【转载】关于dnsmasq的使用配置和文档翻译

nsmasq是什么我就不说了，请自行百度。
目前我需要使用的用途是：
1.dhcp（分配一个或者多个内网ip地址）
2.dns（锁定解析，改变解析指向和dns缓存）
3.简便，一次满足dhcp和dns 2个功能
备注：
dhcp是用udp 67端口的，dns是用tcp/udp 53端口的，有iptables的请自行处理

---

如何安装：
因为他方便小巧，性价比高，所以我yum了
yum install dnsmasq

---

如何启动关闭 重启

1. service dnsmasq stop

复制代码

Shutting down dnsmasq:                                     [  OK  ]

1. service dhcrelay start

复制代码

Starting dhcrelay:          [OK]

---

如何查看日志
tail -f /var/log/messages

---

目前我用到的配置，请各位参考对号入座：

1. resolv-file=/etc/resolv.dnsmasq.conf
   
2. server=/testdns.com/172.16.0.1
   
3. address=/www.test.com/192.168.0.12
   
4. interface=p3p1
   
5. listen-address=127.0.0.1,172.16.0.1
   
6. bind-interfaces
   
7. addn-hosts=/etc/dnsmasq.host
   
8. dhcp-range=172.16.0.30,172.16.1.254,255.255.128.0,30m
   
9. dhcp-host=B8:EE:65:D2:F9:B4,fred,172.16.1.139
   
10. dhcp-option=3,172.16.0.1
    
11. dhcp-option=19,0 # option ip-forwarding off
    
12. dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
    
13. dhcp-option=45,0.0.0.0 # netbios datagram distribution server
    
14. dhcp-option=46,8 # netbios node type
    
15. dhcp-lease-max=500
    
16. dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
    
17. cache-size=1000
    
18. dhcp-option=252,"\n"
    
19. 
    

复制代码

详细配置翻译在这里：
btw：
感谢jianshu不支持代码格式化 - 。-

1. Configuration file for dnsmasq.
   
2. 
   
3. Format is one option per line, legal options are the same
   
4. as the long options legal on the command line. See
   
5. "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
   
6. 
   
7. The following two options make you a better netizen, since they
   
8. tell dnsmasq to filter out queries which the public DNS cannot
   
9. answer, and which load the servers (especially the root servers)
   
10. uneccessarily. If you have a dial-on-demand link they also stop
    
11. these requests from bringing up the link uneccessarily.
    
12. 
    
13. Never forward plain names (without a dot or domain part)
    
14. 不转发无格式的域名（没有.的或者只有一部分的残缺域名）【不常用】
    
15. domain-needed
    
16. Never forward addresses in the non-routed address spaces.
    
17. 在未发送的地址空间内不转发域名地址，根据上下文信息，我的理解是在不通的网络环境下不做转发【不常用】
    
18. bogus-priv
    
19. 
    
20. Uncomment this to filter useless windows-originated DNS requests
    
21. which can trigger dial-on-demand links needlessly.
    
22. Note that (amongst other things) this blocks all SRV requests,
    
23. so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
    
24. This option only affects forwarding, SRV records originating for
    
25. dnsmasq (via srv-host= lines) are not suppressed by it.
    
26. 这是跟ad相关的东西，微软的特殊请求包，如果要使用kerberos，sip，xmmp gtlak那些就需要打开配置【不常用】
    
27. 引用信息：http://www.cnblogs.com/zhuangxuqiang/archive/2009/04/28/1445113.html
    
28. filterwin2k
    
29. 
    
30. Change this line if you want dns to get its upstream servers from
    
31. somewhere other that /etc/resolv.conf
    
32. 这个是很有用的东西，因为你要做自定义dns控制的话，最好单独独立一份dns服务器地址清单，系统默认的/etc/resolv.conf是会变化的，尤其是新版本的linux系统会跟随网卡配置变化或者其他网络管理套件变化，为了可靠性，单独独立一份出来管理，所以需要打开这个配置
    
33. resolv-file=
    
34. 
    
