|
version 1.1.1.1, 2013/07/29 19:37:40
|
version 1.1.1.3, 2016/11/02 09:57:01
|
|
Line 1
|
Line 1
|
| |
version 2.76 |
| |
Include 0.0.0.0/8 in DNS rebind checks. This range |
| |
translates to hosts on the local network, or, at |
| |
least, 0.0.0.0 accesses the local host, so could |
| |
be targets for DNS rebinding. See RFC 5735 section 3 |
| |
for details. Thanks to Stephen Röttger for the bug report. |
| |
|
| |
Enhance --add-subnet to allow arbitrary subnet addresses. |
| |
Thanks to Ed Barsley for the patch. |
| |
|
| |
Respect the --no-resolv flag in inotify code. Fixes bug |
| |
which caused dnsmasq to fail to start if a resolv-file |
| |
was a dangling symbolic link, even of --no-resolv set. |
| |
Thanks to Alexander Kurtz for spotting the problem. |
| |
|
| |
Fix crash when an A or AAAA record is defined locally, |
| |
in a hosts file, and an upstream server sends a reply |
| |
that the same name is empty. Thanks to Edwin Török for |
| |
the patch. |
| |
|
| |
Fix failure to correctly calculate cache-size when |
| |
reading a hosts-file fails. Thanks to André Glüpker |
| |
for the patch. |
| |
|
| |
Fix wrong answer to simple name query when --domain-needed |
| |
set, but no upstream servers configured. Dnsmasq returned |
| |
REFUSED, in this case, when it should be the same as when |
| |
upstream servers are configured - NOERROR. Thanks to |
| |
Allain Legacy for spotting the problem. |
| |
|
| |
Return REFUSED when running out of forwarding table slots, |
| |
not SERVFAIL. |
| |
|
| |
Add --max-port configuration. Thanks to Hans Dedecker for |
| |
the patch. |
| |
|
| |
Add --script-arp and two new functions for the dhcp-script. |
| |
These are "arp" and "arp-old" which announce the arrival and |
| |
removal of entries in the ARP or nieghbour tables. |
| |
|
| |
Extend --add-mac to allow a new encoding of the MAC address |
| |
as base64, by configurting --add-mac=base64 |
| |
|
| |
Add --add-cpe-id option. |
| |
|
| |
Don't crash with divide-by-zero if an IPv6 dhcp-range |
| |
is declared as a whole /64. |
| |
(ie xx::0 to xx::ffff:ffff:ffff:ffff) |
| |
Thanks to Laurent Bendel for spotting this problem. |
| |
|
| |
Add support for a TTL parameter in --host-record and |
| |
--cname. |
| |
|
| |
Add --dhcp-ttl option. |
| |
|
| |
Add --tftp-mtu option. Thanks to Patrick McLean for the |
| |
initial patch. |
| |
|
| |
Check return-code of inet_pton() when parsing dhcp-option. |
| |
Bad addresses could fail to generate errors and result in |
| |
garbage dhcp-options being sent. Thanks to Marc Branchaud |
| |
for spotting this. |
| |
|
| |
Fix wrong value for EDNS UDP packet size when using |
| |
--servers-file to define upstream DNS servers. Thanks to |
| |
Scott Bonar for the bug report. |
| |
|
| |
Move the dhcp_release and dhcp_lease_time tools from |
| |
contrib/wrt to contrib/lease-tools. |
| |
|
| |
Add dhcp_release6 to contrib/lease-tools. Many thanks |
| |
to Sergey Nechaev for this code. |
| |
|
| |
To avoid filling logs in configurations which define |
| |
many upstream nameservers, don't log more that 30 servers. |
| |
The number to be logged can be changed as SERVERS_LOGGED |
| |
in src/config.h. |
| |
|
| |
Swap the values if BC_EFI and x86-64_EFI in --pxe-service. |
| |
These were previously wrong due to an error in RFC 4578. |
| |
If you're using BC_EFI to boot 64-bit EFI machines, you |
| |
will need to update your config. |
| |
|
| |
Add ARM32_EFI and ARM64_EFI as valid architectures in |
| |
--pxe-service. |
| |
|
| |
Fix PXE booting for UEFI architectures. Modify PXE boot |
| |
sequence in this case to force the client to talk to dnsmasq |
| |
over port 4011. This makes PXE and especially proxy-DHCP PXE |
| |
work with these archictectures. |
| |
|
| |
Workaround problems with UEFI PXE clients. There exist |
