Setup dnsmasq for DNS, DHCP and TFTP

Setup dnsmasq for DNS, DHCP and TFTP

To setup DNS, DHCP and TFTP server using dnsmasq, need to consider them separately.


To ease of setup and backup, consider use docker container to run dnsmasq.

Configure macvlan

As DHCP server requires special network communication, macvlan can be used for this purpose.

Create macvlan on interface bond0 with IP address

docker network create -d macvlan -o parent=eth0 --subnet= --gateway= --ip-range= my_macvlan_250

Configure bridge macvlan

By default, the host machine who configured macvlan communicates with macvlan container, in such case, the DNS server running in dnsmasq will not be accessable by host machine.

In order to allow host machine also use DNS service running in macvlan, following configuration needs to be done, which creates another macvlan in host as bridge mode with IP address, and use it to access macvlan in docker with IP address

Add following lines in /etc/network/interfaces

up ip link add my_macvlan_249 link eth0 type macvlan mode bridge
up ip addr add dev my_macvlan_249
up ip link set my_macvlan_249 up
up ip route add dev my_macvlan_249

Untested setup

Other setup likes using normal bridge network interface on physical network interface, I have tried it, so maybe it is also working.

Start container

Start container and map container /data folder to /app/dnsmasq/data, which can be used to save configuration files

docker run --name dnsmasq -d -it --restart unless-stopped -v /app/dnsmasq/data:/data --network my_macvlan_250 dnsmasq

Above command will run following command in container

dnsmasq -q -d --conf-file=/data/dnsmasq.conf --dhcp-broadcast

Troubleshooting dnsmasq

In order to debug dnsmasq, following command can be used.

docker logs -f dnsmasq

Due to so many requests on DNS from everywhere, if only want to debug DHCP service, following command can be used, and it filter out lines start with dnsmasq: .

docker logs -f dnsmasq --since 1m | grep -v -e "^dnsmasq: "

The DHCP log messages start with dnsmasq-dhcp: .

docker logs -f dnsmasq --since 1m | grep -e "^dnsmasq-dhcp: "

Note: As suggested in configuration, comment log-queries should disable logs for DNS too, but looks like useless.


Configure TFTP boot

Configure TFTP server

Enable TFTP server


Configure DHCP boot

Sample configuration to select boot file according to option client-arch


Actual configuration


Set tag for iPXEBOOT, and configure ipxe options

# set tag to IPXEBOOT when has option 175
#dhcp-match=set:ipxe,175 # iPXE sends a 175 option.


# Configure iSCSI for ipxe boot
#dhcp-option-force=vendor:175, 190, user
#dhcp-option-force=vendor:175, 191, password

Configure DHCP

DHCP global configuration, and set host using files in /data/hosts folder, and dhcp-host using files in /data/ethers folder.

dhcp-option=44, # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)

DHCP Domain and rang

Following lines set up for dhcp hosts which are tagged as home,

DHCP mapping

To map MAC address to IP, tag, etc., use dhcp-host. Sample of mapping are shown below


Note: contents in dhcp-host file, such as /etc/ethers should not have prefix of dhcp-host= as in main configuration file dnsmasq.conf does.


DHCP reject unknown hosts

Using following configuration line to ignore all unknown hosts, so all hosts much registered using dhcp-host option.


Guest domain

Another way to deal with unknown hosts is to setup guest network.

Following lines define a DHCP services for hosts without tag home


Another way is to define guest network range as below for those hosts with tag guest.,


DHCP mapping consideration

The logic of DHCP tags is described below

  • Host request DHCP, then it has one tag, which is interface name, such as eth0

  • If it is mapped with one dhcp-host line, they will be tagged as known

  • Tags can be given by various ways

    • Set in dhcp-host line. For example, set guest in following line
    • Set by IP range
    • Set by host matching
  • Tags can be used by various ways

    • Used in IP range
  • Tags can be used in not condition


DHCP options

DHCP options and their numbers, can be found in DHCP log, such as below.

dnsmasq-dhcp: 2177430021 available DHCP range: --
dnsmasq-dhcp: 2177430021 available DHCP range: --
dnsmasq-dhcp: 2177430021 vendor class: MSFT 5.0
dnsmasq-dhcp: 2177430021 client provides name: baidu-windows
dnsmasq-dhcp: 2177430021 DHCPREQUEST(eth0) 00:a0:98:1d:b0:fc 
dnsmasq-dhcp: 2177430021 tags: home, known, eth0
dnsmasq-dhcp: 2177430021 DHCPACK(eth0) 00:a0:98:1d:b0:fc baidu-windows
dnsmasq-dhcp: 2177430021 requested options: 1:netmask, 3:router, 6:dns-server, 15:domain-name, 
dnsmasq-dhcp: 2177430021 requested options: 31:router-discovery, 33:static-route, 43:vendor-encap, 
dnsmasq-dhcp: 2177430021 requested options: 44:netbios-ns, 46:netbios-nodetype, 47:netbios-scope, 
dnsmasq-dhcp: 2177430021 requested options: 119:domain-search, 121:classless-static-route, 
dnsmasq-dhcp: 2177430021 requested options: 249, 252
dnsmasq-dhcp: 2177430021 bootfile name: undionly.kpxe
dnsmasq-dhcp: 2177430021 server name: dnsmasq
dnsmasq-dhcp: 2177430021 next server:
dnsmasq-dhcp: 2177430021 broadcast response
dnsmasq-dhcp: 2177430021 sent size:  1 option: 53 message-type  5
dnsmasq-dhcp: 2177430021 sent size:  4 option: 54 server-identifier
dnsmasq-dhcp: 2177430021 sent size:  4 option: 51 lease-time  12h
dnsmasq-dhcp: 2177430021 sent size:  4 option: 58 T1  6h
dnsmasq-dhcp: 2177430021 sent size:  4 option: 59 T2  10h30m
dnsmasq-dhcp: 2177430021 sent size:  4 option:  1 netmask
dnsmasq-dhcp: 2177430021 sent size:  4 option: 28 broadcast
dnsmasq-dhcp: 2177430021 sent size:  6 option: 15 domain-name
dnsmasq-dhcp: 2177430021 sent size: 23 option: 81 FQDN  03:ff:ff:62:61:69:64:75:2d:77:69:6e:64:6f...
dnsmasq-dhcp: 2177430021 sent size:  4 option:  6 dns-server
dnsmasq-dhcp: 2177430021 sent size:  4 option:  3 router
dnsmasq-dhcp: 2177430021 sent size:  4 option: 44 netbios-ns

Configure DNS

Set up link DNS server

# DNS Server

DNS mapping

DNS entries are defined as the format of /etc/host file     host1 host-alias

Sample configuration steps

Add a static IP entry for a known mac address

In ethers file, add following entry for DHCP


In banner_add_hosts file add following entry for DNS    cat

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

The reCAPTCHA verification period has expired. Please reload the page.