Provided by: dnsmasq_2.25-1_i386 bug


       dnsmasq - A lightweight DHCP and caching DNS server.


       dnsmasq [OPTION]...


       dnsmasq is a lightweight DNS and DHCP server. It is intended to provide
       coupled DNS and DHCP service to a LAN.

       Dnsmasq accepts DNS queries and  either  answers  them  from  a  small,
       local,  cache  or  forwards  them  to a real, recursive, DNS server. It
       loads the contents of /etc/hosts so that local hostnames which  do  not
       appear  in  the global DNS can be resolved and also answers DNS queries
       for DHCP configured hosts.

       The dnsmasq DHCP server supports static address  assignments,  multiple
       networks,  DHCP-relay  and  RFC3011 subnet specifiers. It automatically
       sends a sensible default set of DHCP options, and can be configured  to
       send any desired set of DHCP options. It also supports BOOTP.

       Dnsmasq supports IPv6.


       Note  that  in  general  missing  parameters are allowed and switch off
       functions, for instance "--pid-file=" disables writing a PID  file.  On
       BSD,  unless  the  GNU  getopt  library is linked, the long form of the
       options does not work on the command line; it is  still  recognised  in
       the configuration file.

       -h, --no-hosts
              Don’t read the hostnames in /etc/hosts.

       -H, --addn-hosts=<file>
              Additional  hosts  file.  Read  the  specified  file  as well as
              /etc/hosts. If -h is given, read only the specified  file.  This
              option  may be repeated for more than one additional hosts file.

       -T, --local-ttl=<time>
              When replying with  information  from  /etc/hosts  or  the  DHCP
              leases  file  dnsmasq  by default sets the time-to-live field to
              zero, meaning that the requestor should  not  itself  cache  the
              information.  This  is  the  correct  thing  to do in almost all
              situations. This option allows a time-to-live (in seconds) to be
              given for these replies. This will reduce the load on the server
              at  the  expense  of  clients  using  stale  data   under   some

       -k, --keep-in-foreground
              Do  not  go  into the background at startup but otherwise run as
              normal. This is intended for  use  when  dnsmasq  is  run  under
              daemontools or launchd.

       -d, --no-daemon
              Debug  mode:  don’t  fork  to  the background, don’t write a pid
              file, don’t change user id, generate a complete  cache  dump  on
              receipt  on SIGUSR1, log to stderr as well as syslog, don’t fork
              new processes to handle TCP queries.

       -q, --log-queries
              Log the results of DNS queries handled by dnsmasq. Enable a full
              cache dump on receipt of SIGUSR1.

       -x, --pid-file=<path>
              Specify  an  alternate path for dnsmasq to record its process-id
              in. Normally /var/run/

       -u, --user=<username>
              Specify the userid to which dnsmasq will change  after  startup.
              Dnsmasq  must normally be started as root, but it will drop root
              privileges  after  startup  by  changing  id  to  another  user.
              Normally  this user is "nobody" but that can be over-ridden with
              this switch.

       -g, --group=<groupname>
              Specify the group which dnsmasq will run  as.  The  defaults  to
              "dip",     if     available,    to    facilitate    access    to
              /etc/ppp/resolv.conf which is not normally world readable.

       -v, --version
              Print the version number.

       -p, --port=<port>
              Listen on <port> instead of the standard DNS port  (53).  Useful
              mainly for debugging.

       -P, --edns-packet-max=<size>
              Specify  the largest EDNS.0 UDP packet which is supported by the
              DNS   forwarder.   Defaults    to    1280,    which    is    the
              RFC2671-recommended maximum for ethernet.

       -Q, --query-port=<query_port>
              Send outbound DNS queries from, and listen for their replies on,
              the specific UDP port <query_port> instead of using  one  chosen
              at  runtime.   Useful  to  simplify your firewall rules; without
              this, your firewall would have to allow connections from outside
              DNS servers to a range of UDP ports, or dynamically adapt to the
              port being used by the current dnsmasq instance.

       -i, --interface=<interface name>
              Listen only on the specified interface(s). Dnsmasq automatically
              adds the loopback (local) interface to the list of interfaces to
              use when the --interface option  is used. If no  --interface  or
              --listen-address  options  are  given  dnsmasq  listens  on  all
              available interfaces  except  any  given  in  --except-interface
              options.  If  IP  alias  interfaces  (eg "eth1:0") are used with
              --interface or  --except-interface  options,  then  the  --bind-
              interfaces  option  will  be automatically set. This is required
              for deeply boring sockets-API reasons.