| |
in the wild PXE clients which have problems with PXE |
| |
boot menus. To work around this, when there's a single |
| |
--pxe-service which applies to client, then that target |
| |
will be booted directly, rather then sending a |
| |
single-item boot menu. |
| |
|
| |
Many thanks to Jarek Polok, Michael Kuron and Dreamcat4 |
| |
for their work on the long-standing UEFI PXE problem. |
| |
|
| |
Subtle change in the semantics of "basename" in |
| |
--pxe-service. The historical behaviour has always been |
| |
that the actual filename downloaded from the TFTP server |
| |
is <basename>.<layer> where <layer> is an integer which |
| |
corresponds to the layer parameter supplied by the client. |
| |
It's not clear what the function of the "layer" |
| |
actually is in the PXE protocol, and in practise layer |
| |
is always zero, so the filename is <basename>.0 |
| |
The new behaviour is the same as the old, except when |
| |
<basename> includes a file suffix, in which case |
| |
the layer suffix is no longer added. This allows |
| |
sensible suffices to be used, rather then the |
| |
meaningless ".0". Only in the unlikely event that you |
| |
have a config with a basename which already has a |
| |
suffix, is this an incompatible change, since the file |
| |
downloaded will change from name.suffix.0 to just |
| |
name.suffix |
| |
|
| |
|
| |
version 2.75 |
| |
Fix reversion on 2.74 which caused 100% CPU use when a |
| |
dhcp-script is configured. Thanks to Adrian Davey for |
| |
reporting the bug and testing the fix. |
| |
|
| |
|
| |
version 2.74 |
| |
Fix reversion in 2.73 where --conf-file would attempt to |
| |
read the default file, rather than no file. |
| |
|
| |
Fix inotify code to handle dangling symlinks better and |
| |
not SEGV in some circumstances. |
| |
|
| |
DNSSEC fix. In the case of a signed CNAME generated by a |
| |
wildcard which pointed to an unsigned domain, the wrong |
| |
status would be logged, and some necessary checks omitted. |
| |
|
| |
|
| |
version 2.73 |
| |
Fix crash at startup when an empty suffix is supplied to |
| |
--conf-dir, also trivial memory leak. Thanks to |
| |
Tomas Hozza for spotting this. |
| |
|
| |
Remove floor of 4096 on advertised EDNS0 packet size when |
| |
DNSSEC in use, the original rationale for this has long gone. |
| |
Thanks to Anders Kaseorg for spotting this. |
| |
|
| |
Use inotify for checking on updates to /etc/resolv.conf and |
| |
friends under Linux. This fixes race conditions when the files are |
| |
updated rapidly and saves CPU by noy polling. To build |
| |
a binary that runs on old Linux kernels without inotify, |
| |
use make COPTS=-DNO_INOTIFY |
| |
|
| |
Fix breakage of --domain=<domain>,<subnet>,local - only reverse |
| |
queries were intercepted. THis appears to have been broken |
| |
since 2.69. Thanks to Josh Stone for finding the bug. |
| |
|
| |
Eliminate IPv6 privacy addresses and deprecated addresses from |
| |
the answers given by --interface-name. Note that reverse queries |
| |
(ie looking for names, given addresses) are not affected. |
| |
Thanks to Michael Gorbach for the suggestion. |
| |
|
| |
Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids |
| |
for the bug report. |
| |
|
| |
Add --ignore-address option. Ignore replies to A-record |
| |
queries which include the specified address. No error is |
| |
generated, dnsmasq simply continues to listen for another |
| |
reply. This is useful to defeat blocking strategies which |
| |
rely on quickly supplying a forged answer to a DNS |
| |
request for certain domains, before the correct answer can |
| |
arrive. Thanks to Glen Huang for the patch. |
| |
|
| |
Revisit the part of DNSSEC validation which determines if an |
| |
