Dnsmasq Classes (vendor, user, etc.)

-U, --dhcp-vendorclass=<network-id>,<vendor-class> Map from a vendor-class string to a network id tag. Most DHCP clients provide a "vendor class" which represents, in some sense, the type of host. This option maps vendor classes to tags, so that DHCP options may be selectively delivered to different classes of hosts. For example dhcp-vendorclass=printers,Hewlett-Packard JetDirect will allow options to be set only for HP printers like so: --dhcp-option=printers,3,192.168.4.4 The vendor-class string is substring matched against the vendor-class supplied by the client, to allow fuzzy matching. -j, --dhcp-userclass=<network-id>,<user-class> Map from a user-class string to a network id tag (with substring matching, like vendor classes). Most DHCP clients provide a "user class" which is configurable. This option maps user classes to tags, so that DHCP options may be selectively delivered to different classes of hosts. It is possible, for instance to use this to set a different printer server for hosts in the class "accounts" than for hosts in the class "engineering". -4, --dhcp-mac=<network-id>,<MAC address> Map from a MAC address to a network-id tag. The MAC address may include wildcards. For example --dhcp-mac=3com,01:34:23:*:*:* will set the tag "3com" for any host whose MAC address matches the pattern. -M, --dhcp-boot=[net:<network-id>,]<filename>,[<servername>[,<server address>]] Set BOOTP options to be returned by the DHCP server. Server name and address are optional: if not provided, the name is left empty, and the address set to the address of the machine running dnsmasq. If dnsmasq is providing a TFTP service (see --enable-tftp ) then only the filename is required here to enable network booting. If the optional network-id(s) are given, they must match for this configuration to be sent. Note that network-ids are prefixed by "net:" to distinguish them. -3, --bootp-dynamic Enable dynamic allocation of IP addresses to BOOTP clients. Use this with care, since each address allocated to a BOOTP client is leased forever, and therefore becomes permanently unavailable for re-use by other hosts. -5, --no-ping By default, the DHCP server will attempt to ensure that an address in not in use before allocating it to a host. It does this by sending an ICMP echo request (aka "ping") to the address in question. If it gets a reply, then the address must already be in use, and another is tried. This flag disables this check. Use with caution. --log-dhcp Extra logging for DHCP: log all the options sent to DHCP clients and the netid tags used to determine them. -------------------------------------------------------------------------------- -G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore] Specify per host parameters for the DHCP server. This allows a machine with a particular hardware address to be always allocated the same hostname, IP address and lease time. A hostname specified like this overrides any supplied by the DHCP client on the machine. It is also allowable to ommit the hardware address and include the hostname, in which case the IP address and lease times will apply to any machine claiming that name. For example --dhcp-host=00:20:e0:3b:13:af,wap,infinite tells dnsmasq to give the machine with hardware address 00:20:e0:3b:13:af the name wap, and an infinite DHCP lease. --dhcp-host=lap,192.168.0.199 tells dnsmasq to always allocate the machine lap the IP address 192.168.0.199. Addresses allocated like this are not constrained to be in the range given by the --dhcp-range option, but they must be on the network being served by the DHCP server. It is allowed to use client identifiers rather than hardware addresses to identify hosts by prefixing with 'id:'. Thus: --dhcp-host=id:01:02:03:04,..... refers to the host with client identifier 01:02:03:04. It is also allowed to specify the client ID as text, like this: --dhcp-host=id:clientidastext,..... The special option id:* means "ignore any client-id and use MAC addresses only." This is useful when a client presents a client-id sometimes but not others. If a name appears in /etc/hosts, the associated address can be allocated to a DHCP lease, but only if a --dhcp-host option specifying the name also exists. The special keyword "ignore" tells dnsmasq to never offer a DHCP lease to a machine. The machine can be specified by hardware address, client ID or hostname, for instance --dhcp-host=00:20:e0:3b:13:af,ignore This is useful when there is another DHCP server on the network which should be used by some machines. The net:<network-id> sets the network-id tag whenever this dhcp-host directive is in use.This can be used to selectively send DHCP options just for this host. When a host matches any dhcp-host directive (or one implied by /etc/ethers) then the special network-id tag "known" is set. This allows dnsmasq to be configured to ignore requests from unknown machines using --dhcp-ignore=#known Ethernet addresses (but not client-ids) may have wildcard bytes, so for example --dhcp-host=00:20:e0:3b:13:*,ignore will cause dnsmasq to ignore a range of hardware addresses. Note that the "*" will need to be escaped or quoted