Annotation of embedaddon/dnsmasq/CHANGELOG, revision 1.1.1.3
1.1.1.3 ! misho 1: version 2.76
! 2: Include 0.0.0.0/8 in DNS rebind checks. This range
! 3: translates to hosts on the local network, or, at
! 4: least, 0.0.0.0 accesses the local host, so could
! 5: be targets for DNS rebinding. See RFC 5735 section 3
! 6: for details. Thanks to Stephen Röttger for the bug report.
! 7:
! 8: Enhance --add-subnet to allow arbitrary subnet addresses.
! 9: Thanks to Ed Barsley for the patch.
! 10:
! 11: Respect the --no-resolv flag in inotify code. Fixes bug
! 12: which caused dnsmasq to fail to start if a resolv-file
! 13: was a dangling symbolic link, even of --no-resolv set.
! 14: Thanks to Alexander Kurtz for spotting the problem.
! 15:
! 16: Fix crash when an A or AAAA record is defined locally,
! 17: in a hosts file, and an upstream server sends a reply
! 18: that the same name is empty. Thanks to Edwin Török for
! 19: the patch.
! 20:
! 21: Fix failure to correctly calculate cache-size when
! 22: reading a hosts-file fails. Thanks to André Glüpker
! 23: for the patch.
! 24:
! 25: Fix wrong answer to simple name query when --domain-needed
! 26: set, but no upstream servers configured. Dnsmasq returned
! 27: REFUSED, in this case, when it should be the same as when
! 28: upstream servers are configured - NOERROR. Thanks to
! 29: Allain Legacy for spotting the problem.
! 30:
! 31: Return REFUSED when running out of forwarding table slots,
! 32: not SERVFAIL.
! 33:
! 34: Add --max-port configuration. Thanks to Hans Dedecker for
! 35: the patch.
! 36:
! 37: Add --script-arp and two new functions for the dhcp-script.
! 38: These are "arp" and "arp-old" which announce the arrival and
! 39: removal of entries in the ARP or nieghbour tables.
! 40:
! 41: Extend --add-mac to allow a new encoding of the MAC address
! 42: as base64, by configurting --add-mac=base64
! 43:
! 44: Add --add-cpe-id option.
! 45:
! 46: Don't crash with divide-by-zero if an IPv6 dhcp-range
! 47: is declared as a whole /64.
! 48: (ie xx::0 to xx::ffff:ffff:ffff:ffff)
! 49: Thanks to Laurent Bendel for spotting this problem.
! 50:
! 51: Add support for a TTL parameter in --host-record and
! 52: --cname.
! 53:
! 54: Add --dhcp-ttl option.
! 55:
! 56: Add --tftp-mtu option. Thanks to Patrick McLean for the
! 57: initial patch.
! 58:
! 59: Check return-code of inet_pton() when parsing dhcp-option.
! 60: Bad addresses could fail to generate errors and result in
! 61: garbage dhcp-options being sent. Thanks to Marc Branchaud
! 62: for spotting this.
! 63:
! 64: Fix wrong value for EDNS UDP packet size when using
! 65: --servers-file to define upstream DNS servers. Thanks to
! 66: Scott Bonar for the bug report.
! 67:
! 68: Move the dhcp_release and dhcp_lease_time tools from
! 69: contrib/wrt to contrib/lease-tools.
! 70:
! 71: Add dhcp_release6 to contrib/lease-tools. Many thanks
! 72: to Sergey Nechaev for this code.
! 73:
! 74: To avoid filling logs in configurations which define
! 75: many upstream nameservers, don't log more that 30 servers.
! 76: The number to be logged can be changed as SERVERS_LOGGED
! 77: in src/config.h.
! 78:
! 79: Swap the values if BC_EFI and x86-64_EFI in --pxe-service.
! 80: These were previously wrong due to an error in RFC 4578.
! 81: If you're using BC_EFI to boot 64-bit EFI machines, you
! 82: will need to update your config.
! 83:
! 84: Add ARM32_EFI and ARM64_EFI as valid architectures in
! 85: --pxe-service.
! 86:
! 87: Fix PXE booting for UEFI architectures. Modify PXE boot
! 88: sequence in this case to force the client to talk to dnsmasq
! 89: over port 4011. This makes PXE and especially proxy-DHCP PXE
! 90: work with these archictectures.
! 91:
! 92: Workaround problems with UEFI PXE clients. There exist
! 93: in the wild PXE clients which have problems with PXE
! 94: boot menus. To work around this, when there's a single
! 95: --pxe-service which applies to client, then that target
! 96: will be booted directly, rather then sending a
! 97: single-item boot menu.
! 98:
! 99: Many thanks to Jarek Polok, Michael Kuron and Dreamcat4
! 100: for their work on the long-standing UEFI PXE problem.
! 101:
! 102: Subtle change in the semantics of "basename" in
! 103: --pxe-service. The historical behaviour has always been
! 104: that the actual filename downloaded from the TFTP server
! 105: is <basename>.<layer> where <layer> is an integer which
! 106: corresponds to the layer parameter supplied by the client.
! 107: It's not clear what the function of the "layer"
! 108: actually is in the PXE protocol, and in practise layer
! 109: is always zero, so the filename is <basename>.0
! 110: The new behaviour is the same as the old, except when
! 111: <basename> includes a file suffix, in which case
! 112: the layer suffix is no longer added. This allows
! 113: sensible suffices to be used, rather then the
! 114: meaningless ".0". Only in the unlikely event that you
! 115: have a config with a basename which already has a
! 116: suffix, is this an incompatible change, since the file
! 117: downloaded will change from name.suffix.0 to just
! 118: name.suffix
! 119:
! 120:
! 121: version 2.75
! 122: Fix reversion on 2.74 which caused 100% CPU use when a
! 123: dhcp-script is configured. Thanks to Adrian Davey for
! 124: reporting the bug and testing the fix.
! 125:
! 126:
! 127: version 2.74
! 128: Fix reversion in 2.73 where --conf-file would attempt to
! 129: read the default file, rather than no file.
! 130:
! 131: Fix inotify code to handle dangling symlinks better and
! 132: not SEGV in some circumstances.
! 133:
! 134: DNSSEC fix. In the case of a signed CNAME generated by a
! 135: wildcard which pointed to an unsigned domain, the wrong
! 136: status would be logged, and some necessary checks omitted.
! 137:
! 138:
! 139: version 2.73
! 140: Fix crash at startup when an empty suffix is supplied to
! 141: --conf-dir, also trivial memory leak. Thanks to
! 142: Tomas Hozza for spotting this.
! 143:
! 144: Remove floor of 4096 on advertised EDNS0 packet size when
! 145: DNSSEC in use, the original rationale for this has long gone.
! 146: Thanks to Anders Kaseorg for spotting this.