35. By default, dnsmasq will send queries to any of the upstream
    
36. servers it knows about and tries to favour servers to are known
    
37. to be up. Uncommenting this forces dnsmasq to try each query
    
38. with each server strictly in the order they appear in
    
39. /etc/resolv.conf
    
40. 强制按照resolv.conf的dns服务器顺序来进行解析，可能会有时候上游dns服务器的不稳定，可能a.dns服务器最近解析很慢，b.dns服务器最近解析很快，那么调整一下顺序，先走a再到b，你可以找到一个稳定的dns服务器使用顺序，这样也可以使用这个配置来优化一下，一般情况没必要【不常用】
    
41. strict-order
    
42. 
    
43. If you don't want dnsmasq to read /etc/resolv.conf or any other
    
44. file, getting its servers from this file instead (see below), then
    
45. uncomment this.
    
46. 不使用/etc/resolv.conf来进行上游dns服务器解析，这里跟上面的resolv-file配置配合使用，打开了这个配置然后指定一个新的resolv-file
    
47. no-resolv
    
48. 
    
49. If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
    
50. files for changes and re-read them then uncomment this.
    
51. 这个是是否轮训dns解析，例如a.dns解析不了去b.dns然后b.dns不行了又去a.dns【不常用】
    
52. no-poll
    
53. 
    
54. Add other name servers here, with domain specs if they are for
    
55. non-public domains.
    
56. 配置内网其他dns服务器的域名解析，一般来说用dnsmasq的环境不是复杂环境，所以不需要那么多【不常用】
    
57. server=/localnet/192.168.0.1
    
58. 
    
59. Example of routing PTR queries to nameservers: this will send all
    
60. address->name queries for 192.168.3/24 to nameserver 10.1.2.3
    
61. 反向解析记录，一般用于邮件系统，正向解析就是从域名到ip这样解析，反向就是从ip到域名【不常用】
    
62. server=/3.168.192.in-addr.arpa/10.1.2.3
    
63. 
    
64. Add local-only domains here, queries in these domains are answered
    
65. from /etc/hosts or DHCP only.
    
66. 设置本机使用域名，或许一些一定要用本机域名的程序要用，但不常见【不常用】
    
67. local=/localnet/
    
68. 
    
69. Add domains which you want to force to an IP address here.
    
70. The example below send any host in doubleclick.net to a local
    
71. webserver.
    
72. 这个是好家伙，强制解析，类似写host的效果，这样可以做域名绑定，避免被dns污染，也支持泛解析*号，现在世界都很危险，还是要保留内心的一丝纯洁的
    
73. address=/doubleclick.net/127.0.0.1
    
74. 
    
75. --address (and --server) work with IPv6 addresses too.
    
76. 上面配置的加强版，支持ipv6
    
77. address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
    
78. 
    
79. You can control how dnsmasq talks to a server: this forces
    
80. queries to 10.1.2.3 to be routed via eth1
    
81. 控制某台dns的解析请求从某个网卡出去【不常用】
    
82. --server=10.1.2.3@eth1
    
83. 
    
84. and this sets the source (ie local) address used to talk to
    
85. 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
    
86. IP on the machine, obviously).
    
87. 指定一个源地址去访问某个目标地址的某个端口，有点类似iptables的forward，实现原理不太懂，但这个会有用途的，例如强制门户，做中转，内网会较常用，简单的重定向，跟address作用类似
    
88. [email protected]
    
89. 
    
90. If you want dnsmasq to change uid and gid to something other
    
91. than the default, edit the following lines.
    
92. 简单易懂就不说了
    
93. user=
    
94. group=
    
95. 
    
96. If you want dnsmasq to listen for DHCP and DNS requests only on
    
97. specified interfaces (and the loopback) give the name of the
    
98. interface (eg eth0) here.
    
99. Repeat the line for more than one interface.
    
100. 指定监听某个接口，例如某张网卡，
     
101. interface=
     
102. Or you can specify which interface not to listen on
     
103. 指定排除监听某个接口
     
104. except-interface=
     
105. Or which to listen on by address (remember to include 127.0.0.1 if
     
106. you use this.)
     
