summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSan Mehat <san@google.com>2010-01-20 17:56:15 (GMT)
committerSan Mehat <san@google.com>2010-01-20 18:55:09 (GMT)
commitffd68729961f7383f2e35494a03ccdef20f86c98 (patch)
tree25d5c558caaceb322fc3541d922fa56a1adb6d22
parent8d761fe81866f3efe760adf225c57da8ee9cbda8 (diff)
downloadandroid_external_dnsmasq-ffd68729961f7383f2e35494a03ccdef20f86c98.zip
android_external_dnsmasq-ffd68729961f7383f2e35494a03ccdef20f86c98.tar.gz
android_external_dnsmasq-ffd68729961f7383f2e35494a03ccdef20f86c98.tar.bz2
dnsmasq: Direct import of version 2.51
Signed-off-by: San Mehat <san@google.com>
-rwxr-xr-xCHANGELOG438
-rwxr-xr-xCHANGELOG.archive2509
-rwxr-xr-xCOPYING340
-rwxr-xr-xCOPYING-v3674
-rwxr-xr-xFAQ471
-rwxr-xr-xMakefile78
-rwxr-xr-xbld/Makefile17
-rwxr-xr-xbld/install-man9
-rwxr-xr-xbld/install-mo9
-rwxr-xr-xbld/pkg-wrapper11
-rwxr-xr-xcontrib/Solaris10/README28
-rwxr-xr-xcontrib/Solaris10/dnsmasq.xml65
-rwxr-xr-xcontrib/Suse/README6
-rwxr-xr-xcontrib/Suse/README.susefirewall27
-rwxr-xr-xcontrib/Suse/dnsmasq-SuSE.patch23
-rwxr-xr-xcontrib/Suse/dnsmasq-suse.spec111
-rwxr-xr-xcontrib/Suse/rc.dnsmasq-suse79
-rwxr-xr-xcontrib/dns-loc/README12
-rwxr-xr-xcontrib/dns-loc/dnsmasq2-loc-rfc1876.patch522
-rwxr-xr-xcontrib/dnslist/dhcp.css57
-rwxr-xr-xcontrib/dnslist/dnslist.pl608
-rwxr-xr-xcontrib/dnslist/dnslist.tt232
-rwxr-xr-xcontrib/dnsmasq_MacOSX/DNSmasq22
-rwxr-xr-xcontrib/dnsmasq_MacOSX/README.rtf42
-rwxr-xr-xcontrib/dnsmasq_MacOSX/StartupParameters.plist18
-rwxr-xr-xcontrib/dynamic-dnsmasq/dynamic-dnsmasq.pl249
-rwxr-xr-xcontrib/lease-access/README20
-rwxr-xr-xcontrib/lease-access/lease.access.patch578
-rwxr-xr-xcontrib/openvpn/README44
-rwxr-xr-xcontrib/openvpn/dhclient-enter-hooks30
-rwxr-xr-xcontrib/openvpn/dnsmasq.patch61
-rwxr-xr-xcontrib/port-forward/dnsmasq-portforward68
-rwxr-xr-xcontrib/port-forward/portforward28
-rwxr-xr-xcontrib/slackware-dnsmasq/dnsmasq.SlackBuild56
-rwxr-xr-xcontrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gzbin0 -> 435 bytes
-rwxr-xr-xcontrib/slackware-dnsmasq/doinst.sh.gzbin0 -> 302 bytes
-rwxr-xr-xcontrib/slackware-dnsmasq/rc.dnsmasq.gzbin0 -> 265 bytes
-rwxr-xr-xcontrib/slackware-dnsmasq/slack-desc19
-rwxr-xr-xcontrib/try-all-ns/README19
-rwxr-xr-xcontrib/try-all-ns/README-2.4711
-rwxr-xr-xcontrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch61
-rwxr-xr-xcontrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch17
-rwxr-xr-xcontrib/webmin/README54
-rwxr-xr-xcontrib/webmin/dnsmasq.wbmbin0 -> 174080 bytes
-rwxr-xr-xcontrib/wrt/Makefile6
-rwxr-xr-xcontrib/wrt/README81
-rwxr-xr-xcontrib/wrt/dhcp_lease_time.c214
-rwxr-xr-xcontrib/wrt/dhcp_release.c331
-rwxr-xr-xcontrib/wrt/lease_update.sh54
-rwxr-xr-xdbus/DBus-interface131
-rwxr-xr-xdbus/dnsmasq.conf14
-rwxr-xr-xdnsmasq.conf.example540
-rwxr-xr-xdoc.html113
-rwxr-xr-xman/dnsmasq.81290
-rwxr-xr-xman/es/dnsmasq.81310
-rwxr-xr-xman/fr/dnsmasq.81449
-rwxr-xr-xpo/de.po1462
-rwxr-xr-xpo/es.po1500
-rwxr-xr-xpo/fi.po1411
-rwxr-xr-xpo/fr.po1504
-rwxr-xr-xpo/id.po1727
-rwxr-xr-xpo/it.po1411
-rwxr-xr-xpo/no.po1508
-rwxr-xr-xpo/pl.po1420
-rwxr-xr-xpo/pt_BR.po1411
-rwxr-xr-xpo/ro.po1503
-rwxr-xr-xsetup.html231
-rwxr-xr-xsrc/bpf.c254
-rwxr-xr-xsrc/cache.c1317
-rwxr-xr-xsrc/config.h293
-rwxr-xr-xsrc/dbus.c436
-rwxr-xr-xsrc/dhcp.c1002
-rwxr-xr-xsrc/dnsmasq.c1287
-rwxr-xr-xsrc/dnsmasq.h885
-rwxr-xr-xsrc/forward.c1094
-rwxr-xr-xsrc/helper.c428
-rwxr-xr-xsrc/lease.c622
-rwxr-xr-xsrc/log.c419
-rwxr-xr-xsrc/netlink.c303
-rwxr-xr-xsrc/network.c874
-rwxr-xr-xsrc/option.c2990
-rwxr-xr-xsrc/rfc1035.c1604
-rwxr-xr-xsrc/rfc2131.c2332
-rwxr-xr-xsrc/tftp.c600
-rwxr-xr-xsrc/util.c514
85 files changed, 45398 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
new file mode 100755
index 0000000..89209d5
--- /dev/null
+++ b/CHANGELOG
@@ -0,0 +1,438 @@
+version 2.51
+ Add support for internationalised DNS. Non-ASCII characters
+ in domain names found in /etc/hosts, /etc/ethers and
+ /etc/dnsmasq.conf will be correctly handled by translation to
+ punycode, as specified in RFC3490. This function is only
+ available if dnsmasq is compiled with internationalisation
+ support, and adds a dependency on GNU libidn. Without i18n
+ support, dnsmasq continues to be compilable with just
+ standard tools. Thanks to Yves Dorfsman for the
+ suggestion.
+
+ Add two more environment variables for lease-change scripts:
+ First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
+ supplied by a client, even if the actual hostname used is
+ over-ridden by dhcp-host or dhcp-ignore-names directives.
+ Also DNSMASQ_RELAY_ADDRESS which gives the address of
+ a DHCP relay, if used.
+ Suggestions from Michael Rack.
+
+ Fix regression which broke echo of relay-agent
+ options. Thanks to Michael Rack for spotting this.
+
+ Don't treat option 67 as being interchangeable with
+ dhcp-boot parameters if it's specified as
+ dhcp-option-force.
+
+ Make the code to call scripts on lease-change compile-time
+ optional. It can be switched off by editing src/config.h
+ or building with "make COPTS=-DNO_SCRIPT".
+
+ Make the TFTP server cope with filenames from Windows/DOS
+ which use '\' as pathname separator. Thanks to Ralf for
+ the patch.
+
+ Updated Polish translation. Thanks to Jan Psota.
+
+ Warn if an IP address is duplicated in /etc/ethers. Thanks
+ to Felix Schwarz for pointing this out.
+
+ Teach --conf-dir to take an option list of file suffices
+ which will be ignored when scanning the directory. Useful
+ for backup files etc. Thanks to Helmut Hullen for the
+ suggestion.
+
+ Add new DHCP option named tftpserver-address, which
+ corresponds to the third argument of dhcp-boot. This
+ allows the complete functionality of dhcp-boot to be
+ replicated with dhcp-option. Useful when using
+ dhcp-optsfile.
+
+ Test which upstream nameserver to use every 10 seconds
+ or 50 queries and not just when a query times out and
+ is retried. This should improve performance when there
+ is a slow nameserver in the list. Thanks to Joe for the
+ suggestion.
+
+ Don't do any PXE processing, even for clients with the
+ correct vendorclass, unless at least one pxe-prompt or
+ pxe-service option is given. This stops dnsmasq
+ interfering with proxy PXE subsystems when it is just
+ the DHCP server. Thanks to Spencer Clark for spotting this.
+
+ Limit the blocksize used for TFTP transfers to a value
+ which avoids packet fragmentation, based on the MTU of the
+ local interface. Many netboot ROMs can't cope with
+ fragmented packets.
+
+ Honour dhcp-ignore configuration for PXE and proxy-PXE
+ requests. Thanks to Niels Basjes for the bug report.
+
+ Updated French translation. Thanks to Gildas Le Nadan.
+
+
+version 2.50
+ Fix security problem which allowed any host permitted to
+ do TFTP to possibly compromise dnsmasq by remote buffer
+ overflow when TFTP enabled. Thanks to Core Security
+ Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
+ Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
+ Pablo Annetta. This problem has Bugtraq id: 36121
+ and CVE: 2009-2957
+
+ Fix a problem which allowed a malicious TFTP client to
+ crash dnsmasq. Thanks to Steve Grubb at Red Hat for
+ spotting this. This problem has Bugtraq id: 36120 and
+ CVE: 2009-2958
+
+
+version 2.49
+ Fix regression in 2.48 which disables the lease-change
+ script. Thanks to Jose Luis Duran for spotting this.
+
+ Log TFTP "file not found" errors. These were not logged,
+ since a normal PXELinux boot generates many of them, but
+ the lack of the messages seems to be more confusing than
+ routinely seeing them when there is no real error.
+
+ Update Spanish translation. Thanks to Chris Chatham.
+
+
+version 2.48
+ Archived the extensive, backwards, changelog to
+ CHANGELOG.archive. The current changelog now runs from
+ version 2.43 and runs conventionally.
+
+ Fixed bug which broke binding of servers to physical
+ interfaces when interface names were longer than four
+ characters. Thanks to MURASE Katsunori for the patch.
+
+ Fixed netlink code to check that messages come from the
+ correct source, and not another userspace process. Thanks
+ to Steve Grubb for the patch.
+
+ Maintainability drive: removed bug and missing feature
+ workarounds for some old platforms. Solaris 9, OpenBSD
+ older than 4.1, Glibc older than 2.2, Linux 2.2.x and
+ DBus older than 1.1.x are no longer supported.
+
+ Don't read included configuration files more than once:
+ allows complex configuration structures without problems.
+
+ Mark log messages from the various subsystems in dnsmasq:
+ messages from the DHCP subsystem now have the ident string
+ "dnsmasq-dhcp" and messages from TFTP have ident
+ "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.
+
+ Fix possible infinite DHCP protocol loop when an IP
+ address nailed to a hostname (not a MAC address) and a
+ host sometimes provides the name, sometimes not.
+
+ Allow --addn-hosts to take a directory: all the files
+ in the directory are read. Thanks to Phil Cornelius for
+ the suggestion.
+
+ Support --bridge-interface on all platforms, not just BSD.
+
+ Added support for advanced PXE functions. It's now
+ possible to define a prompt and menu options which will
+ be displayed when a client PXE boots. It's also possible to
+ hand-off booting to other boot servers. Proxy-DHCP, where
+ dnsmasq just supplies the PXE information and another DHCP
+ server does address allocation, is also allowed. See the
+ --pxe-prompt and --pxe-service keywords. Thanks to
+ Alkis Georgopoulos for the suggestion and Guilherme Moro
+ and Michael Brown for assistance.
+
+ Improvements to DHCP logging. Thanks to Tom Metro for
+ useful suggestions.
+
+ Add ability to build dnsmasq without DHCP support. To do
+ this, edit src/config.h or build with
+ "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch.
+
+ Added --test command-line switch - syntax check
+ configuration files only.
+
+ Updated French translation. Thanks to Gildas Le Nadan.
+
+
+version 2.47
+ Updated French translation. Thanks to Gildas Le Nadan.
+
+ Fixed interface enumeration code to work on NetBSD
+ 5.0. Thanks to Roy Marples for the patch.
+
+ Updated config.h to use the same location for the lease
+ file on NetBSD as the other *BSD variants. Also allow
+ LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.
+
+ Handle duplicate address detection on IPv6 more
+ intelligently. In IPv6, an interface can have an address
+ which is not usable, because it is still undergoing DAD
+ (such addresses are marked "tentative"). Attempting to
+ bind to an address in this state returns an error,
+ EADDRNOTAVAIL. Previously, on getting such an error,
+ dnsmasq would silently abandon the address, and never
+ listen on it. Now, it retries once per second for 20
+ seconds before generating a fatal error. 20 seconds should
+ be long enough for any DAD process to complete, but can be
+ adjusted in src/config.h if necessary. Thanks to Martin
+ Krafft for the bug report.
+
+ Add DBus introspection. Patch from Jeremy Laine.
+
+ Update Dbus configuration file. Patch from Colin Walters.
+ Fix for this bug:
+ http://bugs.freedesktop.org/show_bug.cgi?id=18961
+
+ Support arbitrarily encapsulated DHCP options, suggestion
+ and initial patch from Samium Gromoff. This is useful for
+ (eg) gPXE, which expect all its private options to be
+ encapsulated inside a single option 175. So, eg,
+
+ dhcp-option = encap:175, 190, "iscsi-client0"
+ dhcp-option = encap:175, 191, "iscsi-client0-secret"
+
+ will provide iSCSI parameters to gPXE.
+
+ Enhance --dhcp-match to allow testing of the contents of a
+ client-sent option, as well as its presence. This
+ application in mind for this is RFC 4578
+ client-architecture specifiers, but it's generally useful.
+ Joey Korkames suggested the enhancement.
+
+ Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
+ OpenSolaris. Thanks to Bastian Machek for the heads-up.
+
+ No longer complain about blank lines in
+ /etc/ethers. Thanks to Jon Nelson for the patch.
+
+ Fix binding of servers to physical devices, eg
+ --server=/domain/1.2.3.4@eth0 which was broken from 2.43
+ onwards unless --query-port=0 set. Thanks to Peter Naulls
+ for the bug report.
+
+ Reply to DHCPINFORM requests even when the supplied ciaddr
+ doesn't fall in any dhcp-range. In this case it's not
+ possible to supply a complete configuration, but
+ individually-configured options (eg PAC) may be useful.
+
+ Allow the source address of an alias to be a range:
+ --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
+ subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
+ as before.
+ --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
+ maps only the 192.168.0.10->192.168.0.40 region. Thanks to
+ Ib Uhrskov for the suggestion.
+
+ Don't dynamically allocate DHCP addresses which may break
+ Windows. Addresses which end in .255 or .0 are broken in
+ Windows even when using supernetting.
+ --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means
+ 192.168.0.255 is a valid IP address, but not for Windows.
+ See Microsoft KB281579. We therefore no longer allocate
+ these addresses to avoid hard-to-diagnose problems.
+
+ Update Polish translation. Thanks to Jan Psota.
+
+ Delete the PID-file when dnsmasq shuts down. Note that by
+ this time, dnsmasq is normally not running as root, so
+ this will fail if the PID-file is stored in a root-owned
+ directory; such failure is silently ignored. To take
+ advantage of this feature, the PID-file must be stored in a
+ directory owned and write-able by the user running
+ dnsmasq.
+
+
+version 2.46
+ Allow --bootp-dynamic to take a netid tag, so that it may
+ be selectively enabled. Thanks to Olaf Westrik for the
+ suggestion.
+
+ Remove ISC-leasefile reading code. This has been
+ deprecated for a long time, and last time I removed it, it
+ ended up going back by request of one user. This time,
+ it's gone for good; otherwise it would need to be
+ re-worked to support multiple domains (see below).
+
+ Support DHCP clients in multiple DNS domains. This is a
+ long-standing request. Clients are assigned to a domain
+ based in their IP address.
+
+ Add --dhcp-fqdn flag, which changes behaviour if DNS names
+ assigned to DHCP clients. When this is set, there must be
+ a domain associated with each client, and only
+ fully-qualified domain names are added to the DNS. The
+ advantage is that the only the FQDN needs to be unique,
+ so that two or more DHCP clients can share a hostname, as
+ long as they are in different domains.
+
+ Set environment variable DNSMASQ_DOMAIN when invoking
+ lease-change script. This may be useful information to
+ have now that it's variable.
+
+ Tighten up data-checking code for DNS packet
+ handling. Thanks to Steve Dodd who found certain illegal
+ packets which could crash dnsmasq. No memory overwrite was
+ possible, so this is not a security issue beyond the DoS
+ potential.
+
+ Update example config dhcp option 47, the previous
+ suggestion generated an illegal, zero-length,
+ option. Thanks to Matthias Andree for finding this.
+
+ Rewrite hosts-file reading code to remove the limit of
+ 1024 characters per line. John C Meuser found this.
+
+ Create a net-id tag with the name of the interface on
+ which the DHCP request was received.
+
+ Fixed minor memory leak in DBus code, thanks to Jeremy
+ Laine for the patch.
+
+ Emit DBus signals as the DHCP lease database
+ changes. Thanks to Jeremy Laine for the patch.
+
+ Allow for more that one MAC address in a dhcp-host
+ line. This configuration tells dnsmasq that it's OK to
+ abandon a DHCP lease of the fixed address to one MAC
+ address, if another MAC address in the dhcp-host statement
+ asks for an address. This is useful to give a fixed
+ address to a host which has two network interfaces
+ (say, a laptop with wired and wireless interfaces.)
+ It's very important to ensure that only one interface
+ at a time is up, since dnsmasq abandons the first lease
+ and re-uses the address before the leased time has
+ elapsed. John Gray suggested this.
+
+ Tweak the response to a DHCP request packet with a wrong
+ server-id when --dhcp-authoritative is set; dnsmasq now
+ returns a DHCPNAK, rather than silently ignoring the
+ packet. Thanks to Chris Marget for spotting this
+ improvement.
+
+ Add --cname option. This provides a limited alias
+ function, usable for DHCP names. Thanks to AJ Weber for
+ suggestions on this.
+
+ Updated contrib/webmin with latest version from Neil
+ Fisher.
+
+ Updated Polish translation. Thanks to Jan Psota.
+
+ Correct the text names for DHCP options 64 and 65 to be
+ "nis+-domain" and "nis+-servers".
+
+ Updated Spanish translation. Thanks to Chris Chatham.
+
+ Force re-reading of /etc/resolv.conf when an "interface
+ up" event occurs.
+
+
+version 2.45
+ Fix total DNS failure in release 2.44 unless --min-port
+ specified. Thanks to Steven Barth and Grant Coady for
+ bugreport. Also reject out-of-range port spec, which could
+ break things too: suggestion from Gilles Espinasse.
+
+
+version 2.44
+ Fix crash when unknown client attempts to renew a DHCP
+ lease, problem introduced in version 2.43. Thanks to
+ Carlos Carvalho for help chasing this down.
+
+ Fix potential crash when a host which doesn't have a lease
+ does DHCPINFORM. Again introduced in 2.43. This bug has
+ never been reported in the wild.
+
+ Fix crash in netlink code introduced in 2.43. Thanks to
+ Jean Wolter for finding this.
+
+ Change implementation of min_port to work even if min-port
+ is large.
+
+ Patch to enable compilation of latest Mac OS X. Thanks to
+ David Gilman.
+
+ Update Spanish translation. Thanks to Christopher Chatham.
+
+
+version 2.43
+ Updated Polish translation. Thanks to Jan Psota.
+
+ Flag errors when configuration options are repeated
+ illegally.
+
+ Further tweaks for GNU/kFreeBSD
+
+ Add --no-wrap to msgmerge call - provides nicer .po file
+ format.
+
+ Honour lease-time spec in dhcp-host lines even for
+ BOOTP. The user is assumed to known what they are doing in
+ this case. (Hosts without the time spec still get infinite
+ leases for BOOTP, over-riding the default in the
+ dhcp-range.) Thanks to Peter Katzmann for uncovering this.
+
+ Fix problem matching relay-agent ids. Thanks to Michael
+ Rack for the bug report.
+
+ Add --naptr-record option. Suggestion from Johan
+ Bergquist.
+
+ Implement RFC 5107 server-id-override DHCP relay agent
+ option.
+
+ Apply patches from Stefan Kruger for compilation on
+ Solaris 10 under Sun studio.
+
+ Yet more tweaking of Linux capability code, to suppress
+ pointless wingeing from kernel 2.6.25 and above.
+
+ Improve error checking during startup. Previously, some
+ errors which occurred during startup would be worked
+ around, with dnsmasq still starting up. Some were logged,
+ some silent. Now, they all cause a fatal error and dnsmasq
+ terminates with a non-zero exit code. The errors are those
+ associated with changing uid and gid, setting process
+ capabilities and writing the pidfile. Thanks to Uwe
+ Gansert and the Suse security team for pointing out
+ this improvement, and Bill Reimers for good implementation
+ suggestions.
+
+ Provide NO_LARGEFILE compile option to switch off largefile
+ support when compiling against versions of uclibc which
+ don't support it. Thanks to Stephane Billiart for the patch.
+
+ Implement random source ports for interactions with
+ upstream nameservers. New spoofing attacks have been found
+ against nameservers which do not do this, though it is not
+ clear if dnsmasq is vulnerable, since to doesn't implement
+ recursion. By default dnsmasq will now use a different
+ source port (and socket) for each query it sends
+ upstream. This behaviour can suppressed using the
+ --query-port option, and the old default behaviour
+ restored using --query-port=0. Explicit source-port
+ specifications in --server configs are still honoured.
+
+ Replace the random number generator, for better
+ security. On most BSD systems, dnsmasq uses the
+ arc4random() RNG, which is secure, but on other platforms,
+ it relied on the C-library RNG, which may be
+ guessable and therefore allow spoofing. This release
+ replaces the libc RNG with the SURF RNG, from Daniel
+ J. Berstein's DJBDNS package.
+
+ Don't attempt to change user or group or set capabilities
+ if dnsmasq is run as a non-root user. Without this, the
+ change from soft to hard errors when these fail causes
+ problems for non-root daemons listening on high
+ ports. Thanks to Patrick McLean for spotting this.
+
+ Updated French translation. Thanks to Gildas Le Nadan.
+
+
+version 2.42
+ The changelog for version 2.42 and earlier is
+ available in CHANGELOG.archive.
diff --git a/CHANGELOG.archive b/CHANGELOG.archive
new file mode 100755
index 0000000..c9973cc
--- /dev/null
+++ b/CHANGELOG.archive
@@ -0,0 +1,2509 @@
+release 0.4 - initial public release
+
+release 0.5 - added caching, removed compiler warning on linux PPC
+
+release 0.6 - TCP handling: close socket and return to connect state if we
+ can't read the first byte. This corrects a problem seen very
+ occasionally where dnsmasq would loop using all available CPU.
+
+ Added a patch from Cris Bailiff <c.bailiff@e-secure.com.au>
+ to set SO_REUSEADDR on the tcp socket which stops problems when
+ dnsmasq is restarted and old connections still exist.
+
+ Stopped claiming in doc.html that smail is the default Debian
+ mailer, since it isn't any longer. (Pointed out by
+ David Karlin <dkarlin@coloradomtn.edu>)
+
+release 0.7 Create a pidfile at /var/run/dnsmasq.pid
+
+ Extensive armouring against "poison packets" courtesy of
+ Thomas Moestl <tmoestl@gmx.net>
+
+ Set sockaddr.sa_family on outgoing address, patch from
+ David Symonds <xoxus@usa.net>
+
+ Patch to clear cache on SIGHUP
+ from Jason L. Wagner <nialscorva@yahoo.com>
+
+ Fix bad bug resulting from not initialising value-result
+ address-length parameter to recvfrom() and accept() - it
+ worked by luck before!
+
+release 0.95 Major rewrite: remove calls to gethostbyname() and talk
+ directly to the upstream server(s) instead.
+ This has many advantages.
+ (1) Dnsmasq no longer blocks during long lookups.
+ (2) All query types are handled now, (eg MX) not just internet
+ address queries. Addresses are cached, all other
+ queries are forwarded directly.
+ (3) Time-to-live data from upstream server is read and
+ used by dnsmasq to purge entries from the cache.
+ (4) /etc/hosts is still read and its contents served (unless
+ the -h option is given).
+ (5) Dnsmasq can get its upstream servers from
+ a file other than /etc/resolv.conf (-r option) this allows
+ dnsmasq to serve names to the machine it is running
+ on (put nameserver 127.0.0.1 in /etc/resolv.conf and
+ give dnsmasq the option -r /etc/resolv.dnsmasq)
+ (6) Dnsmasq will re-read its servers if the
+ modification time of resolv.conf changes. Along with
+ 4 above this allows nameservers to be set
+ automatically by ppp or dhcp.
+
+ A really clever NAT-like technique allows the daemon to have lots
+ of queries in progress, but still remain very lightweight.
+ Dnsmasq has a small footprint and normally doesn't allocate
+ any more memory after start-up. The NAT-like forwarding was
+ inspired by a suggestion from Eli Chen <eli@routefree.com>
+
+release 0.96 Fixed embarrasing thinko in cache linked-list code.
+
+release 0.98 Some enhancements and bug-fixes.
+ Thanks to "Denis Carre" <denis.carre@laposte.net> and Martin
+ Otte <otte@essc.psu.edu>
+
+ (1) Dnsmasq now always sets the IP source address
+ of its replies correctly. Older versions would not always
+ do this on multi-homed and IP aliased hosts, which violates
+ the RFC.
+ (2) Dnsmasq no longer crashes if a server loop is created
+ (ie dnsmasq is told to use itself as an upstream server.)
+ Now it just logs the problem and doesn't use the bad
+ server address.
+ (3) Dnsmasq should now forward (but not cache) inverse queries
+ and server status queries; this feature has not been tested.
+ (4) Don't write the pid file when in non-daemon mode.
+ (5) Create the pid file mode 644, rather then 666 (!).
+ (6) Generate queries to upstream nameservers with unpredictable
+ ids, to thwart DNS spoofers.
+ (7) Dnsmasq no longer forwards queries when the
+ "recursion desired" bit is not set in the header.
+ (8) Fixed getopt code to work on compliers with unsigned char.
+
+release 0.991 Added -b flag: when set causes dnsmasq to always answer
+ reverse queries on the RFC 1918 private IP space itself and
+ never forward them to an upstream server. If the name is not in
+ /etc/hosts, dnsmasq replies with the dotted-quad address.
+
+ Fixed a bug which stopped dnsmasq working on a box with
+ two or more interfaces with the same IP address.
+
+ Fixed cacheing of CNAMEs. Previously, a CNAME which pointed
+ to a name with many A records would not have all the addresses
+ returned when being answered from the cache.
+
+ Thanks to "Steve Hardy" <s.a.hardy@connectux.com> for his input
+ on these fixes.
+
+ Fixed race which could cause dnsmasq to miss the second of
+ two closely-spaced updates of resolv.conf (Thanks to Eli Chen
+ for pointing this out.)
+
+ Fixed a bug which could cause dnsmasq to fail to cache some
+ dns names.
+
+release 0.992 Small change to memory allocation so that names in /etc/hosts
+ don't use cache slots. Also make "-c 0" flag meaningfully
+ disable caching completely.
+
+release 0.993 Return only the first (canonical) name from an entry in
+ /etc/hosts as reply to reverse query.
+
+ Handle wildcard queries for names/addresses in /etc/hosts
+ this is mainly to allow reverse lookups by dig to succeed.
+ (Bug reported by Simon J. Rowe" <srowe@mose.org.uk>)
+
+ Subtle change to the logic which selects which of multiple
+ upstream servers we send queries to. This fixes a problem
+ where dnsmasq continuously sends queries to a server which
+ is returning error codes and ignores one which is working.
+
+release 0.994 Fixed bug which broke lookup of names in /etc/hosts
+ which have upper-case letters in them. Thanks for Joao Clemente
+ for spotting that one.
+
+ Output cache statistics on receipt of SIGUSR1. These go
+ to syslog except in debug (-d) mode, when a complete cache
+ dump goes to stdout. Suggestion from Joao Clemente, code
+ based in John Volpe's.
+
+ Accept GNU long options on the command line. Code from
+ John Volpe for this.
+
+ Split source code into multiple files and produced
+ a proper makefile.
+
+ Included code from John Volpe to parse dhcp.leases file
+ written by ISC dhcpd. The hostnames in the leases file are
+ added to the cache and updated as dhcpd updates the
+ leases file. The code has been heavily re-worked by me,
+ so any bugs are probably mine.
+
+release 0.995 Small tidy-ups to signal handling and cache code.
+
+release 0.996 Added negative caching: If dnsmasq gets a "no such domain" reply
+ from an upstream nameserver, it will cache that information
+ for a time specified by the SOA RR in the reply. See RFC 2308
+ for details. This is useful with resolver libraries
+ which append assorted suffices to non-FQDN in an attempt to
+ resolve them, causing useless cache misses.
+
+ Added -i flag, which restricts dnsmasq to offering name service
+ only on specified interfaces.
+
+release 0.997 Deleted INSTALL script and added "install" target to makefile.
+
+ Stopped distributing binaries in the tarball to avoid
+ libc version clashes.
+
+ Fixed interface detection code to
+ remove spurious startup errors in rare circumstances.
+
+ Dnsmasq now changes its uid, irrevocably, to nobody after
+ startup for security reasons. Thanks to Peter Bailey for
+ this patch.
+
+ Cope with infinite DHCP leases. Patch thanks to
+ Yaacov Akiba Slama.
+
+ Added rpm control files to .tar.gz distribution. Thanks to
+ Peter Baldwin at ClarkConnect for those.
+
+ Improved startup script for rpms. Thanks to Yaacov Akiba Slama.
+
+release 1.0 Stable release: dnsmasq is now considered feature-complete
+ and stable.
+
+release 1.1 Added --user argument to allow user to change to
+ a different userid.
+
+ Added --mx-target argument to allow mail to be delivered
+ away from the gateway machine running dnsmasq.
+
+ Fixed highly obscure bug with wildcard queries for
+ DHCP lease derived names.
+
+ Moved manpage from section 1 to section 8.
+
+ Added --no-poll option.
+ Added Suse-rpm support.
+ Thanks to Joerg Mayer for the last two.
+
+release 1.2 Added IPv6 DNS record support. AAAA records are cached
+ and read from /etc/hosts. Reverse-lookups in the
+ ip6.int and ip6.arpa domains are suppored. Dnsmasq can
+ talk to upstream servers via IPv6 if it finds IP6 addresses
+ in /etc/resolv.conf and it offers DNS service automatically
+ if IPv6 support is present in the kernel.
+
+ Extended negative caching to NODATA replies.
+
+ Re-vamped CNAME processing to cope with RFC 2317's use of
+ CNAMES to PTR RRs in CIDR.
+
+ Added config.h and a couple of symbols to aid
+ compilation on non-linux systems.
+
+release 1.3 Some versions of the Linux kernel return EINVAL rather
+ then ENPROTONOSUPPORT when IPv6 is not available,
+ causing dnsmasq to bomb out. This release fixes that.
+ Thanks to Steve Davis for pointing this one out.
+
+ Trivial change to startup logic so that dnsmasq logs
+ its stuff and reads config files straight away on
+ starting, rather than after the first query - principle
+ of least surprise applies here.
+
+release 1.4 Fix a bug with DHPC lease parsing which broke in
+ non-UTC timezones. Thanks to Mark Wormgoor for
+ spotting and diagnosing this. Fixed versions in
+ the .spec files this time. Fixed bug in Suse startup
+ script. Thanks to Didi Niklaus for pointing this out.
+
+release 1.5 Added --filterwin2k option which stops dnsmasq from forwarding
+ "spam" queries from win2k boxes. This is useful to stop spurious
+ connections over dial-on-demand links. Thanks to Steve Hardy
+ for this code.
+
+ Clear "truncated" bit in replies we return from upstream. This
+ stops resolvers from switching to TCP, which is pointless since
+ dnsmasq doesn't support TCP. This should solve problems
+ in resolving hotmail.com domains.
+
+ Don't include getopt.h when Gnu-long-options are disabled -
+ hopefully this will allow compilation on FreeBSD.
+
+ Added the --listen-address and --pid-file flags.
+
+ Fixed a bug which caused old entries in the DHCP leases file
+ to be used in preference to current ones under certain
+ circumstances.
+
+release 1.6 If a machine gets named via DHCP and the DHCP name doesn't have
+ a domain part and domain suffix is set using the -s flag, then
+ that machine has two names with the same address, with and
+ without the domain suffix. When doing a _reverse_ lookup to
+ get the name, the "without suffix" name used to be returned,
+ now the "with suffix" one gets returned instead. This change
+ suggested by Arnold Schulz.
+
+ Fixed assorted typos in the documentation. Thanks
+ to David Kimdon.
+
+ Subtle rearrangement to the downloadable tarball, and stopped
+ distributing .debs, since dnsmasq is now an official Debian
+ package.
+
+release 1.7 Fix a problem with cache not clearing properly
+ on receipt of SIGHUP. Bug spotted by Sat Deshpande.
+
+ In group-id changing code:
+ 1) Drop supplimentary groups.
+ 2) Change gid before dropping root (patch from Soewono Effendi.)
+ 3) Change group to "dip" if it exists, to allow access
+ to /etc/ppp/resolv.conf (suggestion from Jorg Sommer.)
+ Update docs to reflect above changes.
+
+ Other documentation changes from David Miller.
+ Added suggested script fragment for dhcpcd.exe.
+
+release 1.8 Fix unsafe use of tolower() macro - allows linking against
+ ulibc. (Patches from Soewono Effendi and Bjorn Andersson.)
+
+ Fix typo in usage string.
+
+ Added advice about RedHat PPP configuration to
+ documentation. (Thanks to C. Lee Taylor.)
+
+ Patches to fix problems on BSD systems from Marc Huber
+ and Can Erkin Acar. These add the options
+ HAVE_ARC4RANDOM and HAVE_SOCKADDR_SA_LEN to config.h.
+ Elaborated config.h - should really use autoconf.
+
+ Fix time-to-live calculation when chasing CNAMEs.
+
+ Fix use-after-free and missing initialisation bugs in
+ the cache code. (Thanks to Marc Huber.)
+
+ Builds on Solaris 9. (Thanks to Marc Huber.)
+
+release 1.9 Fixes to rpm .spec files.
+
+ Don't put expired DHCP entries into the cache only to
+ throw them away again.
+
+ Put dnsmasq on a severe memory diet: this reduces both
+ the amount of heap space used and the stack size
+ required. The difference is not really visible with
+ bloated libcs like glibc, but should dramatically reduce
+ memory requirements when linked against ulibc for use on
+ embeded routers, and that's the point really. Thanks to
+ Matthew Natalier for prompting this.
+
+ Changed debug mode (-d) so that all logging appears on
+ stderr as well as going to syslogd.
+
+ Added HAVE_IPV6 config symbol to allow compilation
+ against a libc which doesn't have IPv6 support.
+
+ Added a facility to log all queries, enabled with -q flag.
+
+ Fixed packet size checking bug in address extraction code.
+
+ Halved default cache size - 300 was way OTT in typical use.
+
+ Added self-MX function, enabled by -e flag. Thanks to
+ Lyonel Vincent for the patch.
+
+ Added HAVE_FORK config symbol and stuff to support
+ uClinux. Thanks to Matthew Natalier for uClinux stuff.
+
+release 1.10 Log warnings if resolv.conf or dhcp.leases are not
+ accessable for any reason, as suggested by Hinrich Eilts.
+
+ Fixed wrong address printing in error message about
+ no interface with address.
+
+ Updated docs and split installation instuctions into setup.html.
+
+ Fix bug in CNAME chasing code: One CNAME pointing
+ to many A records would lose A records after the
+ first. This bug was introduced in version 1.9.
+
+ Log startup failures at level Critical as well as
+ printing them to standard error.
+ Exit with return code 1 when given bad options.
+
+ Cleaned up code for no-cache operation.
+
+ Added -o option which forces dnsmasq to use to
+ upstream servers in the order they appear in /etc/resolv.conf.
+
+ Added upstream server use logging.
+
+ Log full cache dump on receipt of SIGUSR1 when query
+ logging is enabled (-q switch).
+
+ Added -S option to directly specify upstream servers and
+ added ability to direct queries for specific domains to
+ specfic servers. Suggested by Jens Vonderheide.
+
+ Upgraded random ID generation - patch from Rob Funk.
+
+ Fixed reading of domains in arguments with capital
+ letters or trailing periods.
+
+ Fixed potential SEGV when given bad options.
+
+ Read options from /etc/dnsmasq.conf if it exists.
+ Do sensible things with missing parameters, eg
+ "--resolv-file=" turns off reading /etc/resolv.conf.
+
+release 1.11 Actually implement the -R flag promised in the 1.10 man page.
+
+ Improve and rationalise the return codes in answers to
+ queries. In the case that there are no available
+ upstream servers to forward a query to, return REFUSED.
+ This makes sendmail work better on modem connected
+ systems when the modem link is down (Thanks to Roger Plant).
+ Cache and return the NXDOMAIN status of failed queries:
+ this makes the `host` command work when traversing search
+ paths (Thanks to Peter Bailey). Set the "authoritative"
+ bit in replies containing names from /etc/hosts or DHCP.
+
+ Tolerate MS-DOS style line ending codes in /etc/hosts
+ and /etc/resolv.conf, for people who copy from winsock
+ installations.
+
+ Allow specification of more than one resolv.conf file. This is
+ intended for laptops which connect via DHCP or
+ PPP. Whichever resolv.conf was updated last is used.
+
+ Allow -S flags which specify a domain but no server
+ address. This gives local domains which are never forwarded.
+
+ Add -E flag to automatically add the domain suffix to
+ names in /etc/hosts -suggestion from Phil Harman.
+
+ Always return a zero time-to-live for names derived from
+ DHCP which stops anthing else caching these
+ names. Previously the TTL was derived from the lease
+ time but that is incorrect since a lease can be given
+ up early: dnsmasq would know this but anything with the
+ name cached with long TTL would not be updated.
+
+ Extended HAVE_IPV6 config flag to allow compliation on
+ old systems which don't have modern library routines
+ like inet_ntop(). Thanks to Phil Harman for the patch.
+
+release 1.12 Allow more than one domain in server config lines and
+ make "local" a synonym for "server". This makes things
+ like "local=/localnet/thekelleys.org.uk/" legal. Allow
+ port to specified as part of server address.
+
+ Allow whole domains to have an IP address specified
+ in /etc/dnsmasq.conf. (/etc/hosts doesn't work domains).
+ address=/doubleclick.net/127.0.0.1 should catch all
+ those nasty banner ads. Inspired by a patch
+ from Daniel Gryniewicz
+
+ Log the source of each query when logging switched on.
+
+ Fix bug in script fragment for dhcpcd - thanks to Barry Stewart.
+
+ Fix bug which meant that strict-order and self-mx were
+ always enabled.
+
+ Builds with Linux libc5 now - for the Freesco project.
+
+ Fixed Makefile installation script (patch from Silvan
+ Minghetti) and added CC and CFLAGS variables.
+
+ Improve resource allocation to reduce vulnerability to
+ DOS attacks - the old version could have all queries
+ blocked by a continuous high-speed stream of
+ queries. Now some queries will succeed, and the excess
+ will be rejected with a server fail error. This change also
+ protects against server-loops; setting up a resolving
+ loop between two instances of dnsmasq is no longer
+ catastrophic. The servers will continue to run, looped
+ queries fail and a warning is logged. Thanks to C. Lee
+ Taylor for help with this.
+
+release 1.13 Added support for building rpms suitable for modern Suse
+ systems. (patch from Andi <cambeis@netplace.de>)
+
+ Added options --group, --localmx, --local-ttl,
+ --no-negcache, --addn-host.
+
+ Moved all the various rpm-building bits into /rpm.
+
+ Fix builds with glibc 2.1 (thanks to Cristian
+ Ionescu-Idbohrn)
+
+ Preserve case in domain names, as per RFC1035.
+
+ Fixed ANY queries to domains with --address specification.
+
+ Fixed FreeBSD build. (thanks to Steven Honson)
+
+ Added -Q option which allows a specified port to be used
+ to talk to upstream servers. Useful for people who want
+ very paranoid firewalls which open individual UDP port.
+ (thanks to David Coe for the patch)
+
+release 1.14 Fixed man page description of -b option which confused
+ /etc/hosts with /etc/resolv.conf. (thanks to Christopher
+ Weimann)
+
+ Fixed config.h to allow building under MACOS X and glibc
+ 2.0.x. (thanks to Matthew Gregan and Serge Caron)
+
+ Added --except-interface option. (Suggested by Serge Caron)
+
+ Added SIGUSR2 facility to re-scan for new
+ interfaces. (Suggested by Serge Caron)
+
+ Fixed SEGV in option-reading code for invalid options.
+ (Thanks to Klaas Teschauer)
+
+ Fixed man page to clarify effect of SIGUSR1 on
+ /etc/resolv.conf.
+ (Thanks to Klaas Teschauer)
+
+ Check that recieved queries have only rfc1035-legal characters
+ in them. This check is mainly to avoid bad strings being
+ sent to syslog.
+
+ Fixed &&/& confusion in option.c and added DESTDIR
+ variable for "make install" (Thanks to Osvaldo
+ Marques for the patch.)
+
+ Fixed /etc/hosts parsing code to cope with MS-DOS
+ line-ends in the file. This was supposed to be done in
+ version 1.11, but something got missed. (Thanks to Doug
+ Copestake for helping to find this.)
+
+ Squash repeated name/address pairs read from hosts
+ files.
+
+ Tidied up resource handling in util.c (Thanks to
+ Cristian Ionescu-Idbohrn).
+
+ Added hashed searching of domain names. People are starting
+ to use dnsmasq with larger loads now, and bigger caches,
+ and large lists of ad-block addresses. This means doing
+ linear searches can start to use lots of CPU so I added hashed
+ searching and seriously optimised the cache code for
+ algorithmic efficiency. Also upped the limit on cache
+ size to 10000.
+
+ Fixed logging of the source of names from the additional
+ hosts file and from the "bogus private address" option.
+
+ Fixed spurious re-reading of empty lease files. (Thanks
+ to Lewis Baughman for spotting this.)
+
+ Fixed building under uclibc (patch from Cristian Ionescu-Idbohrn)
+
+ Do some socket tweaking to allow dnsmasq to co-exist
+ with BIND. Thanks to Stefan 'Sec' Zehl for the patch.
+
+release 1.15 Added --bogus-nxdomain option.
+
+ Restrict checking of resolv.conf and DHCP leases files
+ to once per second. This is intended to improve
+ performance under heavy loads. Also make a system call
+ to get the current time once per query, rather than four
+ times.
+
+ Increased number of outstanding queries to 150 in
+ config.h
+
+release 1.16 Allow "/" characters in domain names - this fixes
+ caching of RFC 2317 CNAME-PTR records.
+
+ Fixed brain-fart in -B option when GETOPT_LONG not
+ enabled - thanks to Steven Young and Jason Miller
+ for pointing this out.
+
+ Generalised bogus-nxdomain code: allow more than one
+ address to check, and deal with replies with multiple
+ answer records. (Based on contribution from Humberto
+ Massa.)
+
+ Updated the documentation to include information about
+ bogus-nxdomain and the Verisign tragedy.
+
+ Added libraries needed on Solaris to Makefile.
+
+ Added facility to set source address in queries to
+ upstream nameservers. This is useful with multihomed
+ hosts, especially when using VPNs. Thanks to Tom Fanning
+ for suggesting this feature.
+
+ Tweaked logging: log to facility LOCAL0 when in
+ debug/no-daemon mode and changed level of query logging
+ from INFO to DEBUG. Make log options controllable in
+ config.h
+
+release 1.17 Fixed crash with DHCP hostnames > 40 characters.
+
+ Fixed name-comparision routines to not depend on Locale,
+ in theory this versions since 1.15 could lock up or give
+ wrong results when run with locale != 'C'.
+
+ Fix potential lockup in cache code. (thanks to Henning
+ Glawe for help chasing this down.)
+
+ Made lease-file reader bullet-proof.
+
+ Added -D option, suggested by Peter Fichtner.
+
+release 1.18 Added round-robin DNS for names which have more than one
+ address. In this case all the addresses will be
+ returned, as before, but the order will change on each
+ query.
+
+ Remove stray tolower() and isalnum() calls missed in
+ last release to complete LOCALE independence.
+
+ Allow port numbers in source-address specifications.
+
+ For hostnames without a domain part which don't get
+ forwarded because -D is in effect, return NXDOMAIN not
+ an empty reply.
+
+ Add code to return the software version in repsonse to the
+ correct magic query in the same way as BIND. Use
+ "dig version.bind chaos txt" to make the query.
+
+ Added negative caching for PTR (address to name) records.
+
+ Ensure that names of the form typically used in PTR queries
+ (ie w.x.yz.in-addr.arpa and IPv6 equivalents) get
+ correct answers when queried as other types. It's
+ unlikely that anyone would do this, but the change makes
+ things pedantically correct.
+
+ Taught dnsmasq to understand "bitstring" names, as these
+ are used for PTR lookups of IPv6 addresses by some
+ resolvers and lookup tools. Dnsmasq now understands both
+ the ip6.int domain and the ip6.arpa domain and both
+ nibble and bitstring formats so it should work with any
+ client code. Standards for this stuff have flip-flopped
+ over the last few years, leaving many different clients
+ in their wake. See RFC2673 for details of bitstrings.
+
+ Allow '_' characters in domain names: Legal characters
+ are now [a-z][A-Z].-_ Check names read from hosts files
+ and leases files and reject illegal ones with a message
+ in syslog.
+
+ Make empty domain names in server and address options
+ have the special meaning "unqualified
+ names". (unqualified names are names without any dots in
+ them). It's now possible to do server=//1.2.3.4 and have
+ unqualified names sent to a special nameserver.
+
+release 2.0rc1
+ Moved source code into src/ directory.
+
+ Fixes to cure compilation breakage when HAVE_IPV6 not
+ set, thanks to Claas Hilbrecht.
+
+ BIG CHANGE: added an integrated DHCP server and removed
+ the code to read ISC dhcp.leases. This wins in terms
+ of ease of setup and configuration flexibility and
+ total machine resources consumed.
+
+ Re-jiged the signal handling code to remove a race
+ condition and to be more portable.
+
+release 2.0
+ Thanks to David Ashworth for feedback which informed many
+ of the fixes below.
+
+ Allow hosts to be specified by client ID in dhcp-hosts
+ options. These are now one of
+ dhcp-host=<hardware addr>,....
+ dhcp-host=id:<hex client id>,.....
+ dhcp-host=id:<ascii client id>,.....
+
+ Allow dhcp-host options to specify any IP address on the
+ DHCP-served network, not just the range available for
+ dynamic allocation.
+
+ Allow dhcp-host options for the same host with different
+ IP adresses where the correct one will be selected for
+ the network the host appears on.
+
+ Fix parsing of --dhcp-option to allow more than one
+ IP address and to allow text-type options.
+
+ Inhibit use of --dhcp-option to send hostname DHCP options.
+
+ Update the DNS with DHCP information after re-reading
+ /etc/hosts so that any DHCP derived names which have been
+ shadowed by now-deleted hosts entries become visible.
+
+ Fix typos in dnsmasq.conf.example
+
+ Fixes to Makefile(s) to help pkgsrc packaging - patch
+ from "pancake".
+
+ Add dhcp-boot option to support network boot.
+
+ Check for duplicate IP addresses in dhcp-hosts lines
+ and refuse to run if found. If allowed to remain these
+ can provoke an infinite loop in the DHCP protocol.
+
+ Attempted to rationalise the .spec files for rpm
+ building. There are now files for Redhat, Suse and
+ Mandrake. I hope they work OK.
+
+ Fixed hard-to-reproduce crash involving use of local
+ domains and IPv6 queries. Thanks to Roy Marples for
+ helping to track that one down.
+
+release 2.1
+ Thanks to Matt Swift and Dag Wieers for many suggestions
+ which went into this release.
+
+ Tweak include files to allow compilation on FreeBSD 5
+
+ Fix unaligned access warnings on BSD/Alpha.
+
+ Allow empty DHCP options, like so: dhpc-option=44
+
+ Allow single-byte DHCP options like so: dhcp-option=20,1
+
+ Allow comments on the same line as options in
+ /etc/dnsmasq.conf
+
+ Don't complain when the same name and address is
+ allocated to a host using DHCP and /etc/hosts.
+
+ Added to the example configuration the dnsmasq equivalent
+ of the ISC dhcpd settings given in
+ http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
+
+ Fixed long-existing strangeness in Linux IPv6 interface
+ discovery code. The flags field in /proc/net/if_inet6 is
+ _not_ the interface flags.
+
+ Fail gracefully when getting an ENODEV error when trying
+ to bind an IPv6 socket, rather than bailing out. Thanks
+ to Jan Ischebeck for feedback on that.
+
+ Allow the name->address mapping for static DHCP leases to
+ be set by /etc/hosts. It's now possible to have
+ dhcp-host=<mac addr>,wibble
+ or even
+ dhcp-host=wibble
+ and in /etc/hosts have
+ wibble 1.2.3.4
+ and for the correct thing to happen. Note that some sort
+ of dhcp-host line is still needed, it's not possible for
+ random host to claim an address in /etc/hosts without
+ some explicit configuration.
+
+ Make 0.0.0.0 in a dhcp-option to mean "the machine
+ running dnsmasq".
+
+ Fix lease time spec when specified in dhcp-range and not
+ in dhcp-host, previously this was always one hour.
+
+ Fix problem with setting domains as "local only". -
+ thanks to Chris Schank.
+
+ Added support for max message size DHCP option.
+
+release 2.2
+ Fix total lack for DHCP functionality on
+ Linux systems with IPv6 enabled. - thanks to
+ Jonathon Hudson for spotting that.
+
+ Move default config file under FreeBSD - patch from
+ Steven Honson
+
+release 2.3
+ Fix "install" makefile target. (reported by Rob Stevens)
+
+ Ensure that "local=/domain/" flag is obeyed for all
+ queries on a domain, not just A and AAAA. (Reported by
+ Peter Fichtner.)
+
+ Handle DHCPDECLINE messages and provide an error message
+ in DHCPNAK messages.
+
+ Add "domain" setting example to
+ dnsmasq.conf.example. Thanks to K P Kirchdorfer for
+ spotting that it was missing.
+
+ Subtle change to the DHCPREQUEST handling code to work
+ around a bug in the DHCP client in HP Jetdirect printers.
+ Thanks to Marko Stolle for finding this problem.
+
+ Return DHCP T1 and T2 times, with "fuzz" to desychronise lease
+ renewals, as specified in the RFC.
+
+ Ensure that the END option is always present in DHCP
+ packets , even if the packet is too small to fit all
+ the requested options.
+
+ Handle larger-than-default DHCP packets if required, up
+ to the ethernet MTU.
+
+ Fix a couple of places where the return code from
+ malloc() was not checked.
+
+ Cope with a machine taking a DHCP lease and then moving
+ network so that the lease address is no longer valid.
+
+ The DHCP server will now work via a BOOTP relay - remote
+ networks are configured with the dhcp-range option the
+ same as directly connected ones, but they need an
+ additional netmask parameter. Eg
+ --dhcp-range=192.168.4.10,192.168.4.50,255.255,255.0
+ will enable DHCP service via a BOOTP relay on the
+ 192.168.4.0 network.
+
+ Add a limit on the number of available DHCP leases,
+ otherwise the daemon could be DOSed by a malicious
+ host. The default is 150, but it can be changed by the
+ dhcp-lease-max option.
+
+ Fixed compilation on OpenBSD (thanks to Frederic Brodbeck
+ for help with that.)
+
+ Reworked the DHCP network handling code for two good
+ effects: (1) The limit of one network only for DHCP on
+ FreeBSD is now gone, (2) The DHCP server copes with
+ dynamically created interfaces. The one-interface
+ limitation remains for OpenBSD, which is missing
+ extensions to the socket API which have been in Linux
+ since version 2.2 and FreeBSD since version 4.8.
+
+ Reworked the DNS network code to also cope with
+ dynamically created interfaces. dnsmasq will now listen
+ to the wildcard address and port 53 by default, so if no
+ --interface or --address options are given it will handle
+ dynamically created interfaces. The old behaviour can be
+ restored with --bind-interfaces for people running BIND
+ on one interface and dnsmasq on another. Note that
+ --interface and --address options still work, but the
+ filtering is done by dnsmasq, rather then the kernel.
+ This works on Linux, and FreeBSD>=5.0. On systems which
+ don't support the required API extensions, the old
+ behaviour is used, just as if --bind-interfaces had been set.
+
+ Allow IPv6 support to be disabled at compile time. To do
+ that, add -DNO_IPV6 to the CFLAGS. Thanks to Oleg
+ I. Vdovikin for the suggestion to do that.
+
+ Add ability to set DHCP options per network. This is done
+ by giving a network an identifier like this:
+ dhcp-range=red-net,192.168.0.10,192.168.0.50
+ and then labeling options intended for that network only
+ like this:
+ dhcp-option=red-net,6,1.1.1.1
+ Thanks to Oleg Vdovikin for arguing that one through.
+
+ Made errors in the configuration file non-fatal: dnsmasq
+ will now complain bitterly, but continue.
+
+ Added --read-ethers option, to allow dnsmasq to pull
+ static DHCP information from that file.
+ Thanks to Andi Cambeis for that suggestion.
+
+ Added HAVE_BROKEN_RTC compilation option to support
+ embedded systems without a stable RTC. Oleg Vdovikin
+ helped work out how to make that work.
+
+release 2.4
+ Fixed inability to start when the lease file doesn't
+ already exist. Thanks to Dag Wieers for reporting that.
+
+ Fixed problem were dhcp-host configuration options did
+ not play well with entries in /etc/ethers for the same
+ host. Thanks again to Dag Wieers.
+
+ Tweaked DHCP code to favour moving to a newly-configured
+ static IP address rather than an old lease when doing
+ DHCP allocation.
+
+ Added --alias configuration option. This provides IPv4
+ rewrite facilities like Cisco "DNS doctoring". Suggested
+ by Chad Skeeters.
+
+ Fixed bug in /etc/ethers parsing code triggered by tab
+ characters. Qudos to Dag Wieers for hepling to nail that
+ one.
+
+ Added "bind-interfaces" option correctly.
+
+release 2.5
+ Made "where are we allocating addresses?" code in DHCP
+ server cope with requests via a relay which is on a
+ directly connected network for which there is not a
+ configured netmask. This strange state of affairs occurs
+ with win4lin. Thanks to Alex Melt and Jim Horner for bug
+ reports and testing with this.
+
+ Fixed trivial-but-irritating missing #include which broke
+ compilation on *BSD.
+
+ Force --bind-interfaces if IP-aliased interface
+ specifications are used, since the sockets API provides
+ no other sane way to determine which alias of an
+ interface a packet was sent to. Thanks to Javier Kohen
+ for the bug report.
+
+release 2.6
+ Support Token Ring DHCP. Thanks to Dag Wieers for help
+ testing. Note that Token ring support only works on Linux
+ currently.
+
+ Fix compilation on MacOS X. Thanks to Bernhard Ehlers for
+ the patch.
+
+ Added new "ignore" keyword for
+ dhcp-host. "dhcp-host=11:22:33:44:55:66,ignore" will
+ cause the DHCP server to ignore any host with the given
+ MAC address, leaving it to other servers on the
+ network. This also works with client-id and hostnames.
+ Suggestion by Alex Melt.
+
+ Fixed parsing of hex client IDs. Problem spotted by Peter
+ Fichtner.
+
+ Allow conf-file options in configuration file, to
+ provide an include function.
+
+ Re-read /etc/ethers on receipt of SIGHUP.
+
+ Added back the ability to read ISC dhcpd lease files, by
+ popular demand. Note that this is deprecated and for
+ backwards compatibility only. You can get back the 4K of
+ memory that the code occupies by undefining
+ "HAVE_ISC_READER" in src/config.h
+
+ Added ability to disable "pool" DHCP address allocation
+ whilst leaving static leases working. The syntax is
+ "dhcp-range=192.168.0.0,static"
+ Thanks to Grzegorz Nosek for the suggestion.
+
+ Generalized dnsmasq-rh.spec file to work on Mandrake too,
+ and removed dnsmasq-mdk.spec. Thanks to Doug Keller.
+
+ Allow DHCP options which are tied to specific static
+ leases in the same way as to specific networks.
+
+ Generalised the dhcp-option parser a bit to allow hex
+ strings as parameters. This is now legal:
+ dhcp-option=128,e4:45:74:68:00:00
+ Inspired by a patch from Joel Nordell.
+
+ Changed the semantics of argument-less dhcp-options for
+ the default-setting ones, ie 1, 3, 6 and 28. Now, doing
+ eg, dhcp-option=3 stops dnsmasq from sending a default
+ router option at all. Thanks to Scott Emmons for pointing
+ out that this is useful.
+
+ Fixed dnsmasq.conf parsing bug which interpreted port
+ numbers in server= lines as a comment. To start a
+ comment, a '#' character must now be a the start of a
+ line or preceded by whitespace. Thanks to Christian
+ Haggstrom for the bug report.
+
+release 2.7
+ Allow the dhcp-host specification of id:* which makes
+ dnsmasq ignore any client-id. This is useful to ensure
+ that a dual-boot machine sees the same lease when one OS
+ gives a client-id and the other doesn't. It's also useful
+ when PXE boot DHCP does not use client IDs but the OS it boots
+ does. Thanks to Grzegorz Nosek for suggesting this enhancement.
+
+ No longer assume that ciaddr is zero in received DHCPDISCOVER
+ messages, just for security against broken clients.
+
+ Set default of siaddr field to the address of the machine running
+ dnsmasq when not explicitly set using dhcp-boot
+ option. This is the ISC dhcpd behaviour.
+
+ Send T1 and T2 options in DHCPOFFER packets. This is required
+ by the DHCP client in some JetDirect printers. Thanks
+ to Paul Mattal for work on this.
+
+ Fixed bug with DHCP on OpenBSD reported by Dominique Jacquel.
+ The code which added loopback interfaces to the list
+ was confusing the DHCP code, which expected one interface only.
+ Solved by adding loopback interfaces to address list instead.
+
+ Add dhcp-vendorclass option to allow options to be sent only
+ to certain classes of clients.
+
+ Tweaked option search code so that if a netid-qualified
+ option is used, any unqualified option is ignored.
+
+ Changed the method of picking new dynamic IP
+ addresses. This used to use the next consecutive
+ address as long it was free, now it uses a hash
+ from the client hardware address. This reduces the amount
+ of address movement for clients which let their lease
+ expire and allows consecutive DHCPOFFERS to the same host
+ to (almost always) be for the same address, without
+ storing state before a lease is granted.
+
+ Tweaked option handling code to return all possible
+ options rather than none when DHCP "requested options"
+ field is missing. This fixes interoperability with
+ ancient IBM LANMAN DHCP clients. Thanks to Jim Louvau for
+ help with this.
+
+release 2.8
+ Pad DHCP packets to a minimum size of 300 bytes. This
+ fixes interoperability problems with the Linux in-kernel
+ DHCP/BOOTP client. Thanks to Richard Musil for
+ diagnosing this and supplying a patch.
+
+ Fixed option-parsing bug and potential memory leak. Patch
+ from Richard Musil.
+
+ Improved vendor class configuration and added user class
+ configuration. Specifically: (1) options are matched on
+ the netids from dhcp-range, dhcp-host, vendor class and
+ user class(es). Multiple net-ids are allowed and options
+ are searched on them all. (2) matches agains vendor class
+ and user class are now on a substring, if the given
+ string is a substring of the vendor/user class, then a
+ match occurs. Thanks again to Richard Musil for prompting
+ this.
+
+ Make "#" match any domain on --address and --server
+ flags. --address=/#/1.2.3.4 will return 1.2.3.4 for _any_
+ domain not otherwise matched. Of course
+ --server=/#/1.2.3.4 is exactly equivalent to
+ --server=1.2.3.4. Special request from Josh Howlett.
+
+ Fixed a nasty bug which would cause dnsmasq to lose track
+ of leases for hosts which had a --dhcp-host flag without
+ a name specification. The mechanism for this was that
+ the hostname could get erroneously set as a zero-length
+ string and then written to the leases file as a
+ mal-formed line. Restarting dnsmasq would then lose the lease.
+ Alex Hermann's work helped chase down this problem.
+
+ Add checks against DHCP clients which return zero-length
+ hostnames. This avoids the potential lease-loss problems
+ reffered to above. Also, if a client sends a hostname when
+ it creates a lease but subsequently sends no or a
+ zero-length hostname whilst renewing, continue to use the
+ existing hostname, don't wipe it out.
+
+ Tweaked option parsing to flag some parameter errors.
+
+release 2.9
+ Fixed interface filter code for two effects: 1) Fixed bug
+ where queries sent via loopback interface
+ but to the address of another interface were ignored
+ unless the loopback interface was explicitly configured.
+ 2) on OpenBSD failure to configure one interface now
+ causes a fatal error on startup rather than an huge
+ stream of log messages. Thanks to Erik Jan Tromp for
+ finding that bug.
+
+ Changed server selection strategy to improve performance
+ when there are many available servers and some are
+ broken. The new algorithm is to pick as before for the
+ first try, but if a query is retried, to send to all
+ available servers in parallel. The first one to reply
+ then becomes prefered for the next query. This should
+ improve reliability without generating significant extra
+ upstream load.
+
+ Fixed breakage of special servers/addresses for
+ unqualified domains introduced in version 2.8
+
+ Allow fallback to "bind-interfaces" at runtime: Some
+ verions of *BSD seem to have enough stuff in the header
+ files to build but no kernel support. Also now log if
+ "bind-interfaces" is forced on.
+
+ Log replies from upstream servers which refuse to do
+ recursion - dnsmasq is not a recursive nameserver and
+ relies on upstream servers to do the recursion, this
+ flags a configuration error.
+
+ Disable client-id matching for hosts whose MAC address is
+ read from /etc/ethers. Patch from Oleg I. Vdovikin.
+
+ Extended --mx-host flag to allow arbitrary targets for MX
+ records, suggested by Moritz Bunkus.
+
+ Fixed build under NetBSD 2.0 - thanks to Felix Deichmann
+ for the patch.
+
+ Deal correctly with repeated addresses in /etc/hosts. The
+ first name found is now returned for reverse lookups,
+ rather than all of them.
+
+ Add back fatal errors when nonexistant
+ interfaces or interface addresses are given but only in
+ "bind-interfaces" mode. Principle of least surprise applies.
+
+ Allow # as the argument to --domain, meaning "read the
+ domain from the first search directive in
+ /etc.resolv.conf". Feature suggested by Evan Jones.
+
+release 2.10
+ Allow --query-port to be set to a low port by creating and
+ binding the socket before dropping root. (Suggestion from
+ Jamie Lokier)
+
+ Support TCP queries. It turned out to be possible to do
+ this with a couple of hundred lines of code, once I knew
+ how. The executable size went up by a few K on i386.
+ There are a few limitations: data obtained via TCP is not
+ cached, and dynamically-created interfaces may break under
+ certain circumstances. Source-address or query-port
+ specifications are ignored for TCP.
+
+ NAK attempts to renew a DHCP lease where the DHCP range
+ has changed and the lease is no longer in the allowed
+ range. Jamie Lokier pointed out this bug.
+
+ NAK attempts to renew a pool DHCP lease when a statically
+ allocated address has become available, forcing a host to
+ move to its allocated address. Lots of people have
+ suggested this change and been rebuffed (they know who
+ they are) the straws that broke the camel's back were Tim
+ Cutts and Jamie Lokier.
+
+ Remove any nameserver records from answers which are
+ modified by --alias flags. If the answer is modified, it
+ cannot any longer be authoritative.
+
+ Change behaviour of "bogus-priv" option to return NXDOMAIN
+ rather than a PTR record with the dotted-quad address as
+ name. The new behaviour doesn't provoke tcpwrappers like
+ the old behavior did.
+
+ Added a patch for the Suse rpm. That changes the default
+ group to one suitable for Suse and disables inclusion of
+ the ISC lease-file reader code. Thanks to Andy Cambeis for
+ his ongoing work on Suse packaging.
+
+ Support forwarding of EDNS.0 The maximum UDP packet size
+ defaults to 1280, but may be changed with the
+ --edns-packet-max option. Detect queries with the do bit
+ set and always forward them, since DNSSEC records are
+ not cached. This behaviour is required to make
+ DNSSECbis work properly though dnsmasq. Thanks to Simon
+ Josefsson for help with this.
+
+ Move default config file location under OpenBSD from
+ /usr/local/etc/dnsmasq.conf to /etc/dnsmasq.conf. Bug
+ report from Jonathan Weiss.
+
+ Use a lease with matching MAC address for a host which
+ doesn't present a client-id, even if there was a client ID
+ at some point in the past. This reduces surprises when
+ changing DHCP clients, adding id:* to a host, and from the
+ semantics change of /etc/ethers in 2.9. Thanks to Bernard
+ Sammer for finding that.
+
+ Added a "contrib" directory and in it the dnslist utility,
+ from Thomas Tuttle.
+
+ Fixed "fail to start up" problems under Linux with IPv6
+ enabled. It's not clear that these were an issue in
+ released versions, but they manifested themselves when TCP
+ support was added. Thanks to Michael Hamilton for
+ assistance with this.
+
+version 2.11
+ Fixed DHCP problem which could result in two leases in the
+ database with the same address. This looked much more
+ alarming then it was, since it could only happen when a
+ machine changes MAC address but kept the same name. The
+ old lease would persist until it timed out but things
+ would still work OK.
+
+ Check that IP addresses in all dhcp-host directives are
+ unique and die horribly if they are not, since otherwise
+ endless protocol loops can occur.
+
+ Use IPV6_RECVPKTINFO as socket option rather than
+ IPV6_PKTINFO where available. This keeps late-model FreeBSD
+ happy.
+
+ Set source interface when replying to IPv6 UDP
+ queries. This is needed to cope with link-local addresses.
+
+version 2.12
+ Added extra checks to ensure that DHCP created DNS entries
+ cannot generate multiple DNS address->name entries. Thanks to
+ Stefan Monnier for finding the exact set of configuration
+ options which could create this.
+
+ Don't set the the filterwin2k option in the example config
+ file and add warnings that is breaks Kerberos. Thanks to
+ Simon Josefsson and Timothy Folks for pointing that out.
+
+ Log types of incoming queries as well as source and domain.
+
+ Log NODATA replies generated as a result of the
+ filterwin2k option.
+
+version 2.13
+ Fixed crash with un-named DHCP hosts introduced in 2.12.
+ Thanks to Nicolo Wojewoda and Gregory Gathy for bug reports.
+
+version 2.14
+ Fix DHCP network detection for hosts which talk via a
+ relay. This makes lease renewal for such hosts work
+ correctly.
+
+ Support RFC3011 subnet selectors in the DHCP server.
+
+ Fix DHCP code to generate RFC-compliant responses
+ to hosts in the INIT-REBOOT state.
+
+ In the DHCP server, set the receive buffer size on
+ the transmit-only packet socket to zero, to avoid
+ waste of kernel buffers.
+
+ Fix DHCP address allocation code to use the whole of
+ the DHCP range, including the start and end addresses.
+
+ Attempt an ICMP "ping" on new addresses before allocating
+ them to leases, to avoid allocating addresses which are in use.
+
+ Handle rfc951 BOOTP as well as DHCP for hosts which have
+ MAC address to IP address mapping defined.
+
+ Fix compilation under MacOS X. Thanks to Chris Tomlinson.
+
+ Fix compilation under NetBSD. Thanks to Felix Deichmann.
+
+ Added "keep-in-foreground" option. Thanks to Sean
+ MacLennan for the patch.
+
+version 2.15
+ Fixed NXDOMAIN/NODATA confusion for locally known
+ names. We now return a NODATA reponse for names which are
+ locally known. Now a query for (eg AAAA or MX) for a name
+ with an IPv4 address in /etc/hosts which fails upstream
+ will generate a NODATA response. Note that the query
+ is still tried upstream, but a NXDOMAIN reply gets
+ converted to NODATA. Thanks to Eric de Thouars, Eric
+ Spakman and Mike Mestnik for bug reports/testing.
+
+ Allow multiple dhcp-ranges within the same network. The
+ original intention was that there would be a dhcp-range
+ option for each network served, but there's no real reason
+ not to allow discontinuous ranges within a network so this
+ release adds support for that.
+
+ Check for dhcp-ranges which are inconsistent with their
+ netmask, and generate errors or warnings.
+
+ Improve error messages when there are problems with
+ configuration.
+
+version 2.16
+ Fixed typo in OpenBSD-only code which stopped compilation
+ under that OS. Chris Weinhaupl gets credit for reporting
+ this.
+
+ Added dhcp-authoritative option which restores non-RFC
+ compliant but desirable behaviour of pre-2.14 versions and
+ avoids long timeouts while DHCP clients try to renew leases
+ which are unknown to dnsmasq. Thanks to John Mastwijk for
+ help with this.
+
+ Added support to the DHCP option code to allow RFC-3397
+ domain search DHCP option (119) to be sent.
+
+ Set NONBLOCK on all listening sockets to workaround non-POSIX
+ compliance in Linux 2.4 and 2.6. This fixes rare hangs which
+ occured when corrupted packets were received. Thanks to
+ Joris van Rantwijk for chasing that down.
+
+ Updated config.h for NetBSD. Thanks to Martin Lambers.
+
+ Do a better job of distinguishing between retransmissions
+ and new queries when forwarding. This fixes a bug
+ triggered by the polipo web cache which sends A and AAAA
+ queries both with the same transaction-ID. Thanks to
+ Joachim Berdal Haga and Juliusz Chroboczek for help with this.
+
+ Rewrote cache code to store CNAMES, rather then chasing
+ them before storage. This eliminates bad situations when
+ clients get inconsistent views depending on if data comes
+ from the cache.
+
+ Allow for more than one --addn-hosts flag.
+
+ Clarify logged message when a DHCP lease clashes with an
+ /etc/hosts entry. Thanks to Mat Swift for the suggestion.
+
+ Added dynamic-dnsmasq from Peter Willis to the contrib
+ section.
+
+version 2.17
+ Correctly deduce the size of numeric dhcp-options, rather
+ than making wild guesses. Also cope with negative values.
+
+ Fixed use of C library reserved symbol "index" which broke
+ under certain combinations of library and compiler.
+
+ Make bind-interfaces work for IPv6 interfaces too.
+
+ Warn if an interface is given for listening which doesn't
+ currently exist when not in bind-interfaces mode. (This is
+ already a fatal error when bind-interfaces is set.)
+
+ Allow the --interface and --except-interface options to
+ take a comma-separated list of interfaces.
+
+ Tweak --dhcp-userclass matching code to work with the
+ ISC dhclient which violates RFC3004 unless its
+ configuration is very warped. Thanks to Cedric Duval for
+ the bug report.
+
+ Allow more than one network-id tag in a dhcp-option. All
+ the tags must match to enable the option.
+
+ Added dhcp-ignore option to disable classes of hosts based
+ on network-id tags. Also allow BOOTP options to be
+ controlled by network tags.
+
+ Fill in sname, file and siaddr fields in replies to
+ DHCPINFORM messages.
+
+ Don't send NAK replies to DHCPREQUEST packets for disabled
+ clients. Credit to Cedric Duval for spotting this.
+
+ Fix rare crash associated with long DNS names and CNAME
+ records. Thanks to Holger Hoffstatte and especially Steve
+ Grecni for help chasing that one down.
+
+version 2.18
+ Reworked the Linux interface discovery code (again) to
+ cope with interfaces which have only IPv6 addresses and
+ interfaces with more than one IPv6 address. Thanks to
+ Martin Pels for help with that.
+
+ Fix problems which occured when more than one dhcp-range
+ was specified in the same subnet: sometimes parameters
+ (lease time, network-id tag) from the wrong one would be
+ used. Thanks to Rory Campbell-Lange for the bug report.
+
+ Reset cache statistics when clearing the cache.
+
+ Enable long command line options on FreeBSD when the
+ C library supports them.
+
+version 2.19
+ Tweaked the Linux-only interface discovery code to cope
+ with interface-indexes larger than 8 bits in
+ /proc/net/if_inet6. This only affects Linux, obviously.
+ Thanks to Richard Atterer for the bug report.
+
+ Check for under-length option fields in DHCP packets, a
+ zero length client-id, in particluar, could seriously
+ confuse dnsmasq 'till now. Thanks to Will Murname for help
+ with that.
+
+ If a DHCP-allocated address has an associated name in
+ /etc/hosts, and the client does not provide a hostname
+ parameter and there is no hostname in a matching dhcp-host
+ option, send the /etc/hosts name as the hostname in
+ the DHCP lease. Thanks to Will Murname for the suggestion.