       -I, --except-interface=<interface name>
              Do not listen on the specified interface. Note that the order of
              --listen-address --interface and --except-interface options does
              not matter and that --except-interface options  always  override
              the others.

       -2, --no-dhcp-interface=<interface name>
              Do  not  provide DHCP on the specified interface, but do provide
              DNS service.

       -a, --listen-address=<ipaddr>
              Listen  on  the  given  IP  address(es).  Both  --interface  and
              --listen-address  options may be given, in which case the set of
              both  interfaces  and  addresses  is  used.  Note  that  if   no
              --interface  option  is  given, but --listen-address is, dnsmasq
              will not automatically listen  on  the  loopback  interface.  To
              achieve  this,  its  IP  address,, must be explicitly
              given as a --listen-address option.

       -z, --bind-interfaces
              On systems which support it, dnsmasq binds the wildcard address,
              even  when  it  is  listening  on  only some interfaces. It then
              discards requests that it  shouldn’t  reply  to.  This  has  the
              advantage of working even when interfaces come and go and change
              address. This option forces dnsmasq  to  really  bind  only  the
              interfaces  it is listening on. About the only time when this is
              useful is when running another nameserver (or  another  instance
              of  dnsmasq)  on  the  same  machine  or  when  using  IP alias.
              Specifying interfaces with IP  alias  automatically  turns  this
              option  on.  Setting this option also enables multiple instances
              of dnsmasq which  provide  DHCP  service  to  run  in  the  same

       -y, --localise-queries
              Return  answers  to  DNS queries from /etc/hosts which depend on
              the interface over which the query was received. If  a  name  in
              /etc/hosts  has more than one address associated with it, and at
              least one of those addresses  is  on  the  same  subnet  as  the
              interface  to  which  the  query  was sent, then return only the
              address(es) on that subnet. This allows for a  server   to  have
              multiple  addresses  in  /etc/hosts corresponding to each of its
              interfaces, and hosts will get  the  correct  address  based  on
              which  network  they are attached to. Currently this facility is
              limited to IPv4.

       -b, --bogus-priv
              Bogus private reverse lookups. All reverse lookups  for  private
              IP   ranges  (ie  192.168.x.x,  etc)  which  are  not  found  in
              /etc/hosts or the DHCP leases file are answered  with  "no  such
              domain" rather than being forwarded upstream.

       -V, --alias=<old-ip>,<new-ip>[,<mask>]
              Modify IPv4 addresses returned from upstream nameservers; old-ip
              is replaced by new-ip. If the optional mask is  given  then  any
              address  which matches the masked old-ip will be re-written. So,
              for  instance  --alias=,,  will   map
      to  and  to This is what
              Cisco PIX routers call "DNS doctoring".

       -B, --bogus-nxdomain=<ipaddr>
              Transform replies which contain the IP address  given  into  "No
              such  domain"  replies. This is intended to counteract a devious
              move made by  Verisign  in  September  2003  when  they  started
              returning  the address of an advertising web page in response to
              queries for unregistered names, instead of the correct  NXDOMAIN
              response. This option tells dnsmasq to fake the correct response
              when it sees this behaviour. As at  Sept  2003  the  IP  address
              being returned by Verisign is

       -f, --filterwin2k
              Later versions of windows make periodic DNS requests which don’t
              get sensible answers from the public DNS and can cause  problems
              by triggering dial-on-demand links. This flag turns on an option
              to filter such requests. The requests blocked are for records of
              types  SOA  and  SRV,  and type ANY where the requested name has
              underscores, to catch LDAP requests.

       -r, --resolv-file=<file>
              Read the IP addresses of the upstream nameservers  from  <file>,
              instead  of  /etc/resolv.conf.  For  the format of this file see
              resolv.conf(5) the only lines relevant to dnsmasq are nameserver
              ones.  Dnsmasq  can  be  told  to poll more than one resolv.conf
              file, the first file  name   specified  overrides  the  default,
              subsequent  ones  add  to  the  list.  This is only allowed when
              polling; the file with the currently latest modification time is
              the one used.

       -R, --no-resolv
              Don’t  read /etc/resolv.conf. Get upstream servers only from the
              command line or the dnsmasq configuration file.

