Linux for Network Engineers: Read-only TFTP with Dnsmasq

By November 13, 2019Linux

In a previous post we talked about dnsmasq’s DNS caching capabilities. Here we’ll talk about the Trivial File Transfer Protocol server included in the dnsmasq utility. Note that this is a read-only TFTP server, and the reason it’s included in dnsmasq is that if you combine it with its  DHCP functionality you can set up a PXE server.


All the required configuration can be done through the configuration file /etc/dnsmasq.conf. As soon as you install and start the dnsmasq process the DNS caching functionality launches. If you want to disable that and use just the TFTP part of dnsmasq you have to set the port value to 0 as follows in the configuration file:

The TFTP configuration has five options which I am pasting here with the corresponding comments:

You can enable the options that make sense for your use case, but at the bare minimum you have to enable tftp (enable-tftp) and specify a root directory (tftp-root).

Once you are done you need to restart the dnsmasq daemon in order to pick up the new options:


We need to create the directory /var/ftpd that we specified as the tftp-root directory in the configuration file with:

If you put a file in that directory (e.g. file_server.txt) it will be downloadable by an TFTP client that has access to this server. Here is an example of downloading that file:

If you try to upload a file to the dnsmasq TFTP server you will get an error:

As we said, the dnsmasq TFTP server is read only, and can’t accept any files.

If you enabled the tftp-secure option in the configuration file, then you have to make sure that the owner of the files that can be downloaded is the same as the user that dnsmasq runs as. Dnsmasq runs as user dnsmasq, so any files (e.g. file_server.txt) have to be owned by dnsmasq. Here is the command you can set that up with:

That’s it for dnsmasq’s TFTP. It’s a fairly easy set up (like most TFTP servers), but it’s read-only – reason being, for PXE booting you only need to read from the TFTP server. Stay tuned, the next couple of Linux-related blog posts will be about dnsmasq’s DHCP and PXE.