+
+version 2.20
+ Allow more than one instance of dnsmasq to run on a
+ machine, each providing DHCP service on a different
+ interface, provided that --bind-interfaces is set. This
+ configuration used to work, but regressed in version 2.14
+
+ Fix compilation on Mac OS X. Thanks to Kevin Bullock.
+
+ Protect against overlong names and overlong
+ labels in configuration and from DHCP.
+
+ Fix interesting corner case in CNAME handling. This occurs
+ when a CNAME has a target which "shadowed" by a name in
+ /etc/hosts or from DHCP. Resolving the CNAME would sneak
+ the upstream value of the CNAME's target into the cache,
+ alongside the local value. Now that doesn't happen, though
+ resolving the CNAME still gives the unshadowed value. This
+ is arguably wrong but rather difficult to fix. The main
+ thing is to avoid getting strange results for the target
+ due to the cache pollution when resolving the
+ CNAME. Thanks to Pierre Habouzit for exploring the corner
+ and submitting a very clear bug report.
+
+ Fix subtle bug in the DNS packet parsing code. It's almost
+ impossible to describe this succinctly, but the one known
+ manifestation is the inability to cache the A record for
+ www.apple.com. Thanks to Bob Alexander for spotting that.
+
+ Support SRV records. Thanks to Robert Kean for the patches
+ for this.
+
+ Fixed sign confusion in the vendor-id matching code which
+ could cause crashes sometimes. (Credit to Mark Wiater for
+ help finding this.)
+
+ Added the ability to match the netid tag in a
+ dhcp-range. Combined with the ability to have multiple
+ ranges in a single subnet, this provides a means to
+ segregate hosts on different address ranges based on
+ vendorclass or userclass. Thanks to Mark Wiater for
+ prompting this enhancement.
+
+ Added preference values for MX records.
+
+ Added the --localise-queries option.
+
+version 2.21
+ Improve handling of SERVFAIL and REFUSED errors. Receiving
+ these now initiates search for a new good server, and a
+ server which returns them is not a candidate as a good
+ server. Thanks to Istvan Varadi for pointing out the
+ problem.
+
+ Tweak the time code in BROKEN_RTC mode.
+
+ Sanity check lease times in dhcp-range and dhcp-host
+ configurations and force them to be at least two minutes
+ (120s) leases shorter than a minute confuse some clients,
+ notably Apple MacOS X. Rory Campbell-Lange found this
+ problem.
+
+ Only warn once about an upstream server which is refusing to do
+ recursive queries.
+
+ Fix DHCP address allocation problem when netid tags are in
+ use. Thanks to Will Murnane for the bug report and
+ subsequent testing.
+
+ Add an additional data section to the reply for MX and SRV
+ queries. Add support for DNS TXT records. Thanks to Robert
+ Kean and John Hampton for prompts and testing of these.
+
+ Apply address rewriting to records in the additional data section
+ of DNS packets. This makes things like MX records work
+ with the alias function. Thanks to Chad Skeeters for
+ pointing out the need for this.
+
+ Added support for quoted strings in config file.
+
+ Detect and defeat cache-poisoning attacks which attempt to
+ send (malicious) answers to questions we didn't
+ send. These are ignored now even if the attacker manages
+ to guess a random query-id.
+
+ Provide DHCP support for interfaces with multiple IP
+ addresses or aliases. This in only enabled under Linux.
+ See the FAQ entry for details.
+
+ Revisit the MAC-address and client-id matching code to
+ provide saner behaviour with PXE boots, where some
+ requests have a client-id and some don't.
+
+ Fixed off-by-one buffer overflow in lease file reading
+ code. Thanks to Rob Holland for the bug report.
+
+ Added wildcard matching for MAC addresses in dhcp-host
+ options. A sensible suggestion by Nathaniel McCallum.
+
+version 2.22
+ Fixed build problems on (many) systems with older libc
+ headers where <linux/types.h> is required before
+ <linux/netlink.h>. Enabled HAVE_RTNETLINK under uclibc now
+ that this fix is in place.
+
+ Added support for encapsulated vendor-class-specific DHCP
+ options. Thanks to Eric Shattow for help with this.
+
+ Fix regression in 2.21 which broke commas in filenames and
+ corrupted argv. Thanks to Eric Scott for the bugreport.
+
+ Fixed stupid thinko which caused dnsmasq to wedge during
+ startup with certain MX-record options. Another 2.21 regression.
+
+ Fixed broken-ness when reading /etc/ethers. 2.21 broke
+ this too.
+
+ Fixed wedge with certain DHCP options. Yet another 2.21
+ regression. Rob Holland and Roy Marples chased this one
+ down.
+
+version 2.23
+ Added a check to ensure that there cannot be more than one
+ dhcp-host option for any one IP address, even if the
+ addresses are assigned indirectly via a hostname and
+ /etc/hosts.
+
+ Include a "server identifier" in DHCPNAK replies, as
+ required by RFC2131.
+
+ Added method support for DBus
+ (http://www.freedesktop.org/Software/dbus)
+ This is a superior way to re-configure dnsmasq on-the-fly
+ with different upstream nameservers, as the host moves
+ between networks. DBus support must be enabled in
+ src/config.h and should be considered experimental at this
+ point. See DBus-interface for the specification of the
+ DBus method calls supported.
+
+ Added information to the FAQ about setting the DNS domain
+ in windows XP and Mac OS X, thanks to Rick Hull.
+
+ Added sanity check to resolv.conf polling code to cope
+ with backwards-moving clocks. Thanks to Leonardo Canducci
+ for help with this.
+
+ Handle so-called "A-for-A" queries, which are queries for
+ the address associated with a name which is already a
+ dotted-quad address. These should be handled by the
+ resolver code, but sometimes aren't and there's no point
+ in forwarding them.
+
+ Added "no-dhcp-interface" option to disable DHCP service
+ on an interface, whilst still providing DNS.
+
+ Fix format-string problem - config file names get passed
+ to fprintf as a format string, so % characters could cause
+ crashes. Thanks to Rob Holland for sleuthing that one.
+
+ Fixed multiple compiler warnings from gcc 4. Thanks to
+ Tim Cutts for the report.
+
+ Send the hostname option on DHCP offer messages as well as
+ DHCP ack messages. This is required by the Rio Digital
+ Audio Receiver. Thanks to Ron Frederick for the patch.
+
+ Add 'd' (for day) as a possible time multiplier in lease
+ time specifications. Thanks to Michael Deegan.
+
+ Make quoting suppress recognition of IP addresses, so
+ dhcp-option=66,1.2.3.4 now means something different to
+ dhcp-option=66,"1.2.3.4", which sets the option to a
+ string value. Thanks to Brian Macauley for the bug report.
+
+ Fixed the option parsing code to avoid segfaults from some
+ invalid configurations. Thanks to Wookey for spotting that one.
+
+ Provide information about which compile-time options were
+ selected, both in the log at startup and as part of the output
+ from dnsmasq --version. Thanks to Dirk Schenkewitz for
+ the suggestion.
+
+ Fix pathalogical behaviour when a broken client keeps sending
+ DHCPDISCOVER messages repeatedly and fast. Because dealing with
+ each of these takes a few seconds, (because of the ping) then a
+ queue of DHCP packets could build up. Now, the results of a ping
+ test are assumed to be valid for 30 seconds, so repeated waits are
+ not required. Thanks to Luca Landi for finding this.
+
+ Allow DHCPINFORM requests without hardware address
+ information. These are generated by some browsers, looking
+ for proxy information. Thanks to Stanley Jaddoe for the
+ bug report on that.
+
+ Add support of the "client FQDN" DHCP option. If present,
+ this is used to allow the client to tell dnsmasq its name,
+ in preference to (mis)using the hostname option. See
+ http://tools.ietf.org/wg/dhc/draft-ietf-dhc-fqdn-option/\
+ draft-ietf-dhc-fqdn-option-10.txt
+ for details of the draft spec.
+
+ Added startup scripts for MacOS X Tiger/Panther to the
+ contrib collection. Thanks to Tim Cutts.
+
+ Tweak DHCP network selection so that clients which turn up
+ on our network in REBINDING state and with a lease for a
+ foreign network will get a NAK response. Thanks to Dan
+ Shechter for work on this and an initial patch and thanks
+ to Gyorgy Farkas for further testing.
+
+ Fix DNS query forwarding for empty queries and forward
+ queries even when the recursion-desired bit is clear. This
+ allows "dig +trace" to work. Problem report from Uwe
+ Gansert.
+
+ Added "const" declarations where appropriate, thanks to
+ Andreas Mohr for the patch.
+
+ Added --bootp-dynamic option and associated
+ functionality. Thanks to Josef Wolf for the suggestion.
+
+version 2.24
+ Updated contrib/openvpn/dnsmasq.patch from Joseph Tate.
+
+ Tweaked DHCP NAK code, a DHCP NAK is now unicast as a
+ fallback in cases where a broadcast is futile: namely in
+ response to a unicast REQUEST from a non-local network
+ which was not sent via a relay.
+
+ Slightly changed the semantics of domain matching in
+ --server and --address configs. --server=/domain.com/ still
+ matches domain.com and sub.domain.com but does not
+ now match newdomain.com The semantics of
+ --server=/.domain.com/ are unchanged.
+ Thanks to Chris Blaise for the patch.
+
+ Added backwards-compatible internationalisation support.
+ The existing make targets, (all, dnsmasq, install) work as
+ before. New ones (all-i18n, and install-i18n) add gettext.
+ The translations live in po/ There are not too many
+ strings, so if anybody can provide translations (and for
+ the manpage....) please send them in.
+
+ Tweak behaviour on receipt of REFUSED or SERVFAIL rcodes,
+ now the query gets retried on all servers before returning
+ the error to the source of the query. Thanks to Javier
+ Kohen for the report.
+
+ Added Polish translation - thanks to Tomasz Sochanski.
+
+ Changed default manpage install location from /usr/man
+ to /usr/share/man
+
+ Added Spanish translation - thanks to Christopher Chatham.
+
+ Log a warning when a DHCP packet is truncated due to lack
+ of space. (Thanks to Michael Welle for the prompt to do
+ this.)
+
+ Added French translation - thanks to Lionel Tricon.
+
+ Added Indonesian translation - thanks to Salman AS.
+
+ Tweaked the netlink code to cope with interface broadcast
+ address not set, or set to 0.0.0.0.
+
+ Fixed problem assigning fixed addresses to hosts when more
+ than one dhcp-range is available. Thanks to Sorin Panca
+ for help chasing this down.
+
+ Added more explict error mesages to the hosts file and
+ ethers file reading code. Markus Kaiserswerth suffered to
+ make this happen.
+
+ Ensure that a hostname supplied by a DHCP client can never
+ override one configured on the server. Previously, any
+ host claiming a name would be given it, even if that
+ over-rode a dhcp-host declaration, leading to potentially
+ confusing situations.
+
+ Added Slackware package-build stuff into contrib/ The i18n
+ effort broke the current scripts, and working ones were
+ needed for testing, so they ended up here rather than make
+ Pat re-invent the wheel.
+
+ Added Romanian translation, thanks to Sorin Panca for
+ that.
+
+version 2.25
+ Fixed RedHat spec file for FC4 - thanks to Werner Hoelzl
+ and Andrew Bird.
+
+ Fixed Suse spec file - thanks to Steven Springl.
+
+ Fixed DHCP bug when two distict subnets are on the same
+ physical interface. Thanks to Pawel Zawora for finding
+ this and suggesting the fix.
+
+ Added logging to make it explicit when dnsmasq falls back
+ from using RT-netlink sockets to the old ioctl API for
+ getting information about interfaces. Doing this
+ completely silently made remote debugging hard.
+
+ Merged uclibc build fixes from the OpenWRT package into
+ src/config.h
+
+ Added Norwegian translation - thanks to Jan Erik Askildt.
+
+version 2.26
+ Fixed SuSe rpm patch problem - thanks to Steven Springl.
+
+ Fixed crash when attempting to send a DHCP NAK to a host
+ which believes it has a lease on an unknown
+ network. Thanks to Lutz Pressler for the bug report and
+ patch.
+
+version 2.27
+ Tweaked DHCP behaviour when a client attempts to renew a lease
+ which dnsmasq doesn't know about. Previously that would always
+ result in a DHCPNAK. Now, in dhcp-authoritative mode, the
+ lease will be created, if it's legal. This makes dnsmasq work
+ better if the lease database is lost, for example on an OpenWRT
+ system which reboots. Thanks to Stephen Rose for work on
+ this.
+
+ Added the ability to support RFC-3442 style destination
+ descriptors in dhcp-options. This makes classless static
+ routes easy to do, eg dhcp-option=121,192.168.1.0/24,1.2.3.4
+
+ Added error-checking to the code which writes the lease
+ file. If this fails for any reason, an error is logged,
+ and a retry occurs after one minute. This should improve
+ things eg when a filesystem is full. Thanks to Jens Holze
+ for the bug report.
+
+ Fixed breakage of the "/#/ matches any domain" facility
+ which happened in 2.24. Thanks to Peter Surda for the bug
+ report.
+
+ Use "size_t" and "ssize_t" types where appropriate in the
+ code.
+
+ Fix buggy CNAME handling in mixed IPv4 and IPv6
+ queries. Thanks to Andreas Pelme for help finding that.
+
+ Added some code to attempt to re-transmit DNS queries when
+ a network interface comes up. This helps on DoD links,
+ where frequently the packet which triggers dialling is
+ a DNS query, which then gets lost. By re-sending, we can
+ avoid the lookup failing. This function is only active
+ when netlink support is compiled in, and therefore only
+ under Linux. Thanks to Jean Wolter for help with this.
+
+ Tweaked the DHCP tag-matching code to work correctly with
+ NOT-tag conditions. Thanks to Lutz Pressler for finding
+ the bug.
+
+ Generalised netid-tag matching in dhcp-range statements to
+ allow more than one tag.
+
+ Added --dhcp-mac to do MAC address matching in the same
+ way as vendorclass and userclass matching. A good
+ suggestion from Lutz Pressler.
+
+ Add workaround for buggy early Microsoft DHCP clients
+ which need zero-termination in string options.
+ Thanks to Fabiano Pires for help with this.
+
+ Generalised the DHCP code to cope with any hardware
+ address type, at least on Linux. *BSD is still limited to
+ ethernet only.
+
+version 2.28
+ Eliminated all raw network access when running on
+ Linux. All DHCP network activity now goes through the IP
+ stack. Packet sockets are no longer required. Apart from
+ being a neat hack, this should also allow DHCP over IPsec
+ to work better. On *BSD and OS X, the old method of raw net
+ access through BPF is retained.
+
+ Simplified build options. Networking is now slimmed down
+ to a choice of "linux" or "other". Netlink is always used
+ under Linux. Since netlink has been available since 2.2
+ and non-optional in an IPv4-configured kernel since 2.4,
+ and the dnsmasq netlink code is now well tested, this
+ should work out fine.
+
+ Removed decayed build support for libc5 and Solaris.
+
+ Removed pselect code: use a pipe for race-free signal
+ handling instead, as this works everywhere.
+
+ No longer enable the ISC leasefile reading code in the
+ distributed sources. I doubt there are many people left
+ using this 1.x compatibility code. Those that are will
+ have to explicitly enable it in src/config.h.
+
+ Don't send the "DHCP maximum message size" option, even if
+ requested. RFC2131 says this is a "MUST NOT".
+
+ Support larger-than-minimum DHCP message. Dnsmasq is now
+ happy to get larger than 576-byte DHCP messages, and will
+ return large messages, if permitted by the "maximum
+ message size" option of the message to which it is
+ replying. There's now an arbitrary sanity limit of 16384
+ bytes.
+
+ Added --no-ping option. This fixes an RFC2131 "SHOULD".
+
+ Building on the 2.27 MAC-address changes, allow clients to
+ provide no MAC address at all, relying on the client-id as
+ a unique identifier. This should make things like DHCP for
+ USB come easier.
+
+ Fixed regression in netlink code under 2.2.x kernels which
+ occurred in 2.27. Erik Jan Tromp is the vintage kernel fan
+ who found this. P.S. It looks like this "netlink bind:
+ permission denied" problem occured in kernels at least as
+ late a 2.4.18. Good information from Alain Richoux.
+
+ Added a warning when it's impossible to give a host its
+ configured address because the address is leased
+ elsewhere. A sensible suggestion from Mircea Bardac.
+
+ Added minimal support for RFC 3046 DHCP relay agent-id
+ options. The DHCP server now echoes these back to the
+ relay, as required by the RFC. Also, RFC 3527 link selection
+ sub-options are honoured.
+
+ Set the process "dumpable" flag when running in debug
+ mode: this makes getting core dumps from root processes
+ much easier.
+
+ Fixed one-byte buffer overflow which seems to only cause
+ problems when dnsmasq is linked with uclibc. Thanks to
+ Eric House and Eric Spakman for help in chasing this down.
+
+ Tolerate configuration screwups which lead to the DHCP
+ server attemping to allocate its own address to a
+ client; eg setting the whole subnet range as a DHCP
+ range. Addresses in use by the server are now excluded
+ from use by clients.
+
+ Did some thinking about HAVE_BROKEN_RTC mode, and made it
+ much simpler and better. The key is to just keep lease
+ lengths in the lease file. Since these normally never
+ change, even as the lease is renewed, the lease file never
+ needs to change except when machines arrive on the network
+ or leave. This eliminates the code for timed writes, and
+ reduces the amount of wear on a flash filesystem to the
+ absolute minimum. Also re-did the basic time function in
+ this mode to use the portable times(), rather than parsing
+ /proc/uptime.
+
+ Believe the source port number when replying to unicast
+ DHCP requests and DHCP requests via a relay, instead of always
+ using the standard ports. This will allow relays on
+ non-standard ports and DHCPINFORM from unprivileged ports
+ to work. The source port sent by unconfigured clients is still
+ ignored, since this may be unreliable. This means that a DHCP
+ client must use the standard port to do full configuration.
+
+version 2.29
+ Fixed compilation on OpenBSD (thanks to Tom Hensel for the
+ report).
+
+ Fixed false "no interface" errors when --bind-interfaces is
+ set along with --interface=lo or --listen-address. Thanks
+ to Paul Wise for the report.
+
+ Updated patch for SuSE rpm. Thanks to Steven Springl.
+
+ It turns out that there are some Linux kernel
+ configurations which make using the capability system
+ impossible. If this situation occurs then continue, running
+ as root, and log a warning. Thanks to Scott Wehrenberg
+ for help tracking this down.
+
+version 2.30
+ Fixed crash when a DHCP client requested a broadcast
+ reply. This problem was introduced in version 2.28.
+ Thanks to Sandra Dekkers for the bug report.
+
+version 2.31
+ Added --dhcp-script option. There have been calls for this
+ for a long time from many good people. Fabio Muzzi gets
+ the prize for finally convincing me.
+
+ Added example dbus config file and moved dbus stuff into
+ its own directory.
+
+ Removed horribly outdated Redhat RPM build files. These
+ are obsolete now that dnsmasq in in Fedora extras. Thanks
+ to Patrick "Jima" Laughton, the Fedora package
+ maintainer.
+
+ Added workaround for Linux kernel bug. This manifests
+ itself as failure of DHCP on kernels with "support for
+ classical IP over ATM" configured. That includes most
+ Debian kernel packages. Many thanks to A. Costa and
+ Benjamin Kudria for their huge efforts in chasing this
+ down.
+
+ Force-kill child processes when dnsmasq is sent a sigterm,
+ otherwise an unclosed TCP connection could keep dnsmasq
+ hanging round for a few minutes.
+
+ Tweaked config.h logic for uclibc build. It will now pick
+ up MMU and IPV6 status correctly on every system I tested.
+
+version 2.32
+ Attempt a better job of replacing previous configuration
+ when re-reading /etc/hosts and /etc/ethers. SIGHUP is
+ still not identical to a restart under all circumstances,
+ but it is for the common case of name->MAC address in
+ /etc/ethers and name->IP address in /etc/hosts.
+
+ Fall back to broadcast for DHCP to an unconfigured client
+ when the MAC address size is greater than 14 bytes.
+
+ Fix problem in 2.28-onwards releases which breaks DNS on
+ Mac OS X. Thanks to Doug Fields for the bug report and
+ testing.
+
+ Added fix to allow compilation on c89-only compilers.
+ Thanks to John Mastwijk for the patch.
+
+ Tweak resolv file polling code to work better if there is
+ a race between updating the mtime and file contents. This
+ is not normally a problem, but it can be on systems which
+ replace nameservers whilst active. The code now continues
+ to read resolv.conf until it gets at least one usable
+ server. Thanks to Holger Mauermann for help with this.
+
+ If a client DECLINEs an address which is allocated to it
+ via dhcp-host or /etc/hosts, lock that address out of use
+ for ten minutes, instead of forever, and log when it's not
+ being used because of the lock-out. This should provide
+ less surprising behaviour when a configured address can't be
+ used. Thanks to Peter Surda and Heinz Deinhart for input
+ on this.
+
+ Fixed *BSD DHCP breakage with only some
+ arches/compilers, depending on structure padding rules.
+ Thanks to Jeb Campbell and Tom Hensel for help with this.
+
+ Added --conf-dir option. Suggestion from Aaron Tygart.
+
+ Applied patch from Brent Cook which allows netids in
+ dhcp-option configuration lines to be prefixed by
+ "net:". This is not required by the syntax, but it is
+ consistent with other configuration items.
+
+ Added --log-facility option. Suggestion from Fabio Muzzi.
+
+ Major update to Spanish translation. Many thanks to Chris
+ Chatham.
+
+ Fixed gcc-4.1 strict-alias compilation warning.
+
+version 2.33
+ Remove bash-specific shellcode from the Makefile.
+
+ Fix breakage with some DHCP relay implementations which
+ was introduced in 2.28. Believing the source port in
+ DHCP requests and sending the reply there is sometimes a
+ bad thing to do, so I've reverted to always sending to
+ the relay on port 68. Thanks to Daniel Hamlin and Alex
+ (alde) for bug reports on this.
+
+ Moved the SuSe packaging files to contrib. I will no
+ longer attempt to maintain this in the source tarball. It
+ will be done externally, in the same way as packaging for
+ other distros. Suse packages are available from
+ ftp://ftp.suse.com/pub/people/ug/
+
+ Merged patch from Gentoo to honour $LDFLAGS environment.
+
+ Fix bug in resolv.conf processing when more than one file
+ is being checked.
+
+ Add --dns-forward-max option.
+
+ Warn if --resolv-file flags are ignored because of
+ --no-resolv. Thanks to Martin F Krafft for spotting this
+ one.
+
+ Add --leasefile-ro option which allows the use of an
+ external lease database. Many thanks to Steve Horbachuk
+ for assistance developing this feature.
+
+ Provide extra information to lease-change script via its
+ environment. If the host has a client-id, then
+ DNSMASQ_CLIENT_ID will be set. Either the lease length (in
+ DNSMASQ_LEASE_LENGTH) or lease expiry time (in
+ DNSMASQ_LEASE_EXPIRES) will be set, depending on the
+ HAVE_BROKEN_RTC compile-time option. This extra
+ information should make it possible to maintain the lease
+ database in external storage such as LDAP or a relational
+ database. Note that while leasefile-ro is set, the script
+ will be called with "old" events more often, since
+ changes to the client-id and lease length
+ (HAVE_BROKEN_RTC) or lease expiry time (otherwise)
+ are now flagged.
+
+ Add contrib/wrt/* which is an example implementation of an
+ external persistent lease database for *WRT distros with
+ the nvram command.
+
+ Add contrib/wrt/dhcp_release.c which is a small utility
+ which removes DHCP leases using DHCPRELEASE operation in
+ the DHCP protocol.
+
+version 2.34
+ Tweak network-determination code for another corner case:
+ in this case a host forced to move between dhcp-ranges on
+ the same physical interface. Thanks to Matthias Andree.
+
+ Improve handling of high DNS loads by throttling acceptance of
+ new queries when resources are tight. This should be a
+ better response than the "forwarding table full..."
+ message which was logged before.
+
+ Fixed intermittent infinite loop when re-reading
+ /etc/ethers after SIGHUP. Thanks to Eldon Ziegler for the
+ bug report.
+
+ Provide extra information to the lease-change script: when
+ a lease loses its hostname (because a new lease comes
+ along and claims the same new), the "old" action is called
+ with the current state of the lease, ie no name. The
+ change is to provide the former name which the lease had
+ in the environment variable DNSMASQ_OLD_HOSTNAME. This
+ helps scripts which do stuff based on hostname, rather
+ than IP address. Also provide vendor-class and user-class
+ information to the lease-change script when a new lease is
+ created in the DNSMASQ_VENDOR_CLASS and
+ DNSMASQ_USER_CLASS<n> environment variables. Suggestion
+ from Francois-Xavier Le Bail.
+
+ Run the lease change script as root, even when dnsmasq is
+ configured to change UID to an unprivileged user. Since
+ most uses of the lease change script need root, this
+ allows its use whilst keeping the security advantages of
+ running the daemon without privs. The script is invoked
+ via a small helper process which keeps root UID, and
+ validates all data received from the main process. To get
+ root, an attacker would have to break dnsmasq and then
+ break the helper through the restricted comms channel
+ linking the two.
+
+ Add contrib/port-forward/* which is a script to set up
+ port-forwards using the DHCP lease-change script. It's
+ possible to add a host to a config file by name, and when
+ that host gets a DHCP lease, the script will use iptables
+ to set up port-forwards to configured ports at the address
+ which the host is allocated. The script also handles
+ setting up the port-forward iptables entries after reboot,
+ using the persistent lease database, and removing them
+ when a host leaves and its DHCP lease expires.
+
+ Fix unaligned access problem which caused wrong log
+ messages with some clients on some architectures. Thanks
+ to Francois-Xavier Le Bail for the bugreport.
+
+ Fixed problem with DHCPRELEASE and multi-address
+ interfaces. Enhanced contrib/wrt/dhcp_release to cope
+ under these circumstances too. Thanks to Eldon Ziegler for
+ input on this.
+
+ Updated French translation: thanks to Gildas Le Nadan.
+
+ Upgraded the name hash function in the DNS cache. Thanks
+ to Oleg Khovayko for good work on this.
+
+ Added --clear-on-reload flag. Suggestion from Johannes
+ Stezenbach.
+
+ Treat a nameserver address of 0.0.0.0 as "nothing". Erwin
+ Cabrera spotted that specifying a nameserver as 0.0.0.0
+ breaks things badly; this is because the network stack
+ treats is as "this host" and an endless loop ensues.
+
+ Added Webmin module in contrib/webmin. Thanks to Neil
+ Fisher for that.
+
+version 2.35
+ Generate an "old" script event when a client does a DHCPREQUEST
+ in INIT-REBOOT or SELECTING state and the lease already
+ exists. Supply vendor and user class information to these
+ script calls.
+
+ Added support for Dragonfly BSD to src/config.h
+
+ Removed "Upgrading to 2.0" document, which is ancient
+ history now.
+
+ Tweak DHCP networking code for BSD, esp OpenBSD. Added a
+ workaround for a bug in OpenBSD 4.0: there should finally
+ be support for multiple interfaces under OpenBSD now.
+ Note that no version of dnsmasq before 2.35 will work for
+ DHCP under OpenBSD 4.0 because of a kernel bug.
+ Thanks to Claudio Jeker, Jeb Campbell and Cristobal
+ Palmer for help with this.
+
+ Optimised the cache code for the case of large
+ /etc/hosts. This is mainly to remove the O(n-squared)
+ algorithm which made reading large (50000 lines) files
+ slow, but it also takes into account the size of
+ /etc/hosts when building hash tables, so overall
+ performance should be better. Thanks to "koko" for
+ pointing out the problem.
+
+version 2.36
+ Added --dhcp-ignore-names flag which tells dnsmasq not to
+ use names provided by DHCP clients. Suggestion from
+ Thomas M Steenholdt.
+
+ Send netmask and broadcast address DHCP options always,
+ even if the client doesn't request them. This makes a few
+ odd clients work better.
+
+ Added simple TFTP function, optimised for net-boot. It is
+ now possible to net boot hosts using only dnsmasq. The
+ TFTP server is read-only, binary-mode only, and designed to be
+ secure; it adds about 4K to the dnsmasq binary.
+
+ Support DHCP option 120, SIP servers, (RFC 3361). Both
+ encodings are supported, so both --dhcp-option=120,192.168.2.3
+ and --dhcp-option=120,sip.example.net will work. Brian
+ Candler pointed out the need for this.
+
+ Allow spaces in domain names, to support DNS-SD.
+
+ Add --ptr-record flag, again for DNS-SD. Thanks to Stephan
+ Sokolow for the suggestion.
+
+ Tolerate leading space on lines in the config file. Thanks
+ to Luigi Rizzo for pointing this out.
+
+ Fixed netlink.c to cope with headers from the Linux 2.6.19
+ kernel. Thanks to Philip Wall for the bug report.
+
+ Added --dhcp-bridge option, but only to the FreeBSD
+ build. This fixes an oddity with a a particular bridged
+ network configuration on FreeBSD. Thanks to Luigi Rizzo
+ for the patch.
+
+ Added FAQ entry about running dnsmasq in a Linux
+ vserver. Thanks to Gildas le Nadan for the information.
+
+ Fixed problem with option parsing which interpreted "/" as
+ an address and not a string. Thanks to Luigi Rizzo
+ for the patch.
+
+ Ignore the --domain-needed flag when forwarding NS
+ and SOA queries, since NS queries of TLDs are always legit.
+ Marcus Better pointed out this problem.
+
+ Take care to forward signed DNS requests bit-perfect, so
+ as not to affect the validity of the signature. This
+ should allow DDNS updates to be forwarded.
+
+version 2.37
+ Add better support for RFC-2855 DHCP-over-firewire and RFC
+ -4390 DHCP-over-InfiniBand. A good suggestion from Karl Svec.
+
+ Some efficiency tweaks to the cache code for very large
+ /etc/hosts files. Should improve reverse (address->name)
+ lookups and garbage collection. Thanks to Jan 'RedBully'
+ Seiffert for input on this.
+
+ Fix regression in 2.36 which made bogus-nxdomain
+ and DNS caching unreliable. Thanks to Dennis DeDonatis
+ and Jan Seiffert for bug reports.
+
+ Make DHCP encapsulated vendor-class options sane. Be
+ warned that some conceivable existing configurations
+ using these may break, but they work in a much
+ simpler and more logical way now. Prepending
+ "vendor:<client-id>" to an option encapsulates it
+ in option 43, and the option is sent only if the
+ client-supplied vendor-class substring-matches with
+ the given client-id. Thanks to Dennis DeDonatis for
+ help with this.
+
+ Apply patch from Jan Seiffert to tidy up tftp.c
+
+ Add support for overloading the filename and servername
+ fields in DHCP packet. This gives extra option-space when
+ these fields are not being used or with a modern client
+ which supports moving them into options.
+
+ Added a LIMITS section to the man-page, with guidance on
+ maximum numbers of clients, file sizes and tuning.
+
+release 2.38
+ Fix compilation on *BSD. Thanks to Tom Hensel.
+
+ Don't send length zero DHCP option 43 and cope with
+ encapsulated options whose total length exceeds 255 octets
+ by splitting them into multiple option 43 pieces.
+
+ Avoid queries being retried forever when --strict-order is
+ set and an upstream server returns a SERVFAIL
+ error. Thanks to Johannes Stezenbach for spotting this.
+
+ Fix BOOTP support, broken in version 2.37.
+
+ Add example dhcp-options for Etherboot.
+
+ Add \e (for ASCII ESCape) to the set of valid escapes
+ in config-file strings.
+
+ Added --dhcp-option-force flag and examples in the
+ configuration file which use this to control PXELinux.
+
+ Added --tftp-no-blocksize option.
+
+ Set netid tag "bootp" when BOOTP (rather than DHCP) is in
+ use. This makes it easy to customise which options are
+ sent to BOOTP clients. (BOOTP allows only 64 octets for
+ options, so it can be necessary to trim things.)
+
+ Fix rare hang in cache code, a 2.37 regression. This
+ probably needs an infinite DHCP lease and some bad luck to
+ trigger. Thanks to Detlef Reichelt for bug reports and testing.
+
+release 2.39
+ Apply patch from Mike Baker/OpenWRT to ensure that names
+ like "localhost." in /etc/hosts with trailing period
+ are treated as fully-qualified.
+
+ Tolerate and ignore spaces around commas in the
+ configuration file in all circumstances. Note that this
+ may change the meaning of a few existing config files, for
+ instance
+ txt-record=mydomain.com, string
+ would have a leading space in the string before, and now
+ will not. To get the old behaviour back, use quotes:
+ txt-record=mydomain.com," string"
+
+ /a is no longer a valid escape in quoted strings.
+
+ Added symbolic DHCP option names. Instead of
+ dhcp-option = 3, 1.2.3.4
+ it is now possible to do
+ dhcp-option = option:router, 1.2.3.4
+ To see the list of known DHCP options, use the
+ command "dnsmasq --help dhcp"
+ Thanks to Luigi Rizzo for a patch and good work on this.
+
+ Overhauled the log code so that logging can be asynchronous;
+ dnsmasq then no longer blocks waiting for the syslog() library
+ call. This is important on systems where syslog
+ is being used to log over the network (and therefore doing
+ DNS lookups) and syslog is using dnsmasq as its DNS
+ server. Having dnsmasq block awaiting syslog under
+ such circumstances can lead to syslog and dnsmasq
+ deadlocking. The new behaviour is enabled with a new
+ --log-async flag, which can also be used to tune the
+ queue length. Paul Chambers found and diagnosed
+ this trap for the unwary. He also did much testing of
+ the solution along with Carlos Carvalho.
+
+ --log-facility can now take a file-name instead of a
+ facility name. When this is done, dnsmasq logs to the
+ file and not via syslog. (Failures early in startup,
+ whilst reading configuration, will still go to syslog,
+ and syslog is used as a log-of-last-resort if the file
+ cannot be written.)
+
+ Added --log-dhcp flag. Suggestion from Carlos Carvalho.
+
+ Made BINDIR, MANDIR and LOCALEDIR independently
+ over-rideable in the makefile. Suggestion from Thomas
+ Klausner.
+
+ Added 127.0.0.0/8 and 169.254.0.0/16 to the address
+ ranges affected by --bogus-priv. Thanks to Paul
+ Chambers for the patch.
+
+ Fixed failure of TFTP server with --listen-address. Thanks
+ to William Dinkel for the bug report.
+
+ Added --dhcp-circuitid and --dhcp-remoteid for RFC3046
+ relay agent data matching.
+
+ Added --dhcp-subscrid for RFC3993 subscriber-id relay
+ agent data matching.
+
+ Correctly garbage-collect connections when upstream
+ servers go away as a result of DBus transactions.
+
+ Allow absolute paths for TFTP transfers even when
+ --tftp-root is set, as long as the path matches the root,
+ so /var/ftp/myfile is OK with tftp-root=/var/ftp.
+ Thanks for Thomas Mizzi for the patch.
+
+ Updated Spanish translation - thanks to Chris Chatham.
+
+ Updated French translation - thanks to Gildas Le Nadan.
+
+ Added to example conf file example of routing PTR queries
+ for a subnet to a different nameserver. Suggestion from
+ Jon Nicholson.
+
+ Added --interface-name option. This provides a facility
+ to add a domain name with a dynamic IP address taken from
+ the address of a local network interface. Useful for
+ networks with dynamic IPs.
+
+version 2.40
+ Make SIGUSR2 close-and-reopen the logfile when logging
+ direct to a file. Thanks to Carlos Carvalho for
+ suggesting this. When a logfile is created, change
+ its ownership to the user dnsmasq will run as, don't
+ leave it owned by root.
+
+ Set a special tag, "known" for hosts which are matched by
+ a dhcp-host or /etc/ethers line. This is especially
+ useful to be able to do --dhcp-ignore=#known, like ISCs
+ "deny unknown-clients".
+
+ Explicitly set a umask before creating the leases file,
+ rather than relying on whatever we inherited. The
+ permissions are set to 644.
+
+ Fix handling of fully-qualified names in --dhcp-host
+ directives and in /etc/ethers. These are now rejected
+ if the domain doesn't match that given by --domain,
+ and used correctly otherwise. Before, putting
+ a FQDN here could cause the whole FQDN to be used as
+ hostname. Thanks to Michael Heimpold for the bug report.
+
+ Massive but trivial edit to make the "daemon" variable
+ global, instead of copying the same value around as the
+ first argument to half the functions in the program.
+
+ Updated Spanish manpage and message catalog. Thanks
+ to Chris Chatham.
+
+ Added patch for support of DNS LOC records in
+ contrib/dns-loc. Thanks to Lorenz Schori.
+
+ Fixed error in manpage: dhcp-ignore-name ->
+ dhcp-ignore-names. Thanks to Daniel Mentz for spotting
+ this.
+
+ Use client-id as hash-seed for DHCP address allocation
+ with Firewire and Infiniband, as these don't supply an MAC
+ address.
+
+ Tweaked TFTP file-open code to make it behave sensibly
+ when the filesystem changes under its feet.
+
+ Added DNSMASQ_TIME_REMAINING environment variable to the
+ lease-script.
+
+ Always send replies to DHCPINFORM requests to the source
+ of the request and not to the address in ciaddr. This
+ allows third-party queries.
+
+ Return "lease time remaining" in the reply to a DHCPINFORM
+ request if there exists a lease for the host sending the
+ request.
+
+ Added --dhcp-hostsfile option. This gives a superset of
+ the functionality provided by /etc/ethers. Thanks to
+ Greg Kurtzer for the suggestion.
+
+ Accept keyword "server" as a synonym for "nameserver" in
+ resolv.conf. Thanks to Andrew Bartlett for the report.
+
+ Add --tftp-unique-root option. Suggestion from Dermot
+ Bradley.
+
+ Tweak TFTP retry timer to avoid problems with difficult
+ clients. Thanks to Dermot Bradley for assistance with
+ this.
+
+ Continue to use unqualified hostnames provided by DHCP
+ clients, even if the domain part is illegal. (The domain
+ is ignored, and an error logged.) Previously in this
+ situation, the whole name whould have been
+ rejected. Thanks to Jima for the patch.
+
+ Handle EINTR returns from wait() correctly and reap
+ our children's children if necessary. This fixes
+ a problem with zombie-creation under *BSD when using
+ --dhcp-script.
+
+ Escape spaces in hostnames when they are stored in the
+ leases file and passed to the lease-change
+ script. Suggestion from Ben Voigt.
+
+ Re-run the lease chamge script with an "old" event for
+ each lease when dnsmasq receives a SIGHUP.
+
+ Added more useful exit codes, including passing on a
+ non-zero exit code from the lease-script "init" call when
+ --leasefile-ro is set.
+
+ Log memory allocation failure whilst the daemon is
+ running. Allocation failures during startup are fatal,
+ but lack of memory whilst running is worked around.
+ This used to be silent, but now is logged.
+
+ Fixed misaligned memory access which caused problems on
+ Blackfin CPUs. Thanks to Alex Landau for the patch.
+
+ Don't include (useless) script-calling code when NO_FORK
+ is set. Since this tends to be used on very small uclinux
+ systems, it's worth-while to save some code-size.
+
+ Don't set REUSEADDR on TFTP listening socket. There's no
+ need to do so, and it creates confusing behaviour when
+ inetd is also listening on the same port. Thanks to Erik
+ Brown for spotting the problem.
+
+version 2.41
+ Remove deprecated calls when compiled against libdbus 1.1.
+
+ Fix "strict-alias" warning in bpf.c
+
+ Reduce dependency on Gnu-make in build system: dnsmasq now
+ builds with system make under OpenBSD.
+
+ Port to Solaris. Dnsmasq 1.x used to run under Solaris,
+ and this release does so again, for Solaris 9 or better.
+
+ Allow the DNS function to be completely disabled, by
+ setting the port to zero "--port=0". The allows dnsmasq to
+ be used as a simple DHCP server, simple TFTP server, or
+ both, but without the DNS server getting in the way.
+
+ Fix a bug where NXDOMAIN could be returned for a query
+ even if the name's value was known for a different query
+ type. This bug could be prodded with
+ --local=/domain/ --address=/name.domain/1.2.3.4
+ An IPv6 query for name.domain would return NXDOMAIN, and
+ not the correct NOERROR. Thanks to Lars Nooden for
+ spotting the bug and Jima for diagnosis of the problem.
+
+ Added per-server stats to the information logged when
+ dnsmasq gets SIGUSR1.
+
+ Added counts of queries forwarded and queries answered
+ locally (from the cache, /etc/hosts or config).
+
+ Fixed possible crash bug in DBus IPv6 code. Thanks to Matt
+ Domsch and Jima.
+
+ Tighten checks for clashes between hosts-file and
+ DHCP-derived names. Multiple addresses associated with a
+ name in hosts-file no longer confuses the check.
+
+ Add --dhcp-no-override option to fix problems with some
+ combinations of stage zero and stage one
+ bootloaders. Thanks to Steve Alexander for the bug report.
+
+ Add --tftp-port-range option. Thanks to Daniel Mierswa for
+ the suggestion.
+
+ Add --stop-dns-rebind option. Thanks to Collin Mulliner
+ for the patch.
+
+ Added GPL version 3 as a license option.
+
+ Added --all-servers option. Thanks to Peter Naulls for the
+ patch.
+
+ Extend source address mechanism so that the interface used
+ to contact an upstream DNS server can be nailed
+ down. Something like "--server=1.2.3.4@eth1" will force
+ the use of eth1 for traffic to DNS-server 1.2.3.4. This
+ facility is only available on Linux and Solaris. Thanks to
+ Peter Naulls for prompting this.
+
+ Add --dhcp-optsfile option. Thanks to Carlos Carvalho for
+ the suggestion.
+
+ Fixed failure to set source address for server connections
+ when using TCP. Thanks to Simon Capper for finding this
+ bug.
+
+ Refuse to give a DHCP client the address it asks for if
+ the address range in question is not available to that
+ particular host. Thanks to Cedric Duval for the bug
+ report.
+
+ Changed behavior of DHCP server to always return total length of
+ a new lease in DHCPOFFER, even if an existing lease
+ exists. (It used to return the time remaining on the lease
+ whne one existed.) This fixes problems with the Sony Ericsson
+ K610i phone. Thanks to Hakon Stordahl for finding and
+ fixing this.
+
+ Add DNSMASQ_INTERFACE to the environment of the
+ lease-change script. Thanks to Nikos Mavrogiannopoulos for
+ the patch.
+
+ Fixed broken --alias functionality. Thanks to Michael
+ Meelis for the bug report.
+
+ Added French translation of the man page. Thank to Gildas
+ Le Nadan for that.
+
+ Add --dhcp-match flag, to check for arbitrary options in
+ DHCP messages from clients. This enables use of dnsmasq
+ with gPXE. Thanks to Rance Hall for the suggestion.
+
+ Added --dhcp-broadcast, to force broadcast replies to DHCP
+ clients which need them but are too dumb or too old to
+ ask. Thanks to Bodo Bellut for the suggestion.
+
+ Disable path-MTU discovery on DHCP and TFTP sockets. This
+ is never needed, and the presence of DF flags in the IP
+ header confuses some broken PXE ROMS. Thanks again to Bodo
+ Bellut for spotting this.
+
+ Fix problems with addresses which have multiple PTR
+ records - all but one of these could get lost.
+
+ Fix bug with --address and ANY query type seeing REFUSED
+ return code in replies. Thanks to Mike Wright for spotting
+ the problem.
+
+ Update Spanish translation. Thanks to Chris Chatham.
+
+ Add --neg-ttl option.
+
+ Add warnings about the bad effects of --filterwin2k on
+ SIP, XMPP and Google-talk to the example config file.
+
+ Fix va_list abuse in log.c. This fixes crashes on powerpc
+ when debug mode is set. Thanks to Cedric Duval for the
+ patch.
+
+version 2.42
+ Define _GNU_SOURCE to avoid problems with later glibc
+ headers. Thanks to Jima for spotting the problem.
+
+ Add --dhcp-alternate-port option. Thanks to Jan Psota for
+ the suggestion.
+
+ Fix typo in code which is only used on BSD, when Dbus and
+ IPv6 support is enabled. Thanks to Roy Marples.
+
+ Updated Polish translations - thank to Jan Psota.
+
+ Fix OS detection logic to cope with GNU/FreeBSD.
+
+ Fix unitialised variable in DBus code - thanks to Roy
+ Marples.
+
+ Fix network enumeration code to work on later NetBSD -
+ thanks to Roy Marples.
+
+ Provide --dhcp-bridge on all BSD variants.
+
+ Define _LARGEFILE_SOURCE which removes an arbitrary 2GB
+ limit on logfiles. Thanks to Paul Chambers for spotting
+ the problem.
+
+ Fix RFC3046 agent-id echo code, broken for many
+ releases. Thanks to Jeremy Laine for spotting the problem
+ and providing a patch.
+
+ Added Solaris 10 service manifest from David Connelly in
+ contrib/Solaris10
+
+ Add --dhcp-scriptuser option.
+
+ Support new capability interface on suitable Linux
+ kernels, removes "legacy support in use" messages. Thanks
+ to Jorge Bastos for pointing this out.
+
+ Fix subtle bug in cache code which could cause dnsmasq to
+ lock spinning CPU in rare circumstances. Thanks to Alex
+ Chekholko for bug reports and help debugging.
+
+ Support netascii transfer mode for TFTP.
+
diff --git a/COPYING b/COPYING
new file mode 100755
index 0000000..60549be
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) 19yy <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) 19yy name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/COPYING-v3 b/COPYING-v3
new file mode 100755
index 0000000..94a9ed0
--- /dev/null
+++ b/COPYING-v3
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ <program> Copyright (C) <year> <name of author>
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/FAQ b/FAQ
new file mode 100755
index 0000000..b51c31e
--- /dev/null
+++ b/FAQ
@@ -0,0 +1,471 @@
+Q: Why does dnsmasq open UDP ports >1024 as well as port 53.
+ Is this a security problem/trojan/backdoor?
+
+A: The high ports that dnsmasq opens are for replies from the upstream
+ nameserver(s). Queries from dnsmasq to upstream nameservers are sent
+ from these ports and replies received to them. The reason for doing this is
+ that most firewall setups block incoming packets _to_ port 53, in order
+ to stop DNS queries from the outside world. If dnsmasq sent its queries
+ from port 53 the replies would be _to_ port 53 and get blocked.
+
+ This is not a security hole since dnsmasq will only accept replies to that
+ port: queries are dropped. The replies must be to oustanding queries
+ which dnsmasq has forwarded, otherwise they are dropped too.
+
+ Addendum: dnsmasq now has the option "query-port" (-Q), which allows
+ you to specify the UDP port to be used for this purpose. If not
+ specified, the operating system will select an available port number
+ just as it did before.
+
+ Second addendum: following the discovery of a security flaw in the
+ DNS protocol, dnsmasq from version 2.43 has changed behavior. It
+ now uses a new, randomly selected, port for each query. The old
+ default behaviour (use one port allocated by the OS) is available by
+ setting --query-port=0, and setting the query port to a positive
+ value is still works. You should think hard and know what you are
+ doing before using either of these options.
+
+Q: Why doesn't dnsmasq support DNS queries over TCP? Don't the RFC's specify
+ that?
+
+A: Update: from version 2.10, it does. There are a few limitations:
+ data obtained via TCP is not cached, and source-address
+ or query-port specifications are ignored for TCP.
+
+Q: When I send SIGUSR1 to dump the contents of the cache, some entries have
+ no IP address and are for names like mymachine.mydomain.com.mydomain.com.
+ What are these?
+
+A: They are negative entries: that's what the N flag means. Dnsmasq asked
+ an upstream nameserver to resolve that address and it replied "doesn't
+ exist, and won't exist for <n> hours" so dnsmasq saved that information so
+ that if _it_ gets asked the same question it can answer directly without
+ having to go back to the upstream server again. The strange repeated domains
+ result from the way resolvers search short names. See "man resolv.conf" for
+ details.
+
+
+Q: Will dnsmasq compile/run on non-Linux systems?
+
+A: Yes, there is explicit support for *BSD and MacOS X and Solaris.
+ There are start-up scripts for MacOS X Tiger and Panther
+ in /contrib. Dnsmasq will link with uclibc to provide small
+ binaries suitable for use in embedded systems such as
+ routers. (There's special code to support machines with flash
+ filesystems and no battery-backed RTC.)
+ If you encounter make errors with *BSD, try installing gmake from
+ ports and building dnsmasq with "make MAKE=gmake"
+ For other systems, try altering the settings in config.h.
+
+Q: My company's nameserver knows about some names which aren't in the
+ public DNS. Even though I put it first in /etc/resolv.conf, it
+ dosen't work: dnsmasq seems not to use the nameservers in the order
+ given. What am I doing wrong?
+
+A: By default, dnsmasq treats all the nameservers it knows about as
+ equal: it picks the one to use using an algorithm designed to avoid
+ nameservers which aren't responding. To make dnsmasq use the
+ servers in order, give it the -o flag. If you want some queries
+ sent to a special server, think about using the -S flag to give the
+ IP address of that server, and telling dnsmasq exactly which
+ domains to use the server for.
+
+Q: OK, I've got queries to a private nameserver working, now how about
+ reverse queries for a range of IP addresses?
+
+A: Use the standard DNS convention of <reversed address>.in-addr.arpa.
+ For instance to send reverse queries on the range 192.168.0.0 to
+ 192.168.0.255 to a nameserver at 10.0.0.1 do
+ server=/0.168.192.in-addr.arpa/10.0.0.1
+ Note that the "bogus-priv" option take priority over this option,
+ so the above will not work when the bogus-priv option is set.
+
+Q: Dnsmasq fails to start with an error like this: "dnsmasq: bind
+ failed: Cannot assign requested address". What's the problem?
+
+A: This has been seen when a system is bringing up a PPP interface at
+ boot time: by the time dnsmasq start the interface has been
+ created, but not brought up and assigned an address. The easiest
+ solution is to use --interface flags to specify which interfaces
+ dnsmasq should listen on. Since you are unlikely to want dnsmasq to
+ listen on a PPP interface and offer DNS service to the world, the
+ problem is solved.
+
+Q: I'm running on BSD and dnsmasq won't accept long options on the
+ command line.
+
+A: Dnsmasq when built on some BSD systems doesn't use GNU getopt by
+ default. You can either just use the single-letter options or
+ change config.h and the Makefile to use getopt-long. Note that
+ options in /etc/dnsmasq.conf must always be the long form,
+ on all platforms.
+
+Q: Names on the internet are working fine, but looking up local names
+ from /etc/hosts or DHCP doesn't seem to work.
+
+A: Resolver code sometime does strange things when given names without
+ any dots in. Win2k and WinXP may not use the DNS at all and just
+ try and look up the name using WINS. On unix look at "options ndots:"
+ in "man resolv.conf" for details on this topic. Testing lookups
+ using "nslookup" or "dig" will work, but then attempting to run
+ "ping" will get a lookup failure, appending a dot to the end of the
+ hostname will fix things. (ie "ping myhost" fails, but "ping
+ myhost." works. The solution is to make sure that all your hosts
+ have a domain set ("domain" in resolv.conf, or set a domain in
+ your DHCP server, see below fr Windows XP and Mac OS X).
+ Any domain will do, but "localnet" is traditional. Now when you
+ resolve "myhost" the resolver will attempt to look up
+ "myhost.localnet" so you need to have dnsmasq reply to that name.
+ The way to do that is to include the domain in each name on
+ /etc/hosts and/or to use the --expand-hosts and --domain options.
+
+Q: How do I set the DNS domain in Windows XP or MacOS X (ref: previous
+ question)?
+
+A: for XP, Control Panel > Network Connections > { Connection to gateway /
+ DNS } > Properties > { Highlight TCP/IP } > Properties > Advanced >
+ DNS Tab > DNS suffix for this connection:
+
+A: for OS X, System Preferences > Network > {Connection to gateway / DNS } >
+ Search domains:
+
+Q: Can I get dnsmasq to save the contents of its cache to disk when
+ I shut my machine down and re-load when it starts again?
+
+A: No, that facility is not provided. Very few names in the DNS have
+ their time-to-live set for longer than a few hours so most of the
+ cache entries would have expired after a shutdown. For longer-lived
+ names it's much cheaper to just reload them from the upstream
+ server. Note that dnsmasq is not shut down between PPP sessions so
+ go off-line and then on-line again will not lose the contents of
+ the cache.
+
+Q: Who are Verisign, what do they have to do with the bogus-nxdomain
+ option in dnsmasq and why should I wory about it?
+
+A: [note: this was written in September 2003, things may well change.]
+ Versign run the .com and .net top-level-domains. They have just
+ changed the configuration of their servers so that unknown .com and
+ .net domains, instead of returning an error code NXDOMAIN, (no such
+ domain) return the address of a host at Versign which runs a web
+ server showing a search page. Most right-thinking people regard
+ this new behaviour as broken :-). You can test to see if you are
+ suffering Versign brokeness by run a command like
+
+ host jlsdajkdalld.com
+
+ If you get "jlsdajkdalld.com" does not exist, then all is fine, if
+ host returns an IP address, then the DNS is broken. (Try a few
+ different unlikely domains, just in case you picked a wierd one
+ which really _is_ registered.)
+
+ Assuming that your DNS is broken, and you want to fix it, simply
+ note the IP address being returned and pass it to dnsmasq using the
+ --bogus-nxdomain flag. Dnsmasq will check for results returning
+ that address and substitute an NXDOMAIN instead.
+
+ As of writing, the IP address in question for the .com and .net
+ domains is is 64.94.110.11. Various other, less prominent,
+ registries pull the same stunt; there is a list of them all, and
+ the addresses to block, at http://winware.org/bogus-domains.txt
+
+Q: This new DHCP server is well and good, but it doesn't work for me.
+ What's the problem?
+
+A: There are a couple of configuration gotchas which have been
+ encountered by people moving from the ISC dhcpd to the dnsmasq
+ integrated DHCP daemon. Both are related to differences in
+ in the way the two daemons bypass the IP stack to do "ground up"
+ IP configuration and can lead to the dnsmasq daemon failing
+ whilst the ISC one works.
+
+ The first thing to check is the broadcast address set for the
+ ethernet interface. This is normally the adddress on the connected
+ network with all ones in the host part. For instance if the
+ address of the ethernet interface is 192.168.55.7 and the netmask
+ is 255.255.255.0 then the broadcast address should be
+ 192.168.55.255. Having a broadcast address which is not on the
+ network to which the interface is connected kills things stone
+ dead.
+
+ The second potential problem relates to firewall rules: since the ISC
+ daemon in some configurations bypasses the kernel firewall rules
+ entirely, the ability to run the ISC daemon does not indicate
+ that the current configuration is OK for the dnsmasq daemon.
+ For the dnsmasq daemon to operate it's vital that UDP packets to
+ and from ports 67 and 68 and broadcast packets with source
+ address 0.0.0.0 and destination address 255.255.255.255 are not
+ dropped by iptables/ipchains.
+
+Q: I'm running Debian, and my machines get an address fine with DHCP,
+ but their names are not appearing in the DNS.
+
+A: By default, none of the DHCP clients send the host-name when asking
+ for a lease. For most of the clients, you can set the host-name to
+ send with the "hostname" keyword in /etc/network/interfaces. (See
+ "man interfaces" for details.) That doesn't work for dhclient, were
+ you have to add something like "send host-name daisy" to
+ /etc/dhclient.conf [Update: the lastest dhcpcd packages _do_ send
+ the hostname by default.
+
+Q: I'm network booting my machines, and trying to give them static
+ DHCP-assigned addresses. The machine gets its correct address
+ whilst booting, but then the OS starts and it seems to get
+ allocated a different address.
+
+A: What is happening is this: The boot process sends a DHCP
+ request and gets allocated the static address corresponding to its
+ MAC address. The boot loader does not send a client-id. Then the OS
+ starts and repeats the DHCP process, but it it does send a
+ client-id. Dnsmasq cannot assume that the two requests are from the
+ same machine (since the client ID's don't match) and even though
+ the MAC address has a static allocation, that address is still in
+ use by the first incarnation of the machine (the one from the boot,
+ without a client ID.) dnsmasq therefore has to give the machine a
+ dynamic address from its pool. There are three ways to solve this:
+ (1) persuade your DHCP client not to send a client ID, or (2) set up
+ the static assignment to the client ID, not the MAC address. The
+ default client-id will be 01:<MAC address>, so change the dhcp-host
+ line from "dhcp-host=11:22:33:44:55:66,1.2.3.4" to
+ "dhcp-host=id:01:11:22:33:44:55:66,1.2.3.4" or (3) tell dnsmasq to
+ ignore client IDs for a particular MAC address, like this:
+ dhcp-host=11:22:33:44:55:66,id:*
+
+Q: What network types are supported by the DHCP server?
+
+A: Ethernet (and 802.11 wireless) are supported on all platforms. On
+ Linux all network types (including FireWire) are supported.
+
+Q: What is this strange "bind-interface" option?
+
+A: The DNS spec says that the reply to a DNS query must come from the
+ same address it was sent to. The traditional way to write an UDP
+ server to do this is to find all of the addresses belonging to the
+ machine (ie all the interfaces on the machine) and then create a
+ socket for each interface which is bound to the address of the
+ interface. Then when a packet is sent to address A, it is received
+ on the socket bound to address A and when the reply is also sent
+ via that socket, the source address is set to A by the kernel and
+ everything works. This is the how dnsmasq works when
+ "bind-interfaces" is set, with the obvious extension that is misses
+ out creating sockets for some interfaces depending on the
+ --interface, --address and --except-interface flags. The
+ disadvantage of this approach is that it breaks if interfaces don't
+ exist or are not configured when the daemon starts and does the
+ socket creation step. In a hotplug-aware world this is a real
+ problem.
+
+ The alternative approach is to have only one socket, which is bound
+ to the correct port and the wildcard IP address (0.0.0.0). That
+ socket will receive _all_ packets sent to port 53, no matter what
+ destination address they have. This solves the problem of
+ interfaces which are created or reconfigured after daemon
+ start-up. To make this work is more complicated because of the
+ "reply source address" problem. When a UDP packet is sent by a
+ socket bound to 0.0.0.0 its source address will be set to the
+ address of one of the machine's interfaces, but which one is not
+ determined and can vary depending on the OS being run. To get round
+ this it is neccessary to use a scary advanced API to determine the
+ address to which a query was sent, and force that to be the source
+ address in the reply. For IPv4 this stuff in non-portable and quite
+ often not even available (It's different between FreeBSD 5.x and
+ Linux, for instance, and FreeBSD 4.x, Linux 2.0.x and OpenBSD don't
+ have it at all.) Hence "bind-interfaces" has to always be available
+ as a fall back. For IPv6 the API is standard and universally
+ available.
+
+ It could be argued that if the --interface or --address flags are
+ used then binding interfaces is more appropriate, but using
+ wildcard binding means that dnsmasq will quite happily start up
+ after being told to use interfaces which don't exist, but which are
+ created later. Wildcard binding breaks the scenario when dnsmasq is
+ listening on one interface and another server (most probably BIND)
+ is listening on another. It's not possible for BIND to bind to an
+ (address,port) pair when dnsmasq has bound (wildcard,port), hence
+ the ability to explicitly turn off wildcard binding.
+
+Q: Why doesn't Kerberos work/why can't I get sensible answers to
+ queries for SRV records.
+
+A: Probably because you have the "filterwin2k" option set. Note that
+ it was on by default in example configuration files included in
+ versions before 2.12, so you might have it set on without
+ realising.
+
+Q: Can I get email notification when a new version of dnsmasq is
+ released?
+
+A: Yes, new releases of dnsmasq are always announced through
+ freshmeat.net, and they allow you to subcribe to email alerts when
+ new versions of particular projects are released. New releases are
+ also announced in the dnsmasq-discuss mailing list, subscribe at
+ http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
+
+Q: What does the dhcp-authoritative option do?
+
+A: See http://www.isc.org/index.pl?/sw/dhcp/authoritative.php - that's
+ for the ISC daemon, but the same applies to dnsmasq.
+
+Q: Why does my Gentoo box pause for a minute before getting a new
+ lease?
+
+A: Because when a Gentoo box shuts down, it releases its lease with
+ the server but remembers it on the client; this seems to be a
+ Gentoo-specific patch to dhcpcd. On restart it tries to renew
+ a lease which is long gone, as far as dnsmasq is concerned, and
+ dnsmasq ignores it until is times out and restarts the process.
+ To fix this, set the dhcp-authoritative flag in dnsmasq.
+
+Q: My laptop has two network interfaces, a wired one and a wireless
+ one. I never use both interfaces at the same time, and I'd like the
+ same IP and configuration to be used irrespective of which
+ interface is in use. How can I do that?
+
+A: By default, the identity of a machine is determined by using the
+ MAC address, which is associated with interface hardware. Once an
+ IP is bound to the MAC address of one interface, it cannot be
+ associated with another MAC address until after the DHCP lease
+ expires. The solution to this is to use a client-id as the machine
+ identity rather than the MAC address. If you arrange for the same
+ client-id to sent when either interface is in use, the DHCP server
+ will recognise the same machine, and use the same address. The
+ method for setting the client-id varies with DHCP client software,
+ dhcpcd uses the "-I" flag. Windows uses a registry setting,
+ see http://www.jsiinc.com/SUBF/TIP2800/rh2845.htm
+Addendum:
+ From version 2.46, dnsmasq has a solution to this which doesn't
+ involve setting client-IDs. It's possible to put more than one MAC
+ address in a --dhcp-host configuration. This tells dnsmasq that it
+ should use the specified IP for any of the specified MAC addresses,
+ and furthermore it gives dnsmasq permission to sumarily abandon a
+ lease to one of the MAC addresses if another one comes along. Note
+ that this will work fine only as longer as only one interface is
+ up at any time. There is no way for dnsmasq to enforce this
+ constraint: if you configure multiple MAC addresses and violate
+ this rule, bad things will happen.
+
+Q: Can dnsmasq do DHCP on IP-alias interfaces?
+
+A: Yes, from version-2.21. The support is only available running under
+ Linux, on a kernel which provides the RT-netlink facility. All 2.4
+ and 2.6 kernels provide RT-netlink and it's an option in 2.2
+ kernels.
+
+ If a physical interface has more than one IP address or aliases
+ with extra IP addresses, then any dhcp-ranges corresponding to
+ these addresses can be used for address allocation. So if an
+ interface has addresses 192.168.1.0/24 and 192.68.2.0/24 and there
+ are DHCP ranges 192.168.1.100-192.168.1.200 and
+ 192.168.2.100-192.168.2.200 then both ranges would be used for host
+ connected to the physical interface. A more typical use might be to
+ have one of the address-ranges as static-only, and have known
+ hosts allocated addresses on that subnet using dhcp-host options,
+ while anonymous hosts go on the other.
+
+
+Q: Dnsmasq sometimes logs "nameserver xxx.xxx.xxx.xxx refused
+ to do a recursive query" and DNS stops working. What's going on?
+
+A: Probably the nameserver is an authoritative nameserver for a
+ particular domain, but is not configured to answer general DNS
+ queries for an arbitrary domain. It is not suitable for use by
+ dnsmasq as an upstream server and should be removed from the
+ configuration. Note that if you have more than one upstream
+ nameserver configured dnsmasq will load-balance across them and
+ it may be some time before dnsmasq gets around to using a
+ particular nameserver. This means that a particular configuration
+ may work for sometime with a broken upstream nameserver
+ configuration.
+
+
+Q: Does the dnsmasq DHCP server probe addresses before allocating
+ them, as recommended in RFC2131?
+
+A: Yes, dynmaically allocated IP addresses are checked by sending an
+ ICMP echo request (ping). If a reply is received, then dnsmasq
+ assumes that the address is in use, and attempts to allocate an
+ different address. The wait for a reply is between two and three
+ seconds. Because the DHCP server is not re-entrant, it cannot serve
+ other DHCP requests during this time. To avoid dropping requests,
+ the address probe may be skipped when dnsmasq is under heavy load.
+
+
+Q: I'm using dnsmasq on a machine with the Firestarter firewall, and
+ DHCP doesn't work. What's the problem?
+
+A: This a variant on the iptables problem. Explicit details on how to
+ proceed can be found at
+ http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2005q3/000431.html
+
+
+Q: I'm using dnsmasq on a machine with the shorewall firewall, and
+ DHCP doesn't work. What's the problem?
+
+A: This a variant on the iptables problem. Explicit details on how to
+ proceed can be found at
+ http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2007q4/001764.html
+
+
+Q: Dnsmasq fails to start up with a message about capabilities.
+ Why did that happen and what can do to fix it?
+
+A: Change your kernel configuration: either deselect CONFIG_SECURITY
+ _or_ select CONFIG_SECURITY_CAPABILITIES. Alternatively, you can
+ remove the need to set capabilities by running dnsmasq as root.
+
+Q: Where can I get .rpms Suitable for Suse?
+
+A: Dnsmasq is in Suse itself, and the latest releases are also
+ available at ftp://ftp.suse.com/pub/people/ug/
+
+
+Q: Can I run dnsmasq in a Linux vserver?
+
+A: Yes, as a DNS server, dnsmasq will just work in a vserver.
+ To use dnsmasq's DHCP function you need to give the vserver
+ extra system capabilities. Please note that doing so will lesser
+ the overall security of your system. The capabilities
+ required are NET_ADMIN and NET_RAW. NET_ADMIN is essential, NET_RAW
+ is required to do an ICMP "ping" check on newly allocated
+ addresses. If you don't need this check, you can disable it with
+ --no-ping and omit the NET_RAW capability.
+ Adding the capabilities is done by adding them, one per line, to
+ either /etc/vservers/<vservername>/ccapabilities for a 2.4 kernel or
+ /etc/vservers/<vservername>/bcapabilities for a 2.6 kernel (please
+ refer to the vserver documentation for more information).
+
+
+Q: What's the problem with syslog and dnsmasq?
+
+A: In almost all cases: none. If you have the normal arrangement with
+ local daemons logging to a local syslog, which then writes to disk,
+ then there's never a problem. If you use network logging, then
+ there's a potential problem with deadlock: the syslog daemon will
+ do DNS lookups so that it can log the source of log messages,
+ these lookups will (depending on exact configuration) go through
+ dnsmasq, which also sends log messages. With bad timing, you can
+ arrive at a situation where syslog is waiting for dnsmasq, and
+ dnsmasq is waiting for syslog; they will both wait forever. This
+ problem is fixed from dnsmasq-2.39, which introduces asynchronous
+ logging: dnsmasq no longer waits for syslog and the deadlock is
+ broken. There is a remaining problem in 2.39, where "log-queries"
+ is in use. In this case most DNS queries generate two log lines, if
+ these go to a syslog which is doing a DNS lookup for each log line,
+ then those queries will in turn generate two more log lines, and a
+ chain reaction runaway will occur. To avoid this, use syslog-ng
+ and turn on syslog-ng's dns-cache function.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Makefile b/Makefile
new file mode 100755
index 0000000..3d07c24
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,78 @@
+# dnsmasq is Copyright (c) 2000-2009 Simon Kelley
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 dated June, 1991, or
+# (at your option) version 3 dated 29 June, 2007.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+PREFIX = /usr/local
+BINDIR = ${PREFIX}/sbin
+MANDIR = ${PREFIX}/share/man
+LOCALEDIR = ${PREFIX}/share/locale
+
+SRC = src
+PO = po
+MAN = man
+
+PKG_CONFIG = pkg-config
+INSTALL = install
+MSGMERGE = msgmerge
+MSGFMT = msgfmt
+XGETTEXT = xgettext
+
+#################################################################
+
+DNSMASQ_CFLAGS=`echo $(COPTS) | ../bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1`
+DNSMASQ_LIBS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1`
+SUNOS_LIBS= `if uname | grep SunOS 2>&1 >/dev/null; then echo -lsocket -lnsl -lposix4; fi`
+
+all : dnsmasq
+
+dnsmasq :
+ @cd $(SRC) && $(MAKE) \
+ DNSMASQ_CFLAGS="$(DNSMASQ_CFLAGS)" \
+ DNSMASQ_LIBS="$(DNSMASQ_LIBS) $(SUNOS_LIBS)" \
+ -f ../bld/Makefile dnsmasq
+
+clean :
+ rm -f *~ $(SRC)/*.mo contrib/*/*~ */*~ $(SRC)/*.pot
+ rm -f $(SRC)/*.o $(SRC)/dnsmasq.a $(SRC)/dnsmasq core */core
+
+install : all install-common
+
+install-common :
+ $(INSTALL) -d $(DESTDIR)$(BINDIR) -d $(DESTDIR)$(MANDIR)/man8
+ $(INSTALL) -m 644 $(MAN)/dnsmasq.8 $(DESTDIR)$(MANDIR)/man8
+ $(INSTALL) -m 755 $(SRC)/dnsmasq $(DESTDIR)$(BINDIR)
+
+all-i18n :
+ @cd $(SRC) && $(MAKE) \
+ I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' \
+ DNSMASQ_CFLAGS="$(DNSMASQ_CFLAGS) `$(PKG_CONFIG) --cflags libidn`" \
+ DNSMASQ_LIBS="$(DNSMASQ_LIBS) $(SUNOS_LIBS) `$(PKG_CONFIG) --libs libidn`" \
+ -f ../bld/Makefile dnsmasq
+ @cd $(PO); for f in *.po; do \
+ cd ../$(SRC) && $(MAKE) \
+ MSGMERGE=$(MSGMERGE) MSGFMT=$(MSGFMT) XGETTEXT=$(XGETTEXT) \
+ -f ../bld/Makefile $${f%.po}.mo; \
+ done
+
+install-i18n : all-i18n install-common
+ cd $(SRC); ../bld/install-mo $(DESTDIR)$(LOCALEDIR) $(INSTALL)
+ cd $(MAN); ../bld/install-man $(DESTDIR)$(MANDIR) $(INSTALL)
+
+merge :
+ @cd $(SRC) && $(MAKE) XGETTEXT=$(XGETTEXT) -f ../bld/Makefile dnsmasq.pot
+ @cd $(PO); for f in *.po; do \
+ echo -n msgmerge $$f && $(MSGMERGE) --no-wrap -U $$f ../$(SRC)/dnsmasq.pot; \
+ done
+
+
diff --git a/bld/Makefile b/bld/Makefile
new file mode 100755
index 0000000..53dab34
--- /dev/null
+++ b/bld/Makefile
@@ -0,0 +1,17 @@
+CFLAGS = -Wall -W -O2
+
+OBJS = cache.o rfc1035.o util.o option.o forward.o network.o \
+ dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+ helper.o tftp.o log.o
+
+.c.o:
+ $(CC) $(CFLAGS) $(COPTS) $(I18N) $(DNSMASQ_CFLAGS) $(RPM_OPT_FLAGS) -c $<
+
+dnsmasq : $(OBJS)
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) $(DNSMASQ_LIBS) $(LIBS)
+
+dnsmasq.pot : $(OBJS:.o=.c) dnsmasq.h config.h
+ $(XGETTEXT) -d dnsmasq --foreign-user --omit-header --keyword=_ -o $@ -i $(OBJS:.o=.c)
+
+%.mo : ../po/%.po dnsmasq.pot
+ $(MSGMERGE) -o - ../po/$*.po dnsmasq.pot | $(MSGFMT) -o $*.mo -
diff --git a/bld/install-man b/bld/install-man
new file mode 100755
index 0000000..f4cf3dc
--- /dev/null
+++ b/bld/install-man
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+for f in *; do
+ if [ -d $f ]; then
+ $2 -m 755 -d $1/$f/man8
+ $2 -m 644 $f/dnsmasq.8 $1/$f/man8
+ echo installing $1/$f/man8/dnsmasq.8
+ fi
+done
diff --git a/bld/install-mo b/bld/install-mo
new file mode 100755
index 0000000..d11fa9f
--- /dev/null
+++ b/bld/install-mo
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+for f in *.mo; do
+ $2 -m 755 -d $1/${f%.mo}/LC_MESSAGES
+ $2 -m 644 $f $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
+ echo installing $1/${f%.mo}/LC_MESSAGES/dnsmasq.mo
+done
+
+
diff --git a/bld/pkg-wrapper b/bld/pkg-wrapper
new file mode 100755
index 0000000..4f3b76b
--- /dev/null
+++ b/bld/pkg-wrapper
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+search=$1
+shift
+
+if grep "^\#.*define.*$search" config.h 2>&1 >/dev/null || \
+ grep $search 2>&1 >/dev/null ; then
+ exec $*
+fi
+
+
diff --git a/contrib/Solaris10/README b/contrib/Solaris10/README
new file mode 100755
index 0000000..a035875
--- /dev/null
+++ b/contrib/Solaris10/README
@@ -0,0 +1,28 @@
+From: David Connelly <dconnelly@gmail.com>
+Date: Mon, Apr 7, 2008 at 3:31 AM
+Subject: Solaris 10 service manifest
+To: dnsmasq-discuss@lists.thekelleys.org.uk
+
+
+I've found dnsmasq much easier to set up on my home server running Solaris
+10 than the stock dhcp/dns server, which is probably overkill anyway for my
+simple home network needs. Since Solaris now uses SMF (Service Management
+Facility) to manage services I thought I'd create a simple service manifest
+for the dnsmasq service. The manifest currently assumes that dnsmasq has
+been installed in '/usr/local/sbin/dnsmasq' and the configuration file in
+'/usr/local/etc/dnsmasq.conf', so you may have to adjust these paths for
+your local installation. Here are the steps I followed to install and enable
+the dnsmasq service:
+ # svccfg import dnsmasq.xml
+ # svcadm enable dnsmasq
+
+To confirm that the service is enabled and online:
+
+ # svcs -l dnsmasq
+
+I've just started learning about SMF so if anyone has any
+corrections/feedback they are more than welcome.
