diff --git a/linux/router/dnsmasq.md b/linux/router/dnsmasq.md
index 99581f5..6b002b7 100644
--- a/linux/router/dnsmasq.md
+++ b/linux/router/dnsmasq.md
@@ -3,7 +3,7 @@
 dnsmasq provides DHCP and DNS services for the network
 
 ## install & config dnsmasq
-m
+
 install with:
 ```
 apt install dnsmasq
@@ -17,6 +17,17 @@ service dnsmasq stop
 
 config file is in `/etc/dnsmasq.conf`. The following settings need to be set:
 ```
+# The following two options make you a better netizen, since they
+# tell dnsmasq to filter out queries which the public DNS cannot
+# answer, and which load the servers (especially the root servers)
+# unnecessarily. If you have a dial-on-demand link they also stop
+# these requests from bringing up the link unnecessarily.
+
+# Never forward plain names (without a dot or domain part)
+domain-needed
+# Never forward addresses in the non-routed address spaces.
+bogus-priv
+
 # Add local-only domains here, queries in these domains are answered
 # from /etc/hosts or DHCP only.
 local=/mar.alemor.org/
@@ -27,9 +38,14 @@ local=/mar.alemor.org/
 # Repeat the line for more than one interface.
 interface=lan0
 
-# If you don't want dnsmasq to read /etc/hosts, uncomment the
-# following line.
-no-hosts
+# On systems which support it, dnsmasq binds the wildcard address,
+# even when it is listening on only some interfaces. It then discards
+# requests that it shouldn't reply to. This has the advantage of
+# working even when interfaces come and go and change address. If you
+# want dnsmasq to really bind only the interfaces it is listening on,
+# uncomment this option. About the only time you may need this is when
+# running another nameserver on the same machine.
+bind-interfaces 
 
 # Set this (and domain: see below) if you want to have a domain
 # automatically added to simple names in a hosts-file.
@@ -46,7 +62,7 @@ domain=mar.alemor.org,192.168.82.0/24
 dhcp-range=192.168.82.50,192.168.82.150,12h
 
 # Set the limit on DHCP leases, the default is 150
-dhcp-lease-max=150
+dhcp-lease-max=100
 
 # Set the DHCP server to authoritative mode. In this mode it will barge in
 # and take over the lease for any client which broadcasts on the network,
@@ -83,14 +99,3 @@ then take the interface down and bring it back up with:
 ifdown lan0
 ifup lan0
 ```
-
-## Configure NetworkManager
-
-If you want the router itself to also send DNS requests through dnsmasq, you need to configure NetworkManager to use dnsmasq. Edit the file `/etc/NetworkManager/NetworkManager.conf`, and under the header `[main]` add the line:
-```
-dns=dnsmasq
-```
-then restart NetworkManager to make the changes take effect:
-```
-systemctl restart NetworkManager
-```