107. 这个是重要选项，监听地址，要写上ip地址加上127.0.0.1，因为IP地址是给你的client机用的，127.0.0.1是给dnsmasq用的，为什么呢，是因为你要做dns缓存，要访问自己即是本机，格式就是ip,127.0.0.1
     
108. listen-address=
     
109. If you want dnsmasq to provide only DNS service on an interface,
     
110. configure it as shown above, and then use the following line to
     
111. disable DHCP on it.
     
112. 只提供dns服务，不提供dhcp服务，这个是因为一个内网是不可能有多台dhcp服务器的，多个dhcp会导致dhcp广播混乱，可能会造成的影响就是我分到了一个ip却上不了网，因为分给你ip的dhcp服务器是给上内网用的。
     
113. no-dhcp-interface=
     
114. 
     
115. On systems which support it, dnsmasq binds the wildcard address,
     
116. even when it is listening on only some interfaces. It then discards
     
117. requests that it shouldn't reply to. This has the advantage of
     
118. working even when interfaces come and go and change address. If you
     
119. want dnsmasq to really bind only the interfaces it is listening on,
     
120. uncomment this option. About the only time you may need this is when
     
121. running another nameserver on the same machine.
     
122. 绑定了网卡之后会保证dnsmasq不去骚扰其他网卡，保证请求不乱发，一般跟interface一起使用
     
123. bind-interfaces
     
124. 
     
125. If you don't want dnsmasq to read /etc/hosts, uncomment the
     
126. following line.
     
127. 是否使用hosts，如果你在上面的都指定好了固定的解析，如server=/localnet/192.168.0.1 那么可以只使用这个解析，不用hosts，不过嘛，hosts方便一点，而且hosts可以在dns挂了的情况下剩下，虽然只是本机服务器生效，还是建议用hosts的，只要整理好解析和hosts的列表就好了
     
128. no-hosts
     
129. or if you want it to read another file, as well as /etc/hosts, use
     
130. this.
     
131. 使用另外一个文件代替hosts，这样就可以不骚扰本机的host 从而保证服务器固有host不被影响，也可以给dnsmasq使用特别的hosts
     
132. addn-hosts=/etc/banner_add_hosts
     
133. 
     
134. Set this (and domain: see below) if you want to have a domain
     
135. automatically added to simple names in a hosts-file.
     
136. 自动给hosts的域名增加一个简单的名字，搭配下面的domain用的，【不常用】
     
137. expand-hosts
     
138. 
     
139. Set the domain for dnsmasq. this is optional, but if it is set, it
     
140. does the following things.
     
141. 1) Allows DHCP hosts to have fully qualified domain names, as long
     
142. as the domain part matches this setting.
     
143. 2) Sets the "domain" DHCP option thereby potentially setting the
     
144. domain of all systems configured by DHCP
     
145. 3) Provides the domain part for "expand-hosts"
     
146. 给dhcp服务器赋予一个域名，个人感觉不需要
     
147. domain=thekelleys.org.uk
     
148. 
     
149. Set a different domain for a particular subnet
     
150. 给一个dhcp子域一个域名，蛋疼了，还没想到为嘛要这样做，dhcp只是一个分配ip的叔叔，不过在ad服务器之类的环境是需要dns后缀的，因为ad需要客户端的域名来找到主机
     
151. domain=wireless.thekelleys.org.uk,192.168.2.0/24
     
152. 
     
153. Same idea, but range rather then subnet
     
154. 雷同。
     
155. domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
     
156. 
     
157. Uncomment this to enable the integrated DHCP server, you need
     
158. to supply the range of addresses available for lease and optionally
     
159. a lease time. If you have more than one network, you will need to
     
160. repeat this for each network on which you want to supply DHCP
     
161. service.
     
162. 这个是重要的东西，设置dhcp的ip发配range，就是你的dhcp服务器分配多少个ip出来，ip的范围从哪里到哪里，默认是c类网段，所以简略了掩码，后面增加一个租约时间，dhcp分配的ip是有租约的，租约过了是需要回收的。
     
163. dhcp-range=192.168.0.50,192.168.0.150,12h
     
164. 
     
165. This is an example of a DHCP range where the netmask is given. This
     
166. is needed for networks we reach the dnsmasq DHCP server via a relay
     
167. agent. If you don't know what a DHCP relay agent is, you probably
     
168. don't need to worry about this.
     
