diff --git a/roles/dnsmasq/README.md b/roles/dnsmasq/README.md
new file mode 100644
index 0000000..d4329d4
--- /dev/null
+++ b/roles/dnsmasq/README.md
@@ -0,0 +1,25 @@
+Install and configure dnsmasq with support for external DNS updates.
+
+Leases are offered from IP ranges defined in NetBox with the role `DHCP pool`. For each range a prefix should be defined with the custom properties:
+
+    {
+        "gateway": <gateway IP address>,
+        "dhcp_ranges": <list of IP ranges>,
+        "dhcp_server": <server IP address>
+    }
+
+To create a reservation for a device, ensure it has the primary IP address with the status `DHCP` inside some DHCP range. The primary MAC address of the corresponding interface should also be defined.
+
+Custom reservations can also be specified in the local context of the DHCP server, for example:
+
+    {
+        "reservations": [
+            { "host": "foo", "ip": "10.0.1.101", "mac": "12:23:34:45:56:67" },
+            { "host": "bar", "ip": "10.0.2.102", "mac": "ab:bc:cd:de:ef:f0" },
+            …
+        ]
+    }
+
+For updating DNS records, a kerberos ticket is created at first setup and then renewed on updates. The password file should contain the keys `ldap_user` and `ldap_pass` to create the initial ticket.
+
+The default dnsmasq leasefile implementation performs poorly with many entries on slow storage, so we replace it with an sqlite database.