User Tools

Site Tools


doc:uci:dhcp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:uci:dhcp [2012/10/30 18:33]
cjm add bogusnxdomain option
doc:uci:dhcp [2014/12/18 02:21] (current)
zorun Static lease only
Line 1: Line 1:
 ====== DNS and DHCP configuration ====== ====== DNS and DHCP configuration ======
  
-The //dnsmasq// configuration is located in ''/​etc/​config/​dhcp''​ and controls both DNS and DHCP server options on the device.+The //​dnsmasq// ​and dhcpd configuration is located in ''/​etc/​config/​dhcp''​ and controls both DNS and DHCP server options on the device ​(both DHCP and DNS services are implemented using the same OpenWrt program, dnsmasq). 
 In the default configuration this file contains one //common section// to specify DNS and daemon related options and one or more //DHCP pools// to define DHCP serving on network interfaces. In the default configuration this file contains one //common section// to specify DNS and daemon related options and one or more //DHCP pools// to define DHCP serving on network interfaces.
  
Line 36: Line 37:
   * Option ''​leasefile''​ stores the leases in a file, so that they can be picked up again if //dnsmasq// is restarted.   * Option ''​leasefile''​ stores the leases in a file, so that they can be picked up again if //dnsmasq// is restarted.
   * Option ''​resolvfile''​ tells //dnsmasq// to use this file to find upstream name servers; it gets created by the WAN DHCP client or the PPP client.   * Option ''​resolvfile''​ tells //dnsmasq// to use this file to find upstream name servers; it gets created by the WAN DHCP client or the PPP client.
 +  * Options "​enable_tftp"​ and "​tftp_root"​ turn on the TFTP server and serve files from tftp_root. ​ You may need to set the server'​s IP on the client. ​ On the client, ​ change it by setting "​serverip"​ (e.g. "​setenv serverip 192.168.1.10"​).
  
