dnsmasq DHCP Config Generator

Listen interface:

Use the interface attached to the DHCP broadcast domain.

Scope network CIDR:

Enter the IPv4 network for this scope, for example 10.44.60.0/24.

DHCP pool range:

Keep router, servers, and fixed reservations outside the dynamic pool where practical.

Lease time:

Short leases are useful while testing; longer leases reduce churn once the scope is stable.

Router option:

Leave blank only for an isolated lab segment that should not receive a default route.

DNS servers:

Use the dnsmasq host address or dedicated resolver IPs for this VLAN.

Local domain:

Use the local suffix clients should receive, such as lab.internal.

Emit local DNS zone helpers

Adds domain-needed, bogus-priv, local, expand-hosts, domain-name, and domain-search lines.

Mark DHCP authoritative

Use only when dnsmasq is the intended DHCP authority for this broadcast domain.

Bind to selected interface

Adds bind-interfaces so dnsmasq listens only where this scope should be served.

Static reservations:

One reservation per line using mac,ip,hostname,lease. Leave blank if this scope has no fixed hosts.

Samples stay local and replace the current form.

NTP servers:

Use when clients should receive time servers through DHCP option 42.

Classless static routes:

One route per line, for example 10.55.0.0/16,10.44.60.254.

Extra DHCP options:

Use for site-specific options such as wpad, tftp-server, or vendor settings.

Enable PXE/TFTP boot lines

Adds enable-tftp, tftp-root, architecture matching, and BIOS/UEFI boot files.

TFTP root:

The dnsmasq process must be able to read files under this path.

BIOS boot file:

Common examples include pxelinux.0 or undionly.kpxe.

UEFI x64 boot file:

Common examples include grubnetx64.efi.signed, bootx64.efi, or ipxe.efi.

Fix blocking configuration issues

{{ error }}

{{ result.config }}

Field	Value	Directive	Operator note	Copy
{{ row.field }}	{{ row.value }}	`{{ row.directive }}`	{{ row.note }}

Host	MAC	IP	Lease	dnsmasq line	Copy
{{ row.hostname \|\| 'unnamed host' }}	`{{ row.mac }}`	`{{ row.ip }}`	{{ row.lease \|\| 'scope default' }}	`{{ row.directive }}`

No static reservations are configured.

Severity	Check	Detail	Recommendation	Copy
{{ row.severity }}	{{ row.check }}	{{ row.detail }}	{{ row.recommendation }}

Export to PDF Fullscreen

Embed:

Customize

Include current inputs

Size

Advanced

Width

Height

Aspect ratio

Max height

Collapsible embed

Allow fullscreen

Referrer policy

Sandbox tokens

dnsmasq is often used where a full enterprise DHCP platform would be heavier than the job requires. A lab VLAN, build network, small office segment, router appliance, or PXE bench may need one readable configuration file that says which interface answers DHCP, which IPv4 addresses can be leased, and which client options should be handed out.

A DHCP scope is more than a start and end address. The router option, DNS resolvers, local domain suffix, static reservations, lease duration, and optional boot settings all affect what a client can do after it receives an address. A config that looks tidy can still be unsafe if the gateway is inside the dynamic pool, a reservation is outside the subnet, or PXE boot files are named for the wrong client type.

Diagram of a dnsmasq DHCP scope with one interface, dynamic pool, fixed reservations, DNS options, classless routes, extra options, and optional PXE/TFTP directives.

A generated dnsmasq file should be treated as a draft for review, not as permission to restart a live service. dnsmasq can test syntax before deployment, but syntax checking does not prove that the router exists on the segment, the interface name is correct, or the address plan matches the IP address management record.

The safest workflow is to build one scope, inspect the validation review, compare the output with the real subnet design, and only then place the result under an included dnsmasq configuration directory.

Technical Details:

A dnsmasq DHCPv4 scope begins with the interface and address plan. The interface limits where dnsmasq listens, while the CIDR prefix determines the network address, broadcast address, and netmask that appear in the range directive. The dynamic pool is the inclusive start-to-end range that can be leased to ordinary clients.

Client options are delivered as DHCP option directives. The router option tells clients which default gateway to install, DNS server options name resolvers, NTP server options provide time sources, and option 121 carries classless static routes as destination-and-gateway pairs. Static reservations use hardware addresses to bind known clients to fixed addresses and optional hostnames.

PXE support adds a second concern: DHCP still assigns addresses, but boot clients also need TFTP and boot-file instructions. The generated PXE form separates BIOS boot filenames from x86-64 EFI boot filenames by matching DHCP client architecture values before emitting tagged boot lines.

Rule Core:

dnsmasq DHCP configuration rule core
Configuration part	Generated directive pattern	Rule to verify
Served interface	`interface=br0` and optional `bind-interfaces`	Use the Linux interface attached to the broadcast domain. A long or unusual name is flagged for review.
Dynamic pool	`dhcp-range=start,end,netmask,lease`	CIDR must be IPv4 prefix notation from `/1` through `/32`; start must not be higher than end.
Router and DNS	`dhcp-option=option:router,...` and `option:dns-server`	IPv4 values must use dotted-quad notation. Missing router or DNS values are allowed, but warnings explain the client impact.
Local DNS zone	`domain`, `local`, `expand-hosts`, `domain-name`, and `domain-search`	The domain must be a safe DNS suffix with plain labels. Underscores, protocol text, paths, and spaces are rejected.
Static reservation	`dhcp-host=mac,hostname,ip,lease`	Input rows use `mac,ip,hostname,lease`. Hostname and lease are optional, and duplicate MAC or IP values are warnings.
Advanced options	`option:ntp-server`, `121`, or custom `dhcp-option`	NTP servers and route gateways must be IPv4 addresses. Extra option values must avoid spaces, quotes, and commas.
PXE and TFTP	`enable-tftp`, `tftp-root`, `dhcp-match`, and `dhcp-boot`	The TFTP root must be an absolute path, and BIOS or UEFI filenames must be simple TFTP-relative tokens.

Validation Boundaries:

Validation boundaries for dnsmasq DHCP configuration generation
Check	Blocking condition	Warning condition
CIDR and pool	Malformed CIDR, invalid IPv4 pool address, or start address higher than end address.	Host bits in the CIDR are normalized, the prefix is longer than `/30`, or the pool touches network or broadcast addresses.
Address placement	Reservation or dynamic pool endpoints outside the selected scope.	Router outside the scope, router inside the dynamic pool, or reservation inside the dynamic pool.
Lease syntax	Anything except `infinite` or a number followed by `s`, `m`, `h`, `d`, or `w`.	No separate warning; invalid lease values are treated as errors.
Reservations	Invalid MAC address, invalid IPv4 address, unsafe hostname, or invalid row-specific lease.	Duplicate MAC or IP entries and reserved addresses that overlap the dynamic pool.
Optional services	Invalid local domain, unsafe extra option value, invalid route destination, invalid TFTP root, or unsafe boot filename.	Classless route gateway outside the scope, enabled authoritative mode, or enabled PXE mode that needs file checks.

The output is deterministic for a given set of values. The same inputs produce the same dnsmasq config text, Scope Audit rows, Reservation Ledger rows, Validation Review entries, and JSON payload.

Everyday Use & Decision Guide:

Start with the address plan you would put in a change ticket: Listen interface, Scope network CIDR, DHCP pool range, Lease time, Router option, and DNS servers. For a lab VLAN, a first pass like vlan60, 10.44.60.0/24, 10.44.60.100 to 10.44.60.210, and 6h makes the intended lease block easy to review.

Keep infrastructure outside the dynamic pool where practical. Routers, boot servers, jump hosts, printers, and controllers are easier to audit when they sit in fixed address space and appear as static reservations or external static assignments rather than ordinary leased clients.

Use Lab sample to return to the default non-PXE scope when you want a clean baseline.
Use PXE sample when the scope needs TFTP boot lines, architecture matching, and BIOS plus UEFI filenames.
Turn on Emit local DNS zone helpers only when dnsmasq should also help with a local suffix such as lab.internal.
Use Mark DHCP authoritative only when this dnsmasq instance owns the broadcast domain.
Keep Bind to selected interface on when the host has other interfaces that should not serve this scope.
Add Classless static routes only for destinations clients truly need beyond the default route.
Use Extra DHCP options for simple site-specific values such as WPAD, TFTP, or vendor options that dnsmasq can express as dhcp-option.

The result is a good fit for drafting a dnsmasq scope before a lab build, small VLAN rollout, router migration, or PXE bench. It is a poor fit for proving that a live daemon is serving traffic, that relay agents forward requests, or that another DHCP server is absent from the same broadcast domain.

Use Validation Review before copying anything. Errors should be fixed before deployment, and warnings deserve a deliberate decision rather than a quick copy from dnsmasq Config.

Step-by-Step Guide:

Build the scope from network ownership first, then add options and boot support only where they are needed.

Enter Listen interface. If the name is blank, unsafe, or unusually long, Validation Review flags the interface before you rely on the config.
Enter Scope network CIDR and the two DHCP pool range addresses. The summary updates with the normalized scope and dynamic lease count when the addresses parse cleanly.
Set Lease time, Router option, and DNS servers. Use values such as 30m, 12h, 2d, or infinite for leases.
Enter Local domain and decide whether Emit local DNS zone helpers should add local DNS and DHCP domain-search lines.
Add Static reservations as one CSV row per host using mac,ip,hostname,lease. If a row is invalid, the Reservation Ledger marks its directive as not emitted until the row validates.
Open Advanced for NTP servers, Classless static routes, Extra DHCP options, or Enable PXE/TFTP boot lines.
Review Scope Audit for normalized network, netmask, broadcast, emitted directive names, and operator notes.
Fix any Fix blocking configuration issues message. Common recovery steps are using IPv4 dotted-quad notation, moving the pool inside the CIDR, correcting lease syntax, or removing spaces from option values.
Copy dnsmasq Config only after Validation Review has no errors and the warnings match decisions you are ready to defend.

Interpreting Results:

The summary is the fastest health check. dnsmasq config ready means no blocking validation errors are present. Review dnsmasq scope means at least one error needs attention before the output should be applied.

The config text is not the only result worth checking. Scope Audit explains what each directive represents, Reservation Ledger shows every fixed host row, and Validation Review separates errors from warnings, informational notes, and pass status.

How to interpret dnsmasq DHCP configuration results
Output cue	Meaning	Useful follow-up
`fix required`	At least one validation error exists.	Resolve the listed issue before using the generated file.
`warnings`	The config may be syntactically usable, but an address, authority, or deployment assumption needs review.	Check the named warning in `Validation Review` and record why it is acceptable.
`PXE enabled`	TFTP and boot directives will be emitted when the PXE fields validate.	Confirm the TFTP root exists and the BIOS and UEFI files are readable by dnsmasq.
`dynamic leases`	The inclusive address count from pool start through pool end.	Compare it with expected client demand and reservations before deciding that the scope is large enough.

A clean generated file does not prove the live network is safe. Test the file with dnsmasq --test, verify that no other DHCP authority answers on the segment, and confirm the router, DNS, TFTP, and static-host addresses against the actual network plan.

Worked Examples:

Lab VLAN with fixed build hosts

A scope on br0 with 10.44.60.0/24, pool 10.44.60.100 to 10.44.60.220, lease 12h, router 10.44.60.1, and two DNS servers produces a ready summary when reservations such as 52:54:00:60:10:11,10.44.60.20,lab-pxe01,infinite validate. dnsmasq Config includes the pool, router option, DNS option, local domain helpers, and dhcp-host lines.

PXE bench with classless route

Choosing PXE sample sets vlan60, narrows the pool to 10.44.60.100 through 10.44.60.210, adds 10.55.0.0/16,10.44.60.254 as a classless route, and enables TFTP under /srv/tftp. The output includes enable-tftp, two x86-64 EFI architecture matches, tagged UEFI boot, and an untagged BIOS boot filename.

Router accidentally placed inside the pool

If the router is 10.44.60.120 while the pool remains 10.44.60.100 through 10.44.60.220, Validation Review reports Router inside pool. Move the pool boundary or change the router address before applying the config, because a client could otherwise receive the gateway address as a lease.

Invalid reservation row

A reservation like 52-54-00-60-10-11,10.44.61.20,lab.pxe01,forever has several problems: the IP is outside 10.44.60.0/24, the hostname is not a safe single label, and forever is not valid lease syntax. The row remains visible in Reservation Ledger, but its directive is withheld until the values are corrected.

FAQ:

Can this produce more than one DHCP scope?

No. The form builds one IPv4 scope for one listen interface. Create and review separate configs when different VLANs or interfaces need separate pools.

Why did the config still show a line when warnings exist?

Warnings are review prompts, not always syntax blockers. For example, authoritative mode and PXE mode can be valid choices, but Validation Review still asks you to confirm ownership of the segment and boot-file readiness.

What lease formats are accepted?

Use infinite or a number followed by s, m, h, d, or w, such as 30m, 12h, or 2d.

Why is my reservation not emitted?

A reservation needs a valid MAC address and IPv4 address. Hostname and lease are optional, but if they are present they must use a safe single-label hostname and valid lease syntax.

Does this check my running dnsmasq service?

No. It generates and reviews text from the values entered in the form. It does not query a daemon, inspect leases, test relay agents, or prove that another DHCP server is absent.

Do entered addresses leave the browser?

The calculation and text generation run in the browser from the current form state. The tool does not require a server-side lookup to build the config, audit rows, reservation rows, review rows, or JSON payload.

Glossary:

dnsmasq: A lightweight DNS, DHCP, router-advertisement, and TFTP service commonly used on small networks and lab hosts.
DHCP scope: The address pool and client options a DHCP server offers on a network segment.
Dynamic pool: The inclusive address range available for automatic DHCP leases.
Static reservation: A fixed DHCP assignment tied to a MAC address and optional hostname.
Classless static route: A DHCP option 121 route that sends a destination CIDR and gateway to clients.
PXE: Preboot Execution Environment, a network boot method that uses DHCP information and boot files.
TFTP root: The directory dnsmasq serves through its built-in read-only TFTP service when PXE/TFTP is enabled.

References:

dnsmasq man page, Simon Kelley.
dnsmasq documentation, Simon Kelley.
Dynamic Host Configuration Protocol, IETF RFC 2131, March 1997.
The Classless Static Route Option for Dynamic Host Configuration Protocol version 4, IETF RFC 3442, December 2002.
Dynamic Host Configuration Protocol (DHCP) Options for the Intel Preboot eXecution Environment (PXE), IETF RFC 4578, November 2006.