DHCP 和 DNS 配置文件:/etc/config/dhcp
相关内容参阅: DHCP and DNS examples, dnsmasq, odhcpd
OpenWrt 默认使用 dnsmasq 和 odhcpd 提供 DNS/DHCP 和 DHCPv6 服务。
| 功能 | 端口 | 软件 | 配置文件 |
|---|---|---|---|
| DNS server | 53/UDP, 53/TCP | dnsmasq | /etc/config/dhcp |
| DHCP server | 67/UDP | ||
| DHCP relay | 68/UDP | ||
| DHCPv6 server | 547/UDP | odhcpd-ipv6only | |
| RA(Router Advertisemenents) | ICMPv6 |
Dnsmasq 向DHCP客户端通告自己是DNS服务器。这在本地网络中可以更好地管理DNS功能。其中未命中的DNS请求会被转发到上游DNS服务器。
配置内容解析
常用的 DHCP 配置内容如下面所示。
不是所有类型的参数都会在文件里出现,大多参数仅在特定功能时才需要设置。
常用的是:Common Options 称为基本配置,DHCP Pools 称为DHCP 地址池,以及 Static Leases 称为静态租约。
默认配置指定 DNS 和守护进程相关的选项,以及一个或多个 DHCP 地址池,用于定义在网络接口上提供 DHCP 服务的方式。
基本配置
config dnsmasq 的内容用于指定每个 dnsmasq 实例的相关值和选项,这些值和选项涉及该 dnsmasq 实例的整体运行以及其所服务的所有接口上的 DHCP 选项。
下面表格展示了所有可用选项及其默认值,以及 dnsmasq 命令行选项。详情内容参阅 the dnsmasq man page。
选项及其默认值如下:
config dnsmasq option domainneeded '1' option boguspriv '1' option filterwin2k '0' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option nonegcache '0' option cachesize '1000' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' option nonwildcard '1' option localservice '1' option ednspacket_max '1232' option filter_aaaa '0' option filter_a '0'
选项:
local和domain启用后 dnsmasq 可以解析/etc/hosts中的内容, 也包括在 lan 域下的DHCP 客户端主机名。domainneeded,boguspriv,localise_queries, 和expandhosts确保对本地主机名的查询不会被转发到上游 DNS 服务器,而是在本地解析或直接处理。authoritative将路由器成为该网络中唯一的 DHCP 服务器;客户端因此能更快地获得 IP 地址租约。leasefile将 DHCP 租约保存到文件中,以便在 dnsmasq 重启后能够恢复之前的分配记录,避免客户端重复获取 IP。resolvfilednsmasq 使用指定文件来获取上游 DNS 服务器地址;该文件由 WAN 口的 DHCP 客户端或 PPP 客户端在联网时自动生成。enable_tftp和tftp_root前者启用TFTP服务器,后者指定目录供TFTP服务器使用。- 在某些情况下,可能需要在客户端手动设置服务器的 IP 地址,可通过设置环境变量
serverip(e.g.setenv serverip 192.168.1.10).