on a command line, but not in the configuration file. Hardware addresses normally match any network (ARP) type, but it is possible to restrict them to a single ARP type by preceding them with the ARP-type (in HEX) and "-". so --dhcp-host=06-00:20:e0:3b:13:af,1.2.3.4 will only match a Token-Ring hardware address, since the ARP-address type for token ring is 6. --dhcp-hostsfile=<file> Read DHCP host information from the specified file. The file contains information about one host per line. The format of a line is the same as text to the right of '=' in --dhcp-host. The advantage of storing DHCP host information in this file is that it can be changed without re-starting dnsmasq: the file will be re-read when dnsmasq receives SIGHUP. --dhcp-optsfile=<file> Read DHCP option information from the specified file. The advantage of using this option is the same as for --dhcp-hostsfile: the dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. -Z, --read-ethers Read /etc/ethers for information about hosts for the DHCP server. The format of /etc/ethers is a hardware address, followed by either a hostname or dotted-quad IP address. When read by dnsmasq these lines have exactly the same effect as --dhcp-host options containing the same information. /etc/ethers is re-read when dnsmasq receives SIGHUP. -O, --dhcp-option=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],][<opt>|option:<opt-name>],[<value>[,<value>]] Specify different or extra options to DHCP clients. By default, dnsmasq sends some standard options to DHCP clients, the netmask and broadcast address are set to the same as the host running dnsmasq, and the DNS server and default route are set to the address of the machine running dnsmasq. If the domain name option has been set, that is sent. This configuration allows these defaults to be overridden, or other options specified. The option, to be sent may be given as a decimal number or as "option:<option-name>" The option numbers are specified in RFC2132 and subsequent RFCs. The set of option-names known by dnsmasq can be discovered by running "dnsmasq --help dhcp". For example, to set the default route option to 192.168.4.4, do --dhcp-option=3,192.168.4.4 or --dhcp-option = option:router, 192.168.4.4 and to set the time-server address to 192.168.0.4, do --dhcp-option = 42,192.168.0.4 or --dhcp-option = option:ntp-server, 192.168.0.4 The special address 0.0.0.0 is taken to mean "the address of the machine running dnsmasq". Data types allowed are comma separated dotted-quad IP addresses, a decimal number, colon-separated hex digits and a text string. If the optional network-ids are given then this option is only sent when all the network-ids are matched. Special processing is done on a text argument for option 119, to conform with RFC 3397. Text or dotted-quad IP addresses as arguments to option 120 are handled as per RFC 3361. Dotted-quad IP addresses which are followed by a slash and then a netmask size are encoded as described in RFC 3442. Be careful: no checking is done that the correct type of data for the option number is sent, it is quite possible to persuade dnsmasq to generate illegal DHCP packets with injudicious use of this flag. When the value is a decimal number, dnsmasq must determine how large the data item is. It does this by examining the option number and/or the value, but can be overridden by appending a single letter flag as follows: b = one byte, s = two bytes, i = four bytes. This is mainly useful with encapsulated vendor class options (see below) where dnsmasq cannot determine data size from the option number. Option data which consists solely of periods and digits will be interpreted by dnsmasq as an IP address, and inserted into an option as such. To force a literal string, use quotes. For instance when using option 66 to send a literal IP address as TFTP server name, it is necessary to do --dhcp-option=66,"1.2.3.4" Encapsulated Vendor-class options may also be specified using --dhcp-option: for instance --dhcp-option=vendor:PXEClient,1,0.0.0.0 sends the encapsulated vendor class-specific option "mftp-address=0.0.0.0" to any client whose vendor-class matches "PXEClient". The vendor-class matching is substring based (see --dhcp-vendorclass for details). If a vendor-class option (number 60) is sent by dnsmasq, then that is used for selecting encapsulated options in preference to any sent by the client. It is possible to omit the vendorclass completely; --dhcp-option=vendor:,1,0.0.0.0 in which case the encapsulated option is always sent. The address 0.0.0.0 is not treated specially in encapsulated vendor class options. --dhcp-option-force=[<network-id>,[<network-id>,]][vendor:[<vendor-class>],]<opt>,[<value>[,<value>]] This works in exactly the same way as --dhcp-option except that the option will always be sent, even if the client does not ask for it in the parameter request list. This is sometimes needed, for example when sending options to PXELinux. --dhcp-no-override Disable re-use of the DHCP servername and filename fields as extra option space. If it can, dnsmasq moves the boot server and filename information (from dhcp-boot) out of their dedicated fields into DHCP