 +==== All Options ====
 <​sortable>​ <​sortable>​
-^ Name ^ Type ^ Required ​^ Default ^ Option ^ Description ^ +^ Name ^ Type ^ Default ^ Option ^ Description ^ 
-| ''​addnhosts''​ | list of file paths | no | //(none)// | ''​-H''​ | Additional host files to read for serving DNS responses | +| ''​add_local_domain''​ | boolean | ''​1''​ | | Add the local domain as search directive in resolv.conf. | 
-| ''​authoritative''​ | boolean ​| no | ''​0''​ | ''​-K''​ | Force //dnsmasq// into authoritative mode. This speeds up DHCP leasing. Used if this is the only server on the network | +| ''​add_local_hostname''​ | boolean | ''​1''​ | | Add A and PTR records automatically for the local hostname. | 
-| ''​bogusnxdomain''​ | list of IP addresses ​| no | //(none)// | ''​-B''​ | IP addresses to convert into NXDOMAIN responses (to counteract "​helpful"​ upstream DNS servers that never return NXDOMAIN). | +| ''​addnhosts''​ | list of file paths | //(none)// | ''​-H''​ | Additional host files to read for serving DNS responses | 
-| ''​boguspriv''​ | boolean ​| no | ''​0''​ | ''​-b''​ | Reject reverse lookups to private IP ranges where no corresponding entry exists in ''/​etc/​hosts''​ | +| ''​authoritative''​ | boolean | ''​0''​ | ''​-K''​ | Force //dnsmasq// into authoritative mode. This speeds up DHCP leasing. Used if this is the only server on the network | 
-| ''​cachelocal''​ | boolean ​| no | ''​1''​ | | When set to ''​0'',​ use each network interface'​s ''​dns''​ address in the local ''/​etc/​resolv.conf''​. Normally, only the loopback address is used, and all queries go through //​dnsmasq//​. | +| ''​bogusnxdomain''​ | list of IP addresses | //(none)// | ''​-B''​ | IP addresses to convert into NXDOMAIN responses (to counteract "​helpful"​ upstream DNS servers that never return NXDOMAIN). | 
-| ''​cachesize''​ | integer ​| no | ''​150''​ | ''​-c''​ | Size of //dnsmasq// query cache. | +| ''​boguspriv''​ | boolean | ''​0''​ | ''​-b''​ | Reject reverse lookups to private IP ranges where no corresponding entry exists in ''/​etc/​hosts''​ | 
-| ''​dbus''​ | boolean ​| no | ''​0''​ | ''​-1''​ | Enable DBus messaging for //​dnsmasq//​.\\ :!: Standard builds of //dnsmasq// on OpenWRT do not include DBus support. | +| ''​cachelocal''​ | boolean | ''​1''​ | | When set to ''​0'',​ use each network interface'​s ''​dns''​ address in the local ''/​etc/​resolv.conf''​. Normally, only the loopback address is used, and all queries go through //​dnsmasq//​. | 
-| ''​dhcp_boot''​ | string ​| no | //(none)// | <​code>​--dhcp-boot</​code>​ | Specifies BOOTP options, in most cases just the file name | +| ''​cachesize''​ | integer | ''​150''​ | ''​-c''​ | Size of //dnsmasq// query cache. | 
-| ''​dhcphostsfile''​ | file path | no | //(none)// | <​code>​--dhcp-hostsfile</​code>​ | Specify an external file with per host DHCP options | +| ''​dbus''​ | boolean | ''​0''​ | ''​-1''​ | Enable DBus messaging for //​dnsmasq//​.\\ :!: Standard builds of //dnsmasq// on OpenWRT do not include DBus support. | 
-| ''​dhcpleasemax''​ | integer ​| no | ''​150''​ | ''​-X''​ | Maximum number of DHCP leases | +| ''​dhcp_boot''​ | string | //(none)// |<​code>​--dhcp-boot</​code>​| Specifies BOOTP options, in most cases just the file name | 
-| ''​dnsforwardmax''​ | integer ​| no | ''​150''​ | ''​-0''​ (zero) | Maximum number of concurrent connections | +| ''​dhcphostsfile''​ | file path | //(none)// | <​code>​--dhcp-hostsfile</​code>​ | Specify an external file with per host DHCP options | 
-| ''​domain''​ | domain name | no | //(none)//' ​| ''​-s''​ | DNS domain handed out to DHCP clients | +| ''​dhcpleasemax''​ | integer | ''​150''​ | ''​-X''​ | Maximum number of DHCP leases | 
-| ''​domainneeded''​ | boolean ​| no | ''​0''​ | ''​-D''​ | Tells //dnsmasq// never to forward queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned | +| ''​dnsforwardmax''​ | integer | ''​150''​ | ''​-0''​ (zero) | Maximum number of concurrent connections | 