+
+Thanks,
+David
+
diff --git a/contrib/Solaris10/dnsmasq.xml b/contrib/Solaris10/dnsmasq.xml
new file mode 100755
index 0000000..7da0253
--- /dev/null
+++ b/contrib/Solaris10/dnsmasq.xml
@@ -0,0 +1,65 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+
+<!-- Service manifest for dnsmasq -->
+
+<service_bundle type='manifest' name='dnsmasq'>
+ <service name='network/dnsmasq' type='service' version='1'>
+
+ <create_default_instance enabled='false'/>
+ <single_instance/>
+
+ <dependency name='multi-user'
+ grouping='require_all'
+ restart_on='refresh'
+ type='service'>
+ <service_fmri value='svc:/milestone/multi-user'/>
+ </dependency>
+
+ <dependency name='config'
+ grouping='require_all'
+ restart_on='restart'
+ type='path'>
+ <service_fmri value='file:///usr/local/etc/dnsmasq.conf'/>
+ </dependency>
+
+ <dependent name='dnsmasq_multi-user-server'
+ grouping='optional_all'
+ restart_on='none'>
+ <service_fmri value='svc:/milestone/multi-user-server' />
+ </dependent>
+
+ <exec_method type='method' name='start'
+ exec='/usr/local/sbin/dnsmasq -C /usr/local/etc/dnsmasq.conf'
+ timeout_seconds='60' >
+ <method_context>
+ <method_credential user='root' group='root' privileges='all'/>
+ </method_context>
+ </exec_method>
+
+ <exec_method type='method'
+ name='stop'
+ exec=':kill'
+ timeout_seconds='60'/>
+
+ <exec_method type='method'
+ name='refresh'
+ exec=':kill -HUP'
+ timeout_seconds='60' />
+
+ <template>
+ <common_name>
+ <loctext xml:lang='C'>dnsmasq server</loctext>
+ </common_name>
+ <description>
+ <loctext xml:lang='C'>
+dnsmasq - A lightweight DHCP and caching DNS server.
+ </loctext>
+ </description>
+ <documentation>
+ <manpage title='dnsmasq' section='8' manpath='/usr/local/man'/>
+ </documentation>
+ </template>
+
+ </service>
+</service_bundle>
diff --git a/contrib/Suse/README b/contrib/Suse/README
new file mode 100755
index 0000000..3fdc186
--- /dev/null
+++ b/contrib/Suse/README
@@ -0,0 +1,6 @@
+This packaging is now unmaintained in the dnsmasq source: dnsmasq is
+included in Suse proper, and up-to-date packages are now available
+from
+
+ftp://ftp.suse.com/pub/people/ug/
+
diff --git a/contrib/Suse/README.susefirewall b/contrib/Suse/README.susefirewall
new file mode 100755
index 0000000..2f19ca6
--- /dev/null
+++ b/contrib/Suse/README.susefirewall
@@ -0,0 +1,27 @@
+This is a patch against SuSEfirewall2-3.1-206 (SuSE 9.x and older)
+It fixes the depancy from the dns daemon name 'named'
+After appending the patch, the SuSEfirewall is again able to autodetect
+the dnsmasq named service.
+This is a very old bug in the SuSEfirewall script.
+The SuSE people think the name of the dns server will allways 'named'
+
+
+--- /sbin/SuSEfirewall2.orig 2004-01-23 13:30:09.000000000 +0100
++++ /sbin/SuSEfirewall2 2004-01-23 13:31:56.000000000 +0100
+@@ -764,7 +764,7 @@
+ echo 'FW_ALLOW_INCOMING_HIGHPORTS_UDP should be set to yes, if you are running a DNS server!'
+
+ test "$FW_SERVICE_AUTODETECT" = yes -o "$FW_SERVICE_AUTODETECT" = dmz -o "$FW_SERVICE_AUTODETECT" = ext && {
+- test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv named && {
++ test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv dnsmasq && {
+ echo -e 'Warning: detected activated named, enabling FW_SERVICE_DNS!
+ You still have to allow tcp/udp port 53 on internal, dmz and/or external.'
+ FW_SERVICE_DNS=$FW_SERVICE_AUTODETECT
+@@ -878,7 +878,7 @@
+ test -e /etc/resolv.conf || echo "Warning: /etc/resolv.conf not found"
+ # Get ports/IP bindings of NAMED/SQUID
+ test "$FW_SERVICE_DNS" = yes -o "$FW_SERVICE_DNS" = dmz -o "$FW_SERVICE_DNS" = ext -o "$START_NAMED" = yes && DNS_PORT=`$LSOF -i -n -P | \
+- $AWK -F: '/^named .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un`
++ $AWK -F: '/^dnsmasq .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un`
+ test "$FW_SERVICE_SQUID" = yes -o "$FW_SERVICE_SQUID" = dmz -o "$FW_SERVICE_SQUID" = ext -o "$START_SQUID" = yes && SQUID_PORT=`$LSOF -i -n -P | \
+ $AWK -F: '/^squid .* UDP/ {print $2}'| $SORT -un`
diff --git a/contrib/Suse/dnsmasq-SuSE.patch b/contrib/Suse/dnsmasq-SuSE.patch
new file mode 100755
index 0000000..626245f
--- /dev/null
+++ b/contrib/Suse/dnsmasq-SuSE.patch
@@ -0,0 +1,23 @@
+--- man/dnsmasq.8 2004-08-08 20:57:56.000000000 +0200
++++ man/dnsmasq.8 2004-08-12 00:40:01.000000000 +0200
+@@ -69,7 +69,7 @@
+ .TP
+ .B \-g, --group=<groupname>
+ Specify the group which dnsmasq will run
+-as. The defaults to "dip", if available, to facilitate access to
++as. The defaults to "dialout", if available, to facilitate access to
+ /etc/ppp/resolv.conf which is not normally world readable.
+ .TP
+ .B \-v, --version
+--- src/config.h 2004-08-11 11:39:18.000000000 +0200
++++ src/config.h 2004-08-12 00:40:01.000000000 +0200
+@@ -44,7 +44,7 @@
+ #endif
+ #define DEFLEASE 3600 /* default lease time, 1 hour */
+ #define CHUSER "nobody"
+-#define CHGRP "dip"
++#define CHGRP "dialout"
+ #define DHCP_SERVER_PORT 67
+ #define DHCP_CLIENT_PORT 68
+
+
diff --git a/contrib/Suse/dnsmasq-suse.spec b/contrib/Suse/dnsmasq-suse.spec
new file mode 100755
index 0000000..ff8ba8f
--- /dev/null
+++ b/contrib/Suse/dnsmasq-suse.spec
@@ -0,0 +1,111 @@
+###############################################################################
+#
+# General
+#
+###############################################################################
+
+Name: dnsmasq
+Version: 2.33
+Release: 1
+Copyright: GPL
+Group: Productivity/Networking/DNS/Servers
+Vendor: Simon Kelley
+Packager: Simon Kelley
+URL: http://www.thekelleys.org.uk/dnsmasq
+Provides: dns_daemon
+Conflicts: bind bind8 bind9
+PreReq: %fillup_prereq %insserv_prereq
+Autoreqprov: on
+Source0: %{name}-%{version}.tar.bz2
+BuildRoot: /var/tmp/%{name}-%{version}
+Summary: A lightweight caching nameserver
+
+%description
+Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It
+is designed to provide DNS and, optionally, DHCP, to a small network. It can
+serve the names of local machines which are not in the global DNS. The DHCP
+server integrates with the DNS server and allows machines with DHCP-allocated
+addresses to appear in the DNS with names configured either in each host or
+in a central configuration file. Dnsmasq supports static and dynamic DHCP
+leases and BOOTP for network booting of diskless machines.
+
+
+
+###############################################################################
+#
+# Build
+#
+###############################################################################
+
+%prep
+%setup -q
+patch -p0 <rpm/%{name}-SuSE.patch
+
+%build
+%{?suse_update_config:%{suse_update_config -f}}
+make all-i18n DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr
+
+###############################################################################
+#
+# Install
+#
+###############################################################################
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p ${RPM_BUILD_ROOT}/etc/init.d
+make install-i18n DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr
+install -o root -g root -m 755 rpm/rc.dnsmasq-suse $RPM_BUILD_ROOT/etc/init.d/dnsmasq
+install -o root -g root -m 644 dnsmasq.conf.example $RPM_BUILD_ROOT/etc/dnsmasq.conf
+strip $RPM_BUILD_ROOT/usr/sbin/dnsmasq
+ln -sf ../../etc/init.d/dnsmasq $RPM_BUILD_ROOT/usr/sbin/rcdnsmasq
+
+###############################################################################
+#
+# Clean up
+#
+###############################################################################
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+###############################################################################
+#
+# Post-install scriptlet
+#
+###############################################################################
+
+%post
+%{fillup_and_insserv dnsmasq}
+
+###############################################################################
+#
+# Post-uninstall scriptlet
+#
+# The %postun script executes after the package has been removed. It is the
+# last chance for a package to clean up after itself.
+#
+###############################################################################
+
+%postun
+%{insserv_cleanup}
+
+###############################################################################
+#
+# File list
+#
+###############################################################################
+
+%files
+%defattr(-,root,root)
+%doc CHANGELOG COPYING FAQ doc.html setup.html UPGRADING_to_2.0 rpm/README.susefirewall
+%doc contrib
+%config /etc/init.d/dnsmasq
+%config /etc/dnsmasq.conf
+/usr/sbin/rcdnsmasq
+/usr/sbin/dnsmasq
+/usr/share/locale/*/LC_MESSAGES/*
+%doc %{_mandir}/man8/dnsmasq.8.gz
+%doc %{_mandir}/*/man8/dnsmasq.8.gz
+
+
diff --git a/contrib/Suse/rc.dnsmasq-suse b/contrib/Suse/rc.dnsmasq-suse
new file mode 100755
index 0000000..71f4c72
--- /dev/null
+++ b/contrib/Suse/rc.dnsmasq-suse
@@ -0,0 +1,79 @@
+#! /bin/sh
+#
+# init.d/dnsmasq
+#
+### BEGIN INIT INFO
+# Provides: dnsmasq
+# Required-Start: $network $remote_fs $syslog
+# Required-Stop:
+# Default-Start: 3 5
+# Default-Stop:
+# Description: Starts internet name service masq caching server (DNS)
+### END INIT INFO
+
+NAMED_BIN=/usr/sbin/dnsmasq
+NAMED_PID=/var/run/dnsmasq.pid
+NAMED_CONF=/etc/dnsmasq.conf
+
+if [ ! -x $NAMED_BIN ] ; then
+ echo -n "dnsmasq not installed ! "
+ exit 5
+fi
+
+. /etc/rc.status
+rc_reset
+
+case "$1" in
+ start)
+ echo -n "Starting name service masq caching server "
+ checkproc -p $NAMED_PID $NAMED_BIN
+ if [ $? -eq 0 ] ; then
+ echo -n "- Warning: dnsmasq already running ! "
+ else
+ [ -e $NAMED_PID ] && echo -n "- Warning: $NAMED_PID exists ! "
+ fi
+ startproc -p $NAMED_PID $NAMED_BIN -u nobody
+ rc_status -v
+ ;;
+ stop)
+ echo -n "Shutting name service masq caching server "
+ checkproc -p $NAMED_PID $NAMED_BIN
+ [ $? -ne 0 ] && echo -n "- Warning: dnsmasq not running ! "
+ killproc -p $NAMED_PID -TERM $NAMED_BIN
+ rc_status -v
+ ;;
+ try-restart)
+ $0 stop && $0 start
+ rc_status
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ rc_status
+ ;;
+ force-reload)
+ $0 reload
+ rc_status
+ ;;
+ reload)
+ echo -n "Reloading name service masq caching server "
+ checkproc -p $NAMED_PID $NAMED_BIN
+ [ $? -ne 0 ] && echo -n "- Warning: dnsmasq not running ! "
+ killproc -p $NAMED_PID -HUP $NAMED_BIN
+ rc_status -v
+ ;;
+ status)
+ echo -n "Checking for name service masq caching server "
+ checkproc -p $NAMED_PID $NAMED_BIN
+ rc_status -v
+ ;;
+ probe)
+ test $NAMED_CONF -nt $NAMED_PID && echo reload
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
+ exit 1
+ ;;
+esac
+rc_exit
+
diff --git a/contrib/dns-loc/README b/contrib/dns-loc/README
new file mode 100755
index 0000000..6f43a8d
--- /dev/null
+++ b/contrib/dns-loc/README
@@ -0,0 +1,12 @@
+Hi Simon
+
+Here is a patch against dnsmasq 2.39 which provides support for LOC
+entries in order to assign location information to dns records
+(rfc1876). I tested it on OSX and on OpenWRT.
+
+Cheers
+Lorenz
+
+More info:
+http://www.ckdhr.com/dns-loc/
+http://www.faqs.org/rfcs/rfc1876.html
diff --git a/contrib/dns-loc/dnsmasq2-loc-rfc1876.patch b/contrib/dns-loc/dnsmasq2-loc-rfc1876.patch
new file mode 100755
index 0000000..d950321
--- /dev/null
+++ b/contrib/dns-loc/dnsmasq2-loc-rfc1876.patch
@@ -0,0 +1,522 @@
+diff -Nur dnsmasq-2.39-orig/bld/Makefile dnsmasq-2.39/bld/Makefile
+--- dnsmasq-2.39-orig/bld/Makefile 2007-02-17 14:37:06.000000000 +0100
++++ dnsmasq-2.39/bld/Makefile 2007-05-20 18:23:44.000000000 +0200
+@@ -2,7 +2,7 @@
+ PKG_CONFIG ?= pkg-config
+
+
+-OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \
++OBJS = cache.o rfc1035.o rfc1876.o util.o option.o forward.o isc.o network.o \
+ dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \
+ helper.o tftp.o log.o
+
+diff -Nur dnsmasq-2.39-orig/src/dnsmasq.h dnsmasq-2.39/src/dnsmasq.h
+--- dnsmasq-2.39-orig/src/dnsmasq.h 2007-04-20 12:53:38.000000000 +0200
++++ dnsmasq-2.39/src/dnsmasq.h 2007-05-20 19:50:37.000000000 +0200
+@@ -162,6 +162,12 @@
+ struct interface_name *next;
+ };
+
++struct loc_record {
++ char *name, loc[16];
++ unsigned short class;
++ struct loc_record *next;
++};
++
+ union bigname {
+ char name[MAXDNAME];
+ union bigname *next; /* freelist */
+@@ -476,6 +482,7 @@
+ struct mx_srv_record *mxnames;
+ struct txt_record *txt;
+ struct ptr_record *ptr;
++ struct loc_record *loc;
+ struct interface_name *int_names;
+ char *mxtarget;
+ char *lease_file;
+@@ -725,3 +732,6 @@
+ void tftp_request(struct listener *listen, struct daemon *daemon, time_t now);
+ void check_tftp_listeners(struct daemon *daemon, fd_set *rset, time_t now);
+ #endif
++
++/* rfc1876 */
++u_int32_t loc_aton(const char *ascii, u_char *binary);
+diff -Nur dnsmasq-2.39-orig/src/option.c dnsmasq-2.39/src/option.c
+--- dnsmasq-2.39-orig/src/option.c 2007-04-19 23:34:49.000000000 +0200
++++ dnsmasq-2.39/src/option.c 2007-05-20 20:15:15.000000000 +0200
+@@ -43,6 +43,7 @@
+ #define LOPT_REMOTE 269
+ #define LOPT_SUBSCR 270
+ #define LOPT_INTNAME 271
++#define LOPT_LOC 272
+
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =
+@@ -122,6 +123,7 @@
+ {"tftp-root", 1, 0, LOPT_PREFIX },
+ {"tftp-max", 1, 0, LOPT_TFTP_MAX },
+ {"ptr-record", 1, 0, LOPT_PTR },
++ {"loc-record", 1, 0, LOPT_LOC },
+ #if defined(__FreeBSD__) || defined(__DragonFly__)
+ {"bridge-interface", 1, 0 , LOPT_BRIDGE },
+ #endif
+@@ -235,6 +237,7 @@
+ { "-y, --localise-queries", gettext_noop("Answer DNS queries based on the interface a query was sent to."), NULL },
+ { "-Y --txt-record=name,txt....", gettext_noop("Specify TXT DNS record."), NULL },
+ { " --ptr-record=name,target", gettext_noop("Specify PTR DNS record."), NULL },
++ { " --loc-record=name,lat lon alt", gettext_noop("Specify LOC DNS record."), NULL },
+ { " --interface-name=name,interface", gettext_noop("Give DNS name to IPv4 address of interface."), NULL },
+ { "-z, --bind-interfaces", gettext_noop("Bind only to interfaces in use."), NULL },
+ { "-Z, --read-ethers", gettext_noop("Read DHCP static host information from %s."), ETHERSFILE },
+@@ -1835,6 +1838,37 @@
+ new->intr = safe_string_alloc(comma);
+ break;
+ }
++
++ case LOPT_LOC:
++ {
++ struct loc_record *new;
++ unsigned char *p, *q;
++
++ comma = split(arg);
++
++ if (!canonicalise_opt(arg))
++ {
++ option = '?';
++ problem = _("bad LOC record");
++ break;
++ }
++
++ new = safe_malloc(sizeof(struct loc_record));
++ new->next = daemon->loc;
++ daemon->loc = new;
++ new->class = C_IN;
++ if (!comma || loc_aton(comma,new->loc)!=16)
++ {
++ option = '?';
++ problem = _("bad LOC record");
++ break;
++ }
++
++ if (comma)
++ *comma = 0;
++ new->name = safe_string_alloc(arg);
++ break;
++ }
+
+ case LOPT_PTR: /* --ptr-record */
+ {
+diff -Nur dnsmasq-2.39-orig/src/rfc1035.c dnsmasq-2.39/src/rfc1035.c
+--- dnsmasq-2.39-orig/src/rfc1035.c 2007-04-20 12:54:26.000000000 +0200
++++ dnsmasq-2.39/src/rfc1035.c 2007-05-20 18:22:46.000000000 +0200
+@@ -1112,6 +1112,27 @@
+ }
+ }
+
++ if (qtype == T_LOC || qtype == T_ANY)
++ {
++ struct loc_record *t;
++ for(t = daemon->loc; t ; t = t->next)
++ {
++ if (t->class == qclass && hostname_isequal(name, t->name))
++ {
++ ans = 1;
++ if (!dryrun)
++ {
++ log_query(F_CNAME | F_FORWARD | F_CONFIG | F_NXDOMAIN, name, NULL, 0, NULL, 0);
++ if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
++ daemon->local_ttl, NULL,
++ T_LOC, t->class, "t", 16, t->loc))
++ anscount++;
++
++ }
++ }
++ }
++ }
++
+ if (qclass == C_IN)
+ {
+ if (qtype == T_PTR || qtype == T_ANY)
+diff -Nur dnsmasq-2.39-orig/src/rfc1876.c dnsmasq-2.39/src/rfc1876.c
+--- dnsmasq-2.39-orig/src/rfc1876.c 1970-01-01 01:00:00.000000000 +0100
++++ dnsmasq-2.39/src/rfc1876.c 2007-05-20 19:50:10.000000000 +0200
+@@ -0,0 +1,379 @@
++/*
++ * routines to convert between on-the-wire RR format and zone file
++ * format. Does not contain conversion to/from decimal degrees;
++ * divide or multiply by 60*60*1000 for that.
++ */
++
++#include "dnsmasq.h"
++
++static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000,
++ 1000000,10000000,100000000,1000000000};
++
++/* takes an XeY precision/size value, returns a string representation.*/
++static const char *
++precsize_ntoa(u_int8_t prec)
++{
++ static char retbuf[sizeof("90000000.00")];
++ unsigned long val;
++ int mantissa, exponent;
++
++ mantissa = (int)((prec >> 4) & 0x0f) % 10;
++ exponent = (int)((prec >> 0) & 0x0f) % 10;
++
++ val = mantissa * poweroften[exponent];
++
++ (void) sprintf(retbuf,"%d.%.2d", val/100, val%100);
++ return (retbuf);
++}
++
++/* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer.*/
++static u_int8_t
++precsize_aton(char **strptr)
++{
++ unsigned int mval = 0, cmval = 0;
++ u_int8_t retval = 0;
++ register char *cp;
++ register int exponent;
++ register int mantissa;
++
++ cp = *strptr;
++
++ while (isdigit(*cp))
++ mval = mval * 10 + (*cp++ - '0');
++
++ if (*cp == '.') { /* centimeters */
++ cp++;
++ if (isdigit(*cp)) {
++ cmval = (*cp++ - '0') * 10;
++ if (isdigit(*cp)) {
++ cmval += (*cp++ - '0');
++ }
++ }
++ }
++ cmval = (mval * 100) + cmval;
++
++ for (exponent = 0; exponent < 9; exponent++)
++ if (cmval < poweroften[exponent+1])
++ break;
++
++ mantissa = cmval / poweroften[exponent];
++ if (mantissa > 9)
++ mantissa = 9;
++
++ retval = (mantissa << 4) | exponent;
++
++ *strptr = cp;
++
++ return (retval);
++}
++
++/* converts ascii lat/lon to unsigned encoded 32-bit number.
++ * moves pointer. */
++static u_int32_t
++latlon2ul(char **latlonstrptr,int *which)
++{
++ register char *cp;
++ u_int32_t retval;
++ int deg = 0, min = 0, secs = 0, secsfrac = 0;
++
++ cp = *latlonstrptr;
++
++ while (isdigit(*cp))
++ deg = deg * 10 + (*cp++ - '0');
++
++ while (isspace(*cp))
++ cp++;
++
++ if (!(isdigit(*cp)))
++ goto fndhemi;
++
++ while (isdigit(*cp))
++ min = min * 10 + (*cp++ - '0');
++ while (isspace(*cp))
++ cp++;
++
++ if (!(isdigit(*cp)))
++ goto fndhemi;
++
++ while (isdigit(*cp))
++ secs = secs * 10 + (*cp++ - '0');
++
++ if (*cp == '.') { /* decimal seconds */
++ cp++;
++ if (isdigit(*cp)) {
++ secsfrac = (*cp++ - '0') * 100;
++ if (isdigit(*cp)) {
++ secsfrac += (*cp++ - '0') * 10;
++ if (isdigit(*cp)) {
++ secsfrac += (*cp++ - '0');
++ }
++ }
++ }
++ }
++
++ while (!isspace(*cp)) /* if any trailing garbage */
++ cp++;
++
++ while (isspace(*cp))
++ cp++;
++
++ fndhemi:
++ switch (*cp) {
++ case 'N': case 'n':
++ case 'E': case 'e':
++ retval = ((unsigned)1<<31)
++ + (((((deg * 60) + min) * 60) + secs) * 1000)
++ + secsfrac;
++ break;
++ case 'S': case 's':
++ case 'W': case 'w':
++ retval = ((unsigned)1<<31)
++ - (((((deg * 60) + min) * 60) + secs) * 1000)
++ - secsfrac;
++ break;
++ default:
++ retval = 0; /* invalid value -- indicates error */
++ break;
++ }
++
++ switch (*cp) {
++ case 'N': case 'n':
++ case 'S': case 's':
++ *which = 1; /* latitude */
++ break;
++ case 'E': case 'e':
++ case 'W': case 'w':
++ *which = 2; /* longitude */
++ break;
++ default:
++ *which = 0; /* error */
++ break;
++ }
++
++ cp++; /* skip the hemisphere */
++
++ while (!isspace(*cp)) /* if any trailing garbage */
++ cp++;
++
++ while (isspace(*cp)) /* move to next field */
++ cp++;
++
++ *latlonstrptr = cp;
++
++ return (retval);
++}
++
++/* converts a zone file representation in a string to an RDATA
++ * on-the-wire representation. */
++u_int32_t
++loc_aton(const char *ascii, u_char *binary)
++{
++ const char *cp, *maxcp;
++ u_char *bcp;
++
++ u_int32_t latit = 0, longit = 0, alt = 0;
++ u_int32_t lltemp1 = 0, lltemp2 = 0;
++ int altmeters = 0, altfrac = 0, altsign = 1;
++ u_int8_t hp = 0x16; /* default = 1e6 cm = 10000.00m = 10km */
++ u_int8_t vp = 0x13; /* default = 1e3 cm = 10.00m */
++ u_int8_t siz = 0x12; /* default = 1e2 cm = 1.00m */
++ int which1 = 0, which2 = 0;
++
++ cp = ascii;
++ maxcp = cp + strlen(ascii);
++
++ lltemp1 = latlon2ul(&cp, &which1);
++ lltemp2 = latlon2ul(&cp, &which2);
++
++ switch (which1 + which2) {
++ case 3: /* 1 + 2, the only valid combination */
++ if ((which1 == 1) && (which2 == 2)) { /* normal case */
++ latit = lltemp1;
++ longit = lltemp2;
++ } else if ((which1 == 2) && (which2 == 1)) {/*reversed*/
++ longit = lltemp1;
++ latit = lltemp2;
++ } else { /* some kind of brokenness */
++ return 0;
++ }
++ break;
++ default: /* we didn't get one of each */
++ return 0;
++ }
++
++ /* altitude */
++ if (*cp == '-') {
++ altsign = -1;
++ cp++;
++ }
++
++ if (*cp == '+')
++ cp++;
++
++ while (isdigit(*cp))
++ altmeters = altmeters * 10 + (*cp++ - '0');
++
++ if (*cp == '.') { /* decimal meters */
++ cp++;
++ if (isdigit(*cp)) {
++ altfrac = (*cp++ - '0') * 10;
++ if (isdigit(*cp)) {
++ altfrac += (*cp++ - '0');
++ }
++ }
++ }
++
++ alt = (10000000 + (altsign * (altmeters * 100 + altfrac)));
++
++ while (!isspace(*cp) && (cp < maxcp))
++ /* if trailing garbage or m */
++ cp++;
++
++ while (isspace(*cp) && (cp < maxcp))
++ cp++;
++ if (cp >= maxcp)
++ goto defaults;
++
++ siz = precsize_aton(&cp);
++
++ while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/
++ cp++;
++
++ while (isspace(*cp) && (cp < maxcp))
++ cp++;
++
++ if (cp >= maxcp)
++ goto defaults;
++
++ hp = precsize_aton(&cp);
++
++ while (!isspace(*cp) && (cp < maxcp))/*if trailing garbage or m*/
++ cp++;
++
++ while (isspace(*cp) && (cp < maxcp))
++ cp++;
++
++ if (cp >= maxcp)
++ goto defaults;
++
++ vp = precsize_aton(&cp);
++
++ defaults:
++
++ bcp = binary;
++ *bcp++ = (u_int8_t) 0; /* version byte */
++ *bcp++ = siz;
++ *bcp++ = hp;
++ *bcp++ = vp;
++ PUTLONG(latit,bcp);
++ PUTLONG(longit,bcp);
++ PUTLONG(alt,bcp);
++
++ return (16); /* size of RR in octets */
++}
++
++/* takes an on-the-wire LOC RR and prints it in zone file
++ * (human readable) format. */
++char *
++loc_ntoa(const u_char *binary,char *ascii)
++{
++ static char tmpbuf[255*3];
++
++ register char *cp;
++ register const u_char *rcp;
++
++ int latdeg, latmin, latsec, latsecfrac;
++ int longdeg, longmin, longsec, longsecfrac;
++ char northsouth, eastwest;
++ int altmeters, altfrac, altsign;
++
++ const int referencealt = 100000 * 100;
++
++ int32_t latval, longval, altval;
++ u_int32_t templ;
++ u_int8_t sizeval, hpval, vpval, versionval;
++
++ char *sizestr, *hpstr, *vpstr;
++
++ rcp = binary;
++ if (ascii)
++ cp = ascii;
++ else {
++ cp = tmpbuf;
++ }
++
++ versionval = *rcp++;
++
++ if (versionval) {
++ sprintf(cp,"; error: unknown LOC RR version");
++ return (cp);
++ }
++
++ sizeval = *rcp++;
++
++ hpval = *rcp++;
++ vpval = *rcp++;
++
++ GETLONG(templ,rcp);
++ latval = (templ - ((unsigned)1<<31));
++
++ GETLONG(templ,rcp);
++ longval = (templ - ((unsigned)1<<31));
++
++ GETLONG(templ,rcp);
++ if (templ < referencealt) { /* below WGS 84 spheroid */
++ altval = referencealt - templ;
++ altsign = -1;
++ } else {
++ altval = templ - referencealt;
++ altsign = 1;
++ }
++
++ if (latval < 0) {
++ northsouth = 'S';
++ latval = -latval;
++ }
++ else
++ northsouth = 'N';
++
++ latsecfrac = latval % 1000;
++ latval = latval / 1000;
++ latsec = latval % 60;
++ latval = latval / 60;
++ latmin = latval % 60;
++ latval = latval / 60;
++ latdeg = latval;
++
++ if (longval < 0) {
++ eastwest = 'W';
++ longval = -longval;
++ }
++ else
++ eastwest = 'E';
++
++ longsecfrac = longval % 1000;
++ longval = longval / 1000;
++ longsec = longval % 60;
++ longval = longval / 60;
++ longmin = longval % 60;
++ longval = longval / 60;
++ longdeg = longval;
++
++ altfrac = altval % 100;
++ altmeters = (altval / 100) * altsign;
++
++ sizestr = strdup(precsize_ntoa(sizeval));
++ hpstr = strdup(precsize_ntoa(hpval));
++ vpstr = strdup(precsize_ntoa(vpval));
++
++ sprintf(cp,
++ "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm %sm %sm %sm",
++ latdeg, latmin, latsec, latsecfrac, northsouth,
++ longdeg, longmin, longsec, longsecfrac, eastwest,
++ altmeters, altfrac, sizestr, hpstr, vpstr);
++ free(sizestr);
++ free(hpstr);
++ free(vpstr);
++
++ return (cp);
++}
diff --git a/contrib/dnslist/dhcp.css b/contrib/dnslist/dhcp.css
new file mode 100755
index 0000000..79cea39
--- /dev/null
+++ b/contrib/dnslist/dhcp.css
@@ -0,0 +1,57 @@
+body
+{
+ font-family: sans-serif;
+ color: #000;
+}
+
+h1
+{
+ font-size: medium;
+ font-weight: bold;
+}
+
+h1 .updated
+{
+ color: #999;
+}
+
+table
+{
+ border-collapse: collapse;
+ border-bottom: 2px solid #000;
+}
+
+th
+{
+ background: #DDD;
+ border-top: 2px solid #000;
+ text-align: left;
+ font-weight: bold;
+}
+
+/* Any row */
+
+tr
+{
+ border-top: 2px solid #000;
+}
+
+/* Any row but the first or second (overrides above rule) */
+
+tr + tr + tr
+{
+ border-top: 2px solid #999;
+}
+
+tr.offline td.hostname
+{
+ color: #999;
+}
+
+.hostname { width: 10em; }
+.ip_addr { width: 10em; background: #DDD; }
+.ether_addr { width: 15em; }
+.client_id { width: 15em; background: #DDD; }
+.status { width: 5em; }
+.since { width: 10em; background: #DDD; }
+.lease { width: 10em; }
diff --git a/contrib/dnslist/dnslist.pl b/contrib/dnslist/dnslist.pl
new file mode 100755
index 0000000..7ce2720
--- /dev/null
+++ b/contrib/dnslist/dnslist.pl
@@ -0,0 +1,608 @@
+#!/usr/bin/perl
+
+# dnslist - Read state file from dnsmasq and create a nice web page to display
+# a list of DHCP clients.
+#
+# Copyright (C) 2004 Thomas Tuttle
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTIBILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program*; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# * The license is in fact included at the end of this file, and can
+# either be viewed by reading everything after "__DATA__" or by
+# running dnslist with the '-l' option.
+#
+# Version: 0.2
+# Author: Thomas Tuttle
+# Email: dnslist.20.thinkinginbinary@spamgourmet.org
+# License: GNU General Public License, version 2.0
+#
+# v. 0.0: Too ugly to publish, thrown out.
+#
+# v. 0.1: First rewrite.
+# Added master host list so offline hosts can still be displayed.
+# Fixed modification detection (a newer modification time is lower.)
+#
+# v. 0.2: Fixed Client ID = "*" => "None"
+# Fixed HTML entities (a client ID of ????<? screwed it up)
+# Fixed command-line argument processing (apparently, "shift @ARGV" !=
+# "$_ = shift @ARGV"...)
+# Added license information.
+
+use Template;
+
+# Location of state file. (This is the dnsmasq default.)
+# Change with -s <file>
+my $dnsmasq_state_file = '/var/lib/misc/dnsmasq.leases';
+# Location of template. (Assumed to be in current directory.)
+# Change with -t <file>
+my $html_template_file = 'dnslist.tt2';
+# File to write HTML page to. (This is where Slackware puts WWW pages. It may
+# be different on other systems. Make sure the permissions are set correctly
+# for it.)
+my $html_output_file = '/var/www/htdocs/dhcp.html';
+# Time to wait after each page update. (The state file is checked for changes
+# before each update but is not read in each time, in case it is very big. The
+# page is rewritten just so the "(updated __/__ __:__:__)" text changes ;-)
+my $wait_time = 2;
+
+# Read command-line arguments.
+while ($_ = shift @ARGV) {
+ if (/-s/) { $dnsmasq_state_file = shift; next; }
+ if (/-t/) { $html_template_file = shift; next; }
+ if (/-o/) { $html_output_file = shift; next; }
+ if (/-d/) { $wait_time = shift; next; }
+ if (/-l/) { show_license(); exit; }
+ die "usage: dnslist [-s state_file] [-t template_file] [-o output_file] [-d delay_time]\n";
+}
+
+# Master list of clients, offline and online.
+my $list = {};
+# Sorted host list. (It's actually sorted by IP--the sub &byip() compares two
+# IP addresses, octet by octet, and figures out which is higher.)
+my @hosts = ();
+# Last time the state file was changed.
+my $last_state_change;
+
+# Check for a change to the state file.
+sub check_state {
+ if (defined $last_state_change) {
+ if (-M $dnsmasq_state_file < $last_state_change) {
+ print "check_state: state file has been changed.\n";
+ $last_state_change = -M $dnsmasq_state_file;
+ return 1;
+ } else {
+ return 0;
+ }
+ } else {
+ # Last change undefined, so we are running for the first time.
+ print "check_state: reading state file at startup.\n";
+ read_state();
+ $last_state_change = -M $dnsmasq_state_file;
+ return 1;
+ }
+}
+
+# Read data in state file.
+sub read_state {
+ my $old;
+ my $new;
+ # Open file.
+ unless (open STATE, $dnsmasq_state_file) {
+ warn "read_state: can't open $dnsmasq_state_file!\n";
+ return 0;
+ }
+ # Mark all hosts as offline, saving old state.
+ foreach $ether (keys %{$list}) {
+ $list->{$ether}->{'old_online'} = $list->{$ether}->{'online'};
+ $list->{$ether}->{'online'} = 0;
+ }
+ # Read hosts.
+ while (<STATE>) {
+ chomp;
+ @host{qw/raw_lease ether_addr ip_addr hostname raw_client_id/} = split /\s+/;
+ $ether = $host{ether_addr};
+ # Mark each online host as online.
+ $list->{$ether}->{'online'} = 1;
+ # Copy data to master list.
+ foreach $key (keys %host) {
+ $list->{$ether}->{$key} = $host{$key};
+ }
+ }
+ close STATE;
+ # Handle changes in offline/online state. (The sub &do_host() handles
+ # all of the extra stuff to do with a host's data once it is read.
+ foreach $ether (keys %{$list}) {
+ $old = $list->{$ether}->{'old_online'};
+ $new = $list->{$ether}->{'online'};
+ if (not $old) {
+ if (not $new) {
+ do_host($ether, 'offline');
+ } else {
+ do_host($ether, 'join');
+ }
+ } else {
+ if (not $new) {
+ do_host($ether, 'leave');
+ } else {
+ do_host($ether, 'online');
+ }
+ }
+ }
+ # Sort hosts by IP ;-)
+ @hosts = sort byip values %{$list};
+ # Copy sorted list to template data store.
+ $data->{'hosts'} = [ @hosts ];
+}
+
+# Do stuff per host.
+sub do_host {
+ my ($ether, $status) = @_;
+
+ # Find textual representation of DHCP client ID.
+ if ($list->{$ether}->{'raw_client_id'} eq '*') {
+ $list->{$ether}->{'text_client_id'} = 'None';
+ } else {
+ my $text = "";
+ foreach $char (split /:/, $list->{$ether}->{'raw_client_id'}) {
+ $char = pack('H2', $char);
+ if (ord($char) >= 32 and ord($char) <= 127) {
+ $text .= $char;
+ } else {
+ $text .= "?";
+ }
+ }
+ $list->{$ether}->{'text_client_id'} = $text;
+ }
+
+ # Convert lease expiration date/time to text.
+ if ($list->{$ether}->{'raw_lease'} == 0) {
+ $list->{$ether}->{'text_lease'} = 'Never';
+ } else {
+ $list->{$ether}->{'text_lease'} = nice_time($list->{$ether}->{'raw_lease'});
+ }
+
+ if ($status eq 'offline') {
+ # Nothing to do.
+ } elsif ($status eq 'online') {
+ # Nothing to do.
+ } elsif ($status eq 'join') {
+ # Update times for joining host.
+ print "do_host: $ether joined the network.\n";
+ $list->{$ether}->{'join_time'} = time;
+ $list->{$ether}->{'since'} = nice_time(time);
+ } elsif ($status eq 'leave') {
+ # Update times for leaving host.
+ print "do_host: $ether left the network.\n";
+ $list->{$ether}->{'leave_time'} = time;
+ $list->{$ether}->{'since'} = nice_time(time);
+ }
+
+}
+
+# Convert time to a string representation.
+sub nice_time {
+ my $time = shift;
+ my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $dst) = localtime($time);
+ $sec = pad($sec, '0', 2);
+ $min = pad($min, '0', 2);
+ $hour = pad($hour, '0', 2);
+ $mon = pad($mon, '0', 2);
+ $mday = pad($mday, '0', 2);
+ return "$mon/$mday $hour:$min:$sec";
+}
+
+# Pad string to a certain length by repeatedly prepending another string.
+sub pad {
+ my ($text, $pad, $length) = @_;
+ while (length($text) < $length) {
+ $text = "$pad$text";
+ }
+ return $text;
+}
+
+# Compare two IP addresses. (Uses $a and $b from sort.)
+sub byip {
+ # Split into octets.
+ my @a = split /\./, $a->{ip_addr};
+ my @b = split /\./, $b->{ip_addr};
+ # Compare octets.
+ foreach $n (0..3) {
+ return $a[$n] <=> $b[$n] if ($a[$n] != $b[$n]);
+ }
+ # If we get here there is no difference.
+ return 0;
+}
+
+# Output HTML file.
+sub write_output {
+ # Create new template object.
+ my $template = Template->new(
+ {
+ ABSOLUTE => 1, # /var/www/... is an absolute path
+ OUTPUT => $html_output_file # put it here, not STDOUT
+ }
+ );
+ $data->{'updated'} = nice_time(time); # add "(updated ...)" to file
+ unless ($template->process($html_template_file, $data)) { # do it
+ warn "write_output: Template Toolkit error: " . $template->error() . "\n";
+ return 0;
+ }
+ print "write_output: page updated.\n";
+ return 1;
+}
+
+sub show_license {
+ while (<DATA>) {
+ print;
+ $line++;
+ if ($line == 24) { <>; $line = 1; }
+ }
+}
+
+# Main loop.
+while (1) {
+ # Check for state change.
+ if (check_state()) {
+ read_state();
+ sleep 1; # Sleep for a second just so we don't wear anything
+ # out. (By not sleeping the whole time after a change
+ # we can detect rapid changes more easily--like if 300
+ # hosts all come back online, they show up quicker.)
+ } else {
+ sleep $wait_time; # Take a nap.
+ }
+ write_output(); # Write the file anyway.
+}
+__DATA__
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/contrib/dnslist/dnslist.tt2 b/contrib/dnslist/dnslist.tt2
new file mode 100755
index 0000000..1998e5f
--- /dev/null
+++ b/contrib/dnslist/dnslist.tt2
@@ -0,0 +1,32 @@
+<html>
+ <head>
+ <title>DHCP Clients</title>
+ <link rel="stylesheet" href="dhcp.css"/>
+ <meta http-equiv="Refresh" content="2"/>
+ </head>
+ <body>
+ <h1>DHCP Clients <span class="updated">(updated [% updated %])</span></h1>
+ <table cols="7">
+ <tr>
+ <th class="hostname">Hostname</th>
+ <th class="ip_addr">IP Address</th>
+ <th class="ether_addr">Ethernet Address</th>
+ <th class="client_id">DHCP Client ID</th>
+ <th class="status">Status</th>
+ <th class="since">Since</th>
+ <th class="lease">Lease Expires</th>
+ </tr>
+ [% FOREACH host IN hosts %]
+ <tr class="[% IF host.online %]online[% ELSE %]offline[% END %]">
+ <td class="hostname">[% host.hostname %]</td>
+ <td class="ip_addr">[% host.ip_addr %]</td>
+ <td class="ether_addr">[% host.ether_addr %]</td>
+ <td class="client_id">[% host.text_client_id %] ([% host.raw_client_id %])</td>
+ <td class="status">[% IF host.online %]Online[% ELSE %]Offline[% END %]</td>
+ <td class="since">[% host.since %]</td>
+ <td class="lease">[% host.text_lease %]</td>
+ </tr>
+ [% END %]
+ </table>
+ </body>
+</html>
diff --git a/contrib/dnsmasq_MacOSX/DNSmasq b/contrib/dnsmasq_MacOSX/DNSmasq
new file mode 100755
index 0000000..6b62118
--- /dev/null
+++ b/contrib/dnsmasq_MacOSX/DNSmasq
@@ -0,0 +1,22 @@
+#!/bin/sh
+. /etc/rc.common
+
+StartService() {
+ if [ "${DNSMASQ:=-NO-}" = "-YES-" ] ; then
+ /usr/local/sbin/dnsmasq -q -n
+ fi
+}
+
+StopService() {
+ pid=`GetPID dnsmasq`
+ if [ $? -eq 0 ]; then
+ kill $pid
+ fi
+}
+
+RestartService() {
+ StopService "$@"
+ StartService "$@"
+}
+
+RunService "$1"
diff --git a/contrib/dnsmasq_MacOSX/README.rtf b/contrib/dnsmasq_MacOSX/README.rtf
new file mode 100755
index 0000000..da48411
--- /dev/null
+++ b/contrib/dnsmasq_MacOSX/README.rtf
@@ -0,0 +1,42 @@
+{\rtf1\mac\ansicpg10000\cocoartf824\cocoasubrtf100
+{\fonttbl\f0\fswiss\fcharset77 Helvetica;\f1\fnil\fcharset77 Monaco;}
+{\colortbl;\red255\green255\blue255;}
+\paperw11900\paperh16840\margl1440\margr1440\vieww11120\viewh10100\viewkind0
+\pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\ql\qnatural\pardirnatural
+
+\f0\fs24 \cf0 1. If you've used DNSenabler, or if you're using Mac OS X Server, or if you have in any other way activated Mac OS X's built-in DHCP and/or DNS servers, disable them. This would usually involve checking that they are either set to -NO- or absent altogether in
+\f1 /etc/hostconfig
+\f0 . If you've never done anything to do with DNS or DHCP servers on a client version of MacOS X, you won't need to worry about this; it will already be configured for you.\
+\
+2. Add a configuration item to
+\f1 /etc/hostconfig
+\f0 as follows:\
+\
+
+\f1 DNSMASQ=-YES-
+\f0 \
+\
+3. Create a system-wide StartupItems directory for dnsmasq:\
+\
+
+\f1 sudo mkdir -p /Library/StartupItems/DNSmasq\
+
+\f0 \
+4. Copy the files
+\f1 DNSmasq
+\f0 and
+\f1 StartupParameters.plist
+\f0 into this directory, and make sure the former is executable:\
+\
+
+\f1 sudo cp DNSmasq StartupParameters.plist /Library/StartupItems/DNSmasq\
+sudo chmod 755 /Library/StartupItems/DNSmasq/DNSmasq\
+
+\f0 \
+5. Start the service:\
+\
+
+\f1 sudo /Library/StartupItems/DNSmasq/DNSmasq start\
+
+\f0 \cf0 \
+That should be all...} \ No newline at end of file
diff --git a/contrib/dnsmasq_MacOSX/StartupParameters.plist b/contrib/dnsmasq_MacOSX/StartupParameters.plist
new file mode 100755
index 0000000..454bda0
--- /dev/null
+++ b/contrib/dnsmasq_MacOSX/StartupParameters.plist
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>Description</key>
+ <string>DNSmasq</string>
+ <key>OrderPreference</key>
+ <string>None</string>
+ <key>Provides</key>
+ <array>
+ <string>DNSmasq</string>
+ </array>
+ <key>Uses</key>
+ <array>
+ <string>Network</string>
+ </array>
+ </dict>
+</plist>
diff --git a/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl b/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl
new file mode 100755
index 0000000..3c4a1f1
--- /dev/null
+++ b/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl
@@ -0,0 +1,249 @@
+#!/usr/bin/perl
+# dynamic-dnsmasq.pl - update dnsmasq's internal dns entries dynamically
+# Copyright (C) 2004 Peter Willis
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# the purpose of this script is to be able to update dnsmasq's dns
+# records from a remote dynamic dns client.
+#
+# basic use of this script:
+# dynamic-dnsmasq.pl add testaccount 1234 testaccount.mydomain.com
+# dynamic-dnsmasq.pl listen &
+#
+# this script tries to emulate DynDNS.org's dynamic dns service, so
+# technically you should be able to use any DynDNS.org client to
+# update the records here. tested and confirmed to work with ddnsu
+# 1.3.1. just point the client's host to the IP of this machine,
+# port 9020, and include the hostname, user and pass, and it should
+# work.
+#
+# make sure "addn-hosts=/etc/dyndns-hosts" is in your /etc/dnsmasq.conf
+# file and "nopoll" is commented out.
+
+use strict;
+use IO::Socket;
+use MIME::Base64;
+use DB_File;
+use Fcntl;
+
+my $accountdb = "accounts.db";
+my $recordfile = "/etc/dyndns-hosts";
+my $dnsmasqpidfile = "/var/run/dnsmasq.pid"; # if this doesn't exist, will look for process in /proc
+my $listenaddress = "0.0.0.0";
+my $listenport = 9020;
+
+# no editing past this point should be necessary
+
+if ( @ARGV < 1 ) {
+ die "Usage: $0 ADD|DEL|LISTUSERS|WRITEHOSTSFILE|LISTEN\n";
+} elsif ( lc $ARGV[0] eq "add" ) {
+ die "Usage: $0 ADD USER PASS HOSTNAME\n" unless @ARGV == 4;
+ add_acct($ARGV[1], $ARGV[2], $ARGV[3]);
+} elsif ( lc $ARGV[0] eq "del" ) {
+ die "Usage: $0 DEL USER\n" unless @ARGV == 2;
+ print "Are you sure you want to delete user \"$ARGV[1]\"? [N/y] ";
+ my $resp = <STDIN>;
+ chomp $resp;
+ if ( lc substr($resp,0,1) eq "y" ) {
+ del_acct($ARGV[1]);
+ }
+} elsif ( lc $ARGV[0] eq "listusers" or lc $ARGV[0] eq "writehostsfile" ) {
+ my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH;
+ my $fh;
+ if ( lc $ARGV[0] eq "writehostsfile" ) {
+ open($fh, ">$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n";
+ flock($fh, 2);
+ seek($fh, 0, 0);
+ truncate($fh, 0);
+ }
+ while ( my ($key, $val) = each %h ) {
+ my ($pass, $domain, $ip) = split("\t",$val);
+ if ( lc $ARGV[0] eq "listusers" ) {
+ print "user $key, hostname $domain, ip $ip\n";
+ } else {
+ if ( defined $ip ) {
+ print $fh "$ip\t$domain\n";
+ }
+ }
+ }
+ if ( lc $ARGV[0] eq "writehostsfile" ) {
+ flock($fh, 8);
+ close($fh);
+ dnsmasq_rescan_configs();
+ }
+ undef $X;
+ untie %h;
+} elsif ( lc $ARGV[0] eq "listen" ) {
+ listen_for_updates();
+}
+
+sub listen_for_updates {
+ my $sock = IO::Socket::INET->new(Listen => 5,
+ LocalAddr => $listenaddress, LocalPort => $listenport,
+ Proto => 'tcp', ReuseAddr => 1,
+ MultiHomed => 1) || die "Could not open listening socket: $!\n";
+ $SIG{'CHLD'} = 'IGNORE';
+ while ( my $client = $sock->accept() ) {
+ my $p = fork();
+ if ( $p != 0 ) {
+ next;
+ }
+ $SIG{'CHLD'} = 'DEFAULT';
+ my @headers;
+ my %cgi;
+ while ( <$client> ) {
+ s/(\r|\n)//g;
+ last if $_ eq "";
+ push @headers, $_;
+ }
+ foreach my $header (@headers) {
+ if ( $header =~ /^GET \/nic\/update\?([^\s].+) HTTP\/1\.[01]$/ ) {
+ foreach my $element (split('&', $1)) {
+ $cgi{(split '=', $element)[0]} = (split '=', $element)[1];
+ }
+ } elsif ( $header =~ /^Authorization: basic (.+)$/ ) {
+ unless ( defined $cgi{'hostname'} ) {
+ print_http_response($client, undef, "badsys");
+ exit(1);
+ }
+ if ( !exists $cgi{'myip'} ) {
+ $cgi{'myip'} = $client->peerhost();
+ }
+ my ($user,$pass) = split ":", MIME::Base64::decode($1);
+ if ( authorize($user, $pass, $cgi{'hostname'}, $cgi{'myip'}) == 0 ) {
+ print_http_response($client, $cgi{'myip'}, "good");
+ update_dns(\%cgi);
+ } else {
+ print_http_response($client, undef, "badauth");
+ exit(1);
+ }
+ last;
+ }
+ }
+ exit(0);
+ }
+ return(0);
+}
+
+sub add_acct {
+ my ($user, $pass, $hostname) = @_;
+ my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH;
+ $X->put($user, join("\t", ($pass, $hostname)));
+ undef $X;
+ untie %h;
+}
+
+sub del_acct {
+ my ($user, $pass, $hostname) = @_;
+ my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH;
+ $X->del($user);
+ undef $X;
+ untie %h;
+}
+
+
+sub authorize {
+ my $user = shift;
+ my $pass = shift;
+ my $hostname = shift;
+ my $ip = shift;;
+ my $X = tie my %h, "DB_File", $accountdb, O_RDWR|O_CREAT, 0600, $DB_HASH;
+ my ($spass, $shost) = split("\t", $h{$user});
+ if ( defined $h{$user} and ($spass eq $pass) and ($shost eq $hostname) ) {
+ $X->put($user, join("\t", $spass, $shost, $ip));
+ undef $X;
+ untie %h;
+ return(0);
+ }
+ undef $X;
+ untie %h;
+ return(1);
+}
+
+sub print_http_response {
+ my $sock = shift;
+ my $ip = shift;
+ my $response = shift;
+ print $sock "HTTP/1.0 200 OK\n";
+ my @tmp = split /\s+/, scalar gmtime();
+ print $sock "Date: $tmp[0], $tmp[2] $tmp[1] $tmp[4] $tmp[3] GMT\n";
+ print $sock "Server: Peter's Fake DynDNS.org Server/1.0\n";
+ print $sock "Content-Type: text/plain; charset=ISO-8859-1\n";
+ print $sock "Connection: close\n";
+ print $sock "Transfer-Encoding: chunked\n";
+ print $sock "\n";
+ #print $sock "12\n"; # this was part of the dyndns response but i'm not sure what it is
+ print $sock "$response", defined($ip)? " $ip" : "" . "\n";
+}
+
+sub update_dns {
+ my $hashref = shift;
+ my @records;
+ my $found = 0;
+ # update the addn-hosts file
+ open(FILE, "+<$recordfile") || die "Couldn't open recordfile \"$recordfile\": $!\n";
+ flock(FILE, 2);
+ while ( <FILE> ) {
+ if ( /^(\d+\.\d+\.\d+\.\d+)\s+$$hashref{'hostname'}\n$/si ) {
+ if ( $1 ne $$hashref{'myip'} ) {
+ push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n";
+ $found = 1;
+ }
+ } else {
+ push @records, $_;
+ }
+ }
+ unless ( $found ) {
+ push @records, "$$hashref{'myip'}\t$$hashref{'hostname'}\n";
+ }
+ sysseek(FILE, 0, 0);
+ truncate(FILE, 0);
+ syswrite(FILE, join("", @records));
+ flock(FILE, 8);
+ close(FILE);
+ dnsmasq_rescan_configs();
+ return(0);
+}
+
+sub dnsmasq_rescan_configs {
+ # send the HUP signal to dnsmasq
+ if ( -r $dnsmasqpidfile ) {
+ open(PID,"<$dnsmasqpidfile") || die "Could not open PID file \"$dnsmasqpidfile\": $!\n";
+ my $pid = <PID>;
+ close(PID);
+ chomp $pid;
+ if ( kill(0, $pid) ) {
+ kill(1, $pid);
+ } else {
+ goto LOOKFORDNSMASQ;
+ }
+ } else {
+ LOOKFORDNSMASQ:
+ opendir(DIR,"/proc") || die "Couldn't opendir /proc: $!\n";
+ my @dirs = grep(/^\d+$/, readdir(DIR));
+ closedir(DIR);
+ foreach my $process (@dirs) {
+ if ( open(FILE,"</proc/$process/cmdline") ) {
+ my $cmdline = <FILE>;
+ close(FILE);
+ if ( (split(/\0/,$cmdline))[0] =~ /dnsmasq/ ) {
+ kill(1, $process);
+ }
+ }
+ }
+ }
+ return(0);
+}
diff --git a/contrib/lease-access/README b/contrib/lease-access/README
new file mode 100755
index 0000000..fc66bdf
--- /dev/null
+++ b/contrib/lease-access/README
@@ -0,0 +1,20 @@
+Hello,
+
+For some specific application I needed to deny access to a MAC address
+to a lease. For this reason I modified the dhcp-script behavior and is
+called with an extra parameter "access" once a dhcp request or discover
+is received. In that case if the exit code of the script is zero,
+dnsmasq continues normally, and if non-zero the packet is ignored.
+
+This was not added as a security feature but as a mean to handle
+differently some addresses. It is also quite intrusive since it requires
+changes in several other subsystems.
+
+It attach the patch in case someone is interested.
+
+regards,
+Nikos
+
+nmav@gennetsa.com
+
+
diff --git a/contrib/lease-access/lease.access.patch b/contrib/lease-access/lease.access.patch
new file mode 100755
index 0000000..ad76e25
--- /dev/null
+++ b/contrib/lease-access/lease.access.patch
@@ -0,0 +1,578 @@
+Index: src/dnsmasq.c
+===================================================================
+--- src/dnsmasq.c (revision 696)
++++ src/dnsmasq.c (revision 821)
+@@ -59,7 +59,6 @@
+ static int set_dns_listeners(time_t now, fd_set *set, int *maxfdp);
+ static void check_dns_listeners(fd_set *set, time_t now);
+ static void sig_handler(int sig);
+-static void async_event(int pipe, time_t now);
+ static void fatal_event(struct event_desc *ev);
+ static void poll_resolv(void);
+
+@@ -275,7 +274,7 @@
+ piperead = pipefd[0];
+ pipewrite = pipefd[1];
+ /* prime the pipe to load stuff first time. */
+- send_event(pipewrite, EVENT_RELOAD, 0);
++ send_event(pipewrite, EVENT_RELOAD, 0, 0);
+
+ err_pipe[1] = -1;
+
+@@ -340,7 +339,7 @@
+ }
+ else if (getuid() == 0)
+ {
+- send_event(err_pipe[1], EVENT_PIDFILE, errno);
++ send_event(err_pipe[1], EVENT_PIDFILE, errno, 0);
+ _exit(0);
+ }
+ }
+@@ -372,7 +371,7 @@
+ (setgroups(0, &dummy) == -1 ||
+ setgid(gp->gr_gid) == -1))
+ {
+- send_event(err_pipe[1], EVENT_GROUP_ERR, errno);
++ send_event(err_pipe[1], EVENT_GROUP_ERR, errno, 0);
+ _exit(0);
+ }
+
+@@ -415,14 +414,14 @@
+
+ if (bad_capabilities != 0)
+ {
+- send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities);
++ send_event(err_pipe[1], EVENT_CAP_ERR, bad_capabilities, 0);
+ _exit(0);
+ }
+
+ /* finally drop root */
+ if (setuid(ent_pw->pw_uid) == -1)
+ {
+- send_event(err_pipe[1], EVENT_USER_ERR, errno);
++ send_event(err_pipe[1], EVENT_USER_ERR, errno, 0);
+ _exit(0);
+ }
+
+@@ -434,7 +433,7 @@
+ /* lose the setuid and setgid capbilities */
+ if (capset(hdr, data) == -1)
+ {
+- send_event(err_pipe[1], EVENT_CAP_ERR, errno);
++ send_event(err_pipe[1], EVENT_CAP_ERR, errno, 0);
+ _exit(0);
+ }
+ #endif
+@@ -647,7 +646,7 @@
+ }
+
+ if (FD_ISSET(piperead, &rset))
+- async_event(piperead, now);
++ async_event(piperead, now, NULL, 0);
+
+ #ifdef HAVE_LINUX_NETWORK
+ if (FD_ISSET(daemon->netlinkfd, &rset))
+@@ -674,7 +673,7 @@
+ #endif
+
+ if (daemon->dhcp && FD_ISSET(daemon->dhcpfd, &rset))
+- dhcp_packet(now);
++ dhcp_packet(piperead, now);
+
+ #ifndef NO_FORK
+ if (daemon->helperfd != -1 && FD_ISSET(daemon->helperfd, &wset))
+@@ -719,17 +718,18 @@
+ else
+ return;
+
+- send_event(pipewrite, event, 0);
++ send_event(pipewrite, event, 0, 0);
+ errno = errsave;
+ }
+ }
+
+-void send_event(int fd, int event, int data)
++void send_event(int fd, int event, int data, int priv)
+ {
+ struct event_desc ev;
+
+ ev.event = event;
+ ev.data = data;
++ ev.priv = priv;
+
+ /* error pipe, debug mode. */
+ if (fd == -1)
+@@ -771,14 +771,17 @@
+ die(_("cannot open %s: %s"), daemon->log_file ? daemon->log_file : "log", EC_FILE);
+ }
+ }
+-
+-static void async_event(int pipe, time_t now)
++
++/* returns the private data of the event
++ */
++int async_event(int pipe, time_t now, struct event_desc* event, unsigned int secs)
+ {
+ pid_t p;
+ struct event_desc ev;
+ int i;
+
+- if (read_write(pipe, (unsigned char *)&ev, sizeof(ev), 1))
++ if (read_timeout(pipe, (unsigned char *)&ev, sizeof(ev), now, secs) > 0)
++ {
+ switch (ev.event)
+ {
+ case EVENT_RELOAD:
+@@ -872,6 +875,14 @@
+ flush_log();
+ exit(EC_GOOD);
+ }
++ }
++ else
++ return -1; /* timeout */
++
++ if (event)
++ memcpy( event, &ev, sizeof(ev));
++
++ return 0;
+ }
+
+ static void poll_resolv()
+Index: src/config.h
+===================================================================
+--- src/config.h (revision 696)
++++ src/config.h (revision 821)
+@@ -51,6 +51,8 @@
+ #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
+ #define LOG_MAX 5 /* log-queue length */
+ #define RANDFILE "/dev/urandom"
++#define SCRIPT_TIMEOUT 6
++#define LEASE_CHECK_TIMEOUT 10
+
+ /* DBUS interface specifics */
+ #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq"
+Index: src/dnsmasq.h
+===================================================================
+--- src/dnsmasq.h (revision 696)
++++ src/dnsmasq.h (revision 821)
+@@ -116,6 +116,7 @@
+ /* Async event queue */
+ struct event_desc {
+ int event, data;
++ unsigned int priv;
+ };
+
+ #define EVENT_RELOAD 1
+@@ -390,6 +391,7 @@
+ #define ACTION_OLD_HOSTNAME 2
+ #define ACTION_OLD 3
+ #define ACTION_ADD 4
++#define ACTION_ACCESS 5
+
+ #define DHCP_CHADDR_MAX 16
+
+@@ -709,6 +711,7 @@
+ char *print_mac(char *buff, unsigned char *mac, int len);
+ void bump_maxfd(int fd, int *max);
+ int read_write(int fd, unsigned char *packet, int size, int rw);
++int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs);
+
+ /* log.c */
+ void die(char *message, char *arg1, int exit_code);
+@@ -748,7 +751,7 @@
+
+ /* dhcp.c */
+ void dhcp_init(void);
+-void dhcp_packet(time_t now);
++void dhcp_packet(int piperead, time_t now);
+
+ struct dhcp_context *address_available(struct dhcp_context *context,
+ struct in_addr addr,
+@@ -792,14 +795,16 @@
+ void rerun_scripts(void);
+
+ /* rfc2131.c */
+-size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
++size_t dhcp_reply(int pipefd, struct dhcp_context *context, char *iface_name, int int_index,
+ size_t sz, time_t now, int unicast_dest, int *is_inform);
+
+ /* dnsmasq.c */
+ int make_icmp_sock(void);
+ int icmp_ping(struct in_addr addr);
+-void send_event(int fd, int event, int data);
++void send_event(int fd, int event, int data, int priv);
+ void clear_cache_and_reload(time_t now);
++int wait_for_child(int pipe);
++int async_event(int pipe, time_t now, struct event_desc*, unsigned int timeout);
+
+ /* isc.c */
+ #ifdef HAVE_ISC_READER
+@@ -832,9 +837,9 @@
+ /* helper.c */
+ #ifndef NO_FORK
+ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd);
+-void helper_write(void);
++int helper_write(void);
+ void queue_script(int action, struct dhcp_lease *lease,
+- char *hostname, time_t now);
++ char *hostname, time_t now, unsigned int uid);
+ int helper_buf_empty(void);
+ #endif
+
+Index: src/util.c
+===================================================================
+--- src/util.c (revision 696)
++++ src/util.c (revision 821)
+@@ -444,3 +444,38 @@
+ return 1;
+ }
+
++int read_timeout(int fd, unsigned char *packet, int size, time_t now, int secs)
++{
++ ssize_t n, done;
++ time_t expire;
++
++ expire = now + secs;
++
++ for (done = 0; done < size; done += n)
++ {
++ retry:
++ if (secs > 0) alarm(secs);
++ n = read(fd, &packet[done], (size_t)(size - done));
++
++ if (n == 0)
++ return 0;
++ else if (n == -1)
++ {
++ if (errno == EINTR) {
++ my_syslog(LOG_INFO, _("read timed out (errno %d)"), errno);
++ return 0;
++ }
++
++ if (retry_send() || errno == ENOMEM || errno == ENOBUFS || errno == EAGAIN)
++ {
++ if (secs == 0 || (secs > 0 && dnsmasq_time() < expire))
++ goto retry;
++ }
++
++ my_syslog(LOG_INFO, _("error in read (timeout %d, errno %d)"), secs, errno);
++ return 0;
++ }
++ }
++ return 1;
++}
++
+Index: src/dhcp.c
+===================================================================
+--- src/dhcp.c (revision 696)
++++ src/dhcp.c (revision 821)
+@@ -103,7 +103,7 @@
+ daemon->dhcp_packet.iov_base = safe_malloc(daemon->dhcp_packet.iov_len);
+ }
+
+-void dhcp_packet(time_t now)
++void dhcp_packet(int piperead, time_t now)
+ {
+ struct dhcp_packet *mess;
+ struct dhcp_context *context;
+@@ -239,7 +239,8 @@
+ if (!iface_enumerate(&parm, complete_context, NULL))
+ return;
+ lease_prune(NULL, now); /* lose any expired leases */
+- iov.iov_len = dhcp_reply(parm.current, ifr.ifr_name, iface_index, (size_t)sz,
++
++ iov.iov_len = dhcp_reply(piperead, parm.current, ifr.ifr_name, iface_index, (size_t)sz,
+ now, unicast_dest, &is_inform);
+ lease_update_file(now);
+ lease_update_dns();
+Index: src/helper.c
+===================================================================
+--- src/helper.c (revision 696)
++++ src/helper.c (revision 821)
+@@ -45,6 +45,7 @@
+ #endif
+ unsigned char hwaddr[DHCP_CHADDR_MAX];
+ char interface[IF_NAMESIZE];
++ unsigned int uid;
+ };
+
+ static struct script_data *buf = NULL;
+@@ -60,7 +61,7 @@
+ then fork our process. */
+ if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
+ {
+- send_event(err_fd, EVENT_PIPE_ERR, errno);
++ send_event(err_fd, EVENT_PIPE_ERR, errno, 0);
+ _exit(0);
+ }
+
+@@ -87,13 +88,13 @@
+ {
+ if (daemon->options & OPT_NO_FORK)
+ /* send error to daemon process if no-fork */
+- send_event(event_fd, EVENT_HUSER_ERR, errno);
++ send_event(event_fd, EVENT_HUSER_ERR, errno, 0);
+ else
+ {
+ /* kill daemon */
+- send_event(event_fd, EVENT_DIE, 0);
++ send_event(event_fd, EVENT_DIE, 0, 0);
+ /* return error */
+- send_event(err_fd, EVENT_HUSER_ERR, errno);;
++ send_event(err_fd, EVENT_HUSER_ERR, errno, 0);
+ }
+ _exit(0);
+ }
+@@ -122,6 +123,8 @@
+ action_str = "del";
+ else if (data.action == ACTION_ADD)
+ action_str = "add";
++ else if (data.action == ACTION_ACCESS)
++ action_str = "access";
+ else if (data.action == ACTION_OLD || data.action == ACTION_OLD_HOSTNAME)
+ action_str = "old";
+ else
+@@ -178,9 +181,11 @@
+ {
+ /* On error send event back to main process for logging */
+ if (WIFSIGNALED(status))
+- send_event(event_fd, EVENT_KILLED, WTERMSIG(status));
+- else if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
+- send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status));
++ send_event(event_fd, EVENT_KILLED, WTERMSIG(status), data.uid);
++ else if (WIFEXITED(status))
++ send_event(event_fd, EVENT_EXITED, WEXITSTATUS(status), data.uid);
++ else
++ send_event(event_fd, EVENT_EXITED, -1, data.uid);
+ break;
+ }
+
+@@ -263,7 +268,7 @@
+ err = errno;
+ }
+ /* failed, send event so the main process logs the problem */
+- send_event(event_fd, EVENT_EXEC_ERR, err);
++ send_event(event_fd, EVENT_EXEC_ERR, err, data.uid);
+ _exit(0);
+ }
+ }
+@@ -295,7 +300,7 @@
+ }
+
+ /* pack up lease data into a buffer */
+-void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now)
++void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t now, unsigned int uid)
+ {
+ unsigned char *p;
+ size_t size;
+@@ -332,6 +337,7 @@
+ buf_size = size;
+ }
+
++ buf->uid = uid;
+ buf->action = action;
+ buf->hwaddr_len = lease->hwaddr_len;
+ buf->hwaddr_type = lease->hwaddr_type;
+@@ -393,12 +399,15 @@
+ return bytes_in_buf == 0;
+ }
+
+-void helper_write(void)
++/* returns -1 if write failed for a reason, 1 if no data exist
++ * and 0 if everything was ok.
++ */
++int helper_write(void)
+ {
+ ssize_t rc;
+
+ if (bytes_in_buf == 0)
+- return;
++ return 1;
+
+ if ((rc = write(daemon->helperfd, buf, bytes_in_buf)) != -1)
+ {
+@@ -409,9 +418,11 @@
+ else
+ {
+ if (errno == EAGAIN || errno == EINTR)
+- return;
++ return -1;
+ bytes_in_buf = 0;
+ }
++
++ return 0;
+ }
+
+ #endif
+Index: src/rfc2131.c
+===================================================================
+--- src/rfc2131.c (revision 696)
++++ src/rfc2131.c (revision 821)
+@@ -100,8 +100,49 @@
+ int clid_len, unsigned char *clid, int *len_out);
+ static void match_vendor_opts(unsigned char *opt, struct dhcp_opt *dopt);
+
++static int check_access_script( int piperead, struct dhcp_lease *lease, struct dhcp_packet *mess, time_t now)
++{
++#ifndef NO_FORK
++unsigned int uid;
++struct event_desc ev;
++int ret;
++struct dhcp_lease _lease;
++
++ if (daemon->lease_change_command == NULL) return 0; /* ok */
++
++ if (!lease) { /* if host has not been seen before lease is NULL */
++ memset(&_lease, 0, sizeof(_lease));
++ lease = &_lease;
++ lease_set_hwaddr(lease, mess->chaddr, NULL, mess->hlen, mess->htype, 0);
++ }
++
++ uid = rand16();
++ queue_script(ACTION_ACCESS, lease, NULL, now, uid);
++
++ /* send all data to helper process */
++ do
++ {
++ helper_write();
++ } while (helper_buf_empty() == 0);
++
++ /* wait for our event */
++ ret = 0;
++ do
++ {
++ ret = async_event( piperead, now, &ev, SCRIPT_TIMEOUT);
++ }
++ while(ev.priv != uid && ret >= 0);
++
++ if (ret < 0 || ev.data != 0) /* timeout or error */
++ {
++ return -1;
++ }
++
++#endif
++ return 0; /* ok */
++}
+
+-size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
++size_t dhcp_reply(int piperead, struct dhcp_context *context, char *iface_name, int int_index,
+ size_t sz, time_t now, int unicast_dest, int *is_inform)
+ {
+ unsigned char *opt, *clid = NULL;
+@@ -252,7 +293,7 @@
+ mac->netid.next = netid;
+ netid = &mac->netid;
+ }
+-
++
+ /* Determine network for this packet. Our caller will have already linked all the
+ contexts which match the addresses of the receiving interface but if the
+ machine has an address already, or came via a relay, or we have a subnet selector,
+@@ -329,7 +370,7 @@
+ my_syslog(LOG_INFO, _("Available DHCP range: %s -- %s"), daemon->namebuff, inet_ntoa(context_tmp->end));
+ }
+ }
+-
++
+ mess->op = BOOTREPLY;
+
+ config = find_config(daemon->dhcp_conf, context, clid, clid_len,
+@@ -418,7 +459,7 @@
+ else
+ mess->yiaddr = lease->addr;
+ }
+-
++
+ if (!message &&
+ !lease &&
+ (!(lease = lease_allocate(mess->yiaddr))))
+@@ -641,7 +682,14 @@
+ memcpy(req_options, option_ptr(opt, 0), option_len(opt));
+ req_options[option_len(opt)] = OPTION_END;
+ }
+-
++
++ if (mess_type == DHCPREQUEST || mess_type == DHCPDISCOVER)
++ if (check_access_script(piperead, lease, mess, now) < 0)
++ {
++ my_syslog(LOG_INFO, _("Ignoring client due to access script"));
++ return 0;
++ }
++
+ switch (mess_type)
+ {
+ case DHCPDECLINE:
+Index: src/log.c
+===================================================================
+--- src/log.c (revision 696)
++++ src/log.c (revision 821)
+@@ -73,7 +73,7 @@
+
+ if (!log_reopen(daemon->log_file))
+ {
+- send_event(errfd, EVENT_LOG_ERR, errno);
++ send_event(errfd, EVENT_LOG_ERR, errno, 0);
+ _exit(0);
+ }
+
+Index: src/lease.c
+===================================================================
+--- src/lease.c (revision 696)
++++ src/lease.c (revision 821)
+@@ -511,7 +511,7 @@
+ if (lease->old_hostname)
+ {
+ #ifndef NO_FORK
+- queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now);
++ queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0);
+ #endif
+ free(lease->old_hostname);
+ lease->old_hostname = NULL;
+@@ -520,7 +520,7 @@
+ else
+ {
+ #ifndef NO_FORK
+- queue_script(ACTION_DEL, lease, lease->hostname, now);
++ queue_script(ACTION_DEL, lease, lease->hostname, now, 0);
+ #endif
+ old_leases = lease->next;
+
+@@ -540,7 +540,7 @@
+ if (lease->old_hostname)
+ {
+ #ifndef NO_FORK
+- queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now);
++ queue_script(ACTION_OLD_HOSTNAME, lease, lease->old_hostname, now, 0);
+ #endif
+ free(lease->old_hostname);
+ lease->old_hostname = NULL;
+@@ -552,7 +552,7 @@
+ (lease->aux_changed && (daemon->options & OPT_LEASE_RO)))
+ {
+ #ifndef NO_FORK
+- queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now);
++ queue_script(lease->new ? ACTION_ADD : ACTION_OLD, lease, lease->hostname, now, 0);
+ #endif
+ lease->new = lease->changed = lease->aux_changed = 0;
+
+Index: man/dnsmasq.8
+===================================================================
+--- man/dnsmasq.8 (revision 696)
++++ man/dnsmasq.8 (revision 821)
+@@ -724,12 +724,15 @@
+ .B \-6 --dhcp-script=<path>
+ Whenever a new DHCP lease is created, or an old one destroyed, the
+ binary specified by this option is run. The arguments to the process
+-are "add", "old" or "del", the MAC
++are "add", "old", "access" or "del", the MAC
+ address of the host (or "<null>"), the IP address, and the hostname,
+ if known. "add" means a lease has been created, "del" means it has
+ been destroyed, "old" is a notification of an existing lease when
+ dnsmasq starts or a change to MAC address or hostname of an existing
+ lease (also, lease length or expiry and client-id, if leasefile-ro is set).