全部选项
| Name | Type | Default | Option | Description |
|---|---|---|---|---|
add_local_domain | boolean | 1 | Add the local domain as search directive in resolv.conf. | |
add_local_hostname | boolean | 1 | Add A, AAAA, and PTR records for this router only on DHCP served LAN.  enhanced function available since 18.06 with option add_local_fqdn |
|
add_local_fqdn | integer | 1 | Add A, AAAA, and PTR records for this router only on DHCP served LAN. 0: Disable.1: Hostname on Primary Address.2: Hostname on All Addresses.3: FDQN on All Addresses.4: iface.host.domain on All Addresses. add_local_fqdn available since 18.06 |
|
add_wan_fqdn | integer | 0 | Labels WAN interfaces like add_local_fqdn instead of your ISP assigned default which may be obscure. WAN is inferred from config dhcp sections with option ignore 1 set, so they do not need to be named WAN add_wan_fqdn available since 18.06 |
|
addnhosts | list of file paths | (none) | -H | Additional host files to read for serving DNS responses. Syntax in each file is the same as /etc/hosts |
addnmount | list of directory or file paths | (none) | Expose additional filesystem paths to the jailed dnsmasq process. This is useful in the case of manually configured includes in the configuration file or symlinks pointing outside of the exposed paths as used, for example, by an ad blocker or other name-banning package. | |
authoritative | boolean | 1 | -K | Force dnsmasq into authoritative mode. This speeds up DHCP leasing. Used if this is the only server on the network |
bogusnxdomain | list of IP addresses | (none) | -B | IP addresses to convert into NXDOMAIN responses (to counteract “helpful” upstream DNS servers that never return NXDOMAIN). |
boguspriv | boolean | 1 | -b | Reject reverse lookups to private IP ranges where no corresponding entry exists in /etc/hosts |
cachelocal | boolean | 1 | When set to 0, use each network interface's dns address in the local /etc/resolv.conf. Normally, only the loopback address is used, and all queries go through dnsmasq. |
|
cachesize | integer | 150 | -c | Size of dnsmasq query cache. |
dbus | boolean | 0 | -1 | Enable DBus messaging for dnsmasq. Standard builds of dnsmasq on OpenWrt do not include DBus support. |
dhcp_boot | string | (none) | --dhcp-boot | Specifies BOOTP options, in most cases just the file name. You can also use: “file name, tftp server name, tftp ip address” |
dhcphostsfile | file path | (none) | --dhcp-hostsfile | Specify an external file with per host DHCP options |
dhcpleasemax | integer | 150 | -X | Maximum number of DHCP leases |
dnsforwardmax | integer | 150 | -0 (zero) | Maximum number of concurrent connections |
domain | domain name | (none) | -s | DNS domain handed out to DHCP clients |
domainneeded | boolean | 1 | -D | Tells dnsmasq never to forward queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a “not found” answer is returned |
dnssec | boolean | 0 | --dnssec | Validate DNS replies and cache DNSSEC data. Requires the dnsmasq-full package. |
dnsseccheckunsigned | boolean | 0 | --dnssec-check-unsigned | Check the zones of unsigned replies to ensure that unsigned replies are allowed in those zones. This protects against an attacker forging unsigned replies for signed DNS zones, but is slower and requires that the nameservers upstream of dnsmasq are DNSSEC-capable. Requires the dnsmasq-full package. Caution: If you use this option on a device that doesn't have a hardware clock, dns resolution may break after a reboot of the device due to an incorrect system time. |
ednspacket_max | integer | 1232 | -P | Specify the largest EDNS.0 UDP packet which is supported by the DNS forwarder |
enable_tftp | boolean | 0 | --enable-tftp | Enable the builtin TFTP server |
expandhosts | boolean | 1 | -E | Add the local domain part to names found in /etc/hosts |
filterwin2k | boolean | 0 | -f | Do not forward requests that cannot be answered by public name servers. Make sure it is disabled if you need to resolve SRV records or use SIP phones. |
fqdn | boolean | 0 | --dhcp-fqdn | Do not resolve unqualifed local hostnames. Needs domain to be set. |
listen_address | list of IP addresses | (none) | -a | Listen only on the specified IP addresses. If unspecified, listen on IP addresses from each interface |
interface | list of interface names | (all interfaces) | -i | List of interfaces to listen on. If unspecified, dnsmasq will listen to all interfaces except those listed in notinterface. Note that dnsmasq listens on loopback by default. |