! 147:
! 148: Use inotify for checking on updates to /etc/resolv.conf and
! 149: friends under Linux. This fixes race conditions when the files are
! 150: updated rapidly and saves CPU by noy polling. To build
! 151: a binary that runs on old Linux kernels without inotify,
! 152: use make COPTS=-DNO_INOTIFY
! 153:
! 154: Fix breakage of --domain=<domain>,<subnet>,local - only reverse
! 155: queries were intercepted. THis appears to have been broken
! 156: since 2.69. Thanks to Josh Stone for finding the bug.
! 157:
! 158: Eliminate IPv6 privacy addresses and deprecated addresses from
! 159: the answers given by --interface-name. Note that reverse queries
! 160: (ie looking for names, given addresses) are not affected.
! 161: Thanks to Michael Gorbach for the suggestion.
! 162:
! 163: Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids
! 164: for the bug report.
! 165:
! 166: Add --ignore-address option. Ignore replies to A-record
! 167: queries which include the specified address. No error is
! 168: generated, dnsmasq simply continues to listen for another
! 169: reply. This is useful to defeat blocking strategies which
! 170: rely on quickly supplying a forged answer to a DNS
! 171: request for certain domains, before the correct answer can
! 172: arrive. Thanks to Glen Huang for the patch.
! 173:
! 174: Revisit the part of DNSSEC validation which determines if an
! 175: unsigned answer is legit, or is in some part of the DNS
! 176: tree which should be signed. Dnsmasq now works from the
! 177: DNS root downward looking for the limit of signed
! 178: delegations, rather than working bottom up. This is
! 179: both more correct, and less likely to trip over broken
! 180: nameservers in the unsigned parts of the DNS tree
! 181: which don't respond well to DNSSEC queries.
! 182:
! 183: Add --log-queries=extra option, which makes logs easier
! 184: to search automatically.
! 185:
! 186: Add --min-cache-ttl option. I've resisted this for a long
! 187: time, on the grounds that disbelieving TTLs is never a
! 188: good idea, but I've been persuaded that there are
! 189: sometimes reasons to do it. (Step forward, GFW).
! 190: To avoid misuse, there's a hard limit on the TTL
! 191: floor of one hour. Thansk to RinSatsuki for the patch.
! 192:
! 193: Cope with multiple interfaces with the same link-local
! 194: address. (IPv6 addresses are scoped, so this is allowed.)
! 195: Thanks to Cory Benfield for help with this.
! 196:
! 197: Add --dhcp-hostsdir. This allows addition of new host
! 198: configurations to a running dnsmasq instance much more
! 199: cheaply than having dnsmasq re-read all its existing
! 200: configuration each time.
! 201:
! 202: Don't reply to DHCPv6 SOLICIT messages if we're not
! 203: configured to do stateful DHCPv6. Thanks to Win King Wan
! 204: for the patch.
! 205:
! 206: Fix broken DNSSEC validation of ECDSA signatures.
! 207:
! 208: Add --dnssec-timestamp option, which provides an automatic
! 209: way to detect when the system time becomes valid after
! 210: boot on systems without an RTC, whilst allowing DNS
! 211: queries before the clock is valid so that NTP can run.
! 212: Thanks to Kevin Darbyshire-Bryant for developing this idea.
! 213:
! 214: Add --tftp-no-fail option. Thanks to Stefan Tomanek for
! 215: the patch.
! 216:
! 217: Fix crash caused by looking up servers.bind, CHAOS text
! 218: record, when more than about five --servers= lines are
! 219: in the dnsmasq config. This causes memory corruption
! 220: which causes a crash later. Thanks to Matt Coddington for
! 221: sterling work chasing this down.
! 222:
! 223: Fix crash on receipt of certain malformed DNS requests.
! 224: Thanks to Nick Sampanis for spotting the problem.
! 225: Note that this is could allow the dnsmasq process's
! 226: memory to be read by an attacker under certain
! 227: circumstances, so it has a CVE, CVE-2015-3294
! 228:
! 229: Fix crash in authoritative DNS code, if a .arpa zone
! 230: is declared as authoritative, and then a PTR query which
! 231: is not to be treated as authoritative arrived. Normally,
! 232: directly declaring .arpa zone as authoritative is not
! 233: done, so this crash wouldn't be seen. Instead the
! 234: relevant .arpa zone should be specified as a subnet
! 235: in the auth-zone declaration. Thanks to Johnny S. Lee
! 236: for the bugreport and initial patch.
! 237:
! 238: Fix authoritative DNS code to correctly reply to NS
! 239: and SOA queries for .arpa zones for which we are
! 240: declared authoritative by means of a subnet in auth-zone.
! 241: Previously we provided correct answers to PTR queries
! 242: in such zones (including NS and SOA) but not direct
! 243: NS and SOA queries. Thanks to Johnny S. Lee for
! 244: pointing out the problem.
! 245:
! 246: Fix logging of DHCPREPLY which should be suppressed
! 247: by quiet-dhcp6. Thanks to J. Pablo Abonia for
! 248: spotting the problem.
! 249:
! 250: Try and handle net connections with broken fragmentation
! 251: that lose large UDP packets. If a server times out,
! 252: reduce the maximum UDP packet size field in the EDNS0
! 253: header to 1280 bytes. If it then answers, make that
! 254: change permanent.
! 255:
! 256: Check IPv4-mapped IPv6 addresses when --stop-rebind
! 257: is active. Thanks to Jordan Milne for spotting this.
! 258:
! 259: Allow DHCPv4 options T1 and T2 to be set using --dhcp-option.
! 260: Thanks to Kevin Benton for patches and work on this.
! 261:
! 262: Fix code for DHCPCONFIRM DHCPv6 messages to confirm addresses
! 263: in the correct subnet, even of not in dynamic address
! 264: allocation range. Thanks to Steve Hirsch for spotting
! 265: the problem.
! 266:
! 267: Add AddDhcpLease and DeleteDhcpLease DBus methods. Thanks
! 268: to Nicolas Cavallari for the patch.
! 269:
! 270: Allow configuration of router advertisements without the
! 271: "on-link" bit set. Thanks to Neil Jerram for the patch.
! 272:
! 273: Extend --bridge-interface to DHCPv6 and router
! 274: advertisements. Thanks to Neil Jerram for the patch.
! 275:
! 276:
! 277: version 2.72
! 278: Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
! 279:
! 280: Add support for "ipsets" in *BSD, using pf. Thanks to
! 281: Sven Falempim for the patch.
! 282:
! 283: Fix race condition which could lock up dnsmasq when an
! 284: interface goes down and up rapidly. Thanks to Conrad
! 285: Kostecki for helping to chase this down.
! 286:
! 287: Add DBus methods SetFilterWin2KOption and SetBogusPrivOption
! 288: Thanks to the Smoothwall project for the patch.
! 289:
! 290: Fix failure to build against Nettle-3.0. Thanks to Steven
! 291: Barth for spotting this and finding the fix.
