thing to do in almost all situations. This option allows a |
the correct thing to do in almost all situations. This option allows a |
|
Line 64 time-to-live (in seconds) to be given for these replie
|
Line 75 time-to-live (in seconds) to be given for these replie
|
| reduce the load on the server at the expense of clients using stale |
reduce the load on the server at the expense of clients using stale |
| data under some circumstances. |
data under some circumstances. |
| .TP |
.TP |
| |
.B --dhcp-ttl=<time> |
| |
As for --local-ttl, but affects only replies with information from DHCP leases. If both are given, --dhcp-ttl applies for DHCP information, and --local-ttl for others. Setting this to zero eliminates the effect of --local-ttl for DHCP. |
| |
.TP |
| .B --neg-ttl=<time> |
.B --neg-ttl=<time> |
| Negative replies from upstream servers normally contain time-to-live |
Negative replies from upstream servers normally contain time-to-live |
| information in SOA records which dnsmasq uses for caching. If the |
information in SOA records which dnsmasq uses for caching. If the |
|
Line 81 the upstream DNS servers.
|
Line 95 the upstream DNS servers.
|
| .B --max-cache-ttl=<time> |
.B --max-cache-ttl=<time> |
| Set a maximum TTL value for entries in the cache. |
Set a maximum TTL value for entries in the cache. |
| .TP |
.TP |
| |
.B --min-cache-ttl=<time> |
| |
Extend short TTL values to the time given when caching them. Note that |
| |
artificially extending TTL values is in general a bad idea, do not do it |
| |
unless you have a good reason, and understand what you are doing. |
| |
Dnsmasq limits the value of this option to one hour, unless recompiled. |
| |
.TP |
| .B --auth-ttl=<time> |
.B --auth-ttl=<time> |
| Set the TTL value returned in answers from the authoritative server. |
Set the TTL value returned in answers from the authoritative server. |
| .TP |
.TP |
|
Line 98 only, to stop dnsmasq daemonising in production, use
|
Line 118 only, to stop dnsmasq daemonising in production, use
|
| .B -k. |
.B -k. |
| .TP |
.TP |
| .B \-q, --log-queries |
.B \-q, --log-queries |
| Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on receipt of SIGUSR1. | Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on receipt of SIGUSR1. If the argument "extra" is supplied, ie |
| | .B --log-queries=extra |
| | then the log has extra information at the start of each line. |
| | This consists of a serial number which ties together the log lines associated with an individual query, and the IP address of the requestor. |
| .TP |
.TP |
| .B \-8, --log-facility=<facility> |
.B \-8, --log-facility=<facility> |
| Set the facility to which dnsmasq will send syslog entries, this |
Set the facility to which dnsmasq will send syslog entries, this |
|
Line 161 queries. Dnsmasq picks random ports as source for outb
|
Line 184 queries. Dnsmasq picks random ports as source for outb
|
| when this option is given, the ports used will always to larger |
when this option is given, the ports used will always to larger |
| than that specified. Useful for systems behind firewalls. |
than that specified. Useful for systems behind firewalls. |
| .TP |
.TP |
| |
.B --max-port=<port> |
| |
Use ports lower than that given as source for outbound DNS queries. |
| |
Dnsmasq picks random ports as source for outbound queries: |
| |
when this option is given, the ports used will always be lower |
| |
than that specified. Useful for systems behind firewalls. |
| |
.TP |
| |
|
| .B \-i, --interface=<interface name> |
.B \-i, --interface=<interface name> |
| Listen only on the specified interface(s). Dnsmasq automatically adds |
Listen only on the specified interface(s). Dnsmasq automatically adds |
| the loopback (local) interface to the list of interfaces to use when |
the loopback (local) interface to the list of interfaces to use when |
|
Line 293 an advertising web page in response to queries for unr
|
Line 323 an advertising web page in response to queries for unr
|
| instead of the correct NXDOMAIN response. This option tells dnsmasq to |
instead of the correct NXDOMAIN response. This option tells dnsmasq to |
| fake the correct response when it sees this behaviour. As at Sept 2003 |
fake the correct response when it sees this behaviour. As at Sept 2003 |
| the IP address being returned by Verisign is 64.94.110.11 |
the IP address being returned by Verisign is 64.94.110.11 |
| |
.TP |
| |
.B --ignore-address=<ipaddr> |
| |
Ignore replies to A-record queries which include the specified address. |
| |
No error is generated, dnsmasq simply continues to listen for another reply. |
