etc-server/dhcp/dnsmasq.conf and docΒΆ

Full example configuration file for dnsmasq can be downloaded at:;a=blob;f=dnsmasq.conf.example

The following command spawns a DHCP server on interface eth0 which gives IP addresses in range and tells its clients to use as primary DNS server:

dnsmasq -kd -i eth0 --dhcp-range=, --dhcp-option=6,

By the way, here are iptables commands to open UDP ports for DHCP and DNS server:

iptables -I INPUT -i eth0 -p udp --sport 68 --dport 67 -j ACCEPT
iptables -I OUTPUT -o eth0 -p udp --sport 67 --dport 68 -j ACCEPT
iptables -I INPUT -i eth0 -p udp --dport 53 -j ACCEPT
iptables -I OUTPUT -o eth0 -p udp --sport 53 -j ACCEPT

Here is /etc/dnsmasq.conf for a DHCP server (no IPv6, no DNS): (Download file)

# Configuration file for dnsmasq.
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
# Or you can specify which interface _not_ to listen on
# Or which to listen on by address (remember to include if
# you use this.)
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP and TFTP on it.

# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.

# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
# or if you want it to read another file, as well as /etc/hosts, use
# this.

# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.

# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#     as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
#    domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"

# Set a different domain for a particular subnet,

# Same idea, but range rather then subnet,,

# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.

# For debugging purposes, log each DNS query as it passes through
# dnsmasq.

# Log lots of extra information about DHCP transactions.