       -1, --enable-dbus
              Allow dnsmasq configuration to be updated via DBus method calls.
              The  configuration  which can be changed is upstream DNS servers
              (and corresponding  domains)  and  cache  clear.  Requires  that
              dnsmasq has been built with DBus support.

       -o, --strict-order
              By  default,  dnsmasq  will  send queries to any of the upstream
              servers it knows about and tries to favour servers to are  known
              to  be  up.  Setting  this flag forces dnsmasq to try each query
              with  each  server  strictly  in  the  order  they   appear   in

       -n, --no-poll
              Don’t poll /etc/resolv.conf for changes.

       -D, --domain-needed
              Tells  dnsmasq to never forward queries for plain names, without
              dots or domain parts, to upstream nameservers. If  the  name  is
              not  known  from /etc/hosts or DHCP then a "not found" answer is

              Specify IP address of upstream  severs  directly.  Setting  this
              flag does not suppress reading of /etc/resolv.conf, use -R to do
              that. If one or more optional domains are given, that server  is
              used  only for those domains and they are queried only using the
              specified server. This is intended for private  nameservers:  if
              you  have a nameserver on your network which deals with names of
              the  form  at  then
              giving  the flag -S / will
              send all queries  for  internal  machines  to  that  nameserver,
              everything  else  will go to the servers in /etc/resolv.conf. An
              empty domain  specification,  //  has  the  special  meaning  of
              "unqualified  names  only"  ie names without any dots in them. A
              non-standard port may be specified as part  of  the  IP  address
              using  a  #  character.   More than one -S flag is allowed, with
              repeated domain or ipaddr parts as required.

              Also permitted is a -S flag which  gives  a  domain  but  no  IP
              address;  this  tells  dnsmasq that a domain is local and it may
              answer queries from /etc/hosts or DHCP but should never  forward
              queries  on  that  domain  to  any upstream servers.  local is a
              synonym for server to make configuration files clearer  in  this

              The  optional  second  IP  address  after  the @ character tells
              dnsmasq how to set the source address of  the  queries  to  this
              nameserver.  It should be an address belonging to the machine on
              which dnsmasq is running otherwise  this  server  line  will  be
              logged  and then ignored. The query-port flag is ignored for any
              servers which have a source address specified but the  port  may
              be specified directly as part of the source address.

       -A, --address=/<domain>/[domain/]<ipaddr>
              Specify  an  IP  address  to  return  for  any host in the given
              domains.  Queries in the domains are never forwarded and  always
              replied  to  with  the specified IP address which may be IPv4 or
              IPv6. To give both IPv4 and IPv6 addresses  for  a  domain,  use
              repeated  -A  flags.   Note  that  /etc/hosts  and  DHCP  leases
              override this for individual names. A common use of this  is  to
              redirect  the  entire  domain  to some friendly
              local web server to avoid banner ads. The  domain  specification
              works  in  the  same  was  as  for --server, with the additional
              facility that /#/ matches any domain. Thus  --address=/#/
              will  always  return  for  any  query not answered from
              /etc/hosts or DHCP and not sent to an upstream nameserver  by  a
              more specific --server directive.

       -m, --mx-host=<mx name>[[,<hostname>],<preference>]
              Return  an  MX  record  named  <mx  name>  pointing to the given
              hostname (if given), or the host specified  in  the  --mx-target
              switch  or,  if  that  switch  is  not  given, the host on which
              dnsmasq is running. The default is  useful  for  directing  mail
              from  systems on a LAN to a central server. The preference value
              is optional, and defaults to 1 if not given. More  than  one  MX
              record may be given for a host.

       -t, --mx-target=<hostname>
              Specify  the  default  target  for  the  MX  record  returned by
              dnsmasq. See --mx-host.  If --mx-target is given, but not  --mx-
              host,  then dnsmasq returns a MX record containing the MX target
              for MX queries on the hostname of the machine on  which  dnsmasq
              is running.

       -e, --selfmx
              Return  an  MX record pointing to itself for each local machine.
              Local machines are those in /etc/hosts or with DHCP leases.

       -L, --localmx
              Return an MX record pointing to the host given by mx-target  (or
              the machine on which dnsmasq is running) for each local machine.
              Local machines are those in /etc/hosts or with DHCP leases.