169. 这就是标准语法，分配c类网段，12h租约，支持多个subnet，多行写就行了，不过需要注意的是多个网段是需要dhcp中继的，dhcp中继请自行百度，大概就是独立一个网卡，监听dhcp的御用67 udp和tcp端口，连接主dhcp服务器
     
170. dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
     
171. 
     
172. This is an example of a DHCP range with a network-id, so that
     
173. some DHCP options may be set only for this network.
     
174. 可以在分配ip的时候授予这些ip一个名字，也可以叫做network-id，用来识别这个标志是属于这些ip的，用途在下面会说到。但这属于高级功能，还不一定所有client设备都能够支持，所以了解一下按需使用就好了。
     
175. dhcp-range=red,192.168.0.50,192.168.0.150
     
176. 
     
177. Supply parameters for specified hosts using DHCP. There are lots
     
178. of valid alternatives, so we will give examples of each. Note that
     
179. IP addresses DO NOT have to be in the range given above, they just
     
180. need to be on the same network. The order of the parameters in these
     
181. do not matter, it's permissble to give name,adddress and MAC in any order
     
182. 
     
183. Always allocate the host with ethernet address 11:22:33:44:55:66
     
184. The IP address 192.168.0.60
     
185. 绑定网卡地址对应ip地址，用的是host的方式，类似在hosts文件写一个host name 对应一个ip，所以这个不是arp绑定，要区分。
     
186. dhcp-host=11:22:33:44:55:66,192.168.0.60
     
187. 
     
188. Always set the name of the host with hardware address
     
189. 11:22:33:44:55:66 to be "fred"
     
190. 绑定mac地址对应一个host name ，我个人觉得绑定mac对应ip就足够了，绑定对应名字比较少见
     
191. dhcp-host=11:22:33:44:55:66,fred
     
192. 
     
193. Always give the host with ethernet address 11:22:33:44:55:66
     
194. the name fred and IP address 192.168.0.60 and lease time 45 minutes
     
195. 这个是组合版，绑定某个mac对应fred名字，然后加上一个ip分配，并设置租约，这个只能说是灵活配置的参考，没啥实际意义
     
196. dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
     
197. 
     
198. Give a host with ethernet address 11:22:33:44:55:66 or
     
199. 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
     
200. that these two ethernet interfaces will never be in use at the same
     
201. time, and give the IP address to the second, even if it is already
     
202. in use by the first. Useful for laptops with wired and wireless
     
203. addresses.
     
204. 绑定一个ip对应多mac地址，用途场景存在于实验室和无线网络，我想，只是为了让2块网卡用同一个ip这样单纯而纯洁的需求而已【不常用】
     
205. dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
     
206. 
     
207. Give the machine which says its name is "bert" IP address
     
208. 192.168.0.70 and an infinite lease
     
209. 绑定名字对应ip，并且给了一个新参数，无限租约
     
210. dhcp-host=bert,192.168.0.70,infinite
     
211. 
     
212. Always give the host with client identifier 01:02:02:04
     
213. the IP address 192.168.0.60
     
214. 给予一个特殊标识符对应ip，用途不明
     
215. dhcp-host=id:01:02:02:04,192.168.0.60
     
216. 
     
217. Always give the host with client identifier "marjorie"
     
218. the IP address 192.168.0.60
     
219. 跟上一条类似，只是标识符还支持普通字符字串
     
220. dhcp-host=id:marjorie,192.168.0.60
     
221. 
     
222. Enable the address given for "judge" in /etc/hosts
     
223. to be given to a machine presenting the name "judge" when
     
224. it asks for a DHCP lease.
     
225. 用hosts文件的名字来分配ip【不常用】
     
226. dhcp-host=judge
     
227. 
     
228. Never offer DHCP service to a machine whose ethernet
     
229. address is 11:22:33:44:55:66
     
230. 使用忽略参数，遇到某个mac网卡的时候不分配ip
     
231. dhcp-host=11:22:33:44:55:66,ignore
     
232. 
     
233. Ignore any client-id presented by the machine with ethernet
     
234. address 11:22:33:44:55:66. This is useful to prevent a machine
     
235. being treated differently when running under different OS's or
     
236. between PXE boot and OS boot.
     