! 292:
! 293: When assigning existing DHCP leases to intefaces by comparing
! 294: networks, handle the case that two or more interfaces have the
! 295: same network part, but different prefix lengths (favour the
! 296: longer prefix length.) Thanks to Lung-Pin Chang for the
! 297: patch.
! 298:
! 299: Add a mode which detects and removes DNS forwarding loops, ie
! 300: a query sent to an upstream server returns as a new query to
! 301: dnsmasq, and would therefore be forwarded again, resulting in
! 302: a query which loops many times before being dropped. Upstream
! 303: servers which loop back are disabled and this event is logged.
! 304: Thanks to Smoothwall for their sponsorship of this feature.
! 305:
! 306: Extend --conf-dir to allow filtering of files. So
! 307: --conf-dir=/etc/dnsmasq.d,\*.conf
! 308: will load all the files in /etc/dnsmasq.d which end in .conf
! 309:
! 310: Fix bug when resulted in NXDOMAIN answers instead of NODATA in
! 311: some circumstances.
! 312:
! 313: Fix bug which caused dnsmasq to become unresponsive if it
! 314: failed to send packets due to a network interface disappearing.
! 315: Thanks to Niels Peen for spotting this.
! 316:
! 317: Fix problem with --local-service option on big-endian platforms
! 318: Thanks to Richard Genoud for the patch.
! 319:
! 320:
1.1.1.2 misho 321: version 2.71
322: Subtle change to error handling to help DNSSEC validation
323: when servers fail to provide NODATA answers for
324: non-existent DS records.
325:
326: Tweak code which removes DNSSEC records from answers when
327: not required. Fixes broken answers when additional section
328: has real records in it. Thanks to Marco Davids for the bug
329: report.
330:
331: Fix DNSSEC validation of ANY queries. Thanks to Marco Davids
332: for spotting that too.
333:
334: Fix total DNS failure and 100% CPU use if cachesize set to zero,
335: regression introduced in 2.69. Thanks to James Hunt and
336: the Ubuntu crowd for assistance in fixing this.
337:
338:
339: version 2.70
340: Fix crash, introduced in 2.69, on TCP request when dnsmasq
341: compiled with DNSSEC support, but running without DNSSEC
342: enabled. Thanks to Manish Sing for spotting that one.
343:
344: Fix regression which broke ipset functionality. Thanks to
345: Wang Jian for the bug report.
346:
347:
348: version 2.69
349: Implement dynamic interface discovery on *BSD. This allows
350: the contructor: syntax to be used in dhcp-range for DHCPv6
351: on the BSD platform. Thanks to Matthias Andree for
352: valuable research on how to implement this.
353:
354: Fix infinite loop associated with some --bogus-nxdomain
355: configs. Thanks fogobogo for the bug report.
356:
357: Fix missing RA RDNS option with configuration like
358: --dhcp-option=option6:23,[::] Thanks to Tsachi Kimeldorfer
359: for spotting the problem.
360:
361: Add [fd00::] and [fe80::] as special addresses in DHCPv6
362: options, analogous to [::]. [fd00::] is replaced with the
363: actual ULA of the interface on the machine running
364: dnsmasq, [fe80::] with the link-local address.
365: Thanks to Tsachi Kimeldorfer for championing this.
366:
367: DNSSEC validation and caching. Dnsmasq needs to be
368: compiled with this enabled, with
369:
370: make dnsmasq COPTS=-DHAVE_DNSSEC
371:
372: this add dependencies on the nettle crypto library and the
373: gmp maths library. It's possible to have these linked
374: statically with
375:
376: make dnsmasq COPTS='-DHAVE_DNSSEC -DHAVE_DNSSEC_STATIC'
377:
378: which bloats the dnsmasq binary, but saves the size of
379: the shared libraries which are much bigger.
380:
381: To enable, DNSSEC, you will need a set of
382: trust-anchors. Now that the TLDs are signed, this can be
383: the keys for the root zone, and for convenience they are
384: included in trust-anchors.conf in the dnsmasq
385: distribution. You should of course check that these are
386: legitimate and up-to-date. So, adding
387:
388: conf-file=/path/to/trust-anchors.conf
389: dnssec
390:
391: to your config is all thats needed to get things
392: working. The upstream nameservers have to be DNSSEC-capable
393: too, of course. Many ISP nameservers aren't, but the
394: Google public nameservers (8.8.8.8 and 8.8.4.4) are.
395: When DNSSEC is configured, dnsmasq validates any queries
396: for domains which are signed. Query results which are
397: bogus are replaced with SERVFAIL replies, and results
398: which are correctly signed have the AD bit set. In
399: addition, and just as importantly, dnsmasq supplies
400: correct DNSSEC information to clients which are doing
401: their own validation, and caches DNSKEY, DS and RRSIG
402: records, which significantly improve the performance of
403: downstream validators. Setting --log-queries will show
404: DNSSEC in action.
405:
406: If a domain is returned from an upstream nameserver without
407: DNSSEC signature, dnsmasq by default trusts this. This
408: means that for unsigned zone (still the majority) there
409: is effectively no cost for having DNSSEC enabled. Of course
410: this allows an attacker to replace a signed record with a
411: false unsigned record. This is addressed by the
412: --dnssec-check-unsigned flag, which instructs dnsmasq
413: to prove that an unsigned record is legitimate, by finding
414: a secure proof that the zone containing the record is not
415: signed. Doing this has costs (typically one or two extra
416: upstream queries). It also has a nasty failure mode if
417: dnsmasq's upstream nameservers are not DNSSEC capable.
418: Without --dnssec-check-unsigned using such an upstream
419: server will simply result in not queries being validated;
420: with --dnssec-check-unsigned enabled and a
421: DNSSEC-ignorant upstream server, _all_ queries will fail.
422:
423: Note that DNSSEC requires that the local time is valid and
424: accurate, if not then DNSSEC validation will fail. NTP
425: should be running. This presents a problem for routers
426: without a battery-backed clock. To set the time needs NTP
427: to do DNS lookups, but lookups will fail until NTP has run.
428: To address this, there's a flag, --dnssec-no-timecheck
429: which disables the time checks (only) in DNSSEC. When dnsmasq
430: is started and the clock is not synced, this flag should
431: be used. As soon as the clock is synced, SIGHUP dnsmasq.
432: The SIGHUP clears the cache of partially-validated data and
433: resets the no-timecheck flag, so that all DNSSEC checks
434: henceforward will be complete.
435:
436: The development of DNSSEC in dnsmasq was started by
437: Giovanni Bajo, to whom huge thanks are owed. It has been
438: supported by Comcast, whose techfund grant has allowed for
439: an invaluable period of full-time work to get it to
440: a workable state.
441:
442: Add --rev-server. Thanks to Dave Taht for suggesting this.
443:
444: Add --servers-file. Allows dynamic update of upstream servers
445: full access to configuration.
