This is an old revision of the document!

---

====== /etc/config/dhcp ====== DHCP and DNS settings ===== Sections ===== ^ Type ^ Description ^ | [[config_dhcp#dnsmasq|dnsmasq]] | global dnsmasq and dhcp options | | [[config_dhcp#dhcp|dhcp]] | per interface dhcp options | | [[config_dhcp#host|host]] | static leases | ==== dnsmasq ==== == Options == ^ Name ^ Type ^ Default ^ Option ^ Description ^ | ''add_local_domain'' | boolean | ''1'' | | Add the local domain as search directive in resolv.conf. | | ''add_local_hostname'' | boolean | ''1'' | | Add A and PTR records automatically for the local hostname. | | ''addnhosts'' | list of file paths | //(none)// | ''-H'' | Additional host files to read for serving DNS responses | | ''authoritative'' | boolean | ''0'' | ''-K'' | Force //dnsmasq// into authoritative mode. This speeds up DHCP leasing. Used if this is the only server on the network | | ''bogusnxdomain'' | list of IP addresses | //(none)// | ''-B'' | IP addresses to convert into NXDOMAIN responses (to counteract "helpful" upstream DNS servers that never return NXDOMAIN). | | ''boguspriv'' | boolean | ''0'' | ''-b'' | Reject reverse lookups to private IP ranges where no corresponding entry exists in ''/etc/hosts'' | | ''cachelocal'' | boolean | ''1'' | | When set to ''0'', use each network interface's ''dns'' address in the local ''/etc/resolv.conf''. Normally, only the loopback address is used, and all queries go through //dnsmasq//. | | ''cachesize'' | integer | ''150'' | ''-c'' | Size of //dnsmasq// query cache. | | ''dbus'' | boolean | ''0'' | ''-1'' | Enable DBus messaging for //dnsmasq//.\\ :!: Standard builds of //dnsmasq// on OpenWRT do not include DBus support. | | ''dhcp_boot'' | string | //(none)// |<code>--dhcp-boot</code>| Specifies BOOTP options, in most cases just the file name | | ''dhcphostsfile'' | file path | //(none)// | <code>--dhcp-hostsfile</code> | Specify an external file with per host DHCP options | | ''dhcpleasemax'' | integer | ''150'' | ''-X'' | Maximum number of DHCP leases | | ''dnsforwardmax'' | integer | ''150'' | ''-0'' (zero) | Maximum number of concurrent connections | | ''domain'' | domain name | //(none)// | ''-s'' | DNS domain handed out to DHCP clients | | ''domainneeded'' | boolean | ''0'' | ''-D'' | Tells //dnsmasq// never to forward queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned | | ''dnssec'' | boolean | ''0'' | <code>--dnssec</code> | Validate DNS replies and cache DNSSEC data.\\ :!: Requires the //dnsmasq-full// package. | | ''dnsseccheckunsigned'' | boolean | ''0'' | <code>--dnssec-check-unsigned</code> | Check the zones of unsigned replies to ensure that unsigned replies are allowed in those zones. This protects against an attacker forging unsigned replies for signed DNS zones, but is slower and requires that the nameservers upstream of //dnsmasq// are DNSSEC-capable.\\ :!: Requires the //dnsmasq-full// package. | | ''ednspacket_max'' | integer | ''1280'' | ''-P'' | Specify the largest EDNS.0 UDP packet which is supported by the DNS forwarder | | ''enable_tftp'' | boolean | ''0'' | <code>--enable-tftp</code> | Enable the builtin TFTP server | | ''expandhosts'' | boolean | ''0'' | ''-E'' | Add the local domain part to names found in ''/etc/hosts'' | | ''filterwin2k'' | boolean | ''0'' | ''-f'' | Do not forward requests that cannot be answered by public name servers | | ''fqdn'' | boolean | ''0'' | <code>--dhcp-fqdn</code> | Do not resolve unqualifed local hostnames. Needs ''domain'' to be set. | | ''interface'' | list of interface names | //(all interfaces)// | ''-i'' | List of interfaces to listen on. If unspecified, //dnsmasq// will listen to all interfaces except those listed in ''notinterface''. Note that //dnsmasq// listens on loopback by default. | | ''leasefile'' | file path | //(none)// | ''-l'' (ell) | Store DHCP leases in this file | | ''local'' | string | //(none)// | ''-S'' | Look up DNS entries for this domain from ''/etc/hosts''. This follows the same syntax as ''server'' entries, see the man page. | | ''localise_queries'' | boolean | ''0'' | ''-y'' | Choose IP address to match the incoming interface if multiple addresses are assigned to a host name in ''/etc/hosts''. :!: Note well the spelling of this option. | | ''localservice'' | boolean | ''0'' | <code>--local-service</code> | Accept DNS queries only from hosts whose address is on a local subnet, ie a subnet for which an interface exists on the server. | | ''logqueries'' | boolean | ''0'' | ''-q'' | Log the results of DNS queries, dump cache on SIGUSR1 | | ''nodaemon'' | boolean | ''0'' | ''-d'' | Don't daemonize the //dnsmasq// process | | ''nohosts'' | boolean | ''0'' | ''-h'' | Don't read DNS names from ''/etc/hosts'' | | ''nonegcache'' | boolean | ''0'' | ''-N'' | Disable caching of negative "no such domain" responses | | ''noresolv'' | boolean | ''0'' | ''-R'' | Don't read upstream servers from ''/etc/resolv.conf'' | | ''notinterface'' | list of interface names | //(none)// | ''-I'' (eye) | Interfaces //dnsmasq// should not listen on. | | ''nonwildcard'' | boolean | ''0'' | ''-z'' | Bind only configured