++The "access" keyword means that a request was just received and depending
++on the script exit status request for address will be granted, if exit status
++is zero or not if it is non-zero.
+ The process is run as root (assuming that dnsmasq was originally run as
+ root) even if dnsmasq is configured to change UID to an unprivileged user.
+ The environment is inherited from the invoker of dnsmasq, and if the
diff --git a/contrib/openvpn/README b/contrib/openvpn/README
new file mode 100755
index 0000000..dd99600
--- /dev/null
+++ b/contrib/openvpn/README
@@ -0,0 +1,44 @@
+The patch I have attached lets me get the behavior I wish out of
+dnsmasq. I also include my version of dhclient-enter-hooks as
+required for the switchover from pre-dnsmasq and dhclient.
+
+On 8/16/05, Joseph Tate <dragonstrider@gmail.com> wrote:
+> I'm trying to use dnsmasq on a laptop in order to facilitate openvpn
+> connections. As such, the only configuration option I'm concerned
+> about is a single server=3D/example.com/192.168.0.1 line.
+>
+> The way I currently have it set up is I modified dhclient to write its
+> resolv.conf data to /etc/resolv.conf.dhclient and configured
+> /etc/dnsmasq.conf to look there for its upstream dns servers.
+> /etc/resolv.conf is set to nameserver 127.0.0.1
+>
+> All of this works great. When I start the openvpn service, it the
+> routes, and queries to the domain in the server=3D line work just fine.
+>
+> The only problem is that the hostname for my system doesn't get set
+> correctly. With the resolv.conf data written to something other than
+> /etc/resolv.conf, the ifup scripts don't have a valid dns server to do
+> the ipcalc call to set the laptop's hostname. If I start dnsmasq
+> before the network comes up, something gets fubar'd. I'm not sure how
+> to describe it exactly, but network services are slow to load, and
+> restarting networking and dnsmasq doesn't solve the problem. Perhaps
+> dnsmasq is answering the dhcp request when the network starts?
+> Certainly not desired behavior.
+>
+> Anyway, my question: is there a way to have the best of both worlds?
+> DHCP requests to another server, and DNS lookups that work at all
+> times?
+>
+> My current best idea on how to solve this problem is modifying the
+> dnsmasq initscript to tweak /etc/dhclient-enter-hooks to change where
+> dhclient writes resolv.conf data, and fixing up /etc/resolv.conf on
+> the fly to set 127.0.0.1 to the nameserver (and somehow keep the
+> search domains intact), but I'm hoping that I'm just missing some key
+> piece of the puzzle and that this problem has been solved before. Any
+> insights?
+>
+> --
+> Joseph Tate
+> Personal e-mail: jtate AT dragonstrider DOT com
+> Web: http://www.dragonstrider.com
+>
diff --git a/contrib/openvpn/dhclient-enter-hooks b/contrib/openvpn/dhclient-enter-hooks
new file mode 100755
index 0000000..cb78e2a
--- /dev/null
+++ b/contrib/openvpn/dhclient-enter-hooks
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+function save_previous() {
+ if [ -e $1 -a ! -e $1.predhclient ]; then
+ mv $1 $1.predhclient
+ fi
+}
+
+function write_resolv_conf() {
+ RESOLVCONF=$1
+ if [ -n "$new_domain_name" ] || [ -n "$new_domain_name_servers" ]; then
+ save_previous $RESOLVCONF
+ echo '; generated by /etc/dhclient-enter-hooks' > $RESOLVCONF
+ if [ -n "$SEARCH" ]; then
+ echo search $SEARCH >> $RESOLVCONF
+ else
+ if [ -n "$new_domain_name" ]; then
+ echo search $new_domain_name >> $RESOLVCONF
+ fi
+ fi
+ chmod 644 $RESOLVCONF
+ for nameserver in $new_domain_name_servers; do
+ echo nameserver $nameserver >>$RESOLVCONF
+ done
+ fi
+}
+
+make_resolv_conf() {
+ write_resolv_conf /etc/resolv.conf
+}
diff --git a/contrib/openvpn/dnsmasq.patch b/contrib/openvpn/dnsmasq.patch
new file mode 100755
index 0000000..5c11881
--- /dev/null
+++ b/contrib/openvpn/dnsmasq.patch
@@ -0,0 +1,61 @@
+--- dnsmasq-2.22/rpm/dnsmasq.rh 2005-03-24 09:51:18.000000000 -0500
++++ dnsmasq-2.22/rpm/dnsmasq.rh.new 2005-08-25 10:52:04.310568784 -0400
+@@ -2,7 +2,7 @@
+ #
+ # Startup script for the DNS caching server
+ #
+-# chkconfig: 2345 99 01
++# chkconfig: 2345 07 89
+ # description: This script starts your DNS caching server
+ # processname: dnsmasq
+ # pidfile: /var/run/dnsmasq.pid
+@@ -10,6 +10,25 @@
+ # Source function library.
+ . /etc/rc.d/init.d/functions
+
++function setup_dhclient_enter_hooks() {
++ if [ -f /etc/dhclient-enter-hooks ]; then
++ . /etc/dhclient-enter-hooks
++ cp /etc/resolv.conf /etc/resolv.conf.dnsmasq
++ cp /etc/dhclient-enter-hooks /etc/dhclient-enter-hooks.dnsmasq
++ sed -e 's/resolv\.conf$/resolv.conf.dnsmasq/' /etc/dhclient-enter-hooks.dnsmasq > /etc/dhclient-enter-hooks
++ sed -e 's/\(nameserver[ tab]\+\)[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/\1127.0.0.1/' /etc/resolv.conf.dnsmasq > /etc/resolv.conf
++ fi
++}
++
++function teardown_dhclient_enter_hooks() {
++ if [ -f /etc/dhclient-enter-hooks -a -f /etc/dhclient-enter-hooks.dnsmasq ]; then
++ if [ -f /etc/resolv.conf.dnsmasq ]; then
++ mv /etc/resolv.conf.dnsmasq /etc/resolv.conf
++ fi
++ mv /etc/dhclient-enter-hooks.dnsmasq /etc/dhclient-enter-hooks
++ fi
++}
++
+ # Source networking configuration.
+ . /etc/sysconfig/network
+
+@@ -24,7 +43,7 @@
+ MAILHOSTNAME=""
+ # change this line if you want dns to get its upstream servers from
+ # somewhere other that /etc/resolv.conf
+-RESOLV_CONF=""
++RESOLV_CONF="/etc/resolv.conf.dnsmasq"
+ # change this if you want dnsmasq to cache any "hostname" or "client-hostname" from
+ # a dhcpd's lease file
+@@ -54,6 +73,7 @@
+ case "$1" in
+ start)
+ echo -n "Starting dnsmasq: "
++ setup_dhclient_enter_hooks
+ daemon $dnsmasq $OPTIONS
+ RETVAL=$?
+ echo
+@@ -62,6 +82,7 @@
+ stop)
+ if test "x`pidof dnsmasq`" != x; then
+ echo -n "Shutting down dnsmasq: "
++ teardown_dhclient_enter_hooks
+ killproc dnsmasq
+ fi
+ RETVAL=$?
diff --git a/contrib/port-forward/dnsmasq-portforward b/contrib/port-forward/dnsmasq-portforward
new file mode 100755
index 0000000..f9bb857
--- /dev/null
+++ b/contrib/port-forward/dnsmasq-portforward
@@ -0,0 +1,68 @@
+#!/bin/bash
+#
+# /usr/sbin/dnsmasq-portforward
+#
+# A script which gets run when the dnsmasq DHCP lease database changes.
+# It logs to $LOGFILE, if it exists, and maintains port-forwards using
+# IP-tables so that they always point to the correct host. See
+# $PORTSFILE for details on configuring this. dnsmasq must be version 2.34
+# or later.
+#
+# To enable this script, add
+# dhcp-script=/usr/sbin/dnsmasq-portforward
+# to /etc/dnsmasq.conf
+#
+# To enable logging, touch $LOGFILE
+#
+
+PORTSFILE=/etc/portforward
+LOGFILE=/var/log/dhcp.log
+IPTABLES=/sbin/iptables
+
+action=${1:-0}
+hostname=${4}
+
+# log what's going on.
+if [ -f ${LOGFILE} ] ; then
+ date +"%D %T $*" >>${LOGFILE}
+fi
+
+# If a lease gets stripped of a name, we see that as an "old" action
+# with DNSMASQ_OLD_HOSTNAME set, convert it into a "del"
+if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then
+ action=del
+ hostname=${DNSMASQ_OLD_HOSTNAME}
+fi
+
+# action init is not relevant, and will only be seen when leasefile-ro is set.
+if [ ${action} = init ] ; then
+ exit 0
+fi
+
+if [ ${hostname} ]; then
+ ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE})
+
+ for port in $ports; do
+ verb=removed
+ protocol=tcp
+ if [ ${port:0:1} = u ] ; then
+ protocol=udp
+ port=${port/u/}
+ fi
+ src=${port/:*/}
+ dst=${port/*:/}
+# delete first, to avoid multiple copies of rules.
+ ${IPTABLES} -t nat -D PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst
+ if [ ${action} != del ] ; then
+ ${IPTABLES} -t nat -A PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst
+ verb=added
+ fi
+ if [ -f ${LOGFILE} ] ; then
+ echo " DNAT $protocol $src to ${3}:$dst ${verb}." >>${LOGFILE}
+ fi
+ done
+fi
+
+exit 0
+
+
diff --git a/contrib/port-forward/portforward b/contrib/port-forward/portforward
new file mode 100755
index 0000000..1a97c3a
--- /dev/null
+++ b/contrib/port-forward/portforward
@@ -0,0 +1,28 @@
+# This file is read by /usr/sbin/dnsmasq-portforward and used to set up port
+# forwarding to hostnames. If the dnsmasq-determined hostname matches the
+# first column of this file, then a DNAT port-forward will be set up
+# to the address which has just been allocated by DHCP . The second field
+# is port number(s). If there is only one, then the port-forward goes to
+# the same port on the DHCP-client, if there are two seperated with a
+# colon, then the second number is the port to which the connection
+# is forwarded on the DHCP-client. By default, forwarding is set up
+# for TCP, but it can done for UDP instead by prefixing the port to "u".
+# To forward both TCP and UDP, two lines are required.
+#
+# eg.
+# wwwserver 80
+# will set up a port forward from port 80 on this host to port 80
+# at the address allocated to wwwserver whenever wwwserver gets a DHCP lease.
+#
+# wwwserver 8080:80
+# will set up a port forward from port 8080 on this host to port 80
+# on the DHCP-client.
+#
+# dnsserver 53
+# dnsserver u53
+# will port forward port 53 UDP and TCP from this host to port 53 on dnsserver.
+#
+# Port forwards will recreated when dnsmasq restarts after a reboot, and
+# removed when DHCP leases expire. After editing this file, send
+# SIGHUP to dnsmasq to install new iptables entries in the kernel.
+
diff --git a/contrib/slackware-dnsmasq/dnsmasq.SlackBuild b/contrib/slackware-dnsmasq/dnsmasq.SlackBuild
new file mode 100755
index 0000000..c5ba083
--- /dev/null
+++ b/contrib/slackware-dnsmasq/dnsmasq.SlackBuild
@@ -0,0 +1,56 @@
+#!/bin/sh
+CWD=`pwd`
+PKG=/tmp/package-dnsmasq
+
+VERSION=2.24
+ARCH=${ARCH:-i486}
+BUILD=${BUILD:-1}
+
+if [ "$ARCH" = "i386" ]; then
+ SLKCFLAGS="-O2 -march=i386 -mcpu=i686"
+elif [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mcpu=i686"
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2"
+fi
+
+rm -rf $PKG
+mkdir -p $PKG
+cd /tmp
+rm -rf dnsmasq-$VERSION
+tar xzvf $CWD/dnsmasq-$VERSION.tar.gz
+cd dnsmasq-$VERSION
+zcat $CWD/dnsmasq.leasedir.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit
+chown -R root.root .
+make install-i18n PREFIX=/usr DESTDIR=$PKG MANDIR=/usr/man
+chmod 755 $PKG/usr/sbin/dnsmasq
+chown -R root.bin $PKG/usr/sbin
+gzip -9 $PKG/usr/man/man8/dnsmasq.8
+for f in $PKG/usr/share/man/*; do
+ if [ -f $$f/man8/dnsmasq.8 ]; then
+ gzip -9 $$f/man8/dnsmasq.8 ;
+ fi
+done
+gzip -9 $PKG/usr/man/*/man8/dnsmasq.8
+mkdir -p $PKG/var/state/dnsmasq
+( cd $PKG
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+)
+mkdir $PKG/etc
+cat dnsmasq.conf.example > $PKG/etc/dnsmasq.conf.new
+mkdir $PKG/etc/rc.d
+zcat $CWD/rc.dnsmasq.gz > $PKG/etc/rc.d/rc.dnsmasq.new
+mkdir -p $PKG/usr/doc/dnsmasq-$VERSION
+cp -a \
+ CHANGELOG COPYING FAQ UPGRADING_to_2.0 doc.html setup.html \
+ $PKG/usr/doc/dnsmasq-$VERSION
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+
+cd $PKG
+makepkg -l y -c n ../dnsmasq-$VERSION-$ARCH-$BUILD.tgz
+
diff --git a/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz b/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz
new file mode 100755
index 0000000..22fc32b
--- /dev/null
+++ b/contrib/slackware-dnsmasq/dnsmasq.leasedir.diff.gz
Binary files differ
diff --git a/contrib/slackware-dnsmasq/doinst.sh.gz b/contrib/slackware-dnsmasq/doinst.sh.gz
new file mode 100755
index 0000000..3b44227
--- /dev/null
+++ b/contrib/slackware-dnsmasq/doinst.sh.gz
Binary files differ
diff --git a/contrib/slackware-dnsmasq/rc.dnsmasq.gz b/contrib/slackware-dnsmasq/rc.dnsmasq.gz
new file mode 100755
index 0000000..a86abbb
--- /dev/null
+++ b/contrib/slackware-dnsmasq/rc.dnsmasq.gz
Binary files differ
diff --git a/contrib/slackware-dnsmasq/slack-desc b/contrib/slackware-dnsmasq/slack-desc
new file mode 100755
index 0000000..0a0c577
--- /dev/null
+++ b/contrib/slackware-dnsmasq/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in. You must make
+# exactly 11 lines for the formatting to be correct. It's also customary to
+# leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+dnsmasq: dnsmasq (small DNS and DHCP server)
+dnsmasq:
+dnsmasq: Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
+dnsmasq: server. It is designed to provide DNS (and optionally DHCP) to a
+dnsmasq: small network, and can serve the names of local machines which are not
+dnsmasq: in the global DNS.
+dnsmasq:
+dnsmasq: Dnsmasq was written by Simon Kelley.
+dnsmasq:
+dnsmasq:
+dnsmasq:
diff --git a/contrib/try-all-ns/README b/contrib/try-all-ns/README
new file mode 100755
index 0000000..224d554
--- /dev/null
+++ b/contrib/try-all-ns/README
@@ -0,0 +1,19 @@
+Date: Thu, 07 Dec 2006 00:41:43 -0500
+From: Bob Carroll <bob.carroll@rit.edu>
+Subject: dnsmasq suggestion
+To: simon@thekelleys.org.uk
+
+
+Hello,
+
+I recently needed a feature in dnsmasq for a very bizarre situation. I
+placed a list of name servers in a special resolve file and told dnsmasq
+to use that. But I wanted it to try requests in order and treat NXDOMAIN
+requests as a failed tcp connection. I wrote the feature into dnsmasq
+and it seems to work. I prepared a patch in the event that others might
+find it useful as well.
+
+Thanks and keep up the good work.
+
+--Bob
+
diff --git a/contrib/try-all-ns/README-2.47 b/contrib/try-all-ns/README-2.47
new file mode 100755
index 0000000..3ebec65
--- /dev/null
+++ b/contrib/try-all-ns/README-2.47
@@ -0,0 +1,11 @@
+A remake of patch Bob Carroll had posted to dnsmasq,
+now compatible with version 2.47. Hopefully he doesn't
+mind (sending a copy of this mail to him too).
+
+Maybe the patch in question is not acceptible
+as it doesn't add new switch, rather it binds itself to "strict-order".
+
+What it does is: if you have strict-order in the
+dnsmasq config file and query a domain that would result
+in NXDOMAIN, it iterates the whole given nameserver list
+until the last one says NXDOMAIN.
diff --git a/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch b/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch
new file mode 100755
index 0000000..ec3f3e0
--- /dev/null
+++ b/contrib/try-all-ns/dnsmasq-2.35-try-all-ns.patch
@@ -0,0 +1,61 @@
+diff -Nau dnsmasq-2.35/src/dnsmasq.h dnsmasq/src/dnsmasq.h
+--- dnsmasq-2.35/src/dnsmasq.h 2006-10-18 16:24:50.000000000 -0400
++++ dnsmasq/src/dnsmasq.h 2006-11-16 22:06:31.000000000 -0500
+@@ -112,6 +112,7 @@
+ #define OPT_NO_PING 2097152
+ #define OPT_LEASE_RO 4194304
+ #define OPT_RELOAD 8388608
++#define OPT_TRY_ALL_NS 16777216
+
+ struct all_addr {
+ union {
+diff -Nau dnsmasq-2.35/src/forward.c dnsmasq/src/forward.c
+--- dnsmasq-2.35/src/forward.c 2006-10-18 16:24:50.000000000 -0400
++++ dnsmasq/src/forward.c 2006-11-16 22:08:19.000000000 -0500
+@@ -445,6 +445,10 @@
+ {
+ struct server *server = forward->sentto;
+
++ // If strict-order and try-all-ns are set, treat NXDOMAIN as a failed request
++ if( (daemon->options & OPT_ORDER) && (daemon->options && OPT_TRY_ALL_NS)
++ && header->rcode == NXDOMAIN ) header->rcode = SERVFAIL;
++
+ if ((header->rcode == SERVFAIL || header->rcode == REFUSED) && forward->forwardall == 0)
+ /* for broken servers, attempt to send to another one. */
+ {
+diff -Nau dnsmasq-2.35/src/option.c dnsmasq/src/option.c
+--- dnsmasq-2.35/src/option.c 2006-10-18 16:24:50.000000000 -0400
++++ dnsmasq/src/option.c 2006-11-16 22:10:36.000000000 -0500
+@@ -28,7 +28,7 @@
+
+ /* options which don't have a one-char version */
+ #define LOPT_RELOAD 256
+-
++#define LOPT_TRY_ALL_NS 257
+
+ #ifdef HAVE_GETOPT_LONG
+ static const struct option opts[] =
+@@ -102,6 +102,7 @@
+ {"leasefile-ro", 0, 0, '9'},
+ {"dns-forward-max", 1, 0, '0'},
+ {"clear-on-reload", 0, 0, LOPT_RELOAD },
++ {"try-all-ns", 0, 0, LOPT_TRY_ALL_NS },
+ { NULL, 0, 0, 0 }
+ };
+
+@@ -134,6 +135,7 @@
+ { '5', OPT_NO_PING },
+ { '9', OPT_LEASE_RO },
+ { LOPT_RELOAD, OPT_RELOAD },
++ { LOPT_TRY_ALL_NS,OPT_TRY_ALL_NS },
+ { 'v', 0},
+ { 'w', 0},
+ { 0, 0 }
+@@ -208,6 +210,7 @@
+ { "-9, --leasefile-ro", gettext_noop("Read leases at startup, but never write the lease file."), NULL },
+ { "-0, --dns-forward-max=<queries>", gettext_noop("Maximum number of concurrent DNS queries. (defaults to %s)"), "!" },
+ { " --clear-on-reload", gettext_noop("Clear DNS cache when reloading %s."), RESOLVFILE },
++ { " --try-all-ns", gettext_noop("Try all name servers in tandem on NXDOMAIN replies (use with strict-order)."), NULL },
+ { NULL, NULL, NULL }
+ };
+
diff --git a/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch b/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch
new file mode 100755
index 0000000..7586003
--- /dev/null
+++ b/contrib/try-all-ns/dnsmasq-2.47_no_nxdomain_until_end.patch
@@ -0,0 +1,17 @@
+diff -ur dnsmasq-2.47/src/forward.c dnsmasq-2.47-patched/src/forward.c
+--- dnsmasq-2.47/src/forward.c 2009-02-01 17:59:48.000000000 +0200
++++ dnsmasq-2.47-patched/src/forward.c 2009-03-18 19:10:22.000000000 +0200
+@@ -488,9 +488,12 @@
+ return;
+
+ server = forward->sentto;
++
++ if ( (header->rcode == NXDOMAIN) && ((daemon->options & OPT_ORDER) != 0) && (server->next != NULL) )
++ header->rcode = SERVFAIL;
+
+ if ((header->rcode == SERVFAIL || header->rcode == REFUSED) &&
+- !(daemon->options & OPT_ORDER) &&
++ ((daemon->options & OPT_ORDER) != 0) &&
+ forward->forwardall == 0)
+ /* for broken servers, attempt to send to another one. */
+ {
diff --git a/contrib/webmin/README b/contrib/webmin/README
new file mode 100755
index 0000000..8a8f937
--- /dev/null
+++ b/contrib/webmin/README
@@ -0,0 +1,54 @@
+
+This is the README for the DNSmasq webmin module.
+
+Problems:
+
+1) There's only basic error checking - if you enter some bad
+addresses or names, they will go straight into the config file
+although we do check for things like IP addresses being of
+the correct form (no letters, 4 groups of up to 3 digits
+separated by dots etc). One thing that ISN'T CHECKED FOR is
+that IP dotted quads are all numbers < 256. Another is that
+netmasks are logical (you could enter a netmask of 255.0.255.0
+for example). Essentially, if it'll pass the config file
+regex scanner (and the above examples will), it won't be
+flagged as "bad" even if it is a big no-no for dnsmasq itself.
+
+2) Code is ugly and a kludge - I ain't a programmer! There are probably
+a lot of things that could be done to tidy up the code - eg,
+it probably wouldn't hurt to move some common stuff into the lib file.
+
+3) I've used the %text hash and written an english lang file, but
+I am mono-lingual so no other language support as yet.
+
+4) for reasons unknown to me, the icon does not appear properly
+on the servers page of webmin (at least it doesn't for me!)
+
+5) icons have been shamelessly stolen from the ipfilter module,
+specifically the up and down arrows.
+
+6) if you delete an item, the config file will contain
+an otherwise empty, but commented line. This means that if
+you add some new stuff, then delete it, the config file
+will have a number of lines at the end that are just comments.
+Therefore, the config file could possibly grow quite large.
+
+7) NO INCLUDE FILES!
+if you use an include file, it'll be flagged as an error.
+OK if the include file line is commented out though.
+
+8) deprecated lines not supported (eg user and group) - they
+may produce an error! (user and group don't, but you can't change
+them)
+
+IOW, it works, it's just not very elegant and not very robust.
+
+Hope you find it useful though - I do, as I prevents me having to ever
+wade through the config file and man pages again.
+
+If you modify it, or add a language file, and you have a spare moment,
+please e-mail me - I won't be upset at all if you fix my poor coding!
+(rather the opposite - I'd be pleased someone found it usefull)
+
+Cheers,
+ Neil Fisher <neil@magnecor.com.au>
diff --git a/contrib/webmin/dnsmasq.wbm b/contrib/webmin/dnsmasq.wbm
new file mode 100755
index 0000000..7307e23
--- /dev/null
+++ b/contrib/webmin/dnsmasq.wbm
Binary files differ
diff --git a/contrib/wrt/Makefile b/contrib/wrt/Makefile
new file mode 100755
index 0000000..68e8d32
--- /dev/null
+++ b/contrib/wrt/Makefile
@@ -0,0 +1,6 @@
+CFLAGS?= -O2 -Wall -W
+
+all: dhcp_release dhcp_lease_time
+
+clean:
+ rm -f *~ *.o core dhcp_release dhcp_lease_time
diff --git a/contrib/wrt/README b/contrib/wrt/README
new file mode 100755
index 0000000..862046f
--- /dev/null
+++ b/contrib/wrt/README
@@ -0,0 +1,81 @@
+This script can be used to implement persistent leases on openWRT, DD-WRT
+etc. Persistent leases are good: if the lease database is lost on a
+reboot, then it will eventually be restored as hosts renew their
+leases. Until a host renews (which may take hours/days) it will
+not exist in the DNS if dnsmasq's DDNS function is in use.
+
+*WRT systems remount all non-volatile fileystems read-only after boot,
+so the normal leasefile will not work. They do, however have NV
+storage, accessed with the nvram command:
+
+/usr/lib # nvram
+usage: nvram [get name] [set name=value] [unset name] [show]
+
+The principle is that leases are kept in NV variable with data
+corresponding to the line in a leasefile:
+
+dnsmasq_lease_192.168.1.56=3600 00:41:4a:05:80:74 192.168.1.56 * *
+
+By giving dnsmasq the leasefile-ro command, it no longer creates or writes a
+leasefile; responsibility for maintaining the lease database transfers
+to the lease change script. At startup, in leasefile-ro mode,
+dnsmasq will run
+
+"<lease_change_script> init"
+
+and read whatever that command spits out, expecting it to
+be in dnsmasq leasefile format.
+
+So the lease change script, given "init" as argv[1] will
+suck existing leases out of the NVRAM and emit them from
+stdout in the correct format.
+
+The second part of the problem is keeping the NVRAM up-to-date: this
+is done by the lease-change script which dnsmasq runs when a lease is
+updated. When it is called with argv[1] as "old", "add", or "del"
+it updates the relevant nvram entry.
+
+So, dnsmasq should be run as :
+
+dnsmasq --leasefile-ro --dhcp-script=/path/to/lease_update.sh
+
+or the same flags added to /etc/dnsmasq.conf
+
+
+
+Notes:
+
+This needs dnsmasq-2.33 or later to work.
+
+This technique will work with, or without, compilation with
+HAVE_BROKEN_RTC. Compiling with HAVE_BROKEN_RTC is
+_highly_recommended_ for this application since is avoids problems
+with the system clock being warped by NTP, and it vastly reduces the
+number of writes to the NVRAM. With HAVE_BROKEN_RTC, NVRAM is updated
+only when a lease is created or destroyed; without it, a write occurs
+every time a lease is renewed.
+
+It probably makes sense to restrict the number of active DHCP leases
+to an appropriate number using dhcp-lease-max. On a new DD_WRT system,
+there are about 10K bytes free in the NVRAM. Each lease record is
+about 100 bytes, so restricting the number of leases to 50 will limit
+use to half that. (The default limit in the distributed source is 150)
+
+Any UI script which reads the dnsmasq leasefile will have to be
+ammended, probably by changing it to read the output of
+`lease_update init` instead.
+
+
+Thanks:
+
+To Steve Horbachuk for checks on the script and debugging beyond the
+call of duty.
+
+
+Simon Kelley
+Fri Jul 28 11:51:13 BST 2006
+
+
+
+
+
diff --git a/contrib/wrt/dhcp_lease_time.c b/contrib/wrt/dhcp_lease_time.c
new file mode 100755
index 0000000..2866bb5
--- /dev/null
+++ b/contrib/wrt/dhcp_lease_time.c
@@ -0,0 +1,214 @@
+/* Copyright (c) 2007 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 dated June, 1991.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+*/
+
+/* dhcp_lease_time <address> */
+
+/* Send a DHCPINFORM message to a dnsmasq server running on the local host
+ and print (to stdout) the time remaining in any lease for the given
+ address. The time is given as string printed to stdout.
+
+ If an error occurs or no lease exists for the given address,
+ nothing is sent to stdout a message is sent to stderr and a
+ non-zero error code is returned.
+
+ Requires dnsmasq 2.40 or later.
+*/
+
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <net/if_arp.h>
+#include <sys/ioctl.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <errno.h>
+
+#define DHCP_CHADDR_MAX 16
+#define BOOTREQUEST 1
+#define DHCP_COOKIE 0x63825363
+#define OPTION_PAD 0
+#define OPTION_LEASE_TIME 51
+#define OPTION_OVERLOAD 52
+#define OPTION_MESSAGE_TYPE 53
+#define OPTION_END 255
+#define DHCPINFORM 8
+#define DHCP_SERVER_PORT 67
+
+#define option_len(opt) ((int)(((unsigned char *)(opt))[1]))
+#define option_ptr(opt) ((void *)&(((unsigned char *)(opt))[2]))
+
+
+typedef unsigned char u8;
+typedef unsigned short u16;
+typedef unsigned int u32;
+
+struct dhcp_packet {
+ u8 op, htype, hlen, hops;
+ u32 xid;
+ u16 secs, flags;
+ struct in_addr ciaddr, yiaddr, siaddr, giaddr;
+ u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128];
+ u32 cookie;
+ unsigned char options[308];
+};
+
+static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt, int minsize)
+{
+ while (*p != OPTION_END)
+ {
+ if (p >= end)
+ return NULL; /* malformed packet */
+ else if (*p == OPTION_PAD)
+ p++;
+ else
+ {
+ int opt_len;
+ if (p >= end - 2)
+ return NULL; /* malformed packet */
+ opt_len = option_len(p);
+ if (p >= end - (2 + opt_len))
+ return NULL; /* malformed packet */
+ if (*p == opt && opt_len >= minsize)
+ return p;
+ p += opt_len + 2;
+ }
+ }
+
+ return opt == OPTION_END ? p : NULL;
+}
+
+static unsigned char *option_find(struct dhcp_packet *mess, size_t size, int opt_type, int minsize)
+{
+ unsigned char *ret, *overload;
+
+ /* skip over DHCP cookie; */
+ if ((ret = option_find1(&mess->options[0], ((unsigned char *)mess) + size, opt_type, minsize)))
+ return ret;
+
+ /* look for overload option. */
+ if (!(overload = option_find1(&mess->options[0], ((unsigned char *)mess) + size, OPTION_OVERLOAD, 1)))
+ return NULL;
+
+ /* Can we look in filename area ? */
+ if ((overload[2] & 1) &&
+ (ret = option_find1(&mess->file[0], &mess->file[128], opt_type, minsize)))
+ return ret;
+
+ /* finally try sname area */
+ if ((overload[2] & 2) &&
+ (ret = option_find1(&mess->sname[0], &mess->sname[64], opt_type, minsize)))
+ return ret;
+
+ return NULL;
+}
+
+static unsigned int option_uint(unsigned char *opt, int size)
+{
+ /* this worries about unaligned data and byte order */
+ unsigned int ret = 0;
+ int i;
+ unsigned char *p = option_ptr(opt);
+
+ for (i = 0; i < size; i++)
+ ret = (ret << 8) | *p++;
+
+ return ret;
+}
+
+int main(int argc, char **argv)
+{
+ struct in_addr lease;
+ struct dhcp_packet packet;
+ unsigned char *p = packet.options;
+ struct sockaddr_in dest;
+ int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ ssize_t rc;
+
+ if (argc < 2)
+ {
+ fprintf(stderr, "usage: dhcp_lease_time <address>\n");
+ exit(1);
+ }
+
+ if (fd == -1)
+ {
+ perror("cannot create socket");
+ exit(1);
+ }
+
+ lease.s_addr = inet_addr(argv[1]);
+
+ memset(&packet, 0, sizeof(packet));
+
+ packet.hlen = 0;
+ packet.htype = 0;
+
+ packet.op = BOOTREQUEST;
+ packet.ciaddr = lease;
+ packet.cookie = htonl(DHCP_COOKIE);
+
+ *(p++) = OPTION_MESSAGE_TYPE;
+ *(p++) = 1;
+ *(p++) = DHCPINFORM;
+
+ *(p++) = OPTION_END;
+
+ dest.sin_family = AF_INET;
+ dest.sin_addr.s_addr = inet_addr("127.0.0.1");
+ dest.sin_port = ntohs(DHCP_SERVER_PORT);
+
+ if (sendto(fd, &packet, sizeof(packet), 0,
+ (struct sockaddr *)&dest, sizeof(dest)) == -1)
+ {
+ perror("sendto failed");
+ exit(1);
+ }
+
+ alarm(3); /* noddy timeout. */
+
+ rc = recv(fd, &packet, sizeof(packet), 0);
+
+ if (rc < (ssize_t)(sizeof(packet) - sizeof(packet.options)))
+ {
+ perror("recv failed");
+ exit(1);
+ }
+
+ if ((p = option_find(&packet, (size_t)rc, OPTION_LEASE_TIME, 4)))
+ {
+ unsigned int t = option_uint(p, 4);
+ if (t == 0xffffffff)
+ printf("infinite");
+ else
+ {
+ unsigned int x;
+ if ((x = t/86400))
+ printf("%dd", x);
+ if ((x = (t/3600)%24))
+ printf("%dh", x);
+ if ((x = (t/60)%60))
+ printf("%dm", x);
+ if ((x = t%60))
+ printf("%ds", x);
+ }
+ return 0;
+ }
+
+ return 1; /* no lease */
+}
diff --git a/contrib/wrt/dhcp_release.c b/contrib/wrt/dhcp_release.c
new file mode 100755
index 0000000..c66d3a0
--- /dev/null
+++ b/contrib/wrt/dhcp_release.c
@@ -0,0 +1,331 @@
+/* Copyright (c) 2006 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 dated June, 1991.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+*/
+
+/* dhcp_release <interface> <address> <MAC address> <client_id>
+ MUST be run as root - will fail otherwise. */
+
+/* Send a DHCPRELEASE message via the specified interface
+ to tell the local DHCP server to delete a particular lease.
+
+ The interface argument is the interface in which a DHCP
+ request _would_ be received if it was coming from the client,
+ rather than being faked up here.
+
+ The address argument is a dotted-quad IP addresses and mandatory.
+
+ The MAC address is colon separated hex, and is mandatory. It may be
+ prefixed by an address-type byte followed by -, eg
+
+ 10-11:22:33:44:55:66
+
+ but if the address-type byte is missing it is assumed to be 1, the type
+ for ethernet. This encoding is the one used in dnsmasq lease files.
+
+ The client-id is optional. If it is "*" then it treated as being missing.
+*/
+
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <net/if_arp.h>
+#include <sys/ioctl.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <errno.h>
+
+#define DHCP_CHADDR_MAX 16
+#define BOOTREQUEST 1
+#define DHCP_COOKIE 0x63825363
+#define OPTION_SERVER_IDENTIFIER 54
+#define OPTION_CLIENT_ID 61
+#define OPTION_MESSAGE_TYPE 53
+#define OPTION_END 255
+#define DHCPRELEASE 7
+#define DHCP_SERVER_PORT 67
+
+typedef unsigned char u8;
+typedef unsigned short u16;
+typedef unsigned int u32;
+
+struct dhcp_packet {
+ u8 op, htype, hlen, hops;
+ u32 xid;
+ u16 secs, flags;
+ struct in_addr ciaddr, yiaddr, siaddr, giaddr;
+ u8 chaddr[DHCP_CHADDR_MAX], sname[64], file[128];
+ u32 cookie;
+ unsigned char options[308];
+};
+
+static struct iovec iov;
+
+static int expand_buf(struct iovec *iov, size_t size)
+{
+ void *new;
+
+ if (size <= iov->iov_len)
+ return 1;
+
+ if (!(new = malloc(size)))
+ {
+ errno = ENOMEM;
+ return 0;
+ }
+
+ if (iov->iov_base)
+ {
+ memcpy(new, iov->iov_base, iov->iov_len);
+ free(iov->iov_base);
+ }
+
+ iov->iov_base = new;
+ iov->iov_len = size;
+
+ return 1;
+}
+
+static ssize_t netlink_recv(int fd)
+{
+ struct msghdr msg;
+ ssize_t rc;
+
+ msg.msg_control = NULL;
+ msg.msg_controllen = 0;
+ msg.msg_name = NULL;
+ msg.msg_namelen = 0;
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+
+ while (1)
+ {
+ msg.msg_flags = 0;
+ while ((rc = recvmsg(fd, &msg, MSG_PEEK)) == -1 && errno == EINTR);
+
+ /* 2.2.x doesn't suport MSG_PEEK at all, returning EOPNOTSUPP, so we just grab a
+ big buffer and pray in that case. */
+ if (rc == -1 && errno == EOPNOTSUPP)
+ {
+ if (!expand_buf(&iov, 2000))
+ return -1;
+ break;
+ }
+
+ if (rc == -1 || !(msg.msg_flags & MSG_TRUNC))
+ break;
+
+ if (!expand_buf(&iov, iov.iov_len + 100))
+ return -1;
+ }
+
+ /* finally, read it for real */
+ while ((rc = recvmsg(fd, &msg, 0)) == -1 && errno == EINTR);
+
+ return rc;
+}
+
+static int parse_hex(char *in, unsigned char *out, int maxlen, int *mac_type)
+{
+ int i = 0;
+ char *r;
+
+ if (mac_type)
+ *mac_type = 0;
+
+ while (maxlen == -1 || i < maxlen)
+ {
+ for (r = in; *r != 0 && *r != ':' && *r != '-'; r++);
+ if (*r == 0)
+ maxlen = i;
+
+ if (r != in )
+ {
+ if (*r == '-' && i == 0 && mac_type)
+ {
+ *r = 0;
+ *mac_type = strtol(in, NULL, 16);
+ mac_type = NULL;
+ }
+ else
+ {
+ *r = 0;
+ out[i] = strtol(in, NULL, 16);
+ i++;
+ }
+ }
+ in = r+1;
+ }
+ return i;
+}
+
+static int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask)
+{
+ return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr);
+}
+
+static struct in_addr find_interface(struct in_addr client, int fd, int index)
+{
+ struct sockaddr_nl addr;
+ struct nlmsghdr *h;
+ ssize_t len;
+
+ struct {
+ struct nlmsghdr nlh;
+ struct rtgenmsg g;
+ } req;
+
+ addr.nl_family = AF_NETLINK;
+ addr.nl_pad = 0;
+ addr.nl_groups = 0;
+ addr.nl_pid = 0; /* address to kernel */
+
+ req.nlh.nlmsg_len = sizeof(req);
+ req.nlh.nlmsg_type = RTM_GETADDR;
+ req.nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST | NLM_F_ACK;
+ req.nlh.nlmsg_pid = 0;
+ req.nlh.nlmsg_seq = 1;
+ req.g.rtgen_family = AF_INET;
+
+ if (sendto(fd, (void *)&req, sizeof(req), 0,
+ (struct sockaddr *)&addr, sizeof(addr)) == -1)
+ {
+ perror("sendto failed");
+ exit(1);
+ }
+
+ while (1)
+ {
+ if ((len = netlink_recv(fd)) == -1)
+ {
+ perror("netlink");
+ exit(1);
+ }
+
+ for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+ if (h->nlmsg_type == NLMSG_DONE)
+ exit(0);
+ else if (h->nlmsg_type == RTM_NEWADDR)
+ {
+ struct ifaddrmsg *ifa = NLMSG_DATA(h);
+ struct rtattr *rta;
+ unsigned int len1 = h->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa));
+
+ if (ifa->ifa_index == index && ifa->ifa_family == AF_INET)
+ {
+ struct in_addr netmask, addr;
+
+ netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen));
+ addr.s_addr = 0;
+
+ for (rta = IFA_RTA(ifa); RTA_OK(rta, len1); rta = RTA_NEXT(rta, len1))
+ if (rta->rta_type == IFA_LOCAL)
+ addr = *((struct in_addr *)(rta+1));
+
+ if (addr.s_addr && is_same_net(addr, client, netmask))
+ return addr;
+ }
+ }
+ }
+
+ exit(0);
+}
+
+int main(int argc, char **argv)
+{
+ struct in_addr server, lease;
+ int mac_type;
+ struct dhcp_packet packet;
+ unsigned char *p = packet.options;
+ struct sockaddr_in dest;
+ struct ifreq ifr;
+ int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ int nl = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+ struct iovec iov;
+
+ iov.iov_len = 200;
+ iov.iov_base = malloc(iov.iov_len);
+
+ if (argc < 4 || argc > 5)
+ {
+ fprintf(stderr, "usage: dhcp_release <interface> <addr> <mac> [<client_id>]\n");
+ exit(1);
+ }
+
+ if (fd == -1 || nl == -1)
+ {
+ perror("cannot create socket");
+ exit(1);
+ }
+
+ /* This voodoo fakes up a packet coming from the correct interface, which really matters for
+ a DHCP server */
+ strcpy(ifr.ifr_name, argv[1]);
+ if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1)
+ {
+ perror("cannot setup interface");
+ exit(1);
+ }
+
+
+ lease.s_addr = inet_addr(argv[2]);
+ server = find_interface(lease, nl, if_nametoindex(argv[1]));
+
+ memset(&packet, 0, sizeof(packet));
+
+ packet.hlen = parse_hex(argv[3], packet.chaddr, DHCP_CHADDR_MAX, &mac_type);
+ if (mac_type == 0)
+ packet.htype = ARPHRD_ETHER;
+ else
+ packet.htype = mac_type;
+
+ packet.op = BOOTREQUEST;
+ packet.ciaddr = lease;
+ packet.cookie = htonl(DHCP_COOKIE);
+
+ *(p++) = OPTION_MESSAGE_TYPE;
+ *(p++) = 1;
+ *(p++) = DHCPRELEASE;
+
+ *(p++) = OPTION_SERVER_IDENTIFIER;
+ *(p++) = sizeof(server);
+ memcpy(p, &server, sizeof(server));
+ p += sizeof(server);
+
+ if (argc == 5 && strcmp(argv[4], "*") != 0)
+ {
+ unsigned int clid_len = parse_hex(argv[4], p+2, 255, NULL);
+ *(p++) = OPTION_CLIENT_ID;
+ *(p++) = clid_len;
+ p += clid_len;
+ }
+
+ *(p++) = OPTION_END;
+
+ dest.sin_family = AF_INET;
+ dest.sin_port = ntohs(DHCP_SERVER_PORT);
+ dest.sin_addr = server;
+
+ if (sendto(fd, &packet, sizeof(packet), 0,
+ (struct sockaddr *)&dest, sizeof(dest)) == -1)
+ {
+ perror("sendto failed");
+ exit(1);
+ }
+
+ return 0;
+}
diff --git a/contrib/wrt/lease_update.sh b/contrib/wrt/lease_update.sh
new file mode 100755
index 0000000..46509b3
--- /dev/null
+++ b/contrib/wrt/lease_update.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# Copyright (c) 2006 Simon Kelley
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 dated June, 1991.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+
+# if $1 is add del or old, this is a dnsmasq-called lease-change
+# script, update the nvram database. if $1 is init, emit a
+# dnsmasq-format lease file to stdout representing the current state of the
+# database, this is called by dnsmasq at startup.
+
+NVRAM=/usr/sbin/nvram
+PREFIX=dnsmasq_lease_
+
+# Arguments.
+# $1 is action (add, del, old)
+# $2 is MAC
+# $3 is address
+# $4 is hostname (optional, may be unset)
+
+# env.
+# DNSMASQ_LEASE_LENGTH or DNSMASQ_LEASE_EXPIRES (which depends on HAVE_BROKEN_RTC)
+# DNSMASQ_CLIENT_ID (optional, may be unset)
+
+# File.
+# length|expires MAC addr hostname|* CLID|*
+
+# Primary key is address.
+
+if [ ${1} = init ] ; then
+ ${NVRAM} show | sed -n -e "/^${PREFIX}.*/ s/^.*=//p"
+else
+ if [ ${1} = del ] ; then
+ ${NVRAM} unset ${PREFIX}${3}
+ fi
+
+ if [ ${1} = old ] || [ ${1} = add ] ; then
+ ${NVRAM} set ${PREFIX}${3}="${DNSMASQ_LEASE_LENGTH:-}${DNSMASQ_LEASE_EXPIRES:-} ${2} ${3} ${4:-*} ${DNSMASQ_CLIENT_ID:-*}"
+ fi
+ ${NVRAM} commit
+fi
+
+
+
+
+
diff --git a/dbus/DBus-interface b/dbus/DBus-interface
new file mode 100755
index 0000000..8d578ca
--- /dev/null
+++ b/dbus/DBus-interface
@@ -0,0 +1,131 @@
+DBus support must be enabled at compile-time and run-time. Ensure
+that src/config.h contains the line
+
+#define HAVE_DBUS.
+
+and that /etc/dnsmasq.conf contains the line
+
+enable-dbus
+
+Because dnsmasq can operate stand-alone from the DBus, and may need to provide
+service before the dbus daemon is available, it will continue to run
+if the DBus connection is not available at startup. The DBus will be polled
+every 250ms until a connection is established. Start of polling and final
+connection establishment are both logged. When dnsmasq establishes a
+connection to the dbus, it sends the signal "Up". Anything controlling
+the server settings in dnsmasq should re-invoke the SetServers method
+(q.v.) when it sees this signal. This allows dnsmasq to be restarted
+and avoids startup races with the provider of nameserver information.
+
+
+Dnsmasq provides one service on the DBus: uk.org.thekelleys.dnsmasq
+and a single object: /uk/org/thekelleys/dnsmasq
+
+1. METHODS
+----------
+
+Methods are of the form
+
+uk.org.thekelleys.<method>
+
+Available methods are:
+
+GetVersion
+----------
+Returns a string containing the version of dnsmasq running.
+
+ClearCache
+----------
+Returns nothing. Clears the domain name cache and re-reads
+/etc/hosts. The same as sending dnsmasq a HUP signal.
+
+SetServers
+----------
+Returns nothing. Takes a set of arguments representing the new
+upstream DNS servers to be used by dnsmasq. IPv4 addresses are
+represented as a UINT32 (in network byte order) and IPv6 addresses
+are represented as sixteen BYTEs (since there is no UINT128 type).
+Each server address may be followed by one or more STRINGS, which are
+the domains for which the preceding server should be used.
+
+Examples.
+
+UINT32: <address1>
+UNIT32: <address2>
+
+is equivalent to
+
+--server=<address1> --server=<address2>
+
+
+UINT32 <address1>
+UINT32 <address2>
+STRING "somedomain.com"
+
+is equivalent to
+
+--server=<address1> --server=/somedomain.com/<address2>
+
+UINT32 <address1>
+UINT32 <address2>
+STRING "somedomain.com"
+UINT32 <address3>
+STRING "anotherdomain.com"
+STRING "thirddomain.com"
+
+is equivalent to
+
+--server=<address1>
+--server=/somedomain.com/<address2>
+--server=/anotherdomain.com/thirddomain.com/<address3>
+
+Am IPv4 address of 0.0.0.0 is interpreted as "no address, local only",
+so
+
+UINT32: <0.0.0.0>
+STRING "local.domain"
+
+is equivalent to
+
+--local=/local.domain/
+
+
+Each call to SetServers completely replaces the set of servers
+specified by via the DBus, but it leaves any servers specified via the
+command line or /etc/dnsmasq.conf or /etc/resolv.conf alone.
+
+2. SIGNALS
+----------
+
+If dnsmasq's DHCP server is active, it will send signals over DBUS whenever
+the DHCP lease database changes. Think of these signals as transactions on
+a database with the IP address acting as the primary key.
+
+Signals are of the form:
+
+uk.org.thekelleys.<signal>
+
+and their parameters are:
+
+STRING "192.168.1.115"
+STRING "01:23:45:67:89:ab"
+STRING "hostname.or.fqdn"
+
+
+Available signals are:
+
+DhcpLeaseAdded
+---------------
+
+This signal is emitted when a DHCP lease for a given IP address is created.
+
+DhcpLeaseDeleted
+----------------
+
+This signal is emitted when a DHCP lease for a given IP address is deleted.
+
+DhcpLeaseUpdated
+----------------
+
+This signal is emitted when a DHCP lease for a given IP address is updated.
+
diff --git a/dbus/dnsmasq.conf b/dbus/dnsmasq.conf
new file mode 100755
index 0000000..82b1c76
--- /dev/null
+++ b/dbus/dnsmasq.conf
@@ -0,0 +1,14 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="root">
+ <allow own="uk.org.thekelleys.dnsmasq"/>
+ <allow send_destination="uk.org.thekelleys.dnsmasq"/>
+ </policy>
+ <policy context="default">
+ <deny own="uk.org.thekelleys.dnsmasq"/>
+ <deny send_destination="uk.org.thekelleys.dnsmasq"/>
+ </policy>
+</busconfig>
+
diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
new file mode 100755
index 0000000..ac9ef7a
--- /dev/null
+++ b/dnsmasq.conf.example
@@ -0,0 +1,540 @@
+# Configuration file for dnsmasq.
+#
+# Format is one option per line, legal options are the same
+# as the long options legal on the command line. See
+# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
+
+# The following two options make you a better netizen, since they
+# tell dnsmasq to filter out queries which the public DNS cannot
+# answer, and which load the servers (especially the root servers)
+# uneccessarily. If you have a dial-on-demand link they also stop
+# these requests from bringing up the link uneccessarily.
+
+# Never forward plain names (without a dot or domain part)
+#domain-needed
+# Never forward addresses in the non-routed address spaces.
+#bogus-priv
+
+
+# Uncomment this to filter useless windows-originated DNS requests
+# which can trigger dial-on-demand links needlessly.
+# Note that (amongst other things) this blocks all SRV requests,
+# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
+# This option only affects forwarding, SRV records originating for
+# dnsmasq (via srv-host= lines) are not suppressed by it.
+#filterwin2k
+
+# Change this line if you want dns to get its upstream servers from
+# somewhere other that /etc/resolv.conf
+#resolv-file=
+
+# By default, dnsmasq will send queries to any of the upstream
+# servers it knows about and tries to favour servers to are known
+# to be up. Uncommenting this forces dnsmasq to try each query
+# with each server strictly in the order they appear in
+# /etc/resolv.conf
+#strict-order
+
+# If you don't want dnsmasq to read /etc/resolv.conf or any other
+# file, getting its servers from this file instead (see below), then
+# uncomment this.
+#no-resolv
+
+# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
+# files for changes and re-read them then uncomment this.
+#no-poll
+
+# Add other name servers here, with domain specs if they are for
+# non-public domains.
+#server=/localnet/192.168.0.1
+
+# Example of routing PTR queries to nameservers: this will send all
+# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
+#server=/3.168.192.in-addr.arpa/10.1.2.3
+
+# Add local-only domains here, queries in these domains are answered
+# from /etc/hosts or DHCP only.
+#local=/localnet/
+
+# Add domains which you want to force to an IP address here.
+# The example below send any host in doubleclick.net to a local
+# webserver.
+#address=/doubleclick.net/127.0.0.1
+
+# --address (and --server) work with IPv6 addresses too.
+#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
+
+# You can control how dnsmasq talks to a server: this forces
+# queries to 10.1.2.3 to be routed via eth1
+# --server=10.1.2.3@eth1
+
+# and this sets the source (ie local) address used to talk to
+# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
+# IP on the machine, obviously).
+# --server=10.1.2.3@192.168.1.1#55
+
+# If you want dnsmasq to change uid and gid to something other
+# than the default, edit the following lines.
+#user=
+#group=
+
+# If you want dnsmasq to listen for DHCP and DNS requests only on
+# specified interfaces (and the loopback) give the name of the
+# interface (eg eth0) here.
+# Repeat the line for more than one interface.
+#interface=
+# Or you can specify which interface _not_ to listen on
+#except-interface=
+# Or which to listen on by address (remember to include 127.0.0.1 if
+# you use this.)
+#listen-address=
+# If you want dnsmasq to provide only DNS service on an interface,
+# configure it as shown above, and then use the following line to
+# disable DHCP on it.
+#no-dhcp-interface=
+
+# On systems which support it, dnsmasq binds the wildcard address,
+# even when it is listening on only some interfaces. It then discards
+# requests that it shouldn't reply to. This has the advantage of
+# working even when interfaces come and go and change address. If you
+# want dnsmasq to really bind only the interfaces it is listening on,
+# uncomment this option. About the only time you may need this is when
+# running another nameserver on the same machine.
+#bind-interfaces
+
+# If you don't want dnsmasq to read /etc/hosts, uncomment the
+# following line.
+#no-hosts
+# or if you want it to read another file, as well as /etc/hosts, use
+# this.
+#addn-hosts=/etc/banner_add_hosts
+
+# Set this (and domain: see below) if you want to have a domain
+# automatically added to simple names in a hosts-file.
+#expand-hosts
+
+# Set the domain for dnsmasq. this is optional, but if it is set, it
+# does the following things.
+# 1) Allows DHCP hosts to have fully qualified domain names, as long
+# as the domain part matches this setting.
+# 2) Sets the "domain" DHCP option thereby potentially setting the
+# domain of all systems configured by DHCP
+# 3) Provides the domain part for "expand-hosts"
+#domain=thekelleys.org.uk
+
+# Set a different domain for a particular subnet
+#domain=wireless.thekelleys.org.uk,192.168.2.0/24
+
+# Same idea, but range rather then subnet
+#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
+
+# Uncomment this to enable the integrated DHCP server, you need
+# to supply the range of addresses available for lease and optionally
+# a lease time. If you have more than one network, you will need to
+# repeat this for each network on which you want to supply DHCP
+# service.
+#dhcp-range=192.168.0.50,192.168.0.150,12h
+
+# This is an example of a DHCP range where the netmask is given. This
+# is needed for networks we reach the dnsmasq DHCP server via a relay
+# agent. If you don't know what a DHCP relay agent is, you probably
+# don't need to worry about this.
+#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
+
+# This is an example of a DHCP range with a network-id, so that
+# some DHCP options may be set only for this network.
+#dhcp-range=red,192.168.0.50,192.168.0.150
+
+# Supply parameters for specified hosts using DHCP. There are lots
+# of valid alternatives, so we will give examples of each. Note that
+# IP addresses DO NOT have to be in the range given above, they just
+# need to be on the same network. The order of the parameters in these
+# do not matter, it's permissble to give name,adddress and MAC in any order
+
+# Always allocate the host with ethernet address 11:22:33:44:55:66
+# The IP address 192.168.0.60
+#dhcp-host=11:22:33:44:55:66,192.168.0.60
+
+# Always set the name of the host with hardware address
+# 11:22:33:44:55:66 to be "fred"
+#dhcp-host=11:22:33:44:55:66,fred
+
+# Always give the host with ethernet address 11:22:33:44:55:66
+# the name fred and IP address 192.168.0.60 and lease time 45 minutes
+#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
+
+# Give a host with ethernet address 11:22:33:44:55:66 or
+# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
+# that these two ethernet interfaces will never be in use at the same
+# time, and give the IP address to the second, even if it is already
+# in use by the first. Useful for laptops with wired and wireless
+# addresses.
+#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
+
+# Give the machine which says its name is "bert" IP address
+# 192.168.0.70 and an infinite lease
+#dhcp-host=bert,192.168.0.70,infinite
+
+# Always give the host with client identifier 01:02:02:04
+# the IP address 192.168.0.60
+#dhcp-host=id:01:02:02:04,192.168.0.60
+
+# Always give the host with client identifier "marjorie"
+# the IP address 192.168.0.60
+#dhcp-host=id:marjorie,192.168.0.60
+
+# Enable the address given for "judge" in /etc/hosts
+# to be given to a machine presenting the name "judge" when
+# it asks for a DHCP lease.
+#dhcp-host=judge
+
+# Never offer DHCP service to a machine whose ethernet
+# address is 11:22:33:44:55:66
+#dhcp-host=11:22:33:44:55:66,ignore
+
+# Ignore any client-id presented by the machine with ethernet
+# address 11:22:33:44:55:66. This is useful to prevent a machine
+# being treated differently when running under different OS's or
+# between PXE boot and OS boot.
+#dhcp-host=11:22:33:44:55:66,id:*
+
+# Send extra options which are tagged as "red" to
+# the machine with ethernet address 11:22:33:44:55:66
+#dhcp-host=11:22:33:44:55:66,net:red
+
+# Send extra options which are tagged as "red" to
+# any machine with ethernet address starting 11:22:33:
+#dhcp-host=11:22:33:*:*:*,net:red
+
+# Ignore any clients which are specified in dhcp-host lines
+# or /etc/ethers. Equivalent to ISC "deny unkown-clients".
+# This relies on the special "known" tag which is set when
+# a host is matched.
+#dhcp-ignore=#known
+
+# Send extra options which are tagged as "red" to any machine whose
+# DHCP vendorclass string includes the substring "Linux"
+#dhcp-vendorclass=red,Linux
+
+# Send extra options which are tagged as "red" to any machine one
+# of whose DHCP userclass strings includes the substring "accounts"
+#dhcp-userclass=red,accounts
+
+# Send extra options which are tagged as "red" to any machine whose
+# MAC address matches the pattern.
+#dhcp-mac=red,00:60:8C:*:*:*
+
+# If this line is uncommented, dnsmasq will read /etc/ethers and act
+# on the ethernet-address/IP pairs found there just as if they had
+# been given as --dhcp-host options. Useful if you keep
+# MAC-address/host mappings there for other purposes.
+#read-ethers
+
+# Send options to hosts which ask for a DHCP lease.
+# See RFC 2132 for details of available options.
+# Common options can be given to dnsmasq by name:
+# run "dnsmasq --help dhcp" to get a list.
+# Note that all the common settings, such as netmask and
+# broadcast address, DNS server and default route, are given
+# sane defaults by dnsmasq. You very likely will not need
+# any dhcp-options. If you use Windows clients and Samba, there
+# are some options which are recommended, they are detailed at the
+# end of this section.
+
+# Override the default route supplied by dnsmasq, which assumes the
+# router is the same machine as the one running dnsmasq.
+#dhcp-option=3,1.2.3.4
+
+# Do the same thing, but using the option name
+#dhcp-option=option:router,1.2.3.4
+
+# Override the default route supplied by dnsmasq and send no default
+# route at all. Note that this only works for the options sent by
+# default (1, 3, 6, 12, 28) the same line will send a zero-length option
+# for all other option numbers.
+#dhcp-option=3
+
+# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
+#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
+
+# Set the NTP time server address to be the same machine as
+# is running dnsmasq
+#dhcp-option=42,0.0.0.0
+
+# Set the NIS domain name to "welly"
+#dhcp-option=40,welly
+
+# Set the default time-to-live to 50
+#dhcp-option=23,50
+
+# Set the "all subnets are local" flag
+#dhcp-option=27,1
+
+# Send the etherboot magic flag and then etherboot options (a string).
+#dhcp-option=128,e4:45:74:68:00:00
+#dhcp-option=129,NIC=eepro100
+
+# Specify an option which will only be sent to the "red" network
+# (see dhcp-range for the declaration of the "red" network)
+# Note that the net: part must precede the option: part.
+#dhcp-option = net:red, option:ntp-server, 192.168.1.1
+
+# The following DHCP options set up dnsmasq in the same way as is specified
+# for the ISC dhcpcd in
+# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
+# adapted for a typical dnsmasq installation where the host running
+# dnsmasq is also the host running samba.
+# you may want to uncomment some or all of them if you use
+# Windows clients and Samba.
+#dhcp-option=19,0 # option ip-forwarding off
+#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
+#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
+#dhcp-option=46,8 # netbios node type
+
+# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
+# probably doesn't support this......
+#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
+
+# Send RFC-3442 classless static routes (note the netmask encoding)
+#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
+
+# Send vendor-class specific options encapsulated in DHCP option 43.
+# The meaning of the options is defined by the vendor-class so
+# options are sent only when the client supplied vendor class
+# matches the class given here. (A substring match is OK, so "MSFT"
+# matches "MSFT" and "MSFT 5.0"). This example sets the
+# mtftp address to 0.0.0.0 for PXEClients.
+#dhcp-option=vendor:PXEClient,1,0.0.0.0
+
+# Send microsoft-specific option to tell windows to release the DHCP lease
+# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
+# value as a four-byte integer - that's what microsoft wants. See
+# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
+#dhcp-option=vendor:MSFT,2,1i
+
+# Send the Encapsulated-vendor-class ID needed by some configurations of
+# Etherboot to allow is to recognise the DHCP server.
+#dhcp-option=vendor:Etherboot,60,"Etherboot"
+
+# Send options to PXELinux. Note that we need to send the options even
+# though they don't appear in the parameter request list, so we need
+# to use dhcp-option-force here.
+# See http://syslinux.zytor.com/pxe.php#special for details.
+# Magic number - needed before anything else is recognised
+#dhcp-option-force=208,f1:00:74:7e
+# Configuration file name
+#dhcp-option-force=209,configs/common
+# Path prefix
+#dhcp-option-force=210,/tftpboot/pxelinux/files/
+# Reboot time. (Note 'i' to send 32-bit value)
+#dhcp-option-force=211,30i
+
+# Set the boot filename for netboot/PXE. You will only need
+# this is you want to boot machines over the network and you will need
+# a TFTP server; either dnsmasq's built in TFTP server or an
+# external one. (See below for how to enable the TFTP server.)
+#dhcp-boot=pxelinux.0
+
+# Boot for Etherboot gPXE. The idea is to send two different
+# filenames, the first loads gPXE, and the second tells gPXE what to
+# load. The dhcp-match sets the gpxe tag for requests from gPXE.
+#dhcp-match=gpxe,175 # gPXE sends a 175 option.
+#dhcp-boot=net:#gpxe,undionly.kpxe
+#dhcp-boot=mybootimage
+
+# Encapsulated options for Etherboot gPXE. All the options are
+# encapsulated within option 175
+#dhcp-option=encap:175, 1, 5b # priority code
+#dhcp-option=encap:175, 176, 1b # no-proxydhcp
+#dhcp-option=encap:175, 177, string # bus-id
+#dhcp-option=encap:175, 189, 1b # BIOS drive code
+#dhcp-option=encap:175, 190, user # iSCSI username
+#dhcp-option=encap:175, 191, pass # iSCSI password
+
+# Test for the architecture of a netboot client. PXE clients are
+# supposed to send their architecture as option 93. (See RFC 4578)
+#dhcp-match=peecees, option:client-arch, 0 #x86-32
+#dhcp-match=itanics, option:client-arch, 2 #IA64
+#dhcp-match=hammers, option:client-arch, 6 #x86-64
+#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
+
+# Do real PXE, rather than just booting a single file, this is an
+# alternative to dhcp-boot.
+#pxe-prompt="What system shall I netboot?"
+# or with timeout before first available action is taken:
+#pxe-prompt="Press F8 for menu.", 60
+
+# Available boot services. for PXE.
+#pxe-service=x86PC, "Boot from local disk", 0
+
+# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
+#pxe-service=x86PC, "Install Linux", pxelinux
+
+# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
+# Beware this fails on old PXE ROMS.
+#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
+
+# Use bootserver on network, found my multicast or broadcast.
+#pxe-service=x86PC, "Install windows from RIS server", 1
+
+# Use bootserver at a known IP address.
+#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
+
+# If you have multicast-FTP available,
+# information for that can be passed in a similar way using options 1
+# to 5. See page 19 of
+# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
+
+
+# Enable dnsmasq's built-in TFTP server
+#enable-tftp
+
+# Set the root directory for files availble via FTP.
+#tftp-root=/var/ftpd
+
+# Make the TFTP server more secure: with this set, only files owned by
+# the user dnsmasq is running as will be send over the net.
+#tftp-secure
+
+# This option stops dnsmasq from negotiating a larger blocksize for TFTP
+# transfers. It will slow things down, but may rescue some broken TFTP
+# clients.
+#tftp-no-blocksize
+
+# Set the boot file name only when the "red" tag is set.
+#dhcp-boot=net:red,pxelinux.red-net
+
+# An example of dhcp-boot with an external TFTP server: the name and IP
+# address of the server are given after the filename.
+# Can fail with old PXE ROMS. Overridden by --pxe-service.
+#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
+
+# Set the limit on DHCP leases, the default is 150
+#dhcp-lease-max=150
+
+# The DHCP server needs somewhere on disk to keep its lease database.
+# This defaults to a sane location, but if you want to change it, use
+# the line below.
+#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
+
+# Set the DHCP server to authoritative mode. In this mode it will barge in
+# and take over the lease for any client which broadcasts on the network,
+# whether it has a record of the lease or not. This avoids long timeouts
+# when a machine wakes up on a new network. DO NOT enable this if there's
+# the slighest chance that you might end up accidentally configuring a DHCP
+# server for your campus/company accidentally. The ISC server uses
+# the same option, and this URL provides more information:
+# http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
+#dhcp-authoritative
+
+# Run an executable when a DHCP lease is created or destroyed.
+# The arguments sent to the script are "add" or "del",
+# then the MAC address, the IP address and finally the hostname
+# if there is one.
+#dhcp-script=/bin/echo
+
+# Set the cachesize here.
+#cache-size=150
+
+# If you want to disable negative caching, uncomment this.
+#no-negcache
+
+# Normally responses which come form /etc/hosts and the DHCP lease
+# file have Time-To-Live set as zero, which conventionally means
+# do not cache further. If you are happy to trade lower load on the
+# server for potentially stale date, you can set a time-to-live (in
+# seconds) here.
+#local-ttl=
+
+# If you want dnsmasq to detect attempts by Verisign to send queries
+# to unregistered .com and .net hosts to its sitefinder service and
+# have dnsmasq instead return the correct NXDOMAIN response, uncomment
+# this line. You can add similar lines to do the same for other
+# registries which have implemented wildcard A records.
+#bogus-nxdomain=64.94.110.11
+
+# If you want to fix up DNS results from upstream servers, use the
+# alias option. This only works for IPv4.
+# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
+#alias=1.2.3.4,5.6.7.8
+# and this maps 1.2.3.x to 5.6.7.x
+#alias=1.2.3.0,5.6.7.0,255.255.255.0
+# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
+#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
+
+# Change these lines if you want dnsmasq to serve MX records.
+
+# Return an MX record named "maildomain.com" with target
+# servermachine.com and preference 50
+#mx-host=maildomain.com,servermachine.com,50
+
+# Set the default target for MX records created using the localmx option.
+#mx-target=servermachine.com
+
+# Return an MX record pointing to the mx-target for all local
+# machines.
+#localmx
+
+# Return an MX record pointing to itself for all local machines.
+#selfmx
+
+# Change the following lines if you want dnsmasq to serve SRV
+# records. These are useful if you want to serve ldap requests for
+# Active Directory and other windows-originated DNS requests.
+# See RFC 2782.
+# You may add multiple srv-host lines.
+# The fields are <name>,<target>,<port>,<priority>,<weight>
+# If the domain part if missing from the name (so that is just has the
+# service and protocol sections) then the domain given by the domain=
+# config option is used. (Note that expand-hosts does not need to be
+# set for this to work.)
+
+# A SRV record sending LDAP for the example.com domain to
+# ldapserver.example.com port 289
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
+
+# A SRV record sending LDAP for the example.com domain to
+# ldapserver.example.com port 289 (using domain=)
+#domain=example.com
+#srv-host=_ldap._tcp,ldapserver.example.com,389
+
+# Two SRV records for LDAP, each with different priorities
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
+
+# A SRV record indicating that there is no LDAP server for the domain
+# example.com
+#srv-host=_ldap._tcp.example.com
+
+# The following line shows how to make dnsmasq serve an arbitrary PTR
+# record. This is useful for DNS-SD. (Note that the
+# domain-name expansion done for SRV records _does_not
+# occur for PTR records.)
+#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
+
+# Change the following lines to enable dnsmasq to serve TXT records.
+# These are used for things like SPF and zeroconf. (Note that the
+# domain-name expansion done for SRV records _does_not
+# occur for TXT records.)
+
+#Example SPF.
+#txt-record=example.com,"v=spf1 a -all"
+
+#Example zeroconf
+#txt-record=_http._tcp.example.com,name=value,paper=A4
+
+# Provide an alias for a "local" DNS name. Note that this _only_ works
+# for targets which are names from DHCP or /etc/hosts. Give host
+# "bert" another name, bertrand
+#cname=bertand,bert
+
+# For debugging purposes, log each DNS query as it passes through
+# dnsmasq.
+#log-queries
+
+# Log lots of extra information about DHCP transactions.
+#log-dhcp
+
+# Include a another lot of configuration options.
+#conf-file=/etc/dnsmasq.more.conf
+#conf-dir=/etc/dnsmasq.d
diff --git a/doc.html b/doc.html
new file mode 100755
index 0000000..18a4b24
--- /dev/null
+++ b/doc.html
@@ -0,0 +1,113 @@
+<HTML>
+<HEAD>
+<TITLE> Dnsmasq - a DNS forwarder for NAT firewalls.</TITLE>
+</HEAD>
+<BODY BGCOLOR="WHITE">
+<H1 ALIGN=center>Dnsmasq</H1>
+Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP
+ server. It is designed to provide DNS and, optionally, DHCP, to a
+ small network. It can serve the names of local machines which are
+ not in the global DNS. The DHCP server integrates with the DNS
+ server and allows machines with DHCP-allocated addresses
+ to appear in the DNS with names configured either in each host or
+ in a central configuration file. Dnsmasq supports static and dynamic
+ DHCP leases and BOOTP/TFTP/PXE for network booting of diskless machines.
+<P>
+ Dnsmasq is targeted at home networks using NAT and
+connected to the internet via a modem, cable-modem or ADSL
+connection but would be a good choice for any smallish network (up to
+1000 clients is known to work) where low
+resource use and ease of configuration are important.
+<P>
+Supported platforms include Linux (with glibc and uclibc), *BSD,
+Solaris and Mac OS X.
+Dnsmasq is included in at least the following Linux distributions:
+Gentoo, Debian, Slackware, Suse, Fedora,
+Smoothwall, IP-Cop, floppyfw, Firebox, LEAF, Freesco, fli4l,
+CoyoteLinux, Endian Firewall and
+Clarkconnect. It is also available as FreeBSD, OpenBSD and NetBSD ports and is used in
+Linksys wireless routers (dd-wrt, openwrt and the stock firmware) and the m0n0wall project.
+<P>
+Dnsmasq provides the following features:
+<DIR>
+
+<LI>
+The DNS configuration of machines behind the firewall is simple and
+doesn't depend on the details of the ISP's dns servers
+<LI>
+Clients which try to do DNS lookups while a modem link to the
+internet is down will time out immediately.
+</LI>
+<LI>
+Dnsmasq will serve names from the /etc/hosts file on the firewall
+machine: If the names of local machines are there, then they can all
+be addressed without having to maintain /etc/hosts on each machine.
+</LI>
+<LI>
+The integrated DHCP server supports static and dynamic DHCP leases and
+multiple networks and IP ranges. It works across BOOTP relays and
+supports DHCP options including RFC3397 DNS search lists.
+Machines which are configured by DHCP have their names automatically
+included in the DNS and the names can specified by each machine or
+centrally by associating a name with a MAC address in the dnsmasq
+config file.
+</LI>
+<LI>
+Dnsmasq caches internet addresses (A records and AAAA records) and address-to-name
+mappings (PTR records), reducing the load on upstream servers and
+improving performance (especially on modem connections).
+</LI>
+<LI>
+Dnsmasq can be configured to automatically pick up the addresses of
+its upstream nameservers from ppp or dhcp configuration. It will
+automatically reload this information if it changes. This facility
+will be of particular interest to maintainers of Linux firewall
+distributions since it allows dns configuration to be made automatic.
+</LI>
+<LI>
+On IPv6-enabled boxes, dnsmasq can both talk to upstream servers via IPv6
+and offer DNS service via IPv6. On dual-stack (IPv4 and IPv6) boxes it talks
+both protocols and can even act as IPv6-to-IPv4 or IPv4-to-IPv6 forwarder.
+</LI>
+<LI>
+Dnsmasq can be configured to send queries for certain domains to
+upstream servers handling only those domains. This makes integration
+with private DNS systems easy.
+</LI>
+<LI>
+Dnsmasq supports MX and SRV records and can be configured to return MX records
+for any or all local machines.
+</LI>
+</DIR>
+
+<H2>Download.</H2>
+
+<A HREF="http://www.thekelleys.org.uk/dnsmasq/"> Download</A> dnsmasq here.
+The tarball includes this documentation, source, and manpage.
+There is also a <A HREF="CHANGELOG"> CHANGELOG</A> and a <A HREF="FAQ">FAQ</A>.
+Dnsmasq is part of the Debian distribution, it can be downloaded from
+<A HREF="http://ftp.debian.org/debian/pool/main/d/dnsmasq/"> here</A> or installed using <TT>apt</TT>.