-| ''​ednspacket_max''​ | integer ​| no | ''​1280''​ | ''​-P''​ | Specify the largest EDNS.0 UDP packet which is supported by the DNS forwarder | +| ''​domain''​ | domain name | //(none)// | ''​-s''​ | DNS domain handed out to DHCP clients | 
-| ''​enable_tftp''​ | boolean ​| no | ''​0''​ | <​code>​--enable-tftp</​code>​ | Enable the builtin TFTP server | +| ''​domainneeded''​ | boolean | ''​0''​ | ''​-D''​ | Tells //dnsmasq// never to forward queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned ​
-| ''​expandhosts''​ | boolean ​| no | ''​0''​ | ''​-E''​ | Add the local domain part to names found in ''/​etc/​hosts''​ | +| ''​dnssec''​ | boolean | ''​0''​ | <​code>​--dnssec</​code>​ | Validate DNS replies and cache DNSSEC data.\\ :!: Requires the //​dnsmasq-full//​ package. | 
-| ''​filterwin2k''​ | boolean ​| no | ''​0''​ | ''​-f''​ | Do not forward requests that cannot be answered by public name servers | +| ''​dnsseccheckunsigned''​ | boolean | ''​0''​ | <​code>​--dnssec-check-unsigned</​code>​ | Check the zones of unsigned replies to ensure that unsigned replies are allowed in those zones. This protects against an attacker forging unsigned replies for signed DNS zones, but is slower and requires that the nameservers upstream of //dnsmasq// are DNSSEC-capable.\\ :!: Requires the //​dnsmasq-full//​ package. ​
-| ''​interface''​ | list of interface names | no | //(all interfaces)//​ | ''​-i''​ | List of interfaces to listen on. If unspecified,​ //dnsmasq// will listen to all interfaces except those listed in ''​notinterface''​. | +| ''​ednspacket_max''​ | integer | ''​1280''​ | ''​-P''​ | Specify the largest EDNS.0 UDP packet which is supported by the DNS forwarder | 
-| ''​leasefile''​ | file path | no | //(none)// | ''​-l''​ (ell) | Store DHCP leases in this file | +| ''​enable_tftp''​ | boolean | ''​0''​ | <​code>​--enable-tftp</​code>​ | Enable the builtin TFTP server | 
-| ''​local''​ | string ​| no | //(none)// | ''​-S''​ | Look up DNS entries for this domain from ''/​etc/​hosts''​. This follows the same syntax as ''​server''​ entries, see the man page. | +| ''​expandhosts''​ | boolean | ''​0''​ | ''​-E''​ | Add the local domain part to names found in ''/​etc/​hosts''​ | 
-| ''​localise_queries''​ | boolean ​| no | ''​0''​ | ''​-y''​ | Choose IP address to match the incoming interface if multiple addresses are assigned to a host name in ''/​etc/​hosts''​. :!: Note well the spelling of this option. | +| ''​filterwin2k''​ | boolean | ''​0''​ | ''​-f''​ | Do not forward requests that cannot be answered by public name servers ​
-| ''​logqueries''​ | boolean ​| no | ''​0''​ | ''​-q''​ | Log the results of DNS queries, dump cache on SIGUSR1 | +| ''​fqdn''​ | boolean | ''​0''​ | <​code>​--dhcp-fqdn</​code>​ | Do not resolve unqualifed local hostnames. Needs ''​domain''​ to be set. 
-| ''​nodaemon''​ | boolean ​| no | ''​0''​ | ''​-d''​ | Don't daemonize the //dnsmasq// process | +| ''​interface''​ | list of interface names | //(all interfaces)//​ | ''​-i''​ | List of interfaces to listen on. If unspecified,​ //dnsmasq// will listen to all interfaces except those listed in ''​notinterface''​. Note that //dnsmasq// listens on loopback by default. | 
-| ''​nohosts''​ | boolean ​| no | ''​0''​ | ''​-h''​ | Don't read DNS names from ''/​etc/​hosts''​ | +| ''​leasefile''​ | file path | //(none)// | ''​-l''​ (ell) | Store DHCP leases in this file | 
-| ''​nonegcache''​ | boolean ​| no | ''​0''​ | ''​-N''​ | Disable caching of negative "no such domain"​ responses | +| ''​local''​ | string | //(none)// | ''​-S''​ | Look up DNS entries for this domain from ''/​etc/​hosts''​. This follows the same syntax as ''​server''​ entries, see the man page. | 
-| ''​noresolv''​ | boolean ​| no | ''​0''​ | ''​-R''​ | Don't read upstream servers from ''/​etc/​resolv.conf''​ | +| ''​localise_queries''​ | boolean | ''​0''​ | ''​-y''​ | Choose IP address to match the incoming interface if multiple addresses are assigned to a host name in ''/​etc/​hosts''​. :!: Note well the spelling of this option. | 