interface addresses, instead of the wildcard address. | | ''port'' | port number | ''53'' | ''-p'' | Listening port for DNS queries, disables DNS server functionality if set to ''0'' | | ''queryport'' | integer | //(none)// | ''-Q'' | Use a fixed port for outbound DNS queries | | ''readethers'' | boolean | ''0'' | ''-Z'' | Read static lease entries from ''/etc/ethers'', re-read on SIGHUP | | ''rebind_protection'' | boolean | ''1'' | <code>--stop-dns-rebind</code> | Enables DNS rebind attack protection by discarding upstream RFC1918 responses | | ''rebind_localhost'' | boolean | ''0'' | <code>--rebind-localhost-ok</code> | Allows upstream 127.0.0.0/8 responses, required for DNS based blacklist services, only takes effect if rebind protection is enabled | | ''rebind_domain'' | list of domain names | //(none)// | <code>--rebind-domain-ok</code> | List of domains to allow RFC1918 responses for, only takes effect if rebind protection is enabled | | ''resolvfile'' | file path | ''/etc/resolv.conf'' | ''-r'' | Specifies an alternative resolv file | | ''server'' | list of strings | //(none)// | ''-S'' | List of DNS servers to forward requests to. See the //dnsmasq// man page for syntax details. | | ''strictorder'' | boolean | ''0'' | ''-o'' | Obey order of DNS servers in ''/etc/resolv.conf'' | | ''tftp_root'' | directory path | //(none)// | <code>--tftp-root</code> | Specifies the TFTP root directory | | | | | | ==== dhcp ==== == Options == ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ''dhcp_option'' | list of strings | no | //(none)// | The ID dhcp_option here must be with written with an underscore. OpenWrt will translate this to --dhcp-option, with a hyphen, as ultimately used by dnsmasq. Multiple option values can be given for this //network-id//, with a a space between them and the total string between "". E.g. '26,1470' or 'option:mtu, 1470' that can assign an MTU per DHCP. Your client must accept MTU by DHCP for this to work. Or "3,192.168.1.1 6,192.168.1.1" to give out gateway and dns server addresses. | | ''dynamicdhcp'' | boolean | no | ''1'' | Dynamically allocate client addresses, if set to ''0'' only clients present in the ''ethers'' files are served | | ''force'' | boolean | no | ''0'' | Forces DHCP serving on the specified interface even if another DHCP server is detected on the same network segment | | ''ignore'' | boolean | no | ''0'' | Specifies whether //dnsmasq// should ignore this pool if set to ''1'' | | ''dhcpv6'' | string | no | ''none'' | Specifies whether DHCPv6 server should be enabled (''server''), relayed (''relay'') or disabled (''disabled'') | | ''ra'' | string | no | ''none'' | Specifies whether Router Advertisements should be enabled (''server''), relayed (''relay'') or disabled (''disabled'') | | ''ndp'' | string | no | ''none'' | Specifies whether NDP should be relayed ''relay'' or disabled ''none'' | | ''master'' | boolean | no | 0 | Specifies whether DHCPv6, RA and NDP in relay mode is a master interface or not. | | ''interface'' | logical interface name | yes | //(none)// | Specifies the interface associated with this DHCP address pool; must be one of the interfaces defined in ''/etc/config/network''.| | ''leasetime'' | string | yes | ''12h'' | Specifies the lease time of addresses handed out to clients, for example ''12h'' or ''30m'' | | ''limit'' | integer | yes | ''150'' | Specifies the maximum allowable address that may be leased to clients, calculated as network address + "start" + "limit". :!: The maximum number of leased addresses is limit+1 | | ''networkid'' | string | no | //(value of ''interface'')// | The dhcp functionality defined in the dhcp section is limited to the interface indicated here through its //network-id//. In case omitted the system tries to know the network-id via the 'interface' setting in this dhcp section, through consultation of /etc/config/network. Some IDs get assigned dynamically, are not provided by network, but still can be set here. | | ''start'' | integer | yes | ''100'' | Specifies the offset from the network address of the underlying interface to calculate the minimum address that may be leased to clients. It may be greater than 255 to span subnets.| ==== host ==== == Options == ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ''ip'' | string | yes | //(none)// | 'ignore' or the IP address to be used for this host. | | ''mac'' | string | no | //(none)// | The hardware address(es) of this host, separated by commas. | | ''hostid'' | string | no | //(none)// | The IPv6 interface identifier (address suffix) as hexadecimal number (max. 8 chars) | | ''duid'' | string | no | //(none)// | The DHCPv6-DUID of this host. | | ''name'' | string | no | //(none)// | Optional hostname to assign. | | ''tag'' | string | no | //(none)// | Set the given tag for matching hosts. | | ''dns'' | boolean | no | ''0'' | Add static forward and reverse DNS entries for this host. | | ''broadcast'' | boolean | no | ''0'' | Force broadcast DHCP response. | ===== Related topics ===== * [[documentation:configuration:uci|UCI]] * [[documentation:configuration:config_files|Configuration Files]]