1 /* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #define FTABSIZ 150 /* max number of outstanding requests (default) */
18 #define MAX_PROCS 20 /* max no children for TCP requests */
19 #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
20 #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
21 #define TCP_BACKLOG 32 /* kernel backlog limit for TCP connections */
22 #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
23 #define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */
24 #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
25 #define DNSSEC_WORK 50 /* Max number of queries to validate one question */
26 #define TIMEOUT 10 /* drop UDP queries after TIMEOUT seconds */
27 #define SMALL_PORT_RANGE 30 /* If DNS port range is smaller than this, use different allocation. */
28 #define FORWARD_TEST 50 /* try all servers every 50 queries */
29 #define FORWARD_TIME 20 /* or 20 seconds */
30 #define UDP_TEST_TIME 60 /* How often to reset our idea of max packet size. */
31 #define SERVERS_LOGGED 30 /* Only log this many servers when logging state */
32 #define LOCALS_LOGGED 8 /* Only log this many local addresses when logging state */
33 #define LEASE_RETRY 60 /* on error, retry writing leasefile after LEASE_RETRY seconds */
34 #define CACHESIZ 150 /* default cache size */
35 #define TTL_FLOOR_LIMIT 3600 /* don't allow --min-cache-ttl to raise TTL above this under any circumstances */
36 #define MAXLEASES 1000 /* maximum number of DHCP leases */
37 #define PING_WAIT 3 /* wait for ping address-in-use test */
38 #define PING_CACHE_TIME 30 /* Ping test assumed to be valid this long. */
39 #define DECLINE_BACKOFF 600 /* disable DECLINEd static addresses for this long */
40 #define DHCP_PACKET_MAX 16384 /* hard limit on DHCP packet size */
41 #define SMALLDNAME 50 /* most domain names are smaller than this */
42 #define CNAME_CHAIN 10 /* chains longer than this atr dropped for loop protection */
43 #define DNSSEC_MIN_TTL 60 /* DNSKEY and DS records in cache last at least this long */
44 #define HOSTSFILE "/etc/hosts"
45 #define ETHERSFILE "/etc/ethers"
46 #define DEFLEASE 3600 /* default DHCPv4 lease time, one hour */
47 #define DEFLEASE6 (3600*24) /* default lease time for DHCPv6. One day. */
48 #define CHUSER "nobody"
50 #define TFTP_MAX_CONNECTIONS 50 /* max simultaneous connections */
51 #define LOG_MAX 5 /* log-queue length */
52 #define RANDFILE "/dev/urandom"
53 #define DNSMASQ_SERVICE "uk.org.thekelleys.dnsmasq" /* Default - may be overridden by config */
54 #define DNSMASQ_PATH "/uk/org/thekelleys/dnsmasq"
55 #define DNSMASQ_UBUS_NAME "dnsmasq" /* Default - may be overridden by config */
56 #define AUTH_TTL 600 /* default TTL for auth DNS */
57 #define SOA_REFRESH 1200 /* SOA refresh default */
58 #define SOA_RETRY 180 /* SOA retry default */
59 #define SOA_EXPIRY 1209600 /* SOA expiry default */
60 #define LOOP_TEST_DOMAIN "test" /* domain for loop testing, "test" is reserved by RFC 2606 and won't therefore clash */
61 #define LOOP_TEST_TYPE T_TXT
62 #define DEFAULT_FAST_RETRY 1000 /* ms, default delay before fast retry */
63 #define STALE_CACHE_EXPIRY 86400 /* 1 day in secs, default maximum expiry time for stale cache data */
65 /* compile-time options: uncomment below to enable or do eg.
66 make COPTS=-DHAVE_BROKEN_RTC
69 define this on embedded systems which don't have an RTC
70 which keeps time over reboots. Causes dnsmasq to use uptime
71 for timing, and keep lease lengths rather than expiry times
72 in its leases file. This also make dnsmasq "flash disk friendly".
73 Normally, dnsmasq tries very hard to keep the on-disk leases file
74 up-to-date: rewriting it after every renewal. When HAVE_BROKEN_RTC
75 is in effect, the lease file is only written when a new lease is
76 created, or an old one destroyed. (Because those are the only times
77 it changes.) This vastly reduces the number of file writes, and makes
78 it viable to keep the lease file on a flash filesystem.
79 NOTE: when enabling or disabling this, be sure to delete any old
80 leases file, otherwise dnsmasq may get very confused.
83 define this to get dnsmasq's built-in TFTP server.
86 define this to get dnsmasq's DHCPv4 server.
89 define this to get dnsmasq's DHCPv6 server. (implies HAVE_DHCP).
92 define this to get the ability to call scripts on lease-change.
95 define this to get the ability to call Lua script on lease-change. (implies HAVE_SCRIPT)
98 define this if you want to link against libdbus, and have dnsmasq
99 support some methods to allow (re)configuration of the upstream DNS
103 define this if you want to link against libubus
106 define this if you want international domain name 2003 support.
109 define this if you want international domain name 2008 support.
112 define this to include code which propagates conntrack marks from
113 incoming DNS queries to the corresponding upstream queries. This adds
114 a build-dependency on libnetfilter_conntrack, but the resulting binary will
115 still run happily on a kernel without conntrack support.
118 define this to include the ability to selectively add resolved ip addresses
122 define this to include the ability to selectively add resolved ip addresses
123 to given nftables sets.
126 define this to include the facility to act as an authoritative DNS
127 server for one or more zones.
130 include just hash function from crypto library, but no DNSSEC.
133 include DNSSEC validator.
136 include code to dump packets to a libpcap-format file for debugging.
139 include functionality to probe for and remove DNS forwarding loops.
142 use the Linux inotify facility to efficiently re-read configuration files.
145 Don't report *.bind CHAOS info to clients, forward such requests upstream instead.
155 these are available to explicitly disable compile time options which would
156 otherwise be enabled automatically or which are enabled by default
157 in the distributed source tree. Building dnsmasq
158 with something like "make COPTS=-DNO_SCRIPT" will do the trick.
160 Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.
165 the default locations of these files are determined below, but may be overridden
166 in a build command line using COPTS.
170 /* Defining this builds a binary which handles time differently and works better on a system without a
171 stable RTC (it uses uptime, not epoch time) and writes the DHCP leases file less often to avoid flash wear.
174 /* #define HAVE_BROKEN_RTC */
176 /* The default set of options to build. Built with these options, dnsmasq
177 has no library dependencies other than libc */
186 #define HAVE_DUMPFILE
188 /* Build options which require external libraries.
190 Defining HAVE_<opt>_STATIC as _well_ as HAVE_<opt> will link the library statically.
192 You can use "make COPTS=-DHAVE_<opt>" instead of editing these.
195 /* #define HAVE_LUASCRIPT */
196 /* #define HAVE_DBUS */
197 /* #define HAVE_IDN */
198 /* #define HAVE_LIBIDN2 */
199 /* #define HAVE_CONNTRACK */
200 /* #define HAVE_CRYPTOHASH */
201 /* #define HAVE_DNSSEC */
202 /* #define HAVE_NFTSET */
204 /* Default locations for important system files. */
207 # if defined(__FreeBSD__) || defined (__OpenBSD__) || defined(__DragonFly__) || defined(__NetBSD__)
208 # define LEASEFILE "/var/db/dnsmasq.leases"
209 # elif defined(__sun__) || defined (__sun)
210 # define LEASEFILE "/var/cache/dnsmasq.leases"
211 # elif defined(__ANDROID__)
212 # define LEASEFILE "/data/misc/dhcp/dnsmasq.leases"
214 # define LEASEFILE "/var/lib/misc/dnsmasq.leases"
219 # if defined(__FreeBSD__)
220 # define CONFFILE "/usr/local/etc/dnsmasq.conf"
222 # define CONFFILE "/etc/dnsmasq.conf"
227 # if defined(__uClinux__)
228 # define RESOLVFILE "/etc/config/resolv.conf"
230 # define RESOLVFILE "/etc/resolv.conf"
235 # if defined(__ANDROID__)
236 # define RUNFILE "/data/dnsmasq.pid"
238 # define RUNFILE "/var/run/dnsmasq.pid"
242 /* platform dependent options: these are determined automatically below
247 define exactly one of these to alter interaction with kernel networking.