| |
This is useful to defeat blocking strategies which rely on quickly supplying a |
| |
forged answer to a DNS request for certain domain, before the correct answer can arrive. |
| .TP |
.TP |
| .B \-f, --filterwin2k |
.B \-f, --filterwin2k |
| Later versions of windows make periodic DNS requests which don't get sensible answers from |
Later versions of windows make periodic DNS requests which don't get sensible answers from |
|
Line 334 it will send queries to just one server. Setting this
|
Line 370 it will send queries to just one server. Setting this
|
| dnsmasq to send all queries to all available servers. The reply from |
dnsmasq to send all queries to all available servers. The reply from |
| the server which answers first will be returned to the original requester. |
the server which answers first will be returned to the original requester. |
| .TP |
.TP |
| |
.B --dns-loop-detect |
| |
Enable code to detect DNS forwarding loops; ie the situation where a query sent to one |
| |
of the upstream server eventually returns as a new query to the dnsmasq instance. The |
| |
process works by generating TXT queries of the form <hex>.test and sending them to |
| |
each upstream server. The hex is a UID which encodes the instance of dnsmasq sending the query |
| |
and the upstream server to which it was sent. If the query returns to the server which sent it, then |
| |
the upstream server through which it was sent is disabled and this event is logged. Each time the |
| |
set of upstream servers changes, the test is re-run on all of them, including ones which |
| |
were previously disabled. |
| |
.TP |
| .B --stop-dns-rebind |
.B --stop-dns-rebind |
| Reject (and log) addresses from upstream nameservers which are in the |
Reject (and log) addresses from upstream nameservers which are in the |
| private IP ranges. This blocks an attack where a browser behind a |
private IP ranges. This blocks an attack where a browser behind a |
|
Line 376 xxx.internal.thekelleys.org.uk at 192.168.1.1 then giv
|
Line 422 xxx.internal.thekelleys.org.uk at 192.168.1.1 then giv
|
| .B -S /internal.thekelleys.org.uk/192.168.1.1 |
.B -S /internal.thekelleys.org.uk/192.168.1.1 |
| will send all queries for |
will send all queries for |
| internal machines to that nameserver, everything else will go to the |
internal machines to that nameserver, everything else will go to the |
| servers in /etc/resolv.conf. An empty domain specification, | servers in /etc/resolv.conf. DNSSEC validation is turned off for such |
| | private nameservers, UNLESS a |
| | .B --trust-anchor |
| | is specified for the domain in question. An empty domain specification, |
| .B // |
.B // |
| has the special meaning of "unqualified names only" ie names without any |
has the special meaning of "unqualified names only" ie names without any |
| dots in them. A non-standard port may be specified as |
dots in them. A non-standard port may be specified as |
|
Line 431 but provides some syntactic sugar to make specifying a
|
Line 480 but provides some syntactic sugar to make specifying a
|
| is exactly equivalent to |
is exactly equivalent to |
| .B --server=/3.2.1.in-addr.arpa/192.168.0.1 |
.B --server=/3.2.1.in-addr.arpa/192.168.0.1 |
| .TP |
.TP |
| .B \-A, --address=/<domain>/[domain/]<ipaddr> | .B \-A, --address=/<domain>/[domain/][<ipaddr>] |
| Specify an IP address to return for any host in the given domains. |
Specify an IP address to return for any host in the given domains. |
| Queries in the domains are never forwarded and always replied to |
Queries in the domains are never forwarded and always replied to |
| with the specified IP address which may be IPv4 or IPv6. To give |
with the specified IP address which may be IPv4 or IPv6. To give |
|
Line 443 domain specification works in the same was as for --se
|
Line 492 domain specification works in the same was as for --se
|
| additional facility that /#/ matches any domain. Thus |
additional facility that /#/ matches any domain. Thus |
| --address=/#/1.2.3.4 will always return 1.2.3.4 for any query not |
--address=/#/1.2.3.4 will always return 1.2.3.4 for any query not |
| answered from /etc/hosts or DHCP and not sent to an upstream |
answered from /etc/hosts or DHCP and not sent to an upstream |
| nameserver by a more specific --server directive. | nameserver by a more specific --server directive. As for --server, |
| | one or more domains with no address returns a no-such-domain answer, so |
| | --address=/example.com/ is equivalent to --server=/example.com/ and returns |
| | NXDOMAIN for example.com and all its subdomains. |
| .TP |
.TP |