-| ''​notinterface''​ | list of interface names | no | //(none)// | ''​-I''​ (eye) | Interfaces //dnsmasq// should not listen on. | +| ''​logqueries''​ | boolean | ''​0''​ | ''​-q''​ | Log the results of DNS queries, dump cache on SIGUSR1 | 
-| ''​nonwildcard''​ | boolean ​| no | ''​0''​ | ''​-z''​ | Bind only configured interface addresses, instead of the wildcard address. ​ | +| ''​nodaemon''​ | boolean | ''​0''​ | ''​-d''​ | Don't daemonize the //dnsmasq// process | 
-| ''​port''​ | port number ​| no | ''​53''​ | ''​-p''​ | Listening port for DNS queries, disables DNS server functionality if set to ''​0''​ | +| ''​nohosts''​ | boolean | ''​0''​ | ''​-h''​ | Don't read DNS names from ''/​etc/​hosts''​ | 
-| ''​queryport''​ | integer ​| no | //(none)// | ''​-Q''​ | Use a fixed port for outbound DNS queries | +| ''​nonegcache''​ | boolean | ''​0''​ | ''​-N''​ | Disable caching of negative "no such domain"​ responses | 
-| ''​readethers''​ | boolean ​| no | ''​0''​ | ''​-Z''​ | Read static lease entries from ''/​etc/​ethers'',​ re-read on SIGHUP | +| ''​noresolv''​ | boolean | ''​0''​ | ''​-R''​ | Don't read upstream servers from ''/​etc/​resolv.conf''​ | 
-| ''​resolvfile''​ | file path | no | ''/​etc/​resolv.conf''​ | ''​-r''​ | Specifies an alternative resolv file | +| ''​notinterface''​ | list of interface names |  //(none)// | ''​-I''​ (eye) | Interfaces //dnsmasq// should not listen on. | 
-| ''​server''​ | list of strings ​| no | //(none)// | ''​-S''​ | List of DNS servers to forward requests to. See the //dnsmasq// man page for syntax details. | +| ''​nonwildcard''​ | boolean | ''​0''​ | ''​-z''​ | Bind only configured interface addresses, instead of the wildcard address. ​ | 
-| ''​strictorder''​ | boolean ​| no | ''​0''​ | ''​-o''​ | Obey order of DNS servers in ''/​etc/​resolv.conf''​ | +| ''​port''​ | port number | ''​53''​ | ''​-p''​ | Listening port for DNS queries, disables DNS server functionality if set to ''​0''​ | 
-| ''​tftp_root''​ | directory path | no | //(none)// | <​code>​--tftp-root</​code>​ | Specifies the TFTP root directory ​+| ''​queryport''​ | integer | //(none)// | ''​-Q''​ | Use a fixed port for outbound DNS queries | 
-| ''​rebind_protection''​ | boolean | no | ''​1''​ | <​code>​--stop-dns-rebind</​code>​ | Enables DNS rebind attack protection by discarding upstream RFC1918 responses | +| ''​readethers''​ | boolean | ''​0''​ | ''​-Z''​ | Read static lease entries from ''/​etc/​ethers'',​ re-read on SIGHUP ​
-| ''​rebind_localhost''​ | boolean | no | ''​0''​ | <​code>​--rebind-localhost-ok</​code>​ | Allows upstream 127.0.0.0/8 responses, required for DNS based blacklist services, only takes effect if rebind protection is enabled | +| ''​rebind_protection''​ | boolean | ''​1''​ | <​code>​--stop-dns-rebind</​code>​ | Enables DNS rebind attack protection by discarding upstream RFC1918 responses | 
-| ''​rebind_domain''​ | list of domain names | no | //(none)// | <​code>​--rebind-domain-ok</​code>​ | List of domains to allow RFC1918 responses for, only takes effect if rebind protection is enabled ​|+| ''​rebind_localhost''​ | boolean | ''​0''​ | <​code>​--rebind-localhost-ok</​code>​ | Allows upstream 127.0.0.0/8 responses, required for DNS based blacklist services, only takes effect if rebind protection is enabled | 
 +| ''​rebind_domain''​ | list of domain names | //(none)// | <​code>​--rebind-domain-ok</​code>​ | List of domains to allow RFC1918 responses for, only takes effect if rebind protection is enabled ​
 +| ''​resolvfile''​ | file path | ''/​etc/​resolv.conf''​ | ''​-r''​ | Specifies an alternative resolv file | 
 +| ''​server''​ | list of strings | //(none)// | ''​-S''​ | List of DNS servers to forward requests to. See the //dnsmasq// man page for syntax details. | 
 +| ''​strictorder''​ | boolean | ''​0''​ | ''​-o''​ | Obey order of DNS servers in ''/​etc/​resolv.conf''​ | 
 +| ''​tftp_root''​ | directory path | //(none)// | <​code>​--tftp-root</​code>​ | Specifies the TFTP root directory |
 </​sortable>​ </​sortable>​
  