unsigned answer is legit, or is in some part of the DNS |
| |
tree which should be signed. Dnsmasq now works from the |
| |
DNS root downward looking for the limit of signed |
| |
delegations, rather than working bottom up. This is |
| |
both more correct, and less likely to trip over broken |
| |
nameservers in the unsigned parts of the DNS tree |
| |
which don't respond well to DNSSEC queries. |
| |
|
| |
Add --log-queries=extra option, which makes logs easier |
| |
to search automatically. |
| |
|
| |
Add --min-cache-ttl option. I've resisted this for a long |
| |
time, on the grounds that disbelieving TTLs is never a |
| |
good idea, but I've been persuaded that there are |
| |
sometimes reasons to do it. (Step forward, GFW). |
| |
To avoid misuse, there's a hard limit on the TTL |
| |
floor of one hour. Thansk to RinSatsuki for the patch. |
| |
|
| |
Cope with multiple interfaces with the same link-local |
| |
address. (IPv6 addresses are scoped, so this is allowed.) |
| |
Thanks to Cory Benfield for help with this. |
| |
|
| |
Add --dhcp-hostsdir. This allows addition of new host |
| |
configurations to a running dnsmasq instance much more |
| |
cheaply than having dnsmasq re-read all its existing |
| |
configuration each time. |
| |
|
| |
Don't reply to DHCPv6 SOLICIT messages if we're not |
| |
configured to do stateful DHCPv6. Thanks to Win King Wan |
| |
for the patch. |
| |
|
| |
Fix broken DNSSEC validation of ECDSA signatures. |
| |
|
| |
Add --dnssec-timestamp option, which provides an automatic |
| |
way to detect when the system time becomes valid after |
| |
boot on systems without an RTC, whilst allowing DNS |
| |
queries before the clock is valid so that NTP can run. |
| |
Thanks to Kevin Darbyshire-Bryant for developing this idea. |
| |
|
| |
Add --tftp-no-fail option. Thanks to Stefan Tomanek for |
| |
the patch. |
| |
|
| |
Fix crash caused by looking up servers.bind, CHAOS text |
| |
record, when more than about five --servers= lines are |
| |
in the dnsmasq config. This causes memory corruption |
| |
which causes a crash later. Thanks to Matt Coddington for |
| |
sterling work chasing this down. |
| |
|
| |
Fix crash on receipt of certain malformed DNS requests. |
| |
Thanks to Nick Sampanis for spotting the problem. |
| |
Note that this is could allow the dnsmasq process's |
| |
memory to be read by an attacker under certain |
| |
circumstances, so it has a CVE, CVE-2015-3294 |
| |
|
| |
Fix crash in authoritative DNS code, if a .arpa zone |
| |
is declared as authoritative, and then a PTR query which |
| |
is not to be treated as authoritative arrived. Normally, |
| |
directly declaring .arpa zone as authoritative is not |
| |
done, so this crash wouldn't be seen. Instead the |
| |
relevant .arpa zone should be specified as a subnet |
| |
in the auth-zone declaration. Thanks to Johnny S. Lee |
| |
for the bugreport and initial patch. |
| |
|
| |
Fix authoritative DNS code to correctly reply to NS |
| |
and SOA queries for .arpa zones for which we are |
| |
declared authoritative by means of a subnet in auth-zone. |
| |
Previously we provided correct answers to PTR queries |
| |
in such zones (including NS and SOA) but not direct |
| |
NS and SOA queries. Thanks to Johnny S. Lee for |
| |
pointing out the problem. |
| |
|
| |
Fix logging of DHCPREPLY which should be suppressed |
| |
by quiet-dhcp6. Thanks to J. Pablo Abonia for |
| |
spotting the problem. |
| |
|
| |
Try and handle net connections with broken fragmentation |
| |
that lose large UDP packets. If a server times out, |
| |
reduce the maximum UDP packet size field in the EDNS0 |
| |
header to 1280 bytes. If it then answers, make that |
| |
change permanent. |
| |
|
| |
Check IPv4-mapped IPv6 addresses when --stop-rebind |
| |
is active. Thanks to Jordan Milne for spotting this. |