| .B --ipset=/<domain>/[domain/]<ipset>[,<ipset>] |
.B --ipset=/<domain>/[domain/]<ipset>[,<ipset>] |
| Places the resolved IP addresses of queries for the specified domains |
Places the resolved IP addresses of queries for the specified domains |
|
Line 487 zone files: the port, weight and priority numbers are
|
Line 539 zone files: the port, weight and priority numbers are
|
| order. More than one SRV record for a given service/domain is allowed, |
order. More than one SRV record for a given service/domain is allowed, |
| all that match are returned. |
all that match are returned. |
| .TP |
.TP |
| .B --host-record=<name>[,<name>....][<IPv4-address>],[<IPv6-address>] | .B --host-record=<name>[,<name>....],[<IPv4-address>],[<IPv6-address>][,<TTL>] |
| Add A, AAAA and PTR records to the DNS. This adds one or more names to |
Add A, AAAA and PTR records to the DNS. This adds one or more names to |
| the DNS with associated IPv4 (A) and IPv6 (AAAA) records. A name may |
the DNS with associated IPv4 (A) and IPv6 (AAAA) records. A name may |
| appear in more than one |
appear in more than one |
|
Line 504 is in effect. Short and long names may appear in the s
|
Line 556 is in effect. Short and long names may appear in the s
|
| .B host-record, |
.B host-record, |
| eg. |
eg. |
| .B --host-record=laptop,laptop.thekelleys.org,192.168.0.1,1234::100 |
.B --host-record=laptop,laptop.thekelleys.org,192.168.0.1,1234::100 |
| |
|
| |
If the time-to-live is given, it overrides the default, which is zero |
| |
or the value of --local-ttl. The value is a positive integer and gives |
| |
the time-to-live in seconds. |
| .TP |
.TP |
| .B \-Y, --txt-record=<name>[[,<text>],<text>] |
.B \-Y, --txt-record=<name>[[,<text>],<text>] |
| Return a TXT DNS record. The value of TXT record is a set of strings, |
Return a TXT DNS record. The value of TXT record is a set of strings, |
|
Line 517 Return a PTR DNS record.
|
Line 573 Return a PTR DNS record.
|
| .B --naptr-record=<name>,<order>,<preference>,<flags>,<service>,<regexp>[,<replacement>] |
.B --naptr-record=<name>,<order>,<preference>,<flags>,<service>,<regexp>[,<replacement>] |
| Return an NAPTR DNS record, as specified in RFC3403. |
Return an NAPTR DNS record, as specified in RFC3403. |
| .TP |
.TP |
| .B --cname=<cname>,<target> | .B --cname=<cname>,<target>[,<TTL>] |
| Return a CNAME record which indicates that <cname> is really |
Return a CNAME record which indicates that <cname> is really |
| <target>. There are significant limitations on the target; it must be a |
<target>. There are significant limitations on the target; it must be a |
| DNS name which is known to dnsmasq from /etc/hosts (or additional |
DNS name which is known to dnsmasq from /etc/hosts (or additional |
|
Line 526 hosts files), from DHCP, from --interface-name or from
|
Line 582 hosts files), from DHCP, from --interface-name or from
|
| If the target does not satisfy this |
If the target does not satisfy this |
| criteria, the whole cname is ignored. The cname must be unique, but it |
criteria, the whole cname is ignored. The cname must be unique, but it |
| is permissable to have more than one cname pointing to the same target. |
is permissable to have more than one cname pointing to the same target. |
| |
|
| |
If the time-to-live is given, it overrides the default, which is zero |
| |
or the value of -local-ttl. The value is a positive integer and gives |
| |
the time-to-live in seconds. |
| .TP |
.TP |
| .B --dns-rr=<name>,<RR-number>,[<hex data>] |
.B --dns-rr=<name>,<RR-number>,[<hex data>] |
| Return an arbitrary DNS Resource Record. The number is the type of the |
Return an arbitrary DNS Resource Record. The number is the type of the |
|
Line 562 configured a zero is added in front of the label. ::1
|
Line 622 configured a zero is added in front of the label. ::1
|
| The address range can be of the form |
The address range can be of the form |
| <ip address>,<ip address> or <ip address>/<netmask> |
<ip address>,<ip address> or <ip address>/<netmask> |
| .TP |
.TP |
| .B --add-mac | .B --add-mac[=base64|text] |
| Add the MAC address of the requestor to DNS queries which are |
Add the MAC address of the requestor to DNS queries which are |
| forwarded upstream. This may be used to DNS filtering by the upstream |
forwarded upstream. This may be used to DNS filtering by the upstream |
| server. The MAC address can only be added if the requestor is on the same |
server. The MAC address can only be added if the requestor is on the same |
|
Line 570 subnet as the dnsmasq server. Note that the mechanism
|
Line 630 subnet as the dnsmasq server. Note that the mechanism