446:
447: Add --local-service. Accept DNS queries only from hosts
448: whose address is on a local subnet, ie a subnet for which
449: an interface exists on the server. This option
450: only has effect if there are no --interface --except-interface,
451: --listen-address or --auth-server options. It is intended
452: to be set as a default on installation, to allow
453: unconfigured installations to be useful but also safe from
454: being used for DNS amplification attacks.
455:
456: Fix crashes in cache_get_cname_target() when dangling CNAMEs
457: encountered. Thanks to Andy and the rt-n56u project for
458: find this and helping to chase it down.
459:
460: Fix wrong RCODE in authoritative DNS replies to PTR queries. The
461: correct answer was included, but the RCODE was set to NXDOMAIN.
462: Thanks to Craig McQueen for spotting this.
463:
464: Make statistics available as DNS queries in the .bind TLD as
465: well as logging them.
466:
467:
468: version 2.68
469: Use random addresses for DHCPv6 temporary address
470: allocations, instead of algorithmically determined stable
471: addresses.
472:
473: Fix bug which meant that the DHCPv6 DUID was not available
474: in DHCP script runs during the lifetime of the dnsmasq
475: process which created the DUID de-novo. Once the DUID was
476: created and stored in the lease file and dnsmasq
477: restarted, this bug disappeared.
478:
479: Fix bug introduced in 2.67 which could result in erroneous
480: NXDOMAIN returns to CNAME queries.
481:
482: Fix build failures on MacOS X and openBSD.
483:
484: Allow subnet specifications in --auth-zone to be interface
485: names as well as address literals. This makes it possible
486: to configure authoritative DNS when local address ranges
487: are dynamic and works much better than the previous
488: work-around which exempted contructed DHCP ranges from the
489: IP address filtering. As a consequence, that work-around
490: is removed. Under certain circumstances, this change wil
491: break existing configuration: if you're relying on the
492: contructed-range exception, you need to change --auth-zone
493: to specify the same interface as is used to construct your
494: DHCP ranges, probably with a trailing "/6" like this:
495: --auth-zone=example.com,eth0/6 to limit the addresses to
496: IPv6 addresses of eth0.
497:
498: Fix problems when advertising deleted IPv6 prefixes. If
499: the prefix is deleted (rather than replaced), it doesn't
500: get advertised with zero preferred time. Thanks to Tsachi
501: for the bug report.
502:
503: Fix segfault with some locally configured CNAMEs. Thanks
504: to Andrew Childs for spotting the problem.
505:
506: Fix memory leak on re-reading /etc/hosts and friends,
507: introduced in 2.67.
508:
509: Check the arrival interface of incoming DNS and TFTP
510: requests via IPv6, even in --bind-interfaces mode. This
511: isn't possible for IPv4 and can generate scary warnings,
512: but as it's always possible for IPv6 (the API always
513: exists) then we should do it always.
514:
515: Tweak the rules on prefix-lengths in --dhcp-range for
516: IPv6. The new rule is that the specified prefix length
517: must be larger than or equal to the prefix length of the
518: corresponding address on the local interface.
519:
520:
521: version 2.67
522: Fix crash if upstream server returns SERVFAIL when
523: --conntrack in use. Thanks to Giacomo Tazzari for finding
524: this and supplying the patch.
525:
526: Repair regression in 2.64. That release stopped sending
527: lease-time information in the reply to DHCPINFORM
528: requests, on the correct grounds that it was a standards
529: violation. However, this broke the dnsmasq-specific
530: dhcp_lease_time utility. Now, DHCPINFORM returns
531: lease-time only if it's specifically requested
532: (maintaining standards) and the dhcp_lease_time utility
533: has been taught to ask for it (restoring functionality).
534:
535: Fix --dhcp-match, --dhcp-vendorclass and --dhcp-userclass
536: to work with BOOTP and well as DHCP. Thanks to Peter
537: Korsgaard for spotting the problem.
538:
539: Add --synth-domain. Thanks to Vishvananda Ishaya for
540: suggesting this.
541:
542: Fix failure to compile ipset.c if old kernel headers are
543: in use. Thanks to Eugene Rudoy for pointing this out.
544:
545: Handle IPv4 interface-address labels in Linux. These are
546: often used to emulate the old IP-alias addresses. Before,
547: using --interface=eth0 would service all the addresses of
548: eth0, including ones configured as aliases, which appear
549: in ifconfig as eth0:0. Now, only addresses with the label
550: eth0 are active. This is not backwards compatible: if you
551: want to continue to bind the aliases too, you need to add
552: eg. --interface=eth0:0 to the config.
553:
554: Fix "failed to set SO_BINDTODEVICE on DHCP socket: Socket
555: operation on non-socket" error on startup with
556: configurations which have exactly one --interface option
557: and do RA but _not_ DHCPv6. Thanks to Trever Adams for the
558: bug report.
559:
560: Generalise --interface-name to cope with IPv6 addresses
561: and multiple addresses per interface per address family.
562:
563: Fix option parsing for --dhcp-host, which was generating a
564: spurious error when all seven possible items were
565: included. Thanks to Zhiqiang Wang for the bug report.
566:
567: Remove restriction on prefix-length in --auth-zone. Thanks
568: to Toke Hoiland-Jorgensen for suggesting this.
569:
570: Log when the maximum number of concurrent DNS queries is
571: reached. Thanks to Marcelo Salhab Brogliato for the patch.
572:
573: If wildcards are used in --interface, don't assume that
574: there will only ever be one available interface for DHCP
575: just because there is one at start-up. More may appear, so
576: we can't use SO_BINDTODEVICE. Thanks to Natrio for the bug
577: report.
578:
579: Increase timeout/number of retries in TFTP to accomodate
580: AudioCodes Voice Gateways doing streaming writes to flash.
581: Thanks to Damian Kaczkowski for spotting the problem.
582:
583: Fix crash with empty DHCP string options when adding zero
584: terminator. Thanks to Patrick McLean for the bug report.
585:
586: Allow hostnames to start with a number, as allowed in
587: RFC-1123. Thanks to Kyle Mestery for the patch.
588:
589: Fixes to DHCP FQDN option handling: don't terminate FQDN
590: if domain not known and allow a FQDN option with blank
591: name to request that a FQDN option is returned in the
592: reply. Thanks to Roy Marples for the patch.
593:
594: Make --clear-on-reload apply to setting upstream servers
595: via DBus too.
596:
597: When the address which triggered the construction of an
598: advertised IPv6 prefix disappears, continue to advertise
599: the prefix for up to 2 hours, with the preferred lifetime
600: set to zero. This satisfies RFC 6204 4.3 L-13 and makes
601: things work better if a prefix disappears without being
602: deprecated first. Thanks to Uwe Schindler for persuasively
603: arguing for this.
604:
605: Fix MAC address enumeration on *BSD. Thanks to Brad Smith
606: for the bug report.