Line 92: Line 100:
  option '​start' ​      '​100'​  option '​start' ​      '​100'​
  option '​limit'​  ​    '​150'​  option '​limit'​  ​    '​150'​
- option '​leasetime' ​  '​12h'</​code>​+ option '​leasetime' ​  '​12h'​ 
 +        option ra server 
 +        option dhcpv6 server</​code>​
  
   * ''​lan''​ specifies the OpenWrt interface that is served by this DHCP pool   * ''​lan''​ specifies the OpenWrt interface that is served by this DHCP pool
Line 98: Line 108:
   * ''​150''​ is the maximum number of addresses that may be leased, in the default configuration ''​192.168.1.250''​   * ''​150''​ is the maximum number of addresses that may be leased, in the default configuration ''​192.168.1.250''​
   * ''​12h''​ specifies the time to live for handed out leases, twelve hours in this example   * ''​12h''​ specifies the time to live for handed out leases, twelve hours in this example
 +  * ''​server''​ defines the mode for IPv6 configuration (RA & DHCPv6)
  
 Below is a listing of legal options for ''​dhcp''​ sections. Below is a listing of legal options for ''​dhcp''​ sections.
Line 103: Line 114:
 <​sortable>​ <​sortable>​
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''​dhcp_option''​ | list of strings | no | //(none)// | Additional options ​to be added for this //​network-id//​. For example ​with '​26,​1470'​ or '​option:​mtu,​ 1470' ​you can assign an MTU per DHCP. Your client must accept MTU by DHCP for this to work |+| ''​dhcp_option''​ | list of strings | no | //(none)// | The ID dhcp_option here must be with written with an underscore. OpenWrt will translate this to --dhcp-option,​ with a hyphen, as ultimately used by dnsmasq. Multiple option values can be given for this //​network-id//​with a a space between them and the total string between ""​. E.g. '​26,​1470'​ or '​option:​mtu,​ 1470' ​that can assign an MTU per DHCP. Your client must accept MTU by DHCP for this to work. Or "​3,​192.168.1.1 6,​192.168.1.1"​ to give out gateway and dns server addresses. ​|
 | ''​dynamicdhcp''​ | boolean | no | ''​1''​ | Dynamically allocate client addresses, if set to ''​0''​ only clients present in the ''​ethers''​ files are served | | ''​dynamicdhcp''​ | boolean | no | ''​1''​ | Dynamically allocate client addresses, if set to ''​0''​ only clients present in the ''​ethers''​ files are served |
 | ''​force''​ | boolean | no | ''​0''​ | Forces DHCP serving on the specified interface even if another DHCP server is detected on the same network segment | | ''​force''​ | boolean | no | ''​0''​ | Forces DHCP serving on the specified interface even if another DHCP server is detected on the same network segment |
 | ''​ignore''​ | boolean | no | ''​0''​ | Specifies whether //dnsmasq// should ignore this pool if set to ''​1''​ | | ''​ignore''​ | boolean | no | ''​0''​ | Specifies whether //dnsmasq// should ignore this pool if set to ''​1''​ |
-| ''​interface''​ | logical interface name | yes | //(none)// | Specifies the interface associated with this DHCP address pool; must be one of the interfaces defined in ''/​etc/​config/​network''​ |+| ''​dhcpv6''​ | string | no | ''​none''​ | Specifies whether DHCPv6 server should be enabled (''​server''​),​ relayed (''​relay''​) or disabled (''​disabled''​) | 
 +| ''​ra''​ | string | no | ''​none''​ | Specifies whether Router Advertisements should be enabled (''​server''​),​ relayed (''​relay''​) or disabled (''​disabled''​) | 
 +| ''​ndp''​ | string | no | ''​none''​ | Specifies whether NDP should be relayed ''​relay''​ or disabled ''​none''​ | 
 +| ''​master''​ | boolean | no | 0 | Specifies whether DHCPv6, RA and NDP in relay mode is a master interface or not. | 
 +| ''​interface''​ | logical interface name | yes | //(none)// | Specifies the interface associated with this DHCP address pool; must be one of the interfaces defined in ''/​etc/​config/​network''​.|
 | ''​leasetime''​ | string | yes | ''​12h''​ | Specifies the lease time of addresses handed out to clients, for example ''​12h''​ or ''​30m''​ | | ''​leasetime''​ | string | yes | ''​12h''​ | Specifies the lease time of addresses handed out to clients, for example ''​12h''​ or ''​30m''​ |
 | ''​limit''​ | integer | yes | ''​150''​ | Specifies the maximum allowable address that may be leased to clients, calculated as network address + "​start"​ + "​limit"​. :!: The maximum number of leased addresses is limit+1 | | ''​limit''​ | integer | yes | ''​150''​ | Specifies the maximum allowable address that may be leased to clients, calculated as network address + "​start"​ + "​limit"​. :!: The maximum number of leased addresses is limit+1 |
-| ''​networkid''​ | string | no | //(value of ''​interface''​)//​ | Assigns a //​network-id//​ to all clients that obtain an IP address from this pool. |+| ''​networkid''​ | string | no | //(value of ''​interface''​)//​ | The dhcp functionality defined in the dhcp section is limited to the interface indicated here through its //​network-id//​. In case omitted the system tries to know the network-id via the '​interface'​ setting in this dhcp section, through consultation of /​etc/​config/​network. Some IDs get assigned dynamically,​ are not provided by network, but still can be set here |
 | ''​start''​ | integer | yes | ''​100''​ | Specifies the offset from the network address of the underlying interface to calculate the minimum address that may be leased to clients. It may be greater than 255 to span subnets.| | ''​start''​ | integer | yes | ''​100''​ | Specifies the offset from the network address of the underlying interface to calculate the minimum address that may be leased to clients. It may be greater than 255 to span subnets.|
 </​sortable>​ </​sortable>​
 +
 +Notes:
 +  * Although called '​interface',​ this is the network name, i.e. lan, wan, wifi etc. (section names in /​etc/​config/​network),​ NOT the interface name used internally, like eth0, eth1, wlan0 etc. (the '​ifname'​ IDs in /​etc/​config/​network).
 +  * Although called '​networkid',​ this is the interface name used internally, i.e. eth0, eth1, wlan0 etc., not the network name (lan, wan, wifi etc.).
 +This departs from '​ifname'​ and '​network'​ as used in /​etc/​config/​network and in /​etc/​config/​wireless,​ so double check!
  