237. 关于pxe的不描述了
     
238. dhcp-host=11:22:33:44:55:66,id:*
     
239. 
     
240. Send extra options which are tagged as "red" to
     
241. the machine with ethernet address 11:22:33:44:55:66
     
242. dhcp-host=11:22:33:44:55:66,net:red
     
243. 
     
244. Send extra options which are tagged as "red" to
     
245. any machine with ethernet address starting 11:22:33:
     
246. dhcp-host=11:22:33:::*,net:red
     
247. 
     
248. Ignore any clients which are specified in dhcp-host lines
     
249. or /etc/ethers. Equivalent to ISC "deny unkown-clients".
     
250. This relies on the special "known" tag which is set when
     
251. a host is matched.
     
252. dhcp-ignore=known
     
253. 
     
254. Send extra options which are tagged as "red" to any machine whose
     
255. DHCP vendorclass string includes the substring "Linux"
     
256. dhcp-vendorclass=red,Linux
     
257. 
     
258. Send extra options which are tagged as "red" to any machine one
     
259. of whose DHCP userclass strings includes the substring "accounts"
     
260. dhcp-userclass=red,accounts
     
261. 
     
262. Send extra options which are tagged as "red" to any machine whose
     
263. MAC address matches the pattern.
     
264. dhcp-mac=red,00:60:8C:::*
     
265. 
     
266. If this line is uncommented, dnsmasq will read /etc/ethers and act
     
267. on the ethernet-address/IP pairs found there just as if they had
     
268. been given as --dhcp-host options. Useful if you keep
     
269. MAC-address/host mappings there for other purposes.
     
270. 使用额外的文件代替主配置文件来处理dhcp-host的匹配，这个主要为了方便管理，将所有需要用到的dhcp-host配置都搬进去
     
271. read-ethers
     
272. 
     
273. Send options to hosts which ask for a DHCP lease.
     
274. See RFC 2132 for details of available options.
     
275. Common options can be given to dnsmasq by name:
     
276. run "dnsmasq --help dhcp" to get a list.
     
277. Note that all the common settings, such as netmask and
     
278. broadcast address, DNS server and default route, are given
     
279. sane defaults by dnsmasq. You very likely will not need
     
280. any dhcp-options. If you use Windows clients and Samba, there
     
281. are some options which are recommended, they are detailed at the
     
282. end of this section.
     
283. 
     
284. Override the default route supplied by dnsmasq, which assumes the
     
285. router is the same machine as the one running dnsmasq.
     
286. 设置默认网关，这是指dhcp下发ip后，client的ip获取到的网关信息，很有用，还可以做多种静态路由，3代表默认网关，后面跟ip或者子网
     
287. dhcp-option=3,1.2.3.4
     
288. 
     
289. Do the same thing, but using the option name
     
290. 或者可以直接写关键字router也是代表静态网关
     
291. dhcp-option=option:router,1.2.3.4
     
292. 
     
293. Override the default route supplied by dnsmasq and send no default
     
294. route at all. Note that this only works for the options sent by
     
295. default (1, 3, 6, 12, 28) the same line will send a zero-length option
     
296. for all other option numbers.
     
297. dhcp-option=3
     
298. 
     
299. Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
     
300. 设置ntp服务器，不知道怎么验证，暂时不用
     
301. dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
     
302. 
     
303. Set the NTP time server address to be the same machine as
     
304. is running dnsmasq
     
305. dhcp-option=42,0.0.0.0
     
306. 
     
307. Set the NIS domain name to "welly"
     
308. dhcp-option=40,welly
     
309. 
     
310. Set the default time-to-live to 50
     
311. TTL现在一般都是指路由跳数了，50足够了。
     
312. dhcp-option=23,50
     
313. 
     
314. Set the "all subnets are local" flag
     
315. dhcp-option=27,1
     
316. 
     
317. Send the etherboot magic flag and then etherboot options (a string).
     
318. dhcp-option=128,e4:45:74:68:00:00
     
319. dhcp-option=129,NIC=eepro100
     
320. 
     
321. Specify an option which will only be sent to the "red" network
     
322. (see dhcp-range for the declaration of the "red" network)
     
323. Note that the net: part must precede the option: part.
     
324. dhcp-option = net:red, option:ntp-server, 192.168.1.1
     
325. 
     