|
| is not yet standardised, so this should be considered |
is not yet standardised, so this should be considered |
| experimental. Also note that exposing MAC addresses in this way may |
experimental. Also note that exposing MAC addresses in this way may |
| have security and privacy implications. The warning about caching |
have security and privacy implications. The warning about caching |
| given for --add-subnet applies to --add-mac too. | given for --add-subnet applies to --add-mac too. An alternative encoding of the |
| | MAC, as base64, is enabled by adding the "base64" parameter and a human-readable encoding of hex-and-colons is enabled by added the "text" parameter. |
| | .TP |
| | .B --add-cpe-id=<string> |
| | Add a arbitrary identifying string to o DNS queries which are |
| | forwarded upstream. |
| .TP |
.TP |
| .B --add-subnet[[=<IPv4 prefix length>],<IPv6 prefix length>] | .B --add-subnet[[=[<IPv4 address>/]<IPv4 prefix length>][,[<IPv6 address>/]<IPv6 prefix length>]] |
| Add the subnet address of the requestor to the DNS queries which are | Add a subnet address to the DNS queries which are forwarded |
| forwarded upstream. The amount of the address forwarded depends on the | upstream. If an address is specified in the flag, it will be used, |
| prefix length parameter: 32 (128 for IPv6) forwards the whole address, | otherwise, the address of the requestor will be used. The amount of |
| zero forwards none of it but still marks the request so that no | the address forwarded depends on the prefix length parameter: 32 (128 |
| upstream nameserver will add client address information either. The | for IPv6) forwards the whole address, zero forwards none of it but |
| default is zero for both IPv4 and IPv6. Note that upstream nameservers | still marks the request so that no upstream nameserver will add client |
| may be configured to return different results based on this | address information either. The default is zero for both IPv4 and |
| information, but the dnsmasq cache does not take account. If a dnsmasq | IPv6. Note that upstream nameservers may be configured to return |
| instance is configured such that different results may be encountered, | different results based on this information, but the dnsmasq cache |
| caching should be disabled. | does not take account. If a dnsmasq instance is configured such that |
| | different results may be encountered, caching should be disabled. |
| | |
| | For example, |
| | .B --add-subnet=24,96 |
| | will add the /24 and /96 subnets of the requestor for IPv4 and IPv6 requestors, respectively. |
| | .B --add-subnet=1.2.3.4/24 |
| | will add 1.2.3.0/24 for IPv4 requestors and ::/0 for IPv6 requestors. |
| | .B --add-subnet=1.2.3.4/24,1.2.3.4/24 |
| | will add 1.2.3.0/24 for both IPv4 and IPv6 requestors. |
| | |
| .TP |
.TP |
| .B \-c, --cache-size=<cachesize> |
.B \-c, --cache-size=<cachesize> |
| Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching. |
Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching. |
|
Line 622 Provide DS records to act a trust anchors for DNSSEC
|
Line 697 Provide DS records to act a trust anchors for DNSSEC
|
| validation. Typically these will be the DS record(s) for Zone Signing |
validation. Typically these will be the DS record(s) for Zone Signing |
| key(s) of the root zone, |
key(s) of the root zone, |
| but trust anchors for limited domains are also possible. The current |
but trust anchors for limited domains are also possible. The current |
| root-zone trust anchors may be donwloaded from https://data.iana.org/root-anchors/root-anchors.xml | root-zone trust anchors may be downloaded from https://data.iana.org/root-anchors/root-anchors.xml |
| .TP |
.TP |
| .B --dnssec-check-unsigned |
.B --dnssec-check-unsigned |
| As a default, dnsmasq does not check that unsigned DNS replies are |
As a default, dnsmasq does not check that unsigned DNS replies are |
|
Line 645 that dnsmasq should be started with this flag when the
|
Line 720 that dnsmasq should be started with this flag when the
|
| reliable time is established, a SIGHUP should be sent to dnsmasq, which enables time checking, and purges the cache of DNS records |
reliable time is established, a SIGHUP should be sent to dnsmasq, which enables time checking, and purges the cache of DNS records |
| which have not been throughly checked. |
which have not been throughly checked. |
| .TP |
.TP |
| |
.B --dnssec-timestamp=<path> |
| |
Enables an alternative way of checking the validity of the system time for DNSSEC (see --dnssec-no-timecheck). In this case, the |
| |