notinterface | list of interface names | (none) | -I (uppercase “i”) | Interfaces dnsmasq should not listen on. |
ipset | list of strings | (none) | --ipset | The syntax is: list ipset '/example.com/example.org/example_ipv4,example_ipv6' Requires the dnsmasq-full package. |
leasefile | file path | (none) | -l (lowercase “L”) | Store DHCP leases in this file |
local | string | (none) | -S | Look up DNS entries for this domain from /etc/hosts. This follows the same syntax as server entries, see the man page. |
localise_queries | boolean | 1 | -y | Choose IP address to match the incoming interface if multiple addresses are assigned to a host name in /etc/hosts. Initially disabled, but still enabled in the config by default. Note well the spelling of this option. |
localservice | boolean | 1 | --local-service | Accept DNS queries only from hosts whose address is on a local subnet, ie a subnet for which an interface exists on the server. |
local_ttl | integer | 0 | --local-ttl | Default TTL for locally authoritative answers. |
localuse | boolean | 1 | Use dnsmasq as a local system resolver. Depends on the noresolv and resolvfile options. |
|
logfacility | string | DAEMON | --log-facility=<facility> | Set the facility to which dnsmasq will send syslog entries. See the dnsmasq man page for available facilities. |
logqueries | boolean | 0 | --log-queries=extra | Log the results of DNS queries, dump cache on SIGUSR1, include requesting IP |
nodaemon | boolean | 0 | -d | Don't daemonize the dnsmasq process |
nohosts | boolean | 0 | -h | Don't read DNS names from /etc/hosts |
nonegcache | boolean | 0 | -N | Disable caching of negative “no such domain” responses |
noresolv | boolean | 0 | -R | Don't read upstream servers from /etc/resolv.conf which is linked to resolvfile by default |
nonwildcard | boolean | 1 | --bind-dynamic | Bind only configured interface addresses, instead of the wildcard address. |
port | port number | 53 | -p | Listening port for DNS queries, disables DNS server functionality if set to 0 |
queryport | integer | (none) | -Q | Use a fixed port for outbound DNS queries |
readethers | boolean | 0 | -Z | Read static lease entries from /etc/ethers, re-read on SIGHUP |
rebind_protection | boolean | 1 | --stop-dns-rebind | Enables DNS rebind attack protection by discarding upstream RFC1918 responses |
rebind_localhost | boolean | 1 | --rebind-localhost-ok | Allows upstream 127.0.0.0/8 responses, required for DNS based blacklist services, only takes effect if rebind protection is enabled |
rebind_domain | list of domain names | (none) | --rebind-domain-ok | List of domains to allow RFC1918 responses for, only takes effect if rebind protection is enabled. The correct syntax is: list rebind_domain '/example.com/' |
resolvfile | file path | /tmp/resolv.conf.d/resolv.conf.auto | -r | Specifies an alternative resolv file |
server | list of strings | (none) | -S | List of DNS servers to forward requests to. See the dnsmasq man page for syntax details. |
serverlist | file path | /etc/dnsmasq.servers | -S | Specify upstream servers directly. If one or more optional domains are given, that server is used only for those domains and they are queried only using the specified server. Syntax is server=/*.mydomain.tld/192.168.100.1 or see the dnsmasq man page for details. |
rev_server | list of strings | (none) | --rev-server | List of network range with a DNS server to forward reverse DNS requests to. See the dnsmasq man page for syntax details. |
address | list of strings | (none) | -A | List of IP addresses for queried domains. See the dnsmasq man page for syntax details. |
strictorder | boolean | 0 | -o | Obey order of DNS servers in /etc/resolv.conf |
tftp_root | directory path | (none) | --tftp-root | Specifies the TFTP root directory |
minport | integer | 0 | --min-port | Dnsmasq picks random ports as source for outbound queries. When this option is given, the ports used will always be larger than or equal to the specified minport value (min valid value 1024). Useful for systems behind firewalls. |
maxport | integer | 0 | --max-port | Dnsmasq picks random ports as source for outbound queries. When this option is given, the ports used will always be smaller than or equal to the specified maxport value (max valid value 65535). Useful for systems behind firewalls. |
noping | boolean | 0 | --no-ping | By default dnsmasq checks if an IPv4 address is in use before allocating it to a host by sending ICMP echo request (aka ping) to the address in question. This parameter allows to disable this check. |