607:
608: Support RFC-4242 information-refresh-time options in the
609: reply to DHCPv6 information-request. The lease time of the
610: smallest valid dhcp-range is sent. Thanks to Uwe Schindler
611: for suggesting this.
612:
613: Make --listen-address higher priority than --except-interface
614: in all circumstances. Thanks to Thomas Hood for the bugreport.
615:
616: Provide independent control over which interfaces get TFTP
617: service. If enable-tftp is given a list of interfaces, then TFTP
618: is provided on those. Without the list, the previous behaviour
619: (provide TFTP to the same interfaces we provide DHCP to)
620: is retained. Thanks to Lonnie Abelbeck for the suggestion.
621:
622: Add --dhcp-relay config option. Many thanks to vtsl.net
623: for sponsoring this development.
624:
625: Fix crash with empty tag: in --dhcp-range. Thanks to
626: Kaspar Schleiser for the bug report.
627:
628: Add "baseline" and "bloatcheck" makefile targets, for
629: revealing size changes during development. Thanks to
630: Vladislav Grishenko for the patch.
631:
632: Cope with DHCPv6 clients which send REQUESTs without
633: address options - treat them as SOLICIT with rapid commit.
634:
635: Support identification of clients by MAC address in
636: DHCPv6. When using a relay, the relay must support RFC
637: 6939 for this to work. It always works for directly
638: connected clients. Thanks to Vladislav Grishenko
639: for prompting this feature.
640:
641: Remove the rule for constructed DHCP ranges that the local
642: address must be either the first or last address in the
643: range. This was originally to avoid SLAAC addresses, but
644: we now explicitly autoconfig and privacy addresses instead.
645:
646: Update Polish translation. Thanks to Jan Psota.
647:
648: Fix problem in DHCPv6 vendorclass/userclass matching
649: code. Thanks to Tanguy Bouzeloc for the patch.
650:
651: Update Spanish transalation. Thanks to Vicente Soriano.
652:
653: Add --ra-param option. Thanks to Vladislav Grishenko for
654: inspiration on this.
655:
656: Add --add-subnet configuration, to tell upstream DNS
657: servers where the original client is. Thanks to DNSthingy
658: for sponsoring this feature.
659:
660: Add --quiet-dhcp, --quiet-dhcp6 and --quiet-ra. Thanks to
661: Kevin Darbyshire-Bryant for the initial patch.
662:
663: Allow A/AAAA records created by --interface-name to be the
664: target of --cname. Thanks to Hadmut Danisch for the
665: suggestion.
666:
667: Avoid treating a --dhcp-host which has an IPv6 address
668: as eligable for use with DHCPv4 on the grounds that it has
669: no address, and vice-versa. Thanks to Yury Konovalov for
670: spotting the problem.
671:
672: Do a better job caching dangling CNAMEs. Thanks to Yves
673: Dorfsman for spotting the problem.
674:
675:
1.1 misho 676: version 2.66
677: Add the ability to act as an authoritative DNS
678: server. Dnsmasq can now answer queries from the wider 'net
679: with local data, as long as the correct NS records are set
680: up. Only local data is provided, to avoid creating an open
681: DNS relay. Zone transfer is supported, to allow secondary
682: servers to be configured.
683:
684: Add "constructed DHCP ranges" for DHCPv6. This is intended
685: for IPv6 routers which get prefixes dynamically via prefix
686: delegation. With suitable configuration, stateful DHCPv6
687: and RA can happen automatically as prefixes are delegated
688: and then deprecated, without having to re-write the
689: dnsmasq configuration file or restart the daemon. Thanks to
690: Steven Barth for extensive testing and development work on
691: this idea.
692:
693: Fix crash on startup on Solaris 11. Regression probably
694: introduced in 2.61. Thanks to Geoff Johnstone for the
695: patch.
696:
697: Add code to make behaviour for TCP DNS requests that same
698: as for UDP requests, when a request arrives for an allowed
699: address, but via a banned interface. This change is only
700: active on Linux, since the relevant API is missing (AFAIK)
701: on other platforms. Many thanks to Tomas Hozza for
702: spotting the problem, and doing invaluable discovery of
703: the obscure and undocumented API required for the solution.
704:
705: Don't send the default DHCP option advertising dnsmasq as
706: the local DNS server if dnsmasq is configured to not act
707: as DNS server, or it's configured to a non-standard port.
708:
709: Add DNSMASQ_CIRCUIT_ID, DNSMASQ_SUBCRIBER_ID,
710: DNSMASQ_REMOTE_ID variables to the environment of the
711: lease-change script (and the corresponding Lua). These hold
712: information inserted into the DHCP request by a DHCP relay
713: agent. Thanks to Lakefield Communications for providing a
714: bounty for this addition.
715:
716: Fixed crash, introduced in 2.64, whilst handling DHCPv6
717: information-requests with some common configurations.
718: Thanks to Robert M. Albrecht for the bug report and
719: chasing the problem.
720:
721: Add --ipset option. Thanks to Jason A. Donenfeld for the
722: patch.
723:
724: Don't erroneously reject some option names in --dhcp-match
725: options. Thanks to Benedikt Hochstrasser for the bug report.
726:
727: Allow a trailing '*' wildcard in all interface-name
728: configurations. Thanks to Christian Parpart for the patch.
729:
730: Handle the situation where libc headers define
731: SO_REUSEPORT, but the kernel in use doesn't, to cope with
732: the introduction of this option to Linux. Thanks to Rich
733: Felker for the bug report.
734:
735: Update Polish translation. Thanks to Jan Psota.
736:
737: Fix crash if the configured DHCP lease limit is
738: reached. Regression occurred in 2.61. Thanks to Tsachi for
739: the bug report.
740:
741: Update the French translation. Thanks to Gildas le Nadan.
742:
743:
744: version 2.65
745: Fix regression which broke forwarding of queries sent via
746: TCP which are not for A and AAAA and which were directed to
747: non-default servers. Thanks to Niax for the bug report.
748:
749: Fix failure to build with DHCP support excluded. Thanks to
750: Gustavo Zacarias for the patch.
751:
752: Fix nasty regression in 2.64 which completely broke cacheing.
753:
754:
755: version 2.64
756: Handle DHCP FQDN options with all flag bits zero and
757: --dhcp-client-update set. Thanks to Bernd Krumbroeck for
758: spotting the problem.
759:
760: Finesse the check for /etc/hosts names which conflict with
761: DHCP names. Previously a name/address pair in /etc/hosts
762: which didn't match the name/address of a DHCP lease would
763: generate a warning. Now that only happesn if there is not
764: also a match. This allows multiple addresses for a name in
765: /etc/hosts with one of them assigned via DHCP.
766:
767: Fix broken vendor-option processing for BOOTP. Thanks to
768: Hans-Joachim Baader for the bug report.
769:
770: Don't report spurious netlink errors, regression in
771: 2.63. Thanks to Vladislav Grishenko for the patch.
