commit 73f0f9c21c8cc563a0df0f2769d1a003c40d2106 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #275902 from williamvds/dnsmasq_docs

nixos/dnsmasq: Add documentation

authored by Guillaume Girol and committed by GitHub 2 years ago 73f0f9c2 7941d7f6

+70

2 changed files

expand all

unified split

nixos

modules

services

networking

dnsmasq.md

dnsmasq.nix

+68

nixos/modules/services/networking/dnsmasq.md

··· 1 + # Dnsmasq {#module-services-networking-dnsmasq} 2 + 3 + Dnsmasq is an integrated DNS, DHCP and TFTP server for small networks. 4 + 5 + ## Configuration {#module-services-networking-dnsmasq-configuration} 6 + 7 + ### An authoritative DHCP and DNS server on a home network {#module-services-networking-dnsmasq-configuration-home} 8 + 9 + On a home network, you can use Dnsmasq as a DHCP and DNS server. New devices on 10 + your network will be configured by Dnsmasq, and instructed to use it as the DNS 11 + server by default. This allows you to rely on your own server to perform DNS 12 + queries and caching, with DNSSEC enabled. 13 + 14 + The following example assumes that 15 + 16 + - you have disabled your router's integrated DHCP server, if it has one 17 + - your router's address is set in [](#opt-networking.defaultGateway.address) 18 + - your system's Ethernet interface is `eth0` 19 + - you have configured the address(es) to forward DNS queries in [](#opt-networking.nameservers) 20 + 21 + ```nix 22 + { 23 + services.dnsmasq = { 24 + enable = true; 25 + settings = { 26 + interface = "eth0"; 27 + bind-interfaces = true; # Only bind to the specified interface 28 + dhcp-authoritative = true; # Should be set when dnsmasq is definitely the only DHCP server on a network 29 + 30 + server = config.networking.nameservers; # Upstream dns servers to which requests should be forwarded 31 + 32 + dhcp-host = [ 33 + # Give the current system a fixed address of 192.168.0.254 34 + "dc:a6:32:0b:ea:b9,192.168.0.254,${config.networking.hostName},infinite" 35 + ]; 36 + 37 + dhcp-option = [ 38 + # Address of the gateway, i.e. your router 39 + "option:router,${config.networking.defaultGateway.address}" 40 + ]; 41 + 42 + dhcp-range = [ 43 + # Range of IPv4 addresses to give out 44 + # <range start>,<range end>,<lease time> 45 + "192.168.0.10,192.168.0.253,24h" 46 + # Enable stateless IPv6 allocation 47 + "::f,::ff,constructor:eth0,ra-stateless" 48 + ]; 49 + 50 + dhcp-rapid-commit = true; # Faster DHCP negotiation for IPv6 51 + local-service = true; # Accept DNS queries only from hosts whose address is on a local subnet 52 + log-queries = true; # Log results of all DNS queries 53 + bogus-priv = true; # Don't forward requests for the local address ranges (192.168.x.x etc) to upstream nameservers 54 + domain-needed = true; # Don't forward requests without dots or domain parts to upstream nameservers 55 + 56 + dnssec = true; # Enable DNSSEC 57 + # DNSSEC trust anchor. Source: https://data.iana.org/root-anchors/root-anchors.xml 58 + trust-anchor = ".,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D"; 59 + }; 60 + }; 61 + } 62 + ``` 63 + 64 + ## References {#module-services-networking-dnsmasq-references} 65 + 66 + - Upstream website: <https://dnsmasq.org> 67 + - Manpage: <https://dnsmasq.org/docs/dnsmasq-man.html> 68 + - FAQ: <https://dnsmasq.org/docs/FAQ>

nixos/modules/services/networking/dnsmasq.nix

··· 181 181 restartTriggers = [ config.environment.etc.hosts.source ]; 182 182 }; 183 183 }; 184 + 185 + meta.doc = ./dnsmasq.md; 184 186 }