allservers | boolean | 0 | --all-servers | By default, when dnsmasq has more than one upstream server available, it will send queries to just one server. Setting this parameter forces dnsmasq to send all queries to all available servers. The reply from the server which answers first will be returned to the original requeser. |
quietdhcp | boolean | 0 | --quiet-dhcp | Suppress logging of the routine operation of DHCP. Errors and problems will still be logged |
sequential_ip | boolean | 0 | --dhcp-sequential-ip | Dnsmasq is designed to choose IP addresses for DHCP clients using a hash of the client's MAC address. This normally allows a client's address to remain stable long-term, even if the client sometimes allows its DHCP lease to expire. In this default mode IP addresses are distributed pseudo-randomly over the entire available address range. There are sometimes circumstances (typically server deployment) where it is more convenient to have IP addresses allocated sequentially, starting from the lowest available address, and setting this parameter enables this mode. Note that in the sequential mode, clients which allow a lease to expire are much more likely to move IP address; for this reason it should not be generally used. |
addmac | [0,1,base64,text] | 0 | --add-mac | Add the MAC address of the requester to DNS queries which are forwarded upstream; this may be used to do DNS filtering by the upstream server. The MAC address can only be added if the requester is on the same subnet as the dnsmasq server. Note that the mechanism used to achieve this (an EDNS0 option) is not yet standardised, so this should be considered experimental. Also note that exposing MAC addresses in this way may have security and privacy implications. |
logdhcp | boolean | 0 | --log-dhcp | Enables extra DHCP logging; logs all the options sent to the DHCP clients and the tags used to determine them |
dhcpscript | string | (none) | --dhcp-script | Run a custom script upon DHCP lease add / renew / remove actions |
confdir | directory path | /tmp/dnsmasq.d | --conf-dir | Directory with additional configuration files |
max_ttl | integer | (none) | --max-ttl | limit the ttl in the DNS answer to this value |
min_cache_ttl | integer | (none) | --min-cache-ttl | set the minimum time-to-live of DNS answers, even when the ttl in the answer is lower |
max_cache_ttl | integer | (none) | --max-cache-ttl | the maximum time-to-live for any DNS answer, even if higher |
rapidcommit | boolean | 0 | --dhcp-rapid-commit | Enable DHCPv4 Rapid Commit (fast address assignment) See RFC 4039. |
DHCP 地址池
config dhcp 用于为每个网络接口指定 IP 地址池及相关参数,以处理 DHCP 请求。
通常,在 /etc/config/dhcp 中至少有一个,用于为 lan 接口提供 DHCP 服务。
通过在相应配置段中设置 ignore 选项,来禁用某个特定网络接口的 DHCP 地址池。
以下是 dhcp 部分的最简示例:
config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h'
lan指定该 DHCP 地址池所服务的 OpenWrt 网络接口。100是网络地址开始的偏移值,在默认配置中意味着 DHCP 将从192.168.1.100开始分配 IP 地址。150表示最多可分配的 IP 地址数量,在默认配置中意味着地址池的结束地址为192.168.1.24912h是所分配 IP 租约的有效期,本例有效期为12小时。server设置 IPv6 工作模式 (RA & DHCPv6)
以下是 dhcp 中所有可用选项的列表。
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
dhcp_option | list of strings | no | (none) | The ID dhcp_option here must be with written with an underscore. OpenWrt will translate this to --dhcp-option, with a hyphen, as ultimately used by dnsmasq. Multiple option values can be given for this network-id, with a a space between them and the total string between “”. E.g. '26,1470' or 'option:mtu, 1470' that can assign an MTU per DHCP. Your client must accept MTU by DHCP for this to work. Or “3,192.168.1.1 6,192.168.1.1” to give out gateway and DNS server addresses. A list of options can be found here (note that dnsmasq does not support all options listed there). A list of the symbolic option names that dnsmasq recognises can be found by running dnsmasq --help dhcp. |
dhcp_option_force | list of strings | no | (none) | Exactly the same as dhcp_option (note the underscores), but it will be translated to --dhcp-option-force, meaning that the DHCP option will be sent regardless on whether the client requested it. dhcp_option_force available since 18.06 |
dynamicdhcp | boolean | no | 1 | Dynamically allocate client addresses, if set to 0 only clients present in the ethers files are served |
force | boolean | no | 0 | Forces DHCP serving on the specified interface even if another DHCP server is detected on the same network segment |
ignore | boolean | no | 0 | Specifies whether dnsmasq should ignore this pool if set to 1 |
dhcpv4 | string | no | (none) | Specifies whether DHCPv4 server should be enabled (server) or disabled (disabled) |