326. The following DHCP options set up dnsmasq in the same way as is specified
     
327. for the ISC dhcpcd in
     
328. http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
     
329. adapted for a typical dnsmasq installation where the host running
     
330. dnsmasq is also the host running samba.
     
331. you may want to uncomment some or all of them if you use
     
332. Windows clients and Samba.
     
333. 用windows作为client端要把这个带上，这样会快一点获取ip
     
334. dhcp-option=19,0 option ip-forwarding off
     
335. dhcp-option=44,0.0.0.0 set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
     
336. dhcp-option=45,0.0.0.0 netbios datagram distribution server
     
337. dhcp-option=46,8 netbios node type
     
338. 
     
339. Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
     
340. probably doesn't support this......
     
341. dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
     
342. 
     
343. Send RFC-3442 classless static routes (note the netmask encoding)
     
344. dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
     
345. 
     
346. Send vendor-class specific options encapsulated in DHCP option 43.
     
347. The meaning of the options is defined by the vendor-class so
     
348. options are sent only when the client supplied vendor class
     
349. matches the class given here. (A substring match is OK, so "MSFT"
     
350. matches "MSFT" and "MSFT 5.0"). This example sets the
     
351. mtftp address to 0.0.0.0 for PXEClients.
     
352. dhcp-option=vendor:PXEClient,1,0.0.0.0
     
353. 
     
354. Send microsoft-specific option to tell windows to release the DHCP lease
     
355. when it shuts down. Note the "i" flag, to tell dnsmasq to send the
     
356. value as a four-byte integer - that's what microsoft wants. See
     
357. http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
     
358. dhcp-option=vendor:MSFT,2,1i
     
359. 
     
360. Send the Encapsulated-vendor-class ID needed by some configurations of
     
361. Etherboot to allow is to recognise the DHCP server.
     
362. dhcp-option=vendor:Etherboot,60,"Etherboot"
     
363. 
     
364. Send options to PXELinux. Note that we need to send the options even
     
365. though they don't appear in the parameter request list, so we need
     
366. to use dhcp-option-force here.
     
367. See http://syslinux.zytor.com/pxe.phpspecial for details.
     
368. Magic number - needed before anything else is recognised
     
369. dhcp-option-force=208,f1:00:74:7e
     
370. Configuration file name
     
371. dhcp-option-force=209,configs/common
     
372. Path prefix
     
373. dhcp-option-force=210,/tftpboot/pxelinux/files/
     
374. Reboot time. (Note 'i' to send 32-bit value)
     
375. dhcp-option-force=211,30i
     
376. 
     
377. Set the boot filename for netboot/PXE. You will only need
     
378. this is you want to boot machines over the network and you will need
     
379. a TFTP server; either dnsmasq's built in TFTP server or an
     
380. external one. (See below for how to enable the TFTP server.)
     
381. dhcp-boot=pxelinux.0
     
382. 
     
383. Boot for Etherboot gPXE. The idea is to send two different
     
384. filenames, the first loads gPXE, and the second tells gPXE what to
     
385. load. The dhcp-match sets the gpxe tag for requests from gPXE.
     
386. dhcp-match=gpxe,175 gPXE sends a 175 option.
     
387. dhcp-boot=net:gpxe,undionly.kpxe
     
388. dhcp-boot=mybootimage
     
389. 
     
390. Encapsulated options for Etherboot gPXE. All the options are
     
391. encapsulated within option 175
     
392. dhcp-option=encap:175, 1, 5b priority code
     
393. dhcp-option=encap:175, 176, 1b no-proxydhcp
     
394. dhcp-option=encap:175, 177, string bus-id
     
395. dhcp-option=encap:175, 189, 1b BIOS drive code
     
396. dhcp-option=encap:175, 190, user iSCSI username
     
397. dhcp-option=encap:175, 191, pass iSCSI password
     
398. 
     