+
+<H2>Links.</H2>
+Damien Raude-Morvan has an article in French at <A HREF="http://www.drazzib.com/docs-dnsmasq.html">http://www.drazzib.com/docs-dnsmasq.html</A>
+There is a good article about dnsmasq at <A
+HREF="http://www.enterprisenetworkingplanet.com/netos/article.php/3377351">http://www.enterprisenetworkingplanet.com/netos/article.php/3377351</A>
+and another at <A
+HREF="http://www.linux.com/articles/149040">http://www.linux.com/articles/149040</A>
+and Ilya Evseev has an article in Russian about dnsmasq to be found at
+<A HREF="http://ilya-evseev.narod.ru/articles/dnsmasq">
+http://ilya-evseev.narod.ru/articles/dnsmasq</A>. Ismael Ull has an
+article about dnsmasq in Spanish at <A HREF="http://www.mey-online.com.ar/blog/index.php/archives/guia-rapida-de-dnsmasq">http://www.mey-online.com.ar/blog/index.php/archives/guia-rapida-de-dnsmasq</A>
+<H2>License.</H2>
+Dnsmasq is distributed under the GPL. See the file COPYING in the distribution
+for details.
+
+<H2>Contact.</H2>
+There is a dnsmasq mailing list at <A
+HREF="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss">
+http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</A> which should be the
+first location for queries, bugreports, suggestions etc.
+Dnsmasq was written by Simon Kelley. You can contact me at <A
+HREF="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</A>.
+</BODY>
+
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
new file mode 100755
index 0000000..a5eac63
--- /dev/null
+++ b/man/dnsmasq.8
@@ -0,0 +1,1290 @@
+.TH DNSMASQ 8
+.SH NAME
+dnsmasq \- A lightweight DHCP and caching DNS server.
+.SH SYNOPSIS
+.B dnsmasq
+.I [OPTION]...
+.SH "DESCRIPTION"
+.BR dnsmasq
+is a lightweight DNS, TFTP and DHCP server. It is intended to provide
+coupled DNS and DHCP service to a LAN.
+.PP
+Dnsmasq accepts DNS queries and either answers them from a small, local,
+cache or forwards them to a real, recursive, DNS server. It loads the
+contents of /etc/hosts so that local hostnames
+which do not appear in the global DNS can be resolved and also answers
+DNS queries for DHCP configured hosts.
+.PP
+The dnsmasq DHCP server supports static address assignments and multiple
+networks. It automatically
+sends a sensible default set of DHCP options, and can be configured to
+send any desired set of DHCP options, including vendor-encapsulated
+options. It includes a secure, read-only,
+TFTP server to allow net/PXE boot of DHCP hosts and also supports BOOTP.
+.PP
+Dnsmasq
+supports IPv6 for DNS, but not DHCP.
+.SH OPTIONS
+Note that in general missing parameters are allowed and switch off
+functions, for instance "--pid-file" disables writing a PID file. On
+BSD, unless the GNU getopt library is linked, the long form of the
+options does not work on the command line; it is still recognised in
+the configuration file.
+.TP
+.B --test
+Read and syntax check configuration file(s). Exit with code 0 if all
+is OK, or a non-zero code otherwise. Do not start up dnsmasq.
+.TP
+.B \-h, --no-hosts
+Don't read the hostnames in /etc/hosts.
+.TP
+.B \-H, --addn-hosts=<file>
+Additional hosts file. Read the specified file as well as /etc/hosts. If -h is given, read
+only the specified file. This option may be repeated for more than one
+additional hosts file. If a directory is given, then read all the files contained in that directory.
+.TP
+.B \-E, --expand-hosts
+Add the domain to simple names (without a period) in /etc/hosts
+in the same way as for DHCP-derived names. Note that this does not
+apply to domain names in cnames, PTR records, TXT records etc.
+.TP
+.B \-T, --local-ttl=<time>
+When replying with information from /etc/hosts or the DHCP leases
+file dnsmasq by default sets the time-to-live field to zero, meaning
+that the requestor should not itself cache the information. This is
+the correct thing to do in almost all situations. This option allows a
+time-to-live (in seconds) to be given for these replies. This will
+reduce the load on the server at the expense of clients using stale
+data under some circumstances.
+.TP
+.B --neg-ttl=<time>
+Negative replies from upstream servers normally contain time-to-live
+information in SOA records which dnsmasq uses for caching. If the
+replies from upstream servers omit this information, dnsmasq does not
+cache the reply. This option gives a default value for time-to-live
+(in seconds) which dnsmasq uses to cache negative replies even in
+the absence of an SOA record.
+.TP
+.B \-k, --keep-in-foreground
+Do not go into the background at startup but otherwise run as
+normal. This is intended for use when dnsmasq is run under daemontools
+or launchd.
+.TP
+.B \-d, --no-daemon
+Debug mode: don't fork to the background, don't write a pid file,
+don't change user id, generate a complete cache dump on receipt on
+SIGUSR1, log to stderr as well as syslog, don't fork new processes
+to handle TCP queries.
+.TP
+.B \-q, --log-queries
+Log the results of DNS queries handled by dnsmasq. Enable a full cache dump on receipt of SIGUSR1.
+.TP
+.B \-8, --log-facility=<facility>
+Set the facility to which dnsmasq will send syslog entries, this
+defaults to DAEMON, and to LOCAL0 when debug mode is in operation. If
+the facility given contains at least one '/' character, it is taken to
+be a filename, and dnsmasq logs to the given file, instead of
+syslog. (Errors whilst reading configuration will still go to syslog,
+but all output from a successful startup, and all output whilst
+running, will go exclusively to the file.) When logging to a file,
+dnsmasq will close and reopen the file when it receives SIGUSR2. This
+allows the log file to be rotated without stopping dnsmasq.
+.TP
+.B --log-async[=<lines>]
+Enable asynchronous logging and optionally set the limit on the
+number of lines
+which will be queued by dnsmasq when writing to the syslog is slow.
+Dnsmasq can log asynchronously: this
+allows it to continue functioning without being blocked by syslog, and
+allows syslog to use dnsmasq for DNS queries without risking deadlock.
+If the queue of log-lines becomes full, dnsmasq will log the
+overflow, and the number of messages lost. The default queue length is
+5, a sane value would be 5-25, and a maximum limit of 100 is imposed.
+.TP
+.B \-x, --pid-file=<path>
+Specify an alternate path for dnsmasq to record its process-id in. Normally /var/run/dnsmasq.pid.
+.TP
+.B \-u, --user=<username>
+Specify the userid to which dnsmasq will change after startup. Dnsmasq must normally be started as root, but it will drop root
+privileges after startup by changing id to another user. Normally this user is "nobody" but that
+can be over-ridden with this switch.
+.TP
+.B \-g, --group=<groupname>
+Specify the group which dnsmasq will run
+as. The defaults to "dip", if available, to facilitate access to
+/etc/ppp/resolv.conf which is not normally world readable.
+.TP
+.B \-v, --version
+Print the version number.
+.TP
+.B \-p, --port=<port>
+Listen on <port> instead of the standard DNS port (53). Setting this
+to zero completely disables DNS function, leaving only DHCP and/or TFTP.
+.TP
+.B \-P, --edns-packet-max=<size>
+Specify the largest EDNS.0 UDP packet which is supported by the DNS
+forwarder. Defaults to 1280, which is the RFC2671-recommended maximum
+for ethernet.
+.TP
+.B \-Q, --query-port=<query_port>
+Send outbound DNS queries from, and listen for their replies on, the
+specific UDP port <query_port> instead of using random ports. NOTE
+that using this option will make dnsmasq less secure against DNS
+spoofing attacks but it may be faster and use less resources. Setting this option
+to zero makes dnsmasq use a single port allocated to it by the
+OS: this was the default behaviour in versions prior to 2.43.
+.TP
+.B --min-port=<port>
+Do not use ports less than that given as source for outbound DNS
+queries. Dnsmasq picks random ports as source for outbound queries:
+when this option is given, the ports used will always to larger
+than that specified. Useful for systems behind firewalls.
+.TP
+.B \-i, --interface=<interface name>
+Listen only on the specified interface(s). Dnsmasq automatically adds
+the loopback (local) interface to the list of interfaces to use when
+the
+.B \--interface
+option is used. If no
+.B \--interface
+or
+.B \--listen-address
+options are given dnsmasq listens on all available interfaces except any
+given in
+.B \--except-interface
+options. IP alias interfaces (eg "eth1:0") cannot be used with
+.B --interface
+or
+.B --except-interface
+options, use --listen-address instead.
+.TP
+.B \-I, --except-interface=<interface name>
+Do not listen on the specified interface. Note that the order of
+.B \--listen-address
+.B --interface
+and
+.B --except-interface
+options does not matter and that
+.B --except-interface
+options always override the others.
+.TP
+.B \-2, --no-dhcp-interface=<interface name>
+Do not provide DHCP or TFTP on the specified interface, but do provide DNS service.
+.TP
+.B \-a, --listen-address=<ipaddr>
+Listen on the given IP address(es). Both
+.B \--interface
+and
+.B \--listen-address
+options may be given, in which case the set of both interfaces and
+addresses is used. Note that if no
+.B \--interface
+option is given, but
+.B \--listen-address
+is, dnsmasq will not automatically listen on the loopback
+interface. To achieve this, its IP address, 127.0.0.1, must be
+explicitly given as a
+.B \--listen-address
+option.
+.TP
+.B \-z, --bind-interfaces
+On systems which support it, dnsmasq binds the wildcard address,
+even when it is listening on only some interfaces. It then discards
+requests that it shouldn't reply to. This has the advantage of
+working even when interfaces come and go and change address. This
+option forces dnsmasq to really bind only the interfaces it is
+listening on. About the only time when this is useful is when
+running another nameserver (or another instance of dnsmasq) on the
+same machine. Setting this option also enables multiple instances of
+dnsmasq which provide DHCP service to run in the same machine.
+.TP
+.B \-y, --localise-queries
+Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was
+received. If a name in /etc/hosts has more than one address associated with
+it, and at least one of those addresses is on the same subnet as the
+interface to which the query was sent, then return only the
+address(es) on that subnet. This allows for a server to have multiple
+addresses in /etc/hosts corresponding to each of its interfaces, and
+hosts will get the correct address based on which network they are
+attached to. Currently this facility is limited to IPv4.
+.TP
+.B \-b, --bogus-priv
+Bogus private reverse lookups. All reverse lookups for private IP ranges (ie 192.168.x.x, etc)
+which are not found in /etc/hosts or the DHCP leases file are answered
+with "no such domain" rather than being forwarded upstream.
+.TP
+.B \-V, --alias=[<old-ip>]|[<start-ip>-<end-ip>],<new-ip>[,<mask>]
+Modify IPv4 addresses returned from upstream nameservers; old-ip is
+replaced by new-ip. If the optional mask is given then any address
+which matches the masked old-ip will be re-written. So, for instance
+.B --alias=1.2.3.0,6.7.8.0,255.255.255.0
+will map 1.2.3.56 to 6.7.8.56 and 1.2.3.67 to 6.7.8.67. This is what
+Cisco PIX routers call "DNS doctoring". If the old IP is given as
+range, then only addresses in the range, rather than a whole subnet,
+are re-written. So
+.B --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
+maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
+.TP
+.B \-B, --bogus-nxdomain=<ipaddr>
+Transform replies which contain the IP address given into "No such
+domain" replies. This is intended to counteract a devious move made by
+Verisign in September 2003 when they started returning the address of
+an advertising web page in response to queries for unregistered names,
+instead of the correct NXDOMAIN response. This option tells dnsmasq to
+fake the correct response when it sees this behaviour. As at Sept 2003
+the IP address being returned by Verisign is 64.94.110.11
+.TP
+.B \-f, --filterwin2k
+Later versions of windows make periodic DNS requests which don't get sensible answers from
+the public DNS and can cause problems by triggering dial-on-demand links. This flag turns on an option
+to filter such requests. The requests blocked are for records of types SOA and SRV, and type ANY where the
+requested name has underscores, to catch LDAP requests.
+.TP
+.B \-r, --resolv-file=<file>
+Read the IP addresses of the upstream nameservers from <file>, instead of
+/etc/resolv.conf. For the format of this file see
+.BR resolv.conf (5)
+the only lines relevant to dnsmasq are nameserver ones. Dnsmasq can
+be told to poll more than one resolv.conf file, the first file name specified
+overrides the default, subsequent ones add to the list. This is only
+allowed when polling; the file with the currently latest modification
+time is the one used.
+.TP
+.B \-R, --no-resolv
+Don't read /etc/resolv.conf. Get upstream servers only from the command
+line or the dnsmasq configuration file.
+.TP
+.B \-1, --enable-dbus
+Allow dnsmasq configuration to be updated via DBus method calls. The
+configuration which can be changed is upstream DNS servers (and
+corresponding domains) and cache clear. Requires that dnsmasq has
+been built with DBus support.
+.TP
+.B \-o, --strict-order
+By default, dnsmasq will send queries to any of the upstream servers
+it knows about and tries to favour servers that are known to
+be up. Setting this flag forces dnsmasq to try each query with each
+server strictly in the order they appear in /etc/resolv.conf
+.TP
+.B --all-servers
+By default, when dnsmasq has more than one upstream server available,
+it will send queries to just one server. Setting this flag forces
+dnsmasq to send all queries to all available servers. The reply from
+the server which answers first will be returned to the original requestor.
+.TP
+.B --stop-dns-rebind
+Reject (and log) addresses from upstream nameservers which are in the
+private IP ranges. This blocks an attack where a browser behind a
+firewall is used to probe machines on the local network.
+.TP
+.B \-n, --no-poll
+Don't poll /etc/resolv.conf for changes.
+.TP
+.B --clear-on-reload
+Whenever /etc/resolv.conf is re-read, clear the DNS cache.
+This is useful when new nameservers may have different
+data than that held in cache.
+.TP
+.B \-D, --domain-needed
+Tells dnsmasq to never forward queries for plain names, without dots
+or domain parts, to upstream nameservers. If the name is not known
+from /etc/hosts or DHCP then a "not found" answer is returned.
+.TP
+.B \-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>][@<source-ip>|<interface>[#<port>]]
+Specify IP address of upstream servers directly. Setting this flag does
+not suppress reading of /etc/resolv.conf, use -R to do that. If one or
+more
+optional domains are given, that server is used only for those domains
+and they are queried only using the specified server. This is
+intended for private nameservers: if you have a nameserver on your
+network which deals with names of the form
+xxx.internal.thekelleys.org.uk at 192.168.1.1 then giving the flag
+.B -S /internal.thekelleys.org.uk/192.168.1.1
+will send all queries for
+internal machines to that nameserver, everything else will go to the
+servers in /etc/resolv.conf. An empty domain specification,
+.B //
+has the special meaning of "unqualified names only" ie names without any
+dots in them. A non-standard port may be specified as
+part of the IP
+address using a # character.
+More than one -S flag is allowed, with
+repeated domain or ipaddr parts as required.
+
+Also permitted is a -S
+flag which gives a domain but no IP address; this tells dnsmasq that
+a domain is local and it may answer queries from /etc/hosts or DHCP
+but should never forward queries on that domain to any upstream
+servers.
+.B local
+is a synonym for
+.B server
+to make configuration files clearer in this case.
+
+The optional string after the @ character tells
+dnsmasq how to set the source of the queries to this
+nameserver. It should be an ip-address, which should belong to the machine on which
+dnsmasq is running otherwise this server line will be logged and then
+ignored, or an interface name. If an interface name is given, then
+queries to the server will be forced via that interface; if an
+ip-address is given then the source address of the queries will be set
+to that address.
+The query-port flag is ignored for any servers which have a
+source address specified but the port may be specified directly as
+part of the source address. Forcing queries to an interface is not
+implemented on all platforms supported by dnsmasq.
+.TP
+.B \-A, --address=/<domain>/[domain/]<ipaddr>
+Specify an IP address to return for any host in the given domains.
+Queries in the domains are never forwarded and always replied to
+with the specified IP address which may be IPv4 or IPv6. To give
+both IPv4 and IPv6 addresses for a domain, use repeated -A flags.
+Note that /etc/hosts and DHCP leases override this for individual
+names. A common use of this is to redirect the entire doubleclick.net
+domain to some friendly local web server to avoid banner ads. The
+domain specification works in the same was as for --server, with the
+additional facility that /#/ matches any domain. Thus
+--address=/#/1.2.3.4 will always return 1.2.3.4 for any query not
+answered from /etc/hosts or DHCP and not sent to an upstream
+nameserver by a more specific --server directive.
+.TP
+.B \-m, --mx-host=<mx name>[[,<hostname>],<preference>]
+Return an MX record named <mx name> pointing to the given hostname (if
+given), or
+the host specified in the --mx-target switch
+or, if that switch is not given, the host on which dnsmasq
+is running. The default is useful for directing mail from systems on a LAN
+to a central server. The preference value is optional, and defaults to
+1 if not given. More than one MX record may be given for a host.
+.TP
+.B \-t, --mx-target=<hostname>
+Specify the default target for the MX record returned by dnsmasq. See
+--mx-host. If --mx-target is given, but not --mx-host, then dnsmasq
+returns a MX record containing the MX target for MX queries on the
+hostname of the machine on which dnsmasq is running.
+.TP
+.B \-e, --selfmx
+Return an MX record pointing to itself for each local
+machine. Local machines are those in /etc/hosts or with DHCP leases.
+.TP
+.B \-L, --localmx
+Return an MX record pointing to the host given by mx-target (or the
+machine on which dnsmasq is running) for each
+local machine. Local machines are those in /etc/hosts or with DHCP
+leases.
+.TP
+.B \-W, --srv-host=<_service>.<_prot>.[<domain>],[<target>[,<port>[,<priority>[,<weight>]]]]
+Return a SRV DNS record. See RFC2782 for details. If not supplied, the
+domain defaults to that given by
+.B --domain.
+The default for the target domain is empty, and the default for port
+is one and the defaults for
+weight and priority are zero. Be careful if transposing data from BIND
+zone files: the port, weight and priority numbers are in a different
+order. More than one SRV record for a given service/domain is allowed,
+all that match are returned.
+.TP
+.B \-Y, --txt-record=<name>[[,<text>],<text>]
+Return a TXT DNS record. The value of TXT record is a set of strings,
+so any number may be included, split by commas.
+.TP
+.B --ptr-record=<name>[,<target>]
+Return a PTR DNS record.
+.TP
+.B --naptr-record=<name>,<order>,<preference>,<flags>,<service>,<regexp>[,<replacement>]
+Return an NAPTR DNS record, as specified in RFC3403.
+.TP
+.B --cname=<cname>,<target>
+Return a CNAME record which indicates that <cname> is really
+<target>. There are significant limitations on the target; it must be a
+DNS name which is known to dnsmasq from /etc/hosts (or additional
+hosts files) or from DHCP. If the target does not satisfy this
+criteria, the whole cname is ignored. The cname must be unique, but it
+is permissable to have more than one cname pointing to the same target.
+.TP
+.B --interface-name=<name>,<interface>
+Return a DNS record associating the name with the primary address on
+the given interface. This flag specifies an A record for the given
+name in the same way as an /etc/hosts line, except that the address is
+not constant, but taken from the given interface. If the interface is
+down, not configured or non-existent, an empty record is returned. The
+matching PTR record is also created, mapping the interface address to
+the name. More than one name may be associated with an interface
+address by repeating the flag; in that case the first instance is used
+for the reverse address-to-name mapping.
+.TP
+.B \-c, --cache-size=<cachesize>
+Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching.
+.TP
+.B \-N, --no-negcache
+Disable negative caching. Negative caching allows dnsmasq to remember
+"no such domain" answers from upstream nameservers and answer
+identical queries without forwarding them again.
+.TP
+.B \-0, --dns-forward-max=<queries>
+Set the maximum number of concurrent DNS queries. The default value is
+150, which should be fine for most setups. The only known situation
+where this needs to be increased is when using web-server log file
+resolvers, which can generate large numbers of concurrent queries.
+.TP
+.B \-F, --dhcp-range=[[net:]network-id,]<start-addr>,<end-addr>[[,<netmask>],<broadcast>][,<lease time>]
+Enable the DHCP server. Addresses will be given out from the range
+<start-addr> to <end-addr> and from statically defined addresses given
+in
+.B dhcp-host
+options. If the lease time is given, then leases
+will be given for that length of time. The lease time is in seconds,
+or minutes (eg 45m) or hours (eg 1h) or "infinite". If not given,
+the default lease time is one hour. The
+minimum lease time is two minutes. This
+option may be repeated, with different addresses, to enable DHCP
+service to more than one network. For directly connected networks (ie,
+networks on which the machine running dnsmasq has an interface) the
+netmask is optional. It is, however, required for networks which
+receive DHCP service via a relay agent. The broadcast address is
+always optional. It is always
+allowed to have more than one dhcp-range in a single subnet. The optional
+network-id is a alphanumeric label which marks this network so that
+dhcp options may be specified on a per-network basis.
+When it is prefixed with 'net:' then its meaning changes from setting
+a tag to matching it. Only one tag may be set, but more than one tag may be matched.
+The end address may be replaced by the keyword
+.B static
+which tells dnsmasq to enable DHCP for the network specified, but not
+to dynamically allocate IP addresses: only hosts which have static
+addresses given via
+.B dhcp-host
+or from /etc/ethers will be served. The end address may be replaced by
+the keyword
+.B proxy
+in which case dnsmasq will provide proxy-DHCP on the specified
+subnet. (See
+.B pxe-prompt
+and
+.B pxe-service
+for details.)
+.TP
+.B \-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
+Specify per host parameters for the DHCP server. This allows a machine
+with a particular hardware address to be always allocated the same
+hostname, IP address and lease time. A hostname specified like this
+overrides any supplied by the DHCP client on the machine. It is also
+allowable to ommit the hardware address and include the hostname, in
+which case the IP address and lease times will apply to any machine
+claiming that name. For example
+.B --dhcp-host=00:20:e0:3b:13:af,wap,infinite
+tells dnsmasq to give
+the machine with hardware address 00:20:e0:3b:13:af the name wap, and
+an infinite DHCP lease.
+.B --dhcp-host=lap,192.168.0.199
+tells
+dnsmasq to always allocate the machine lap the IP address
+192.168.0.199. Addresses allocated like this are not constrained to be
+in the range given by the --dhcp-range option, but they must be on the
+network being served by the DHCP server. It is allowed to use client identifiers rather than
+hardware addresses to identify hosts by prefixing with 'id:'. Thus:
+.B --dhcp-host=id:01:02:03:04,.....
+refers to the host with client identifier 01:02:03:04. It is also
+allowed to specify the client ID as text, like this:
+.B --dhcp-host=id:clientidastext,.....
+
+The special option id:* means "ignore any client-id
+and use MAC addresses only." This is useful when a client presents a client-id sometimes
+but not others.
+
+If a name appears in /etc/hosts, the associated address can be
+allocated to a DHCP lease, but only if a
+.B --dhcp-host
+option specifying the name also exists. The special keyword "ignore"
+tells dnsmasq to never offer a DHCP lease to a machine. The machine
+can be specified by hardware address, client ID or hostname, for
+instance
+.B --dhcp-host=00:20:e0:3b:13:af,ignore
+This is
+useful when there is another DHCP server on the network which should
+be used by some machines.
+
+The net:<network-id> sets the network-id tag
+whenever this dhcp-host directive is in use. This can be used to
+selectively send DHCP options just for this host. When a host matches any
+dhcp-host directive (or one implied by /etc/ethers) then the special
+network-id tag "known" is set. This allows dnsmasq to be configured to
+ignore requests from unknown machines using
+.B --dhcp-ignore=#known
+Ethernet addresses (but not client-ids) may have
+wildcard bytes, so for example
+.B --dhcp-host=00:20:e0:3b:13:*,ignore
+will cause dnsmasq to ignore a range of hardware addresses. Note that
+the "*" will need to be escaped or quoted on a command line, but not
+in the configuration file.
+
+Hardware addresses normally match any
+network (ARP) type, but it is possible to restrict them to a single
+ARP type by preceding them with the ARP-type (in HEX) and "-". so
+.B --dhcp-host=06-00:20:e0:3b:13:af,1.2.3.4
+will only match a
+Token-Ring hardware address, since the ARP-address type for token ring
+is 6.
+
+As a special case, it is possible to include more than one
+hardware address. eg:
+.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2
+This allows an IP address to be associated with
+multiple hardware addresses, and gives dnsmasq permission to abandon a
+DHCP lease to one of the hardware addresses when another one asks for
+a lease. Beware that this is a dangerous thing to do, it will only
+work reliably if only one of the hardware addresses is active at any
+time and there is no way for dnsmasq to enforce this. It is, for instance,
+useful to allocate a stable IP address to a laptop which
+has both wired and wireless interfaces.
+.TP
+.B --dhcp-hostsfile=<file>
+Read DHCP host information from the specified file. The file contains
+information about one host per line. The format of a line is the same
+as text to the right of '=' in --dhcp-host. The advantage of storing DHCP host information
+in this file is that it can be changed without re-starting dnsmasq:
+the file will be re-read when dnsmasq receives SIGHUP.
+.TP
+.B --dhcp-optsfile=<file>
+Read DHCP option information from the specified file. The advantage of
+using this option is the same as for --dhcp-hostsfile: the
+dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. Note that
+it is possible to encode the information in a
+.B --dhcp-boot
+flag as DHCP options, using the options names bootfile-name,
+server-ip-address and tftp-server. This allows these to be included
+in a dhcp-optsfile.
+.TP
+.B \-Z, --read-ethers
+Read /etc/ethers for information about hosts for the DHCP server. The
+format of /etc/ethers is a hardware address, followed by either a
+hostname or dotted-quad IP address. When read by dnsmasq these lines
+have exactly the same effect as
+.B --dhcp-host
+options containing the same information. /etc/ethers is re-read when
+dnsmasq receives SIGHUP.
+.TP
+.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][encap:<opt>,][vendor:[<vendor-class>],][<opt>|option:<opt-name>],[<value>[,<value>]]
+Specify different or extra options to DHCP clients. By default,
+dnsmasq sends some standard options to DHCP clients, the netmask and
+broadcast address are set to the same as the host running dnsmasq, and
+the DNS server and default route are set to the address of the machine
+running dnsmasq. If the domain name option has been set, that is sent.
+This configuration allows these defaults to be overridden,
+or other options specified. The option, to be sent may be given as a
+decimal number or as "option:<option-name>" The option numbers are
+specified in RFC2132 and subsequent RFCs. The set of option-names
+known by dnsmasq can be discovered by running "dnsmasq --help dhcp".
+For example, to set the default route option to
+192.168.4.4, do
+.B --dhcp-option=3,192.168.4.4
+or
+.B --dhcp-option = option:router, 192.168.4.4
+and to set the time-server address to 192.168.0.4, do
+.B --dhcp-option = 42,192.168.0.4
+or
+.B --dhcp-option = option:ntp-server, 192.168.0.4
+The special address 0.0.0.0 is taken to mean "the address of the
+machine running dnsmasq". Data types allowed are comma separated
+dotted-quad IP addresses, a decimal number, colon-separated hex digits
+and a text string. If the optional network-ids are given then
+this option is only sent when all the network-ids are matched.
+
+Special processing is done on a text argument for option 119, to
+conform with RFC 3397. Text or dotted-quad IP addresses as arguments
+to option 120 are handled as per RFC 3361. Dotted-quad IP addresses
+which are followed by a slash and then a netmask size are encoded as
+described in RFC 3442.
+
+Be careful: no checking is done that the correct type of data for the
+option number is sent, it is quite possible to
+persuade dnsmasq to generate illegal DHCP packets with injudicious use
+of this flag. When the value is a decimal number, dnsmasq must determine how
+large the data item is. It does this by examining the option number and/or the
+value, but can be overridden by appending a single letter flag as follows:
+b = one byte, s = two bytes, i = four bytes. This is mainly useful with
+encapsulated vendor class options (see below) where dnsmasq cannot
+determine data size from the option number. Option data which
+consists solely of periods and digits will be interpreted by dnsmasq
+as an IP address, and inserted into an option as such. To force a
+literal string, use quotes. For instance when using option 66 to send
+a literal IP address as TFTP server name, it is necessary to do
+.B --dhcp-option=66,"1.2.3.4"
+
+Encapsulated Vendor-class options may also be specified using
+--dhcp-option: for instance
+.B --dhcp-option=vendor:PXEClient,1,0.0.0.0
+sends the encapsulated vendor
+class-specific option "mftp-address=0.0.0.0" to any client whose
+vendor-class matches "PXEClient". The vendor-class matching is
+substring based (see --dhcp-vendorclass for details). If a
+vendor-class option (number 60) is sent by dnsmasq, then that is used
+for selecting encapsulated options in preference to any sent by the
+client. It is
+possible to omit the vendorclass completely;
+.B --dhcp-option=vendor:,1,0.0.0.0
+in which case the encapsulated option is always sent.
+
+Options may be encapsulated within other options: for instance
+.B --dhcp-option=encap:175, 190, "iscsi-client0"
+will send option 175, within which is the option 190. If multiple
+options are given which are encapsulated with the same option number
+then they will be correctly combined into one encapsulated option.
+encap: and vendor: are may not both be set in the same dhcp-option.
+
+The address 0.0.0.0 is not treated specially in
+encapsulated options.
+.TP
+.B --dhcp-option-force=[<network-id>,[<network-id>,]][encap:<opt>,][vendor:[<vendor-class>],]<opt>,[<value>[,<value>]]
+This works in exactly the same way as
+.B --dhcp-option
+except that the option will always be sent, even if the client does
+not ask for it in the parameter request list. This is sometimes
+needed, for example when sending options to PXELinux.
+.TP
+.B --dhcp-no-override
+Disable re-use of the DHCP servername and filename fields as extra
+option space. If it can, dnsmasq moves the boot server and filename
+information (from dhcp-boot) out of their dedicated fields into
+DHCP options. This make extra space available in the DHCP packet for
+options but can, rarely, confuse old or broken clients. This flag
+forces "simple and safe" behaviour to avoid problems in such a case.
+.TP
+.B \-U, --dhcp-vendorclass=<network-id>,<vendor-class>
+Map from a vendor-class string to a network id tag. Most DHCP clients provide a
+"vendor class" which represents, in some sense, the type of host. This option
+maps vendor classes to tags, so that DHCP options may be selectively delivered
+to different classes of hosts. For example
+.B dhcp-vendorclass=printers,Hewlett-Packard JetDirect
+will allow options to be set only for HP printers like so:
+.B --dhcp-option=printers,3,192.168.4.4
+The vendor-class string is
+substring matched against the vendor-class supplied by the client, to
+allow fuzzy matching.
+.TP
+.B \-j, --dhcp-userclass=<network-id>,<user-class>
+Map from a user-class string to a network id tag (with substring
+matching, like vendor classes). Most DHCP clients provide a
+"user class" which is configurable. This option
+maps user classes to tags, so that DHCP options may be selectively delivered
+to different classes of hosts. It is possible, for instance to use
+this to set a different printer server for hosts in the class
+"accounts" than for hosts in the class "engineering".
+.TP
+.B \-4, --dhcp-mac=<network-id>,<MAC address>
+Map from a MAC address to a network-id tag. The MAC address may include
+wildcards. For example
+.B --dhcp-mac=3com,01:34:23:*:*:*
+will set the tag "3com" for any host whose MAC address matches the pattern.
+.TP
+.B --dhcp-circuitid=<network-id>,<circuit-id>, --dhcp-remoteid=<network-id>,<remote-id>
+Map from RFC3046 relay agent options to network-id tags. This data may
+be provided by DHCP relay agents. The circuit-id or remote-id is
+normally given as colon-separated hex, but is also allowed to be a
+simple string. If an exact match is achieved between the circuit or
+agent ID and one provided by a relay agent, the network-id tag is set.
+.TP
+.B --dhcp-subscrid=<network-id>,<subscriber-id>
+Map from RFC3993 subscriber-id relay agent options to network-id tags.
+.TP
+.B --dhcp-match=<network-id>,<option number>|option:<option name>[,<value>]
+Without a value, set the network-id tag if the client sends a DHCP
+option of the given number or name. When a value is given, set the tag only if
+the option is sent and matches the value. The value may be of the form
+"01:ff:*:02" in which case the value must match (apart from widcards)
+but the option sent may have unmatched data past the end of the
+value. The value may also be of the same form as in
+.B dhcp-option
+in which case the option sent is treated as an array, and one element
+must match, so
+
+--dhcp-match=efi-ia32,option:client-arch,6
+
+will set the tag "efi-ia32" if the the number 6 appears in the list of
+architectures sent by the client in option 93. (See RFC 4578 for
+details.) If the value is a string, substring matching is used.
+.TP
+.B \-J, --dhcp-ignore=<network-id>[,<network-id>]
+When all the given network-ids match the set of network-ids derived
+from the net, host, vendor and user classes, ignore the host and do
+not allocate it a DHCP lease.
+.TP
+.B --dhcp-ignore-names[=<network-id>[,<network-id>]]
+When all the given network-ids match the set of network-ids derived
+from the net, host, vendor and user classes, ignore any hostname
+provided by the host. Note that, unlike dhcp-ignore, it is permissible
+to supply no netid tags, in which case DHCP-client supplied hostnames
+are always ignored, and DHCP hosts are added to the DNS using only
+dhcp-host configuration in dnsmasq and the contents of /etc/hosts and
+/etc/ethers.
+.TP
+.B --dhcp-broadcast=<network-id>[,<network-id>]
+When all the given network-ids match the set of network-ids derived
+from the net, host, vendor and user classes, always use broadcast to
+communicate with the host when it is unconfigured. Most DHCP clients which
+need broadcast replies set a flag in their requests so that this
+happens automatically, some old BOOTP clients do not.
+.TP
+.B \-M, --dhcp-boot=[net:<network-id>,]<filename>,[<servername>[,<server address>]]
+Set BOOTP options to be returned by the DHCP server. Server name and
+address are optional: if not provided, the name is left empty, and the
+address set to the address of the machine running dnsmasq. If dnsmasq
+is providing a TFTP service (see
+.B --enable-tftp
+) then only the filename is required here to enable network booting.
+If the optional network-id(s) are given,
+they must match for this configuration to be sent. Note that
+network-ids are prefixed by "net:" to distinguish them.
+.TP
+.B --pxe-service=[net:<network-id>,]<CSA>,<menu text>,<basename>|<bootservicetype>[,<server address>]
+Most uses of PXE boot-ROMS simply allow the PXE
+system to obtain an IP address and then download the file specified by
+.B dhcp-boot
+and execute it. However the PXE system is capable of more complex
+functions when supported by a suitable DHCP server.
+
+This specifies a boot option which may appear in a PXE boot menu. <CSA> is
+client system type, only services of the correct type will appear in a
+menu. The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
+Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI; an
+integer may be used for other types. The
+parameter after the menu text may be a file name, in which case dnsmasq acts as a
+boot server and directs the PXE client to download the file by TFTP,
+either from itself (
+.B enable-tftp
+must be set for this to work) or another TFTP server if the final IP
+address is given.
+Note that the "layer"
+suffix (normally ".0") is supplied by PXE, and should not be added to
+the basename. If an integer boot service type, rather than a basename
+is given, then the PXE client will search for a
+suitable boot service for that type on the network. This search may be done
+by multicast or broadcast, or direct to a server if its IP address is provided. A boot service
+type of 0 is special, and will abort the net boot procedure and
+continue booting from local media.
+.TP
+.B --pxe-prompt=[net:<network-id>,]<prompt>[,<timeout>]
+Setting this provides a prompt to be displayed after PXE boot. If the
+timeout is given then after the
+timeout has elapsed with no keyboard input, the first available menu
+option will be automatically executed. If the timeout is zero then the first available menu
+item will be executed immediately. If
+.B pxe-prompt
+is ommitted the system will wait for user input if there are multiple
+items in the menu, but boot immediately if
+there is only one. See
+.B pxe-service
+for details of menu items.
+
+Dnsmasq supports PXE "proxy-DHCP", in this case another DHCP server on
+the network is responsible for allocating IP addresses, and dnsmasq
+simply provides the information given in
+.B pxe-prompt
+and
+.B pxe-service
+to allow netbooting. This mode is enabled using the
+.B proxy
+keyword in
+.B dhcp-range.
+.TP
+.B \-X, --dhcp-lease-max=<number>
+Limits dnsmasq to the specified maximum number of DHCP leases. The
+default is 150. This limit is to prevent DoS attacks from hosts which
+create thousands of leases and use lots of memory in the dnsmasq
+process.
+.TP
+.B \-K, --dhcp-authoritative
+Should be set when dnsmasq is definitely the only DHCP server on a network.
+It changes the behaviour from strict RFC compliance so that DHCP requests on
+unknown leases from unknown hosts are not ignored. This allows new hosts
+to get a lease without a tedious timeout under all circumstances. It also
+allows dnsmasq to rebuild its lease database without each client needing to
+reacquire a lease, if the database is lost.
+.TP
+.B --dhcp-alternate-port[=<server port>[,<client port>]]
+Change the ports used for DHCP from the default. If this option is
+given alone, without arguments, it changes the ports used for DHCP
+from 67 and 68 to 1067 and 1068. If a single argument is given, that
+port number is used for the server and the port number plus one used
+for the client. Finally, two port numbers allows arbitrary
+specification of both server and client ports for DHCP.
+.TP
+.B \-3, --bootp-dynamic[=<network-id>[,<network-id>]]
+Enable dynamic allocation of IP addresses to BOOTP clients. Use this
+with care, since each address allocated to a BOOTP client is leased
+forever, and therefore becomes permanently unavailable for re-use by
+other hosts. if this is given without tags, then it unconditionally
+enables dynamic allocation. With tags, only when the tags are all
+set. It may be repeated with different tag sets.
+.TP
+.B \-5, --no-ping
+By default, the DHCP server will attempt to ensure that an address in
+not in use before allocating it to a host. It does this by sending an
+ICMP echo request (aka "ping") to the address in question. If it gets
+a reply, then the address must already be in use, and another is
+tried. This flag disables this check. Use with caution.
+.TP
+.B --log-dhcp
+Extra logging for DHCP: log all the options sent to DHCP clients and
+the netid tags used to determine them.
+.TP
+.B \-l, --dhcp-leasefile=<path>
+Use the specified file to store DHCP lease information.
+.TP
+.B \-6 --dhcp-script=<path>
+Whenever a new DHCP lease is created, or an old one destroyed, the
+executable specified by this option is run. The arguments to the process
+are "add", "old" or "del", the MAC
+address of the host, the IP address, and the hostname,
+if known. "add" means a lease has been created, "del" means it has
+been destroyed, "old" is a notification of an existing lease when
+dnsmasq starts or a change to MAC address or hostname of an existing
+lease (also, lease length or expiry and client-id, if leasefile-ro is set).
+If the MAC address is from a network type other than ethernet,
+it will have the network type prepended, eg "06-01:23:45:67:89:ab" for
+token ring. The process is run as root (assuming that dnsmasq was originally run as
+root) even if dnsmasq is configured to change UID to an unprivileged user.
+The environment is inherited from the invoker of dnsmasq, and if the
+host provided a client-id, this is stored in the environment variable
+DNSMASQ_CLIENT_ID. If the fully-qualified domain name of the host is
+known, the domain part is stored in DNSMASQ_DOMAIN.
+If the client provides vendor-class, hostname or user-class,
+ these are provided in DNSMASQ_VENDOR_CLASS
+DNSMASQ_SUPPLIED_HOSTNAME and
+DNSMASQ_USER_CLASS0..DNSMASQ_USER_CLASSn variables, but only for
+"add" actions or "old" actions when a host resumes an existing lease,
+since these data are not held in dnsmasq's lease
+database. If dnsmasq was compiled with HAVE_BROKEN_RTC, then
+the length of the lease (in seconds) is stored in
+DNSMASQ_LEASE_LENGTH, otherwise the time of lease expiry is stored in
+DNSMASQ_LEASE_EXPIRES. The number of seconds until lease expiry is
+always stored in DNSMASQ_TIME_REMAINING.
+If a lease used to have a hostname, which is
+removed, an "old" event is generated with the new state of the lease,
+ie no name, and the former name is provided in the environment
+variable DNSMASQ_OLD_HOSTNAME. DNSMASQ_INTERFACE stores the name of
+the interface on which the request arrived; this is not set for "old"
+actions when dnsmasq restarts. DNSMASQ_RELAY_ADDRESS is set if the client
+used a DHCP relay to contact dnsmasq and the IP address of the relay is known.
+All file descriptors are
+closed except stdin, stdout and stderr which are open to /dev/null
+(except in debug mode).
+The script is not invoked concurrently: if subsequent lease
+changes occur, the script is not invoked again until any existing
+invocation exits. At dnsmasq startup, the script will be invoked for
+all existing leases as they are read from the lease file. Expired
+leases will be called with "del" and others with "old". <path>
+must be an absolute pathname, no PATH search occurs. When dnsmasq
+receives a HUP signal, the script will be invoked for existing leases
+with an "old " event.
+.TP
+.B --dhcp-scriptuser
+Specify the user as which to run the lease-change script. This defaults to root, but can be changed to another user using this flag.
+.TP
+.B \-9, --leasefile-ro
+Completely suppress use of the lease database file. The file will not
+be created, read, or written. Change the way the lease-change
+script (if one is provided) is called, so that the lease database may
+be maintained in external storage by the script. In addition to the
+invocations given in
+.B --dhcp-script
+the lease-change script is called once, at dnsmasq startup, with the
+single argument "init". When called like this the script should write
+the saved state of the lease database, in dnsmasq leasefile format, to
+stdout and exit with zero exit code. Setting this
+option also forces the leasechange script to be called on changes
+to the client-id and lease length and expiry time.
+.TP
+.B --bridge-interface=<interface>,<alias>[,<alias>]
+Treat DHCP request packets arriving at any of the <alias> interfaces
+as if they had arrived at <interface>. This option is necessary when
+using "old style" bridging on BSD platforms, since
+packets arrive at tap interfaces which don't have an IP address.
+.TP
+.B \-s, --domain=<domain>[,<address range>]
+Specifies DNS domains for the DHCP server. Domains may be be given
+unconditionally (without the IP range) or for limited IP ranges. This has two effects;
+firstly it causes the DHCP server to return the domain to any hosts
+which request it, and secondly it sets the domain which it is legal
+for DHCP-configured hosts to claim. The intention is to constrain
+hostnames so that an untrusted host on the LAN cannot advertise
+its name via dhcp as e.g. "microsoft.com" and capture traffic not
+meant for it. If no domain suffix is specified, then any DHCP
+hostname with a domain part (ie with a period) will be disallowed
+and logged. If suffix is specified, then hostnames with a domain
+part are allowed, provided the domain part matches the suffix. In
+addition, when a suffix is set then hostnames without a domain
+part have the suffix added as an optional domain part. Eg on my network I can set
+.B --domain=thekelleys.org.uk
+and have a machine whose DHCP hostname is "laptop". The IP address for that machine is available from
+.B dnsmasq
+both as "laptop" and "laptop.thekelleys.org.uk". If the domain is
+given as "#" then the domain is read from the first "search" directive
+in /etc/resolv.conf (or equivalent). The address range can be of the form
+<ip address>,<ip address> or <ip address>/<netmask> or just a single
+<ip address>. See
+.B --dhcp-fqdn
+which can change the behaviour of dnsmasq with domains.
+.TP
+.B --dhcp-fqdn
+In the default mode, dnsmasq inserts the unqualified names of
+DHCP clients into the DNS. For this reason, the names must be unique,
+even if two clients which have the same name are in different
+domains. If a second DHCP client appears which has the same name as an
+existing client, the name is transfered to the new client. If
+.B --dhcp-fqdn
+is set, this behaviour changes: the unqualified name is no longer
+put in the DNS, only the qualified name. Two DHCP clients with the
+same name may both keep the name, provided that the domain part is
+different (ie the fully qualified names differ.) To ensure that all
+names have a domain part, there must be at least
+.B --domain
+without an address specified when
+.B --dhcp-fqdn
+is set.
+.TP
+.B --enable-tftp
+Enable the TFTP server function. This is deliberately limited to that
+needed to net-boot a client. Only reading is allowed; the tsize and
+blksize extensions are supported (tsize is only supported in octet mode).
+.TP
+.B --tftp-root=<directory>
+Look for files to transfer using TFTP relative to the given
+directory. When this is set, TFTP paths which include ".." are
+rejected, to stop clients getting outside the specified root.
+Absolute paths (starting with /) are allowed, but they must be within
+the tftp-root.
+.TP
+.B --tftp-unique-root
+Add the IP address of the TFTP client as a path component on the end
+of the TFTP-root (in standard dotted-quad format). Only valid if a
+tftp-root is set and the directory exists. For instance, if tftp-root is "/tftp" and client
+1.2.3.4 requests file "myfile" then the effective path will be
+"/tftp/1.2.3.4/myfile" if /tftp/1.2.3.4 exists or /tftp/myfile otherwise.
+.TP
+.B --tftp-secure
+Enable TFTP secure mode: without this, any file which is readable by
+the dnsmasq process under normal unix access-control rules is
+available via TFTP. When the --tftp-secure flag is given, only files
+owned by the user running the dnsmasq process are accessible. If
+dnsmasq is being run as root, different rules apply: --tftp-secure
+has no effect, but only files which have the world-readable bit set
+are accessible. It is not recommended to run dnsmasq as root with TFTP
+enabled, and certainly not without specifying --tftp-root. Doing so
+can expose any world-readable file on the server to any host on the net.
+.TP
+.B --tftp-max=<connections>
+Set the maximum number of concurrent TFTP connections allowed. This
+defaults to 50. When serving a large number of TFTP connections,
+per-process file descriptor limits may be encountered. Dnsmasq needs
+one file descriptor for each concurrent TFTP connection and one
+file descriptor per unique file (plus a few others). So serving the
+same file simultaneously to n clients will use require about n + 10 file
+descriptors, serving different files simultaneously to n clients will
+require about (2*n) + 10 descriptors. If
+.B --tftp-port-range
+is given, that can affect the number of concurrent connections.
+.TP
+.B --tftp-no-blocksize
+Stop the TFTP server from negotiating the "blocksize" option with a
+client. Some buggy clients request this option but then behave badly
+when it is granted.
+.TP
+.B --tftp-port-range=<start>,<end>
+A TFTP server listens on a well-known port (69) for connection initiation,
+but it also uses a dynamically-allocated port for each
+connection. Normally these are allocated by the OS, but this option
+specifies a range of ports for use by TFTP transfers. This can be
+useful when TFTP has to traverse a firewall. The start of the range
+cannot be lower than 1025 unless dnsmasq is running as root. The number
+of concurrent TFTP connections is limited by the size of the port range.
+.TP
+.B \-C, --conf-file=<file>
+Specify a different configuration file. The conf-file option is also allowed in
+configuration files, to include multiple configuration files.
+.TP
+.B \-7, --conf-dir=<directory>[,<file-extension>......]
+Read all the files in the given directory as configuration
+files. If extension(s) are given, any files which end in those
+extensions are skipped. Any files whose names end in ~ or start with . or start and end
+with # are always skipped. This flag may be given on the command
+line or in a configuration file.
+.SH CONFIG FILE
+At startup, dnsmasq reads
+.I /etc/dnsmasq.conf,
+if it exists. (On
+FreeBSD, the file is
+.I /usr/local/etc/dnsmasq.conf
+) (but see the
+.B \-C
+and
+.B \-7
+options.) The format of this
+file consists of one option per line, exactly as the long options detailed
+in the OPTIONS section but without the leading "--". Lines starting with # are comments and ignored. For
+options which may only be specified once, the configuration file overrides
+the command line. Quoting is allowed in a config file:
+between " quotes the special meanings of ,:. and # are removed and the
+following escapes are allowed: \\\\ \\" \\t \\e \\b \\r and \\n. The later
+corresponding to tab, escape, backspace, return and newline.
+.SH NOTES
+When it receives a SIGHUP,
+.B dnsmasq
+clears its cache and then re-loads
+.I /etc/hosts
+and
+.I /etc/ethers
+and any file given by --dhcp-hostsfile, --dhcp-optsfile or --addn-hosts.
+The dhcp lease change script is called for all
+existing DHCP leases. If
+.B
+--no-poll
+is set SIGHUP also re-reads
+.I /etc/resolv.conf.
+SIGHUP
+does NOT re-read the configuration file.
+.PP
+When it receives a SIGUSR1,
+.B dnsmasq
+writes statistics to the system log. It writes the cache size,
+the number of names which have had to removed from the cache before
+they expired in order to make room for new names and the total number
+of names that have been inserted into the cache. For each upstream
+server it gives the number of queries sent, and the number which
+resulted in an error. In
+.B --no-daemon
+mode or when full logging is enabled (-q), a complete dump of the
+contents of the cache is made.
+.PP
+When it receives SIGUSR2 and it is logging direct to a file (see
+.B --log-facility
+)
+.B dnsmasq
+will close and reopen the log file. Note that during this operation,
+dnsmasq will not be running as root. When it first creates the logfile
+dnsmasq changes the ownership of the file to the non-root user it will run
+as. Logrotate should be configured to create a new log file with
+the ownership which matches the existing one before sending SIGUSR2.
+If TCP DNS queries are in progress, the old logfile will remain open in
+child processes which are handling TCP queries and may continue to be
+written. There is a limit of 150 seconds, after which all existing TCP
+processes will have expired: for this reason, it is not wise to
+configure logfile compression for logfiles which have just been
+rotated. Using logrotate, the required options are
+.B create
+and
+.B delaycompress.
+
+
+.PP
+Dnsmasq is a DNS query forwarder: it it not capable of recursively
+answering arbitrary queries starting from the root servers but
+forwards such queries to a fully recursive upstream DNS server which is
+typically provided by an ISP. By default, dnsmasq reads
+.I /etc/resolv.conf
+to discover the IP
+addresses of the upstream nameservers it should use, since the
+information is typically stored there. Unless
+.B --no-poll
+is used,
+.B dnsmasq
+checks the modification time of
+.I /etc/resolv.conf
+(or equivalent if
+.B \--resolv-file
+is used) and re-reads it if it changes. This allows the DNS servers to
+be set dynamically by PPP or DHCP since both protocols provide the
+information.
+Absence of
+.I /etc/resolv.conf
+is not an error
+since it may not have been created before a PPP connection exists. Dnsmasq
+simply keeps checking in case
+.I /etc/resolv.conf
+is created at any
+time. Dnsmasq can be told to parse more than one resolv.conf
+file. This is useful on a laptop, where both PPP and DHCP may be used:
+dnsmasq can be set to poll both
+.I /etc/ppp/resolv.conf
+and
+.I /etc/dhcpc/resolv.conf
+and will use the contents of whichever changed
+last, giving automatic switching between DNS servers.
+.PP
+Upstream servers may also be specified on the command line or in
+the configuration file. These server specifications optionally take a
+domain name which tells dnsmasq to use that server only to find names
+in that particular domain.
+.PP
+In order to configure dnsmasq to act as cache for the host on which it is running, put "nameserver 127.0.0.1" in
+.I /etc/resolv.conf
+to force local processes to send queries to
+dnsmasq. Then either specify the upstream servers directly to dnsmasq
+using
+.B \--server
+options or put their addresses real in another file, say
+.I /etc/resolv.dnsmasq
+and run dnsmasq with the
+.B \-r /etc/resolv.dnsmasq
+option. This second technique allows for dynamic update of the server
+addresses by PPP or DHCP.
+.PP
+Addresses in /etc/hosts will "shadow" different addresses for the same
+names in the upstream DNS, so "mycompany.com 1.2.3.4" in /etc/hosts will ensure that
+queries for "mycompany.com" always return 1.2.3.4 even if queries in
+the upstream DNS would otherwise return a different address. There is
+one exception to this: if the upstream DNS contains a CNAME which
+points to a shadowed name, then looking up the CNAME through dnsmasq
+will result in the unshadowed address associated with the target of
+the CNAME. To work around this, add the CNAME to /etc/hosts so that
+the CNAME is shadowed too.
+
+.PP
+The network-id system works as follows: For each DHCP request, dnsmasq
+collects a set of valid network-id tags, one from the
+.B dhcp-range
+used to allocate the address, one from any matching
+.B dhcp-host
+(and "known" if a dhcp-host matches)
+the tag "bootp" for BOOTP requests, a tag whose name is the
+name if the interface on which the request arrived,
+and possibly many from matching vendor classes and user
+classes sent by the DHCP client. Any
+.B dhcp-option
+which has network-id tags will be used in preference to an untagged
+.B dhcp-option,
+provided that _all_ the tags match somewhere in the
+set collected as described above. The prefix '#' on a tag means 'not'
+so --dhcp=option=#purple,3,1.2.3.4 sends the option when the
+network-id tag purple is not in the set of valid tags.
+.PP
+If the network-id in a
+.B dhcp-range
+is prefixed with 'net:' then its meaning changes from setting a
+tag to matching it. Thus if there is more than dhcp-range on a subnet,
+and one is tagged with a network-id which is set (for instance
+from a vendorclass option) then hosts which set the netid tag will be
+allocated addresses in the tagged range.
+.PP
+The DHCP server in dnsmasq will function as a BOOTP server also,
+provided that the MAC address and IP address for clients are given,
+either using
+.B dhcp-host
+configurations or in
+.I /etc/ethers
+, and a
+.B dhcp-range
+configuration option is present to activate the DHCP server
+on a particular network. (Setting --bootp-dynamic removes the need for
+static address mappings.) The filename
+parameter in a BOOTP request is matched against netids in
+.B dhcp-option
+configurations, as is the tag "bootp", allowing some control over the options returned to
+different classes of hosts.
+
+.SH EXIT CODES
+.PP
+0 - Dnsmasq successfully forked into the background, or terminated
+normally if backgrounding is not enabled.
+.PP
+1 - A problem with configuration was detected.
+.PP
+2 - A problem with network access occurred (address in use, attempt
+to use privileged ports without permission).
+.PP
+3 - A problem occurred with a filesystem operation (missing
+file/directory, permissions).
+.PP
+4 - Memory allocation failure.
+.PP
+5 - Other miscellaneous problem.
+.PP
+11 or greater - a non zero return code was received from the
+lease-script process "init" call. The exit code from dnsmasq is the
+script's exit code with 10 added.
+
+.SH LIMITS
+The default values for resource limits in dnsmasq are generally
+conservative, and appropriate for embedded router type devices with
+slow processors and limited memory. On more capable hardware, it is
+possible to increase the limits, and handle many more clients. The
+following applies to dnsmasq-2.37: earlier versions did not scale as well.
+
+.PP
+Dnsmasq is capable of handling DNS and DHCP for at least a thousand
+clients. Clearly to do this the value of
+.B --dhcp-lease-max
+must be increased,
+and lease times should not be very short (less than one hour). The
+value of
+.B --dns-forward-max
+can be increased: start with it equal to
+the number of clients and increase if DNS seems slow. Note that DNS
+performance depends too on the performance of the upstream
+nameservers. The size of the DNS cache may be increased: the hard
+limit is 10000 names and the default (150) is very low. Sending
+SIGUSR1 to dnsmasq makes it log information which is useful for tuning
+the cache size. See the
+.B NOTES
+section for details.
+
+.PP
+The built-in TFTP server is capable of many simultaneous file
+transfers: the absolute limit is related to the number of file-handles
+allowed to a process and the ability of the select() system call to
+cope with large numbers of file handles. If the limit is set too high
+using
+.B --tftp-max
+it will be scaled down and the actual limit logged at
+start-up. Note that more transfers are possible when the same file is
+being sent than when each transfer sends a different file.
+
+.PP
+It is possible to use dnsmasq to block Web advertising by using a list
+of known banner-ad servers, all resolving to 127.0.0.1 or 0.0.0.0, in
+.B /etc/hosts
+or an additional hosts file. The list can be very long,
+dnsmasq has been tested successfully with one million names. That size
+file needs a 1GHz processor and about 60Mb of RAM.
+
+.SH INTERNATIONALISATION
+Dnsmasq can be compiled to support internationalisation. To do this,
+the make targets "all-i18n" and "install-i18n" should be used instead of
+the standard targets "all" and "install". When internationalisation
+is compiled in, dnsmasq will produce log messages in the local
+language and support internationalised domain names (IDN). Domain
+names in /etc/hosts, /etc/ethers and /etc/dnsmasq.conf which contain
+non-ASCII characters will be translated to the DNS-internal punycode
+representation. Note that
+dnsmasq determines both the language for messages and the assumed
+charset for configuration
+files from the LANG environment variable. This should be set to the system
+default value by the script which is responsible for starting
+dnsmasq. When editing the configuration files, be careful to do so
+using only the system-default locale and not user-specific one, since
+dnsmasq has no direct way of determining the charset in use, and must
+assume that it is the system default.
+
+.SH FILES
+.IR /etc/dnsmasq.conf
+
+.IR /usr/local/etc/dnsmasq.conf
+
+.IR /etc/resolv.conf
+
+.IR /etc/hosts
+
+.IR /etc/ethers
+
+.IR /var/lib/misc/dnsmasq.leases
+
+.IR /var/db/dnsmasq.leases
+
+.IR /var/run/dnsmasq.pid
+.SH SEE ALSO
+.BR hosts (5),
+.BR resolver (5)
+.SH AUTHOR
+This manual page was written by Simon Kelley <simon@thekelleys.org.uk>.
+
+
diff --git a/man/es/dnsmasq.8 b/man/es/dnsmasq.8
new file mode 100755
index 0000000..7197212
--- /dev/null
+++ b/man/es/dnsmasq.8
@@ -0,0 +1,1310 @@
+.TH DNSMASQ 8
+.SH NOMBRE
+dnsmasq \- Un ligero servidor DHCP y DNS con cach.
+.SH SINOPSIS
+.B dnsmasq
+.I [OPCION]...
+.SH "DESCRIPCIN"
+.BR dnsmasq
+es un ligero servidor DNS, TFTP y DHCP. Su propsito es proveer servicios DNS
+y DHCP a una red de rea local.
+.PP
+Dnsmasq acepta bsquedas DNS y las responde desde un pequeo
+cach local, o las reenva hacia un servidor DNS real recursivo.
+Carga el contenido de /etc/hosts, de tal forma que nombres de
+hosts locales los cuales no aparecen en el DNS mundial puedan ser
+resueltos. Tambin responde a bsquedas DNS para hosts configurados
+va DHCP.
+.PP
+El servidor DHCP dnsmasq incluye soporte para asignacin de direcciones
+estticas y redes mltiples. Automticamente enva un predeterminado sensible de
+opciones DHCP, y puede ser configurado para enviar cualquier opciones DHCP deseadas,
+incluyendo opciones encapsuladas por vendedores. Incluye un servidor seguro
+TFTP solo-lectura para permitir el inicio va red/PXE de hosts DHCP. Tamben
+incluye soporte para BOOTP.
+.PP
+Dnsmasq
+incluye soporte IPv6 para DNS, pero no para DHCP.
+.SH OPCIONES
+Ntese que en general parmetros ausentes son permitidos y deshabilitan
+funciones, por ejemplo "--pid-file=" deshabilita la escritura de un
+archivo PID. En BSD, a menos que la librera GNU getopt est enlazada,
+la forma larga de las opciones no funciona en la lnea de comandos,
+pero todava es reconocida en el archivo de configuracin.
+.TP
+.B --test
+Leer archivo(s) de configuracin y revisar su sintaxis. Salir con cdigo
+0 si todo est bien, o un cdigo no-cero en cualquier otro caso. No
+iniciar dnsmasq.
+.TP
+.B \-h, --no-hosts
+No leer los nombres de hosts en /etc/hosts.
+.TP
+.B \-H, --addn-hosts=<archivo>
+Archivo de hosts adicional. Leer el archivo especificado adicionalmente
+a /etc/hosts. Si se brinda -h, leer solo el archivo especificado. Esta
+opcin puede ser repetida para ms de un archivo de hosts adicional. Si
+un directorio es brindado, entonces leer todos los archivos contenidos en
+ese directorio.
+.TP
+.B \-E, --expand-hosts
+Agregar el dominio a nombres sencillos (sin punto) en /etc/hosts de la
+misma manera que con nombres derivados de DHCP.
+.TP
+.B \-T, --local-ttl=<tiempo>
+Al responder con informacin desde /etc/hosts o desde el archivo
+de arriendos DHCP, dnsmasq fija el tiempo de vida (TTL) a cero por
+predeterminado, significando que el remitente no debr cachear
+la informacin por s mismo. Esto es lo correcto a hacer en casi
+todas las situaciones. Esta opcin permite que se especifique
+cierto tiempo de vida (en segundos) para estas respuestas. Esto
+reduce la carga sobre el servidor al costo de que los clientes
+usaran datos aejos bajo algunas circunstancias.
+.TP
+.B --neg-ttl=<tiempo>
+Respuestas negativas desde servidores upstream normalmente contienen
+informacin time-to-live (tiempo de vida) en expedientes SOA que
+dnsmasq usa para hacer cach. Si las respuestas de servidores upstream
+omiten esta informacin, dnsmasq no mete la respuesta en el cach.
+Esta opcin brinda un valor predeterminado para el time-to-live que
+dnsmasq usa para meter respuestas en el cach an en la ausencia de
+un expediente SOA.
+.TP
+.B \-k, --keep-in-foreground
+No ir hacia el fondo al iniciar, pero aparte de eso ejecutar como
+normal. La intencin de esto es para cuando dnsmasq es ejecutado
+bajo daemontools o launchd.
+.TP
+.B \-d, --no-daemon
+Modo debug: no hacer un fork hacia el fondo, no crear un archivo PID,
+no cambiar el ID del usuario, generar un cache dump completo al
+recibir un SIGUSR1, bitacorear a stderr al igual que a syslog, no
+forkear procesos nuevos para manejar bsquedas TCP.
+.TP
+.B \-q, --log-queries
+Bitacorear los resultados de bsquedas DNS manejadas por dnsmasq.
+Habilitar un dump de cach completo al recibir un SIGUSR1.
+.TP
+.B \-8, --log-facility=<facilidad>
+Fijar la facilidad a la cual dnsmasq deber enviar mensajes syslog,
+esto es DAEMON por predeterminado, y LOCAL0 cuando el modo debug est
+en operacin. Si la facilidad brindada contiene por lo menos un carcter
+"/", se trata como un nombre de archivo, y dnsmasq bitacorear a dicho
+archivo, en vez de syslog. (Errores durante la lectura de la configuracin
+irn a syslog todava, pero todo output desde un inicio exitoso, y todo
+output mientras en ejecucin, ir a este archivo exclusivamente.)
+Al bitacorear a un archivo, dnsmasq cerrar y reabrir el archivo al
+recibir un SIGUSR2. Esto permite que el archivo de bitcora sea rotado
+sin detener a dnsmasq.
+.TP
+.B --log-async[=<lneas>]
+Habilitar bitacoro asincrnico y opcionalmente fijar el lmite de nmero
+de lneas que sern enviadas a la coleta por dnsmasq cuando syslog est
+lento. Dnsmasq puede bitacorear asincrnicamente: esto le permite continuar
+funcionando sin ser bloqueado por syslog, y permite a syslog usar dnsmasq
+para bsquedas DNS sin riesgo de tranque. Si la coleta de lneas de bitcora
+se llena, dnsmasq bitacorear el desbordamiento, y el nmero de mensajes
+perdidos. El tamao predeterminado de coleta es 5, un valor sano sera 5-25,
+y un lmite de 100 es impuesto.
+.TP
+.B \-x, --pid-file=<path>
+Especificar un path alterno donde dnsmasq debe guardar su PID.
+Normalmente es /var/run/dnsmasq.pid.
+.TP
+.B \-u, --user=<usuario>
+Especificar el userid al cual dnsmasq debe cambiarse despues de iniciar.
+Dnsmasq normalmente debe ser iniciado como root, pero soltar los
+privilegios root despues del inicio, cambiando a otro usuario.
+Normalmente este usuario es "nobody", pero eso se puede cambiar
+con esta opcin.
+.TP
+.B \-g, --group=<grupo>
+Especificar el grupo como el cual dnsmasq correr. El predeterminado
+es "dip", si est disponible, para facilitar el acceso a
+/etc/ppp/resolv.conf el cul normlmente no es globalmente leble.
+.TP
+.B \-v, --version
+Mostrar el nmero de versin.
+.TP
+.B \-p, --port=<puerto>
+Escuchar en el puerto <puerto> en vez del puerto estndar DNS (53).
+Fijar esto a cero deshabilita completamente la funcin DNS, dejando
+solo DHCP y/o TFTP.
+.TP
+.B \-P, --edns-packet-max=<tamao>
+Especificar el paquete UDP EDNS.0 ms grande que es soportado por
+el reenviador DNS. Por predeterminado es 1280, lo cual es el
+mximo recomendado en RFC2671 para ethernet.
+.TP
+.B \-Q, --query-port=<puerto>
+Enviar bsquedas outbound desde, y escuchar por respuestas en,
+el puerto UDP <puerto> en vez de usar puertos aleatorios. Ntese
+que usar esta opcin hace que dnsmasq sea menos seguro contra
+ataques de spoofing DNS, pero puede ser ms rpido y usar menos
+recursos.
+Fijar esta opcin a zero hace que dnsmasq use un solo puerto,
+asignado por el sistema operativo (esto era el comportamiento
+predeterminado en versiones anteriores a 2.43).
+.TP
+.B --min-port=<puerto>
+No usar puertos menores a <puerto> como remitentes para bsquedas
+DNS outbound. Dnsmasq escoje puertos aleatorios como remitentes
+para bsquedas DNS outbound. Cuando esta opcin es brindada, los
+puertos usados siempre sern mayores que el especificado. Esto es
+til para sistemas detras de firewalls.
+.TP
+.B \-i, --interface=<nombre de interface>
+Escuchar solo en las interfaces especificadas. Dnsmasq automticamente
+agrega la interface loopback a la lista de interfaces para usar cuando
+la opcin
+.B \--interface
+es usada. Si ninguna opcin
+.B \--interface
+o
+.B \--listen-address
+es brindada, dnsmasq escucha en todas las interfaces disponibles excepto
+cualquiera fijada con opciones
+.B \--except-interface
+Interfaces IP alias (por ejemplo, "eth1:0") no pueden ser utilizadas con
+.B --interface
+o
+.B --except-interface
+, usar --listen-address en vez.
+.TP
+.B \-I, --except-interface=<nombre de interface>
+No escuchar en la interface especificada. Ntese que el orden de
+las opciones
+.B \--listen-address
+.B --interface
+y
+.B --except-interface
+no importa y las opciones
+.B --except-interface
+siempre invalidan a las otras.
+.TP
+.B \-2, --no-dhcp-interface=<nombre de interface>
+No proveer DHCP ni TFTP en la interface especificada, pero s
+proveer servicio DNS.
+.TP
+.B \-a, --listen-address=<direccin IP>
+Escuchar en la(s) direccin(es) IP especificada(s). Las opciones
+.B \--interface
+y
+.B \--listen-address
+ambas pueden ser brindadas, y en tal caso el juego de ambas
+direcciones IP y interfaces es usada. Ntese que si ninguna opcin
+.B \--interface
+es brindada, pero s se brinda la opcin
+.B \--listen-address
+, entonces dnsmasq no escuchar automticamente en la interface
+loopback. Para obtener esto, su direccin IP, 127.0.0.1, debe ser
+explcitamente brindada como una opcin
+.B \--listen-address
+.TP
+.B \-z, --bind-interfaces
+En sistemas que inluyen el soporte, dnsmasq acopla la direccin
+de comodn, an cuando est escuchando solamente en algunas
+interfaces. Entonces descarta bsquedas a las cuales no debe
+responder. Esto tiene la ventaja de funcionar an cuando
+interfaces van y vienen y cambian direcciones. Esta opcin forza
+a dnsmasq a acoplarse realmente solo a las interfaces en
+las cuales est escuchando. Casi la nica vez que esto es til
+es cuando se est corriendo otro servidor DNS (o otra instancia
+de dnsmasq) en la misma mquina. Fijar esta opcin tambien
+habilita multiples instancias de dnsmasq, las cuales proveen
+servicio DHCP en la misma mquina.
+.TP
+.B \-y, --localise-queries
+Retornar respuestas a bsquedas DNS desde /etc/hosts las cuales dependen
+de la interface donde entr la bsqueda. Si un nombre en /etc/hosts tiene
+mas de una direccin asociada con el, y por lo menos una de esas direcciones
+est en la misma subred de la interface donde fue enviada, entnces
+retornar solo las direcciones en esa subred. Esto permite a un servidor
+tener direcciones mltiples en /etc/hosts correspondientes a cada una de
+sus interfaces y cada host recibir la respuesta adecuada
+dependiendo de cual red tengan adjunta. Por el momento, esta facilidad
+est limitada a IPv4.
+.TP
+.B \-b, --bogus-priv
+Bsquedas privadas reversas raras. Toda bsqueda reversa para rangos de IP
+privados (192.168.x.x, etc.) los cuales no se encuentren en
+/etc/hosts o en el archivo de arriendos DHCP es respondida con
+"dominio no existente" en vez de ser reenviada upstream.
+.TP
+.B \-V, --alias=[<IP viejo>]|[<IP inicio>-<IP final>],<IP nuevo>[,<mscara>]
+Modificar direcciones IPv4 retornadas desde servidores DNS upstream;
+<IP viejo> es remplazado con <IP nuevo>. Si la mscara opcional
+es brindada, entonces cualquier direccin que coincida con el
+<IP viejo> enmascarado ser re-escrita. As que, por ejemplo,
+.B --alias=1.2.3.0,6.7.8.0,255.255.255.0 trazar 1.2.3.56 a 6.7.8.56
+y 1.2.3.67 a 6.7.8.67. Esto es lo que
+ruteadores Cisco PIX llaman "DNS doctoring". Si la direccin vieja es
+brindada como un rango, entonces solo direcciones en ese rango, y no
+la subred entera, son re-escritas. De tal manera que
+.B --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
+relaciona 192.168.0.10->192.168.0.40 a 10.0.0.10->10.0.0.40
+.TP
+.B \-B, --bogus-nxdomain=<direccin IP>
+Transformar respuestas que contienen la direccin IP brindada a
+respuestas tipo "Dominio no existe". La intencin de esto es actuar
+en contra de una movida desviada hecha por Verisign en septiembre
+del 2003, cuando comenzaron a retornar la direccin de un servidor
+de publicidad en respuesta a bsquedas por nombres no registrados,
+en vez de la correcta respuesta NXDOMAIN. Esta opcin le dice a dnsmasq
+que debe forjear la respuesta correcta cuando ve este comportamiento.
+Para septiembre 2003 la direccin IP siendo retornada por Verisign
+es 64.94.110.11
+.TP
+.B \-f, --filterwin2k
+Algunas versiones de Windows hacen bsquedas DNS peridicas las cuales no
+reciben respuestas sensibles desde el DNS pblico y pueden causar problemas
+activando enlaces marcacin-en-demanda. Esta opcin filtra dichas bsquedas.
+Las bsquedas filtradas son para registros tipo SOA y SRV, al igual que
+tipo ANY donde el nombre pedido contiene _, para atrapar bsquedas LDAP.
+.TP
+.B \-r, --resolv-file=<archivo>
+Leer las direcciones IP de servidores DNS upstream desde <archivo>,
+en vez de /etc/resolv.conf. Para el formato de este archivo, ver
+.BR resolv.conf (5)
+Las nicas lneas relevantes a dnsmasq son las de servidores DNS. A
+dnsmasq se le puede decir que revise ms de un archivo resolv.conf,
+el primer archivo especificado remplaza al predeterminado, y los
+subsiguientes son agregados a la lista. Esto es solo
+permitido al hacer polling; el archivo con la actual fecha
+de modificacin ms nueva es el que ser usado.
+.TP
+.B \-R, --no-resolv
+No leer /etc/resolv.conf. Obtener los servidores DNS upstream solo
+desde la lnea de comandos o desde el archivo de configuracin de
+dnsmasq.
+.TP
+.B \-1, --enable-dbus
+Permitir que la configuracin de dnsmasq sea actualizada va llamadas
+de mtodo DBus. La configuracin que puede ser cambiada es servidores
+DNS upstream (y dominios correspondientes) y limpieza de cach. Esta
+opcin requiere que dnsmasq haya sido compilado con soporte para DBus.
+.TP
+.B \-o, --strict-order
+Por predeterminado, dnsmasq enviar bsquedas a cualquiera de los
+servidores upstream que conoce, y trata de favorecer servidores los
+cuales sabe que estn activos. Fijar esta opcin forza a dnsmasq a
+probar cada bsqueda con cada servidor estrictamente en el orden
+que aparecen en /etc/resolv.conf
+.TP
+.B --all-servers
+Por predeterminado, cuando dnsmasq tiene ms de un servidor upstream
+disponible, enviar bsquedas a solo un servidor. Fijar esta opcin
+forza a dnsmasq a enviar todas las bsquedas a todos los servidores
+disponibles. La respuesta del servidor que responda primero ser
+devuelta al solicitante original.