772:
773: Flag DHCP or DHCPv6 in starup logging. Thanks to
774: Vladislav Grishenko for the patch.
775:
776: Add SetServersEx method in DBus interface. Thanks to Dan
777: Williams for the patch.
778:
779: Add SetDomainServers method in DBus interface. Thanks to
780: Roy Marples for the patch.
781:
782: Fix build with later Lua libraries. Thansk to Cristian
783: Rodriguez for the patch.
784:
785: Add --max-cache-ttl option. Thanks to Dennis Kaarsemaker
786: for the patch.
787:
788: Fix breakage of --host-record parsing, resulting in
789: infinte loop at startup. Regression in 2.63. Thanks to
790: Haim Gelfenbeyn for spotting this.
791:
792: Set SO_REUSEADDRESS and SO_V6ONLY options on the DHCPv6
793: socket, this allows multiple instances of dnsmasq on a
794: single machine, in the same way as for DHCPv4. Thanks to
795: Gene Czarcinski and Vladislav Grishenko for work on this.
796:
797: Fix DHCPv6 to do access control correctly when it's
798: configured with --listen-address. Thanks to
799: Gene Czarcinski for sorting this out.
800:
801: Add a "wildcard" dhcp-range which works for any IPv6
802: subnet, --dhcp-range=::,static Useful for Stateless
803: DHCPv6. Thanks to Vladislav Grishenko for the patch.
804:
805: Don't include lease-time in DHCPACK replies to DHCPINFORM
806: queries, since RFC-2131 says we shouldn't. Thanks to
807: Wouter Ibens for pointing this out.
808:
809: Makefile tweak to do dependency checking on header files.
810: Thanks to Johan Peeters for the patch.
811:
812: Check interface for outgoing unsolicited router
813: advertisements, rather than relying on interface address
814: configuration. Thanks to Gene Czarinski for the patch.
815:
816: Handle better attempts to transmit on interfaces which are
817: still doing DAD, and specifically do not just transmit
818: without setting source address and interface, since this
819: can cause very puzzling effects when a router
820: advertisement goes astray. Thanks again to Gene Czarinski.
821:
822: Get RA timers right when there is more than one
823: dhcp-range on a subnet.
824:
825:
826: version 2.63
827: Do duplicate dhcp-host address check in --test mode.
828:
829: Check that tftp-root directories are accessible before
830: start-up. Thanks to Daniel Veillard for the initial patch.
831:
832: Allow more than one --tfp-root flag. The per-interface
833: stuff is pointless without that.
834:
835: Add --bind-dynamic. A hybrid mode between the default and
836: --bind-interfaces which copes with dynamically created
837: interfaces.
838:
839: A couple of fixes to the build system for Android. Thanks
840: to Metin Kaya for the patches.
841:
842: Remove the interface:<interface> argument in --dhcp-range, and
843: the interface argument to --enable-tftp. These were a
844: still-born attempt to allow automatic isolated
845: configuration by libvirt, but have never (to my knowledge)
846: been used, had very strange semantics, and have been
847: superceded by other mechanisms.
848:
849: Fixed bug logging filenames when duplicate dhcp-host
850: addresses are found. Thanks to John Hanks for the patch.
851:
852: Fix regression in 2.61 which broke caching of CNAME
853: chains. Thanks to Atul Gupta for the bug report.
854:
855: Allow the target of a --cname flag to be another --cname.
856:
857: Teach DHCPv6 about the RFC 4242 information-refresh-time
858: option, and add parsing if the minutes, hours and days
859: format for options. Thanks to Francois-Xavier Le Bail for
860: the suggestion.
861:
862: Allow "w" (for week) as multiplier in lease times, as well
863: as seconds, minutes, hours and days. Álvaro Gámez Machado
864: spotted the ommission.
865:
866: Update French translation. Thanks to Gildas Le Nadan.
867:
868: Allow a DBus service name to be given with --enable-dbus
869: which overrides the default,
870: uk.org.thekelleys.dnsmasq. Thanks to Mathieu
871: Trudel-Lapierre for the patch.
872:
873: Set the "prefix on-link" bit in Router
874: Advertisements. Thanks to Gui Iribarren for the patch.
875:
876:
877: version 2.62
878: Update German translation. Thanks to Conrad Kostecki.
879:
880: Cope with router-solict packets wich don't have a valid
881: source address. Thanks to Vladislav Grishenko for the patch.
882:
883: Fixed bug which caused missing periodic router
884: advertisements with some configurations. Thanks to
885: Vladislav Grishenko for the patch.
886:
887: Fixed bug which broke DHCPv6/RA with prefix lengths
888: which are not divisible by 8. Thanks to Andre Coetzee
889: for spotting this.
890:
891: Fix non-response to router-solicitations when
892: router-advertisement configured, but DHCPv6 not
893: configured. Thanks to Marien Zwart for the patch.
894:
895: Add --dns-rr, to allow arbitrary DNS resource records.
896:
897: Fixed bug which broke RA scheduling when an interface had
898: two addresses in the same network. Thanks to Jim Bos for
899: his help nailing this.
900:
901: version 2.61
902: Re-write interface discovery code on *BSD to use
903: getifaddrs. This is more portable, more straightforward,
904: and allows us to find the prefix length for IPv6
905: addresses.
906:
907: Add ra-names, ra-stateless and slaac keywords for DHCPv6.
908: Dnsmasq can now synthesise AAAA records for dual-stack
909: hosts which get IPv6 addresses via SLAAC. It is also now
910: possible to use SLAAC and stateless DHCPv6, and to
911: tell clients to use SLAAC addresses as well as DHCP ones.
912: Thanks to Dave Taht for help with this.
913:
914: Add --dhcp-duid to allow DUID-EN uids to be used.
915:
916: Explicity send DHCPv6 replies to the correct port, instead
917: of relying on clients to send requests with the correct
918: source address, since at least one client in the wild gets
919: this wrong. Thanks to Conrad Kostecki for help tracking
920: this down.
921:
922: Send a preference value of 255 in DHCPv6 replies when
923: --dhcp-authoritative is in effect. This tells clients not
924: to wait around for other DHCP servers.
925:
926: Better logging of DHCPv6 options.
927:
928: Add --host-record. Thanks to Rob Zwissler for the
929: suggestion.
930:
931: Invoke the DHCP script with action "tftp" when a TFTP file
932: transfer completes. The size of the file, address to which
933: it was sent and complete pathname are supplied. Note that
934: version 2.60 introduced some script incompatibilties
935: associated with DHCPv6, and this is a further change. To
936: be safe, scripts should ignore unknown actions, and if
937: not IPv6-aware, should exit if the environment
938: variable DNSMASQ_IAID is set. The use-case for this is
939: to track netboot/install. Suggestion from Shantanu
940: Gadgil.
941:
942: Update contrib/port-forward/dnsmasq-portforward to reflect
943: the above.