399. Test for the architecture of a netboot client. PXE clients are
     
400. supposed to send their architecture as option 93. (See RFC 4578)
     
401. dhcp-match=peecees, option:client-arch, 0 x86-32
     
402. dhcp-match=itanics, option:client-arch, 2 IA64
     
403. dhcp-match=hammers, option:client-arch, 6 x86-64
     
404. dhcp-match=mactels, option:client-arch, 7 EFI x86-64
     
405. 
     
406. Do real PXE, rather than just booting a single file, this is an
     
407. alternative to dhcp-boot.
     
408. pxe-prompt="What system shall I netboot?"
     
409. or with timeout before first available action is taken:
     
410. pxe-prompt="Press F8 for menu.", 60
     
411. 
     
412. Available boot services. for PXE.
     
413. pxe-service=x86PC, "Boot from local disk", 0
     
414. 
     
415. Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
     
416. pxe-service=x86PC, "Install Linux", pxelinux
     
417. 
     
418. Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
     
419. Beware this fails on old PXE ROMS.
     
420. pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
     
421. 
     
422. Use bootserver on network, found my multicast or broadcast.
     
423. pxe-service=x86PC, "Install windows from RIS server", 1
     
424. 
     
425. Use bootserver at a known IP address.
     
426. pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
     
427. 
     
428. If you have multicast-FTP available,
     
429. information for that can be passed in a similar way using options 1
     
430. to 5. See page 19 of
     
431. http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
     
432. 
     
433. Enable dnsmasq's built-in TFTP server
     
434. enable-tftp
     
435. 
     
436. Set the root directory for files availble via FTP.
     
437. tftp-root=/var/ftpd
     
438. 
     
439. Make the TFTP server more secure: with this set, only files owned by
     
440. the user dnsmasq is running as will be send over the net.
     
441. tftp-secure
     
442. 
     
443. Set the boot file name only when the "red" tag is set.
     
444. dhcp-boot=net:red,pxelinux.red-net
     
445. 
     
446. An example of dhcp-boot with an external TFTP server: the name and IP
     
447. address of the server are given after the filename.
     
448. Can fail with old PXE ROMS. Overridden by --pxe-service.
     
449. dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
     
450. 
     
451. Set the limit on DHCP leases, the default is 150
     
452. 根据配置的subnet来配置这个值，这个就是dhcp分配的ip池
     
453. dhcp-lease-max=150
     
454. 
     
455. The DHCP server needs somewhere on disk to keep its lease database.
     
456. This defaults to a sane location, but if you want to change it, use
     
457. the line below.
     
458. 查看dhcp的log
     
459. dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
     
460. 
     
461. Set the DHCP server to authoritative mode. In this mode it will barge in
     
462. and take over the lease for any client which broadcasts on the network,
     
463. whether it has a record of the lease or not. This avoids long timeouts
     
464. when a machine wakes up on a new network. DO NOT enable this if there's
     
465. the slighest chance that you might end up accidentally configuring a DHCP
     
466. server for your campus/company accidentally. The ISC server uses
     
467. the same option, and this URL provides more information:
     
468. http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
     
469. dhcp-authoritative
     
470. 
     
471. Run an executable when a DHCP lease is created or destroyed.
     
472. The arguments sent to the script are "add" or "del",
     
473. then the MAC address, the IP address and finally the hostname
     
474. if there is one.
     
475. dhcp-script=/bin/echo
     
476. 
     
477. Set the cachesize here.
     
478. 配置dns缓存池的大小，默认150，嘛设置个1000也无所谓
     
479. cache-size=150
     
480. 
     
481. If you want to disable negative caching, uncomment this.
     
482. no-negcache
     
483. 
     
484. Normally responses which come form /etc/hosts and the DHCP lease
     
485. file have Time-To-Live set as zero, which conventionally means
     
486. do not cache further. If you are happy to trade lower load on the
     
487. server for potentially stale date, you can set a time-to-live (in
     
488. seconds) here.
     
489. local-ttl=
     
490. 
     
491. If you want dnsmasq to detect attempts by Verisign to send queries
     
492. to unregistered .com and .net hosts to its sitefinder service and
     
493. have dnsmasq instead return the correct NXDOMAIN response, uncomment
     
494. this line. You can add similar lines to do the same for other
     
495. registries which have implemented wildcard A records.
     