+.TP
+.B --stop-dns-rebind
+Denegar (y bitacorear) direcciones de servidores upstream que estn
+dentro de rangos IP privados. Esto bloquea un ataque donde un navegador
+detrs de un firewall es usado para analizar mquinas en la red local.
+.TP
+.B \-n, --no-poll
+No revisar periodicamente a /etc/resolv.conf en busca de cambios.
+.TP
+.B --clear-on-reload
+Cuando sea que /etc/resolv.conf es re-leida, liberar el cach DNS.
+Esto es til cuando servidores DNS nuevos puedan tener datos diferentes
+a los contenidos en el cach.
+.TP
+.B \-D, --domain-needed
+Le dice a dnsmasq que no debe reenviar bsquedas para nombres sencillos,
+sin puntos o partes de dominios, a servidores upstream. Si el nombre
+no se conoce desde /etc/hosts o desde DHCP entonces una respuesta
+"no encontrado" es devuelta.
+.TP
+.B \-S, --local, --server=[/[<dominio>]/[dominio/]][<direccin IP>[#<puerto>][@<IP de remitente>|<interface>[#<puerto>]]
+Especificar la direccin IP de servidores upstream directamente. Fijar
+esta opcin no suprime la lectura de /etc/resolv.conf, use -R para
+hacer eso. Si uno a ms dominios opcionales son brindados, ese servidor
+es usado solo para esos dominios y las bsquedas son hechas usando
+el servidor especificado solamente. La intencin de esto es para el
+uso con servidores DNS privados: si usted tiene un servidor DNS en su
+red el cual lidea con nombres de la forma
+xxx.internal.thekelleys.org.uk en 192.168.1.1 entonces brindar la
+opcin
+.B -S /internal.thekelleys.org.uk/192.168.1.1
+enviar todas las bsquedas de mquinas internas a ese servidor DNS,
+todas las dems bsquedas sern enviadas a los servidores en
+/etc/resolv.conf. Una especificacin de dominio en blanco,
+.B //
+tiene el significado especial de "solo nombres no calificados", o
+sea nombres sin ningn punto en ellos. Un puerto no-estndar puede
+ser especificado como parte de la direccin IP usando el caracter
+#. Ms de una opcin -S es permitida, con partes de dominio o
+direccin IP repetidas como sea necesario.
+
+Tambin se permite una opcin -S la cual brinda un dominio pero
+ninguna direccin IP; esto le dice a dnsmasq que un dominio es local
+y puede responder a bsquedas desde /etc/hosts o DHCP pero nunca
+deber reenviar bsquedas en ese dominio a ningn servidor upstream.
+.B local
+es un sinnimo de
+.B server
+para hacer los archivos de configuracin mas claros en este caso.
+
+El string opcional despues del carcter @ le dice a dnsmasq como fijar
+el remitente de las bsquedas hacia este servidor DNS. Debe ser una
+direccin IP, la cual debe ser perteneciente a la mquina en la cual
+corre dnsmasq, de forma contraria esta lnea de servidor ser bitacoreada
+y despus ignorada, o un nombre de interface. Si un nombre de interface
+es brindado, entonces bsquedas hacia el servidor sern forzadas va esa
+interface; si una direccin IP es brindada, entonces la direccin de
+remitente de las bsquedas ser fijada a esa direccin.
+La etiqueta query-port es ignorada para cualquier servidores que tengan
+una direccin remitente especificada, pero el puerto puede ser
+especificado directamente como parte de la direccin remitente. Forzar
+bsquedas a una interface no est implementado en todas las plataformas
+soportadas por dnsmasq.
+.TP
+.B \-A, --address=/<dominio>/[dominio/]<direccin IP>
+Especificar una direccin IP para retornar por cualquier host en
+los dominios brindados. Bsquedas en estos dominios nunca son
+reenviadas, y siempre son respondidas con la direccin IP
+especificada, la cual puede ser IPv4 o IPv6. Para brindar ambas
+direcciones IPv4 y IPv6 para un dominio, usar opciones -A repetidas.
+Ntese que /etc/hosts y arriendos DHCP invalidan esto para nombres
+individuales. Un uso comn para esto es redireccionar el dominio
+doubleclick.net entero a algn servidor web local amigable para
+evitar banners de publicidad. La especificacin funciona de la misma
+forma que con --server, con la facilidad adicional que /#/ coincide
+con cualquier dominio. De tal forma, --address=/#/1.2.3.4 siempre
+retornar 1.2.3.4 para cualquier bsqueda no respondida desde
+/etc/hosts o DHCP y que no haya sido enviada a un servidor DNS
+upstream por una directiva --server mas especifica.
+.TP
+.B \-m, --mx-host=<nombre mx>[[,<nombre de host>],<preferencia>]
+Retornar un record llamado <mx name> apuntando hacia el nombre de
+host brindado (opcionalmente), o el host especificado en la opcin
+--mx-target, o si esa opcin no es brindada, el host en el cual
+dnsmasq est corriendo. El predeterminado es til para redireccionar
+correo de sistemas en la red local hacia un servidor central. La
+opcin de preferencia es opcional, y su predeterminado es 1 si no
+es brindada. Ms de un record MX puede ser brindado para un host.
+.TP
+.B \-t, --mx-target=<nombre de host>
+Especificar el target predeterminado para el record MX devuelto
+por dnsmasq. Ver --mx-host. Si --mx-target es brindado, pero no
+--mx-host, entonces dnsmasq devuelve un record MX conteniendo
+el target MX para bsquedas MX en el nombre de host de la mquina donde
+dnsmasq est corriendo.
+.TP
+.B \-e, --selfmx
+Retornar un record MX apuntndose a s mismo para cada mquina local.
+Mquinas locales son aquellas en /etc/hosts o con arriendos DHCP.
+.TP
+.B \-L, --localmx
+Retornar un record MX apuntando al host brindado por mx-target (o
+la mquina donde dnsmasq est corriendo) para cada mquina local.
+Mquinas locales son aquellas en /etc/hosts o con arriendos DHCP.
+.TP
+.B \-W, --srv-host=<_servicio>.<_prot>.[<dominio>],[<target>[,<puerto>[,<prioridad>[,<peso>]]]]
+Retornar un record DNS SRV. Ver RFC2782 para detalles. Si no es
+brindada, el dominio se predetermina a el brindado por
+.B --domain.
+El predeterminado para el dominio target est vaco, el predeterminado
+para puerto es uno, y los predeterminados para peso y prioridad son cero.
+Tener cuidado al transponer data desde archivos de zona BIND: los
+nmeros de puerto, peso, y prioridad estn en un orden diferente. Ms
+de un record SRV para un servicio/dominio es permitido, todos los que
+coincidan son retornados.
+.TP
+.B \-Y, --txt-record=<nombre>[[,<texto>],<texto>]
+Retornar un rcord DNS TXT. El valor del rcord TXT es una serie de
+strings, as que cualquier nmero puede ser incluido, dividido por
+comas.
+.TP
+.B --ptr-record=<nombre>[,<target>]
+Retornar un rcord DNS PTR.
+.TP
+.B --naptr-record=<nombre>,<orden>,<preferencia>,<opciones>,<servicio>,<regexp>[,<remplazo>]
+Retornar un rcord DNS NAPTR, como especificado en RFC3403.
+.TP
+.B --cname=<cname>,<target>
+Retornar un expediente CNAME que indica que <cname> es realmente <target>. Hay
+limitaciones significativas en el target. Debe ser un nombre DNS que le es conocido
+a dnsmasq desde /etc/hosts (o archivos hosts adicionales) o de DHCP. Si el target
+no satisface este criterio, el cname entero es ignorado. El cname debe ser nico,
+pero es permisible tener ms de un cname indicando el mismo target.
+.TP
+.B --interface-name=<nombre>,<interface>
+Retornar un expediente DNS, asociando el nombre con la direccin primaria
+en la interface brindada. Esta opcin especifica un expediente tipo A
+para el nombre brindado de la misma forma que una lnea de /etc/hosts,
+excepto que la direccin no es constante y es en vez tomada de la
+interface brindada. Si la interface est deshabilitada, n configurada,
+o n existente, un rcord vaco es devuelto. El rcord PTR relevante
+tambien es creado, trazando la direccin de la interface a el nombre.
+Ms de un nombre puede ser asociado con una direccin de interface,
+repitiendo la opcin. En tal caso, la primera instancia es usada para
+la traza reversa direccin-a-nombre.
+.TP
+.B \-c, --cache-size=<tamao de cach>
+Fijar el tamao del cach de dnsmasq. El predeterminado es 150 nombres.
+Fijar el tamao a cero deshabilita el cach.
+.TP
+.B \-N, --no-negcache
+Deshabilitar cach negativo. El cach negativo le permite a dnsmasq
+recordar resultados tipo "dominio no existe" desde servidores DNS
+upstream y responder bsquedas idnticas sin reenviarlas nuevamente.
+.TP
+.B \-0, --dns-forward-max=<bsquedas>
+Fijar el nmero mximo de bsquedas DNS simultneas. El valor
+predeterminado es 150, lo cul debera estar bien para la mayora
+de casos. La nica situacin conocida donde esto debe ser incrementado
+es al usar resolvedores de bitcoras de servidores web, los cuales pueden
+generar un nmero inmenso de bsquedas simultneas.
+.TP
+.B \-F, --dhcp-range=[[net:]network-id,]<direccin-inicio>,<direccin-final>[[,<mscara>],<broadcast>][,<tiempo de arriendo>]
+Habilitar el servidor DHCP. Direcciones sern distribuidas desde el
+rango <direccin-inicio> hasta <direccin-final> y desde direcciones definidas
+estticamente en opciones
+.B dhcp-host
+Si el tiempo de arriendo es especificado, entonces arriendos sern
+otorgados por esa cantidad de tiempo. El tiempo de arriendo es en
+segundos, o minutos (por ejemplo, 45m), u horas (por ejemplo, 1h), o
+"infinite". Si no es brindada, el tiempo de arriendo predeterminado
+es de una hora. El tiempo de arriendo mnimo es de dos minutos.
+Esta opcin puede ser repetida, con diferentes
+direcciones, para habilitar servicio DHCP en ms de una red. Para
+redes conectadas dirctamente (en otras palabras, redes en las
+cuales la mquina corriendo dnsmasq tiene una interface) la
+mscara de subred es opcional. Pero, es requerida para redes que
+reciben servicio DHCP va un agente de relay. La direccin de
+broadcast siempre es opcional. Siempre se permite tener ms de
+un rango dhcp (dhcp-range) en una subred. El parmetro opcional
+network-id es una etiqueta alfanumrica la cual marca esta red de
+tal forma que opciones dhcp puedan ser especificadas en base a cada red.
+Cuando es prefijada con 'net:' entonces el significado cambia
+de "fijar etiqueta" a "coincidir con etiqueta". Solo una etiqueta puede
+ser fijada, pero ms de una puede ser revisada por coincidencias. La
+direccin final puede ser remplazada por la palabra clave
+.B static
+la cual le dice a dnsmasq que debe habilitar DHCP para la red
+especificada, pero no alocar dinmicamente direcciones IP:
+Solo hosts que tienen direcciones estticas brindadas va
+.B dhcp-host
+o desde /etc/ethers sern servidas. La direccin final puede ser
+remplazada por la palabra clave
+.B proxy
+caso en el cual dnsmasq proveer proxy-DHCP en la subred especificada. (Ver
+.B pxe-prompt
+y
+.B pxe-service
+para detalles.)
+.TP
+.B \-G, --dhcp-host=[<direccin de hardware>][,id:<client_id>|*][,net:<netid>][,<direccin IP>][,<nombre de host>][,<tiempo de arriendo>][,ignore]
+Especificar parmetros por host para el servidor DHCP. Esto permite
+que una mquina con una direccin de hardware particular sea siempre
+alocada el mismo nombre de host, direccin IP, y tiempo de arriendo.
+Un nombre de host especificado de esta manera toma presedencia
+sobre cualquiera suministrado por el cliente DHCP en la mquina.
+Tambin se permite omitir la direccion de hardware y incluir el
+nombre de host; en tal caso la direccin IP y los tiempos de arriendo
+sern aplicables a cualquier mquina que reclame ese nombre.
+Por ejemplo:
+.B --dhcp-host=00:20:e0:3b:13:af,wap,infinite
+le dice a dnsmasq que debe darle a la mquina con direccin
+ethernet 00:20:e0:3b:13:af el nombre wap, y un arriendo DHCP infinito.
+.B --dhcp-host=lap,192.168.0.199
+le dice a dnsmasq que siempre debe alocarle a la maquina lap
+la direccin IP 192.168.0.199. Direcciones alocadas de esta manera
+no tienen que estar dentro del rango dado con la opcin --dhcp-range,
+pero deben estar en la red siendo servida por el servidor DHCP. Se
+permite usar identificadores de clientes en vez de direcciones de
+hardware para identificar hosts prefijando 'id:'. O sea que:
+.B --dhcp-host=id:01:02:03:04,.....
+se refiere al host con identificador de cliente 01:02:03:04.
+Tambin se permite especificar el ID de cliente como texto, as:
+.B --dhcp-host=id:iddeclientecomotexto,.....
+
+La opcin especial id:* significa "ignorar cualquier ID de cliente
+y usar solamente direcciones MAC." Esto es til cuando un cliente
+presenta un ID de cliente algunas veces pero otras no.
+
+Si un nombre aparece en /etc/hosts, la direccin asociada puede
+ser alocada a un arriendo DHCP, pero solo si existe una opcin
+.B --dhcp-host
+la cual especifica el nombre tambin. La palabra clave "ignore"
+le dice a dnsmasq que no debe ofrecer jams un arriendo DHCP a
+una mquina. La mquina puede ser especificada por direccin de
+hardware, ID de cliente, o nombre de host, por ejemplo:
+.B --dhcp-host=00:20:e0:3b:13:af,ignore
+Esto es til cuando hay otro servidor DHCP en la red que debe ser
+usado por algnas mquinas.
+
+El net:<network-id> fija la etiqueta network-id cuando sea que
+esta directiva dhcp-host est en uso. Esto puede ser usado para
+enviar selectivamente opciones DHCP a este host. Cuando un host
+coincide con cualquier directiva dhcp-host (o una implicada por
+/etc/ethers) entonces la etiqueta network-id especial "known" es
+fijada. Esto permite que dnsmasq sea configurado para ignorar
+pedidos desde mquinas desconocidas usando
+.B --dhcp-ignore=#known
+Direcciones ethernet (pero no client-ids) pueden tener bytes
+comodnes, as que por ejemplo
+.B --dhcp-host=00:20:e0:3b:13:*,ignore
+causar que dnsmasq ignore un rango de direcciones ethernet. Ntese
+que el "*" necesitar ser escapado o escrito entre comillas en la
+lnea de comandos, pero no en el archivo de configuracin.
+
+Direcciones de hardware normalmente coinciden con cualquier
+tipo de red (ARP), pero es posible restringirlas a un tipo ARP
+singular precediendolo con el tipo ARP (en HEX) y "-". As que
+.B --dhcp-host=06-00:20:e0:3b:13:af,1.2.3.4
+solo coincidira con una direccin de hardware Token-Ring, dado que
+el tipo ARP para Token-Ring es 6.
+
+Como caso especial, es posible incluir ms de una direccin de
+hardware. Ejemplo:
+.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2
+Esto permite que una direccin IP sea asociada con
+direcciones de hardware mltiples, y le brinda a dnsmasq permiso
+para abandonar un arriendo DHCP a una de las direcciones de hardware
+cuando otra pide un arriendo. Ntese que esto es algo peligroso,
+slo funcionar dependiblemente si una de las direcciones de hardware
+est activa en cualquier momento y dnsmasq no tiene forma de enforzar
+esto. Pero es til, por ejemplo, para alocar una direccin IP estable
+a una laptop que tiene interface almbrica e inalmbrica.
+.TP
+.B --dhcp-hostsfile=<archivo>
+Leer informacin host DHCP desde el archivo especificado. El archivo contiene informacin de un host por lnea. El formato de una lnea es igual que texto hacia la derecha de '=' en --dhcp-host. La ventaja de almacenar informacin host DHCP en este archivo es que puede ser cambiada sin tener que reiniciar dnsmasq. El archivo ser re-ledo cuando dnsmasq recibe un SIGHUP.
+.TP
+.B --dhcp-optsfile=<archivo>
+Leer informacin sobre opciones DHCP desde el archivo especificado. La
+ventaja de usar esta opcin es la misma que con --dhcp-hostsfile: el
+archivo dhcp-optsfile ser re-ledo cuando dnsmasq recibe un SIGHUP.
+.TP
+.B \-Z, --read-ethers
+Leer /etc/ethers en busca de informacin sobre hosts para el servidor
+DHCP. El formato de /etc/ethers es una direccin de hardware, seguida
+por ya sea un nombre de host o una direccin IP. Al ser leidas por
+dnsmasq, estas lneas tienen exctamente el mismo efecto que opciones
+.B --dhcp-host
+que contienen la misma informacin. /etc/ethers es re-leda cuando dnsmasq recibe un SIGHUP.
+.TP
+.B \-O, --dhcp-option=[<network-id>,[<network-id>,]][encap:<opt>,][vendor:[<vendor-class>],][<opt>|option:<opt-name>],[<value>[,<value>]]
+Especificar opciones diferentes o extra a clientes DHCP. Por
+predeterminado, dnsmasq enva algunas opciones estndar a clientes
+DHCP. La mscara de subred y direccin broadcast son fijadas igual
+a las del host que corre dnsmasq, y el servidor DNS y ruteador
+a la direccin de la mquina que corre dnsmasq. Si la opcin de
+nombre de dominio ha sido fijada, es enviada. Esta opcin permite
+que esos predeterminados sean sobrescritos, o que sean especificadas
+otras opciones. La opcin a ser enviada puede ser brindada como un
+nmero decimal o como "option:<option-name>". Los nmeros de opcin
+estn especificados en RFC2132 y RFCs subsiguientes. El juego de
+option-names conocido por dnsmasq puede ser descubierto ejecutando
+"dnsmasq --help dhcp". Por ejemplo, para fijar la ruta predeterminada a
+192.168.4.4, hgase un
+.B --dhcp-option=3,192.168.4.4
+o
+.B --dhcp-option=option:router, 192.168.4.4
+y para fijar la direccin de servidor de tiempo a 192.168.0.4,
+hgase un
+.B --dhcp-option=42,192.168.0.4
+o
+.B --dhcp-option=option:ntp-server, 192.168.0.4
+La direccin especial 0.0.0.0 es entendida que significa "la
+direccin de la mquina que corre dnsmasq". Tipos de data permitidos
+son direcciones IP de cuatro segmentos, un nmero decimal, dgitos hex
+separados por colones, y un string de texto. Si las network-ids
+opcionales son brindadas, entonces esta opcin es solo enviada cuando
+todas las network-ids coinciden.
+
+Procesamiento especial es llevado a cabo en un argumento de texto para
+la opcin 119, en conforme con RFC3397. Direcciones IP textuales o de
+cuatro segmentos como argumentos a la opcin 120 son manejados mediante
+RFC3361. Direcciones IP de cuatro segmentos que son seguidas por un diagonal
+(slash) y despus una mscara son codificados mediante RFC3442.
+
+Tener cuidado: niguna verificacin es hecha sobre si el nmero de tipo
+correcto es enviado, y es muy posible persuadir a dnsmasq para que
+genere paquetes DHCP ilegales mediante uso inadecuado de esta opcin.
+Cuando el valor es un nmero decimal, dnsmasq debe determinar qu tan
+grande es el objeto de data. Esto es hecho mediante una examinacin del
+nmero de opcin, y/o el valor, pero puede ser invalidado agregndole
+una opcin de una sola letra de esta forma: b = un byte, s = dos bytes,
+i = cuatro bytes. Esto es principalmente til con opciones encapsuladas
+tipo vendedor (ver abajo) donde dnsmasq no puede determinar el tamao
+de data usando el nmero de opcin. Data de opcin la cual consiste
+solo de puntos y dgitos ser interpretada por dnsmasq como una
+direccin IP, y ser insertada dentro de una opcin de esa manera.
+Para forzar un string literal, usar comillas. Por ejemplo, cuando se
+usa la opcin 66 para enviar una IP literal como un nombre de servidor
+TFTP, es necesario hacer:
+.B --dhcp-option=66,"1.2.3.4"
+
+Opciones encapsuladas vendor-class tambin pueden ser especificadas usando
+--dhcp-option: por ejemplo
+.B --dhcp-option=vendor:PXEClient,1,0.0.0.0
+enva la opcin especfica de clase de vendedor "mftp-address=0.0.0.0" a
+cualquier cliente cuyo vendor-class
+coincida con "PXEClient". El revisado de coincidencias vendor-class est
+basado en substrings (ver --dhcp-vendorclass para detalles). Si una opcin
+vendor-class (nmero 60) es enviada por dnsmasq, entonces es usada para
+seleccionar opciones encapsuladas en preferencia sobre cualquiera enviada
+por el cliente. Es posible omitir el vendorclass completamente;
+.B --dhcp-option=vendor:,1,0.0.0.0
+caso en el cul la opcin encapsulada siempre es enviada.
+Opciones pueden ser encapsuladas dentro de otras opciones, por ejemplo:
+.B --dhcp-option=encap:175, 190, "iscsi-client0"
+enviar opcin 175, dentro de la cual est opcin 190. Si mltiples
+opciones son brindadas que estn encapsuladas con el mismo nmero de
+opcin entonces sern correctamente combinadas en una opcin encapsulada.
+encap: y vendor: no pueden ser fijadas ambas dentro de la misma opcin dhcp-option.
+La direccin 0.0.0.0 no es tratada de forma especial en opciones encapsuladas.
+.TP
+.B --dhcp-option-force=[<network-id>,[<network-id>,]][encap:<opt>,][vendor:[<vendor-class>],]<opt>,[<value>[,<value>]]
+Esto funciona exctamente de la misma forma que
+.B --dhcp-option
+excepto que la opcin siempre ser enviada, an si el cliente no la pide en
+la lista de pedido de parmetros. Esto se necesita aveces, por ejemplo cuando
+enviando opciones a PXELinux.
+.TP
+.B --dhcp-no-override
+Deshabilitar la reutilizacin de los campos DHCP de nombre de servidor y
+archivo como espacio para opciones extra. Si puede, dnsmasq mueve la informacin
+del servidor boot y del nombre de archivo (de dhcp-boot) de sus campos dedicados
+hacia opciones DHCP. Esto crea espacio extra en el paquete DHCP para opciones,
+pero puede raramente confundir clientes viejos o defectuosos. Esta opcin forza
+comportamiento "simple y sencillo" para prevenir problemas en tales casos.
+.TP
+.B \-U, --dhcp-vendorclass=<network-id>,<vendor-class>
+Trazar desde un string vendor-class a un network id. La mayora de los
+clientes DHCP proveen una "vendor class" la cual representa, en cierto
+sentido, el tipo de host. Esta opcin traza clases de vendedor a network
+ids, de tal forma que opciones DHCP pueden ser selectivamente entregadas
+a diferentes clases de hosts. Por ejemplo
+.B dhcp-vendorclass=printers,Hewlett-Packard JetDirect
+peritira que opciones sean fijadas solo para impresoras HP as:
+.B --dhcp-option=printers,3,192.168.4.4
+El string vendor-class es coordinado con el vendor-class proveido por
+el cliente, para permitir coincidencias borrosas.
+.TP
+.B \-j, --dhcp-userclass=<network-id>,<user-class>
+Trazar desde un string user-class a un network id (con coordinacin
+substring, como con vendor-class). La mayora de los clientes DHCP
+proveen un "user class" el cual es configurable. Esta opcin traza
+clases user a network ids, de tal manera que opciones DHCP puedan
+ser selectivamente enviadas a diferentes tipos de hosts. Es posible,
+por ejemplo, usar esto para especificar una impresora diferente para
+hosts en la clase "cuentas" que para los de la clase "ingenieria".
+.TP
+.B \-4, --dhcp-mac=<network-id>,<direccin MAC>
+Trazar desde una direccin MAC a una network id. La direccin MAC
+puede incluir comodnes. Por ejemplo:
+.B --dhcp-mac=3com,01:34:23:*:*:*
+fijara el tag "3com" a cualquier host el cual su MAC coincida con
+el patrn.
+.TP
+.B --dhcp-circuitid=<network-id>,<circuit-id>, --dhcp-remoteid=<network-id>,<remote-id>
+Trazar de opciones agente de relay RFC3046 a opciones network-id. Estos
+datos pueden ser provedos por agentes de relay DHCP. El circuit-id o
+remote-id es normlamente brindado como hex separado por doblepuntos, pero
+tambin se permite un string simple. Si se obtiene una coincidencia exacta
+entre el circuit o agent ID y uno provedo por un agente de relay,
+network-id es fijado.
+.TP
+.B --dhcp-subscrid=<network-id>,<subscriber-id>
+Trazar de opciones relay subscriber-id RFC3993 a opciones network-id.
+.TP
+.B --dhcp-match=<network-id>,<option number>|option:<option name>[,<value>]
+Sin un valor, fijar la etiqueta network-id si el cliente enva una opcin
+DHCP del nmero o valor brindado. Cuando un valor es brindado, fijar la
+etiqueta solo si la opcin es enviada y coincide con el valor. El valor puede
+ser de la forma "01:ff:*:02", caso en el cual el valor debe coincidir (aparte
+de los comodines) pero la opcin enviada puede tener data que no coincide despues
+del final del valor. El valor tambin puede ser de la misma forma que
+.B dhcp-option
+caso en el cual la opcin enviada es tratada como un array, y un elemento debe
+coincidir, as que
+
+--dhcp-match=efi-ia32,option:client-arch,6
+
+fijar la etiqueta a "efi-ia32" si el nmero 6 aparece en la lista de
+architecturas enviada por los clientes en opcin 93. (Ver RFC 4578 para
+detalles.) Si el valor es un string, coincidencia substring es usada.
+.B \-J, --dhcp-ignore=<network-id>[,<network-id>]
+Cuando todos los network ids brindados coincidan con el juego de
+network ids derivados de las clases net, host, y vendor, ignorar
+el host y no brindarle un arriendo DHCP.
+.TP
+.B --dhcp-ignore-names[=<network-id>[,<network-id>]]
+Cuando todos los network-ids brindados coinciden con el juego de
+network-ids derivado de la red, host, classes de vendedor y usuario,
+ignorar cualquier nombre de host proveido por el host. Ntese que,
+a diferencia de dhcp-ignore, es permisible no brindar ningn tag netid,
+y en tal caso nombres de host proveidos por clientes DHCP siempre son
+ignorados, y hosts DHCP son agregados al DNS usando solo la configuracin
+dhcp-host en dnsmasq y el contenido de /etc/hosts y /etc/ethers.
+.TP
+.B --dhcp-broadcast=<network-id>[,<network-id>]
+Cuando todos los network-ids brindados coinciden con el juego de network-ids
+derivados de la red, host, clases de vendedor y usuarios, siempre usar
+broadcast para comunicarse con el host cuando est sin configurar. La
+mayora de clientes DHCP que necesitan respuestas broadcast fijan una
+opcin en sus pedidos para que esto pase automaticamente, algunos
+clientes BOOTP viejos no lo hacen.
+.TP
+.B \-M, --dhcp-boot=[net:<network-id>,]<filename>,[<servername>[,<server address>]]
+Fijar opciones BOOTP que han de ser devueltas por el servidor DHCP. Nombre
+y direccin de servidor son opcionales: si no son brindadas, el nombre es
+dejado en blanco, y la direccin es fijada a la de la mquina que corre
+dnsmasq. Si dnsmasq est brindando servicio TFTP (ver
+.B --enable-tftp
+) entonces solo el nombre de archivo es requirido aqu para habilitar
+el inicio atravz de una red. Si las opcionales network-ids son brindadas,
+ellas debern coincidir para que esta configuracin sea enviada. Ntese
+que network-ids estn prefijadas con "net:" para distinguirlas.
+.TP
+.B --pxe-service=[net:<network-id>,]<CSA>,<texto de men>,<nombre base>|<tipo de servicio boot>[,<direccin de servidor>]
+La mayora de usos para boot-ROMS PXE simplemente permiten al sistema PXE
+obtener una direccin IP y entonces bajar el archivo especificado por
+.B dhcp-boot
+y ejecutarlo. Sin embargo, el sistema PXE es capaz de llevar
+a cabo funciones ms complejas cuando estn soportadas por un
+servidor DHCP adecuado.
+
+Esto especifica una opcin boot que puede aparecer en un men de boot
+PXE. <CSA> es tipo de sistema de cliente, solo servicios del tipo correcto
+aparecern en un men. Los tipos conocidos son x86PC, PC98, IA64_EFI,
+Alpha, Arc_x86, Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI y X86-64_EFI;
+un nmero entero puede ser utilizado para otros tipos. El parmetro despus
+del texto de men puede ser un nombre de archivo, caso en el cul dnsmasq
+acta como un servidor boot y le ordena al cliente PXE bajar el archivo
+va TFTP, ya sea de s mismo (
+.B enable-tftp
+debe estar fijado para que esto funcione) o desde otro servidor TFTP si la
+direccin IP final es brindada.
+Ntese que el sufijo "layer" (normalmente ".0") es brindado por PXE, y
+no debe ser agregado al nombre base. Si un nmero entero es brindado en vez
+de un nombre base, entonces el cliente PXE buscar un servicio boot adecuado
+para ese tipo de red. Esta bsqueda puede ser hecha mediante multicast o
+broadcast, o directamente a un servidor si la direccin IP es brindada. Un
+tipo de servicio boot de 0 es especial, y abortar el proceso boot de red
+y continuar desde medio local.
+.TP
+.B --pxe-prompt=[net:<network-id>,]<prompt>[,<timeout>]
+Fijar esto hace que un aviso sea expuesto despues del boot PXE. Si el timeout
+es brindado, entonces despues que el timeout se haya vencido sin input del
+teclado, la primera opcin del men sera automaticamente ejecutada. Si el
+timeout es cero entonces la primera opcin del men sera automaticamente
+ejecutada. Si
+.B pxe-prompt
+es omitido, el sistema esperar para el input del usuario si hay mltiples
+artculos en el men, pero har boot imediatamente si hay solo uno. Ver
+.B pxe-service
+para detalles sobre artculos de menu.
+
+Dnsmasq tiene soporte para "proxy-DHCP" PXE, en este caso otro servidor
+DHCP en la red es responsable por asignar direcciones IP, y dnsmasq
+simplemente provee la direccin brindada en
+.B pxe-prompt
+y
+.B pxe-service
+para permitir boot a travez de la red. Este modo es habilitado usando
+la palabra clave
+.B proxy
+en
+.B dhcp-range.
+.TP
+.B \-X, --dhcp-lease-max=<nmero>
+Limita a dnsmasq a el nmero especificado de arriendos DHCP. El
+predeterminado es 150. El limite es para prevenir ataques DoS desde
+hosts que crean cientos de arriendos y usan mucha de la memoria del
+proceso dnsmasq.
+.TP
+.B \-K, --dhcp-authoritative
+Esta opcin debe ser fijada cuando dnsmasq es definitivamente el nico
+servidor DHCP en la red. Cambia el comportamiento de RFC de tal manera
+que pedidos desde hosts no conocidos no sern ignorados. Esto permite que
+hosts nuevos puedan conseguir un arriendo sin sin un timeout bajo toda
+circunstancia. Tambin permite que dnsmasq reconstruya su base de datos
+de arriendos sin que cada cliente necesite readquirir un arriendo
+si la base de datos es perdida.
+.TP
+.B --dhcp-alternate-port[=<puerto de servidor>[,<puerto de cliente>]]
+Cambiar del predeterminado los puertos usados para DHCP. Si esta opcin
+es brindada sola, sin argumentos, cambia los puertos usados para DHCP
+de 67 y 68 a 1067 y 1068. Si un solo argumento es brindado, ese puerto
+es usado para el servidor y el nmero de puerto mas uno es usado
+para el cliente. Finalmente, dos nmeros permiten que se especifiquen
+ambos los puertos de servidor y cliente para DHCP.
+.TP
+.B \-3, --bootp-dynamic[=<network-id>[,<network-id>]]
+Habilitar alocacin dinmica de direcciones IP a clientes BOOTP. Usar
+esto con cuidado, ya que cada direccin alocada a un cliente BOOTP
+es arrendada para siempre, y consecuentemente queda no-disponible
+para re-uso por otros hosts. Si esto es brindado sin etiquetas,
+entonces incondicionalmente habilita alocacin dinmica. Con
+etiquetas, solo cuando todas las etiquetas estn fijadas. Puede
+ser repetido con diferentes juegos de etiquetas.
+.TP
+.B \-5, --no-ping
+Por predetermindado, el servidor DHCP tratar de asegurarse que una
+direccin no est en uso antes de alocarsela a un host. Hace esto
+enviando un echo ICMP (ping) a la direccin referente. Si recibe una
+respuesta, entonces la direccin debe estar siendo usada, y se repite
+la prueba con otra. Esta opcin deshabilita esta prueba. Usar con
+cuidado.
+.TP
+.B --log-dhcp
+Bitacoro extra para DHCP: Bitacorear todas las opciones enviadas a
+clientes DHCP y las etiquetas netid usadas para determinarlos.
+.TP
+.B \-l, --dhcp-leasefile=<path>
+Usar el archivo especificado para almacenar informacin de arriendos
+DHCP.
+.TP
+.B \-6 --dhcp-script=<path>
+Cuando un arriendo DHCP nuevo es creado, o uno viejo es
+destruido, el ejecutable especificado por esta opcin es ejecutado.
+Los argumentos para el binario son "add", "old", o "del", la direccin
+MAC del host, la direccin IP, y el hostname, si es
+conocido. "add" significa que un arriendo ha sido creado, "del" que
+ha sido destruido, y "old" es una notificacin de un arriendo existente
+cuando dnsmasq inicia o un cambio a una MAC o nombre host de un arriendo
+existente (tambin, tiempo de arriendo o vencimiento y client-id, si
+leasefile-ro est fijado). Si la direccin MAC es de un tipo de red
+que no es ethernet, tendr el tipo de red precolocado, por ejemplo
+"06-01:23:45:67:89:ab" para token ring. El proceso es ejecutado como root
+(asumiendo que dnsmasq fue originalmente ejecutado como root) an si dnsmasq
+est configurado para cambiar su UID a un usuario sin privilegios.
+El ambiente es heredado del usuario que ha invocado a dnsmasq, y si el
+host brind un client-id, es almacenado en la variable de ambiente
+DNSMASQ_CLIENT_ID. Si el dominio completamente calificado del host
+es conocido, la parte de dominio es almacenada en DNSMASQ_DOMAIN. Si
+el cliente brinda informacin de clase de vendedoro usuario,
+estos son brindados en las variables DNSMASQ_VENDOR_CLASS y
+DNSMASQ_USER_CLASS0..DNSMASQ_USER_CLASSn, pero solo para acciones "add"
+y "old" cuando un host resume un arriendo existente, dado a que estos
+datos no son almacenados en la base de datos de arriendos de dnsmasq.
+Si dnsmasq fue compilado con HAVE_BROKEN_RTC, entonces la duracin del
+arriendo (en segundos) es almacenada en DNSMASQ_LEASE_LENGTH, de otra
+manera el tiempo de vencimiento es almacenado en DNSMASQ_LEASE_EXPIRES.
+El nmero de segundos faltante para el vencimiento del arriendo siempre
+es almacenado en DNSMASQ_TIME_REMAINING.
+Si un arriendo sola tener un nombre de host, el cual es removido, un
+evento "old" es generado con el nuevo estado del arriendo, (por ejemplo, sin
+nombre), y el nombre anterior es brindado en la variable de ambiente
+DNSMASQ_OLD_HOSTNAME. DNSMASQ_INTERFACE almacena el nombre de la interface
+en la cual lleg el pedido; esto no es fijado para acciones "viejas"
+cuando dnsmasq re-inicia.
+Todos los descriptores de archivo estn cerrados
+excepto stdin, stdout, y stderr los cuales estn abiertos a /dev/null
+(excepto en modo debug).
+Este guin no es invocado concurrentemente: si cambios de arriendos
+subsiguientes ocurren, el guin no es invocado otra vez hasta que
+cualquier invocacin existente haga exit. Al inicio de dnsmasq, el guin
+ser invocado para todos los arriendos existentes mientras van siendo
+ledos desde el archivo de arriendos. Arriendos vencidos sern llamados
+con "del" y otros con "old". <path> debe ser un path absoluto, ninguna
+bsqueda PATH ocurre. Cuando dnsmasq recibe una seal HUP, el guin ser
+invocado para arriendos existentes con un evento "old".
+.TP
+.B --dhcp-scriptuser
+Especificar el usuario como el cual se debe correr el archivo
+guin de cambio de arriendos. Este es root por predeterminado,
+pero puede ser cambiado a otro usuario mediante esta opcin.
+.TP
+.B \-9, --leasefile-ro
+Suprimir completamente el uso del archivo de arriendos. El archivo no ser
+creado, ledo, ni escrito. Cambiar la manera en la cul el archivo guin de
+cambio de arriendo (si es brindado) es llamado, de tal forma que la base de
+datos de arriendospueda ser mantenida en almacenaje externo por el archivo
+guin. Adicionlmente a las invocaciones brindadas en
+.B --dhcp-script
+el archivo de cambio de arriendos es llamado una vez, al inicio de dnsmasq,
+con el nico argumento "init". Cuando invocado de esta forma, el guin debera
+escribir el estado guardado de la base de datos de arriendos, en formato de
+archivo de arriendos dnsmasq, a stdout y hacer exit con cdigo exit cero. Fijar
+esta opcin tambin forza que el archivo de cambio de arriendos sea llamado
+cuando hay cambios hechos a el client-id y tiempos de arriendo y vencimiento.
+.TP
+.B --bridge-interface=<nombre de interface>,<alias>[,<alias>]
+Tratar paquetes de pedidos DHCP que llegan a cualquiera de las interfaces <alias>
+como si hubieran llegado a la interface <nombre de interface>. Esta opcin
+es necesaria al usar bridging estilo viejo en plataformas BSD, dado a que
+los paquetes llegan a interfaces tap que no tienen una direccin IP.
+.TP
+.B \-s, --domain=<dominio>[,<rango de IPs>]
+Especifica los dominios DNS para el servidor DHCP. Dominios pueden ser
+brindados incondicionalmente (sin el rango de IPs) o para rangos limitados. Esto
+tiene dos efectos: Primeramente, causa que el servidor DHCP le devuelva el
+dominio a cualquier host que lo pida. Segundamente, fija el dominio para el
+cual es legal para hosts configurados mediante DHCP reclamar. La intencin es
+restringir nombres de host para que un host no-confiado en la LAN no
+pueda proclamar su nombre va DHCP, como por ejemplo "microsoft.com" y
+capturar trfico no destinado a ella. Si ningn sufijo de dominio es
+especificado, entonces cualquier nombre de host con una parte de dominio
+(o sea con un punto) ser negada y bitacorada. Si un sufijo es especificado,
+entonces nombres de host con una parte de dominio son permitidos, con tal
+que la parte de dominio coincida con el sufijo. Adicionalmente, cuando
+un sufijo es fijado, entonces nombres de host sin parte de dominio tienen
+el sufijo agregado como una parte de dominio opcional. Por ejemplo, en
+mi red puedo fijar
+.B --domain=thekelleys.org.uk
+y tener una maquina cuyo nombre host DHCP es "laptop". La direccin IP
+de esa mquina es disponible desde
+.B dnsmasq
+como "laptop" y "laptop.thekelleys.org.uk". Si el dominio es brindado
+como "#" entonces el dominio es leido desde la primera directiva search
+en /etc/resolv.conf (o equivalente). El rango de direcciones puede ser
+<direccin IP>,<direccin IP> or <direccin IP>/<mscara de subred>. Ver
+.B --dhcp-fqdn el cual puede cambiar el comportamiento de dnsmasq con
+dominios.
+.TP
+.B --dhcp-fqdn
+En el modo predeterminado, dnsmasq pone los nombres no-calificados
+de clientes DHCP en el DNS. Por esta razn, los nombres deben ser nicos,
+an si dos clientes que tienen el mismo nombre estn en dominios
+diferentes. Si un segundo cliente DHCP aparece el cual tiene el mismo
+nombre que un cliente existente, el nombre es transferido al cliente nuevo. Si
+.B --dhcp-fqdn
+est fijado, este comportamiento cambia: El nombre no-calificado
+no es puesto en el DNS, solo el nombre calificado. Dos clientes DHCP con
+el mismo nombre pueden ambos quedarse con el nombre, con tal que la parte
+de dominio sea diferente (o sea que los nombres completamente calificados
+difieran). Para asegurar que todos los nombres tengan una parte de dominio,
+debe haber al menos
+.B --domain
+sin una direccin especificada cuando
+.B --dhcp-fqdn
+est fijado.
+.TP
+.B --enable-tftp
+Habilitar la funcin de servidor TFTP. Esto est deliberadamente limitado
+a lo necesario para hacerle a un cliente un inicio va red. Solo lectura es
+permitida; las extensiones tsize y blksize son soportadas (tsize solo es
+soportada en modo octeto).
+.TP
+.B --tftp-root=<directorio>
+Buscar, relativo al directorio brindado, archivos para transferir mediante el
+uso de TFTP. Cuando esta opcin est fijada, paths TFTP que incluyen ".." son
+rechazados, para prevenir que clientes salgan de la raz especificada. Paths
+absolutos (los que comienzan con "/") estn permitidos, pero deben estar
+dentro del tftp-root.
+.TP
+.B --tftp-unique-root
+Agregar la direccin IP del cliente TFTP como un componente path del lado del
+TFTP-root (en formato estndar de cuatro puntos). Solo vlido si un tftp-root
+est fijado y el directorio existe. Por ejemplo, si tftp-root es "/tftp" y el
+cliente 1.2.3.4 pide el archivo "miarchivo" entonces el path efectivo ser
+"/tftp/1.2.3.4/miarchivo" si /tftp/1.2.3.4 existe o /tftp/miarchivo si no.
+.TP
+.B --tftp-secure
+Habilitar modo TFTP seguro: sin esto, cualquier archivo que es leble por el
+proceso dnsmasq bajo reglas normales de control de acceso UNIX, est disponible
+va TFTP. Cuando la opcin --tftp-secure es fijada, solo archivos
+pertenecientes al usuario que corre el proceso dnsmasq estn accesibles. Si
+dnsmasq est corriendo como root, reglas diferentes aplican: --tftp-secure no
+tiene ningn efecto, pero solo archivos que tienen el bit de lectura global
+fijados estn accesibles. No se recomienda correr dnsmasq como root con TFTP
+habilitado, y mucho menos sin especificar --tftp-root, ya que se puede exponer
+cualquier archivo de lectura global en el servidor a cualquier host de la red.
+.TP
+.B --tftp-max=<conecciones>
+Fijar el nmero mximo permitido de conecciones TFTP simultneas. Esto es 50
+por predeterminado. Al servir un nmero grande de conecciones TFTP, lmites
+de descriptor de archivo por proceso pueden ser encontrados. Dnsmasq necesita
+un descriptor de archivo por cada coneccion TFTP concurrente, y por archivo
+nico (mas algunos otros). De tal manera que servirle el mismo archivo
+simultneo a n clientes requerir el uso de n + 10 descriptores de archivo,
+y servirles archivos diferentes simultneamente requerir (2*n) + 10
+descriptores. Si
+.B --tftp-port-range
+es brindado, eso puede afectar el nmero de conexiones simultneas.
+.TP
+.B --tftp-no-blocksize
+No permitir que el servidor negocie la opcin "blocksize" con un cliente.
+Algunos clientes con errores piden esta opcin pero se portn mal cuando se
+les brinda.
+.TP
+.B --tftp-port-range=<inicio>,<final>
+Un servidor TFTP escucha por inicios de conexin en un puerto bien conocido
+(69), pero tambien usa un puerto dinamicamente seleccionado para cada
+conexin. Normalmente estos son seleccionados por el sistema operativo,
+pero esta opcin especifica un rango de puertos para ser usado por transferencias
+TFTP. Esto puede ser til cuando TFTP tiene que pasar atraves de un firewall.
+El comienzo del rango no puede ser menor a 1025 a menos que dnsmasq est corriendo
+como root. El nmero de conexiones simultneas est limitado por el tamao del
+rango de puertos.
+.TP
+.B \-C, --conf-file=<archivo>
+Especificar un archivo de configuracin diferente. La opcin conf-file
+tambin es permitida en archivos de configuracin, para incluir mltiples
+archivos de configuracin.
+.TP
+.B \-7, --conf-dir=<directorio>
+Leer todos los archivos dentro del directorio brindado como archivos
+de configuracin. Archivos cuyos nombres terminen con ~ o comienzen
+con . o comienzen y terminen con # son ignorados. Esta opcin puede
+ser brindada en la lnea de comandos o en un archivo de configuracin.
+.SH ARCHIVO DE CONFIGURACION
+Al inicio, dnsmasq lee
+.I /etc/dnsmasq.conf,
+si existe. (En FreeBSD, el archivo es
+.I /usr/local/etc/dnsmasq.conf
+) (pero ver las opcines
+.B \-C
+y
+.B \-7
+porfavor.) El formato de este archivo consiste de una opcin por lnea,
+exctamente como las opciones largas detalladas en la seccin OPCIONES
+pero sin el "--" al frente. Lneas que comienzan con # son comentarios
+y son ignoradas. Para opciones que solo pueden ser especificadas una
+sola vez, el archivo de configuracin invalida la lnea de comandos.
+Las comillas son permitidas en el archivo de configuracin: entre comillas
+tipo " los significados especiales de ,:. y # son eliminados y los
+siguientes escapes son permitidos: \\\\ \\" \\t \\e \\b \\r y \\n.
+Corresponden a tab, escape, backspace, return y newline.
+.SH NOTAS
+Al recibir un SIGHUP
+.B dnsmasq
+libera su cache y entonces recarga
+.I /etc/hosts
+y
+.I /etc/ethers
+al igual que cualquier archivo brindado con --dhcp-hostsfile, --dhcp-optsfile,
+o --addn-hosts.
+El archivo guin de cambio de arriendos es llamado para todos los arriendos
+DHCP existentes. Si
+.B
+--no-poll
+est fijado entonces SIGHUP tambin re-lee
+.I /etc/resolv.conf.
+SIGHUP
+NO re-lee el archivo de configuracin.
+.PP
+Al recibir un SIGUSR1,
+.B dnsmasq
+escribe estadsticas a la bitcora del sistema. Escribe el tamao
+del cach, el numero de nombres que han tenido que ser removidos del
+cach antes de que vencieran para hacer espacio para nombres nuevos, y el
+nmero total de nombres que han sido insertados en el cach. Para cada
+servidor upstream brinda el nmero de bsquedas enviadas, y el
+nmero que resultaron en error. En modo
+.B --no-daemon
+o cuando bitacoro completo est habilitado (-q), una descarga completa de
+el contenido del cach es hecha.
+.PP
+Cuando recibe un SIGUSR2 y est bitacoreando dirctamente a un archivo (ver
+.B --log-facility
+)
+.B dnsmasq
+cerrar y reabrir el archivo de bitcora. Ntese que durante esta
+operacin, dnsmasq no estar corriendo como root. Al crear el archivo de
+bitcora, dnsmasq cambia el dueo del archivo a el usuario normal como
+el que correr. Logrotate debe ser configurado para crear un archivo de
+bitcora nuevo con permisos iguales al existente, antes de enviar
+SIGUSR2. Si bsquedas DNS TCP estn en progreso, el archivo de bitcora
+viejo se mantendr abierto en procesos hijos que estn manejando
+bsquedas TCP, y puede continuarse a escribirle. Hay un lmite de 150
+segundos, despus de lo cual todos los procesos TCP existentes se habrn
+vencido: por esta razn, no es sabio configurar compresin de archivos
+de bitcora para archivos que acaban de ser rotados. Con logrotate, las
+opciones requeridas son
+.B create
+y
+.B delaycompress.
+.PP
+Dnsmasq es un reenviador de bsquedas DNS: no puede responder bsquedas
+arbitrarias comenzando desde los servidores root pero reenva dichas
+bsquedas a un servidor DNS recursivo, el cual es tpicamente provedo
+por el proveedor de Internet. Por predeterminado, dnsmasq lee
+.I /etc/resolv.conf
+para descubir las direcciones IP de los servidores DNS upstream que
+debe usar, dado a que esta informacin es normalmente almacenada all.
+Amenos que
+.B --no-poll
+sea usado,
+.B dnsmasq
+revisa el tiempo de modificacin de
+.I /etc/resolv.conf
+(o equivalente si
+.B \--resolv-file
+es usado) y lo re-lee si ha cambiado. Esto permite que servidores DNS san
+fijados dinmicamente va PPP o DHCP ya que ambos protocolos brindan esta
+informacin.
+La ausencia de
+.I /etc/resolv.conf
+no es un error ya que pudo haber sido creada antes de que una conexin PPP
+haya existido. Dnsmasq simplemente sigue revisando en caso de que
+.I /etc/resolv.conf
+sea creado en algn momento. A dnsmasq se le puede decir que revise ms
+de un archivo resolv.conf. Esto es til en una laptop, donde ambos PPP y
+DHCP podran estar siendo usados: dnsmasq puede ser fijado para revisar ambos
+.I /etc/ppp/resolv.conf
+y
+.I /etc/dhcpc/resolv.conf
+y usar el contenido del que haya cambiado mas recientemente,
+brindando as la habilidad de cambio automtico entre servidores DNS.
+.PP
+Servidores upstream tambin pueden ser especificados en la lnea de
+comandos o en el archivo de configuracin. Estas especificaciones de
+servidor opcionalmente llevan un nombre de dominio el cual le dice a
+dnsmasq que debe usar ese servidor solo para encontrar nombres en ese
+dominio en particular.
+.PP
+Para configurar dnsmasq como cach para el host donde est
+corriendo, poner un "nameserver 127.0.0.1" en
+.I /etc/resolv.conf
+para as forzar procesos locales a enviar bsquedas a dnsmasq. Entonces,
+o especificar los servidores upstream dirctamente a dnsmasq usando opciones
+.B \--server
+o poniendo sus direcciones reales en otro archivo, digamos
+.I /etc/resolv.dnsmasq
+y correr dnsmasq con la opcion
+.B \-r /etc/resolv.dnsmasq
+Esta segunda tcnica permite la actualizacin dinmica de las direcciones
+de servidor mediante PPP o DHCP.
+.PP
+Direcciones en /etc/hosts "harn sombra" a diferentes direcciones para
+los mismos nombres en servidores DNS upstream, as que
+"miempresa.com 1.2.3.4" en /etc/hosts se asegurar que las bsquedas
+por "miempresa.com" siempre retornarn 1.2.3.4 an si bsquedas en el
+servidor DNS upstream devolveran una direccin diferente. Hay una
+excepcin a esto: si el servidor DNS upstream contiene un CNAME que
+apunta a un nombre sombreado, entonces buscando el CNAME a travz de
+dnsmasq resultar en que la direccin no-sombreada ser asociada con
+el destino del CNAME. Para circumventar esto, agregar el CNAME a
+/etc/hosts de tal manera que el CNAME es sombreado tambin.
+.PP
+El sistema network-id funciona de la siguiente manera: Para cada pedido
+DHCP, dnsmasq colecciona un juego de etiquetas network-id vlidas,
+una del
+.B dhcp-range
+usado para alocar la direccin, una de cualquier
+.B dhcp-host
+que coincida (y "known" si un dhcp-host coincide), la etiqueta "bootp"
+para pedidos BOOTP, una etiqueta cuyo nombre es el nombre de la
+interface donde lleg el pedido, y posiblemente muchas de clases
+de vendedor y usuario que coincidan que hayan sido enviadas por
+el cliente DHCP. Cualquier opcin
+.B dhcp-option
+que tenga etiquetas network-id ser usada en preferencia de una opcin
+.B dhcp-option,
+sin etiqueta, con tal que _todas_ las etiquetas coincidan en alguna
+parte del juego coleccionado describido arriba. El prefijo "#" en una
+etiqueta significa "no" as que --dhcp=option=#purple,3,1.2.3.4 enva
+la opcin cuando la etiqueta network-id "purple" no est en el juego
+de etiquetas vlidas.
+.PP
+Si el network-id en un
+.B dhcp-range
+es prefijado con "net:", entonces su significado cambia de "fijar
+etiqueta" a "coincidir con etiqueta". O sea que si hay ms de un
+dhcp-range en en una subred, y uno tiene una etiqueta network-id la
+cual est fijada (por ejemplo una opcin de clase de vendedor) entonces
+hosts que fijen la etiqueta network-id sern alocados direcciones en
+el rango etiquetado.
+.PP
+El servidor DHCP de dnsmasq funcionar como servidor BOOTP tambien,
+con tal que las direcciones MAC y IP de los clientes sean brindadas,
+ya sea usando configuraciones
+.B dhcp-host
+o en
+.I /etc/ethers
+, y una configuracin
+.B dhcp-range
+est presente para activar el servidor DHCP en una red particular.
+(Fijar --bootp-dynamic elimina la necesidad de trazados estticos.) El
+parmetro de nombre de archivos en un pedido BOOTP es revisado para
+ver si coincide con algn network-id en configuracines
+.B dhcp-option
+al igual que la etiqueta "bootp", permitiendo as algn control sobre
+las opciones devueltas a diferentes clases de hosts.
+
+.SH CDIGOS EXIT
+.PP
+0 - Dnsmasq hizo fork hacia el fondo exitosamente, o termin de manera
+normal si ir al fondo no est habilitado.
+.PP
+1 - Un problema con la configuracin ha sido detectado.
+.PP
+2 - Un problema con acceso a redes ocurri (direccin en uso, intento
+de usar puertos privilegiados sin permiso).
+.PP
+3 - Un problema con una operacin de sistema de archivos ocurri (archivo
+o directorio ausente, permisos).
+.PP
+4 - Falla de alocacin de memoria.
+.PP
+5 - Otro problema miscelneo.
+.PP
+11 o mayor - un codigo de retorno no cero fu recibido del llamado "init"
+del proceso de archivo guin de arriendos. El cdigo exit de dnsmasq es
+el cdigo exit del archivo guin con 10 sumado.
+
+.SH LIMITES
+Los valores predeterminados para limites de recursos son generlmente
+conservadores, y apropiados para uso en dispositivos tipo enrutador
+encrustrado con procesadores lentos y poca memoria. En hardware ms
+capz, es posible incrementar los lmites, y soportar muchos mas
+clientes. Lo siguiente se aplica a dnsmasq-2.37: versiones previas
+no escalaban tan bien.
+
+.PP
+Dnsmasq es capaz de soportar con DNS y DHCP a por lo menos mil (1,000)
+clientes. Por supuesto que para lograr esto debe aumentarse el valor de
+.B --dhcp-lease-max
+, y tiempos de arriendo no deben ser muy cortos (menos de una hora).
+El valor de
+.B --dns-forward-max
+puede ser aumentado: comienze con el equivalente a el nmero de clientes y
+aumntelo si parece lento el DNS. Ntese que el rendimiento DNS depende
+tambin de los servidores DNS upstream. El tamao del cach DNS puede ser
+incrementado: el lmite obligatorio es 10,000 nombres y el predeterminado
+(150) es muy bajo. El enviarle un SIGUSR1 a dnsmasq hace que bitacore
+informacin que es til para afinar el tamao de cach. Ver la seccin
+.B NOTAS
+para detalles.
+
+.PP
+El servidor TFTP incorporado es capz de soportar varias transferencias
+simultneas de archivos: el lmite absoluto est relacionado con el nmero
+de file-handles permitidos a un proceso y la habilidad del system call
+select() a soportar nmeros grandes de file-handles. Si el lmite es fijado
+demasiado alto con
+.B --tftp-max
+ser de-escalado y el lmite real ser bitacoreado al inicio. Ntese que ms
+transferencias son posibles cuando el mismo archivo es enviado qu cuando
+cada transferencia enva un archivo diferente.
+
+.PP
+Es posible usar dnsmasq para negar publicidad Web usando una lista de
+servidores de banners bien conocidos, todos resolviendose a 127.0.0.1 o
+0.0.0.0 en
+.B /etc/hosts
+o en un archivo hosts adicional. La lista puede ser muy larga. Dnsmasq ha sido
+probado exitsamente con un milln de nombres. Ese tamao de archivo necesita
+un CPU de 1GHz y aproximadamente 60MB de RAM.
+
+.SH ARCHIVOS
+.IR /etc/dnsmasq.conf
+
+.IR /usr/local/etc/dnsmasq.conf
+
+.IR /etc/resolv.conf
+
+.IR /etc/hosts
+
+.IR /etc/ethers
+
+.IR /var/lib/misc/dnsmasq.leases
+
+.IR /var/db/dnsmasq.leases
+
+.IR /var/run/dnsmasq.pid
+.SH VER TAMBIEN
+.BR hosts (5),
+.BR resolver (5)
+.SH AUTOR
+Este manual fue escrito por Simon Kelley <simon@thekelleys.org.uk>.
+
+Traducido a espaol por Christopher Chatham <chrislinux@gmail.com>.
diff --git a/man/fr/dnsmasq.8 b/man/fr/dnsmasq.8
new file mode 100755
index 0000000..92ec024
--- /dev/null
+++ b/man/fr/dnsmasq.8
@@ -0,0 +1,1449 @@
+.TH DNSMASQ 8
+.SH NAME
+Dnsmasq \- Un serveur DHCP et cache DNS poids-plume.
+.SH SYNOPSIS
+.B dnsmasq
+.I [OPTION]...
+.SH "DESCRIPTION"
+.BR dnsmasq
+est un serveur DHCP et DNS à faible empreinte mémoire. Il offre à la fois les
+services DNS et DHCP pour un réseau local (LAN).
+.PP
+Dnsmasq accepte les requêtes DNS et y réponds soit en utilisant un petit cache
+local, soit en effectuant une requête à un serveur DNS récursif externe (par
+exemple celui de votre fournisseur d'accès internet). Il charge le contenu du
+fichier /etc/hosts afin que les noms locaux n'apparaissant pas dans les DNS
+globaux soient tout de même résolus, et assure également la résolution de nom
+pour les hôtes présents dans le service DHCP.
+.PP
+Le serveur DHCP Dnsmasq DHCP supporte les définitions d'adresses statiques et les
+réseaux multiples. Il envoie par défaut un jeu raisonnable de paramètres DHCP, et
+peut être configuré pour envoyer n'importe quel option DHCP.
+Il inclut un serveur TFTP sécurisé en lecture seule permettant le démarrage via
+le réseau/PXE de clients DHCP et supporte également le protocole BOOTP.
+.PP
+Dnsmasq supporte IPv6 pour le DNS mais pas pour le DHCP.
+.SH OPTIONS
+Notes : Il est possible d'utiliser des options sans leur donner de paramètre.
+Dans ce cas, la fonction correspondante sera désactivée. Par exemple
+.B --pid-file=
+(sans paramètre après le =) désactive l'écriture du fichier PID.
+Sur BSD, à moins que le logiciel ne soit compilé avec la bibliothèque GNU
+getopt, la forme longue des options ne fonctionne pas en ligne de commande; Elle
+est toujours supportée dans le fichier de configuration.
+.TP
+.B --test
+Vérifie la syntaxe du ou des fichiers de configurations. Se termine avec le
+code de retour 0 si tout est OK, ou un code différent de 0 dans le cas
+contraire. Ne démarre pas Dnsmasq.
+.TP
+.B \-h, --no-hosts
+Ne pas charger les noms du fichier /etc/hosts.
+.TP
+.B \-H, --addn-hosts=<fichier>
+Fichiers d'hôtes additionnels. Lire le fichier spécifié en plus de /etc/hosts.
+Si
+.B -h
+est spécifié, lire uniquement le fichier spécifié. Cette option peut être
+répétée afin d'ajouter d'autres fichiers. Si un répertoire est donné, lis les
+fichiers contenus dans ce répertoire.
+.TP
+.B \-E, --expand-hosts
+Ajoute le nom de domaine aux noms simples (ne contenant pas de point dans le
+nom) contenus dans le fichier /etc/hosts, de la même façon que pour le service
+DHCP. Notez que cela ne s'applique pas au nom de domaine dans les CNAME, les
+enregistrements PTR, TXT, etc...
+.TP
+.B \-T, --local-ttl=<durée>
+Lorsque Dnsmasq répond avec une information provenant du fichier /etc/hosts ou
+avec un bail DHCP, il donne un temps de vie (time-to-live) positionné à zéro,
+afin d'indiquer à la machine faisant la requête que celle-ci ne doit pas être
+mise dans un cache. Ceci est le comportement correct dans presque toutes les
+situations.
+Cette option permet de spécifier la valeur de time-to-live à retourner (en
+secondes). Cela permet de réduire la charge sur le serveur, mais les clients
+risquent d'utiliser des données périmées dans certains cas.
+.TP
+.B --neg-ttl=<durée>
+Les réponses négatives provenant des serveurs amonts contiennent normalement
+une information de durée de vie (time-to-live) dans les enregistrements SOA,
+information dont dnsmasq se sert pour mettre la réponse en cache. Si la réponse
+du serveur amont omet cette information, dnsmasq ne cache pas la réponse. Cette
+option permet de doner une valeur de durée de vie par défaut (en secondes) que
+dnsmasq utilise pour mettre les réponses négatives dans son cache, même en
+l'absence d'enregistrement SOA.
+.TP
+.B \-k, --keep-in-foreground
+Ne pas aller en tâche de fond au lancement, mais en dehors de cela, fonctionner
+normalement. Ce mode est prévu pour les cas où Dnsmasq est lancé par daemontools
+ou launchd.
+.TP
+.B \-d, --no-daemon
+Mode debug (déverminage) : ne pas aller en tâche de fond, ne pas écrire de
+fichier pid, ne pas changer d'identifiant utilisateur, générer un état complet
+du cache lors de la réception d'un signal SIGUSR1, envoyer les logs sur la
+sortie standard d'erreur ("stderr") de même que dans le syslog, ne pas créer de
+processus fils pour traiter les requêtes TCP.
+.TP
+.B \-q, --log-queries
+Enregistrer les résultats des requêtes DNS traitées par Dnsmasq dans un fichier
+de traces ("logs"). Active la génération d'un état complet du cache lors de la
+réception d'un signal SIGUSR1.
+.TP
+.B \-8, --log-facility=<facility>
+Définit la "facility" dans laquelle Dnsmasq enverra ses entrées syslog, par
+défaut DAEMON ou LOCAL0 si le mode debug est activé. Si la "facility" contient
+au moins un caractère "/", alors Dnsmasq considère qu'il s'agit d'un fichier et
+enverra les logs dans le fichier correspondant à la place du syslog. (Les
+erreurs lors de la lecture de la configuration vont toujours vers le syslog,
+mais tous les messages postérieures à un démarrage réussi seront exclusivement
+envoyés vers le fichier de logs). Lorsque Dnsmasq est configuré pour envoyer
+ses traces vers un fichier, la réception d'un signal SIGUSR2 entraine la
+fermeture et réouverture du fichier. Cela permet la rotation de fichiers de
+traces sans nécessiter l'arrêt de Dnsmasq.
+.TP
+.B --log-async[=<lignes>]
+Permet l'envoi de traces de manière asynchrone, et de manière optionnelle, le
+nombre de lignes devant être mises dans la file d'attente par Dnsmasq lorsque
+l'écriture vers le syslog est lente.
+Dnsmasq peut envoyer ses logs de manière asynchrone : cela lui permet de
+continuer à fonctionner sans être bloqué par le syslog, et permet à syslog
+d'utiliser Dnsmasq pour les résolutions DNS sans risque d'interblocage.
+Si la file d'attente devient pleine, Dnsmasq loggera le dépassement de file et
+le nombre de messages perdus. La longueur par défaut de la file d'attente est de
+5 et une valeur saine sera comprise entre 5 et 25, avec une limite maximum
+imposée de 100.
+.TP
+.B \-x, --pid-file=<chemin>
+Spécifie un fichier dans lequel stocker le numéro de processus (pid). La valeur
+par défaut est /var/run/dnsmasq.pid.
+.TP
+.B \-u, --user=<nom d'utilisateur>
+Spécifie l'identité (nom d'utilisateur) prise par Dnsmasq après le démarrage.
+Dnsmasq doit normalement être démarré en temps que root ("super-utilisateur"),
+mais abandonne ses privilèges après le démarrage en changeant d'identité.
+Normalement cet utilisateur est l'utilisateur nobody ("personne"), mais il est
+possible d'en définir un autre par le biais de ce paramètre.
+.TP
+.B \-g, --group=<nom de groupe>
+Spécifie le groupe sous lequel Dnsmasq s'exécute. Par défaut, il s'agit du
+groupe "dip", afin de faciliter l'accès au fichier /etc/ppp/resolv.conf qui
+n'est en général pas en lecture par tout le monde.
+.TP
+.B \-v, --version
+Imprime le numéro de version.
+.TP
+.B \-p, --port=<port>
+Ecoute sur le port numéro <port> au lieu du port DNS standard (53). Paramétrer
+cette valeur à zéro désactive complètement la fonction DNS pour ne laisser actif
+que le DHCP ou le TFTP.
+.TP
+.B \-P, --edns-packet-max=<taille>
+Spécifie la taille maximum de paquet UDP EDNS.0 supporté par le relai DNS. Le
+défaut est de 1280, qui est la valeur maximale
+recommandée pour ethernet dans la RFC2671.
+.TP
+.B \-Q, --query-port=<numéro de port>
+Envoie et écoute les requêtes DNS sortantes depuis le port UDP spécifié par
+<numéro de port>, et non sur un port aléatoire. NOTE : Cette option rends
+dnsmasq moins sûr contre les attaques par usurpation DNS ("DNS spoofing"), mais
+cela peut permettre d'utiliser moins de ressources et d'être plus rapide. Donner
+une valeur de zéro à cette option restaure le comportement par défaut présent dans
+les versions de dnsmasq inférieures à 2.43 qui consiste à n'allouer qu'un seul port
+alloué par le système d'exploitation.
+.TP
+.B --min-port=<port>
+Ne pas utiliser de port dont le numéro est inférieur à la valeur donnée en paramètre
+pour les requêtes DNS sortantes. Dnsmasq choisis un port source aléatoire pour les
+requêtes sortantes : lorsque cette option est fournie, les ports utilisés seront toujours
+au dessus de la valeur spécifiée. Utile pour des systèmes derrière des dispositifs
+garde-barrières ("firewalls").
+.TP
+.B \-i, --interface=<nom d'interface>
+N'écouter que sur l'interface réseau spécifiée. Dnsmasq aujoute automatiquement
+l'interface locale ("loopback") à la liste des interfaces lorsque l'option
+.B --interface
+est utilisée.
+Si aucune option
+.B --interface
+ou
+.B --listen-address
+n'est donnée, Dnsmasq écoutera sur toutes les interfaces disponibles sauf
+celle(s) spécifiée(s) par l'option
+.B --except-interface.
+Les alias d'interfaces IP (e-g "eth1:0") ne peuvent être utilisés ni avec
+.B --interface
+ni
+.B \--except-interface.
+Utiliser l'option
+.B --listen-address
+à la place.
+.TP
+.B \-I, --except-interface=<interface name>
+Ne pas écouter sur l'interface spécifiée. Notez que l'ordre dans lesquelles les
+options
+.B \--listen-address
+,
+.B --interface
+et
+.B --except-interface
+sont fournies n'importe pas, et que l'option
+.B --except-interface
+l'emporte toujours sur les autres.
+.TP
+.B \-2, --no-dhcp-interface=<nom d'interface>
+Ne pas fournir de service DHCP sur l'interface spécifiée, mais fournir tout de
+même le service DNS.
+.TP
+.B \-a, --listen-address=<adresse IP>
+Ecouter sur la ou les adresse(s) IP spécifiée(s). Les options
+.B \--interface
+et
+.B \--listen-address
+peuvent-être spécifiées simultanément, auquel cas un jeu d'interfaces et
+d'adresses seront utilisées. Notez que si
+aucune option
+.B \--interface
+n'est donnée alors qu'une option
+.B \--listen-address
+l'est, Dnsmasq n'écoutera pas automatiquement sur l'interface locale
+("loopback"). Pour activer l'écoute sur l'interface locale, il est alors
+nécessaire de fournir explicitement son adresse IP, 127.0.0.1 via l'option
+.B \--listen-address.
+.TP
+.B \-z, --bind-interfaces
+Sur les systèmes qui le supporte, Dnsmasq s'associe avec l'interface joker
+("wildcard"), même lorsqu'il ne doit écouter que sur certaines interfaces. Par
+la suite, il rejette les requêtes auxquelles il ne doit pas répondre. Cette
+situation présente l'avantage de fonctionner même lorsque les interfaces vont
+et viennent ou changent d'adresses. L'option
+.B --bind-interfaces
+force Dnsmasq à ne réellement s'associer qu'avec les interfaces sur lesquelles
+il doit écouter. L'un des seuls cas où cette option est utile est celui où un
+autre serveur de nom (ou une autre instance de Dnsmasq) tourne sur la même
+machine. Utiliser cette option permet également d'avoir plusieurs instances de
+Dnsmasq fournissant un service DHCP sur la même machine.
+.TP
+.B \-y, --localise-queries
+Retourne des réponses aux requêtes DNS dépendantes de l'interface sur laquelle
+la requête a été reçue, à partir du fichier /etc/hosts. Si un nom dans
+/etc/hosts a plus d'une adresse associée avec lui, et qu'une des adresses au
+moins est dans le même sous-réseau que l'interface sur laquelle la requête a été
+reçue, alors ne retourne que la(les) adresse(s) du sous-réseau considéré. Cela
+permet d'avoir dans /etc/hosts un serveur avec de multiples adresses, une pour
+chacune de ses interfaces, et de fournir aux hôtes l'adresse correcte (basée sur
+le réseau auquel ils sont attachés). Cette possibilité est actuellement limitée
+à IPv4.
+.TP
+.B \-b, --bogus-priv
+Fausse résolution inverse pour les réseaux privés. Toutes les requêtes DNS
+inverses pour des adresses IP privées (ie 192.168.x.x, etc...) qui ne sont pas
+trouvées dans /etc/hosts ou dans le fichier de baux DHCP se voient retournées
+une réponse "pas de tel domaine" ("no such domain") au lieu d'être transmises
+aux serveurs de nom amont ("upstream server").
+.TP
+.B \-V, --alias=[<ancienne IP>]|[<IP de début>-<IP de fin>],<nouvelle IP>[,<masque>]
+Modifie les adresses IPv4 retournées par les serveurs de nom amont;
+<ancienne IP> est remplacée par <nouvelle IP>. Si le <masque> optionnel est
+fourni, alors toute adresse correspondant à l'adresse <ancienne IP>/<masque>
+sera réécrite. Ainsi par exemple
+.B --alias=1.2.3.0,6.7.8.0,255.255.255.0
+modifiera 1.2.3.56 en 6.7.8.56 et 1.2.3.67 en 6.7.8.67.
+Cette fonctionnalité correspond à ce que les routeurs Cisco PIX appellent
+"bidouillage DNS" ("DNS doctoring"). Si l'ancienne IP est donnée sous la forme
+d'une gamme d'adresses, alors seules les adresses dans cette gamme seront
+réecrites, et non le sous-réseau dans son ensemble. Ainsi,
+.B --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
+fait correspondre 192.168.0.10->192.168.0.40 à 10.0.0.10->10.0.0.40
+.TP
+.B \-B, --bogus-nxdomain=<adresse IP>
+Transforme les réponses contenant l'adresse IP fournie en réponses "pas de tel
+domaine" ("no such domain"). Ceci a pour but de neutraliser la modification
+sournoise mise en place par Verisign en septembre 2003, lorsqu'ils ont commencé
+à retourner l'adresse d'un serveur web publicitaire en réponse aux requêtes pour
+les noms de domaines non enregistrés, au lieu de la réponse correcte "NXDOMAIN".
+Cette option demande à Dnsmasq de retourner la réponse correcte lorsqu'il
+constate ce comportement. L'adresse retournée par Verisign en septembre 2003
+est 64.94.110.11.
+.TP
+.B \-f, --filterwin2k
+Les dernières versions de windows font des requêtes DNS périodiques auxquelles
+non seulement les serveurs DNS publics ne peuvent donner de réponse, mais qui,
+de surcroît, peuvent poser des problèmes en déclenchant des connexions
+intempestives pour des liens réseaux avec des connexions "à la demande". Fournir
+cette option active le filtrage des requêtes de ce type. Les requêtes bloquées
+sont les requêtes pour les entrées de type SOA ou SRV, ainsi que les requêtes de
+type ANY avec des noms possédant des caractères sous-lignés (requêtes pour des
+serveurs LDAP).
+.TP
+.B \-r, --resolv-file=<fichier>
+Lis les adresses des serveurs de nom amont dans le fichier de nom <fichier>,
+au lieu du fichier /etc/resolv.conf. Pour le format de ce fichier, voir dans le
+manuel pour
+.BR resolv.conf (5)
+les entrées correspondant aux serveurs de noms (nameserver). Dnsmasq peut lire
+plusieurs fichiers de type resolv.conf, le premier fichier spécifié remplace le
+fichier par défaut, le contenu des suivants est rajouté dans la liste des
+fichiers à consulter. Seul le fichier ayant la dernière date de modification
+sera chargé en mémoire.