system time is considered to be valid once it becomes later than the timestamp on the specified file. The file is created and |
| |
its timestamp set automatically by dnsmasq. The file must be stored on a persistent filesystem, so that it and its mtime are carried |
| |
over system restarts. The timestamp file is created after dnsmasq has dropped root, so it must be in a location writable by the |
| |
unprivileged user that dnsmasq runs as. |
| |
.TP |
| .B --proxy-dnssec |
.B --proxy-dnssec |
| Copy the DNSSEC Authenticated Data bit from upstream servers to downstream clients and cache it. This is an |
Copy the DNSSEC Authenticated Data bit from upstream servers to downstream clients and cache it. This is an |
| alternative to having dnsmasq validate DNSSEC, but it depends on the security of the network between |
alternative to having dnsmasq validate DNSSEC, but it depends on the security of the network between |
|
Line 708 compiled in and the kernel must have conntrack support
|
Line 790 compiled in and the kernel must have conntrack support
|
| included and configured. This option cannot be combined with |
included and configured. This option cannot be combined with |
| --query-port. |
--query-port. |
| .TP |
.TP |
| .B \-F, --dhcp-range=[tag:<tag>[,tag:<tag>],][set:<tag>,]<start-addr>[,<end-addr>][,<mode>][,<netmask>[,<broadcast>]][,<lease time>] | .B \-F, --dhcp-range=[tag:<tag>[,tag:<tag>],][set:<tag>,]<start-addr>[,<end-addr>|<mode>][,<netmask>[,<broadcast>]][,<lease time>] |
| .TP |
.TP |
| .B \-F, --dhcp-range=[tag:<tag>[,tag:<tag>],][set:<tag>,]<start-IPv6addr>[,<end-IPv6addr>|constructor:<interface>][,<mode>][,<prefix-len>][,<lease time>] |
.B \-F, --dhcp-range=[tag:<tag>[,tag:<tag>],][set:<tag>,]<start-IPv6addr>[,<end-IPv6addr>|constructor:<interface>][,<mode>][,<prefix-len>][,<lease time>] |
| |
|
|
Line 794 and
|
Line 876 and
|
| for details.) |
for details.) |
| |
|
| For IPv6, the mode may be some combination of |
For IPv6, the mode may be some combination of |
| .B ra-only, slaac, ra-names, ra-stateless. | .B ra-only, slaac, ra-names, ra-stateless, ra-advrouter, off-link. |
| |
|
| .B ra-only |
.B ra-only |
| tells dnsmasq to offer Router Advertisement only on this subnet, |
tells dnsmasq to offer Router Advertisement only on this subnet, |
|
Line 829 can be combined with
|
Line 911 can be combined with
|
| and |
and |
| .B slaac. |
.B slaac. |
| |
|
| |
.B ra-advrouter |
| |
enables a mode where router address(es) rather than prefix(es) are included in the advertisements. |
| |
This is described in RFC-3775 section 7.2 and is used in mobile IPv6. In this mode the interval option |
| |
is also included, as described in RFC-3775 section 7.3. |
| |
|
| |
.B off-link |
| |
tells dnsmasq to advertise the prefix without the on-link (aka L) bit set. |
| |
|
| .TP |
.TP |
| .B \-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore] |
.B \-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore] |
| Specify per host parameters for the DHCP server. This allows a machine |
Specify per host parameters for the DHCP server. This allows a machine |
|
Line 947 is given, then read all the files contained in that di
|
Line 1037 is given, then read all the files contained in that di
|
| using this option is the same as for --dhcp-hostsfile: the |
using this option is the same as for --dhcp-hostsfile: the |
| dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. Note that |
dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. Note that |
| it is possible to encode the information in a |
it is possible to encode the information in a |
| |
.TP |
| |
.B --dhcp-hostsdir=<path> |
| |
This is equivalent to dhcp-hostsfile, except for the following. The path MUST be a |
| |
directory, and not an individual file. Changed or new files within |
| |
the directory are read automatically, without the need to send SIGHUP. |
| |
If a file is deleted for changed after it has been read by dnsmasq, then the |
| |
host record it contained will remain until dnsmasq recieves a SIGHUP, or |
| |
is restarted; ie host records are only added dynamically. |
| |
.TP |
| |
.B --dhcp-optsdir=<path> |
| |
This is equivalent to dhcp-optsfile, with the differences noted for --dhcp-hostsdir. |
| |
.TP |
| .B --dhcp-boot |
.B --dhcp-boot |
| flag as DHCP options, using the options names bootfile-name, |
flag as DHCP options, using the options names bootfile-name, |
| server-ip-address and tftp-server. This allows these to be included |
server-ip-address and tftp-server. This allows these to be included |
|
Line 1256 functions when supported by a suitable DHCP server.
