man dnsmasq Command
Man page for apt-get dnsmasq Command
Man Page for dnsmasq in Linux
Ubuntu Man Command :
This tutorial shows the man page for man dnsmasq in linux.
Open terminal with 'su' access and type the command as shown below: man dnsmasq Result of the Command Execution shown below: DNSMASQ(8) DNSMASQ(8)
NAME dnsmasq A lightweight DHCP and caching DNS server. SYNOPSIS dnsmasq [OPTION]... DESCRIPTION dnsmasq is a lightweight DNS, TFTP and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. It loads the contents of /etc/hosts so that local hostnames which do not appear in the global DNS can be resolved and also answers DNS queries for DHCP configured hosts. The dnsmasq DHCP server supports static address assignments and multiple networks. It automatically sends a sensible default set of DHCP options, and can be configured to send any desired set of DHCP options, including vendor encapsulated options. It includes a secure, read only, TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP. Dnsmasq supports IPv6 for DNS, but not DHCP. OPTIONS Note that in general missing parameters are allowed and switch off functions, for instance " pid file" disables writing a PID file. On BSD, unless the GNU getopt library is linked, the long form of the options does not work on the command line; it is still recognised in the configuration file. test Read and syntax check configuration file(s). Exit with code 0 if all is OK, or a non zero code otherwise. Do not start up dnsmasq. h, no hosts Don't read the hostnames in /etc/hosts. H, addn hosts= Additional hosts file. Read the specified file as well as /etc/hosts. If h is given, read only the specified file. This option may be repeated for more than one additional hosts file. If a directory is given, then read all the files contained in that directory. E, expand hosts Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP derived names. Note that this does not apply to domain names in cnames, PTR records, TXT records etc. T, local ttl= When replying with information from /etc/hosts or the DHCP leases file dnsmasq by default sets the time to live field to zero, meaning that the requestor should not itself cache the information. This is the correct thing to do in almost all situations. This option allows a time to live (in seconds) to be given for these replies. This will reduce the load on the server at the expense of clients using stale data under some circumstances. neg ttl= Negative replies from upstream servers normally contain time to live information in SOA records which dnsmasq uses for caching. If the replies from upstream servers omit this information, dnsmasq does not cache the reply. This option gives a default value for time to live (in seconds) which dns masq uses to cache negative replies even in the absence of an SOA record. k, keep in foreground Do not go into the background at startup but otherwise run as normal. This is intended for use when dnsmasq is run under daemontools or launchd. d, no daemon Debug mode: don't fork to the background, don't write a pid file, don't change user id, generate a complete cache dump on receipt on SIGUSR1, log to stderr as well as syslog, don't fork new processes to handle TCP queries. q, log queries Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on receipt of SIGUSR1. 8, log facility= Set the facility to which dnsmasq will send syslog entries, this defaults to DAEMON, and to LOCAL0 when debug mode is in operation. If the facility given contains at least one '/' character, it is taken to be a filename, and dnsmasq logs to the given file, instead of syslog. (Errors whilst reading configuration will still go to syslog, but all output from a successful startup, and all output whilst running, will go exclusively to the file.) When logging to a file, dnsmasq will close and reopen the file when it receives SIGUSR2. This allows the log file to be rotated without stopping dnsmasq. log async[= ] Enable asynchronous logging and optionally set the limit on the number of lines which will be queued by dnsmasq when writing to the syslog is slow. Dnsmasq can log asynchronously: this allows it to continue functioning without being blocked by syslog, and allows syslog to use dnsmasq for DNS queries without risking deadlock. If the queue of log lines becomes full, dnsmasq will log the overflow, and the number of messages lost. The default queue length is 5, a sane value would be 5 25, and a maximum limit of 100 is imposed. x, pid file= Specify an alternate path for dnsmasq to record its process id in. Normally /var/run/dnsmasq.pid. u, user= Specify the userid to which dnsmasq will change after startup. Dnsmasq must normally be started as root, but it will drop root privileges after startup by changing id to another user. Normally this user is "nobody" but that can be over ridden with this switch. g, group= Specify the group which dnsmasq will run as. The defaults to "dip", if available, to facilitate access to /etc/ppp/resolv.conf which is not normally world readable. v, version Print the version number. p, port= Listen on instead of the standard DNS port (53). Setting this to zero completely disables DNS function, leaving only DHCP and/or TFTP. P, edns packet max= Specify the largest EDNS.0 UDP packet which is supported by the DNS forwarder. Defaults to 4096, which is the RFC5625 recommended size. Q, query port= Send outbound DNS queries from, and listen for their replies on, the specific UDP port instead of using random ports. NOTE that using this option will make dnsmasq less secure against DNS spoofing attacks but it may be faster and use less resources. Setting this option to zero makes dnsmasq use a single port allocated to it by the OS: this was the default behaviour in versions prior to 2.43. min port= Do not use ports less than that given as source for outbound DNS queries. Dnsmasq picks random ports as source for outbound queries: when this option is given, the ports used will always to larger than that specified. Useful for systems behind firewalls. i, interface= Listen only on the specified interface(s). Dnsmasq automatically adds the loopback (local) interface to the list of interfaces to use when the interface option is used. If no interface or listen address options are given dnsmasq listens on all available interfaces except any given in except interface options. IP alias interfaces (eg "eth1:0") cannot be used with interface or except interface options, use listen address instead. I, except interface= Do not listen on the specified interface. Note that the order of listen address interface and except interface options does not matter and that except interface options always override the others. 