[Dnsmasq-discuss] Kinda like subnetting?

JD jd1008 at gmail.com
Wed Aug 12 22:31:12 BST 2009

On 08/12/2009 02:08 PM, Christ Schlacta wrote:
> I want to configure dnsmasq to issue IP addresses in various ranges
> based on client type or location.
> I have an entire /24 for my network, and want to keep it that way,
> however, I want to specify clients IP addresses based on various chriteria.
> server systems should recieve an IP address in the range of,
> and known wired and wireless clients (trusted laptops and workstations)
> in the range of  Finally, any un-known client should be
> issued an IP address in the range  as this is largely an
> organizational tool, and these systems are all in the same physical
> network, I want them to all be given their address in the
> subnet, and know that as their broadcast domain.
> the question is, will dnsmasq let me configure it in this fassion?  I'm
> fine with entering servers and trusted workstations manually.
> also, if anyone knows, will shorewall match IP addresses masked in that
> fassion as well?, when the interface is a /24..
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

You can, but not along the lines you state. The man page says you can 
IP addresses based on MAC addresses. i.e.

-G, --dhcp-
Specify per host parameters for the DHCP server. This allows a
machine with a particular hardware address to be always allo-
cated the same hostname, IP address and lease time. A hostname
specified like this overrides any supplied by the DHCP client on
the machine. It is also allowable to ommit the hardware address
and include the hostname, in which case the IP address and lease
times will apply to any machine claiming that name. For example
--dhcp-host=00:20:e0:3b:13:af,wap,infinite tells dnsmasq to give
the machine with hardware address 00:20:e0:3b:13:af the name
wap, and an infinite DHCP lease. --dhcp-host=lap,
tells dnsmasq to always allocate the machine lap the IP address Addresses allocated like this are not constrained
to be in the range given by the --dhcp-range option, but they
must be on the network being served by the DHCP server. It is
allowed to use client identifiers rather than hardware addresses
to identify hosts by prefixing with ’id:’. Thus: --dhcp-
host=id:01:02:03:04,..... refers to the host with client iden-
tifier 01:02:03:04. It is also allowed to specify the client ID
as text, like this: --dhcp-host=id:clientidastext,.....

The special option id:* means "ignore any client-id and use MAC
addresses only." This is useful when a client presents a client-
id sometimes but not others.

If a name appears in /etc/hosts, the associated address can be
allocated to a DHCP lease, but only if a --dhcp-host option
specifying the name also exists. The special keyword "ignore"
tells dnsmasq to never offer a DHCP lease to a machine. The
machine can be specified by hardware address, client ID or host-
name, for instance --dhcp-host=00:20:e0:3b:13:af,ignore This is
useful when there is another DHCP server on the network which
should be used by some machines.

The net:<network-id> sets the network-id tag whenever this dhcp-
host directive is in use. This can be used to selectively send
DHCP options just for this host. When a host matches any dhcp-
host directive (or one implied by /etc/ethers) then the special
network-id tag "known" is set. This allows dnsmasq to be config-
ured to ignore requests from unknown machines using --dhcp-
ignore=#known Ethernet addresses (but not client-ids) may have
wildcard bytes, so for example --dhcp-
host=00:20:e0:3b:13:*,ignore will cause dnsmasq to ignore a
range of hardware addresses. Note that the "*" will need to be
escaped or quoted on a command line, but not in the configura-
tion file.

Hardware addresses normally match any network (ARP) type, but it
is possible to restrict them to a single ARP type by preceding
them with the ARP-type (in HEX) and "-". so --dhcp-
host=06-00:20:e0:3b:13:af, will only match a Token-Ring
hardware address, since the ARP-address type for token ring is

As a special case, it is possible to include more than one hard-
ware address. This allows an IP address to be associated with
multiple hardware addresses, and gives dnsmasq permission to
abandon a DHCP lease to one of the hardware addresses when
another one asks for a lease. Beware that this is a dangerous
thing to do, it will only work reliably if only one of the hard-
ware addresses is active at any time and there is no way for
dnsmasq to enforce this. It is, however useful, for instance to
allocate a stable IP address to a laptop which has both wired
and wireless interfaces.

More information about the Dnsmasq-discuss mailing list