944:
945: Set the environment variable DNSMASQ_LOG_DHCP when running
946: the script id --log-dhcp is in effect, so that script can
947: taylor their logging verbosity. Suggestion from Malte
948: Forkel.
949:
950: Arrange that addresses specified with --listen-address
951: work even if there is no interface carrying the
952: address. This is chiefly useful for IPv4 loopback
953: addresses, where any address in 127.0.0.0/8 is a valid
954: loopback address, but normally only 127.0.0.1 appears on
955: the lo interface. Thanks to Mathieu Trudel-Lapierre for
956: the idea and initial patch.
957:
958: Fix crash, introduced in 2.60, when a DHCPINFORM is
959: received from a network which has no valid dhcp-range.
960: Thanks to Stephane Glondu for the bug report.
961:
962: Add a new DHCP lease time keyword, "deprecated" for
963: --dhcp-range. This is only valid for IPv6, and sets the
964: preffered lease time for both DHCP and RA to zero. The
965: effect is that clients can continue to use the address
966: for existing connections, but new connections will use
967: other addresses, if they exist. This makes hitless
968: renumbering at least possible.
969:
970: Fix bug in address6_available() which caused DHCPv6 lease
971: aquisition to fail if more than one dhcp-range in use.
972:
973: Provide RDNSS and DNSSL data in router advertisements,
974: using the settings provided for DHCP options
975: option6:domain-search and option6:dns-server.
976:
977: Tweak logo/favicon.ico to add some transparency. Thanks to
978: SamLT for work on this.
979:
980: Don't cache data from non-recursive nameservers, since it
981: may erroneously look like a valid CNAME to a non-exitant
982: name. Thanks to Ben Winslow for finding this.
983:
984: Call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP
985: on exactly one interface and --bind-interfaces is set. This
986: makes the OpenStack use-case of one dnsmasq per virtual
987: interface work. This is only available on Linux; it's not
988: supported on other platforms. Thanks to Vishvananda Ishaya
989: and the OpenStack team for the suggestion.
990:
991: Updated French translation. Thanks to Gildas Le Nadan.
992:
993: Give correct from-cache answers to explict CNAME queries.
994: Thanks to Rob Zwissler for spotting this.
995:
996: Add --tftp-lowercase option. Thanks to Oliver Rath for the
997: patch.
998:
999: Ensure that the DBus DhcpLeaseUpdated events are generated
1000: when a lease goes through INIT_REBOOT state, even if the
1001: dhcp-script is not in use. Thanks to Antoaneta-Ecaterina
1002: Ene for the patch.
1003:
1004: Fix failure of TFTP over IPv4 on OpenBSD platform. Thanks
1005: to Brad Smith for spotting this.
1006:
1007:
1008: version 2.60
1009: Fix compilation problem in Mac OS X Lion. Thanks to Olaf
1010: Flebbe for the patch.
1011:
1012: Fix DHCP when using --listen-address with an IP address
1013: which is not the primary address of an interface.
1014:
1015: Add --dhcp-client-update option.
1016:
1017: Add Lua integration. Dnsmasq can now execute a DHCP
1018: lease-change script written in Lua. This needs to be
1019: enabled at compile time by setting HAVE_LUASCRIPT in
1020: src/config.h or running "make COPTS=-DHAVE_LUASCRIPT"
1021: Thanks to Jan-Piet Mens for the idea and proof-of-concept
1022: implementation.
1023:
1024: Tidied src/config.h to distinguish between
1025: platform-dependent compile-time options which are selected
1026: automatically, and builder-selectable compile time
1027: options. Document the latter better, and describe how to
1028: set them from the make command line.
1029:
1030: Tidied up IPPROTO_IP/SOL_IP (and IPv6 equivalent)
1031: confusion. IPPROTO_IP works everywhere now.
1032:
1033: Set TOS on DHCP sockets, this improves things on busy
1034: wireless networks. Thanks to Dave Taht for the patch.
1035:
1036: Determine VERSION automatically based on git magic:
1037: release tags or hash values.
1038:
1039: Improve start-up speed when reading large hosts files
1040: containing many distinct addresses.
1041:
1042: Fix problem if dnsmasq is started without the stdin,
1043: stdout and stderr file descriptors open. This can manifest
1044: itself as 100% CPU use. Thanks to Chris Moore for finding
1045: this.
1046:
1047: Fix shell-scripting bug in bld/pkg-wrapper. Thanks to
1048: Mark Mitchell for the patch.
1049:
1050: Allow the TFP server or boot server in --pxe-service, to
1051: be a domain name instead of an IP address. This allows for
1052: round-robin to multiple servers, in the same way as
1053: --dhcp-boot. A good suggestion from Cristiano Cumer.
1054:
1055: Support BUILDDIR variable in the Makefile. Allows builds
1056: for multiple archs from the same source tree with eg.
1057: make BUILDDIR=linux (relative to dnsmasq tree)
1058: make BUILDDIR=/tmp/openbsd (absolute path)
1059: If BUILDDIR is not set, compilation happens in the src
1060: directory, as before. Suggestion from Mark Mitchell.
1061:
1062: Support DHCPv6. Support is there for the sort of things
1063: the existing v4 server does, including tags, options,
1064: static addresses and relay support. Missing is prefix
1065: delegation, which is probably not required in the dnsmasq
1066: niche, and an easy way to accept prefix delegations from
1067: an upstream DHCPv6 server, which is. Future plans include
1068: support for DHCPv6 router option and MAC address option
1069: (to make selecting clients by MAC address work like IPv4).
1070: These will be added as the standards mature.
1071: This code has been tested, but this is the first release,
1072: so don't bet the farm on it just yet. Many thanks to all
1073: testers who have got it this far.
1074:
1075: Support IPv6 router advertisements. This is a
1076: simple-minded implementation, aimed at providing the
1077: vestigial RA needed to go alongside IPv6. Is picks up
1078: configuration from the DHCPv6 conf, and should just need
1079: enabling with --enable-ra.
1080:
1081: Fix long-standing wrinkle with --localise-queries that
1082: could result in wrong answers when DNS packets arrive
1083: via an interface other than the expected one. Thanks to
1084: Lorenzo Milesi and John Hanks for spotting this one.
1085:
1086: Update French translation. Thanks to Gildas Le Nadan.
1087:
1088: Update Polish translation. Thanks to Jan Psota.
1089:
1090:
1091: version 2.59
1092: Fix regression in 2.58 which caused failure to start up
1093: with some combinations of dnsmasq config and IPv6 kernel
1094: network config. Thanks to Brielle Bruns for the bug
1095: report.
1096:
1097: Improve dnsmasq's behaviour when network interfaces are
1098: still doing duplicate address detection (DAD). Previously,
1099: dnsmasq would wait up to 20 seconds at start-up for the
1100: DAD state to terminate. This is broken for bridge
1101: interfaces on recent Linux kernels, which don't start DAD
1102: until the bridge comes up, and so can take arbitrary
1103: time. The new behaviour lets dnsmasq poll for an arbitrary
1104: time whilst providing service on other interfaces. Thanks
1105: to Stephen Hemminger for pointing out the problem.