dhcpv6 | string | no | (none) | Specifies whether DHCPv6 server should be enabled (server), relayed (relay) or disabled (disabled) |
dns | list | no | <local address> | DNS servers to announce on the network. Only IPv6 addresses are accepted. To configure IPv4 DNS servers, use dhcp_option. |
dns_service | boolean | no | 1 | Announce the IPv6 address of interface as DNS service if the list of dns option is empty. dns_service available since 21.02 |
ra | string | no | (none) | Specifies whether Router Advertisements should be enabled (server), relayed (relay) or disabled (disabled) |
ra_default | integer | no | 0 | Default router lifetime in the RA message will be set if default route is present and a global IPv6 address (0) or if default route is present but no global IPv6 address (1) or neither of both conditions (2) |
ra_flags | list of strings | no | other-config | List of RA flags to be advertised in RA messages:managed-config - get address and other information from DHCPv6 server. If this flag is set, other-config flag is redundant.other-config - get other configuration from DHCPv6 server (such as DNS servers). See here for details.home-agent - see here for details.none.OpenWrt since version 21.02 configures managed-config and other-config by default. |
ra_slaac | boolean | no | 1 | Announce SLAAC for a prefix (that is, set the A flag in RA messages). |
ra_management | integer | no | 1 | This option is deprecated. Use ra_flags and ra_slaac options instead. RA management mode : no M-Flag but A-Flag ( 0), both M and A flags (1), M flag but not A flag (2) |
ra_offlink | bool | no | 0 | Announce prefixes as offlink (1) in RAs |
ra_preference | string | no | medium | Announce routes with either high (high), medium (medium) or low (low) priority in RAs |
ra_mininterval | integer | no | 200 | Minimum time interval between RAs (in seconds) |
ra_maxinterval | integer | no | 600 | Maximum time interval between RAs (in seconds) |
ra_lifetime | integer | no | 1800 | Advertised router lifetime (in seconds) |
ra_useleasetime | bool | no | 0 | Limit the preferred and valid lifetimes of the prefixes in the RA messages to the configured DHCP leasetime |
ra_hoplimit | integer | no | 0 | Advertised current hop limit (0-255) |
ra_reachabletime | integer | no | 0 | Advertised reachable time (in milliseconds) (0-3600000) |
ra_retranstime | integer | no | 0 | Advertised NS retransmission time (in milliseconds) (0-60000) |
ra_mtu | integer | no | (none) | Maximum advertised MTU |
ra_dns | boolean | no | 1 | Announce DNS configuration in RA messages (RFC8106) |
ndp | string | no | (none) | Specifies whether NDP should be relayed (relay) or disabled (disabled) |
ndproxy_routing | bool | no | 1 | Learn routes from NDP |
ndproxy_slave | bool | no | 0 | Ignore neighbor messages on slave enabled (1) interfaces |
master | boolean | no | 0 | Specifies whether DHCPv6, RA and NDP in relay mode is a master interface or not. |
interface | logical interface name | yes | (none) | Specifies the interface associated with this DHCP address pool; must be one of the interfaces defined in /etc/config/network. |
leasetime | string | yes | 12h | Specifies the lease time of addresses handed out to clients, for example 12h or 30m |
limit | integer | yes | 150 | Specifies the size of the address pool (e.g. with start=100, limit=150, maximum address will be .249) |
networkid | string | no | (value of interface) | The dhcp functionality defined in the dhcp section is limited to the interface indicated here through its network-id. In case omitted the system tries to know the network-id via the interface setting in this dhcp section, through consultation of /etc/config/network. Some IDs get assigned dynamically, are not provided by network, but still can be set here. |
start | integer | yes | 100 | Specifies the offset from the network address of the underlying interface to calculate the minimum address that may be leased to clients. It may be greater than 255 to span subnets. |
instance | dnsmasq instance | no | (none) | Dnsmasq instance to which the dhcp section is bound; if not specified the section is valid for all dnsmasq instances. |
tag | list of tag names | no | (none) | List of tags that dnsmasq needs to match to use with --dhcp-range. |
注意:
interface指的是逻辑网络接口的名称,例如lan,wan,wifi等 (在/etc/config/network内), 而不是网络设备名称,例如eth0,eth1,wlan0等 (ifnameIDs 在/etc/config/network).。networkid是网络设备名称,例如eth0,eth1,wlan0等, 而不是逻辑网络接口名称 (lan,wan,wifi等)。
/etc/config/network 和 /etc/config/wireless中 ifname 和 network 的用法不同, 因此请务必仔细核对配置,避免混淆!