       -W,                                                              --srv-
              Return a SRV  DNS  record.  See  RFC2782  for  details.  If  not
              supplied,  the  domain  defaults to that given by --domain.  The
              default for the target domain is empty, and the default for port
              is  one  and  the  defaults for weight and priority are zero. Be
              careful if transposing data from  BIND  zone  files:  the  port,
              weight  and priority numbers are in a different order. More than
              one SRV record for a given service/domain is allowed,  all  that
              match are returned.

       -Y, --txt-record=<name>[[,<text>],<text>]
              Return  a  TXT  DNS  record. The value of TXT record is a set of
              strings, so  any number may be included, split by commas.

       -c, --cache-size=<cachesize>
              Set the size of dnsmasq’s  cache.  The  default  is  150  names.
              Setting the cache size to zero disables caching.

       -N, --no-negcache
              Disable  negative  caching.  Negative  caching allows dnsmasq to
              remember "no such domain" answers from upstream nameservers  and
              answer  identical  queries  without  forwarding them again. This
              flag disables negative caching.

       -F,                  --dhcp-range=[[net:]network-id,]<start-addr>,<end-
       addr>[[,<netmask>],<broadcast>][,<default lease time>]
              Enable the DHCP server. Addresses will be  given  out  from  the
              range  <start-addr>  to  <end-addr>  and from statically defined
              addresses given in dhcp-host  options.  If  the  lease  time  is
              given,  then  leases  will be given for that length of time. The
              lease time is in seconds, or minutes (eg 45m) or hours  (eg  1h)
              or  the  literal  "infinite".  This option may be repeated, with
              different addresses, to enable DHCP service  to  more  than  one
              network.  For directly connected networks (ie, networks on which
              the machine running dnsmasq has an  interface)  the  netmask  is
              optional.  It  is,  however, required for networks which receive
              DHCP service via a relay agent. The broadcast address is  always
              optional. On some broken systems, dnsmasq can listen on only one
              interface when using DHCP, and the name of that  interface  must
              be  given  using the interface option. This limitation currently
              affects OpenBSD. It is always allowed  to  have  more  than  one
              dhcp-range  in  a  single  subnet.  The optional network-id is a
              alphanumeric label which marks this network so that dhcp options
              may  be  specified  on a per-network basis.  When it is prefixed
              with ’net:’ then its meaning  changes  from  setting  a  tag  to
              matching  it.   The  end  address may be replaced by the keyword
              static which tells  dnsmasq  to  enable  DHCP  for  the  network
              specified,  but  not  to dynamically allocate IP addresses. Only
              hosts which have static addresses given via  dhcp-host  or  from
              /etc/ethers will be served.

       -G,                                                             --dhcp-
              Specify  per  host parameters for the DHCP server. This allows a
              machine  with  a  particular  hardware  address  to  be   always
              allocated  the  same  hostname,  IP  address  and  lease time. A
              hostname specified like this overrides any supplied by the  DHCP
              client  on  the  machine.  It  is  also  allowable  to ommit the
              hardware address and include the hostname, in which case the  IP
              address  and lease times will apply to any machine claiming that
              name.  For  example   --dhcp-host=00:20:e0:3b:13:af,wap,infinite
              tells   dnsmasq  to  give  the  machine  with  ethernet  address
              00:20:e0:3b:13:af the name wap,  and  an  infinite  DHCP  lease.
              --dhcp-host=lap,  tells  dnsmasq to always allocate
              the  machine  lap  the  IP  address   Addresses
              allocated like this are not constrained to be in the range given
              by the --dhcp-range option, but they  must  be  on  the  network
              being  served  by  the  DHCP server. It is allowed to use client
              identifiers rather than hardware addresses to identify hosts  by
              prefixing  with  ’id:’.  Thus:  --dhcp-host=id:01:02:03:04,.....
              refers to the host with client  identifier  01:02:03:04.  It  is
              also  allowed  to  specify  the  client  ID  as text, like this:
              --dhcp-host=id:clientidastext,.....   The  special  option  id:*
              means "ignore any client-id and use MAC addresses only." This is
              useful when a client presents  a  client-id  sometimes  but  not
              others.  If a name appears in /etc/hosts, the associated address
              can be allocated to a DHCP lease,  but  only  if  a  --dhcp-host
              option  specifying  the  name  also  exists. The special keyword
              "ignore" tells dnsmasq to never offer a DHCP lease to a machine.
              The  machine  can be specified by hardware address, client ID or
              hostname, for instance --dhcp-host=00:20:e0:3b:13:af,ignore This
              is useful when there is another DHCP server on the network which
              should be used by some machines. The net:<network-id>  sets  the
              network-id  tag  whenever  this  dhcp-host  directive is in use.
              This can be used to selectively send DHCP options just for  this
              host.  Ethernet addresses (but not client-ids) may have wildcard
              bytes, so for example  --dhcp-host=00:20:e0:3b:13:*,ignore  will
              cause dnsmasq to ignore a range of ethernet addresses. Note that
              the "*" will need to be escaped or quoted on a command line, but
              not in the configuration file.

