Dnsmasq is a lightweight, easy to configure DNS-forwarder and DHCP-server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP-server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines. It is already installed and preconfigured on OpenWrt.
The configuration is done with help of the uci-configuration file:
/etc/config/dhcp, but you can use this together with the file
Depending on the setting in the uci-file, you may also use the files
It is possible to mix the traditional
/etc/dnsmasq.conf configuration file with the options found in
dnsmasq.conf file does not exist by default but will be processed by dnsmasq on startup if it is present.
Note that options in
/etc/config/dhcp take precendence over
dnsmasq.conf since they are translated to command line arguments.
You can have dnsmasq execute a script on every action:
dhcp-script = /sbin/action.sh
By default, Dnsmasq comes configured to put your hosts into the
This is specified in the configuration file as:
# allow /etc/hosts and dhcp lookups via *.lan local=/lan/ domain=lan
You can change this to whatever you'd like your home domain to be.
Also, if you want your hosts to be available via your home domain without having to specify the domain in your
/etc/hosts file, add the
expand-hosts directive to your
As an example, without
expand-hosts, you can only reach router, ubuntu-desktop and ubuntu-laptop.
With expand-hosts on, you can reach router, router.lan, ubuntu-desktop, ubuntu-desktop.lan, etc.
This probably matches what you're looking for anyway.
Without this setting, you'll have to add .lan entries to your
/etc/ethers static lease entries can be assigned.
See → static_leases.
/etc/hosts DNS entries are configured.
Dnsmasq will utilize these entries to answer DNS queries on your network.
[IP_address] host_name host_name_short ...
192.168.1.1 router OpenWrt localhost 192.168.1.2 debian-server 192.168.1.3 ubuntu-laptop
Sometimes when an interface is on the edge of the capacity (especially WiFi over longer distances) a DHCP request could be not replied in time. Therefore the DHCP client will not be able to receive proper network settings. A possible workaround is using static IPs or very long DHCP leases (more than 12h). This is particularly important when one has several WiFi repeaters that use DHCP and are distant from each other or not easily accessible.
Windows 7 among others ask for proxy settings using DHCP. The issue is that they do not stop asking until they have received an answer. This results in that the log contains a lot information about these requests, an example can be found below (thanks to the excito wiki for the info).
uci add_list dhcp.lan.dhcp_option='252,"\n"' uci commit dhcp service dnsmasq restart
Windows 7 has introduced a new Microsoft-enhanced feature. It won't assign IP address obtained from a DHCP server to an interface, if the IP was used before for another interface, even if that other interface is NOT active currently (i.e. cable disconnected). This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux.
If you try configure MAC address hot swap on your router, Windows 7 clients will end up in an infinite DORA loop.
uci add dhcp host uci set dhcp.@host[-1].name="example-host" uci set dhcp.@host[-1].ip="192.168.1.230" uci set dhcp.@host[-1].mac="00:a0:24:5a:33:69 00:11:22:33:44:55 02:a0:24:5a:33:69 02:11:22:33:44:55" uci commit dhcp service dnsmasq restart
If you use Adguard DNS as forwarder (to have a cheap and efficient network adblocker), you need to disable Rebind protection, to avoid lag or site unreachable due to Rebin protection.
If not, you can see lot of this log in system.log, and have lag or host unreachable issue.
daemon.warn dnsmasq[xxx]: possible DNS-rebind attack detected: any.adserver.dns