+.TP
+.B \-R, --no-resolv
+Ne pas lire le contenu du fichier /etc/resolv.conf. N'obtenir l'adresse des
+serveurs de nom amont que depuis la ligne de commande ou le fichier de
+configuration de Dnsmasq.
+.TP
+.B \-1, --enable-dbus
+Autoriser la mise à jour de la configuration de Dnsmasq par le biais d'appel de
+méthodes DBus. Il est possible par ce biais de mettre à jour l'adresse de
+serveurs DNS amont (et les domaines correspondants) et de vider le cache. Cette
+option nécessite que Dnsmasq soit compilé avec le support DBus.
+.TP
+.B \-o, --strict-order
+Par défaut, Dnsmasq envoie les requêtes à n'importe lequel des serveurs amonts
+dont il a connaissance tout en essayant de favoriser les serveurs qu'il sait
+fonctionner. Cette option force Dnsmasq à essayer d'interroger, pour chaque
+requête, les serveurs DNS dans leur ordre d'apparition dans le fichier
+/etc/resolv.conf.
+.TP
+.B --all-servers
+Par défaut, lorsque dnsmasq a plus d'un serveur amont disponible, il n'envoie
+les requêtes qu'à un seul serveur. Spécifier cette option force dnsmasq à
+effectuer ses requêtes à tous les serveurs disponibles. Le résultat renvoyé
+au client sera celui fournit par le premier serveur ayant répondu.
+.TP
+.B --stop-dns-rebind
+Rejete (et enregistre dans le journal d'activité) les adresses dans la gamme
+d'adresses IP privée (au sens RFC1918) qui pourraient être renvoyées par les
+serveurs amonts suite à une résolution de nom. Cela bloque les attaques cherchant
+à détourner de leur usage les logiciels de navigation web ('browser') en s'en
+servant pour découvrir les machines situées sur le réseau local.
+.TP
+.B \-n, --no-poll
+Ne pas vérifier régulièrement si le fichier /etc/resolv.conf a été modifié.
+.TP
+.B --clear-on-reload
+Lorsque le fichier /etc/resolv.conf est relu, vider le cache DNS.
+Cela est utile si les nouveaux serveurs sont susceptibles d'avoir des données
+différentes de celles stockées dans le cache.
+.TP
+.B \-D, --domain-needed
+Indique à Dnsmasq de ne jamais transmettre en amont de requêtes pour des noms
+simples, ne comprenant donc ni points ni nom de domaine. Si un nom n'est pas
+dans /etc/hosts ou dans la liste des baux DHCP, alors une réponse de type
+"non trouvé" est renvoyée.
+.TP
+.B \-S, --local, --server=[/[<domaine>]/[domaine/]][<Adresse IP>[#<port>][@<Adresse IP source>|<interface>[#<port>]]]
+Spécifie directement l'adresse IP d'un serveur de nom amont. Cette option ne
+supprime pas la lecture du fichier /etc/resolv.conf : utiliser pour cela
+l'option
+.B -R .
+Si un ou plusieurs nom(s) de domaine(s) optionnel(s) sont fournis, ce
+serveur sera uniquement utilisé uniquement pour ce(s) domaine(s), et toute
+requête concernant ce(s) domaine(s) sera adressée uniquement à ce serveur.
+Cette option est destinée aux serveurs de nom privés : si vous avez un serveur
+de nom sur votre réseau ayant pour adresse IP 192.168.1.1 et effectuant la
+résolution des noms de la forme xxx.internal.thekelleys.org.uk, alors
+.B -S /internal.thekelleys.org.uk/192.168.1.1
+enverra toutes les requêtes pour les machines internes vers ce serveur de nom,
+alors que toutes les autres requêtes seront adressées aux serveurs indiqués dans
+le fichier /etc/resolv.conf. Une spécification de nom de domaine vide,
+.B //
+possède le sens particulier de "pour les noms non qualifiés uniquement",
+c'est-à-dire les noms ne possédant pas de points. Un port non standard peut être
+rajouté à la suite des adresses IP en utilisant le caractère #. Plus d'une
+option
+.B -S
+est autorisée, en répétant les domaines et adresses IP comme requis.
+
+Il est également permis de donner une option
+.B -S
+avec un nom de domaine mais sans
+adresse IP; Cela informe Dnsmasq que le domaine est local et qu'il doit répondre
+aux requêtes le concernant depuis les entrées contenues dans le fichier
+/etc/hosts ou les baux DHCP, et ne doit en aucun cas transmettre les requêtes
+aux serveurs amonts.
+.B local
+est synonyme de
+.B server
+("serveur") afin de rendre plus claire l'utilisation de cette option pour cet
+usage particulier.
+
+La chaîne de caractères optionnelle suivant le caractère @ permet de définir
+la source que Dnsmasq doit utiliser pour les réponses à ce
+serveur de nom. Il doit s'agir d'une des adresses IP appartenant à la machine sur
+laquelle tourne Dnsmasq ou sinon la ligne sera ignorée et une erreur sera
+consignée dans le journal des événements, ou alors d'un nom d'interface. Si un nom
+d'interface est donné, alors les requêtes vers le serveur de nom seront envoyées
+depuis cette interface; si une adresse ip est donnée, alors l'adresse source de
+la requête sera l'adresse en question. L'option query-port est ignorée pour tous
+les serveurs ayant une adresse source spécifiée, mais il est possible de la donner
+directement dans la spécification de l'adresse source. Forcer les requêtes à être
+émises depuis une interface spécifique n'est pas possible sur toutes les plateformes
+supportées par dnsmasq.
+.TP
+.B \-A, --address=/<domaine>/[domaine/]<adresse IP>
+Spécifie une adresse IP à retourner pour toute requête pour les domaines fournis
+en option. Les requêtes pour ce(s) domaine(s) ne sont jamais transmises aux
+serveurs amonts et reçoivent comme réponse l'adresse IP spécifiée qui peut être
+une adresse IPv4 ou IPv6. Pour donner à la fois une adresse IPv4 et une adresse
+IPv6 pour un domaine, utiliser plusieurs options
+.B -A.
+Il faut noter que le
+contenu du fichier /etc/hosts et de celui des baux DHCP supplante ceci pour des
+noms individuels. Une utilisation courante de cette option est de rediriger la
+totalité du domaine doubleclick.net vers un serveur web local afin d'éviter les
+bannières publicitaires. La spécification de domaine fonctionne de la même façon
+que
+.B --server,
+avec la caractéristique supplémentaire que
+.B /#/
+coïncide avec tout domaine. Ainsi,
+.B --address=/#/1.2.3.4
+retournera 1.2.3.4 pour toute requête
+n'ayant de réponse ni dans /etc/hosts, ni dans les baux DHCP, et n'étant pas
+transmise à un serveur spécifique par le biais d'une directive
+.B --server.
+.TP
+.B \-m, --mx-host=<nom de l'hôte>[[,<nom du MX>],<préference>]
+Spécifie un enregistrement de type MX pour <nom de l'hôte> retournant le nom
+donné dans <nom du MX> (s'il est présent), ou sinon le nom spécifié dans
+l'option
+.B --mx-target
+si elle est présente. Sinon retourne le nom de la machine
+sur laquelle Dnsmasq tourne. La valeur par défaut (spécifiée dans l'option
+.B --mx-target
+) est utile dans un réseau local pour rediriger les courriers
+électroniques vers un serveur central. La valeur de préférence est optionnelle
+et vaut par défaut 1 si elle n'est pas spécifiée. Plus d'une entrée MX peut être
+fournie pour un hôte donné.
+.TP
+.B \-t, --mx-target=<nom d'hôte>
+Spécifie la réponse par défaut fournie par Dnsmasq pour les requêtes sur des
+enregistrements de type MX. Voir
+.B --mx-host.
+Si
+.B --mx-target
+est donné mais pas de
+.B --mx-host,
+alors Dnsmasq retourne comme réponse un enregistrement MX
+contenant le nom d'hôte spécifié dans l'option
+.B --mx-target
+pour toute requête
+concernant le MX de la machine sur laquelle tourne Dnsmasq.
+.TP
+.B \-e, --selfmx
+Définit, pour toutes les machines locales, un MX correspondant à l'hôte
+considéré. Les machines locales sont celles définies dans le fichier /etc/hosts
+ou dans un bail DHCP.
+.TP
+.B \-L, --localmx
+Définit, pour toutes les machines locales, un enregistrement MX pointant sur
+l'hôte spécifié par mx-target (ou la machine sur laquelle Dnsmasq tourne). Les
+machines locales sont celles définies dans le fichier /etc/hosts ou dans un bail
+DHCP.
+.TP
+.B \-W --srv-host=<_service>.<_protocole>.[<domaine>],[<cible>[,<port>[,<priorité>[,<poids>]]]]
+Spécifie un enregistrement DNS de type SRV. Voir la RFC2782 pour plus de
+détails. Si le champs <domaine> n'est pas fourni, prends par défaut la valeur
+fournie dans l'option
+.B --domain.
+La valeur par défaut pour le domaine est vide et le port par défaut est 1, alors
+que les poids et priorités par défaut sont 0. Attention lorsque vous transposez
+des valeurs issues d'une configuration BIND : les ports, poids et priorités sont
+dans un ordre différents. Pour un service/domaine donné, plus d'un
+enregistrement SRV est autorisé et tous les enregistrements qui coïncident sont
+retournés dans la réponse.
+.TP
+.B \-Y, --txt-record=<nom>[[,<texte>],<texte>]
+Définit un enregistrement DNS de type TXT. La valeur de l'enregistrement TXT est
+un ensemble de chaînes de caractères, donc un nombre variable de chaînes de
+caractères peuvent être spécifiées, séparées par des virgules.
+.TP
+.B --ptr-record=<nom>[,<cible>]
+Définit un enregistrement DNS de type PTR.
+.TP
+.B --naptr-record=<nom>,<ordre>,<préférence>,<drapeaux>,<service>,<expr. régulière>[,<remplacement>]
+Retourne un enregistrement de type NAPTR, tel que spécifié dans le RFC3403.
+.TP
+.B --cname=<cname>,<cible>
+Retourne un enregistrement de type CNAME qui indique que <cname> est en
+réalité <cible>. Il existe des contraintes significatives sur la valeur
+de cible; il doit s'agir d'un nom DNS qui est connu de dnsmasq via /etc/hosts
+(ou un fichier hôtes additionnel) ou via DHCP. Si une cible ne satisfait
+pas ces critères, le CNAME est ignoré. Le CNAME doit être unique, mais
+il est autorisé d'avoir plus d'un CNAME pointant vers la même cible.
+.TP
+.B --interface-name=<nom>,<interface>
+Définit un entregistrement DNS associant le nom avec l'adresse primaire sur
+l'interface donnée en argument. Cette option spécifie un enregistrement de type
+A pour le nom donné en argument de la même façon que s'il était défini par une
+ligne de /etc/hosts, sauf que l'adresse n'est pas constante mais dépendante de
+l'interface définie. Si l'interface est inactive, non existante ou non
+configurée, une réponse vide est fournie. Un enregistrement inverse (PTR) est
+également créé par cette option, associant l'adresse de l'interface avec le nom.
+Plus d'un nom peut être associé à une interface donnée en répétant cette option
+plusieurs fois; dans ce cas, l'enregistrement inverse pointe vers le nom fourni
+dans la première instance de cette option.
+.TP
+.B \-c, --cache-size=<taille>
+Définit la taille du cache de Dnsmasq. La valeur par défaut est de 150 noms.
+Définir une valeur de zéro désactive le cache.
+.TP
+.B \-N, --no-negcache
+Désactive le "cache négatif". Le "cache négatif" permet à Dnsmasq de se souvenir
+des réponses de type "no such domain" fournies par les serveurs DNS en amont et
+de fournir les réponses sans avoir à re-transmettre les requêtes aux serveurs
+amont.
+.TP
+.B \-0, --dns-forward-max=<nombre de requêtes>
+Définit le nombre maximum de requêtes DNS simultanées. La valeur par défaut est
+150, ce qui devrait être suffisant dans la majorité des configurations. La seule
+situation identifiée dans laquelle cette valeur nécessite d'être augmentée est
+lorsqu'un serveur web a la résolution de nom activée pour l'enregistrement de
+son journal des requêtes, ce qui peut générer un nombre important de requêtes
+simultanées.
+.TP
+.B \-F, --dhcp-range=[[net:]identifiant de réseau,]<adresse de début>,<adresse de fin>[[,<masque de réseau>],<broadcast>][,<durée de bail>]
+Active le serveur DHCP. Les adresses seront données dans la plage comprise entre
+<adresse de début> et <adresse de fin> et à partir des adresses définies
+statiquement dans l'option
+.B dhcp-host.
+Si une durée de bail est donnée, alors les baux seront donnés pour cette
+durée. La durée de bail est donnée en secondes, en minutes (exemple : 45m),
+en heures (exemple : 1h) ou être la chaine de caractère "infinite" pour une
+durée indéterminée. Si aucune valeur n'est donnée, une durée de bail par défaut
+de une heure est appliquée. La valeur minimum pour un bail DHCP est de 2
+minutes.
+Cette option peut être répétée, avec différentes adresses,
+pour activer le service DHCP sur plus d'un réseau. Pour des réseaux directement
+connectés (c'est-à-dire des réseaux dans lesquels la machine sur laquelle tourne
+Dnsmasq possède une interface), le masque de réseau est optionnel. Il est par
+contre requis pour les réseaux pour lesquels le service DHCP se fait via un
+relais DHCP ("relay agent"). L'adresse de broadcast est toujours optionnelle.
+
+Il est toujours possible d'avoir plus d'une plage DHCP pour un même
+sous-réseau.
+
+L'identifiant de réseau optionnel est un label alphanumérique qui permet de
+marquer ce réseau afin de fournir des options DHCP spécifiques à chaque réseau.
+Lorsque préfixé par 'net:', la signification change est au lieu de définir un
+label, il définit le label pour laquelle la règle s'applique. Un seul label peut-
+être défini mais plusieurs labels peuvent coïncider.
+
+L'adresse de fin peut être remplacée par le mot-clef
+.B static
+("statique") qui indique à Dnsmasq d'activer le service DHCP pour le réseau
+spécifié, mais de ne pas activer l'allocation dynamique d'adresses IP : Seuls
+les hôtes possédant des adresses IP statiques fournies via
+.B dhcp-host
+ou présentes dans le fichier /etc/ethers seront alors servis par le DHCP.
+
+L'adresse de fin peut-être remplacée par le mot-clef
+.B proxy
+, auquel cas Dnsmasq fournira un service de DHCP proxy pour le sous-réseau
+spécifié. (voir
+.B pxe-prompt
+et
+.B pxe-service
+pour plus de détails).
+.TP
+.B \-G, --dhcp-host=[<adresse matérielle>][,id:<identifiant client>|*][,net:<identifiant de réseau>][,<adresse IP>][,<nom d'hôte>][,<durée de bail>][,ignore]
+Spécifie les paramètres DHCP relatifs à un hôte. Cela permet à une machine
+possédant une adresse matérielle spécifique de se voir toujours allouée les
+mêmes nom d'hôte, adresse IP et durée de bail. Un nom d'hôte spécifié comme
+ceci remplace le nom fourni par le client DHCP de la machine hôte. Il est
+également possible d'omettre l'adresse matérielle et d'inclure le nom d'hôte,
+auquel cas l'adresse IP et la durée de bail s'appliqueront à toute machine se
+réclamant de ce nom. Par exemple
+.B --dhcp-host=00:20:e0:3b:13:af,wap,infinite
+spécifie à Dnsmasq de fournir à la machine d'adresse matérielle
+00:20:e0:3b:13:af le nom, et un bail de durée indéterminée.
+
+.B --dhcp-host=lap,192.168.0.199
+spécifie à Dnsmasq d'allouer toujours à la machine portant le nom lap
+l'adresse IP 92.168.0.199. Les adresses allouées comme ceci ne sont pas
+contraintes dans une plage d'adresse spécifiée par une option --dhcp-range, mais
+elles doivent être sur un réseau servi par le serveur DHCP. Il est possible
+d'utiliser des identifiants clients plutôt que des adresses matérielles pour
+identifier les hôtes, en préfixant par ceux-ci par 'id:'. Ainsi,
+.B --dhcp-host=id:01:02:03:04,.....
+réfère à l'hôte d'identifiant 01:02:03:04. Il est également possible de
+spécifier l'identifiant client sous la forme d'une chaîne de caractères, comme
+ceci :
+.B --dhcp-host=id:identifiantclientsousformedechaine,.....
+
+L'option spéciale id:* signifie : "ignorer tout identifiant client et n'utiliser
+que l'adresse matérielle". Cela est utile lorsqu'un client présente un
+identifiant client mais pas les autres.
+
+Si un nom apparaît dans /etc/hosts, l'adresse associée peut être allouée à un
+bail DHCP mais seulement si une option
+.B --dhcp-host
+spécifiant le nom existe par ailleurs. Le mot clef "ignore" ("ignorer") indique
+à Dnsmasq de ne jamais fournir de bail DHCP à une machine. La machine peut être
+spécifiée par son adresse matérielle, son identifiant client ou son nom d'hôte.
+Par exemple
+.B --dhcp-host=00:20:e0:3b:13:af,ignore
+Cela est utile lorsqu'un autre serveur DHCP sur le réseau doit être utilisé par
+certaines machines.
+
+Le paramètre net:<identifiant réseau> permet de définir un
+identifiant de réseau lorsque l'option dhcp-host est utilisée. Cela peut servir
+à sélectionner des options DHCP juste pour cet hôte. Lorsqu'une machine coïncide
+avec une directive dhcp-host (ou une impliquée par /etc/ethers), alors
+l'identifiant réseau réservé "known" ("connu") est associé. Cela permet à
+Dnsmasq d'être configuré pour ignorer les requêtes issus de machines inconnue
+ par le biais de
+.B --dhcp-ignore=#known.
+
+Les adresses ethernet (mais pas les identifiants clients) peuvent être définies
+avec des octets joker, ainsi par exemple
+.B --dhcp-host=00:20:e0:3b:13:*,ignore
+demande à Dnsmasq d'ignorer une gamme d'adresses matérielles. Il est à noter
+que "*" doit-être précédé d'un caractère d'échappement ou mis entre guillemets
+lorsque spécifié en option de ligne de commande, mais pas dans le fichier de
+configuration.
+
+Les adresses matérielles coïncident en principe avec n'importe
+quel type de réseau (ARP), mais il est possible de les limiter à un seul type
+ARP en les précédant du type ARP (en Hexadécimal) et de "-". Ainsi
+.B --dhcp-host=06-00:20:e0:3b:13:af,1.2.3.4
+coïncidera uniquement avec des adresses matérielles Token-Ring, puisque le type
+ARP pour une adresse Token-Ring est 6.
+
+Un cas spécial correspond à l'inclusion d'une ou plusieurs adresses
+matérielles, c-à-d :
+.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2.
+Cela permet à une adresse IP d'être associé à plusieurs adresses
+matérielles, et donne à dnsmasq la permission d'abandonner un bail DHCP
+attribué à l'une de ces adresses lorsqu'une autre adresse dans la liste
+demande un bail. Ceci est une opération dangereuse qui ne fonctionnera
+de manière fiable que si une adresse matérielle est active à un moment
+donné et dnsmasq n'a aucun moyen de s'assurer de cela. Cela est utile,
+par exemple, pour allouer une adresse IP stable à un laptop qui
+aurait à la fois une connexion filaire et sans-fil.
+.TP
+.B --dhcp-hostsfile=<fichier>
+Lis les informations d'hôtes DHCP dans le fichier spécifié. Le fichier contient
+des informations à raison d'un hôte par ligne. Le format d'une ligne est la même
+que le texte fourni à la droite sur caractère "=" dans l'option
+.B --dhcp-host.
+L'avantage de stocker les informations sur les hôtes DHCP dans ce fichier est
+que celles-ci peuvent être modifiées sans recharger Dnsmasq; le fichier sera
+relu lorsque Dnsmasq reçoit un signal SIGHUP.
+.TP
+.B --dhcp-optsfile=<fichier>
+Lis les informations relatives aux options DHCP dans le fichier spécifié.
+L'intérêt d'utiliser cette option est le même que pour --dhcp-hostsfile : le
+fichier spécifié sera rechargé à la réception par dnsmasq d'un signal SIGHUP.
+Notez qu'il est possible d'encoder l'information via
+.B --dhcp-boot
+en utilisant les noms optionnels bootfile-name, server-ip-address et
+tftp-server. Ceci permet d'inclure ces options dans un fichier "dhcp-optsfile".DNSMASQ_SUPPLIED_HOSTNAME
+.TP
+.B \-Z, --read-ethers
+Lis les informations d'hôtes DHCP dans le fichier /etc/ethers. Le format de
+/etc/ethers est une adresse matérielle suivie, soit par un nom d'hôte, soit par
+une adresse IP sous la forme de 4 chiffres séparés par des points. Lorsque lu
+par Dnsmasq, ces lignes ont exactement le même effet que l'option
+.B --dhcp-host
+contenant les mêmes informations. /etc/ethers est relu à la réception d'un
+signal SIGHUP par Dnsmasq.
+.TP
+.B \-O, --dhcp-option=[<identifiant_de_réseau>,[<identifiant_de_réseau>,]][encap:<option>,][vendor:[<classe_vendeur>],][<option>|option:<nom d'option>],[<valeur>[,<valeur>]]
+Spécifie des options différentes ou supplémentaires pour des clients DHCP. Par
+défaut, Dnsmasq envoie un ensemble standard d'options aux clients DHCP : le
+masque de réseau et l'adresse de broadcast sont les mêmes que pour l'hôte
+sur lequel tourne Dnsmasq, et le serveur DNS ainsi que la route par défaut
+prennent comme valeur l'adresse de la machine sur laquelle tourne Dnsmasq. Si
+une option de nom de domaine a été définie, son contenu est transmis. Cette
+option de configuration permet de changer toutes ces valeurs par défaut, ou de
+spécifier d'autres options. L'option DHCP à transmettre peut être fournie sous
+forme d'un nombre décimal ou sous la forme "option:<nom d'option>". Les nombres
+correspondants aux options sont définis dans la RFC2132 et suivants. Les noms
+d'options connus par Dnsmasq peuvent être obtenus via "Dnsmasq --help dhcp".
+Par exemple, pour définir la route par défaut à 192.168.4.4, il est possible de
+faire
+.B --dhcp-option=3,192.168.4.4
+ou
+.B --dhcp-option = option:router, 192.168.4.4
+ou encore, pour positionner l'adresse du serveur de temps à 192.168.0.4, on peut
+faire
+.B --dhcp-option = 42,192.168.0.4
+ou
+.B --dhcp-option = option:ntp-server, 192.168.0.4
+L'adresse 0.0.0.0 prends ici le sens "d'adresse de la machine sur laquelle
+tourne Dnsmasq". Les types de données autorisées sont des adresses IP sous la
+forme de 4 chiffres séparés par des points, un nombre décimal, une liste de
+caractères hexadécimaux séparés par des 2 points, ou une chaîne de caractères.
+Si des identifiants de réseaux sont fournis, alors cette option n'est envoyée
+qu'aux réseaux dont tous les identifiants coïncident.
+
+Un traitement spécial est effectué sur les chaînes de caractères fournies pour
+l'option 119, conformément à la RFC 3397. Les chaînes de caractères ou les
+adresses IP sous forme de 4 chiffres séparés par des points donnés en arguments
+de l'option 120 sont traités conforméments à la RFC 3361. Les adresses IP sous
+forme de 4 chiffres séparés par des points suivies par une barre montante "/",
+puis une taille de masque sont encodés conforméments à la RFC 3442.
+
+Attention : aucun test n'étant fait pour vérifier que des données d'un type
+adéquat sont envoyées pour un numéro d'option donné, il est tout à fait possible
+de persuader Dnsmasq de générer des paquets DHCP illégaux par une utilisation
+incorrecte de cette option. Lorsque la valeur est un nombre décimal, Dnsmasq
+doit déterminer la taille des données. Cela est fait en examinant le numéro de
+l'option et/ou la valeur, mais peut-être évité en rajoutant un suffixe d'une
+lettre comme suit :
+b = un octet, s = 2 octets, i = 4 octets. Cela sert essentiellement pour des
+options encapsulées de classes de vendeurs (voir plus bas), pour lesquelles
+Dnsmasq ne peut déterminer la taille de la valeur. Les données d'options
+consistant uniquement de points et de décimaux sont interprétées par Dnsmasq
+comme des adresses IP, et envoyées comme telles. Pour forcer l'envoi sous forme
+de chaîne de caractère, il est nécessaire d'utiliser des guillemets doubles. Par
+exemple, l'utilisation de l'option 66 pour fournir une adresse IP sous la forme
+d'une chaîne de caractères comme nom de serveur TFTP, il est nécessaire de faire
+comme suit :
+.B --dhcp-option=66,"1.2.3.4"
+
+Les options encapsulées de classes de vendeurs peuvent-être aussi spécifiées en
+utilisant
+.B --dhcp-option
+: par exemple
+.B --dhcp-option=vendor:PXEClient,1,0.0.0.0
+envoie l'option encapsulée de classe de vendeur "mftp-address=0.0.0.0" à
+n'importe quel client dont la classe de vendeur correspond à "PXEClient". La
+correspondance pour les classes de vendeur s'effectue sur des sous-chaînes de
+caractères (voir
+.B --dhcp-vendorclass
+pour plus de détails). Si une option de
+classe de vendeur (numéro 60) est envoyée par Dnsmasq, alors cela est utilisé
+pour sélectionner les options encapsulées, de préférence à toute option envoyée
+par le client. Il est possible d'omettre complètement une classe de vendeur :
+.B --dhcp-option=vendor:,1,0.0.0.0
+Dans ce cas l'option encapsulée est toujours envoyée.
+
+Les options peuvent-être encapsulées au sein d'autres options :
+par exemple
+.B --dhcp-option=encap:175, 190, "iscsi-client0"
+enverra l'option 175, au sein de laquelle se trouve l'option 190.
+Plusieurs options encapsulées avec le même numéro d'option seront correctement
+combinées au sein d'une seule option encapsulée. Il n'est pas possible de
+spécifier encap: et vendor: au sein d'une même option dhcp.
+
+L'adresse 0.0.0.0 n'est pas traitée de manière particulière lorsque fournie dans
+une option encapsulée.
+.TP
+.B --dhcp-option-force=[<identifiant de réseau>,[<identifiant de réseau>,]][encap:<option>,][vendor:[<classe de vendeur>],]<option>,[<valeur>[,<valeur>]]
+Cela fonctionne exactement de la même façon que
+.B --dhcp-option
+sauf que cette option sera toujours envoyée, même si le client ne la demande pas
+dans la liste de paramêtres requis. Cela est parfois nécessaire, par exemple lors
+de la fourniture d'options à PXELinux.
+.TP
+.B --dhcp-no-override
+Désactive la réutilisation des champs DHCP nom de serveur et nom de
+fichier comme espace supplémentaire pour les options. Si cela est
+possible, dnsmasq déplace les informations sur le serveur de démarrage
+et le nom de fichier (fournis par 'dhcp-boot') en dehors des champs
+dédiés à cet usage dans les options DHCP. Cet espace supplémentaire est
+alors disponible dans le paquet DHCP pour d'autres options, mais peut, dans
+quelques rares cas, perturber des clients vieux ou défectueux. Cette
+option force le comportement à l'utilisation des valeurs "simples et sûres"
+afin d'éviter des problèmes dans de tels cas.
+.TP
+.B \-U, --dhcp-vendorclass=<identifiant de réseau>,<classe de vendeur>
+Associe une chaîne de classe de vendeur à un indentifiant de réseau. La plupart
+des clients DHCP fournissent une "classe de vendeur" ("vendor class") qui
+représente, d'une certaine façon, le type d'hôte. Cette option associe des
+classes de vendeur à des labels, de telle sorte que des options DHCP peuvent-être
+fournie de manière sélective aux différentes classes d'hôtes. Par exemple,
+.B dhcp-vendorclass=printers,Hewlett-Packard JetDirect
+permet de n'allouer des options qu'aux imprimantes HP de la manière suivante :
+.B --dhcp-option=printers,3,192.168.4.4
+La chaîne de caractères de la classe de vendeur founie en argument est cherchée
+en temps que sous-chaîne de caractères au sein de la classe de vendeur fournie
+par le client, de façon à permettre la recherche d'un sous-ensemble de la chaîne
+de caractères ("fuzzy matching").
+.TP
+.B \-j, --dhcp-userclass=<identifiant de réseau>,<classe utilisateur>
+Associe une chaîne de classe d'utilisateur à un identifiant réseau (effectue la
+recherche sur des sous-chaînes, comme pour les classes de vendeur). La plupart
+des clients permettent de configurer une "classe d'utilisateur". Cette option
+associe une classe d'utilisateur à un label, de telle manière qu'il soit
+possible de fournir des options DHCP spécifiques à différentes classes d'hôtes.
+Il est possible, par exemple, d'utiliser ceci pour définir un serveur
+d'impression différent pour les hôtes de la classe "comptes" et ceux de la
+classe "ingénierie".
+.TP
+.B \-4, --dhcp-mac=<identifiant de réseau>,<adresse MAC>
+Associe une adresse matérielle (MAC) à un identifiant réseau. L'adresse
+matérielle peut inclure des jokers. Par exemple
+.B --dhcp-mac=3com,01:34:23:*:*:*
+permet de définir le label "3com" pour n'importe quel hôte dont l'adresse
+matérielle coïncide avec les critères définis.
+.TP
+.B --dhcp-circuitid=<identifiant de réseau>,<identifiant de circuit>, --dhcp-remoteid=<identifiant de réseau>,<identifiant distant>
+Associe des options de relais DHCP issus de la RFC3046 à des identifiants de
+réseau. Cette information peut-être fournie par des relais DHCP. L'identifiant
+de circuit ou l'identifiant distant est normalement fourni sous la forme d'une
+chaîne de valeurs hexadécimales séparées par des ":", mais il est également
+possible qu'elle le soit sous la forme d'une simple chaîne de caractères. Si
+l'identifiant de circuit ou d'agent correspond exactement à celui fourni par le
+relais DHCP, alors l'identifiant de réseau est positionné.
+.TP
+.B --dhcp-subscrid=<identifiant de réseau>,<identifiant d'abonné>
+Associe des options de relais DHCP issues de la RFC3993 à des identifiants de
+réseau.
+.TP
+.B --dhcp-match=<identifiant de réseau>,<numéro d'option>|option:<nom d'option>[,<valeur>]
+Si aucune valeur n'est spécifiée, associe l'identifiant de réseau si le client
+envoie une option DHCP avec le numéro ou le nom spécifié. Lorsqu'une valeur est
+fournie, positionne le label seulement dans le cas où l'option est fournie et
+correspond à la valeur. La valeur peut-être de la forme "01:ff:*:02", auquel
+cas le début de l'option doit correspondre (en respectant les jokers). La
+valeur peut aussi être de la même forme que dans
+.B dhcp-option
+, auquel cas l'option est traitée comme un tableau de valeur, et un des
+éléments doit correspondre, ainsi
+
+--dhcp-match=efi-ia32,option:client-arch,6
+
+spécifie le label "efi-ia32" si le numéro 6 apparaît dnas la liste
+d'architectures envoyé par le client au sein de l'option 93. (se réferer
+au RFC 4578 pour plus de détails). Si la valeur est un chaine de caractères,
+celle-ci est recherchée (correspondance en temps que sous-chaîne).
+.TP
+.B \-J, --dhcp-ignore=<identifiant de réseau>[,<identifiant de réseau>]
+Lorsque tous les identifiants de réseau fournis coïncident avec la liste
+d'identifiants réseau dérivée des classes de réseau, hôte, vendeur et
+utilisateur, ignorer l'hôte et ne pas donner de bail DHCP.
+.TP
+.B --dhcp-ignore-names[=<identifiant de réseau>[,<identifiant de réseau>]]
+Lorsque tous les identifiant de réseau coïncident avec la liste d'identifiants
+réseau dérivées des classes de réseau, hôte, vendeur et utilisateur, ignorer le
+nom de machine fourni par l'hôte. Il est à noter que, à la différence de
+l'option "dhcp-ignore", il est permis de ne pas fournir d'identifiant réseau.
+Dans ce cas, les noms d'hôtes fournis par les clients DHCP seront toujours
+ignorés, et les noms d'hôtes seront ajoutés au DNS en utilisant uniquement la
+configuration dhcp-host de Dnsmasq, ainsi que le contenu des fichiers /etc/hosts
+et /etc/ethers.
+.TP
+.B --dhcp-broadcast=<identifiant de réseau>[,<identifiant de réseau>]
+Lorsque tous les identifiants de réseaux fournis correspondent à ceux
+obtenus à partir des classes de réseau, d'hôte ou d'utilisateur, force
+l'utilisation du broadcast pour communiquer avec l'hôte lorsque celui-ci n'est
+pas configuré. La plupart des clients DHCP nécessitant une réponse par le biais
+d'un broadcast activent une option dans leur requête, ce qui fait que cela
+se fait automatiquement, mais ce n'est pas la cas de certains vieux clients BOOTP.
+.TP
+.B \-M, --dhcp-boot=[net:<identifiant de réseau>,]<nom de fichier>,[<nom de serveur>[,<adresse de serveur>]]
+Spécifie les options BOOTP devant être retournées par le serveur DHCP. Le nom de
+serveur ainsi que l'adresse sont optionnels : s'ils ne sont pas fournis, le nom
+est laissé vide et l'adresse fournie est celle de la machine sur laquelle
+s'exécute Dnsmasq. Si Dnsmasq founit un service TFTP (voir
+.B --enable-tftp
+), alors seul un nom de fichier est requis ici pour permettre un démarrage par
+le réseau.
+Si d'éventuels identifiants de réseau sont fournis, ils doivent coïncider avec
+ceux du client pour que cet élement de configuration lui soit envoyé. Il est à
+noter que les identifiants de réseau doivent-être préfixés par "net:".
+.TP
+.B --pxe-service=[net:<identifiant de réseau>,]<CSA>,<entrée de menu>,<nom de fichier>|<type de service de démarrage>[,<adresse de serveur>]
+La plupart des ROMS de démarrage PXE ne permettent au système PXE que la simple
+obtention d'une adresse IP, le téléchargement du fichier spécifié dans
+.B dhcp-boot
+et son exécution. Cependant, le système PXE est capable de fonctions bien plus
+complexes pour peu que le serveur DHCP soit adapté.
+
+Ceci spécifie l'option de démarrage qui apparaitra dans un menu de démarrage
+PXE. <CSA> est le type du système client. Seuls des types de services valides
+apparaitront dans un menu. Les types connus sont x86PC, PC98, IA64_EFI, Alpha,
+Arc_x86, Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI et X86-64_EFI;
+D'autres types peuvent-être spécifiés sous la forme d'une valeur entière. Le
+paramètre après le texte correspondant à l'entrée dans le menu peut être un nom
+de fichier, auquel cas Dnsmasq agit comme un serveur de démarrage et indique au
+client PXE qu'il faut télécharger ce fichier via TFTP, soit depuis ce serveur
+(l'option
+.B enable-tftp
+doit être spécifiée pour que cela marche), soit depuis un autre serveur TFTP
+si une adresse de serveur est fournie.
+Veuillez noter que le suffixe de "couche" (en principe ".0") est fourni par PXE
+et ne doit pas être rajouté au nom de fichier. Si une valeur numérique entière
+est fournir pour le type de démarrage, en remplacement du nom de fichier, le
+client PXE devra chercher un service de démarrage de ce type sur le réseau.
+Cette recherche peut être faite via multicast ou broadcast, ou directement
+auprès d'un serveur si son adresse IP est fournie dans l'option. Un service de
+démarrage de type 0 est spécial et provoquera une interruption du démarrage par
+le réseau ainsi que la poursuite du démarrage sur un média local.
+.TP
+.B --pxe-prompt=[net:<identifiant de réseau>,]<invite>[,<délai>]
+Cette option permet d'afficher une invite à la suite du démarrage PXE. Si un
+délai est fourni, alors la première entrée du menu de démarrage sera
+automatiquement exécutée après ce délai. Si le délai vaut 0, alors la première
+entrée disponible sera exécutée immédiatement. Si
+.B pxe-prompt
+est omis, le système attendra un choix de l'utilisateur s'il existe plusieurs
+entrées dans le menu, ou démarrera immédiatement dans le cas où il n'y a qu'une
+seule entrée. Voir
+.B pxe-service
+pour plus de détails sur les entrées de menu.
+
+Dnsmasq peut servir de "proxy-DHCP" PXE, dans le cas où un autre serveur DHCP
+sur le réseau est responsable de l'allocation des adresses IP, auquel cas
+Dnsmasq se contente de fournir les informations données dans les options
+.B pxe-prompt
+et
+.B pxe-service
+pour permettre le démarrage par le réseau. Ce mode est activé en utilisant le
+mot-clef
+.B proxy
+dans
+.B dhcp-range.
+.TP
+.B \-X, --dhcp-lease-max=<nombre>
+Limite Dnsmasq à un maximum de <nombre> baux DHCP. Le défaut est de 150. Cette
+limite permet d'éviter des attaques de déni de service ("DoS") par des hôtes
+créant des milliers de baux et utilisant beaucoup de mémoire dans le processus
+Dnsmasq.
+.TP
+.B \-K, --dhcp-authoritative
+Cette option doit être donnée lorsque Dnsmasq est le seul serveur DHCP sur le
+réseau. Cela change le comportement par défaut qui est celui d'un strict respect
+des RFC, afin que les requêtes DHCP pour des baux inconnus par des hôtes
+inconnus ne soient pas ignorées. Cela permet à de nouveaux hôtes d'obtenir des
+baux sans tenir compte de fastidieuses temporisations ("timeout"). Cela permet
+également à Dnsmasq de reconstruire sa base de donnée contenant les baux sans
+que les clients n'aient besoin de redemander un bail, si celle-ci est perdue.
+.TP
+.B --dhcp-alternate-port[=<port serveur>[,<port client>]]
+Change les ports utilisés par défaut pour le DHCP. Si cette option est donnée
+toute seule sans arguments, alors change les ports utilisés pour le DHCP
+de 67 et 68 respectivement à 1067 et 1068. Si un seul argument est donné, ce
+numéro est utilisé pour le port serveur et ce numéro plus 1 est utilisé pour le
+port client. Enfin, en fournissant deux numéros de ports, il est possible de
+spécifier arbitrairement 2 ports à la fois pour le serveur et pour le client DHCP.
+.TP
+.B \-3, --bootp-dynamic[=<identifiant de réseau>[,<identifiant de réseau>]]
+Permet l'allocation dynamique d'adresses IP à des clients BOOTP. Utiliser cette
+option avec précaution, une adresse allouée à un client BOOTP étant perpétuelle,
+et de fait n'est plus disponibles pour d'autres hôtes. Si aucun argument n'est
+donné, alors cette option permet une allocation dynamique dans tous les cas. Si
+des arguments sont spécifiés, alors l'allocation ne se fait que lorsque tous
+les identifiants coïncident. Il est possible de répeter cette option avec
+plusieurs jeux d'arguments.
+.TP
+.B \-5, --no-ping
+Par défaut, le serveur DHCP tente de s'assurer qu'une adresse n'est pas utilisée
+avant de l'allouer à un hôte. Cela est fait en envoyant une requête ICMP de type
+"echo request" (aussi connue sous le nom de "ping") à l'adresse en question. Si
+le serveur obtient une réponse, alors l'adresse doit déjà être utilisée et une
+autre est essayée. Cette option permet de supprimer cette vérification. A
+utiliser avec précaution.
+.TP
+.B --log-dhcp
+Traces additionnelles pour le service DHCP : enregistre toutes les options
+envoyées aux clients DHCP et les identifiants de réseaux utilisés pour la
+détermination de celles-ci.
+.TP
+.B \-l, --dhcp-leasefile=<chemin de fichier>
+Utilise le fichier dont le chemin est fourni pour stocker les informations de
+baux DHCP.
+.TP
+.B \-6 --dhcp-script=<chemin de fichier>
+Lorsqu'un bail DHCP est créé, ou qu'un ancien est supprimé, le fichier dont le
+chemin est spécifié est exécuté. Les arguments fournis à celui-ci sont soit
+"add" ("ajouter"), "old" ("ancien") ou "del" ("supprimer"), suivi de l'adresse
+MAC de l'hôte puis l'adresse IP et le nom d'hôte si celui-ci est
+connu."add" signifie qu'un bail a été créé, "del" signifie qu'il a été supprimé,
+"old" notifie que le bail existait au lancement de Dnsmasq, ou un changement
+d'adresse MAC ou de nom d'hôte pour un bail existant (ou, dans le cas où
+leasefile-ro est spécifié, un changement de durée de bail ou d'identifiant
+d'hôte). Si l'adresse Mac est d'un type de réseau autre qu'ethernet, il est
+nécessaire de la préceder du type de réseau, par exemple "06-01:23:45:67:89:ab"
+pour du token ring. Le processus est exécuté en temps que super-utilisateur
+(si Dnsmasq a été lancé en temps que "root"), même si Dnsmasq est configuré
+pour changer son UID pour celle d'un utilisateur non-privilégié.
+L'environnement est hérité de celui de l'invocation du processus Dnsmasq, et
+si l'hôte fournit un identifiant de client, celui-ci est stocké dans la
+variable d'environnement DNSMASQ_CLIENT_ID. Si un nom de domaine pleinement
+qualifié (FQDN) est connu pour l'hôte, la part relative au domaine est stockée
+dans DNSMASQ_DOMAIN. Si le client fournit une information de classe de vendeur,
+de classe d'utilisateur ou un nom d'hôte, celles-ci sont positionnées dans les
+variables DNSMASQ_VENDOR_CLASS et DNSMASQ_USER_CLASS0 à DNSMASQ_USER_CLASSn
+et DNSMASQ_SUPPLIED_HOSTNAME respectivement, mais seulement pour les actions
+"add" et "old" lorsqu'un hôte reprend un bail existant, ces variables n'étant
+pas stockées dans la base de baux de Dnsmasq. Si Dnsmasq a été compilé avec
+l'option HAVE_BROKEN_RTC ("horloge RTC défectueuse"), alors la durée du bail
+(en secondes) est stockée dans la variable DNSMASQ_LEASE_LENGTH, sinon la date
+d'expiration du bail est toujours stocké dans la variable d'environnement
+DNSMASQ_LEASE_EXPIRES. Le nombre de secondes avant expiration est toujours
+stocké dans DNSMASQ_TIME_REMAINING. Si un bail était associé à un nom d'hôte et
+que celui-ci est supprimé, un évênement de type "old" est généré avec le
+nouveau statut du bail, c-à-d sans nom d'hôte, et le nom initial est fourni
+dans la variable d'environnement DNSMASQ_OLD_HOSTNAME. La variable
+DNSMASQ_INTERFACE contient le nom de l'interface sur laquelle la requête est
+arrivée; ceci n'est pas renseigné dans le cas des actions "old" ayant lieu
+après un redémarrage de dnsmasq. La variable DNSMASQ_RELAY_ADDRESS est
+renseignée si le client a utilisé un relai DHCP pour contacter Dnsmasq, si
+l'adresse IP du relai est connue.
+Tous les descripteurs de fichiers sont fermés, sauf stdin, stdout et stderr qui
+sont ouverts sur /dev/null (sauf en mode déverminage).
+Le script n'est pas lancé de manière concurrente : si un autre changement de
+bail intervient, le script ne sera relancé que lorsque l'exécution actuelle sera
+terminée.
+Au démarrage de Dnsmasq, le script sera invoqué pour chacun des baux existants
+dans le fichier des baux. Le script sera lancé avec l'action "del" pour les baux
+expirés, et "old" pour les autres. <chemin de fichier> doit être un chemin
+absolu (c'est-à-dire partant de la racine "/"), aucune recherche n'aura lieu
+dans les répertoires de la variable d'environnement PATH. Lorsque Dnsmasq reçoit
+un signal HUP, le script sera invoqué avec une action "old" pour tous les baux
+existants.
+.TP
+.B --dhcp-scriptuser
+Spécifie l'utilisateur sous lequel le script lease-change doit être exécuté. La
+valeur par défaut correspond à l'utilisateur root mais peut-être changée par le
+biais de cette option.
+.TP
+.B \-9, --leasefile-ro
+Supprimer complètement l'usage du fichier servant de base de donnée pour les
+baux DHCP. Le fichier ne sera ni créé, ni lu, ni écrit. Change la façon dont le
+script de changement d'état de bail est lancé (si celui-ci est fourni par le
+biais de l'option
+.B --dhcp-script
+), de sorte que la base de données de baux puisse
+être complètement gérée par le script sur un stockage externe. En addition aux
+actions décrites dans
+.B --dhcp-script,
+le script de changement d'état de bail est appellé une fois, au lancement de
+Dnsmasq, avec pour seul argument "init". Lorsqu'appellé de la sorte, le script
+doit fournir l'état de la base de baux, dans le format de fichier de baux de
+Dnsmasq, sur sa sortie standard (stdout) et retourner un code de retour de 0.
+Positionner cette option provoque également une invocation du script de
+changement d'état de bail à chaque changement de l'identifiant de client, de
+longueur de bail ou de date d'expiration.
+.TP
+.B --bridge-interface=<interface>,<alias>[,<alias>]
+Traiter les requêtes DHCP arrivant sur n'importe laquelle des interfaces <alias>
+comme si elles arrivaient de l'interface <interface>. Cette option est
+nécessaire lors de l'utilisation de pont ethernet "ancien mode" sur plate-forme
+BSD, puisque dans ce cas les paquets arrivent sur des interfaces "tap" n'ont
+pas d'adresse IP.
+.TP
+.B \-s, --domain=<domaine>[,<gamme d'adresses>]
+Spécifie le domaine du serveur DHCP. Le domaine peut être donné de manière
+inconditionnelle (sans spécifier de gamme d'adresses IP) ou pour des gammes
+d'adresses IP limitées. Cela a deux effets; tout d'abord, le
+serveur DHCP retourne le domaine à tous les hôtes le demandant, deuxièmement,
+cela spécifie le domaine valide pour les hôtes DHCP configurés. Le but de cela
+est de contraindre les noms d'hôte afin qu'aucun hôte sur le LAN ne puisse
+fournir via DHCP un nom tel que par exemple "microsoft.com" et capturer du
+trafic de manière illégitime. Si aucun nom de domaine n'est spécifié, alors
+les noms d'hôtes avec un nom de domaine (c-à-d un point dans le nom) seront
+interdits et enregistrés dans le journal (logs). Si un suffixe est fourni, alors
+les noms d'hôtes possédant un domaine sont autorisés, pour peu que le nom de
+domaine coïncide avec le nom fourni. De plus, si un suffixe est fourni, alors
+les noms d'hôtes ne possédant pas de nom de domain se voient rajouter le
+suffixe fourni dans l'option
+.B --domain.
+Ainsi, sur mon réseau, je peux configurer
+.B --domain=thekelleys.org.uk
+et avoir une machine dont le nom DHCP serait "laptop". L'adresse IP de cette
+machine sera disponible à la fois pour "laptop" et "laptop.thekelleys.org.uk".
+Si la valeur fournie pour <domaine> est "#", alors le nom de domaine est
+positionné à la première valeur de la directive "search" du fichier
+/etc/resolv.conf (ou équivalent). La gamme d'adresses peut être de la forme
+<adresse ip>,<adresse ip> ou <adresse ip>/<masque de réseau> voire une simple
+<adresse ip>. Voir
+.B --dhcp-fqdn
+qui peut changer le comportement de dnsmasq relatif aux domaines.
+.TP
+.B --dhcp-fqdn
+Dans le mode par défaut, dnsmasq insère les noms non-qualifiés des clients
+DHCP dans le DNS. Pour cette raison, les noms doivent être uniques, même si
+deux clients ayant le même nom sont dans deux domaines différents. Si un
+deuxième client DHCP apparaît ayant le même nom qu'un client déjà existant,
+ce nom est transféré au nouveau client. Si
+.B --dhcp-fqdn
+est spécifié, ce comportement change : les noms non qualifiés ne sont plus
+rajoutés dans le DNS, seuls les noms qualifiés le sont. Deux clients DHCP
+avec le même nom peuvent tous les deux garder le nom, pour peu que la partie
+relative au domaine soit différente (c-à-d que les noms pleinements qualifiés
+diffèrent). Pour d'assurer que tous les noms ont une partie domaine, il doit-y
+avoir au moins un
+.B --domain
+sans gamme d'adresses de spécifié lorsque l'option
+.B --dhcp-fqdn
+est configurée.
+.TP
+.B --enable-tftp
+Active la fonction serveur TFTP. Celui-ci est de manière délibérée limité aux
+fonctions nécessaires au démarrage par le réseau ("net-boot") d'un client. Seul
+un accès en lecture est possible; les extensions tsize et blksize sont supportées
+(tsize est seulement supporté en mode octet).
+.TP
+.B --tftp-root=<répertoire>
+Les fichiers à fournir dans les transferts TFTP seront cherchés en prenant le
+répertoire fourni comme racine. Lorsque cela est fourni, les chemins TFTP
+incluant ".." sont rejetés, afin d'éviter que les clients ne puissent sortir de
+la racine spécifiée. Les chemins absolus (commençant par "/") sont autorisés,
+mais ils doivent être à la racine TFTP fournie.
+.TP
+.B --tftp-unique-root
+Ajouter l'adresse IP du client TFTP en temps qu'élément de chemin, à la suite
+de la racine tftp (adresse sous forme de 4 chiffres séparés par des points).
+Uniquement valable si une racine TFTP est spécifiée et si le répertoire
+correspond existe. Ainsi, si la valeur pour tftp-root est "/tftp" et que le
+client d'adresse IP 1.2.3.4 requiert le fichier "monfichier", alors le chemin
+effective résultant sera "/tftp/1.2.3.4/monfichier" si /tftp/1.2.3.4 existe, ou
+"/tftp/monfichier" dans le cas contraire.
+.TP
+.B --tftp-secure
+Active le mode TFTP sécurisé : sans cela, tout fichier lisible
+par Dnsmasq est disponible via TFTP (les règles de contrôle d'accès unix
+habituelles s'appliquent). Lorsque l'option
+.B --tftp-secure
+est spécifiée, seuls les fichiers possédés par l'utilisateur sous lequel tourne
+le processus Dnsmasq sont accessibles. Si Dnsmasq est exécuté en temps que
+super-utilisateur ("root"), des règles différentes s'appliquent :
+.B --tftp-secure
+n'a aucun effet, mais seuls les fichiers ayant un droit de lecture pour tout le
+monde sont accessibles. Il n'est pas recommandé d'exécuter Dnsmasq sous
+l'utilisateur "root" lorsque le service TFTP est activé, et il est formellement
+déconseillé de le faire sans fournir l'option
+.B --tftp-root.
+Sans cela, en effet, l'accès de tous les fichiers du serveur pour lequel le
+droit de lecture pour tout le monde est positionné ("world-readable") devient
+possible par n'importe quel hôte sur le réseau.
+.TP
+.B --tftp-max=<connexions>
+Définit le nombre maximum de connexions TFTP simultanées autorisées. La valeur
+par défaut est de 50. Lorsqu'un grand nombre de connexions TFTP est spécifié,
+il se peut que la limite de nombre de descripteurs de fichiers par processus
+soit atteinte. Dnsmasq nécessite quelques descripteurs de fichiers, ainsi qu'un
+descripteur de fichier pour chaque connexion TFTP simultanée et pour chacun des
+fichiers devant être fournis. De fait, servir le même fichier à n clients ne
+nécessitera qu'environ n + 10 descripteurs de fichiers, alors que fournir des
+fichiers tous différents à n clients utilisera environ (2*n) + 10 descripteurs.
+Si elle est donnée, l'option
+.B --tftp-port-range
+peut affecter le nombre maximum de connexions concurrentes.
+.TP
+.B --tftp-no-blocksize
+Empêche le serveur TFTP de négocier l'option "blocksize" (taille de bloc) avec
+les clients. Certains clients buggés spécifient cette option mais se comportent
+ensuite de manière incorrecte si celle-ci est accordée.
+.TP
+.B --tftp-port-range=<début>,<fin>
+Un serveur TFTP écoute sur le port prédéfini 69 ("well-known port") pour
+l'initiation de la connexion, mais utilise également un port dynamiquement
+alloué pour chaque connexion. Normalement, ces ports sont alloués par
+le système d'exploitation, mais cette option permet de spécifier une gamme
+de ports à utiliser pour les transferts TFTP. Cela peut-être utile si
+TFTP doit traverser un dispositif garde-barrière ("firewall"). La valeur
+de début pour la plage de port ne peut-être inférieure à 1025 sauf si
+dnsmasq tourne en temps que super-utilisateur ("root"). Le nombre de
+connexions TFTP concurrentes est limitée par la taille de la gamme de
+ports ainsi spécifiée.
+.TP
+.B --tftp-port-range=<début>,<fin>
+Un serveur TFTP écoute sur un numéro de port bien connu (69) pour l'initiation
+de la connexion, et alloue dynamiquement un port pour chaque connexion. Ces
+numéros de ports sont en principe alloués par le système d'exploitation, mais
+cette option permet de spécifier une gamme de ports à utiliser pour les
+transferts TFTP. Cela peut-être utile lorsque ceux-ci doivent traverser un
+dispositif garde-barrière ("firewall"). Le début de la plage ne peut-être
+inférieur à 1024 à moins que Dnsmasq ne fonctionne en temps que
+super-utilisateur ("root"). Le nombre maximal de connexions TFTP concurrentes
+est limitée par la taille de la plage de ports ainsi définie.
+.TP
+.B \-C, --conf-file=<fichier>
+Spécifie un fichier de configuration différent. L'option "conf-file" est
+également autorisée dans des fichiers de configuration, ce qui permet
+l'inclusion de multiples fichiers de configuration.
+.TP
+.B \-7, --conf-dir=<répertoire>[,<extension de fichier>...]
+Lis tous les fichiers du répertoire spécifié et les traite comme des fichiers de
+configuration. Si des extensions sont données, tout fichier finissant par ces
+extensions seront ignorés. Tout fichier dont le nom se termine en ~ ou commence
+par ., ainsi que ceux commençant ou se terminant par # seront systématiquement
+ignorés.
+Cette option peut être donnée en ligne de commande ou dans un fichier de
+configuration.
+.SH FICHIER DE CONFIGURATION
+Au démarrage, Dnsmasq lis
+.I /etc/dnsmasq.conf,
+si ce fichier existe. (Sur FreeBSD, ce fichier est
+.I /usr/local/etc/dnsmasq.conf
+) (voir cependant les options
+.B \-C
+et
+.B \-7
+). Le format de ce fichier consiste en une option par ligne, exactement comme
+les options longues détaillées dans la section OPTIONS, mais sans être précédées
+par "--". Les lignes commençant par # sont des commentaires et sont ignorées.
+Pour les options qui ne peuvent-être spécifiées qu'une seule fois, celle du
+fichier de configuration prends le pas sur celle fournie en ligne de commande.
+Il est possible d'utiliser des guillemets afin d'éviter que les ",",":","." et
+"#" ne soit interprêtés, et il est possible d'utiliser les séquences
+d'échappement suivantes : \\\\ \\" \\t \\e \\b \\r et \\n. Elles correspondent
+respectivement à la barre oblique descendante ("anti-slash"), guillemets doubles,
+tabulation, caractère d'échappement ("escape"), suppression ("backspace"), retour ("return") et
+nouvelle ligne ("newline").
+.SH NOTES
+A la réception d'un signal SIGHUP,
+.B Dnsmasq
+vide son cache et recharge les fichiers
+.I /etc/hosts
+et
+.I /etc/ethers
+ainsi que tout autre fichier spécifié par les options
+.B --dhcp-hostsfile
+,
+.B --dhcp-optsfile
+ou
+.B --addn-hosts.
+Le script de changement de bail est appellé pour chaque bail DHCP existant. Si
+l'option
+.B --no-poll
+est positionnée, alors le fichier
+.I /etc/resolv.conf
+est également rechargé.
+SIGHUP ne provoque PAS de rechargement du fichier de configuration.
+.PP
+A la réception d'un signal SIGUSR1,
+.B Dnsmasq
+écrit des statistiques dans les traces système. Les informations fournies sont :
+la taille du cache, le nombre de noms ayant été supprimés du cache avant
+expiration afin de faire de la place pour les nouveaux noms, ainsi que le nombre
+total d'entrées ayant été insérées dans le cache. Pour chaque serveur amont, il fournit
+le nomnbre de requêtes transmises ainsi que le nombre de requêtes ayant résulté par une
+erreur. Lorsque Dnsmasq a été lancé via
+.B --no-daemon
+ou lorsque la traçabilité maximale a été activée (
+.B -q
+), la totalité du contenu du
+cache est de surcroît fournie.
+.PP
+A la réception d'un signal SIGUSR2 et lorsqu'il enregistre directement ses
+traces dans un fichier (voir
+.B --log-facility
+), alors
+.B Dnsmasq
+ferme et re-rouvre le fichier de traces. Il faut noter que pendant cette
+opération Dnsmasq ne s'exécute pas en temps que "root". Lorsqu'il créé un
+fichier de traces pour la première fois, Dnsmasq change le propriétaire du
+fichier afin de le faire appartenir à l'utilisateur non "root" sous lequel
+Dnsmasq s'exécute. Le logiciel de rotation de fichiers de trace logrotate doit
+être configuré pour créer un nouveau fichier avec un propriétaire identique au
+fichier existant avant d'envoyer le signal SIGUSR2. Si une requête DNS TCP est
+en cours, l'ancien fichier de traces reste ouvert dans le processus fils qui
+traite la requête TCP et il peut y être écrit. Il existe cependant une limite
+de 150 secondes après laquelle tous les processus traitant des requêtes TCP
+expirent : pour cette raison, il est préférable de ne pas configurer la
+compression des fichiers de traces venant juste de faire l'objet d'une rotation.
+Dans le cas de l'utilisation du logiciel logrotate, les options requises sont
+.B create
+et
+.B delaycompress.
+
+
+.PP
+Dnsmasq est un logiciel de transmission de requêtes DNS : il n'est pas capable
+d'effectuer une résolution de nom récursive en partant des serveurs DNS racine,
+mais transmet de telles requêtes à un serveur DNS amont capable de telles
+recherches récursives, ce qui est typiquement le cas d'un serveur DNS de FAI.
+Par défaut, Dnsmasq lis
+.I /etc/resolv.conf
+pour découvrir les adresses IP des serveurs DNS amonts à utiliser, puisque cette
+information est en général stockée à cet endroit. A moins que l'option
+.B --no-poll
+ne soit utilisée,
+.B Dnsmasq
+vérifie la date de modification du fichier
+.I /etc/resolv.conf
+(ou l'équivalent si
+.B \--resolv-file
+est utilisé), et le relis lorsqu'il change. Cela permet de définir les serveurs
+DNS amont de manière dynamique lorsque PPP ou DHCP sont utilisés, puisque ces
+protocoles fournissent cette information.
+L'absence du fichier
+.I /etc/resolv.conf
+ne conduit pas à une erreur, puisqu'il peut très bien ne pas être créé avant
+qu'une connexion PPP ne soit établie. Dans ce cas, Dnsmasq vérifie régulièrement
+pour voir si un fichier
+.I /etc/resolv.conf
+est créé. Dnsmasq peut être configuré pour lire plus d'un fichier resolv.conf.
+Cela est utile sur un ordinateur portable où PPP et DHCP peuvent-être utilisés :
+Dnsmasq peut alors être configuré pour lire à la fois
+.I /etc/ppp/resolv.conf
+et
+.I /etc/dhcpc/resolv.conf
+et utilisera le contenu du fichier ayant changé en dernier, ce qui permet de
+passer automatiquement de serveurs DNS à d'autres.
+.PP
+Les serveurs amonts peuvent aussi être spécifiés sur la ligne de commande ou
+dans un fichier de configuration. Ces spécifications de serveurs peuvent
+éventuellement se voir adjoindre d'un nom de domaine qui précise à Dnsmasq quel
+serveur utiliser pour trouver les noms d'un domaine donné.
+.PP
+Pour configurer Dnsmasq afin qu'il se comporte comme un cache pour la machine
+sur laquelle il tourne, mettre "nameserver 127.0.0.1" dans le fichier
+.I /etc/resolv.conf
+afin de forcer les processus locaux à envoyer leurs requêtes à Dnsmasq. Ensuite,
+spécifier les serveurs DNS amont soit en les fournissant directement à Dnsmasq
+via l'option
+.B \--server
+ou alors en mettant leurs adresses dans un autre fichier, par exemple
+.I /etc/resolv.dnsmasq
+et en lançant Dnsmasq avec l'option
+.B \-r /etc/resolv.dnsmasq.
+Cette deuxième technique permet la mise-à-jour dynamique des addresses de
+serveurs DNS amont par le biais de PPP ou DHCP.
+.PP
+Les adresses dans /etc/hosts prennent le dessus sur celles fournies par le
+serveur DNS amont, ainsi "macompagnie.com 1.2.3.4" dans /etc/hosts assure que
+les requêtes pour "macompagnie.com" retourneront toujours 1.2.3.4, même si une
+requête au serveur DNS amont retournerait une adresse différente. Il y a une
+exception à ceci : si le DNS amont contient un CNAME qui pointe vers un nom
+présent dans /etc/hosts, alors la recherche du CNAME via Dnsmasq fournira
+l'adresse DNS amont. Pour contourner cela, il suffit de mettre l'entrée
+correspondant au CNAME dans /etc/hosts.
+
+.PP
+les identifiants de réseau fonctionnent comme suit : Dnsmasq associe à chaque
+requête DHCP un ensemble d'identifiants de réseau; un pour la plage d'adresse
+DHCP (
+.B dhcp-range
+) utilisée pour allouer l'adresse, un identifiant pour chaque entrée
+.B dhcp-host
+associée (il ajoute "known" lorsqu'une entrée dhcp-host coïncide), l'étiquette
+"bootp" pour les requêtes BOOTP, un identifiant dont le nom est le nom de
+l'interface sur laquelle la requête est arrivée, et éventuellement un
+identifiant pour chaque classe de vendeur ou d'utilisateur
+fournie par le client DHCP dans sa requête. Les options DHCP (
+.B dhcp-option
+) ayant un identifiant de réseau seront utilisés de préférence à celles
+sans identifiants de réseau, pour peu que
+.I tous
+les labels correspondent.
+Le préfixe '#' sur un label est un indicateur de négation, ainsi
+.B --dhcp=option=#purple,3,1.2.3.4
+envoie l'option lorsque le label "purple" n'est pas dans la liste de labels
+valides pour l'hôte considéré.
+.PP
+Si l'identifiant de réseau dans la plage d'adresses DHCP (
+.B dhcp-range
+) est préfixé par 'net:', alors sa signification change : au lieu d'associer un
+label à la plage spécifiée, cela indique un label de réseau devant être spécifié
+par le client DHCP. Ainsi, s'il y a plus d'une plage d'adresses DHCP sur un
+sous-réseau, et que l'une est préfixée par un identifiant de réseau (par exemple
+l'un spécifié dans une option de classe de vendeur), alors un hôte ayant
+l'identifiant de réseau en question positionné se verra allouer une adresse dans
+la plage d'adresses DHCP préfixée.
+.PP
+Le serveur DHCP intégré dans Dnsmasq fonctionne également en temps que serveur
+BOOTP, pour peu que l'adresse MAC et l'adresse IP des clients soient fournies,
+que ce soit par le biais de l'option
+.B dhcp-host
+ou dans le fichier
+.I /etc/ethers
+, et que l'option
+.B dhcp-range
+soit présente afin d'activer le serveur DHCP pour un réseau donné (L'option
+.B --bootp-dynamic
+supprime la nécessité des associations statiques). Le paramètre
+"filename" (nom de fichier) de la requête BOOTP est comparé avec les
+identifiants de réseaux des options
+.B dhcp-option
+ainsi que le label "bootp", ce qui permet de contrôler les options retournées
+aux différentes classes d'hôtes.
+
+.SH CODES DE SORTIE
+.PP
+0 - Dnsmasq s'est correctement lancé en tâche de fond, ou alors s'est
+correctement terminé si le lancement en tâche de fond n'a pas été activé.
+.PP
+1 - Un problème de configuration a été détecté.
+.PP
+2 - Un problème est survenu avec un accès réseau (adresse déjà utilisée,
+tentative d'utiliser un port privilégié sans les permissions nécessaires).
+.PP
+3 - Un problème est survenu avec une opération sur un système de fichier
+(fichier ou répertoire manquant, permissions).
+.PP
+4 - Impossibilité d'allouer de la mémoire.
+.PP
+5 - Autre problème.
+.PP
+11 ou plus - un code de retour différent de 0 a été reçu lors de l'appel au
+processus "init" du script des bails. Le code de retour de Dnsmasq correspond
+au code de retour du script plus 10.
+
+.SH LIMITES
+Les valeurs par défaut pour les limites de ressources de Dnsmasq sont en général
+conservatrices et appropriées pour des utilisations embarquées sur des machines
+de type routeur ayant des processeurs lents et une mémoire limitée. Sur du
+matériel plus performant, il est possible d'augmenter les limites et de gérer
+plus de clients. Les remarques suivantes s'appliquent à Dnsmasq version 2.37 et
+ultérieur : les versions précédentes ne montaient pas en charge aussi bien.
+
+.PP
+Dnsmasq est capable de gérer le DNS et DHCP pour au moins un millier de clients.
+Evidement, pour cela la valeur de
+.B --dhcp-lease-max
+doit être augmentée et la durée des baux ne doit pas être très courte (moins
+d'une heure). La valeur de
+.B --dns-forward-max
+peut-être augmentée : commencer par la rendre égale au nombre de clients et
+l'augmenter si le DNS semble lent. Noter que la performance du DNS dépends
+également de la performance des serveurs amonts. La taille du cache DNS peut-
+être augmentée : la limite en dur est de 10000 entrées et la valeur par défaut
+(150) est très basse. Envoyer un signal SIGUSR1 à Dnsmasq le fait émettre des
+informations utiles pour paramétrer la taille de cache. Voir la section
+.B NOTES
+pour plus de détails.
+.PP
+Le serveur TFTP intégré est capable de plusieurs transferts de fichiers
+simultanés : La limite absolue est liée au nombre maximal de descripteurs de
+fichiers alloué à un processus et à la capacité de l'appel système select() à
+gérer un grand nombre de HANDLE de fichier. Si la limite est fixée trop haut par
+le biais de
+.B --tftp-max
+elle sera réduite et la limite actuelle sera enregistrée au démarrage. Il faut
+noter que plus de transferts sont possible lorsque le même fichier est transmis
+au lieu d'avoir un fichier différent pour chaque transfert.
+
+.PP
+Il est possible d'utiliser Dnsmasq pour bloquer la publicité sur la toile
+en associant des serveurs de publicité bien connus à l'adresse 127.0.0.1 ou
+0.0.0.0 par le biais du fichier
+.B /etc/hosts
+ou d'un fichier d'hôte additionnel. Cette liste peut-être très longue, Dnsmasq
+ayant été testé avec succès avec un million de noms. Cette taille de fichier
+nécessite un processeur à 1 Ghz et environ 60 Mo de RAM.
+
+.SH FICHIERS
+.IR /etc/dnsmasq.conf
+
+.IR /usr/local/etc/dnsmasq.conf
+
+.IR /etc/resolv.conf
+
+.IR /etc/hosts
+
+.IR /etc/ethers
+
+.IR /var/lib/misc/dnsmasq.leases
+
+.IR /var/db/dnsmasq.leases
+
+.IR /var/run/dnsmasq.pid
+.SH VOIR AUSSI
+.BR hosts (5),
+.BR resolver (5)
+.SH AUTEUR
+Cette page de manuel a été écrite par Simon Kelley <simon@thekelleys.org.uk>.
+
+La traduction dans un français bancal a été commise par Gildas Le Nadan
+<3ntr0p13@gmail.com> : Toute révision/correction permettant de corriger
+orthographe ou grammaire mais surtout les éventuelles fautes de sens sera la
+bienvenue!
diff --git a/po/de.po b/po/de.po
new file mode 100755
index 0000000..6e1c440
--- /dev/null
+++ b/po/de.po
@@ -0,0 +1,1462 @@
+# German translations for dnsmasq package.
+# This file is put in the public domain.
+# Simon Kelley <simon@thekelleys.org.uk>, 2005.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: dnsmasq 2.24\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2009-06-18 12:24+0100\n"
+"PO-Revision-Date: 2005-09-27 09:37+0100\n"
+"Last-Translator: Simon Kelley <simon@thekelleys.org.uk>\n"
+"Language-Team: German <de@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: cache.c:764
+#, c-format
+msgid "failed to load names from %s: %s"
+msgstr ""
+
+#: cache.c:798 dhcp.c:785
+#, c-format
+msgid "bad address at %s line %d"
+msgstr ""
+
+# @Simon: Here I need an example to understand it :)
+#: cache.c:856 dhcp.c:801
+#, c-format
+msgid "bad name at %s line %d"
+msgstr ""
+
+# @Simon: Here I need an example to understand it :)
+#: cache.c:863 dhcp.c:875
+#, c-format
+msgid "read %s - %d addresses"
+msgstr "lese %s - %d Adressen"
+
+# @Simon: 'lese' is present, is that ok? If it should be past, it would be
+# @Simon: "gelesen: %s - %d Adressen" - note the colon, it's a must, then.
+#: cache.c:902
+msgid "cleared cache"
+msgstr "Cache geleert"
+
+#: cache.c:933 option.c:1055
+#, c-format
+msgid "cannot access directory %s: %s"
+msgstr ""
+
+# @Simon: "Cache geleert" is literally "Cache emptied" but I think other translations could be misleading
+# @Simon: (I don't know a good german replacement for "Cache" but AFAIK "Cache" is common in german)
+#: cache.c:1052
+#, c-format
+msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+msgstr "Name %s wurde nicht dem DHCP 'Mieter' von %s zugewiesen, da der Name in %smit der Adresse %s bereits existiert"
+
+#: cache.c:1129
+#, c-format
+msgid "time %lu"
+msgstr ""
+
+# @Simon: "Mieter" is rather 'logder, renter, tenant, lessee' but I couldn't find anything that fits better.
+# @Simon: So I thought I put it in ''-marks :)
+#: cache.c:1130
+#, fuzzy, c-format
+msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+msgstr "Cache Größe %d, %d/%d Cache-Einfügungen verwendeten nicht abgelaufene Cache-Einträge wieder."
+
+#: cache.c:1132
+#, c-format
+msgid "queries forwarded %u, queries answered locally %u"
+msgstr ""
+
+#: cache.c:1155
+#, c-format
+msgid "server %s#%d: queries sent %u, retried or failed %u"
+msgstr ""
+
+#: util.c:59
+#, c-format
+msgid "failed to seed the random number generator: %s"
+msgstr ""
+
+#: util.c:191
+msgid "failed to allocate memory"
+msgstr ""
+
+# @Simon: "re-used" = "wiederverwenden", but in such a case it must be split apart to "verwendet ... wieder"
+# @Simon: "unexpired" = "nicht abgelaufen" (expired=abgelaufen) -- altogether it sounds complicated in german,
+# @Simon: I would prefer to use "noch gültige" = "still valid", would that fit to the sense? Then it would be:
+# @Simon: msgstr "Cache Größe %d, %d/%d Cache-Einfügungen verwendeten noch gültige Cache-Einträge wieder."
+# @Simon: btw, what is the "%d/%d"-part?
+#: util.c:229 option.c:548
+msgid "could not get memory"
+msgstr "Speicher nicht verfügbar"
+
+#: util.c:239
+#, c-format
+msgid "cannot create pipe: %s"
+msgstr ""
+
+#: util.c:247
+#, c-format
+msgid "failed to allocate %d bytes"
+msgstr ""
+
+# @Simon: not perfect but I cannot get nearer right now.
+#: util.c:352
+#, c-format
+msgid "infinite"
+msgstr "unendlich"
+
+#: option.c:228
+msgid "Specify local address(es) to listen on."
+msgstr "Lokale abzuhörende Adresse(n) angeben."
+
+# @Simon: Quite literal translation, sounds not too polite in german.
+# @Simon: How about: "Bitte die lokalen abzuhörende Adresse(n) angeben."
+# @Simon: = "Please specify the local address(es) to listen on."
+#: option.c:229
+msgid "Return ipaddr for all hosts in specified domains."
+msgstr "Rückkehr-IP-Adresse für alle Geräte in angebenen Domänen"
+
+# @Simon: I hope "Return ipaddr" is similar to "Return-ipaddr" and not "Return the ipaddr ... !"
+#: option.c:230
+msgid "Fake reverse lookups for RFC1918 private address ranges."
+msgstr "'Gefälschte' Rückwärts-Ergebnisse für private Adressbereiche nach RFC1918"
+
+# @Simon: I'm a bit unsure about the meaning of "Fake" here, and the best word for "lookup" is "Nachsehen"
+# @Simon: (that is "looking-for") but I think that cannot be used. "Ergebnisse" = "results", is that near enough?