       -Z, --read-ethers
              Read  /etc/ethers  for  information  about  hosts  for  the DHCP
              server.  The  format  of  /etc/ethers  is  a  hardware  address,
              followed  by  either  a hostname or dotted-quad IP address. When
              read by dnsmasq these lines have  exactly  the  same  effect  as
              --dhcp-host options containing the same information.

       -O,        --dhcp-option=[<network-id>,[<network-id>,]][vendor:<vendor-
              Specify  different or extra options to DHCP clients. By default,
              dnsmasq sends some standard options to DHCP clients, the netmask
              and  broadcast  address  are set to the same as the host running
              dnsmasq, and the DNS server and default route  are  set  to  the
              address  of  the  machine  running  dnsmasq.  If the domain name
              option has been set, that is sent.   This  option  allows  these
              defaults to be overridden, or other options specified. The <opt>
              is the number of  the  option,  as  specified  in  RFC2132.  For
              example,  to  set  the  default  route option to, do
              --dhcp-option=3, and to set the  time-server  address
              to,  do  --dhcp-option=42,  The  special
              address is taken to mean "the  address  of  the  machine
              running dnsmasq". Data types allowed are comma separated dotted-
              quad IP addresses, a decimal number, colon-separated hex  digits
              and  a  text  string. If the optional network-ids are given then
              this option is only sent when all the network-ids are matched.

              Be careful: no checking is done that the correct  type  of  data
              for  the option number is sent, it is quite possible to persuade
              dnsmasq to generate illegal DHCP packets with injudicious use of
              this  flag.  When  the  value  is a decimal number, dnsmasq must
              determine how large the data item is. It does this by  examining
              the  option  number  and/or  the value, but can be overridden by
              appending a single letter flag as follows: b = one byte, s = two
              bytes,  i  = four bytes. This is mainly useful with encapsulated
              vendor class options (see below) where dnsmasq cannot  determine
              data  size  from  the  option number. Option data which consists
              solely of periods and digits will be interpreted by  dnsmasq  as
              an  IP  address, and inserted into an option as such. To force a
              literal string, use quotes. For instance when using option 66 to
              send  a  literal IP address as TFTP server name, it is necessary
              to do --dhcp-option=66,""

              Encapsulated Vendor-class options may also  be  specified  using
              --dhcp-option:           for           instance          --dhcp-
              option=vendor:PXEClient,1,   sends   the   vendor   class
              "PXEClient"  and  the  encapsulated vendor class-specific option
              "mftp-address=" Only one vendor class is allowed for  any
              host,  but  multiple options are allowed, provided they all have
              the same vendor  class.  The  address  is  not  treated
              specially in encapsulated vendor class options.

       -U, --dhcp-vendorclass=<network-id>,<vendor-class>
              Map  from  a  vendor-class  string  to  a  network id. Most DHCP
              clients provide a  "vendor  class"  which  represents,  in  some
              sense,  the  type  of  host.  This option maps vendor classes to
              network ids, so that DHCP options may be  selectively  delivered
              to    different    classes   of   hosts.   For   example   dhcp-
              vendorclass=printers,Hewlett-Packard   JetDirect   will    allow
              options  to  be  set  only  for  HP  printers  like  so: --dhcp-
              option=printers,3,   The   vendor-class   string   is
              substring  matched  against  the  vendor-class  supplied  by the
              client, to allow fuzzy matching.

       -j, --dhcp-userclass=<network-id>,<user-class>
              Map from a user-class string to a  network  id  (with  substring
              matching,  like  vendor  classes).  Most  DHCP clients provide a
              "user class"  which  is  configurable.  This  option  maps  user
              classes  to network ids, so that DHCP options may be selectively
              delivered to different classes of hosts.  It  is  possible,  for
              instance to use this to set a different printer server for hosts
              in  the  class  "accounts"  than  for   hosts   in   the   class

        -J, --dhcp-ignore=<network-id>[,<network-id>]
              When  all  the  given  network-ids  match the set of network-ids
              derived from the net, host, vendor and user classes, ignore  the
              host and do not allocate it a DHCP lease.