静态租约
使用config host根据设备的 MAC(硬件)地址,为其分配固定的 IP 地址。
该配置中的各项参数将被用来构造 dnsmasq 的 -G 命令行选项,以实现静态地址分配。
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
ip | string | no | (none) | the IP address to be used for this host, or ignore to ignore any DHCP request from this host |
mac | string | no | (none) | The hardware address(es) of this host, separated by spaces. |
hostid | string | no | (none) | The IPv6 interface identifier (address suffix) as hexadecimal number (max. 16 chars, 64 bits, 8 bytes) |
duid | string | no | (none) | The DHCPv6-DUID of this host. |
name | string | no | (none) | Optional hostname to assign. |
tag | string | no | (none) | Set the given tag for matching hosts. |
match_tag | list of strings | no | (none) | If specified the section will apply only to requests having all the tags; incoming interface name is always auto-assigned, other tags can be added by vendorclass/userclass/etc. sections |
dns | boolean | no | 0 | Add static forward and reverse DNS entries for this host. |
broadcast | boolean | no | 0 | Force broadcast DHCP response. |
leasetime | string | no | (none) | Host-specific lease time, e.g. 2m, 3h, 5d. Note: introduced by r48801 in trunk |
instance | dnsmasq instance | no | (none) | Dnsmasq instance to which the host section is bound; if not specified the section is valid for all dnsmasq instances. |
注意:必须至少指定以下其中一个 mac (支持使用通配符), duid 或 name 。
也可以在dnsmasq 中启用 readethers 选项,使其在 /etc/ethers 文件中添加 MAC 地址与 IP 地址的对应条目,以实现静态 IP 分配。
启动选项
一些设备支持通过网络启动(PXE 启动)。
boot 选项用于指定如何通过 DHCP/BOOTP 告知客户端应加载哪个引导文件,以及从哪台服务器获取该文件。
每个客户端只能接收一组引导文件名和服务器地址选项。
如果不同设备需要加载不同的文件,或从不同服务器启动,可以使用 tags 或 network-ids 将不同的引导选项精确地分配给对应的客户端。
你需要通过 dhcp_option 设置额外的 DHCP 选项,以便支持网络启动过程中的后续阶段。
查阅 dnsmasq 的手册了解 O 选项的语法详情。
这些配置生成了dnsmasq中的 -M 选项
*注意*: odhcp 目前不支持设置 root-path 。 如果你需要此功能,禁用 odhcpd 改用 dnsmasq 。
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
dhcp_option | list of strings | no | (none) | Additional options to be added for this network-id. If you specify this, you also need to specify the network-id. |
filename | string | yes | (none) | The filename the host should request from the boot server. |
networkid | string | no | (none) | The tag (aka network-id) these boot options should apply to. Applies to all clients if left unspecified. |
serveraddress | string | yes | (none) | The IP address of the boot server. |
servername | string | yes | (none) | The hostname of the boot server. |
force | bool | no | (none) | dhcp_option will always be sent even if the client does not ask for it in the parameter request list. This is sometimes needed, for example when sending options to PXELinux. |
instance | dnsmasq instance | no | (none) | Dnsmasq instance to which the boot section is bound. If not specified the section is valid for all dnsmasq instances. |
客户端的区分和选项的使用
DHCP 还有其他功能,例如域名访问、NTP服务器、网络启动功能等。
某些设置适用于网络段中的所有主机,但其他配置则更具针对性——可能仅适用于特定主机组,甚至只针对单个设备。
dnsmasq 通过内部称为networkid的字母数字标识tag对DHCP选项及其值进行分组,实现仅向标记对应网络标识的主机发送特定配置选项的功能。
在OpenWrt系统中,您可以通过以下方式标记主机:按DHCP地址范围( dhcp )划分,或根据客户端在DHCP请求中发送的若干选项进行标识。
在每个分类配置段中,可使用dhcp_option列表为具有特定tag(或networkid)的主机添加专属DHCP选项。
以下选项对客户端区分:
| Name | Description |
|---|---|
mac | Hardware address of the client. |
tag | An alphanumeric label which marks the network. |