|
Line 1358 functions when supported by a suitable DHCP server.
|
| This specifies a boot option which may appear in a PXE boot menu. <CSA> is |
This specifies a boot option which may appear in a PXE boot menu. <CSA> is |
| client system type, only services of the correct type will appear in a |
client system type, only services of the correct type will appear in a |
| menu. The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86, |
menu. The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86, |
| Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI; an | Intel_Lean_Client, IA32_EFI, X86-64_EFI, Xscale_EFI, BC_EFI, ARM32_EFI and ARM64_EFI; an |
| integer may be used for other types. The |
integer may be used for other types. The |
| parameter after the menu text may be a file name, in which case dnsmasq acts as a |
parameter after the menu text may be a file name, in which case dnsmasq acts as a |
| boot server and directs the PXE client to download the file by TFTP, |
boot server and directs the PXE client to download the file by TFTP, |
|
Line 1265 either from itself (
|
Line 1367 either from itself (
|
| must be set for this to work) or another TFTP server if the final server |
must be set for this to work) or another TFTP server if the final server |
| address/name is given. |
address/name is given. |
| Note that the "layer" |
Note that the "layer" |
| suffix (normally ".0") is supplied by PXE, and should not be added to | suffix (normally ".0") is supplied by PXE, and need not be added to |
| the basename. If an integer boot service type, rather than a basename | the basename. Alternatively, the basename may be a filename, complete with suffix, in which case |
| | no layer suffix is added. If an integer boot service type, rather than a basename |
| is given, then the PXE client will search for a |
is given, then the PXE client will search for a |
| suitable boot service for that type on the network. This search may be done |
suitable boot service for that type on the network. This search may be done |
| by broadcast, or direct to a server if its IP address/name is provided. |
by broadcast, or direct to a server if its IP address/name is provided. |
|
Line 1332 enables dynamic allocation. With tags, only when the t
|
Line 1435 enables dynamic allocation. With tags, only when the t
|
| set. It may be repeated with different tag sets. |
set. It may be repeated with different tag sets. |
| .TP |
.TP |
| .B \-5, --no-ping |
.B \-5, --no-ping |
| (IPv4 only) By default, the DHCP server will attempt to ensure that an address in | (IPv4 only) By default, the DHCP server will attempt to ensure that an address is |
| not in use before allocating it to a host. It does this by sending an |
not in use before allocating it to a host. It does this by sending an |
| ICMP echo request (aka "ping") to the address in question. If it gets |
ICMP echo request (aka "ping") to the address in question. If it gets |
| a reply, then the address must already be in use, and another is |
a reply, then the address must already be in use, and another is |
|
Line 1464 At dnsmasq startup, the script will be invoked for
|
Line 1567 At dnsmasq startup, the script will be invoked for
|
| all existing leases as they are read from the lease file. Expired |
all existing leases as they are read from the lease file. Expired |
| leases will be called with "del" and others with "old". When dnsmasq |
leases will be called with "del" and others with "old". When dnsmasq |
| receives a HUP signal, the script will be invoked for existing leases |
receives a HUP signal, the script will be invoked for existing leases |
| with an "old " event. | with an "old" event. |
| |
|
| |
|
| There are two further actions which may appear as the first argument | There are four further actions which may appear as the first argument |
| to the script, "init" and "tftp". More may be added in the future, so | to the script, "init", "arp-add", "arp-del" and "tftp". More may be added in the future, so |
| scripts should be written to ignore unknown actions. "init" is |
scripts should be written to ignore unknown actions. "init" is |
| described below in |
described below in |
| .B --leasefile-ro |
.B --leasefile-ro |
|
Line 1476 The "tftp" action is invoked when a TFTP file transfer
|
Line 1579 The "tftp" action is invoked when a TFTP file transfer
|
| arguments are the file size in bytes, the address to which the file |
arguments are the file size in bytes, the address to which the file |
| was sent, and the complete pathname of the file. |
