diff --git a/src/etc/inc/plugins.inc.d/dnsmasq.inc b/src/etc/inc/plugins.inc.d/dnsmasq.inc
index 7625d1dde..63fe8600f 100644
--- a/src/etc/inc/plugins.inc.d/dnsmasq.inc
+++ b/src/etc/inc/plugins.inc.d/dnsmasq.inc
@@ -101,7 +101,7 @@ function dnsmasq_firewall(\OPNsense\Firewall\Plugin $fw)
global $config;
$mdl = new \OPNsense\Dnsmasq\Dnsmasq();
- if (!$mdl->enable->isEmpty() && !$mdl->dhcp_default_fw_rules->isEmpty()) {
+ if (!$mdl->enable->isEmpty() && !$mdl->dhcp->default_fw_rules->isEmpty()) {
$dhcp_ifs = $mdl->getDhcpInterfaces();
if (empty($dhcp_ifs)) {
return;
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/dialogDHCPrange.xml b/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/dialogDHCPrange.xml
index 958275730..bb9535afd 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/dialogDHCPrange.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/dialogDHCPrange.xml
@@ -44,6 +44,12 @@
textOffer the specified domain to machines in this range.
+
+ range.nosync
+
+ checkbox
+ Ignore this range from being transfered or updated by ha sync.
+ range.description
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/general.xml b/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/general.xml
index 42b63d73e..cb699d15f 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/general.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/forms/general.xml
@@ -111,7 +111,7 @@
- dnsmasq.no_dhcp_interface
+ dnsmasq.dhcp.no_interfaceselect_multipletrue
@@ -120,13 +120,13 @@
- dnsmasq.dhcp_fqdn
+ dnsmasq.dhcp.fqdncheckboxIn the default mode, we insert the unqualified names of DHCP clients into the DNS, in which case they have to be unique. Using this option the unqualified name is no longer put in the DNS, only the qualified name.
- dnsmasq.dhcp_lease_max
+ dnsmasq.dhcp.lease_maxtext1000
@@ -134,23 +134,29 @@
Limits dnsmasq to the specified maximum number of DHCP leases. This limit is to prevent DoS attacks from hosts which create thousands of leases and use lots of memory in the dnsmasq process.
- dnsmasq.dhcp_authoritative
+ dnsmasq.dhcp.authoritativecheckboxShould be set when dnsmasq is definitely the only DHCP server on a network. For DHCPv4, it changes the behaviour from strict RFC compliance so that DHCP requests on unknown leases from unknown hosts are not ignored.
- dnsmasq.dhcp_reply_delay
+ dnsmasq.dhcp.reply_delaytextDelays sending DHCPOFFER and PROXYDHCP replies for at least the specified number of seconds. This can be practical for split dhcp solutions, to make sure the secondary server answers slower than the primary.
- dnsmasq.dhcp_default_fw_rules
+ dnsmasq.dhcp.default_fw_rulescheckboxAutomatically register firewall rules to allow dhcp traffic for all explicitly selected interfaces, can be disabled for more fine grained control if needed. Changes are only effective after a firewall service restart (see system diagnostics).
+
+ dnsmasq.dhcp.nosync
+
+ checkbox
+ Ignore the dhcp general settings from being updated using ha sync.
+ header
diff --git a/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml b/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml
index e72ec3efe..6973113b9 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml
@@ -1,6 +1,6 @@
/dnsmasq
- 1.0.1
+ 1.0.2
@@ -33,22 +33,25 @@
0
-
- Y
-
-
-
- 0
-
-
-
- Y
- 1
-
-
- 0
- 60
-
+
+
+ Y
+
+
+
+ 0
+
+
+
+ Y
+ 1
+
+
+ 0
+ 60
+
+
+ Y1
@@ -153,6 +156,7 @@
YN
+
diff --git a/src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf b/src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf
index 7b22edf24..5add98df4 100644
--- a/src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf
+++ b/src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf
@@ -18,23 +18,27 @@ port={{ dnsmasq.port }}
interface={{helpers.physical_interfaces(dnsmasq.interface.split(','))|join(',')}}
{% endif %}
-{% if dnsmasq.no_dhcp_interface %}
+{% if dnsmasq.dhcp.no_interface %}
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP and TFTP on it.
-no-dhcp-interface={{helpers.physical_interfaces(dnsmasq.no_dhcp_interface.split(','))|join(',')}}
+no-dhcp-interface={{helpers.physical_interfaces(dnsmasq.dhcp.no_interface.split(','))|join(',')}}
{% endif %}
-{% if dnsmasq.dhcp_lease_max %}
-dhcp-lease-max={{dnsmasq.dhcp_lease_max}}
+{% if dnsmasq.dhcp.lease_max %}
+dhcp-lease-max={{dnsmasq.dhcp.lease_max}}
{% endif %}
-{% if dnsmasq.dhcp_fqdn == '1' %}
+{% if dnsmasq.dhcp.fqdn == '1' %}
dhcp-fqdn
{% endif %}
-{% if dnsmasq.dhcp_reply_delay %}
-dhcp-reply-delay={{dnsmasq.dhcp_reply_delay}}
+{% if dnsmasq.dhcp.authoritative == '1' %}
+dhcp-authoritative
+{% endif %}
+
+{% if dnsmasq.dhcp.reply_delay %}
+dhcp-reply-delay={{dnsmasq.dhcp.reply_delay}}
{% endif %}