Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 1 | Notes on configuring dnsmasq as packaged for Debian. |
| 2 | |
| 3 | (1) To configure dnsmasq edit /etc/dnsmasq.conf. The file is well |
| 4 | commented; see also the dnsmasq.8 man page for explanation of |
| 5 | the options. The file /etc/default/dnsmasq also exists but it |
| 6 | shouldn't need to be touched in most cases. To set up DHCP |
Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame^] | 7 | options you might need to refer to a copy of RFC 2132. This is |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 8 | available on Debian systems in the package doc-rfc-std as the file |
| 9 | /usr/share/doc/RFC/draft-standard/rfc2132.txt.gz . |
| 10 | |
| 11 | (2) Installing the dnsmasq package also creates the directory |
| 12 | /etc/dnsmasq.d which is searched by dnsmasq for configuration file |
Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame^] | 13 | fragments. This behaviour can be disabled by editing |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 14 | /etc/default/dnsmasq. |
| 15 | |
| 16 | (3) If the Debian resolvconf package is installed then, regardless |
| 17 | of what interface configuration daemons are employed, the list of |
| 18 | nameservers to which dnsmasq should forward queries can be found |
| 19 | in /var/run/dnsmasq/resolv.conf; also, 127.0.0.1 is listed as the |
| 20 | first nameserver address in /etc/resolv.conf. This works using the |
| 21 | default configurations of resolvconf and dnsmasq. |
| 22 | |
| 23 | (4) In the absence of resolvconf, if you are using dhcpcd then |
| 24 | dnsmasq should read the list of nameservers from the automatically |
| 25 | generated file /etc/dhcpc/resolv.conf. You should list 127.0.0.1 |
| 26 | as the first nameserver address in /etc/resolv.conf. |
| 27 | |
| 28 | (5) In the absence of resolvconf, if you are using pppd then |
| 29 | dnsmasq should read the list of nameservers from the automatically |
| 30 | generated file /etc/ppp/resolv.conf. You should list 127.0.0.1 |
| 31 | as the first nameserver address in /etc/resolv.conf. |
| 32 | |
Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame^] | 33 | (6) In the absence of resolvconf, dns-nameservers lines in |
Simon Kelley | 461b7b4 | 2017-04-11 18:06:13 +0100 | [diff] [blame] | 34 | /etc/network/interfaces are ignored. If you do not use |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 35 | resolvconf, list 127.0.0.1 as the first nameserver address |
| 36 | in /etc/resolv.conf and configure your nameservers using |
| 37 | "server=<IP-address>" lines in /etc/dnsmasq.conf. |
| 38 | |
| 39 | (7) If you run multiple DNS servers on a single machine, each |
Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame^] | 40 | listening on a different interface, then it is necessary to use |
| 41 | the bind-interfaces option by uncommenting "bind-interfaces" in |
| 42 | /etc/dnsmasq.conf. This option stops dnsmasq from binding the |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 43 | wildcard address and allows servers listening on port 53 on |
Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame^] | 44 | interfaces not in use by dnsmasq to work. The Debian |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 45 | libvirt package will add a configuration file in /etc/dnsmasq.d |
| 46 | which does this so that the "system" dnsmasq and "private" dnsmasq |
| 47 | instances started by libvirt do not clash. |
| 48 | |
| 49 | (8) The following options are supported in DEB_BUILD_OPTIONS |
| 50 | noopt : compile without optimisation. |
Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame^] | 51 | nostrip : don't remove symbols from binary. |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 52 | nodocs : omit documentation. |
| 53 | notftp : omit TFTP support. |
| 54 | nodhcp : omit DHCP support. |
Simon Kelley | 6ea6dcf | 2012-02-10 21:26:52 +0000 | [diff] [blame] | 55 | nodhcp6 : omit DHCPv6 support. |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 56 | noscript : omit lease-change script support. |
Andy Hawkins | 6f1cbfd | 2018-02-14 21:35:56 +0000 | [diff] [blame] | 57 | uselua : provide support for lease-change scripts written |
Simon Kelley | 6ea6dcf | 2012-02-10 21:26:52 +0000 | [diff] [blame] | 58 | in Lua. |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 59 | noipv6 : omit IPv6 support. |
| 60 | nodbus : omit DBus support. |
Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame^] | 61 | noconntrack : omit connection tracking support. |
Simon Kelley | 3b323bd | 2013-02-22 21:55:29 +0000 | [diff] [blame] | 62 | noipset : omit IPset support. |
Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame^] | 63 | nonftset : omit nftset support. |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 64 | nortc : compile alternate mode suitable for systems without an RTC. |
| 65 | noi18n : omit translations and internationalisation support. |
| 66 | noidn : omit international domain name support, must be |
| 67 | combined with noi18n to be effective. |
Simon Kelley | 02ed24d | 2013-09-09 18:06:45 +0100 | [diff] [blame] | 68 | gitversion : set the version of the produced packages from the |
| 69 | git-derived versioning information on the source, |
Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame^] | 70 | rather than the debian changelog. |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 71 | |
Simon Kelley | 6ea6dcf | 2012-02-10 21:26:52 +0000 | [diff] [blame] | 72 | (9) Dnsmasq comes as three packages - dnsmasq-utils, dnsmasq-base and |
| 73 | dnsmasq. Dnsmasq-base provides the dnsmasq executable and |
Simon Kelley | c72daea | 2012-01-05 21:33:27 +0000 | [diff] [blame] | 74 | documentation (including this file). Dnsmasq, which depends on |
| 75 | dnsmasq-base, provides the init script and configuration |
| 76 | infrastructure. This file assumes that both are installed. It is |
| 77 | possible to install only dnsmasq-base and use dnsmasq as a |
| 78 | non-"system" daemon. Libvirt, for instance, does this. |
Tarun Kundu | 12e3b2e | 2024-08-15 16:16:53 -0700 | [diff] [blame^] | 79 | Dnsmasq-utils provides the utilities dhcp_release and |
Simon Kelley | 6ea6dcf | 2012-02-10 21:26:52 +0000 | [diff] [blame] | 80 | dhcp_lease_time. |