| |
|
| |
Allow DHCPv4 options T1 and T2 to be set using --dhcp-option. |
| |
Thanks to Kevin Benton for patches and work on this. |
| |
|
| |
Fix code for DHCPCONFIRM DHCPv6 messages to confirm addresses |
| |
in the correct subnet, even of not in dynamic address |
| |
allocation range. Thanks to Steve Hirsch for spotting |
| |
the problem. |
| |
|
| |
Add AddDhcpLease and DeleteDhcpLease DBus methods. Thanks |
| |
to Nicolas Cavallari for the patch. |
| |
|
| |
Allow configuration of router advertisements without the |
| |
"on-link" bit set. Thanks to Neil Jerram for the patch. |
| |
|
| |
Extend --bridge-interface to DHCPv6 and router |
| |
advertisements. Thanks to Neil Jerram for the patch. |
| |
|
| |
|
| |
version 2.72 |
| |
Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. |
| |
|
| |
Add support for "ipsets" in *BSD, using pf. Thanks to |
| |
Sven Falempim for the patch. |
| |
|
| |
Fix race condition which could lock up dnsmasq when an |
| |
interface goes down and up rapidly. Thanks to Conrad |
| |
Kostecki for helping to chase this down. |
| |
|
| |
Add DBus methods SetFilterWin2KOption and SetBogusPrivOption |
| |
Thanks to the Smoothwall project for the patch. |
| |
|
| |
Fix failure to build against Nettle-3.0. Thanks to Steven |
| |
Barth for spotting this and finding the fix. |
| |
|
| |
When assigning existing DHCP leases to intefaces by comparing |
| |
networks, handle the case that two or more interfaces have the |
| |
same network part, but different prefix lengths (favour the |
| |
longer prefix length.) Thanks to Lung-Pin Chang for the |
| |
patch. |
| |
|
| |
Add a mode which detects and removes DNS forwarding loops, ie |
| |
a query sent to an upstream server returns as a new query to |
| |
dnsmasq, and would therefore be forwarded again, resulting in |
| |
a query which loops many times before being dropped. Upstream |
| |
servers which loop back are disabled and this event is logged. |
| |
Thanks to Smoothwall for their sponsorship of this feature. |
| |
|
| |
Extend --conf-dir to allow filtering of files. So |
| |
--conf-dir=/etc/dnsmasq.d,\*.conf |
| |
will load all the files in /etc/dnsmasq.d which end in .conf |
| |
|
| |
Fix bug when resulted in NXDOMAIN answers instead of NODATA in |
| |
some circumstances. |
| |
|
| |
Fix bug which caused dnsmasq to become unresponsive if it |
| |
failed to send packets due to a network interface disappearing. |
| |
Thanks to Niels Peen for spotting this. |
| |
|
| |
Fix problem with --local-service option on big-endian platforms |
| |
Thanks to Richard Genoud for the patch. |
| |
|
| |
|
| |
version 2.71 |
| |
Subtle change to error handling to help DNSSEC validation |
| |
when servers fail to provide NODATA answers for |
| |
non-existent DS records. |
| |
|
| |
Tweak code which removes DNSSEC records from answers when |
| |
not required. Fixes broken answers when additional section |
| |
has real records in it. Thanks to Marco Davids for the bug |
| |
report. |
| |
|
| |
Fix DNSSEC validation of ANY queries. Thanks to Marco Davids |
| |
for spotting that too. |
| |
|
| |
Fix total DNS failure and 100% CPU use if cachesize set to zero, |
| |
regression introduced in 2.69. Thanks to James Hunt and |
| |
the Ubuntu crowd for assistance in fixing this. |
| |
|
| |
|
| |
version 2.70 |
| |
Fix crash, introduced in 2.69, on TCP request when dnsmasq |
| |
compiled with DNSSEC support, but running without DNSSEC |
| |
enabled. Thanks to Manish Sing for spotting that one. |
| |
|
| |
Fix regression which broke ipset functionality. Thanks to |
| |
Wang Jian for the bug report. |
| |
|
| |
|
| |
version 2.69 |
| |
Implement dynamic interface discovery on *BSD. This allows |
| |
the contructor: syntax to be used in dhcp-range for DHCPv6 |