 ==== Static Leases ==== ==== Static Leases ====
Line 125: Line 145:
         option name     '​mypc'​         option name     '​mypc'​
 </​code>​ </​code>​
-This adds the fixed IP address 192.168.1.2 and the name "​mypc"​ for a machine with the (Ethernet) hardware address 00:​11:​22:​33:​44:​55+This adds the fixed IP address 192.168.1.2 and the name "​mypc"​ for a machine with the (Ethernet) hardware address 00:​11:​22:​33:​44:​55
 + 
 +<​code>​config host 
 +        option ip       '​192.168.1.3'​ 
 +        option mac      '​11:​22:​33:​44:​55:​66,​aa:​bb:​cc:​dd:​ee:​ff'​ 
 +        option name     '​mylaptop'​ 
 +</​code>​ 
 +This adds the fixed IP address 192.168.1.3 and the name "​mylaptop"​ for a machine with the (Ethernet) hardware address 11:​22:​33:​44:​55:​66 or aa:​bb:​cc:​dd:​ee:​ff. Note that this is **unreliable** if more than one of the listed mac addresses is on the network simultaneously. It's useful for cases such as a laptop with both wireless and wired interfaces, provided that only one will be active at a given time.
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''​ip''​ | string | yes | //(none)// | The IP address to be used for this host. | +| ''​ip''​ | string | yes | //(none)// | '​ignore'​ or the IP address to be used for this host. | 
-| ''​mac''​ | string | yes | //(none)// | The hardware address of this host. |+| ''​mac''​ | string | no | //(none)// | The hardware address(es) of this host, separated by commas. | 
 +| ''​hostid''​ | string | no | //(none)// | The IPv6 interface identifier (address suffix) as hexadecimal number (max. 8 chars) | 
 +| ''​duid''​ | string | no | //(none)// | The DHCPv6-DUID ​of this host. |
 | ''​name''​ | string | no | //(none)// | Optional hostname to assign. | | ''​name''​ | string | no | //(none)// | Optional hostname to assign. |
 +| ''​tag''​ | string | no | //(none)// | Set the given tag for matching hosts. | 
 +| ''​dns''​ | boolean | no | ''​0''​ | Add static forward and reverse DNS entries for this host. | 
 +| ''​broadcast''​ | boolean | no | ''​0''​ | Force broadcast DHCP response. |
  
 As well as adding ''​host''​ sections, you can also enable the ''​dnsmasq''​ section option ''​readethers'',​ and add entries to the ''/​etc/​ethers''​ file. As well as adding ''​host''​ sections, you can also enable the ''​dnsmasq''​ section option ''​readethers'',​ and add entries to the ''/​etc/​ethers''​ file.
  
-//Note: uci requires you to specify ​MAC address(es) of ''​mypc'' ​client, however ​''​dnsmasq'' ​itself don't. IP address is then assigned to DHCP client according to the name he usesnot the MAC address he hasIf you decide to go this way, you will need to edit ''/etc/​dnsmasq.conf'' ​fileDetails ​can be found in ''​dnsmasq''​ man page in [[http://​www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html|--dhcp-host]] description. See the [[https://dev.openwrt.org/​ticket/​11928|ticket]] for updates.//+==== DHCP OPTION example ​to set an alternative default gateway ==== 
 +You can specify ​an alternative default Gateway 
 + 
 +<​code>​config ​'dhcp' 'lan' 
 +        option '​interface'​ 'lan' 
 +        option ​'start' '100' 
 +        option '​limit'​ '​150'​ 
 +        option '​leasetime'​ '​12h'​ 
 +        list '​dhcp_option'​ '3,192.168.1.2' 
 +</code> 
 + 
 +use the list 'dhcp_option' ​'​3,​192.168.1.2' to set the default gateway. A list of options ​can be found here  ​[[http://​www.networksorcery.com/enp/protocol/bootp/options.htm here]]
  
 ==== Booting Options ==== ==== Booting Options ====
Line 181: Line 223:
 | ''​remoteid'' ​ | Matches the remote ID as sent by the relay agent, as defined in RFC3046. | | ''​remoteid'' ​ | Matches the remote ID as sent by the relay agent, as defined in RFC3046. |
 | ''​subscrid'' ​ | Matches the subscriber ID as sent by the relay agent, as defined in RFC3993. | | ''​subscrid'' ​ | Matches the subscriber ID as sent by the relay agent, as defined in RFC3993. |
 +
 +
 +An example using the '​mac'​ classifier to create a tagged network for openvpn would look like this in the config file:
 +<​code>​
 +config mac '​opnvpn'​
 +        option mac  '​00:​FF:​*:​*:​*:​*'​
 +        option networkid ​  '​opnvpn'​
 +        list   ​dhcp_option '​3'​
 +</​code>​
 +
 +
 +And like this in UCI
 +<​code>​
 +dhcp.opnvpn=mac
 +dhcp.opnvpn.mac=00:​FF:​*:​*:​*:​*
 +dhcp.opnvpn.networkid=opnvpn
 +dhcp.opnvpn.dhcp_option=3
 +</​code>​
  
 //​DHCP-option//​ adds a DHCP option for this //​network-id//​. See the //dnsmsq// man page for a complete explanation of the syntax of the ''​-O''​ option. //​DHCP-option//​ adds a DHCP option for this //​network-id//​. See the //dnsmsq// man page for a complete explanation of the syntax of the ''​-O''​ option.
Line 194: Line 254:
  
 <​code>​dhcp-script=/​sbin/​action.sh</​code>​ <​code>​dhcp-script=/​sbin/​action.sh</​code>​
 +
 +==== DNS and DHCP Ports ====
 +DNS needs TCP and UDP port 53 open on the firewall. ​ DHCP needs UDP ports 67 and 68 open from your zone to/from the firewall. ​ See http://​wiki.openwrt.org/​doc/​recipes/​guest-wlan and http://​www.thekelleys.org.uk/​dnsmasq/​docs/​dnsmasq-man.html (viz "​--dhcp-alternate-port"​) for more information.
  