       -M,    --dhcp-boot=[net:<network-id>,]<filename>,[<servername>[,<server
              Set  BOOTP  options to be returned by the DHCP server. These are
              needed for machines which network boot,  and  tell  the  machine
              where  to  collect  its  initial  configuration. If the optional
              network-id(s) are given, they must match for this  configuration
              to  be  sent.  Note  that  network-ids are prefixed by "net:" to
              distinguish them.

       -X, --dhcp-lease-max=<number>
              Limits dnsmasq to the specified maximum number of  DHCP  leases.
              The  default  is  150. This limit is to prevent DoS attacks from
              hosts which create thousands of leases and use lots of memory in
              the dnsmasq process.

       -K, --dhcp-authoritative
              Should be set when dnsmasq is definately the only DHCP server on
              a network.  It changes the behaviour from strict RFC  compliance
              so  that  DHCP requests on unknown leases from unknown hosts are
              not ignored. This allows new hosts to  get  a  lease  without  a
              tedious timeout under all circumstances.

       -3, --bootp-dynamic
              Enable  dynamic allocation of IP addresses to BOOTP clients. Use
              this with care, since each address allocated to a  BOOTP  client
              is leased forever, and therefore becomes permanently unavailable
              for re-use by other hosts.

       -l, --dhcp-leasefile=<path>
              Use the specified file to store DHCP lease information. If  this
              option  is  given but no dhcp-range option is given then dnsmasq
              version 1 behaviour is activated. The file given is  assumed  to
              be  an ISC dhcpd lease file and parsed for leases which are then
              added  to  the  DNS  system  if  they  have  a  hostname.   This
              functionality  may  have  been  excluded from dnsmasq at compile
              time, in which case an error will occur.

       -s, --domain=<domain>
              Specifies the domain for the DHCP server. This has two  effects;
              firstly  it  causes  the DHCP server to return the domain to any
              hosts which request it, and secondly it sets the domain which it
              is legal for DHCP-configured hosts to claim. The intention is to
              constrain hostnames so that an untrusted host on the LAN  cannot
              advertise it’s name via dhcp as e.g. "" and capture
              traffic not meant for it. If no domain suffix is specified, then
              any  DHCP hostname with a domain part (ie with a period) will be
              disallowed and logged. If suffix is  specified,  then  hostnames
              with a domain part are allowed, provided the domain part matches
              the suffix. In addition, when a suffix  is  set  then  hostnames
              without  a  domain  part  have  the  suffix added as an optional
              domain    part.    Eg    on    my    network    I    can     set
       and   have  a  machine  whose  DHCP
              hostname is  "laptop".  The  IP  address  for  that  machine  is
              available     from     dnsmasq     both    as    "laptop"    and
              "". If the domain is given as  "#"  then
              the  domain  is  read  from  the  first  "search"  directive  in
              /etc/resolv.conf (or equivalent).

       -E, --expand-hosts
              Add the domain to simple names (without a period) in  /etc/hosts
              in the same way as for DHCP-derived names.

       -C, --conf-file=<file>
              Specify  a different configuration file. The conf-file option is
              also  allowed  in  configuration  files,  to  include   multiple
              configuration files. Only one level of nesting is allowed.


       At startup, dnsmasq reads /etc/dnsmasq.conf, if it exists. (On FreeBSD,
       the file is /usr/local/etc/dnsmasq.conf ) (but see the -C option.)  The
       format  of  this  file  consists of one option per line, exactly as the
       long options detailed in the OPTIONS section but  without  the  leading
       "--". Lines starting with # are comments and ignored. For options which
       may only be  specified  once,  the  configuration  file  overrides  the
       command  line.   Quoting  is allowed in a config file: between " quotes
       the special meanings of ,:. and # are removed and the following escapes
       are  allowed: \\ \" \t \a \b \r and \n. The later corresponding to tab,
       bell, backspace, return and newline.


       When it receives a SIGHUP, dnsmasq clears its cache and  then  re-loads
       /etc/hosts.  If --no-poll is set SIGHUP also re-reads /etc/resolv.conf.
       SIGHUP does NOT re-read the configuration file.