was sent, and the complete pathname of the file. |
| |
|
| |
The "arp-add" and "arp-del" actions are only called if enabled with |
| |
.B --script-arp |
| |
They are are supplied with a MAC address and IP address as arguments. "arp-add" indicates |
| |
the arrival of a new entry in the ARP or neighbour table, and "arp-del" indicates the deletion of same. |
| |
|
| .TP |
.TP |
| .B --dhcp-luascript=<path> |
.B --dhcp-luascript=<path> |
| Specify a script written in Lua, to be run when leases are created, |
Specify a script written in Lua, to be run when leases are created, |
|
Line 1522 table holds the tags
|
Line 1630 table holds the tags
|
| .B file_name |
.B file_name |
| and |
and |
| .B file_size. |
.B file_size. |
| |
|
| |
The |
| |
.B arp |
| |
and |
| |
.B arp-old |
| |
functions are called only when enabled with |
| |
.B --script-arp |
| |
and have a table which holds the tags |
| |
.B mac_addres |
| |
and |
| |
.B client_address. |
| .TP |
.TP |
| .B --dhcp-scriptuser |
.B --dhcp-scriptuser |
| Specify the user as which to run the lease-change script or Lua script. This defaults to root, but can be changed to another user using this flag. |
Specify the user as which to run the lease-change script or Lua script. This defaults to root, but can be changed to another user using this flag. |
| .TP | .TP |
| | .B --script-arp |
| | Enable the "arp" and "arp-old" functions in the dhcp-script and dhcp-luascript. |
| | .TP |
| .B \-9, --leasefile-ro |
.B \-9, --leasefile-ro |
| Completely suppress use of the lease database file. The file will not |
Completely suppress use of the lease database file. The file will not |
| be created, read, or written. Change the way the lease-change |
be created, read, or written. Change the way the lease-change |
|
Line 1541 option also forces the leasechange script to be called
|
Line 1663 option also forces the leasechange script to be called
|
| to the client-id and lease length and expiry time. |
to the client-id and lease length and expiry time. |
| .TP |
.TP |
| .B --bridge-interface=<interface>,<alias>[,<alias>] |
.B --bridge-interface=<interface>,<alias>[,<alias>] |
| Treat DHCP request packets arriving at any of the <alias> interfaces | Treat DHCP (v4 and v6) request and IPv6 Router Solicit packets |
| as if they had arrived at <interface>. This option is necessary when | arriving at any of the <alias> interfaces as if they had arrived at |
| using "old style" bridging on BSD platforms, since | <interface>. This option allows dnsmasq to provide DHCP and RA |
| packets arrive at tap interfaces which don't have an IP address. | service over unaddressed and unbridged Ethernet interfaces, e.g. on an |
| | OpenStack compute host where each such interface is a TAP interface to |
| | a VM, or as in "old style bridging" on BSD platforms. A trailing '*' |
| | wildcard can be used in each <alias>. |
| .TP |
.TP |
| .B \-s, --domain=<domain>[,<address range>[,local]] |
.B \-s, --domain=<domain>[,<address range>[,local]] |
| Specifies DNS domains for the DHCP server. Domains may be be given |
Specifies DNS domains for the DHCP server. Domains may be be given |
|
Line 1615 creation are handled by a different protocol. When DHC
|
Line 1740 creation are handled by a different protocol. When DHC
|
| only a subset of this is needed, and dnsmasq can handle it, using |
only a subset of this is needed, and dnsmasq can handle it, using |
| existing DHCP configuration to provide most data. When RA is enabled, |
existing DHCP configuration to provide most data. When RA is enabled, |
| dnsmasq will advertise a prefix for each dhcp-range, with default |
dnsmasq will advertise a prefix for each dhcp-range, with default |
| router and recursive DNS server as the relevant link-local address on | router as the relevant link-local address on |
| the machine running dnsmasq. By default, he "managed address" bits are set, and | the machine running dnsmasq. By default, the "managed address" bits are set, and |
| the "use SLAAC" bit is reset. This can be changed for individual |
the "use SLAAC" bit is reset. This can be changed for individual |
| subnets with the mode keywords described in |
subnets with the mode keywords described in |
| .B --dhcp-range. |
.B --dhcp-range. |
| RFC6106 DNS parameters are included in the advertisements. By default, |
RFC6106 DNS parameters are included in the advertisements. By default, |
| the relevant link-local address of the machine running dnsmasq is sent |
the relevant link-local address of the machine running dnsmasq is sent |