| |
on the BSD platform. Thanks to Matthias Andree for |
| |
valuable research on how to implement this. |
| |
|
| |
Fix infinite loop associated with some --bogus-nxdomain |
| |
configs. Thanks fogobogo for the bug report. |
| |
|
| |
Fix missing RA RDNS option with configuration like |
| |
--dhcp-option=option6:23,[::] Thanks to Tsachi Kimeldorfer |
| |
for spotting the problem. |
| |
|
| |
Add [fd00::] and [fe80::] as special addresses in DHCPv6 |
| |
options, analogous to [::]. [fd00::] is replaced with the |
| |
actual ULA of the interface on the machine running |
| |
dnsmasq, [fe80::] with the link-local address. |
| |
Thanks to Tsachi Kimeldorfer for championing this. |
| |
|
| |
DNSSEC validation and caching. Dnsmasq needs to be |
| |
compiled with this enabled, with |
| |
|
| |
make dnsmasq COPTS=-DHAVE_DNSSEC |
| |
|
| |
this add dependencies on the nettle crypto library and the |
| |
gmp maths library. It's possible to have these linked |
| |
statically with |
| |
|
| |
make dnsmasq COPTS='-DHAVE_DNSSEC -DHAVE_DNSSEC_STATIC' |
| |
|
| |
which bloats the dnsmasq binary, but saves the size of |
| |
the shared libraries which are much bigger. |
| |
|
| |
To enable, DNSSEC, you will need a set of |
| |
trust-anchors. Now that the TLDs are signed, this can be |
| |
the keys for the root zone, and for convenience they are |
| |
included in trust-anchors.conf in the dnsmasq |
| |
distribution. You should of course check that these are |
| |
legitimate and up-to-date. So, adding |
| |
|
| |
conf-file=/path/to/trust-anchors.conf |
| |
dnssec |
| |
|
| |
to your config is all thats needed to get things |
| |
working. The upstream nameservers have to be DNSSEC-capable |
| |
too, of course. Many ISP nameservers aren't, but the |
| |
Google public nameservers (8.8.8.8 and 8.8.4.4) are. |
| |
When DNSSEC is configured, dnsmasq validates any queries |
| |
for domains which are signed. Query results which are |
| |
bogus are replaced with SERVFAIL replies, and results |
| |
which are correctly signed have the AD bit set. In |
| |
addition, and just as importantly, dnsmasq supplies |
| |
correct DNSSEC information to clients which are doing |
| |
their own validation, and caches DNSKEY, DS and RRSIG |
| |
records, which significantly improve the performance of |
| |
downstream validators. Setting --log-queries will show |
| |
DNSSEC in action. |
| |
|
| |
If a domain is returned from an upstream nameserver without |
| |
DNSSEC signature, dnsmasq by default trusts this. This |
| |
means that for unsigned zone (still the majority) there |
| |
is effectively no cost for having DNSSEC enabled. Of course |
| |
this allows an attacker to replace a signed record with a |
| |
false unsigned record. This is addressed by the |
| |
--dnssec-check-unsigned flag, which instructs dnsmasq |
| |
to prove that an unsigned record is legitimate, by finding |
| |
a secure proof that the zone containing the record is not |
| |
signed. Doing this has costs (typically one or two extra |
| |
upstream queries). It also has a nasty failure mode if |
| |
dnsmasq's upstream nameservers are not DNSSEC capable. |
| |
Without --dnssec-check-unsigned using such an upstream |
| |
server will simply result in not queries being validated; |
| |
with --dnssec-check-unsigned enabled and a |
| |
DNSSEC-ignorant upstream server, _all_ queries will fail. |
| |
|
| |
Note that DNSSEC requires that the local time is valid and |
| |
accurate, if not then DNSSEC validation will fail. NTP |
| |
should be running. This presents a problem for routers |
| |
without a battery-backed clock. To set the time needs NTP |
| |
to do DNS lookups, but lookups will fail until NTP has run. |
| |
To address this, there's a flag, --dnssec-no-timecheck |
| |