       When it receives a SIGUSR1, dnsmasq  writes  cache  statistics  to  the
       system  log.  It  writes the cache size, the number of names which have
       had to removed from the cache before they expired in order to make room
       for  new  names  and  the total number of names that have been inserted
       into the cache. In --no-daemon mode or when  full  logging  is  enabled
       (-q), a complete dump of the contents of the cache is made.

       Dnsmasq  is  a  DNS  query  forwarder: it it not capable of recursively
       answering arbitrary queries starting from the root servers but forwards
       such  queries  to  a  fully  recursive  upstream  DNS  server  which is
       typically   provided   by   an   ISP.   By   default,   dnsmasq   reads
       /etc/resolv.conf   to   discover  the  IP  addresses  of  the  upstream
       nameservers it should use, since the information  is  typically  stored
       there.  Unless  --no-poll is used, dnsmasq checks the modification time
       of /etc/resolv.conf (or equivalent if --resolv-file is  used)  and  re-
       reads  it  if  it  changes.  This  allows  the  DNS  servers  to be set
       dynamically  by  PPP  or  DHCP  since  both   protocols   provide   the
       information.   Absence of /etc/resolv.conf is not an error since it may
       not have been created before a PPP connection  exists.  Dnsmasq  simply
       keeps checking in case /etc/resolv.conf is created at any time. Dnsmasq
       can be told to parse more than one resolv.conf file. This is useful  on
       a  laptop,  where  both PPP and DHCP may be used: dnsmasq can be set to
       poll both /etc/ppp/resolv.conf and /etc/dhcpc/resolv.conf and will  use
       the  contents  of  whichever  changed  last, giving automatic switching
       between DNS servers.

       Upstream servers may also be specified on the command line  or  in  the
       configuration  file.  These  server  specifications  optionally  take a
       domain name which tells dnsmasq to use that server only to  find  names
       in that particular domain.

       In  order to configure dnsmasq to act as cache for the host on which it
       is running, put "nameserver"  in  /etc/resolv.conf  to  force
       local  processes  to  send  queries to dnsmasq. Then either specify the
       upstream servers directly to dnsmasq  using  --server  options  or  put
       their  addresses  real in another file, say /etc/resolv.dnsmasq and run
       dnsmasq with the -r /etc/resolv.dnsmasq option. This  second  technique
       allows for dynamic update of the server addresses by PPP or DHCP.

       Addresses  in /etc/hosts will "shadow" different addresses for the same
       names in the upstream DNS, so  ""  in  /etc/hosts
       will ensure that queries for "" always return even
       if queries in the upstream  DNS  would  otherwise  return  a  different
       address. There is one exception to this: if the upstream DNS contains a
       CNAME which points to a  shadowed  name,  then  looking  up  the  CNAME
       through  dnsmasq  will result in the unshadowed address associated with
       the target of the  CNAME.  To  work  around  this,  add  the  CNAME  to
       /etc/hosts so that the CNAME is shadowed too.

       The  network-id system works as follows: For each DHCP request, dnsmasq
       collects a set of valid network-id tags, one from the  dhcp-range  used
       to  allocate  the address, one from any matching dhcp-host and possibly
       many from matching vendor classes and user classes  sent  by  the  DHCP
       client.  Any  dhcp-option  which  has  network-id  tags will be used in
       preference  to an untagged dhcp-option, provided that  _all_  the  tags
       match somewhere in the set collected as described above. The prefix ’#’
       on a tag  means  ’not’  so  --dhcp=option=#purple,3,  sends  the
       option  when the network-id tag purple is not in the set of valid tags.

       If the network-id in a dhcp-range is  prefixed  with  ’net:’  then  its
       meaning  changes  from  setting  a tag to matching it. Thus if there is
       more than dhcp-range on a subnet, and one is tagged with  a  network-id
       which  is set (for instance from a vendorclass option) then hosts which
       set the netid tag will be allocated addresses in the tagged range.

       The DHCP server in dnsmasq  will  function  as  a  BOOTP  server  also,
       provided  that  the  MAC  address and IP address for clients are given,
       either using dhcp-host configurations or in /etc/ethers , and  a  dhcp-
       range  configuration option is present to activate the DHCP server on a
       particular network.  (Setting  --bootp-dynamic  removes  the  need  for
       static  address mappings.) The filename parameter in a BOOTP request is
       matched against netids in  dhcp-option  configurations,  allowing  some
       control over the options returned to different classes of hosts.











       hosts(5), resolver(5)


       This manual page was written by Simon Kelley <>.