250 defined when GNU-style getopt_long available.
253 defined if struct sockaddr has sa_len field (*BSD)
256 #if defined(__UCLIBC__)
257 #define HAVE_LINUX_NETWORK
258 #if defined(__UCLIBC_HAS_GNU_GETOPT__) || \
259 ((__UCLIBC_MAJOR__==0) && (__UCLIBC_MINOR__==9) && (__UCLIBC_SUBLEVEL__<21))
260 # define HAVE_GETOPT_LONG
262 #undef HAVE_SOCKADDR_SA_LEN
263 #if defined(__UCLIBC_HAS_IPV6__)
265 # define IPV6_V6ONLY 26
269 /* This is for glibc 2.x */
270 #elif defined(__linux__)
271 #define HAVE_LINUX_NETWORK
272 #define HAVE_GETOPT_LONG
273 #undef HAVE_SOCKADDR_SA_LEN
275 #elif defined(__FreeBSD__) || \
276 defined(__OpenBSD__) || \
277 defined(__DragonFly__) || \
278 defined(__FreeBSD_kernel__)
279 #define HAVE_BSD_NETWORK
280 /* Later versions of FreeBSD have getopt_long() */
281 #if defined(optional_argument) && defined(required_argument)
282 # define HAVE_GETOPT_LONG
284 #define HAVE_SOCKADDR_SA_LEN
286 #elif defined(__APPLE__)
287 #define HAVE_BSD_NETWORK
288 #define HAVE_GETOPT_LONG
289 #define HAVE_SOCKADDR_SA_LEN
291 /* Define before sys/socket.h is included so we get socklen_t */
292 #define _BSD_SOCKLEN_T_
293 /* Select the RFC_3542 version of the IPv6 socket API.
294 Define before netinet6/in6.h is included. */
295 #define __APPLE_USE_RFC_3542
296 /* Required for Mojave. */
298 # define SOL_TCP IPPROTO_TCP
302 #elif defined(__NetBSD__)
303 #define HAVE_BSD_NETWORK
304 #define HAVE_GETOPT_LONG
305 #define HAVE_SOCKADDR_SA_LEN
307 #elif defined(__sun) || defined(__sun__)
308 #define HAVE_SOLARIS_NETWORK
309 #define HAVE_GETOPT_LONG
310 #undef HAVE_SOCKADDR_SA_LEN
311 #define ETHER_ADDR_LEN 6
315 /* rules to implement compile-time option dependencies and
327 #if defined(NO_DHCP6)
331 /* DHCP6 needs DHCP too */
336 #if defined(NO_SCRIPT)
338 #undef HAVE_LUASCRIPT
341 /* Must HAVE_SCRIPT to HAVE_LUASCRIPT */
342 #ifdef HAVE_LUASCRIPT
350 #if defined(NO_IPSET)
362 #if defined (HAVE_LINUX_NETWORK) && !defined(NO_INOTIFY)
366 /* Define a string indicating which options are in use.
367 DNSMASQ_COMPILE_OPTS is only defined in dnsmasq.c */
369 #ifdef DNSMASQ_COMPILE_OPTS
371 static char *compile_opts =
373 #ifndef HAVE_GETOPT_LONG
377 #ifdef HAVE_BROKEN_RTC
392 #if defined(HAVE_LIBIDN2)
395 #if !defined(HAVE_IDN)
404 #if defined(HAVE_DHCP)
405 # if !defined (HAVE_DHCP6)
410 #if !defined(HAVE_SCRIPT)
413 # if !defined(HAVE_LUASCRIPT)
422 #ifndef HAVE_CONNTRACK
438 #if !defined(HAVE_CRYPTOHASH) && !defined(HAVE_DNSSEC)
457 #ifndef HAVE_DUMPFILE
462 #endif /* defined(HAVE_DHCP) */