| as recursive DNS server. If provided, the DHCPv6 options dns-server and |
as recursive DNS server. If provided, the DHCPv6 options dns-server and |
| domain-search are used for RDNSS and DNSSL. | domain-search are used for the DNS server (RDNSS) and the domain serach list (DNSSL). |
| .TP |
.TP |
| .B --ra-param=<interface>,[high|low],[[<ra-interval>],<router lifetime>] |
.B --ra-param=<interface>,[high|low],[[<ra-interval>],<router lifetime>] |
| Set non-default values for router advertisements sent via an |
Set non-default values for router advertisements sent via an |
|
Line 1654 Absolute paths (starting with /) are allowed, but they
|
Line 1779 Absolute paths (starting with /) are allowed, but they
|
| the tftp-root. If the optional interface argument is given, the |
the tftp-root. If the optional interface argument is given, the |
| directory is only used for TFTP requests via that interface. |
directory is only used for TFTP requests via that interface. |
| .TP |
.TP |
| |
.B --tftp-no-fail |
| |
Do not abort startup if specified tftp root directories are inaccessible. |
| |
.TP |
| .B --tftp-unique-root |
.B --tftp-unique-root |
| Add the IP address of the TFTP client as a path component on the end |
Add the IP address of the TFTP client as a path component on the end |
| of the TFTP-root (in standard dotted-quad format). Only valid if a |
of the TFTP-root (in standard dotted-quad format). Only valid if a |
|
Line 1690 require about (2*n) + 10 descriptors. If
|
Line 1818 require about (2*n) + 10 descriptors. If
|
| .B --tftp-port-range |
.B --tftp-port-range |
| is given, that can affect the number of concurrent connections. |
is given, that can affect the number of concurrent connections. |
| .TP |
.TP |
| |
.B --tftp-mtu=<mtu size> |
| |
Use size as the ceiling of the MTU supported by the intervening network when |
| |
negotiating TFTP blocksize, overriding the MTU setting of the local interface if it is larger. |
| |
.TP |
| .B --tftp-no-blocksize |
.B --tftp-no-blocksize |
| Stop the TFTP server from negotiating the "blocksize" option with a |
Stop the TFTP server from negotiating the "blocksize" option with a |
| client. Some buggy clients request this option but then behave badly |
client. Some buggy clients request this option but then behave badly |
|
Line 1709 Specify a different configuration file. The conf-file
|
Line 1841 Specify a different configuration file. The conf-file
|
| configuration files, to include multiple configuration files. A |
configuration files, to include multiple configuration files. A |
| filename of "-" causes dnsmasq to read configuration from stdin. |
filename of "-" causes dnsmasq to read configuration from stdin. |
| .TP |
.TP |
| .B \-7, --conf-dir=<directory>[,<file-extension>......] | .B \-7, --conf-dir=<directory>[,<file-extension>......], |
| Read all the files in the given directory as configuration |
Read all the files in the given directory as configuration |
| files. If extension(s) are given, any files which end in those |
files. If extension(s) are given, any files which end in those |
| extensions are skipped. Any files whose names end in ~ or start with . or start and end |
extensions are skipped. Any files whose names end in ~ or start with . or start and end |
| with # are always skipped. This flag may be given on the command | with # are always skipped. If the extension starts with * then only files |
| line or in a configuration file. | which have that extension are loaded. So |
| | .B --conf-dir=/path/to/dir,*.conf |
| | loads all files with the suffix .conf in /path/to/dir. This flag may be given on the command |
| | line or in a configuration file. If giving it on the command line, be sure to |
| | escape * characters. |
| .TP |
.TP |
| .B --servers-file=<file> |
.B --servers-file=<file> |
| A special case of |
A special case of |
|
Line 1747 clears its cache and then re-loads
|
Line 1883 clears its cache and then re-loads
|
| .I /etc/hosts |
.I /etc/hosts |
| and |
and |
| .I /etc/ethers |
.I /etc/ethers |
| and any file given by --dhcp-hostsfile, --dhcp-optsfile or --addn-hosts. | and any file given by --dhcp-hostsfile, --dhcp-hostsdir, --dhcp-optsfile, |
| | --dhcp-optsdir, --addn-hosts or --hostsdir. |
| The dhcp lease change script is called for all |
The dhcp lease change script is called for all |
| existing DHCP leases. If |
existing DHCP leases. If |
| .B |
.B |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnsmasq.8 CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / man