Certain options in the dnsmasq configuration were added between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Some of these changes may be helpful in your dnsmasq configuration.



IPv6 support for DHCP has been added:
-------------------------------------
The dnsmasq version distributed in Red Hat Enterprise Linux 7 now supports DHCPv6 protocol.
The DHCPv6 server provides the same set of functionality as the DHCPv4
server. In addition, it supports the following features:
- Router advertisements
- A feature that allows naming for clients which use DHCPv4 for IPv4 configuration,
   and only stateless auto-configuration for IPv6 configuration.
- Address allocation (both DHCPv6 and router advertisements) from subnets
   that are dynamically delegated via DHCPv6 prefix delegation.


A new '--bind-dynamic' dnsmasq network mode has been added:
---------------------------------------------------------
A new 'bind-dynamic' network mode has been added into the dnsmasq version
distributed in Red Hat Enterprise Linux 7.
The new network mode, which is a hybrid between '--bind-interfaces' and the default
dnsmasq, will bind to addresses of individual interfaces, allowing multiple dnsmasq
instances. If new interfaces or addresses appear on the system, it will automatically
bind to them and start listening (this behavior is subject to any access-control
configuration). This makes dynamically created interfaces work in the same way
as the default.



The following configuration options have been added:

'--tag-if=set:<tag>[,set:<tag>[,tag:<tag>[,tag:<tag>]]]'
--------------------------------------------------------
The '--tag-if' option has been added to enable boolean operations on tags.
Any tag appearing as 'set:<tag>' is set if all the tags which appear as
'tag:<tag>' are set (or unset when 'tag:!<tag>' is used). If there is no
'tag:<tag>' after 'set:<tag>', tags are set unconditionally. It is possible
to use multiple 'set:' and 'tag:' arguments in any order.
The '--tag-if' statements are processed in the same order they appear in the
configuration, so if the <tag> in 'tag:<tag>' is a tag set by another
'--tag-if' statement, the statement that sets the <tag> must precede
the one that tests it.


'--dhcp-proxy[=<ip addr>]...'
-----------------------------
Note: This option applies to IPv4 only.
A normal DHCP relay agent is only used to forward the initial parts of
the DHCP interaction to the DHCP server. Once the client is fully configured,
it communicates directly with the server.
A full DHCP relay server can use the (RFC 5107) 'serverid-override' option
to force the DHCP server to use the relay as a full proxy, with all packets
passing through it.
The '--dhcp-proxy' option has been added to provide an alternative method
of doing the same thing, for relays which do not support RFC 5107. 
Given alone, it manipulates the server-id for all interactions via relays.
If a list of IP addresses is given, only interactions via relays with given
addresses are affected.


'--dhcp-generate-names=tag:<tag>[,tag:<tag>]'
---------------------------------------------
Note: This option applies to IPv4 only.
The '--dhcp-generate-names' option has been added, which instructs dnsmasq
to generate a name for each DHCP client that does not otherwise have one.
The name is generated using the MAC address expressed in a hexadecimal form,
separated by dashes.
Note that if the host provides a name, it will be preferred to the generated
one, unless the '--dhcp-ignore-names' option is used.


'--max-ttl=<time>'
------------------
The '--max-ttl=<time>' option has been added to instruct dnsmasq to set
the maximum TTL value of the DNS answer that will be passed to clients.
The specified maximum TTL will be set in the DNS answer to clients instead
of the true TTL value, if the true TTL value is higher. However, the true TTL value
is kept in the cache to avoid flooding of upstream DNS servers.


'--rebind-localhost-ok'
-----------------------
The '--rebind-localhost-ok' option has been added to except 127.0.0.1/8
address range from rebinding checks. This address range is returned by
real-time black hole servers, so blocking it may disable these services.


'--rebind-domain-ok=[<domain>]|[[/<domain>/[<domain>/]'
-------------------------------------------------------
The '--rebind-domain-ok' option has been added to disable detection
and blocking of dns-rebind on queries to given domains. The argument
may be either a single domain, or multiple domains surrounded and
separated by a forward slash (/).


'--dhcp-sequential-ip'
----------------------
The '--dhcp-sequential-ip' option has been added to instruct the DHCP server
to assign IP addresses to DHCP clients sequentially. The address allocation
starts from the lowest available address.
Note that in the sequential mode, the clients that allow their lease to expire
are much more likely to get their IP address changed.


'--add-mac'
-----------
The '--add-mac' option has been added to enable adding the MAC address of the
DNS client to DNS queries that are forwarded to upstream servers. This may
be used for filtering purposes by the upstream server. The MAC address can
be added only if the DNS client is on the same subnet as the dnsmasq server.
Note that the mechanism used to achieve this (the 'EDNS0'  option) is  not  yet
standardised, therefore it should be considered experimental. Also note that
exposing MAC addresses in this way might have SECURITY and PRIVACY implications.


'--tftp-lowercase'
------------------
The '--tftp-lowercase' option instructs the TFTP server to convert filenames
in TFTP requests to lowercase. This is useful for requests from machines that do not use the case sensitive file system. 


'--dhcp-client-update'
----------------------
By default, dnsmasq sets a flag in the 'FQDN' option, when giving a DHCP lease,
to tell the client not to attempt a DDNS update with its name and IP address.
This flag disables this default behaviour.


'--dhcp-duid=<enterprise-id>,<uid>'
-----------------------------------
Note: This option applies to IPv6 only.
The '--dhcp-duid' option has been added to enable specification of the persistent
UID used by the DHCPv6 server. This option is not normally required as dnsmasq creates
a DUID automatically when first needed. If used, this option provides dnsmasq
the data required to create a DUID-EN type DUID. The <enterprise-id> is assigned
by IANA, and the <uid> is a string of hexadecimal octets unique to a particular device.


'--host-record=<name>[,<name>....],[<IPv4-address>],[<IPv6-address>]'
--------------------------------------------------------------------
The '--host-record' option enables the user to add A, AAAA and PTR records to the DNS.
It adds one or more names to the DNS with associated IPv4 (A) and IPv6 (AAAA) records.
The same name may appear in multiple host-record statements. This will result in the assignment
of multiple addresses to the same name. Only the first address creates a PTR record
linking the address to the name.


'--dns-rr=<name>,<RR-number>,[<hex data>]'
------------------------------------------
The '--dns-rr' option enabled dnsmasq to return an arbitrary DNS Resource Record.
The <RR-number> is the type of the record (which is always of the IN class). The value
of the record is given by the <hex data>, which may be in the following forms: "01:23:45", "01 23 45", "012345", or a mixture of them.


'--max-cache-ttl=<time>'
------------------------
The '--max-cache-ttl' option can be used to set the maximum TTL value of cached
DNS answers.


'--ipset=/<domain>/[domain/]<ipset>[,<ipset>]'
----------------------------------------------
The '--ipset' option can be used to place the resolved IP addresses of queries
for specified domains in the specified netfilter ipsets. These ipsets must already exist.
For more information, see the ipset(8) man page.



For more information about dnsmasq, see the dnsmasq(8) man pages.
