diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 index 1c3dfeb..a519fdb 100644 --- a/man/dnsmasq.8 +++ b/man/dnsmasq.8 @@ -574,9 +574,11 @@ needed for a client to do validation itself. .TP .B --auth-zone=[,[/][,[/].....]] Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain -will be served, except that A and AAAA records must be in one of the +will be served. A and AAAA records must be in one of the specified subnets, or in a subnet corresponding to a constructed DHCP -range. The subnet(s) are also used to define in-addr.arpa and +range. (This can be overridden with +.B constructor-noauth: +) The subnet(s) are also used to define in-addr.arpa and ipv6.arpa domains which are served for reverse-DNS queries. If not specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6. For IPv4 subnets, the prefix length should be have the value 8, 16 or 24 @@ -660,6 +662,12 @@ equal either the start or end address given in the dhcp-range. This is to prevent prefixes becoming perpetual if the interface gains a SLAAC address for the prefix when it is advertised by dnsmasq. +There is a variant of the constructor: syntax using the keyword +.B constructor-noauth. +See +.B --auth-zone +for an explanation of this. + The optional .B set: sets an alphanumeric label which marks this network so that diff --git a/src/auth.c b/src/auth.c index b08f85c..af2171c 100644 --- a/src/auth.c +++ b/src/auth.c @@ -54,6 +54,7 @@ static int filter_constructed_dhcp(struct auth_zone *zone, int flag, struct all_ if (flag & F_IPV6) for (context = daemon->dhcp6; context; context = context->next) if ((context->flags & CONTEXT_CONSTRUCTED) && + !(context->flags & CONTEXT_NOAUTH) && is_same_net6(&(addr_u->addr.addr6), &context->start6, context->prefix)) return 1; #endif diff --git a/src/dnsmasq.h b/src/dnsmasq.h index b7ca20e..5a82705 100644 --- a/src/dnsmasq.h +++ b/src/dnsmasq.h @@ -731,6 +731,7 @@ struct dhcp_context { #define CONTEXT_RA 8192 #define CONTEXT_CONF_USED 16384 #define CONTEXT_USED 32768 +#define CONTEXT_NOAUTH 65536 struct ping_result { struct in_addr addr; diff --git a/src/option.c b/src/option.c index 25bbf48..56735ae 100644 --- a/src/option.c +++ b/src/option.c @@ -2409,6 +2409,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma new->template_interface = opt_string_alloc(a[leasepos] + 12); new->flags |= CONTEXT_TEMPLATE; } + else if (strstr(a[leasepos], "constructor-noauth:") == a[leasepos]) + { + new->template_interface = opt_string_alloc(a[leasepos] + 19); + new->flags |= CONTEXT_TEMPLATE | CONTEXT_NOAUTH; + } else break; }