2, no dhcp interface= Do not provide DHCP or TFTP on the specified interface, but do provide DNS service. a, listen address= Listen on the given IP address(es). Both interface and listen address options may be given, in which case the set of both interfaces and addresses is used. Note that if no interface option is given, but listen address is, dnsmasq will not automatically listen on the loopback interface. To achieve this, its IP address, 127.0.0.1, must be explicitly given as a listen address option. z, bind interfaces On systems which support it, dnsmasq binds the wildcard address, even when it is listening on only some interfaces. It then discards requests that it shouldn't reply to. This has the advantage of working even when interfaces come and go and change address. This option forces dnsmasq to really bind only the interfaces it is listening on. About the only time when this is useful is when running another nameserver (or another instance of dnsmasq) on the same machine. Setting this option also enables multiple instances of dnsmasq which provide DHCP service to run in the same machine. y, localise queries Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was received. If a name in /etc/hosts has more than one address associated with it, and at least one of those addresses is on the same subnet as the interface to which the query was sent, then return only the address(es) on that subnet. This allows for a server to have multiple addresses in /etc/hosts corresponding to each of its interfaces, and hosts will get the correct address based on which network they are attached to. Currently this facility is limited to IPv4. b, bogus priv Bogus private reverse lookups. All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered with "no such domain" rather than being forwarded upstream. V, alias=[ ]|[ ], [, ] Modify IPv4 addresses returned from upstream nameservers; old ip is replaced by new ip. If the optional mask is given then any address which matches the masked old ip will be re written. So, for instance alias=22.214.171.124,126.96.36.199,255.255.255.0 will map 188.8.131.52 to 184.108.40.206 and 220.127.116.11 to 18.104.22.168. This is what Cisco PIX routers call "DNS doctoring". If the old IP is given as range, then only addresses in the range, rather than a whole subnet, are re written. So alias=192.168.0.10 192.168.0.40,10.0.0.0,255.255.255.0 maps 192.168.0.10 >192.168.0.40 to 10.0.0.10 >10.0.0.40 B, bogus nxdomain= Transform replies which contain the IP address given into "No such domain" replies. This is intended to counteract a devious move made by Verisign in September 2003 when they started returning the address of an advertising web page in response to queries for unregistered names, instead of the cor rect NXDOMAIN response. This option tells dnsmasq to fake the correct response when it sees this behaviour. As at Sept 2003 the IP address being returned by Verisign is 22.214.171.124 f, filterwin2k Later versions of windows make periodic DNS requests which don't get sensible answers from the public DNS and can cause problems by triggering dial on demand links. This flag turns on an option to filter such requests. The requests blocked are for records of types SOA and SRV, and type ANY where the requested name has underscores, to catch LDAP requests. r, resolv file= Read the IP addresses of the upstream nameservers from , instead of /etc/resolv.conf. For the format of this file see resolv.conf(5) the only lines relevant to dnsmasq are nameserver ones. Dnsmasq can be told to poll more than one resolv.conf file, the first file name specified overrides the default, subsequent ones add to the list. This is only allowed when polling; the file with the currently latest modification time is the one used. R, no resolv Don't read /etc/resolv.conf. Get upstream servers only from the command line or the dnsmasq configuration file. 1, enable dbus Allow dnsmasq configuration to be updated via DBus method calls. The configuration which can be changed is upstream DNS servers (and corresponding domains) and cache clear. Requires that dnsmasq has been built with DBus support. o, strict order By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf all servers By default, when dnsmasq has more than one upstream server available, it will send queries to just one server. Setting this flag forces dnsmasq to send all queries to all available servers. The reply from the server which answers first will be returned to the original requestor. stop dns rebind Reject (and log) addresses from upstream nameservers which are in the private IP ranges. This blocks an attack where a browser behind a firewall is used to probe machines on the local network. n, no poll Don't poll /etc/resolv.conf for changes. clear on reload Whenever /etc/resolv.conf is re read, clear the DNS cache. This is useful when new nameservers may have different data than that held in cache. D, domain needed Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned. S, local, server=[/[ ]/[domain/]][ [