which disables the time checks (only) in DNSSEC. When dnsmasq |
| |
is started and the clock is not synced, this flag should |
| |
be used. As soon as the clock is synced, SIGHUP dnsmasq. |
| |
The SIGHUP clears the cache of partially-validated data and |
| |
resets the no-timecheck flag, so that all DNSSEC checks |
| |
henceforward will be complete. |
| |
|
| |
The development of DNSSEC in dnsmasq was started by |
| |
Giovanni Bajo, to whom huge thanks are owed. It has been |
| |
supported by Comcast, whose techfund grant has allowed for |
| |
an invaluable period of full-time work to get it to |
| |
a workable state. |
| |
|
| |
Add --rev-server. Thanks to Dave Taht for suggesting this. |
| |
|
| |
Add --servers-file. Allows dynamic update of upstream servers |
| |
full access to configuration. |
| |
|
| |
Add --local-service. Accept DNS queries only from hosts |
| |
whose address is on a local subnet, ie a subnet for which |
| |
an interface exists on the server. This option |
| |
only has effect if there are no --interface --except-interface, |
| |
--listen-address or --auth-server options. It is intended |
| |
to be set as a default on installation, to allow |
| |
unconfigured installations to be useful but also safe from |
| |
being used for DNS amplification attacks. |
| |
|
| |
Fix crashes in cache_get_cname_target() when dangling CNAMEs |
| |
encountered. Thanks to Andy and the rt-n56u project for |
| |
find this and helping to chase it down. |
| |
|
| |
Fix wrong RCODE in authoritative DNS replies to PTR queries. The |
| |
correct answer was included, but the RCODE was set to NXDOMAIN. |
| |
Thanks to Craig McQueen for spotting this. |
| |
|
| |
Make statistics available as DNS queries in the .bind TLD as |
| |
well as logging them. |
| |
|
| |
|
| |
version 2.68 |
| |
Use random addresses for DHCPv6 temporary address |
| |
allocations, instead of algorithmically determined stable |
| |
addresses. |
| |
|
| |
Fix bug which meant that the DHCPv6 DUID was not available |
| |
in DHCP script runs during the lifetime of the dnsmasq |
| |
process which created the DUID de-novo. Once the DUID was |
| |
created and stored in the lease file and dnsmasq |
| |
restarted, this bug disappeared. |
| |
|
| |
Fix bug introduced in 2.67 which could result in erroneous |
| |
NXDOMAIN returns to CNAME queries. |
| |
|
| |
Fix build failures on MacOS X and openBSD. |
| |
|
| |
Allow subnet specifications in --auth-zone to be interface |
| |
names as well as address literals. This makes it possible |
| |
to configure authoritative DNS when local address ranges |
| |
are dynamic and works much better than the previous |
| |
work-around which exempted contructed DHCP ranges from the |
| |
IP address filtering. As a consequence, that work-around |
| |
is removed. Under certain circumstances, this change wil |
| |
break existing configuration: if you're relying on the |
| |
contructed-range exception, you need to change --auth-zone |
| |
to specify the same interface as is used to construct your |
| |
DHCP ranges, probably with a trailing "/6" like this: |
| |
--auth-zone=example.com,eth0/6 to limit the addresses to |
| |
IPv6 addresses of eth0. |
| |
|
| |
Fix problems when advertising deleted IPv6 prefixes. If |
| |
the prefix is deleted (rather than replaced), it doesn't |
| |
get advertised with zero preferred time. Thanks to Tsachi |
| |
for the bug report. |
| |
|
| |
Fix segfault with some locally configured CNAMEs. Thanks |
| |
to Andrew Childs for spotting the problem. |
| |
|
| |
Fix memory leak on re-reading /etc/hosts and friends, |
| |
introduced in 2.67. |
| |
|
| |
Check the arrival interface of incoming DNS and TFTP |
| |
requests via IPv6, even in --bind-interfaces mode. This |
| |
isn't possible for IPv4 and can generate scary warnings, |