 ===== Examples ===== ===== Examples =====
Line 207: Line 270:
  
 === Troubleshooting === === Troubleshooting ===
-:!: **Windows 7** has bringed ​new //​Microsoft-enhanced//​ feature. It won't assign IP address obtained from DHCP server to an interface, if the IP was used before for another interface, ​despite the another ​interface is **NOT** active currently (i.e. cable is out). This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux.+:!: **Windows 7** has introduced a new //​Microsoft-enhanced//​ feature. It won't assign IP address obtained from DHCP server to an interface, if the IP was used before for another interface, ​even if that other interface is **NOT** active currently (i.e. cable disconnected). This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux.
  
-If you try configure MAC address hot swap on your router, Windows 7 clients will end up in infinite [[http://​tools.ietf.org/​html/​rfc1531#​section-3.1|DORA]] loop.+If you try configure MAC address hot swap on your router, Windows 7 clients will end up in an infinite [[http://​tools.ietf.org/​html/​rfc1531#​section-3.1|DORA]] loop.
  
 Solution: Solution:
-  - Create bridge from wireless and ethernet ​interface ​on your client +  - Create ​bridge from the wireless and ethernet ​interfaces ​on your client 
-    * its trivial[[googe>​windows 7 create bridge|google it]] +    * it'​s ​trivial[[googe>​windows 7 create bridge|google it]] 
-    * you will have to add MAC address of the bridge to ''/​etc/​config/​dhcp''​+    * you will have to add the MAC address of the bridge to ''/​etc/​config/​dhcp''​
       * <​code>​config '​host'​       * <​code>​config '​host'​
  option '​name'​ '​example-host'​  option '​name'​ '​example-host'​
  option '​ip' ​  '​192.168.1.230'​  option '​ip' ​  '​192.168.1.230'​
  option '​mac' ​ '​00:​a0:​24:​5a:​33:​69 00:​11:​22:​33:​44:​55 02:​a0:​24:​5a:​33:​69 02:​11:​22:​33:​44:​55'</​code>​  option '​mac' ​ '​00:​a0:​24:​5a:​33:​69 00:​11:​22:​33:​44:​55 02:​a0:​24:​5a:​33:​69 02:​11:​22:​33:​44:​55'</​code>​
-    * Since the bridge will probably take and alter your ethernet MAC address, you will loose SLAAC on wifi interface, making your laptop IPv6-disabled when only wireless is up. +    * Since the bridge will probably take and alter your ethernet MAC address, you will lose SLAAC on wifi interface, making your laptop IPv6-disabled when only wireless is up. 
-  - Another solution is IPv6 friendly, ​but it involves user interaction,​ but you dont need to create ​network ​bridge nor add MAC address to dnsmasq config file. +  - Another solution is IPv6 friendly, you don'​t ​need to create ​bridgenor add MAC address to dnsmasq config file, but it involves user interaction:​ 
-    * When you plug-in ethernet cable, disable wireless interface in control panel (power off wireless won't do it). +    * When you plug the ethernet cable in, disable wireless interface in control panel (power off wireless won't do it). 
     * When you unplug ethernet cable, enable wireless and disable ethernet.     * When you unplug ethernet cable, enable wireless and disable ethernet.
-    * Its not that painful if you don't have to do it every day. 
  
 Notes: Notes:
   * http://​answers.microsoft.com/​en-us/​windows/​forum/​windows_7-networking/​windows-7-refuses-dhcp-addresses-if-they-were/​1b72b289-0f58-492f-afb8-e76c80a81f00   * http://​answers.microsoft.com/​en-us/​windows/​forum/​windows_7-networking/​windows-7-refuses-dhcp-addresses-if-they-were/​1b72b289-0f58-492f-afb8-e76c80a81f00
 +
 +==== Only allow static leases ====
 +
 +If you want to distribute IPv4 addresses to known clients only (static leases), use:
 +
 +<​code>​
 +config dhcp '​lan'​
 +        ...
 +        option dynamicdhcp 0
 +</​code>​
 +
 +With this, dnsmasq will consider static leases defined in "​config host" blocks and in /​etc/​ethers,​ and refuse to hand out any IPv4 address to unknown clients.
 +
 +Note that you shouldn'​t use this as a security feature to prevent unwanted clients from connecting. ​ A client can simply configure a static IP in the right range to have access to the network.
  