options. This make extra space available in the DHCP packet for options but can, rarely, confuse old or broken clients. This flag forces "simple and safe" behaviour to avoid problems in such a case. -------------------------------------------------------------------------------- The network-id system works as follows: For each DHCP request, dnsmasq collects a set of valid network-id tags, one from the dhcp-range used to allocate the address, one from any matching dhcp-host and possibly many from matching vendor classes and user classes sent by the DHCP client. Any dhcp-option which has network-id tags will be used in preference to an untagged dhcp-option, provided that _all_ the tags match somewhere in the set collected as described above. The prefix '#' on a tag means 'not' so --dhcp=option=#purple,3,1.2.3.4 sends the option when the network-id tag purple is not in the set of valid tags. If the network-id in a dhcp-range is prefixed with 'net:' then its meaning changes from setting a tag to matching it. Thus if there is more than dhcp-range on a subnet, and one is tagged with a network-id which is set (for instance from a vendorclass option) then hosts which set the netid tag will be allocated addresses in the tagged range. The DHCP server in dnsmasq will function as a BOOTP server also, provided that the MAC address and IP address for clients are given, either using dhcp-host configurations or in /etc/ethers , and a dhcp-range configuration option is present to activate the DHCP server on a particular network. (Setting --bootp-dynamic removes the need for static address mappings.) The filename parameter in a BOOTP request is matched against netids in dhcp-option configurations, as is the tag "bootp", allowing some control over the options returned to different classes of hosts. -------------------------------------------------------------------------------- -C, --conf-file=<file> Specify a different configuration file. The conf-file option is also allowed in configuration files, to include multiple configuration files. -7, --conf-dir=<directory> Read all the files in the given directory as configuration files. Files whose names end in ~ or start with . or start and end with # are skipped. This flag may be given on the command line or in a configuration file. -D, --domain-needed Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned. CONFIG FILE At startup, dnsmasq reads /etc/dnsmasq.conf, if it exists. (On FreeBSD, the file is /usr/local/etc/dnsmasq.conf ) (but see the -C and -7 options.) The format of this file consists of one option per line, exactly as the long options detailed in the OPTIONS section but without the leading "--". Lines starting with # are comments and ignored. For options which may only be specified once, the configuration file overrides the command line. Quoting is allowed in a config file: between " quotes the special meanings of ,:. and # are removed and the following escapes are allowed: \\ \" \t \e \b \r and \n. The later corresponding to tab, escape, backspace, return and newline. SIGHUP When it receives a SIGHUP, dnsmasq clears its cache and then re-loads /etc/hosts and /etc/ethers and any file given by --dhcp-hostsfile, --dhcp-optsfile or --addn-hosts. The dhcp lease change script is called for all existing DHCP leases. If --no-poll is set SIGHUP also re-reads /etc/resolv.conf. SIGHUP does NOT re-read the configuration file. SIGUSR1 When it receives a SIGUSR1, dnsmasq writes statistics to the system log. It writes the cache size, the number of names which have had to removed from the cache before they expired in order to make room for new names and the total number of names that have been inserted into the cache. For each upstream server it gives the number of queries sent, and the number which resulted in an error. In --no-daemon mode or when full logging is enabled (-q), a complete dump of the contents of the cache is made. SIGUSR2 When it receives SIGUSR2 and it is logging direct to a file (see --log-facility ) dnsmasq will close and reopen the log file. Note that during this operation, dnsmasq will not be running as root. When it first creates the logfile dnsmasq changes the ownership of the file to the non-root user it will run as. Logrotate should be configured to create a new log file with the ownership which matches the existing one before sending SIGUSR2. If TCP DNS queries are in progress, the old logfile will remain open in child processes which are handling TCP queries and may continue to be written. There is a limit of 150 seconds, after which all existing TCP processes will have expired: for this reason, it is not wise to configure logfile compression for logfiles which have just been rotated. Using logrotate, the required options are create and delaycompress. -------------------------------------------------------------------------------- It is possible to use dnsmasq to block Web advertising by using a list of known banner-ad servers, all resolving to 127.0.0.1 or 0.0.0.0, in /etc/hosts or an additional hosts file. The list can be very long, dnsmasq has been tested successfully with one million names. That size file needs a 1GHz processor and about 60Mb of RAM.