Read-only TFTP with dnsmasq

In a previous post we talked about dnsmasq’s DNS caching capabilities. Here we’ll talk about the Trivial File Transfer Protocol server included in the dnsmasq utility. Note that this is a read-only TFTP server, and the reason it’s included in dnsmasq is that if you combine it with its  DHCP functionality you can set up a PXE server.


All the required configuration can be done through the configuration file /etc/dnsmasq.conf. As soon as you install and start the dnsmasq process the DNS caching functionality launches. If you want to disable that and use just the TFTP part of dnsmasq you have to set the port value to 0 as follows in the configuration file:


The TFTP configuration has five options which I am pasting here with the corresponding comments:

# Enable dnsmasq's built-in TFTP server

# Set the root directory for files available via FTP.

# Do not abort if the tftp-root is unavailable

# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.

# This option stops dnsmasq from negotiating a larger blocksize for TFTP
# transfers. It will slow things down, but may rescue some broken TFTP
# clients.

You can enable the options that make sense for your use case, but at the bare minimum you have to enable tftp (enable-tftp) and specify a root directory (tftp-root).

Once you are done you need to restart the dnsmasq daemon in order to pick up the new options:

systemctl restart dnsmasq


We need to create the directory /var/ftpd that we specified as the tftp-root directory in the configuration file with:

mkdir /var/ftpd

If you put a file in that directory (e.g. file_server.txt) it will be downloadable by an TFTP client that has access to this server. Here is an example of downloading that file:

tftp> connect
tftp> get file_server.txt
Received 19 bytes in 0.0 seconds

If you try to upload a file to the dnsmasq TFTP server you will get an error:

tftp> connect
tftp> put file_client.txt
Error code 4: unsupported request from

As we said, the dnsmasq TFTP server is read only, and can’t accept any files.

If you enabled the tftp-secure option in the configuration file, then you have to make sure that the owner of the files that can be downloaded is the same as the user that dnsmasq runs as. Dnsmasq runs as user dnsmasq, so any files (e.g. file_server.txt) have to be owned by dnsmasq. Here is the command you can set that up with:

chown dnsmasq file_server.txt

gt; ls -l
total 4
-rw-r--r-- 1 dnsmasq root 18 Nov 11 11:52 file_server.txt
That’s it for dnsmasq’s TFTP. It’s a fairly easy set up (like most TFTP servers), but it’s read-only - reason being, for PXE booting you only need to read from the TFTP server. Stay tuned, the next couple of Linux-related blog posts will be about dnsmasq’s DHCP and PXE.


decoration image

Get your free trial now

Monitor your network from the user perspective

You can share

Twitter Linkedin Facebook

Let's keep in touch

decoration image