 ==== Custom Domain ==== ==== Custom Domain ====
Line 233: Line 309:
  
 :!: Note that this currently only works for IPv4 addresses and that this functionality is not present in release prior to 8.09.2 . :!: Note that this currently only works for IPv4 addresses and that this functionality is not present in release prior to 8.09.2 .
 +
 +:!: Note that reverse records are not properly generated at present. (Barrier Breaker 14.07-RC2)
  
 <​code>​config '​domain'​ <​code>​config '​domain'​
Line 344: Line 422:
 root@OpenWrt:​~#​ root@OpenWrt:​~#​
 </​code>​ </​code>​
 +
 +==== Classifying Clients And Assigning Individual Options ====
 +
 +Assign different dhcp-options to a single MAC address:
 +<code bash>
 +uci batch <<'​EOF'​
 +add dhcp mac
 +set dhcp.@mac[-1].mac=00:​11:​22:​33:​44:​55
 +set dhcp.@mac[-1].networkid=someone
 +add_list dhcp.@mac[-1].dhcp_option=6,​192.168.1.3,​192.168.1.2,​192.168.1.1
 +add_list dhcp.@mac[-1].dhcp_option=3,​192.168.1.2
 +add_list dhcp.@mac[-1].dhcp_option=44,​192.168.1.3
 +commit dhcp
 +EOF
 +uci commit dhcp
 +/​etc/​init.d/​dnsmasq reload
 +</​code>​
 +Where 6=DNS, 3=Default Gateway, 44=WINS
 +
 +Assign different dhcp-options to multiple hosts:
 +
 +<code bash>
 +config host
 +    option name '​j400'​
 +    option mac '​00:​21:​63:​75:​aa:​17'​
 +    option ip '​10.11.12.14'​
 +    option tag '​vpn' ​ # assign tag "​vpn"​ to this host
 +
 +config host
 +    option name '​j500'​
 +    option mac '​01:​22:​64:​76:​bb:​18'​
 +    option ip '​10.11.12.15'​
 +    option tag '​vpn' ​ # assign tag "​vpn"​ to this host
 +
 +config tag '​vpn' ​ # match tag "​vpn"​
 +    list dhcp_option '​6,​8.8.8.8,​8.8.4.4' ​ # assign arbritary extra dhcp options to this tag
 +</​code>​
 +
 +FIXME Convert to procd: etc/​init.d/​dnsmasq restart ​
 +
 +==== Enabling DHCP without enabling DNS ====
 +
 +This is useful when you just want to hand out addresses to clients, without doing any DNS.
 +
 +<​code>​
 +config dnsmasq
 +       ...
 +       ​option port 0
 +       ​option domain ''​
 +</​code>​
 +
 +The second option prevents dnsmasq from giving out a domain name and DNS search list to clients: this is useless without DNS resolving.
 +
 +Of course, you will want to hand out the address of a DNS resolver to clients:
 +
 +<​code>​
 +config dhcp lan
 +       ​option interface lan
 +       ...
 +       list dhcp_option "​6,​80.67.188.188,​6,​80.67.169.12"​
 +       list dns         "​2001:​913::​8"​
 +       list dns         "​2001:​910:​800::​12" ​      
 +</​code>​
 +
 +The `dhcp_option` entry is meant for dnsmasq, while the more elegant `dns` entries are understood by odhcpd. ​ By default, odhcpd is only used for IPv6, but if you also use odhcpd for IPv4, you can just use `dns` entries for everything.
 +
 +==== Enabling DNS without enabling DHCP ====
 +
 +dnsmasq can be used to provide clients with a DNS server but not with DHCP (for example, if DHCP is already supplied by a separate server).
 +
 +First, dnsmasq must be turned on for the internal interface:
 +
 +  * Network > Interfaces
 +    * click the desired internal interface to select it
 +      * DHCP Server
 +        * click the "Setup DHCP Server"​ button to enable dnsmasq on this interface -- this will enable both DHCP and DNS
 +
 +Now that dnsmasq is enabled, the DHCP portion of dnsmasq needs to be turned off.
 +
 +  * Network > Interfaces
 +    * click the desired internal interface to select it
 +      * DHCP Server
 +        * Ignore interface: Enable this option
 +      * Save & Apply
 +
 +This change will turn off just DHCP but leave DNS services available on the specified interface.
doc/uci/dhcp.1351618429.txt.bz2 · Last modified: 2012/10/30 18:33 by cjm