496. 防止dns污染，极端情况下，绑定nxdomain有助于帮助我们减少或者避免dns解析被污染。详情自行google查询。
     
497. bogus-nxdomain=64.94.110.11
     
498. 
     
499. If you want to fix up DNS results from upstream servers, use the
     
500. alias option. This only works for IPv4.
     
501. This alias makes a result of 1.2.3.4 appear as 5.6.7.8
     
502. alias=1.2.3.4,5.6.7.8
     
503. and this maps 1.2.3.x to 5.6.7.x
     
504. alias=1.2.3.0,5.6.7.0,255.255.255.0
     
505. and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
     
506. alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
     
507. 
     
508. Change these lines if you want dnsmasq to serve MX records.
     
509. 
     
510. Return an MX record named "maildomain.com" with target
     
511. servermachine.com and preference 50
     
512. mx-host=maildomain.com,servermachine.com,50
     
513. 
     
514. Set the default target for MX records created using the localmx option.
     
515. mx-target=servermachine.com
     
516. 
     
517. Return an MX record pointing to the mx-target for all local
     
518. machines.
     
519. localmx
     
520. 
     
521. Return an MX record pointing to itself for all local machines.
     
522. selfmx
     
523. 
     
524. Change the following lines if you want dnsmasq to serve SRV
     
525. records. These are useful if you want to serve ldap requests for
     
526. Active Directory and other windows-originated DNS requests.
     
527. See RFC 2782.
     
528. You may add multiple srv-host lines.
     
529. The fields are <name>,<target>,<port>,<priority>,<weight>
     
530. If the domain part if missing from the name (so that is just has the
     
531. service and protocol sections) then the domain given by the domain=
     
532. config option is used. (Note that expand-hosts does not need to be
     
533. set for this to work.)
     
534. 
     
535. A SRV record sending LDAP for the example.com domain to
     
536. ldapserver.example.com port 289
     
537. srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
     
538. 
     
539. A SRV record sending LDAP for the example.com domain to
     
540. ldapserver.example.com port 289 (using domain=)
     
541. domain=example.com
     
542. srv-host=_ldap._tcp,ldapserver.example.com,389
     
543. 
     
544. Two SRV records for LDAP, each with different priorities
     
545. srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
     
546. srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
     
547. 
     
548. A SRV record indicating that there is no LDAP server for the domain
     
549. example.com
     
550. srv-host=_ldap._tcp.example.com
     
551. 
     
552. The following line shows how to make dnsmasq serve an arbitrary PTR
     
553. record. This is useful for DNS-SD. (Note that the
     
554. domain-name expansion done for SRV records _does_not
     
555. occur for PTR records.)
     
556. ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
     
557. 
     
558. Change the following lines to enable dnsmasq to serve TXT records.
     
559. These are used for things like SPF and zeroconf. (Note that the
     
560. domain-name expansion done for SRV records _does_not
     
561. occur for TXT records.)
     
562. 
     
563. Example SPF.
     
564. txt-record=example.com,"v=spf1 a -all"
     
565. 
     
566. Example zeroconf
     
567. txt-record=_http._tcp.example.com,name=value,paper=A4
     
568. 
     
569. Provide an alias for a "local" DNS name. Note that this only works
     
570. for targets which are names from DHCP or /etc/hosts. Give host
     
571. "bert" another name, bertrand
     
572. cname=bertand,bert
     
573. 
     
574. For debugging purposes, log each DNS query as it passes through
     
575. dnsmasq.
     
576. 打开dns 的log
     
577. log-queries
     
578. 
     
579. Log lots of extra information about DHCP transactions.
     
580. 打开dhcp log
     
581. log-dhcp
     
582. 
     
583. Include a another lot of configuration options.
     
584. conf-file=/etc/dnsmasq.more.conf
     
585. conf-dir=/etc/dnsmasq.d
     
586. 
     
587. 
     

复制代码

声明本帖转自链接：http://www.jianshu.com/p/71ccc79aaa9e
作者：天堂未必在前方
來源：简书
著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。

占位编辑

前排支持下

我是个凑数的。。。

支持支持再支持

前排支持下

顶顶更健康

不错 支持一个了

为了三千积分！

众里寻他千百度，蓦然回首在这里！

顶顶更健康