| |
but as it's always possible for IPv6 (the API always |
| |
exists) then we should do it always. |
| |
|
| |
Tweak the rules on prefix-lengths in --dhcp-range for |
| |
IPv6. The new rule is that the specified prefix length |
| |
must be larger than or equal to the prefix length of the |
| |
corresponding address on the local interface. |
| |
|
| |
|
| |
version 2.67 |
| |
Fix crash if upstream server returns SERVFAIL when |
| |
--conntrack in use. Thanks to Giacomo Tazzari for finding |
| |
this and supplying the patch. |
| |
|
| |
Repair regression in 2.64. That release stopped sending |
| |
lease-time information in the reply to DHCPINFORM |
| |
requests, on the correct grounds that it was a standards |
| |
violation. However, this broke the dnsmasq-specific |
| |
dhcp_lease_time utility. Now, DHCPINFORM returns |
| |
lease-time only if it's specifically requested |
| |
(maintaining standards) and the dhcp_lease_time utility |
| |
has been taught to ask for it (restoring functionality). |
| |
|
| |
Fix --dhcp-match, --dhcp-vendorclass and --dhcp-userclass |
| |
to work with BOOTP and well as DHCP. Thanks to Peter |
| |
Korsgaard for spotting the problem. |
| |
|
| |
Add --synth-domain. Thanks to Vishvananda Ishaya for |
| |
suggesting this. |
| |
|
| |
Fix failure to compile ipset.c if old kernel headers are |
| |
in use. Thanks to Eugene Rudoy for pointing this out. |
| |
|
| |
Handle IPv4 interface-address labels in Linux. These are |
| |
often used to emulate the old IP-alias addresses. Before, |
| |
using --interface=eth0 would service all the addresses of |
| |
eth0, including ones configured as aliases, which appear |
| |
in ifconfig as eth0:0. Now, only addresses with the label |
| |
eth0 are active. This is not backwards compatible: if you |
| |
want to continue to bind the aliases too, you need to add |
| |
eg. --interface=eth0:0 to the config. |
| |
|
| |
Fix "failed to set SO_BINDTODEVICE on DHCP socket: Socket |
| |
operation on non-socket" error on startup with |
| |
configurations which have exactly one --interface option |
| |
and do RA but _not_ DHCPv6. Thanks to Trever Adams for the |
| |
bug report. |
| |
|
| |
Generalise --interface-name to cope with IPv6 addresses |
| |
and multiple addresses per interface per address family. |
| |
|
| |
Fix option parsing for --dhcp-host, which was generating a |
| |
spurious error when all seven possible items were |
| |
included. Thanks to Zhiqiang Wang for the bug report. |
| |
|
| |
Remove restriction on prefix-length in --auth-zone. Thanks |
| |
to Toke Hoiland-Jorgensen for suggesting this. |
| |
|
| |
Log when the maximum number of concurrent DNS queries is |
| |
reached. Thanks to Marcelo Salhab Brogliato for the patch. |
| |
|
| |
If wildcards are used in --interface, don't assume that |
| |
there will only ever be one available interface for DHCP |
| |
just because there is one at start-up. More may appear, so |
| |
we can't use SO_BINDTODEVICE. Thanks to Natrio for the bug |
| |
report. |
| |
|
| |
Increase timeout/number of retries in TFTP to accomodate |
| |
AudioCodes Voice Gateways doing streaming writes to flash. |
| |
Thanks to Damian Kaczkowski for spotting the problem. |
| |
|
| |
Fix crash with empty DHCP string options when adding zero |
| |
terminator. Thanks to Patrick McLean for the bug report. |
| |
|
| |
Allow hostnames to start with a number, as allowed in |
| |
RFC-1123. Thanks to Kyle Mestery for the patch. |
| |
|
| |
Fixes to DHCP FQDN option handling: don't terminate FQDN |
| |
if domain not known and allow a FQDN option with blank |
| |
name to request that a FQDN option is returned in the |
| |
reply. Thanks to Roy Marples for the patch. |
| |
|
| |
Make --clear-on-reload apply to setting upstream servers |
