The following dnsmaq configuration:
interface={{ ansible_default_ipv4.interface }}
bind-interfaces
domain-needed
bogus-priv
dhcp-authoritative
domain=math.local
local=/math.local/
dhcp-range={{ address_mask | ansible.utils.ipaddr('next_usable') }},{{ address_mask | ansible.utils.ipaddr('last_usable') }},1h
dhcp-option=option:router,{{ ansible_default_ipv4.gateway }}
dhcp-option=option:netmask,{{ ansible_default_ipv4.netmask }}
dhcp-option=option:dns-server,{{ dns_server }}
dhcp-hostsfile=/etc/dnsmasq-hosts.conf
# TFTP configuration
enable-tftp
tftp-root=/var/www/netboot
# PXE configuration (UEFI only)
#dhcp-boot=pxelinux.0
#dhcp-match=set:efi-x86_64,option:client-arch,7
#dhcp-boot=tag:efi-x86_64,bootx64.efi
dhcp-boot=bootx64.efi
provides a DHCP server which send the netboot file /var/www/netboot/bootx64.efi over TFTP to computers booting in UEFI IP4 PXE mode.
Since dnsmasq conflict with the DNS stub resolver provided by systemd-resolved both willing to bind to port 53, the later has to be disabled:
[Resolve]
DNSStubListener=no
and then the service systemd-resolved restarted.
In addition, the symlink /etc/resolv.conf has to be corrected to point to /run/systemd/resolve/resolv.conf and not /run/systemd/resolve/stub-resolv.conf.