+#: option.c:231
+msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+msgstr "Behandle IP-Adr als NXDOMAIN (wehrt Verisign-Platzhalter ab)."
+
+# @Simon: or "Behandle IP-Adr als NXDOMAIN (gegen Verisign-Platzhalter)."
+# @Simon: "gegen" = "against", I believe that might be clumsy in english but it is fine in german.
+# @Simon: Just by chance I know what this is for - it is merely against verisign's use of wildcard
+# @Simon: entries (that lead to their own servers), right. Therefore, how about:
+# @Simon: "Behandle IP-Adr als NXDOMAIN (gegen Verisigns Platzhalter-Gebrauch)."
+# @Simon: = "Treat ipaddr as NXDOMAIN (defeats Verisigns wildcard usage)." ?
+# @Simon: But the explanatory(?) effect is only a very tiny bit better, I believe - what do U think?
+#: option.c:232
+#, c-format
+msgid "Specify the size of the cache in entries (defaults to %s)."
+msgstr "Angabe der Größe des Caches in Einträgen (Voreinstellung: %s)."
+
+#: option.c:233
+#, c-format
+msgid "Specify configuration file (defaults to %s)."
+msgstr "Angabe der Konfigurationsdatei (Voreinstellung: %s)."
+
+#: option.c:234
+msgid "Do NOT fork into the background: run in debug mode."
+msgstr "NICHT in den Hintergrund gehen: Betrieb im Debug-Modus"
+
+# @Simon: = "DO NOT go into the background: Operation in debug-mode"
+# @Simon: I know it sounds a bit clumsy in english, but "fork" would be hard to understand
+# @Simon: and then I get a problem between "go" and "run" - so...
+# @Simon: "Debug-mode" = "Fehlersuch-Modus", literally, but I think "Debug-Modus" is better :)
+#: option.c:235
+msgid "Do NOT forward queries with no domain part."
+msgstr "Anfragen ohne Domänen-Teil NICHT weiterschicken"
+
+# @Simon: "weiterschicken" is rather "pass on" (I hope) but that's the best I found.
+#: option.c:236
+msgid "Return self-pointing MX records for local hosts."
+msgstr "Rückgabe auf sich selbst zeigender MX-Einträge für lokale Geräte"
+
+# @Simon: "self-pointing" is a bit difficult, the meaning is clear but takes 3-4 words to express it in german.
+# @Simon: "Geräte" is about "hard-devices". There is a word for "host" (it is "Wirt") but it would be misleading.
+# @Simon: My online dict suggest "Rechner" (= Computer), but I think "hard-devices" is better because it's more general.
+#: option.c:237
+msgid "Expand simple names in /etc/hosts with domain-suffix."
+msgstr "Erweitere einfache Namen in /etc/hosts mit der Domänen-Endung"
+
+#: option.c:238
+msgid "Don't forward spurious DNS requests from Windows hosts."
+msgstr "'unechte' DNS-Anfragen von Windows-Rechnern nicht weiterleiten"
+
+# @Simon: I'm a bit unsure about "spurious"
+#: option.c:239
+msgid "Enable DHCP in the range given with lease duration."
+msgstr ""
+
+#: option.c:240
+#, c-format
+msgid "Change to this group after startup (defaults to %s)."
+msgstr ""
+
+#: option.c:241
+msgid "Set address or hostname for a specified machine."
+msgstr ""
+
+#: option.c:242
+msgid "Read DHCP host specs from file"
+msgstr ""
+
+#: option.c:243
+msgid "Read DHCP option specs from file"
+msgstr ""
+
+#: option.c:244
+#, c-format
+msgid "Do NOT load %s file."
+msgstr ""
+
+#: option.c:245
+#, c-format
+msgid "Specify a hosts file to be read in addition to %s."
+msgstr ""
+
+#: option.c:246
+msgid "Specify interface(s) to listen on."
+msgstr ""
+
+#: option.c:247
+msgid "Specify interface(s) NOT to listen on."
+msgstr ""
+
+#: option.c:248
+msgid "Map DHCP user class to tag."
+msgstr ""
+
+#: option.c:249
+msgid "Map RFC3046 circuit-id to tag."
+msgstr ""
+
+#: option.c:250
+msgid "Map RFC3046 remote-id to tag."
+msgstr ""
+
+#: option.c:251
+msgid "Map RFC3993 subscriber-id to tag."
+msgstr ""
+
+#: option.c:252
+msgid "Don't do DHCP for hosts with tag set."
+msgstr ""
+
+#: option.c:253
+msgid "Force broadcast replies for hosts with tag set."
+msgstr ""
+
+#: option.c:254
+msgid "Do NOT fork into the background, do NOT run in debug mode."
+msgstr ""
+
+#: option.c:255
+msgid "Assume we are the only DHCP server on the local network."
+msgstr ""
+
+#: option.c:256
+#, c-format
+msgid "Specify where to store DHCP leases (defaults to %s)."
+msgstr ""
+
+#: option.c:257
+msgid "Return MX records for local hosts."
+msgstr ""
+
+#: option.c:258
+msgid "Specify an MX record."
+msgstr ""
+
+#: option.c:259
+msgid "Specify BOOTP options to DHCP server."
+msgstr ""
+
+#: option.c:260
+#, c-format
+msgid "Do NOT poll %s file, reload only on SIGHUP."
+msgstr ""
+
+#: option.c:261
+msgid "Do NOT cache failed search results."
+msgstr ""
+
+#: option.c:262
+#, c-format
+msgid "Use nameservers strictly in the order given in %s."
+msgstr ""
+
+#: option.c:263
+msgid "Specify options to be sent to DHCP clients."
+msgstr ""
+
+#: option.c:264
+msgid "DHCP option sent even if the client does not request it."
+msgstr ""
+
+#: option.c:265
+msgid "Specify port to listen for DNS requests on (defaults to 53)."
+msgstr ""
+
+#: option.c:266
+#, c-format
+msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+msgstr ""
+
+#: option.c:267
+msgid "Log DNS queries."
+msgstr ""
+
+#: option.c:268
+msgid "Force the originating port for upstream DNS queries."
+msgstr ""
+
+#: option.c:269
+msgid "Do NOT read resolv.conf."
+msgstr ""
+
+#: option.c:270
+#, c-format
+msgid "Specify path to resolv.conf (defaults to %s)."
+msgstr ""
+
+#: option.c:271
+msgid "Specify address(es) of upstream servers with optional domains."
+msgstr ""
+
+#: option.c:272
+msgid "Never forward queries to specified domains."
+msgstr ""
+
+#: option.c:273
+msgid "Specify the domain to be assigned in DHCP leases."
+msgstr ""
+
+#: option.c:274
+msgid "Specify default target in an MX record."
+msgstr ""
+
+#: option.c:275
+msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+msgstr ""
+
+#: option.c:276
+msgid "Specify time-to-live in seconds for negative caching."
+msgstr ""
+
+#: option.c:277
+#, c-format
+msgid "Change to this user after startup. (defaults to %s)."
+msgstr ""
+
+#: option.c:278
+msgid "Map DHCP vendor class to tag."
+msgstr ""
+
+#: option.c:279
+msgid "Display dnsmasq version and copyright information."
+msgstr ""
+
+#: option.c:280
+msgid "Translate IPv4 addresses from upstream servers."
+msgstr ""
+
+#: option.c:281
+msgid "Specify a SRV record."
+msgstr ""
+
+#: option.c:282
+msgid "Display this message. Use --help dhcp for known DHCP options."
+msgstr ""
+
+#: option.c:283
+#, fuzzy, c-format
+msgid "Specify path of PID file (defaults to %s)."
+msgstr "Angabe der Konfigurationsdatei (Voreinstellung: %s)."
+
+#: option.c:284
+#, c-format
+msgid "Specify maximum number of DHCP leases (defaults to %s)."
+msgstr ""
+
+#: option.c:285
+msgid "Answer DNS queries based on the interface a query was sent to."
+msgstr ""
+
+#: option.c:286
+msgid "Specify TXT DNS record."
+msgstr ""
+
+#: option.c:287
+msgid "Specify PTR DNS record."
+msgstr ""
+
+#: option.c:288
+msgid "Give DNS name to IPv4 address of interface."
+msgstr ""
+
+#: option.c:289
+msgid "Bind only to interfaces in use."
+msgstr ""
+
+#: option.c:290
+#, c-format
+msgid "Read DHCP static host information from %s."
+msgstr ""
+
+#: option.c:291
+msgid "Enable the DBus interface for setting upstream servers, etc."
+msgstr ""
+
+#: option.c:292
+msgid "Do not provide DHCP on this interface, only provide DNS."
+msgstr ""
+
+#: option.c:293
+msgid "Enable dynamic address allocation for bootp."
+msgstr ""
+
+#: option.c:294
+msgid "Map MAC address (with wildcards) to option set."
+msgstr ""
+
+#: option.c:295
+msgid "Treat DHCP requests on aliases as arriving from interface."
+msgstr ""
+
+#: option.c:296
+msgid "Disable ICMP echo address checking in the DHCP server."
+msgstr ""
+
+#: option.c:297
+msgid "Script to run on DHCP lease creation and destruction."
+msgstr ""
+
+#: option.c:298
+msgid "Read configuration from all the files in this directory."
+msgstr ""
+
+#: option.c:299
+msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+msgstr ""
+
+#: option.c:300
+msgid "Do not use leasefile."
+msgstr ""
+
+#: option.c:301
+#, c-format
+msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+msgstr ""
+
+#: option.c:302
+#, c-format
+msgid "Clear DNS cache when reloading %s."
+msgstr ""
+
+#: option.c:303
+msgid "Ignore hostnames provided by DHCP clients."
+msgstr ""
+
+#: option.c:304
+msgid "Do NOT reuse filename and server fields for extra DHCP options."
+msgstr ""
+
+#: option.c:305
+msgid "Enable integrated read-only TFTP server."
+msgstr ""
+
+#: option.c:306
+msgid "Export files by TFTP only from the specified subtree."
+msgstr ""
+
+#: option.c:307
+msgid "Add client IP address to tftp-root."
+msgstr ""
+
+#: option.c:308
+msgid "Allow access only to files owned by the user running dnsmasq."
+msgstr ""
+
+#: option.c:309
+#, c-format
+msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+msgstr ""
+
+#: option.c:310
+msgid "Disable the TFTP blocksize extension."
+msgstr ""
+
+#: option.c:311
+msgid "Ephemeral port range for use by TFTP transfers."
+msgstr ""
+
+#: option.c:312
+msgid "Extra logging for DHCP."
+msgstr ""
+
+#: option.c:313
+msgid "Enable async. logging; optionally set queue length."
+msgstr ""
+
+#: option.c:314
+msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+msgstr ""
+
+#: option.c:315
+msgid "Always perform DNS queries to all servers."
+msgstr ""
+
+#: option.c:316
+msgid "Set tag if client includes matching option in request."
+msgstr ""
+
+#: option.c:317
+msgid "Use alternative ports for DHCP."
+msgstr ""
+
+#: option.c:318
+msgid "Run lease-change script as this user."
+msgstr ""
+
+#: option.c:319
+msgid "Specify NAPTR DNS record."
+msgstr ""
+
+#: option.c:320
+msgid "Specify lowest port available for DNS query transmission."
+msgstr ""
+
+#: option.c:321
+msgid "Use only fully qualified domain names for DHCP clients."
+msgstr ""
+
+#: option.c:322
+msgid "Specify alias name for LOCAL DNS name."
+msgstr ""
+
+#: option.c:323
+msgid "Prompt to send to PXE clients."
+msgstr ""
+
+#: option.c:324
+msgid "Boot service for PXE menu."
+msgstr ""
+
+#: option.c:325
+msgid "Check configuration syntax."
+msgstr ""
+
+#: option.c:613
+#, c-format
+msgid ""
+"Usage: dnsmasq [options]\n"
+"\n"
+msgstr ""
+
+#: option.c:615
+#, c-format
+msgid "Use short options only on the command line.\n"
+msgstr ""
+
+#: option.c:617
+#, c-format
+msgid "Valid options are:\n"
+msgstr ""
+
+#: option.c:658
+#, c-format
+msgid "Known DHCP options:\n"
+msgstr ""
+
+#: option.c:735
+msgid "bad dhcp-option"
+msgstr ""
+
+# @Simon: Here I need an example to understand it :)
+#: option.c:792
+#, fuzzy
+msgid "bad IP address"
+msgstr "lese %s - %d Adressen"
+
+#: option.c:891
+msgid "bad domain in dhcp-option"
+msgstr ""
+
+#: option.c:950
+msgid "dhcp-option too long"
+msgstr ""
+
+#: option.c:959
+msgid "illegal dhcp-match"
+msgstr ""
+
+#: option.c:995
+msgid "illegal repeated flag"
+msgstr ""
+
+#: option.c:1003
+msgid "illegal repeated keyword"
+msgstr ""
+
+#: option.c:1086 tftp.c:359
+#, c-format
+msgid "cannot access %s: %s"
+msgstr ""
+
+#: option.c:1131
+msgid "only one dhcp-hostsfile allowed"
+msgstr ""
+
+#: option.c:1138
+msgid "only one dhcp-optsfile allowed"
+msgstr ""
+
+#: option.c:1183
+msgid "bad MX preference"
+msgstr ""
+
+#: option.c:1188
+msgid "bad MX name"
+msgstr ""
+
+#: option.c:1202
+msgid "bad MX target"
+msgstr ""
+
+#: option.c:1212
+msgid "cannot run scripts under uClinux"
+msgstr ""
+
+#: option.c:1214
+msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+msgstr ""
+
+#: option.c:1442 option.c:1446
+msgid "bad port"
+msgstr ""
+
+#: option.c:1465 option.c:1490
+msgid "interface binding not supported"
+msgstr ""
+
+#: option.c:1611
+msgid "bad port range"
+msgstr ""
+
+#: option.c:1628
+msgid "bad bridge-interface"
+msgstr ""
+
+#: option.c:1669
+msgid "bad dhcp-range"
+msgstr ""
+
+#: option.c:1695
+msgid "only one netid tag allowed"
+msgstr ""
+
+#: option.c:1740
+msgid "inconsistent DHCP range"
+msgstr ""
+
+#: option.c:1912
+msgid "bad DHCP host name"
+msgstr ""
+
+#: option.c:2201 option.c:2481
+msgid "invalid port number"
+msgstr ""
+
+#: option.c:2284
+msgid "invalid alias range"
+msgstr ""
+
+#: option.c:2297
+msgid "bad interface name"
+msgstr ""
+
+#: option.c:2322
+msgid "bad CNAME"
+msgstr ""
+
+#: option.c:2327
+msgid "duplicate CNAME"
+msgstr ""
+
+#: option.c:2347
+msgid "bad PTR record"
+msgstr ""
+
+#: option.c:2378
+msgid "bad NAPTR record"
+msgstr ""
+
+#: option.c:2403
+msgid "TXT record string too long"
+msgstr ""
+
+#: option.c:2451
+msgid "bad TXT record"
+msgstr ""
+
+#: option.c:2467
+msgid "bad SRV record"
+msgstr ""
+
+#: option.c:2474
+msgid "bad SRV target"
+msgstr ""
+
+#: option.c:2488
+msgid "invalid priority"
+msgstr ""
+
+#: option.c:2495
+msgid "invalid weight"
+msgstr ""
+
+#: option.c:2514
+msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DBus support)"
+msgstr ""
+
+#: option.c:2557
+#, c-format
+msgid "files nested too deep in %s"
+msgstr ""
+
+#: option.c:2565 tftp.c:513
+#, c-format
+msgid "cannot read %s: %s"
+msgstr ""
+
+#: option.c:2626
+msgid "missing \""
+msgstr ""
+
+#: option.c:2673
+msgid "bad option"
+msgstr ""
+
+#: option.c:2675
+msgid "extraneous parameter"
+msgstr ""
+
+#: option.c:2677
+msgid "missing parameter"
+msgstr ""
+
+#: option.c:2685
+msgid "error"
+msgstr ""
+
+# @Simon: "Speicher nicht verfügbar" = "memory not available"
+# @Simon: "could not get memory" = "konnte keinen Speicher bekommen" or "konnte Speicher nicht bekommen"
+# @Simon: ("keinen Speicher" = "no memory", "... nicht bekommen" = "... not get")
+# @Simon: both would be correct - but would sound rather clumsy in german
+# @Simon: how about "Nicht genügend Speicher verfügbar" = "Not enough memory available" ?
+#: option.c:2691
+#, c-format
+msgid "%s at line %d of %%s"
+msgstr "%s in Zeile %d von %%s"
+
+#: option.c:2740 option.c:2771
+#, c-format
+msgid "read %s"
+msgstr ""
+
+#: option.c:2843
+#, c-format
+msgid "Dnsmasq version %s %s\n"
+msgstr ""
+
+#: option.c:2844
+#, c-format
+msgid ""
+"Compile time options %s\n"
+"\n"
+msgstr ""
+
+#: option.c:2845
+#, c-format
+msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+msgstr ""
+
+#: option.c:2846
+#, c-format
+msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+msgstr ""
+
+#: option.c:2847
+#, c-format
+msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+msgstr ""
+
+#: option.c:2858
+msgid "try --help"
+msgstr ""
+
+#: option.c:2860
+msgid "try -w"
+msgstr ""
+
+#: option.c:2863
+#, c-format
+msgid "bad command line options: %s"
+msgstr ""
+
+#: option.c:2904
+#, c-format
+msgid "cannot get host-name: %s"
+msgstr ""
+
+#: option.c:2932
+msgid "only one resolv.conf file allowed in no-poll mode."
+msgstr ""
+
+#: option.c:2942
+msgid "must have exactly one resolv.conf to read domain from."
+msgstr ""
+
+#: option.c:2945 network.c:754 dhcp.c:734
+#, c-format
+msgid "failed to read %s: %s"
+msgstr ""
+
+#: option.c:2962
+#, c-format
+msgid "no search directive found in %s"
+msgstr ""
+
+#: option.c:2983
+msgid "there must be a default domain when --dhcp-fqdn is set"
+msgstr ""
+
+#: option.c:2987
+msgid "syntax check OK"
+msgstr ""
+
+#: forward.c:409
+#, c-format
+msgid "nameserver %s refused to do a recursive query"
+msgstr ""
+
+#: forward.c:437
+msgid "possible DNS-rebind attack detected"
+msgstr ""
+
+#: network.c:73
+#, c-format
+msgid "unknown interface %s in bridge-interface"
+msgstr ""
+
+#: network.c:417 dnsmasq.c:189
+#, c-format
+msgid "failed to create listening socket: %s"
+msgstr ""
+
+#: network.c:424
+#, c-format
+msgid "failed to set IPV6 options on listening socket: %s"
+msgstr ""
+
+#: network.c:450
+#, c-format
+msgid "failed to bind listening socket for %s: %s"
+msgstr ""
+
+#: network.c:455
+#, c-format
+msgid "failed to listen on socket: %s"
+msgstr ""
+
+#: network.c:467
+#, c-format
+msgid "failed to create TFTP socket: %s"
+msgstr ""
+
+#: network.c:661
+#, c-format
+msgid "failed to bind server socket for %s: %s"
+msgstr ""
+
+#: network.c:694
+#, c-format
+msgid "ignoring nameserver %s - local interface"
+msgstr ""
+
+#: network.c:705
+#, c-format
+msgid "ignoring nameserver %s - cannot make/bind socket: %s"
+msgstr ""
+
+#: network.c:720
+msgid "unqualified"
+msgstr ""
+
+#: network.c:720
+msgid "names"
+msgstr ""
+
+#: network.c:722
+msgid "default"
+msgstr ""
+
+#: network.c:724
+msgid "domain"
+msgstr ""
+
+#: network.c:727
+#, c-format
+msgid "using local addresses only for %s %s"
+msgstr ""
+
+#: network.c:729
+#, c-format
+msgid "using nameserver %s#%d for %s %s"
+msgstr ""
+
+#: network.c:732
+#, c-format
+msgid "using nameserver %s#%d(via %s)"
+msgstr ""
+
+#: network.c:734
+#, c-format
+msgid "using nameserver %s#%d"
+msgstr ""
+
+#: dnsmasq.c:146
+msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+msgstr ""
+
+#: dnsmasq.c:151
+msgid "asychronous logging is not available under Solaris"
+msgstr ""
+
+#: dnsmasq.c:170
+#, c-format
+msgid "failed to find list of interfaces: %s"
+msgstr ""
+
+#: dnsmasq.c:178
+#, c-format
+msgid "unknown interface %s"
+msgstr ""
+
+#: dnsmasq.c:184
+#, c-format
+msgid "no interface with address %s"
+msgstr ""
+
+#: dnsmasq.c:201 dnsmasq.c:665
+#, c-format
+msgid "DBus error: %s"
+msgstr ""
+
+#: dnsmasq.c:204
+msgid "DBus not available: set HAVE_DBUS in src/config.h"
+msgstr ""
+
+#: dnsmasq.c:230
+#, c-format
+msgid "unknown user or group: %s"
+msgstr ""
+
+#: dnsmasq.c:287
+#, c-format
+msgid "cannot chdir to filesystem root: %s"
+msgstr ""
+
+#: dnsmasq.c:448
+#, c-format
+msgid "started, version %s DNS disabled"
+msgstr ""
+
+#: dnsmasq.c:450
+#, c-format
+msgid "started, version %s cachesize %d"
+msgstr ""
+
+#: dnsmasq.c:452
+#, c-format
+msgid "started, version %s cache disabled"
+msgstr ""
+
+#: dnsmasq.c:454
+#, c-format
+msgid "compile time options: %s"
+msgstr ""
+
+#: dnsmasq.c:460
+msgid "DBus support enabled: connected to system bus"
+msgstr ""
+
+#: dnsmasq.c:462
+msgid "DBus support enabled: bus connection pending"
+msgstr ""
+
+#: dnsmasq.c:467
+#, c-format
+msgid "warning: failed to change owner of %s: %s"
+msgstr ""
+
+#: dnsmasq.c:471
+msgid "setting --bind-interfaces option because of OS limitations"
+msgstr ""
+
+#: dnsmasq.c:476
+#, c-format
+msgid "warning: interface %s does not currently exist"
+msgstr ""
+
+#: dnsmasq.c:481
+msgid "warning: ignoring resolv-file flag because no-resolv is set"
+msgstr ""
+
+#: dnsmasq.c:484
+msgid "warning: no upstream servers configured"
+msgstr ""
+
+#: dnsmasq.c:488
+#, c-format
+msgid "asynchronous logging enabled, queue limit is %d messages"
+msgstr ""
+
+#: dnsmasq.c:501
+#, c-format
+msgid "DHCP, static leases only on %.0s%s, lease time %s"
+msgstr ""
+
+#: dnsmasq.c:503
+#, c-format
+msgid "DHCP, proxy on subnet %.0s%s%.0s"
+msgstr ""
+
+#: dnsmasq.c:504
+#, c-format
+msgid "DHCP, IP range %s -- %s, lease time %s"
+msgstr ""
+
+#: dnsmasq.c:519
+msgid "root is "
+msgstr ""
+
+#: dnsmasq.c:519
+msgid "enabled"
+msgstr ""
+
+#: dnsmasq.c:521
+msgid "secure mode"
+msgstr ""
+
+#: dnsmasq.c:547
+#, c-format
+msgid "restricting maximum simultaneous TFTP transfers to %d"
+msgstr ""
+
+#: dnsmasq.c:667
+msgid "connected to system DBus"
+msgstr ""
+
+#: dnsmasq.c:757
+#, c-format
+msgid "cannot fork into background: %s"
+msgstr ""
+
+#: dnsmasq.c:760
+#, c-format
+msgid "failed to create helper: %s"
+msgstr ""
+
+#: dnsmasq.c:763
+#, c-format
+msgid "setting capabilities failed: %s"
+msgstr ""
+
+#: dnsmasq.c:767
+#, c-format
+msgid "failed to change user-id to %s: %s"
+msgstr ""
+
+#: dnsmasq.c:772
+#, c-format
+msgid "failed to change group-id to %s: %s"
+msgstr ""
+
+#: dnsmasq.c:775
+#, c-format
+msgid "failed to open pidfile %s: %s"
+msgstr ""
+
+#: dnsmasq.c:778
+#, c-format
+msgid "cannot open %s: %s"
+msgstr ""
+
+#: dnsmasq.c:833
+#, c-format
+msgid "child process killed by signal %d"
+msgstr ""
+
+#: dnsmasq.c:837
+#, c-format
+msgid "child process exited with status %d"
+msgstr ""
+
+#: dnsmasq.c:841
+#, c-format
+msgid "failed to execute %s: %s"
+msgstr ""
+
+#: dnsmasq.c:885
+msgid "exiting on receipt of SIGTERM"
+msgstr ""
+
+#: dnsmasq.c:903
+#, c-format
+msgid "failed to access %s: %s"
+msgstr ""
+
+#: dnsmasq.c:925
+#, c-format
+msgid "reading %s"
+msgstr ""
+
+#: dnsmasq.c:936
+#, c-format
+msgid "no servers found in %s, will retry"
+msgstr ""
+
+#: dhcp.c:40
+#, c-format
+msgid "cannot create DHCP socket: %s"
+msgstr ""
+
+#: dhcp.c:52
+#, c-format
+msgid "failed to set options on DHCP socket: %s"
+msgstr ""
+
+#: dhcp.c:65
+#, c-format
+msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
+msgstr ""
+
+#: dhcp.c:77
+#, c-format
+msgid "failed to bind DHCP server socket: %s"
+msgstr ""
+
+#: dhcp.c:90
+#, c-format
+msgid "cannot create ICMP raw socket: %s."
+msgstr ""
+
+#: dhcp.c:226
+#, c-format
+msgid "DHCP packet received on %s which has no address"
+msgstr ""
+
+#: dhcp.c:385
+#, c-format
+msgid "DHCP range %s -- %s is not consistent with netmask %s"
+msgstr ""
+
+#: dhcp.c:772
+#, c-format
+msgid "bad line at %s line %d"
+msgstr ""
+
+#: dhcp.c:815
+#, c-format
+msgid "ignoring %s line %d, duplicate name or IP address"
+msgstr ""
+
+#: dhcp.c:897
+#, c-format
+msgid "duplicate IP address %s in dhcp-config directive."
+msgstr ""
+
+#: dhcp.c:900
+#, c-format
+msgid "duplicate IP address %s in %s."
+msgstr ""
+
+#: dhcp.c:943
+#, c-format
+msgid "%s has more than one address in hostsfile, using %s for DHCP"
+msgstr ""
+
+#: dhcp.c:948
+#, c-format
+msgid "duplicate IP address %s (%s) in dhcp-config directive"
+msgstr ""
+
+#: lease.c:66
+#, c-format
+msgid "cannot open or create lease file %s: %s"
+msgstr ""
+
+#: lease.c:92
+msgid "too many stored leases"
+msgstr ""
+
+#: lease.c:128
+#, c-format
+msgid "cannot run lease-init script %s: %s"
+msgstr ""
+
+#: lease.c:134
+#, c-format
+msgid "lease-init script returned exit code %s"
+msgstr ""
+
+#: lease.c:234
+#, c-format
+msgid "failed to write %s: %s (retry in %us)"
+msgstr ""
+
+#: rfc2131.c:336
+#, c-format
+msgid "no address range available for DHCP request %s %s"
+msgstr ""
+
+#: rfc2131.c:337
+msgid "with subnet selector"
+msgstr ""
+
+#: rfc2131.c:337
+msgid "via"
+msgstr ""
+
+#: rfc2131.c:352
+#, c-format
+msgid "%u Available DHCP subnet: %s/%s"
+msgstr ""
+
+#: rfc2131.c:355
+#, c-format
+msgid "%u Available DHCP range: %s -- %s"
+msgstr ""
+
+#: rfc2131.c:384
+msgid "disabled"
+msgstr ""
+
+#: rfc2131.c:418 rfc2131.c:883 rfc2131.c:1242
+msgid "ignored"
+msgstr ""
+
+#: rfc2131.c:433 rfc2131.c:1100
+msgid "address in use"
+msgstr ""
+
+#: rfc2131.c:447 rfc2131.c:937
+msgid "no address available"
+msgstr ""
+
+#: rfc2131.c:454 rfc2131.c:1063
+msgid "wrong network"
+msgstr ""
+
+#: rfc2131.c:467
+msgid "no address configured"
+msgstr ""
+
+#: rfc2131.c:473 rfc2131.c:1113
+msgid "no leases left"
+msgstr ""
+
+#: rfc2131.c:558
+#, c-format
+msgid "%u client provides name: %s"
+msgstr ""
+
+#: rfc2131.c:696
+#, c-format
+msgid "%u Vendor class: %s"
+msgstr ""
+
+#: rfc2131.c:698
+#, c-format
+msgid "%u User class: %s"
+msgstr ""
+
+#: rfc2131.c:737
+msgid "PXE BIS not supported"
+msgstr ""
+
+#: rfc2131.c:853
+#, c-format
+msgid "disabling DHCP static address %s for %s"
+msgstr ""
+
+#: rfc2131.c:874
+msgid "unknown lease"
+msgstr ""
+
+#: rfc2131.c:906
+#, c-format
+msgid "not using configured address %s because it is leased to %s"
+msgstr ""
+
+#: rfc2131.c:916
+#, c-format
+msgid "not using configured address %s because it is in use by the server or relay"
+msgstr ""
+
+#: rfc2131.c:919
+#, c-format
+msgid "not using configured address %s because it was previously declined"
+msgstr ""
+
+#: rfc2131.c:935 rfc2131.c:1106
+msgid "no unique-id"
+msgstr ""
+
+#: rfc2131.c:1003
+msgid "wrong server-ID"
+msgstr ""
+
+#: rfc2131.c:1022
+msgid "wrong address"
+msgstr ""
+
+#: rfc2131.c:1039
+msgid "lease not found"
+msgstr ""
+
+#: rfc2131.c:1071
+msgid "address not available"
+msgstr ""
+
+#: rfc2131.c:1082
+msgid "static lease available"
+msgstr ""
+
+#: rfc2131.c:1086
+msgid "address reserved"
+msgstr ""
+
+#: rfc2131.c:1094
+#, c-format
+msgid "abandoning lease to %s of %s"
+msgstr ""
+
+#: rfc2131.c:1583
+#, c-format
+msgid "%u tags: %s"
+msgstr ""
+
+#: rfc2131.c:1596
+#, c-format
+msgid "%u bootfile name: %s"
+msgstr ""
+
+#: rfc2131.c:1605
+#, c-format
+msgid "%u server name: %s"
+msgstr ""
+
+#: rfc2131.c:1613
+#, c-format
+msgid "%u next server: %s"
+msgstr ""
+
+#: rfc2131.c:1680
+#, c-format
+msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
+msgstr ""
+
+#: rfc2131.c:1919
+msgid "PXE menu too large"
+msgstr ""
+
+#: rfc2131.c:2034
+#, c-format
+msgid "Ignoring domain %s for DHCP host name %s"
+msgstr ""
+
+#: rfc2131.c:2052
+#, c-format
+msgid "%u requested options: %s"
+msgstr ""
+
+#: netlink.c:66
+#, c-format
+msgid "cannot create netlink socket: %s"
+msgstr ""
+
+#: netlink.c:265
+#, c-format
+msgid "netlink returns error: %s"
+msgstr ""
+
+#: dbus.c:150
+msgid "attempt to set an IPv6 server address via DBus - no IPv6 support"
+msgstr ""
+
+#: dbus.c:286
+msgid "setting upstream servers from DBus"
+msgstr ""
+
+#: dbus.c:324
+msgid "could not register a DBus message handler"
+msgstr ""
+
+#: bpf.c:150
+#, c-format
+msgid "cannot create DHCP BPF socket: %s"
+msgstr ""
+
+#: bpf.c:178
+#, c-format
+msgid "DHCP request for unsupported hardware type (%d) received on %s"
+msgstr ""
+
+#: tftp.c:179
+msgid "unable to get free port for TFTP"
+msgstr ""
+
+#: tftp.c:194
+#, c-format
+msgid "unsupported request from %s"
+msgstr ""
+
+#: tftp.c:282
+#, c-format
+msgid "TFTP sent %s to %s"
+msgstr ""
+
+#: tftp.c:305
+#, c-format
+msgid "file %s not found"
+msgstr ""
+
+#: tftp.c:416
+#, c-format
+msgid "TFTP error %d %s received from %s"
+msgstr ""
+
+#: tftp.c:447
+#, c-format
+msgid "TFTP failed sending %s to %s"
+msgstr ""
+
+#: log.c:169
+#, c-format
+msgid "overflow: %d log entries lost"
+msgstr ""
+
+#: log.c:246
+#, c-format
+msgid "log failed: %s"
+msgstr ""
+
+# @Simon: I would like to have an example :) - instead of "von" it would be possible to use "aus",
+# @Simon: both translate to "of" and nothing else, but depending on the sense one could be better
+# @Simon: than the other.
+#: log.c:415
+msgid "FAILED to start up"
+msgstr "Start gescheitert"
+
+# @Simon: Here I need an example to understand it :)
+#, fuzzy
+#~ msgid "read %s - %d hosts"
+#~ msgstr "lese %s - %d Adressen"
diff --git a/po/es.po b/po/es.po
new file mode 100755
index 0000000..201e171
--- /dev/null
+++ b/po/es.po
@@ -0,0 +1,1500 @@
+# Spanish translations for dnsmasq package.
+# This file is put in the public domain.
+# Christopher Chatham <chrislinux@gmail.com>, 2005.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: dnsmasq 2.24\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2009-06-18 12:24+0100\n"
+"PO-Revision-Date: 2005-10-07 11:04+0100\n"
+"Last-Translator: Christopher Chatham <chrislinux@gmail.com>\n"
+"Language-Team: Spanish <es@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: cache.c:764
+#, fuzzy, c-format
+msgid "failed to load names from %s: %s"
+msgstr "no se pudo cargar nombres desde %s: %s"
+
+#: cache.c:798 dhcp.c:785
+#, fuzzy, c-format
+msgid "bad address at %s line %d"
+msgstr "direccin errnea en %s lnea %d"
+
+#: cache.c:856 dhcp.c:801
+#, c-format
+msgid "bad name at %s line %d"
+msgstr "nombre errneo en %s lnea %d"
+
+#: cache.c:863 dhcp.c:875
+#, c-format
+msgid "read %s - %d addresses"
+msgstr "direccines %s - %d ledas"
+
+#: cache.c:902
+msgid "cleared cache"
+msgstr "el cach fue liberado"
+
+#: cache.c:933 option.c:1055
+#, fuzzy, c-format
+msgid "cannot access directory %s: %s"
+msgstr "no se puede accesar directorio %s: %s"
+
+#: cache.c:1052
+#, c-format
+msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+msgstr "no otorgando nombre %s al arriendo DHCP de %s porque el nombre existe en %s con direccin %s"
+
+#: cache.c:1129
+#, c-format
+msgid "time %lu"
+msgstr "tiempo %lu"
+
+#: cache.c:1130
+#, fuzzy, c-format
+msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+msgstr "tamao de cach %d, %d/%d insercines de cach reutilizaron objetos no vencidos."
+
+#: cache.c:1132
+#, c-format
+msgid "queries forwarded %u, queries answered locally %u"
+msgstr "bsquedas reenviadas %u, bsquedas respondidas localmente %u"
+
+#: cache.c:1155
+#, c-format
+msgid "server %s#%d: queries sent %u, retried or failed %u"
+msgstr "servidor %s#%d: bsquedas enviadas %u, reintentadas o fallidas %u"
+
+#: util.c:59
+#, fuzzy, c-format
+msgid "failed to seed the random number generator: %s"
+msgstr "no se pudo crear valor semilla para el generador de nmeros aleatorios: %s"
+
+#: util.c:191
+#, fuzzy
+msgid "failed to allocate memory"
+msgstr "no se pudo alocar %d bytes"
+
+#: util.c:229 option.c:548
+msgid "could not get memory"
+msgstr "no se pudo adquirir memoria"
+
+#: util.c:239
+#, fuzzy, c-format
+msgid "cannot create pipe: %s"
+msgstr "no se puede crear pipe: %s"
+
+#: util.c:247
+#, fuzzy, c-format
+msgid "failed to allocate %d bytes"
+msgstr "no se pudo alocar %d bytes"
+
+#: util.c:352
+#, c-format
+msgid "infinite"
+msgstr "infinito"
+
+#: option.c:228
+msgid "Specify local address(es) to listen on."
+msgstr "Especificar direccin(es) locales dnde escuchar."
+
+#: option.c:229
+msgid "Return ipaddr for all hosts in specified domains."
+msgstr "Retornar ipaddr (direccin IP) para todos los hosts en los dominios especificados."
+
+#: option.c:230
+msgid "Fake reverse lookups for RFC1918 private address ranges."
+msgstr "Falsificar bsquedas reversas para rangos de direccin privados RFC1918."
+
+#: option.c:231
+msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+msgstr "Tratar ipaddr (direccin IP) como NXDOMAIN (derrota comodn Verisign)."
+
+#: option.c:232
+#, c-format
+msgid "Specify the size of the cache in entries (defaults to %s)."
+msgstr "Especificar tamao de cach en cuanto a cantidad de objetos (%s por predeterminado)."
+
+#: option.c:233
+#, c-format
+msgid "Specify configuration file (defaults to %s)."
+msgstr "Especificar archivo de configuracin (%s por predeterminado)."
+
+#: option.c:234
+msgid "Do NOT fork into the background: run in debug mode."
+msgstr "NO hacer un fork hacia el fondo: correr en modo debug."
+
+#: option.c:235
+msgid "Do NOT forward queries with no domain part."
+msgstr "NO reenviar bsquedas sin parte de dominio."
+
+#: option.c:236
+msgid "Return self-pointing MX records for local hosts."
+msgstr "Retornar expedientes MX auto-sealadores para hosts locales."
+
+#: option.c:237
+msgid "Expand simple names in /etc/hosts with domain-suffix."
+msgstr "Expandir nombres simples en /etc/hosts con domain-suffix (sufijo de dominio)."
+
+#: option.c:238
+msgid "Don't forward spurious DNS requests from Windows hosts."
+msgstr "No reenviar pedidos DNS falsos desde mquinas Windows."
+
+#: option.c:239
+msgid "Enable DHCP in the range given with lease duration."
+msgstr "Habilitar DHCP dentro del rango brindado con duracin del arriendo."
+
+#: option.c:240
+#, c-format
+msgid "Change to this group after startup (defaults to %s)."
+msgstr "Cambiar a este grupo despus del inicio (%s por predeterminado)."
+
+#: option.c:241
+msgid "Set address or hostname for a specified machine."
+msgstr "Fijar direccin o nombre de host para una mquina especificada."
+
+#: option.c:242
+msgid "Read DHCP host specs from file"
+msgstr "Leer especificaciones DHCP de host desde archivo"
+
+#: option.c:243
+msgid "Read DHCP option specs from file"
+msgstr "Leer opciones DHCP de host desde archivo"
+
+#: option.c:244
+#, c-format
+msgid "Do NOT load %s file."
+msgstr "NO cargar archivo %s."
+
+#: option.c:245
+#, c-format
+msgid "Specify a hosts file to be read in addition to %s."
+msgstr "Especificar un archivo de hosts para ser ledo adicionalmente a %s."
+
+#: option.c:246
+msgid "Specify interface(s) to listen on."
+msgstr "Especificar interface(s) donde escuchar."
+
+#: option.c:247
+msgid "Specify interface(s) NOT to listen on."
+msgstr "Especificar interface(s) donde NO escuchar."
+
+#: option.c:248
+#, fuzzy
+msgid "Map DHCP user class to tag."
+msgstr "Trazar clase de usuario DHCP a etiqueta."
+
+#: option.c:249
+msgid "Map RFC3046 circuit-id to tag."
+msgstr "Trazar circuit-id (identificacin de circuito) RFC3046 a etiqueta."
+
+#: option.c:250
+msgid "Map RFC3046 remote-id to tag."
+msgstr "Trazar remote-id (identificacin remota) RFC3046 a etiqueta."
+
+#: option.c:251
+msgid "Map RFC3993 subscriber-id to tag."
+msgstr "Trazar subscriber-id (identificacin de suscritor) RFC3993 a etiqueta."
+
+#: option.c:252
+#, fuzzy
+msgid "Don't do DHCP for hosts with tag set."
+msgstr "No hacer DHCP para hosts con etiqueta fijada."
+
+#: option.c:253
+#, fuzzy
+msgid "Force broadcast replies for hosts with tag set."
+msgstr "Forzar respuestas broadcast para hosts con etiqueta fijada."
+
+#: option.c:254
+msgid "Do NOT fork into the background, do NOT run in debug mode."
+msgstr "NO hacer un fork hacia el fondo, NO correr en modo debug."
+
+#: option.c:255
+msgid "Assume we are the only DHCP server on the local network."
+msgstr "Asumir que somos el nico servidor DHCP en la red local."
+
+#: option.c:256
+#, c-format
+msgid "Specify where to store DHCP leases (defaults to %s)."
+msgstr "Especificar donde almacenar arriendos DHCP (%s por predeterminado)."
+
+#: option.c:257
+msgid "Return MX records for local hosts."
+msgstr "Retornar expedientes MX para hosts locales."
+
+#: option.c:258
+msgid "Specify an MX record."
+msgstr "Especificar un expediente MX."
+
+#: option.c:259
+msgid "Specify BOOTP options to DHCP server."
+msgstr "Especificar opciones BOOTP a servidor DHCP."
+
+#: option.c:260
+#, c-format
+msgid "Do NOT poll %s file, reload only on SIGHUP."
+msgstr "NO revisar archivo %s peridicamente, recargar solo con SIGHUP."
+
+#: option.c:261
+msgid "Do NOT cache failed search results."
+msgstr "NO almacenar en cach resultados de bsquedas fallidas."
+
+#: option.c:262
+#, c-format
+msgid "Use nameservers strictly in the order given in %s."
+msgstr "Usar servidores DNS estrictamente en el rden brindado en %s."
+
+#: option.c:263
+#, fuzzy
+msgid "Specify options to be sent to DHCP clients."
+msgstr "Especificar opciones para ser enviadas a clientes DHCP."
+
+#: option.c:264
+msgid "DHCP option sent even if the client does not request it."
+msgstr "Opcin DHCP enviada an si el cliente no la pide."
+
+#: option.c:265
+msgid "Specify port to listen for DNS requests on (defaults to 53)."
+msgstr "Especificar puerto donde escuchar por bsquedas DNS (53 por predeterminado)."
+
+#: option.c:266
+#, c-format
+msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+msgstr "Tamao mximo de paquetes UDP soportado para EDNS.0 (%s por predeterminado)."
+
+#: option.c:267
+#, fuzzy
+msgid "Log DNS queries."
+msgstr "Bitacorear bsquedas DNS."
+
+#: option.c:268
+#, fuzzy
+msgid "Force the originating port for upstream DNS queries."
+msgstr "Enforzar el puerto original para bsquedas DNS upstream."
+
+#: option.c:269
+msgid "Do NOT read resolv.conf."
+msgstr "NO leer resolv.conf."
+
+#: option.c:270
+#, c-format
+msgid "Specify path to resolv.conf (defaults to %s)."
+msgstr "Especificar el path hacia resolv.conf (%s por predeterminado)."
+
+#: option.c:271
+msgid "Specify address(es) of upstream servers with optional domains."
+msgstr "Especificar direccin(es) de servidores upstream con dominios opcionales."
+
+#: option.c:272
+msgid "Never forward queries to specified domains."
+msgstr "Nunca reenviar bsquedas a dominios especificados."
+
+#: option.c:273
+msgid "Specify the domain to be assigned in DHCP leases."
+msgstr "Especificar el dominio para ser asignado en arriendos DHCP."
+
+#: option.c:274
+msgid "Specify default target in an MX record."
+msgstr "Especificar destino predeterminado en un expediente MX."
+
+#: option.c:275
+msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+msgstr "Especificar tiempo de vida en segundos para respuestas desde /etc/hosts."
+
+#: option.c:276
+#, fuzzy
+msgid "Specify time-to-live in seconds for negative caching."
+msgstr "Especificar tiempo de vida en segundos para cach negativo."
+
+#: option.c:277
+#, c-format
+msgid "Change to this user after startup. (defaults to %s)."
+msgstr "Cambiar a este usuario despues del inicio (%s por predeterminado)."
+
+#: option.c:278
+#, fuzzy
+msgid "Map DHCP vendor class to tag."
+msgstr "Trazar clase de vendedor DHCP a etiqueta."
+
+#: option.c:279
+msgid "Display dnsmasq version and copyright information."
+msgstr "Mostrar informacin sobre la versin y copyright de dnsmasq."
+
+#: option.c:280
+msgid "Translate IPv4 addresses from upstream servers."
+msgstr "Traducir direcciones IPv4 desde servidores upstream."
+
+#: option.c:281
+msgid "Specify a SRV record."
+msgstr "Especificar un expediente SRV."
+
+#: option.c:282
+msgid "Display this message. Use --help dhcp for known DHCP options."
+msgstr "Mostrar este mensaje. Usar --help dhcp para opciones DHCP conocidas."
+
+#: option.c:283
+#, fuzzy, c-format
+msgid "Specify path of PID file (defaults to %s)."
+msgstr "Especificar path de archivo PID (%s por predeterminado)."
+
+#: option.c:284
+#, c-format
+msgid "Specify maximum number of DHCP leases (defaults to %s)."
+msgstr "Especificar nmero mximo de arriendos DHCP (%s por predeterminado)."
+
+#: option.c:285
+msgid "Answer DNS queries based on the interface a query was sent to."
+msgstr "Responder a bsquedas DNS en base a la interface a la cul fueron enviadas."
+
+#: option.c:286
+msgid "Specify TXT DNS record."
+msgstr "Especificar expediente DNS TXT."
+
+#: option.c:287
+#, fuzzy
+msgid "Specify PTR DNS record."
+msgstr "Especificar expediente DNS PTR."
+
+#: option.c:288
+msgid "Give DNS name to IPv4 address of interface."
+msgstr "Otorgar nombre DNS a direccin IPv4 de interface."
+
+#: option.c:289
+msgid "Bind only to interfaces in use."
+msgstr "Acoplar solo a interfaces en uso."
+
+#: option.c:290
+#, c-format
+msgid "Read DHCP static host information from %s."
+msgstr "Leer informacin sobre hosts DHCP estticos desde %s."
+
+#: option.c:291
+msgid "Enable the DBus interface for setting upstream servers, etc."
+msgstr "Habilitar la interface DBus para fijar servidores upstream, etc."
+
+#: option.c:292
+msgid "Do not provide DHCP on this interface, only provide DNS."
+msgstr "No proveer DHCP en esta interface, slo proveer DNS."
+
+#: option.c:293
+msgid "Enable dynamic address allocation for bootp."
+msgstr "Habilitar alocacin dinmica de direccines para BOOTP."
+
+#: option.c:294
+#, fuzzy
+msgid "Map MAC address (with wildcards) to option set."
+msgstr "Trazar direccin MAC (con comodnes) a opcin fijada."
+
+#: option.c:295
+msgid "Treat DHCP requests on aliases as arriving from interface."
+msgstr "Tratar pedidos DHCP en alias como si llegaran de la interface."
+
+#: option.c:296
+msgid "Disable ICMP echo address checking in the DHCP server."
+msgstr "Deshabilitar verificacin de direccines para echo ICMP en el servidor DHCP."
+
+#: option.c:297
+msgid "Script to run on DHCP lease creation and destruction."
+msgstr "Archivo guin para ejecutar cuando se crea o destruye un arriendo DHCP."
+
+#: option.c:298
+msgid "Read configuration from all the files in this directory."
+msgstr "Leer configuracin desde todos los archivos en este directorio."
+
+#: option.c:299
+#, fuzzy
+msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+msgstr "Bitacorear a esta facilidad syslog o archivo. (DAEMON por predeterminado)"
+
+#: option.c:300
+msgid "Do not use leasefile."
+msgstr "No usar archivo de arriendos."
+
+#: option.c:301
+#, fuzzy, c-format
+msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+msgstr "Nmero mximo de bsquedas DNS simultneas. (%s por predeterminado)"
+
+#: option.c:302
+#, c-format
+msgid "Clear DNS cache when reloading %s."
+msgstr "Liberar cach DNS al recargar %s."
+
+#: option.c:303
+msgid "Ignore hostnames provided by DHCP clients."
+msgstr "Ignorar nombres de host brindados por clientes DHCP."
+
+#: option.c:304
+msgid "Do NOT reuse filename and server fields for extra DHCP options."
+msgstr "NO reutilizar campos de nombre de archivo y servidor para opciones DHCP extra."
+
+#: option.c:305
+msgid "Enable integrated read-only TFTP server."
+msgstr "Habilitar servidor integrado TFTP solo-lectura."
+
+#: option.c:306
+msgid "Export files by TFTP only from the specified subtree."
+msgstr "Exportar archivos va TFTP solo del sub-rbol especificado."
+
+#: option.c:307
+msgid "Add client IP address to tftp-root."
+msgstr "Agregar IP de cliente a tftp-root."
+
+#: option.c:308
+msgid "Allow access only to files owned by the user running dnsmasq."
+msgstr "Permitir acceso solo a archivos pertenecientes al usuario que corre dnsmasq."
+
+#: option.c:309
+#, fuzzy, c-format
+msgid "Maximum number of conncurrent TFTP transfers (defaults to %s)."
+msgstr "Nmero mximo de transferencias TFTP simultneas (%s por predeterminado)."
+
+#: option.c:310
+msgid "Disable the TFTP blocksize extension."
+msgstr "Deshabilitar la extensin TFTP blocksize (tamao de bloque)."
+
+#: option.c:311
+msgid "Ephemeral port range for use by TFTP transfers."
+msgstr "Rango de puertos efmeros para ser usados por transferencias TFTP."
+
+#: option.c:312
+msgid "Extra logging for DHCP."
+msgstr "Bitacoreo extra para DHCP."
+
+#: option.c:313
+msgid "Enable async. logging; optionally set queue length."
+msgstr "Habilitar bitacoreo asincrnico; opcionalmente fijar tamao de cola."
+
+#: option.c:314
+msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+msgstr "Detener revinculacin DNS. Filtrar rangos de IP privados al resolver."
+
+#: option.c:315
+msgid "Always perform DNS queries to all servers."
+msgstr "Siempre realizar bsquedas DNS a todos los servidores."
+
+#: option.c:316
+#, fuzzy
+msgid "Set tag if client includes matching option in request."
+msgstr "Fijar etiqueta si cliente incluye opcin coincidente en pedido."
+
+#: option.c:317
+msgid "Use alternative ports for DHCP."
+msgstr "Usar puertos alternativos para DHCP."
+
+#: option.c:318
+msgid "Run lease-change script as this user."
+msgstr "Correr archivo guin de cambio de arriendos como este usuario."
+
+#: option.c:319
+#, fuzzy
+msgid "Specify NAPTR DNS record."
+msgstr "Especificar expediente DNS NAPTR."
+
+#: option.c:320
+msgid "Specify lowest port available for DNS query transmission."
+msgstr "Especificar puerto ms bajo disponible para transmisin de bsquedas DNS."
+
+#: option.c:321
+msgid "Use only fully qualified domain names for DHCP clients."
+msgstr "Usar solo nombres de dominio completamente calificados para clientes DHCP."
+
+#: option.c:322
+msgid "Specify alias name for LOCAL DNS name."
+msgstr "Especificar nombre alias para nombre DNS LOCAL."
+
+#: option.c:323
+#, fuzzy
+msgid "Prompt to send to PXE clients."
+msgstr "Aviso a ser enviado a clientes PXE."
+
+#: option.c:324
+msgid "Boot service for PXE menu."
+msgstr "Servico boot para men PXE."
+
+#: option.c:325
+msgid "Check configuration syntax."
+msgstr "Revisar sintaxis de configuracin."
+
+#: option.c:613
+#, c-format
+msgid ""
+"Usage: dnsmasq [options]\n"
+"\n"
+msgstr ""
+"Modo de uso: dnsmasq [opciones]\n"
+"\n"
+
+#: option.c:615
+#, c-format
+msgid "Use short options only on the command line.\n"
+msgstr "Usar opciones cortas solo en la lnea de comandos.\n"
+
+#: option.c:617
+#, fuzzy, c-format
+msgid "Valid options are:\n"
+msgstr "Opciones vlidas son :\n"
+
+#: option.c:658
+#, c-format
+msgid "Known DHCP options:\n"
+msgstr "Opciones DHCP conocidas:\n"
+
+#: option.c:735
+msgid "bad dhcp-option"
+msgstr "opcin dhcp-option errnea"
+
+#: option.c:792
+#, fuzzy
+msgid "bad IP address"
+msgstr "direccin IP errnea"
+
+#: option.c:891
+msgid "bad domain in dhcp-option"
+msgstr "dominio errneo en dhcp-option"
+
+#: option.c:950
+msgid "dhcp-option too long"
+msgstr "opcin dhcp-option demasiado larga"
+
+#: option.c:959
+msgid "illegal dhcp-match"
+msgstr "dhcp-match ilegal"
+
+#: option.c:995
+msgid "illegal repeated flag"
+msgstr "opcin repetida ilegal"
+
+#: option.c:1003
+msgid "illegal repeated keyword"
+msgstr "palabra clave repetida ilegal"
+
+#: option.c:1086 tftp.c:359
+#, fuzzy, c-format
+msgid "cannot access %s: %s"
+msgstr "no se puede accesar %s: %s"
+
+#: option.c:1131
+#, fuzzy
+msgid "only one dhcp-hostsfile allowed"
+msgstr "solo un dhcp-hostsfile permitido"
+
+#: option.c:1138
+#, fuzzy
+msgid "only one dhcp-optsfile allowed"
+msgstr "solo un dhcp-optsfile permitido"
+
+#: option.c:1183
+msgid "bad MX preference"
+msgstr "preferencia MX errnea"
+
+#: option.c:1188
+msgid "bad MX name"
+msgstr "nombre MX errneo"
+
+#: option.c:1202
+msgid "bad MX target"
+msgstr "destino MX errneo"
+
+#: option.c:1212
+msgid "cannot run scripts under uClinux"
+msgstr "no se pueden correr archivos guines bajo uClinux"
+
+#: option.c:1214
+msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+msgstr ""
+
+#: option.c:1442 option.c:1446
+msgid "bad port"
+msgstr "puerto errneo"
+
+#: option.c:1465 option.c:1490
+msgid "interface binding not supported"
+msgstr "vinculacin de interface no est soportado"
+
+#: option.c:1611
+#, fuzzy
+msgid "bad port range"
+msgstr "rango de puertos errneo"
+
+#: option.c:1628
+msgid "bad bridge-interface"
+msgstr "opcin bridge-interface (interface puente) errnea"
+
+#: option.c:1669
+msgid "bad dhcp-range"
+msgstr "opcin dhcp-range (rango DHCP) errnea"
+
+#: option.c:1695
+msgid "only one netid tag allowed"
+msgstr "solo una etiqueta netid permitida"
+
+#: option.c:1740
+msgid "inconsistent DHCP range"
+msgstr "rango DHCP inconsistente"
+
+#: option.c:1912
+#, fuzzy
+msgid "bad DHCP host name"
+msgstr "nombre de host DHCP errneo"
+
+#: option.c:2201 option.c:2481
+msgid "invalid port number"
+msgstr "nmero de puerto invlido"
+
+#: option.c:2284
+#, fuzzy
+msgid "invalid alias range"
+msgstr "rango alias invlido"
+
+#: option.c:2297
+#, fuzzy
+msgid "bad interface name"
+msgstr "nombre de interface errneo"
+
+#: option.c:2322
+msgid "bad CNAME"
+msgstr ""
+
+#: option.c:2327
+msgid "duplicate CNAME"
+msgstr "CNAME duplicado"
+
+#: option.c:2347
+#, fuzzy
+msgid "bad PTR record"
+msgstr "expediente PTR errneo"
+
+#: option.c:2378
+#, fuzzy
+msgid "bad NAPTR record"
+msgstr "expediente NAPTR errneo"
+
+#: option.c:2403
+msgid "TXT record string too long"
+msgstr "expediente TXT demasiado largo"
+
+#: option.c:2451
+msgid "bad TXT record"
+msgstr "expediente TXT errneo"
+
+#: option.c:2467
+msgid "bad SRV record"
+msgstr "expediente SRV errneo"
+
+#: option.c:2474
+msgid "bad SRV target"
+msgstr "destino SRV errneo"
+
+#: option.c:2488
+msgid "invalid priority"
+msgstr "prioridad invlida"
+
+#: option.c:2495
+msgid "invalid weight"
+msgstr "peso invlido"
+
+#: option.c:2514
+msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DBus support)"
+msgstr "opcin no soportada (verificar que dnsmasq fue compilado con soporte para DHCP/TFTP/DBus)"
+
+#: option.c:2557
+#, c-format
+msgid "files nested too deep in %s"
+msgstr "archivos jerarquizados demasiado profundo en %s"
+
+#: option.c:2565 tftp.c:513
+#, c-format
+msgid "cannot read %s: %s"
+msgstr "no se puede leer %s: %s"
+
+#: option.c:2626
+msgid "missing \""
+msgstr "falta \""
+
+#: option.c:2673
+msgid "bad option"
+msgstr "opcin errnea"
+
+#: option.c:2675
+msgid "extraneous parameter"
+msgstr "parmetro extrao"
+
+#: option.c:2677
+msgid "missing parameter"
+msgstr "parmetro ausente"
+
+#: option.c:2685
+msgid "error"
+msgstr "error"
+
+#: option.c:2691
+#, c-format
+msgid "%s at line %d of %%s"
+msgstr "%s en lnea %d de %%s"
+
+#: option.c:2740 option.c:2771
+#, fuzzy, c-format
+msgid "read %s"
+msgstr "leyendo %s"
+
+#: option.c:2843
+#, c-format
+msgid "Dnsmasq version %s %s\n"
+msgstr "Dnsmasq versin %s %s\n"
+
+#: option.c:2844
+#, c-format
+msgid ""
+"Compile time options %s\n"
+"\n"
+msgstr ""
+"Opciones de compilacin %s\n"
+"\n"
+
+#: option.c:2845
+#, c-format
+msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+msgstr "Este software viene SIN NINGUNA GARANTIA.\n"
+
+#: option.c:2846
+#, c-format
+msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+msgstr "Dnsmasq es software libre, y usted est bienvenido a redistribuirlo\n"
+
+#: option.c:2847
+#, fuzzy, c-format
+msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+msgstr "bajo los trminos de la GNU General Public License, versin 2 o 3.\n"
+
+#: option.c:2858
+msgid "try --help"
+msgstr "pruebe --help"
+
+#: option.c:2860
+msgid "try -w"
+msgstr "pruebe -w"
+
+#: option.c:2863
+#, fuzzy, c-format
+msgid "bad command line options: %s"
+msgstr "opciones de lnea de comandos errneas: %s"
+
+#: option.c:2904
+#, c-format
+msgid "cannot get host-name: %s"
+msgstr "no se puede obtener host-name (nombre de host): %s"
+
+#: option.c:2932
+msgid "only one resolv.conf file allowed in no-poll mode."
+msgstr "solo un archivo resolv.conf permitido en modo no-poll."
+
+#: option.c:2942
+msgid "must have exactly one resolv.conf to read domain from."
+msgstr "debe haber exctamente un resolv.conf desde donde leer dominio."
+
+#: option.c:2945 network.c:754 dhcp.c:734
+#, fuzzy, c-format
+msgid "failed to read %s: %s"
+msgstr "no se pudo leer %s: %s"
+
+#: option.c:2962
+#, c-format
+msgid "no search directive found in %s"
+msgstr "ninguna directiva de bsqueda encontrada en %s"
+
+#: option.c:2983
+msgid "there must be a default domain when --dhcp-fqdn is set"
+msgstr "debe haber un dominio predeterminado cuando --dhcp-fqdn est fijado"
+
+#: option.c:2987
+msgid "syntax check OK"
+msgstr "revisin de sintaxis OK"
+
+#: forward.c:409
+#, c-format
+msgid "nameserver %s refused to do a recursive query"
+msgstr "servidor DNS %s se reus a hacer una bsqueda recursiva"
+
+#: forward.c:437
+msgid "possible DNS-rebind attack detected"
+msgstr "posible ataque de revinculacin DNS detectado"
+
+#: network.c:73
+#, fuzzy, c-format
+msgid "unknown interface %s in bridge-interface"
+msgstr "interface desconocida %s en bridge-interface"
+
+#: network.c:417 dnsmasq.c:189
+#, c-format
+msgid "failed to create listening socket: %s"
+msgstr "no se pudo crear un socket escuchador: %s"
+
+#: network.c:424
+#, c-format
+msgid "failed to set IPV6 options on listening socket: %s"
+msgstr "no se pudo fijar opciones IPv6 sobre socket escuchador: %s"
+
+#: network.c:450
+#, c-format
+msgid "failed to bind listening socket for %s: %s"
+msgstr "no se pudo acoplar socket escuchador para %s: %s"
+
+#: network.c:455
+#, c-format
+msgid "failed to listen on socket: %s"
+msgstr "no se pudo escuchar en socket: %s"
+
+#: network.c:467
+#, fuzzy, c-format
+msgid "failed to create TFTP socket: %s"
+msgstr "no se pudo crear socket TFTP: %s"
+
+#: network.c:661
+#, fuzzy, c-format
+msgid "failed to bind server socket for %s: %s"
+msgstr "no se pudo acoplar socket escuchador para %s: %s"
+
+#: network.c:694
+#, c-format
+msgid "ignoring nameserver %s - local interface"
+msgstr "ignorando servidor DNS %s - interface local"
+
+#: network.c:705
+#, fuzzy, c-format
+msgid "ignoring nameserver %s - cannot make/bind socket: %s"
+msgstr "ignorando servidor DNS %s - no se puede crear/acoplar socket: %s"
+
+#: network.c:720
+msgid "unqualified"
+msgstr "no calificado"
+
+#: network.c:720
+msgid "names"
+msgstr "nombres"
+
+#: network.c:722
+msgid "default"
+msgstr "predeterminado"
+
+#: network.c:724
+msgid "domain"
+msgstr "dominio"
+
+#: network.c:727
+#, c-format
+msgid "using local addresses only for %s %s"
+msgstr "usando direcciones locales solo para %s %s"
+
+#: network.c:729
+#, c-format
+msgid "using nameserver %s#%d for %s %s"
+msgstr "usando servidor DNS %s#%d para %s %s"
+
+#: network.c:732
+#, fuzzy, c-format
+msgid "using nameserver %s#%d(via %s)"
+msgstr "usando servidor DNS %s#%d(va %s)"
+
+#: network.c:734
+#, c-format
+msgid "using nameserver %s#%d"
+msgstr "usando servidor DNS %s#%d"
+
+#: dnsmasq.c:146
+#, fuzzy
+msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+msgstr "servidor TFTP no disponible: fijar HAVE_TFTP en src/config.h"
+
+#: dnsmasq.c:151
+#, fuzzy
+msgid "asychronous logging is not available under Solaris"
+msgstr "bitacoreo asincrnico no est disponible bajo Solaris"
+
+#: dnsmasq.c:170
+#, c-format
+msgid "failed to find list of interfaces: %s"
+msgstr "no se pudo encontrar lista de interfaces: %s"
+
+#: dnsmasq.c:178
+#, c-format
+msgid "unknown interface %s"
+msgstr "interface desconocida %s"
+
+#: dnsmasq.c:184
+#, c-format
+msgid "no interface with address %s"
+msgstr "ninguna interface con direccin %s"
+
+#: dnsmasq.c:201 dnsmasq.c:665
+#, c-format
+msgid "DBus error: %s"
+msgstr "error DBus: %s"
+
+#: dnsmasq.c:204
+msgid "DBus not available: set HAVE_DBUS in src/config.h"
+msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
+
+#: dnsmasq.c:230
+#, c-format
+msgid "unknown user or group: %s"
+msgstr "usuario o grupo desconocido: %s"
+
+#: dnsmasq.c:287
+#, c-format
+msgid "cannot chdir to filesystem root: %s"
+msgstr "no se puede cambiar directorio a raz de sistema de archivos: %s"
+
+#: dnsmasq.c:448
+#, fuzzy, c-format
+msgid "started, version %s DNS disabled"
+msgstr "iniciado, versin %s DNS deshabilitado"
+
+#: dnsmasq.c:450
+#, c-format
+msgid "started, version %s cachesize %d"
+msgstr "iniciado, versin %s tamao de cach %d"
+
+#: dnsmasq.c:452
+#, c-format
+msgid "started, version %s cache disabled"
+msgstr "iniciado, versin %s cach deshabilitado"
+
+#: dnsmasq.c:454
+#, c-format
+msgid "compile time options: %s"
+msgstr "opciones de compilacin: %s"
+
+#: dnsmasq.c:460
+msgid "DBus support enabled: connected to system bus"
+msgstr "soporte DBus habilitado: conectado a bus de sistema"
+
+#: dnsmasq.c:462
+msgid "DBus support enabled: bus connection pending"
+msgstr "soporte DBus habilitado: coneccin a bus pendiente"
+
+#: dnsmasq.c:467
+#, fuzzy, c-format
+msgid "warning: failed to change owner of %s: %s"
+msgstr "advertencia: no se pudo cambiar dueo de %s: %s"
+
+#: dnsmasq.c:471
+msgid "setting --bind-interfaces option because of OS limitations"
+msgstr "fijando opcin --bind-interfaces debido a limitaciones de sistema operativo"
+
+#: dnsmasq.c:476
+#, c-format
+msgid "warning: interface %s does not currently exist"
+msgstr "advertencia: interface %s no existe actulmente"
+
+#: dnsmasq.c:481
+msgid "warning: ignoring resolv-file flag because no-resolv is set"
+msgstr "advertencia: ignorando opcin resolv-file porque no-resolv est fijado"
+
+#: dnsmasq.c:484
+#, fuzzy
+msgid "warning: no upstream servers configured"
+msgstr "advertencia: ningn servidor upstream configurado"
+
+#: dnsmasq.c:488
+#, c-format
+msgid "asynchronous logging enabled, queue limit is %d messages"
+msgstr "bitacoreo asincrnico habilitado, lmite de cola es %d mensajes"
+
+#: dnsmasq.c:501
+#, c-format
+msgid "DHCP, static leases only on %.0s%s, lease time %s"
+msgstr "DHCP, arriendos estticos solo en %.0s%s, tiempo de arriendo %s"
+
+#: dnsmasq.c:503
+#, c-format
+msgid "DHCP, proxy on subnet %.0s%s%.0s"
+msgstr "DHCP, proxy en subred %.0s%s%.0s"
+
+#: dnsmasq.c:504
+#, c-format
+msgid "DHCP, IP range %s -- %s, lease time %s"
+msgstr "DHCP, rango de IPs %s -- %s, tiempo de arriendo %s"
+
+#: dnsmasq.c:519
+msgid "root is "
+msgstr "root es "
+
+#: dnsmasq.c:519
+#, fuzzy
+msgid "enabled"
+msgstr "habilitado"
+
+#: dnsmasq.c:521
+msgid "secure mode"
+msgstr "modo seguro"
+
+#: dnsmasq.c:547
+#, c-format
+msgid "restricting maximum simultaneous TFTP transfers to %d"
+msgstr "limitando nmero mximo de transferencias TFTP simultneas a %d"
+
+#: dnsmasq.c:667
+msgid "connected to system DBus"
+msgstr "conectado a DBus de sistema"
+
+#: dnsmasq.c:757
+#, c-format
+msgid "cannot fork into background: %s"
+msgstr "no se puede hacer fork hacia el fondo: %s"
+
+#: dnsmasq.c:760
+#, fuzzy, c-format
+msgid "failed to create helper: %s"
+msgstr "no se pudo crear ayudante: %s"
+
+#: dnsmasq.c:763
+#, fuzzy, c-format
+msgid "setting capabilities failed: %s"
+msgstr "configuracin de capacidades ha fallado: %s"
+
+#: dnsmasq.c:767
+#, fuzzy, c-format
+msgid "failed to change user-id to %s: %s"
+msgstr "no se pudo cambiar user-id a %s: %s"
+
+#: dnsmasq.c:772
+#, fuzzy, c-format
+msgid "failed to change group-id to %s: %s"
+msgstr "no se pudo cambiar group-id a %s: %s"
+
+#: dnsmasq.c:775
+#, fuzzy, c-format
+msgid "failed to open pidfile %s: %s"
+msgstr "no se pudo abrir archivo PID %s: %s"
+
+#: dnsmasq.c:778
+#, fuzzy, c-format
+msgid "cannot open %s: %s"
+msgstr "no se puede abrir %s: %s"
+
+#: dnsmasq.c:833
+#, c-format
+msgid "child process killed by signal %d"
+msgstr "proceso hijo eliminado por seal %d"
+
+#: dnsmasq.c:837
+#, c-format
+msgid "child process exited with status %d"
+msgstr "proceso hijo hizo exit con estado %d"
+
+#: dnsmasq.c:841
+#, fuzzy, c-format
+msgid "failed to execute %s: %s"
+msgstr "no se pudo ejecutar %s: %s"
+
+#: dnsmasq.c:885
+msgid "exiting on receipt of SIGTERM"
+msgstr "saliendo al recibir SIGTERM"
+
+#: dnsmasq.c:903
+#, fuzzy, c-format
+msgid "failed to access %s: %s"
+msgstr "no se pudo accesar %s: %s"
+
+#: dnsmasq.c:925
+#, c-format
+msgid "reading %s"
+msgstr "leyendo %s"
+
+#: dnsmasq.c:936
+#, fuzzy, c-format
+msgid "no servers found in %s, will retry"
+msgstr "ningn servidor encontrado en %s, se reintentar"
+
+#: dhcp.c:40
+#, c-format
+msgid "cannot create DHCP socket: %s"
+msgstr "no se puede crear socket DHCP: %s"
+
+#: dhcp.c:52
+#, c-format
+msgid "failed to set options on DHCP socket: %s"
+msgstr "no se pudo fijar opciones en socket DHCP: %s"
+
+#: dhcp.c:65
+#, fuzzy, c-format
+msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
+msgstr "no se pudo fijar SO_REUSE{ADDR|PORT} en socket DHCP: %s"
+
+#: dhcp.c:77
+#, c-format
+msgid "failed to bind DHCP server socket: %s"
+msgstr "no se pudo acoplar socket de servidor DHCP: %s"
+
+#: dhcp.c:90
+#, c-format
+msgid "cannot create ICMP raw socket: %s."
+msgstr "no se puede crear socket crudo ICMP: %s."
+
+#: dhcp.c:226
+#, c-format
+msgid "DHCP packet received on %s which has no address"
+msgstr "Paquete DHCP recibido en %s que no tiene direccin"
+
+#: dhcp.c:385
+#, c-format
+msgid "DHCP range %s -- %s is not consistent with netmask %s"
+msgstr "rango DHCP %s -- %s no coincide con mscara de subred %s"
+
+#: dhcp.c:772
+#, fuzzy, c-format
+msgid "bad line at %s line %d"
+msgstr "lnea errnea en %s lnea %d"
+
+#: dhcp.c:815
+#, c-format
+msgid "ignoring %s line %d, duplicate name or IP address"
+msgstr ""
+
+#: dhcp.c:897
+#, c-format
+msgid "duplicate IP address %s in dhcp-config directive."
+msgstr "direccin IP duplicada %s en directiva dhcp-config."
+
+#: dhcp.c:900
+#, fuzzy, c-format
+msgid "duplicate IP address %s in %s."
+msgstr "direccin IP duplicada %s en %s."
+
+#: dhcp.c:943
+#, c-format
+msgid "%s has more than one address in hostsfile, using %s for DHCP"
+msgstr "%s tiene ms de una direccin en hostsfile, usando %s para DHCP"
+
+#: dhcp.c:948
+#, c-format
+msgid "duplicate IP address %s (%s) in dhcp-config directive"
+msgstr "direccin IP duplicada %s (%s) en directiva dhcp-config"
+
+#: lease.c:66
+#, fuzzy, c-format
+msgid "cannot open or create lease file %s: %s"
+msgstr "no se puede abrir o crear archivo de arriendos %s: %s"
+
+#: lease.c:92
+msgid "too many stored leases"
+msgstr "demasiados arriendos almacenados"
+
+#: lease.c:128
+#, fuzzy, c-format
+msgid "cannot run lease-init script %s: %s"
+msgstr "no se puede ejecutar archivo guin lease-init %s: %s"
+
+#: lease.c:134
+#, c-format
+msgid "lease-init script returned exit code %s"
+msgstr "archivo guin lease-init retorn exit code %s"
+
+#: lease.c:234
+#, fuzzy, c-format
+msgid "failed to write %s: %s (retry in %us)"
+msgstr "error al escribir %s: %s (reintentar en %us)"
+
+#: rfc2131.c:336
+#, c-format
+msgid "no address range available for DHCP request %s %s"