| |
via DBus too. |
| |
|
| |
When the address which triggered the construction of an |
| |
advertised IPv6 prefix disappears, continue to advertise |
| |
the prefix for up to 2 hours, with the preferred lifetime |
| |
set to zero. This satisfies RFC 6204 4.3 L-13 and makes |
| |
things work better if a prefix disappears without being |
| |
deprecated first. Thanks to Uwe Schindler for persuasively |
| |
arguing for this. |
| |
|
| |
Fix MAC address enumeration on *BSD. Thanks to Brad Smith |
| |
for the bug report. |
| |
|
| |
Support RFC-4242 information-refresh-time options in the |
| |
reply to DHCPv6 information-request. The lease time of the |
| |
smallest valid dhcp-range is sent. Thanks to Uwe Schindler |
| |
for suggesting this. |
| |
|
| |
Make --listen-address higher priority than --except-interface |
| |
in all circumstances. Thanks to Thomas Hood for the bugreport. |
| |
|
| |
Provide independent control over which interfaces get TFTP |
| |
service. If enable-tftp is given a list of interfaces, then TFTP |
| |
is provided on those. Without the list, the previous behaviour |
| |
(provide TFTP to the same interfaces we provide DHCP to) |
| |
is retained. Thanks to Lonnie Abelbeck for the suggestion. |
| |
|
| |
Add --dhcp-relay config option. Many thanks to vtsl.net |
| |
for sponsoring this development. |
| |
|
| |
Fix crash with empty tag: in --dhcp-range. Thanks to |
| |
Kaspar Schleiser for the bug report. |
| |
|
| |
Add "baseline" and "bloatcheck" makefile targets, for |
| |
revealing size changes during development. Thanks to |
| |
Vladislav Grishenko for the patch. |
| |
|
| |
Cope with DHCPv6 clients which send REQUESTs without |
| |
address options - treat them as SOLICIT with rapid commit. |
| |
|
| |
Support identification of clients by MAC address in |
| |
DHCPv6. When using a relay, the relay must support RFC |
| |
6939 for this to work. It always works for directly |
| |
connected clients. Thanks to Vladislav Grishenko |
| |
for prompting this feature. |
| |
|
| |
Remove the rule for constructed DHCP ranges that the local |
| |
address must be either the first or last address in the |
| |
range. This was originally to avoid SLAAC addresses, but |
| |
we now explicitly autoconfig and privacy addresses instead. |
| |
|
| |
Update Polish translation. Thanks to Jan Psota. |
| |
|
| |
Fix problem in DHCPv6 vendorclass/userclass matching |
| |
code. Thanks to Tanguy Bouzeloc for the patch. |
| |
|
| |
Update Spanish transalation. Thanks to Vicente Soriano. |
| |
|
| |
Add --ra-param option. Thanks to Vladislav Grishenko for |
| |
inspiration on this. |
| |
|
| |
Add --add-subnet configuration, to tell upstream DNS |
| |
servers where the original client is. Thanks to DNSthingy |
| |
for sponsoring this feature. |
| |
|
| |
Add --quiet-dhcp, --quiet-dhcp6 and --quiet-ra. Thanks to |
| |
Kevin Darbyshire-Bryant for the initial patch. |
| |
|
| |
Allow A/AAAA records created by --interface-name to be the |
| |
target of --cname. Thanks to Hadmut Danisch for the |
| |
suggestion. |
| |
|
| |
Avoid treating a --dhcp-host which has an IPv6 address |
| |
as eligable for use with DHCPv4 on the grounds that it has |
| |
no address, and vice-versa. Thanks to Yury Konovalov for |
| |
spotting the problem. |
| |
|
| |
Do a better job caching dangling CNAMEs. Thanks to Yves |
| |
Dorfsman for spotting the problem. |
| |
|
| |
|
| version 2.66 |
version 2.66 |
| Add the ability to act as an authoritative DNS |
Add the ability to act as an authoritative DNS |
| server. Dnsmasq can now answer queries from the wider 'net |
server. Dnsmasq can now answer queries from the wider 'net |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to CHANGELOG CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq