Differences
This shows you the differences between two versions of the page.
|
doc:uci:dhcp [2012/12/30 12:32] racker79 |
doc:uci:dhcp [2013/05/23 14:58] (current) p0g0 |
||
|---|---|---|---|
| Line 38: | Line 38: | ||
| <sortable> | <sortable> | ||
| - | ^ Name ^ Type ^ Required ^ Default ^ Option ^ Description ^ | + | ^ Name ^ Type ^ Default ^ Option ^ Description ^ |
| - | | ''addnhosts'' | list of file paths | no | //(none)// | ''-H'' | Additional host files to read for serving DNS responses | | + | | ''add_local_domain'' | boolean | ''1'' | | Add the local domain as search directive in resolv.conf. | |
| - | | ''authoritative'' | boolean | no | ''0'' | ''-K'' | Force //dnsmasq// into authoritative mode. This speeds up DHCP leasing. Used if this is the only server on the network | | + | | ''add_local_hostname'' | boolean | ''1'' | | Add A and PTR records automatically for the local hostname. | |
| - | | ''bogusnxdomain'' | list of IP addresses | no | //(none)// | ''-B'' | IP addresses to convert into NXDOMAIN responses (to counteract "helpful" upstream DNS servers that never return NXDOMAIN). | | + | | ''addnhosts'' | list of file paths | //(none)// | ''-H'' | Additional host files to read for serving DNS responses | |
| - | | ''boguspriv'' | boolean | no | ''0'' | ''-b'' | Reject reverse lookups to private IP ranges where no corresponding entry exists in ''/etc/hosts'' | | + | | ''authoritative'' | boolean | ''0'' | ''-K'' | Force //dnsmasq// into authoritative mode. This speeds up DHCP leasing. Used if this is the only server on the network | |
| - | | ''cachelocal'' | boolean | no | ''1'' | | When set to ''0'', use each network interface's ''dns'' address in the local ''/etc/resolv.conf''. Normally, only the loopback address is used, and all queries go through //dnsmasq//. | | + | | ''bogusnxdomain'' | list of IP addresses | //(none)// | ''-B'' | IP addresses to convert into NXDOMAIN responses (to counteract "helpful" upstream DNS servers that never return NXDOMAIN). | |
| - | | ''cachesize'' | integer | no | ''150'' | ''-c'' | Size of //dnsmasq// query cache. | | + | | ''boguspriv'' | boolean | ''0'' | ''-b'' | Reject reverse lookups to private IP ranges where no corresponding entry exists in ''/etc/hosts'' | |
| - | | ''dbus'' | boolean | no | ''0'' | ''-1'' | Enable DBus messaging for //dnsmasq//.\\ :!: Standard builds of //dnsmasq// on OpenWRT do not include DBus support. | | + | | ''cachelocal'' | boolean | ''1'' | | When set to ''0'', use each network interface's ''dns'' address in the local ''/etc/resolv.conf''. Normally, only the loopback address is used, and all queries go through //dnsmasq//. | |
| - | | ''dhcp_boot'' | string | no | //(none)// | <code>--dhcp-boot</code> | Specifies BOOTP options, in most cases just the file name | | + | | ''cachesize'' | integer | ''150'' | ''-c'' | Size of //dnsmasq// query cache. | |
| - | | ''dhcphostsfile'' | file path | no | //(none)// | <code>--dhcp-hostsfile</code> | Specify an external file with per host DHCP options | | + | | ''dbus'' | boolean | ''0'' | ''-1'' | Enable DBus messaging for //dnsmasq//.\\ :!: Standard builds of //dnsmasq// on OpenWRT do not include DBus support. | |
| - | | ''dhcpleasemax'' | integer | no | ''150'' | ''-X'' | Maximum number of DHCP leases | | + | | ''dhcp_boot'' | string | //(none)// |<code>--dhcp-boot</code>| Specifies BOOTP options, in most cases just the file name | |
| - | | ''dnsforwardmax'' | integer | no | ''150'' | ''-0'' (zero) | Maximum number of concurrent connections | | + | | ''dhcphostsfile'' | file path | //(none)// | <code>--dhcp-hostsfile</code> | Specify an external file with per host DHCP options | |
| - | | ''domain'' | domain name | no | //(none)//' | ''-s'' | DNS domain handed out to DHCP clients | | + | | ''dhcpleasemax'' | integer | ''150'' | ''-X'' | Maximum number of DHCP leases | |
| - | | ''domainneeded'' | boolean | no | ''0'' | ''-D'' | Tells //dnsmasq// never to forward queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned | | + | | ''dnsforwardmax'' | integer | ''150'' | ''-0'' (zero) | Maximum number of concurrent connections | |
| - | | ''ednspacket_max'' | integer | no | ''1280'' | ''-P'' | Specify the largest EDNS.0 UDP packet which is supported by the DNS forwarder | | + | | ''domain'' | domain name | //(none)// | ''-s'' | DNS domain handed out to DHCP clients | |
| - | | ''enable_tftp'' | boolean | no | ''0'' | <code>--enable-tftp</code> | Enable the builtin TFTP server | | + | | ''domainneeded'' | boolean | ''0'' | ''-D'' | Tells //dnsmasq// never to forward queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned | |
| - | | ''expandhosts'' | boolean | no | ''0'' | ''-E'' | Add the local domain part to names found in ''/etc/hosts'' | | + | | ''ednspacket_max'' | integer | ''1280'' | ''-P'' | Specify the largest EDNS.0 UDP packet which is supported by the DNS forwarder | |
| - | | ''filterwin2k'' | boolean | no | ''0'' | ''-f'' | Do not forward requests that cannot be answered by public name servers | | + | | ''enable_tftp'' | boolean | ''0'' | <code>--enable-tftp</code> | Enable the builtin TFTP server | |
| - | | ''interface'' | list of interface names | no | //(all interfaces)// | ''-i'' | List of interfaces to listen on. If unspecified, //dnsmasq// will listen to all interfaces except those listed in ''notinterface''. | | + | | ''expandhosts'' | boolean | ''0'' | ''-E'' | Add the local domain part to names found in ''/etc/hosts'' | |
| - | | ''leasefile'' | file path | no | //(none)// | ''-l'' (ell) | Store DHCP leases in this file | | + | | ''filterwin2k'' | boolean | ''0'' | ''-f'' | Do not forward requests that cannot be answered by public name servers | |
| - | | ''local'' | string | no | //(none)// | ''-S'' | Look up DNS entries for this domain from ''/etc/hosts''. This follows the same syntax as ''server'' entries, see the man page. | | + | | ''fqdn'' | boolean | ''0'' | <code>--dhcp-fqdn</code> | Do not resolve unqualifed local hostnames. Needs ''domain'' to be set. | |
| - | | ''localise_queries'' | boolean | no | ''0'' | ''-y'' | Choose IP address to match the incoming interface if multiple addresses are assigned to a host name in ''/etc/hosts''. :!: Note well the spelling of this option. | | + | | ''interface'' | list of interface names | //(all interfaces)// | ''-i'' | List of interfaces to listen on. If unspecified, //dnsmasq// will listen to all interfaces except those listed in ''notinterface''. | |
| - | | ''logqueries'' | boolean | no | ''0'' | ''-q'' | Log the results of DNS queries, dump cache on SIGUSR1 | | + | | ''leasefile'' | file path | //(none)// | ''-l'' (ell) | Store DHCP leases in this file | |
| - | | ''nodaemon'' | boolean | no | ''0'' | ''-d'' | Don't daemonize the //dnsmasq// process | | + | | ''local'' | string | //(none)// | ''-S'' | Look up DNS entries for this domain from ''/etc/hosts''. This follows the same syntax as ''server'' entries, see the man page. | |
| - | | ''nohosts'' | boolean | no | ''0'' | ''-h'' | Don't read DNS names from ''/etc/hosts'' | | + | | ''localise_queries'' | boolean | ''0'' | ''-y'' | Choose IP address to match the incoming interface if multiple addresses are assigned to a host name in ''/etc/hosts''. :!: Note well the spelling of this option. | |
| - | | ''nonegcache'' | boolean | no | ''0'' | ''-N'' | Disable caching of negative "no such domain" responses | | + | | ''logqueries'' | boolean | ''0'' | ''-q'' | Log the results of DNS queries, dump cache on SIGUSR1 | |
| - | | ''noresolv'' | boolean | no | ''0'' | ''-R'' | Don't read upstream servers from ''/etc/resolv.conf'' | | + | | ''nodaemon'' | boolean | ''0'' | ''-d'' | Don't daemonize the //dnsmasq// process | |
| - | | ''notinterface'' | list of interface names | no | //(none)// | ''-I'' (eye) | Interfaces //dnsmasq// should not listen on. | | + | | ''nohosts'' | boolean | ''0'' | ''-h'' | Don't read DNS names from ''/etc/hosts'' | |
| - | | ''nonwildcard'' | boolean | no | ''0'' | ''-z'' | Bind only configured interface addresses, instead of the wildcard address. | | + | | ''nonegcache'' | boolean | ''0'' | ''-N'' | Disable caching of negative "no such domain" responses | |
| - | | ''port'' | port number | no | ''53'' | ''-p'' | Listening port for DNS queries, disables DNS server functionality if set to ''0'' | | + | | ''noresolv'' | boolean | ''0'' | ''-R'' | Don't read upstream servers from ''/etc/resolv.conf'' | |
| - | | ''queryport'' | integer | no | //(none)// | ''-Q'' | Use a fixed port for outbound DNS queries | | + | | ''notinterface'' | list of interface names | //(none)// | ''-I'' (eye) | Interfaces //dnsmasq// should not listen on. | |
| - | | ''readethers'' | boolean | no | ''0'' | ''-Z'' | Read static lease entries from ''/etc/ethers'', re-read on SIGHUP | | + | | ''nonwildcard'' | boolean | ''0'' | ''-z'' | Bind only configured interface addresses, instead of the wildcard address. | |
| - | | ''resolvfile'' | file path | no | ''/etc/resolv.conf'' | ''-r'' | Specifies an alternative resolv file | | + | | ''port'' | port number | ''53'' | ''-p'' | Listening port for DNS queries, disables DNS server functionality if set to ''0'' | |
| - | | ''server'' | list of strings | no | //(none)// | ''-S'' | List of DNS servers to forward requests to. See the //dnsmasq// man page for syntax details. | | + | | ''queryport'' | integer | //(none)// | ''-Q'' | Use a fixed port for outbound DNS queries | |
| - | | ''strictorder'' | boolean | no | ''0'' | ''-o'' | Obey order of DNS servers in ''/etc/resolv.conf'' | | + | | ''readethers'' | boolean | ''0'' | ''-Z'' | Read static lease entries from ''/etc/ethers'', re-read on SIGHUP | |
| - | | ''tftp_root'' | directory path | no | //(none)// | <code>--tftp-root</code> | Specifies the TFTP root directory | | + | | ''resolvfile'' | file path | ''/etc/resolv.conf'' | ''-r'' | Specifies an alternative resolv file | |
| - | | ''rebind_protection'' | boolean | no | ''1'' | <code>--stop-dns-rebind</code> | Enables DNS rebind attack protection by discarding upstream RFC1918 responses | | + | | ''server'' | list of strings | //(none)// | ''-S'' | List of DNS servers to forward requests to. See the //dnsmasq// man page for syntax details. | |
| - | | ''rebind_localhost'' | boolean | no | ''0'' | <code>--rebind-localhost-ok</code> | Allows upstream 127.0.0.0/8 responses, required for DNS based blacklist services, only takes effect if rebind protection is enabled | | + | | ''strictorder'' | boolean | ''0'' | ''-o'' | Obey order of DNS servers in ''/etc/resolv.conf'' | |
| - | | ''rebind_domain'' | list of domain names | no | //(none)// | <code>--rebind-domain-ok</code> | List of domains to allow RFC1918 responses for, only takes effect if rebind protection is enabled | | + | | ''tftp_root'' | directory path | //(none)// | --tftp-root | Specifies the TFTP root directory | |
| + | | ''rebind_protection'' | boolean | ''1'' | --stop-dns-rebind | Enables DNS rebind attack protection by discarding upstream RFC1918 responses | | ||
| + | | ''rebind_localhost'' | boolean | ''0'' |--rebind-localhost-ok| Allows upstream 127.0.0.0/8 responses, required for DNS based blacklist services, only takes effect if rebind protection is enabled | | ||
| + | | ''rebind_domain'' | list of domain names | //(none)// | --rebind-domain-ok | List of domains to allow RFC1918 responses for, only takes effect if rebind protection is enabled | | ||
| </sortable> | </sortable> | ||
| Line 127: | Line 130: | ||
| This adds the fixed IP address 192.168.1.2 and the name "mypc" for a machine with the (Ethernet) hardware address 00:11:22:33:44:55 | This adds the fixed IP address 192.168.1.2 and the name "mypc" for a machine with the (Ethernet) hardware address 00:11:22:33:44:55 | ||
| ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
| - | | ''ip'' | string | yes | //(none)// | The IP address to be used for this host. | | + | | ''ip'' | string | yes | //(none)// | 'ignore' or the IP address to be used for this host. | |
| - | | ''mac'' | string | yes | //(none)// | The hardware address of this host. | | + | | ''mac'' | string | no | //(none)// | The hardware address of this host. | |
| | ''name'' | string | no | //(none)// | Optional hostname to assign. | | | ''name'' | string | no | //(none)// | Optional hostname to assign. | | ||
| As well as adding ''host'' sections, you can also enable the ''dnsmasq'' section option ''readethers'', and add entries to the ''/etc/ethers'' file. | As well as adding ''host'' sections, you can also enable the ''dnsmasq'' section option ''readethers'', and add entries to the ''/etc/ethers'' file. | ||
| - | |||
| - | //Note: uci requires you to specify MAC address(es) of ''mypc'' client, however ''dnsmasq'' itself don't. IP address is then assigned to DHCP client according to the name he uses, not the MAC address he has. If you decide to go this way, you will need to edit ''/etc/dnsmasq.conf'' file. Details can be found in ''dnsmasq'' man page in [[http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html|--dhcp-host]] description. See the [[https://dev.openwrt.org/ticket/11928|ticket]] for updates.// | ||
| ==== DHCP OPTION example to set an alternative default gateway ==== | ==== DHCP OPTION example to set an alternative default gateway ==== | ||
| Line 207: | Line 208: | ||
| <code>dhcp-script=/sbin/action.sh</code> | <code>dhcp-script=/sbin/action.sh</code> | ||
| + | |||
| + | ==== DNS and DHCP Ports ==== | ||
| + | DNS needs TCP and UDP port 53 open on the firewall. DHCP needs UDP ports 67 and 68 open from your zone to/from the firewall. See http://wiki.openwrt.org/doc/recipes/guest-wlan and http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html (viz "--dhcp-alternate-port") for more information. | ||
| ===== Examples ===== | ===== Examples ===== | ||
doc/uci/dhcp.1356867158.txt.bz2 · Last modified: 2012/12/30 12:32 by racker79