Allow interface name to specify subnets in --auth-zone.

1 files changed, 22 insertions, 17 deletions

diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 123c98f..deb3eb6 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -589,10 +589,19 @@ needed for a client to do validation itself.
 .B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....]]
 Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain
 will be served. A and AAAA records must be in one of the
-specified subnets, or in a subnet corresponding to a constructed DHCP
-range. (This can be overridden with 
-.B constructor-noauth:
-) The subnet(s) are also used to define in-addr.arpa and
+specified subnets. As alternative to directly specifying the subnets, it's possible to
+give the name of an interface, in which case the subnets implied by
+that interface's configured addresses and netmask/prefix-length are
+used; this is useful when using constructed DHCP ranges as the actual
+address is dynamic and not known when configuring dnsmasq. The
+interface addresses may be confined to only IPv6 addresses using
+<interface>/6 or to only IPv4 using <interface>/4. This is useful when
+an interface has dynamically determined global IPv6 addresses which should
+appear in the zone, but RFC1918 IPv4 addresses which should not.
+Interface-name and address-literal subnet specifications may be used
+freely in the same --auth-zone declaration.
+
+The subnet(s) are also used to define in-addr.arpa and
 ipv6.arpa domains which are served for reverse-DNS queries. If not
 specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6.
 For IPv4 subnets, the prefix length should be have the value 8, 16 or 24
@@ -680,12 +689,6 @@ then the address can be simply ::
 .B --dhcp-range=::,constructor:eth0
 
 
-There is a variant of the constructor: syntax using the keyword
-.B constructor-noauth.
-See 
-.B --auth-zone
-for an explanation of this.
-
 The optional 
 .B set:<tag> 
 sets an alphanumeric label which marks this network so that
@@ -1959,18 +1962,20 @@ IPv4 and IPv6 addresses from /etc/hosts (and
 .B --addn-hosts
 ) and
 .B --host-record
+and 
+.B --interface-name
 provided the address falls into one of the subnets specified in the
 .B --auth-zone.
 .PP
-Addresses specified by 
-.B --interface-name.
-In this case, the address is not contrained to a subnet from
-.B --auth-zone. 
-
-.PP
 Addresses of DHCP leases, provided the address falls into one of the subnets specified in the
+.B --auth-zone.
+(If contructed DHCP ranges are is use, which depend on the address dynamically 
+assigned to an interface, then the form of
 .B --auth-zone
-OR a constructed DHCP range. In the default mode, where a DHCP lease
+which defines subnets by the dynamic address of an interface should
+be used to ensure this condition is met.)
+.PP 
+In the default mode, where a DHCP lease
 has an unqualified name, and possibly a qualified name constructed
 using 
 .B --domain