vendorclass | String sent by the client representing the vendor of the client. dnsmasq performs a substring match on the vendor class string using this value. |
userclass | String sent by the client representing the user of the client. dnsmasq performs a substring match on the user class string using this value. |
circuitid | Matches the circuit ID as sent by the relay agent, as defined in RFC3046. |
remoteid | Matches the remote ID as sent by the relay agent, as defined in RFC3046. |
subscrid | Matches the subscriber ID as sent by the relay agent, as defined in RFC3993. |
每个区分项 (除了 tag) 有个配置选项: 被分配那个tag。
例如 一个包含与您的以太网MAC完全匹配的 mac 条目的 mac 部分,以及一个 tag (也称为 networkid) 为 green ,将被标记为 green。
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
<classifier> | string | yes | (none) | Use section type as option name and classifying filter as option value. |
networkid | string | yes | (none) | The tag that matching clients will be assigned. |
force | bool | no | false | Whether to send the additional options from dhcp_option list to the clients that didn't request them. |
tag 有个配置选项: 将 DHCP options 的值分配给该 tag 。
例如:沿用上面的例子, 如果存在一个tag条目,其tag值为green,且同时提供了一个dhcp_option列表并设置了force,那么带有green标签的 DHCP 客户端可以被有选择地强制接收一个dhcp_option。
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
<classifier> | string | yes | (none) | Use section type as option name and classifying filter as option value. |
dhcp_option | list of strings | no | (none) | Additional options to be added for this tag aka networkid. |
force | bool | no | false | Whether to send the additional options from dhcp_option list to the clients that didn't request them. |
IP 集
仅 dnsmasq-full 支持
dnsmasq可以自动将指定域名的解析地址填充到Netfilter IP集合中。此功能可以通过ipset选项在dnsmasq部分启用,或者使用更便捷的语法,通过专门的ipset部分启用。每个ipset部分都包含要填充的IP集合的名称(name,一个部分中可以指定多个IP集合名称),以及其解析地址应添加到指定IP集合中的域名(domain)。
示例:
dhcp ipset list name 'ss_rules_dst_forward' list name 'ss_rules6_dst_forward' list domain 'linkedin.com' list domain 'telegram.org'
DHCP 中继
如果您在两个接口之间进行路由(即它们未被桥接),那么您会发现网络远端发送DHCP请求的客户端得不到任何响应,因为DHCP广播无法在接口之间进行路由。 通过将dnsmasq配置为DHCP中继,可以无需为远端子网设置独立的DHCP服务器来解决此问题。 在此配置中,它会像正常情况一样监听DHCP请求,将这些请求转发到上游DHCP服务器,然后将接收到的任何响应广播回原始子网。
截至2021年10月,LuCI没有相关的界面,因此必须手动编辑配置文件。 DHCP 中继配置示例:
config relay 'id' option interface 'lan' option local_addr '1.1.1.1' option server_addr '2.2.2.2'
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | yes | (none) | A unique name for the section, which must be different to every other section's name. |
interface | string | yes | (none) | Logical network interface where the destination DHCP server is located. |
local_addr | string | yes | (none) | IP address to listen for DHCP requests. |
server_addr | string | yes | (none) | IP address of the upstream DHCP server accessible through the network given by the interface option. DHCP responses picked up on the far subnet will be relayed to this server. This address must be routed correctly (i.e. you can ping it successfully from the OpenWrt command line). |
主机记录
如果您希望特定域名(或子域名)解析到特定IP,一种方法是在dnsmasq的/etc/config/dhcp中为其添加一个hostrecord来实现。
示例:
config hostrecord option name 'example.com' option ip '192.168.1.2'
这个示例表示,example.com 会解析到 192.168.1.2,但 subdomain.example.com 仍会以常规方式解析。
请注意,这与使用dnsmasq的address选项不同,后者指示dnsmasq将整个域(包括任何子域)解析为特定的IP地址。