1106:
1107:
1108: version 2.58
1109: Provide a definition of the SA_SIZE macro where it's
1110: missing. Fixes build failure on openBSD.
1111:
1112: Don't include a zero terminator at the end of messages
1113: sent to /dev/log when /dev/log is a datagram socket.
1114: Thanks to Didier Rabound for spotting the problem.
1115:
1116: Add --dhcp-sequential-ip flag, to force allocation of IP
1117: addresses in ascending order. Note that the default
1118: pseudo-random mode is in general better but some
1119: server-deployment applications need this.
1120:
1121: Fix problem where a server-id of 0.0.0.0 is sent to a
1122: client when a dhcp-relay is in use if a client renews a
1123: lease after dnsmasq restart and before any clients on the
1124: subnet get a new lease. Thanks to Mike Ruiz for assistance
1125: in chasing this one down.
1126:
1127: Don't return NXDOMAIN to an AAAA query if we have CNAME
1128: which points to an A record only: NODATA is the correct
1129: reply in this case. Thanks to Tom Fernandes for spotting
1130: the problem.
1131:
1132: Relax the need to supply a netmask in --dhcp-range for
1133: networks which use a DHCP relay. Whilst this is still
1134: desireable, in the absence of a netmask dnsmasq will use
1135: a default based on the class (A, B, or C) of the address.
1136: This should at least remove a cause of mysterious failure
1137: for people using RFC1918 addresses and relays.
1138:
1139: Add support for Linux conntrack connection marking. If
1140: enabled with --conntrack, the connection mark for incoming
1141: DNS queries will be copied to the outgoing connections
1142: used to answer those queries. This allows clever firewall
1143: and accounting stuff. Only available if dnsmasq is
1144: compiled with HAVE_CONNTRACK and adds a dependency on
1145: libnetfilter-conntrack. Thanks to Ed Wildgoose for the
1146: initial idea, testing and sponsorship of this function.
1147:
1148: Provide a sane error message when someone attempts to
1149: match a tag in --dhcp-host.
1150:
1151: Tweak the behaviour of --domain-needed, to avoid problems
1152: with recursive nameservers downstream of dnsmasq. The new
1153: behaviour only stops A and AAAA queries, and returns
1154: NODATA rather than NXDOMAIN replies.
1155:
1156: Efficiency fix for very large DHCP configurations, thanks
1157: to James Gartrell and Mike Ruiz for help with this.
1158:
1159: Allow the TFTP-server address in --dhcp-boot to be a
1160: domain-name which is looked up in /etc/hosts. This can
1161: give multiple IP addresses which are used round-robin,
1162: thus doing TFTP server load-balancing. Thanks to Sushil
1163: Agrawal for the patch.
1164:
1165: When two tagged dhcp-options for a particular option
1166: number are both valid, use the one which is valid without
1167: a tag from the dhcp-range. Allows overriding of the value
1168: of a DHCP option for a particular host as well as
1169: per-network values. So
1170: --dhcp-range=set:interface1,......
1171: --dhcp-host=set:myhost,.....
1172: --dhcp-option=tag:interface1,option:nis-domain,"domain1"
1173: --dhcp-option=tag:myhost,option:nis-domain,"domain2"
1174: will set the NIS-domain to domain1 for hosts in the range, but
1175: override that to domain2 for a particular host.
1176:
1177: Fix bug which resulted in truncated files and timeouts for
1178: some TFTP transfers. The bug only occurs with netascii
1179: transfers and needs an unfortunate relationship between
1180: file size, blocksize and the number of newlines in the
1181: last block before it manifests itself. Many thanks to
1182: Alkis Georgopoulos for spotting the problem and providing
1183: a comprehensive test-case.
1184:
1185: Fix regression in TFTP server on *BSD platforms introduced
1186: in version 2.56, due to confusion with sockaddr
1187: length. Many thanks to Loic Pefferkorn for finding this.
1188:
1189: Support scope-ids in IPv6 addresses of nameservers from
1190: /etc/resolv.conf and in --server options. Eg
1191: nameserver fe80::202:a412:4512:7bbf%eth0 or
1192: server=fe80::202:a412:4512:7bbf%eth0. Thanks to
1193: Michael Stapelberg for the suggestion.
1194:
1195: Update Polish translation, thanks to Jan Psota.
1196:
1197: Update French translation. Thanks to Gildas Le Nadan.
1198:
1199:
1200: version 2.57
1201: Add patches to allow build under Android.
1202:
1203: Provide our own header for the DNS protocol, rather than
1204: relying on arpa/nameser.h. This has proved more or less
1205: defective over the years and the final straw is that it's
1206: effectively empty on Android.
1207:
1208: Fix regression in 2.56 which caused hex constants in
1209: configuration to be rejected if they contain the '*'
1210: wildcard.
1211:
1212: Correct wrong casts of arguments to ctype.h functions,
1213: isdigit(), isxdigit() etc. Thanks to Matthias Andree for
1214: spotting this.
1215:
1216: Allow build with IDN support independently from i18n.
1217: IDN support continues to be included automatically
1218: when i18n is included.
1219: 'make COPTS=-DHAVE_IDN' is the magic incantation.
1220:
1221: Modify check on extraneous command line junk (added in
1222: 2.56) so that it doesn't complain about extra _empty_
1223: arguments. Otherwise this breaks libvirt.
1224:
1225:
1226: version 2.56
1227: Add a patch to allow dnsmasq to get interface names right in a
1228: Solaris zone. Thanks to Dj Padzensky for this.
1229:
1230: Improve data-type parsing heuristics so that
1231: --dhcp-option=option:domain-search,.
1232: treats the value as a string and not an IP address.
1233: Thanks to Clemens Fischer for spotting that.
1234:
1235: Add IPv6 support to the TFTP server. Many thanks to Jan
1236: 'RedBully' Seiffert for the patches.
1237:
1238: Log DNS queries at level LOG_INFO, rather then
1239: LOG_DEBUG. This makes things consistent with DHCP
1240: logging. Thanks to Adam Pribyl for spotting the problem.
1241:
1242: Ensure that dnsmasq terminates cleanly when using
1243: --syslog-async even if it cannot make a connection to the
1244: syslogd.
1245:
1246: Add --add-mac option. This is to support currently
1247: experimental DNS filtering facilities. Thanks to Benjamin
1248: Petrin for the orignal patch.
1249:
1250: Fix bug which meant that tags were ignored in dhcp-range
1251: configuration specifying PXE-proxy service. Thanks to
1252: Cristiano Cumer for spotting this.
1253:
1254: Raise an error if there is extra junk, not part of an
1255: option, on the command line.
1256:
1257: Flag a couple of log messages in cache.c as coming from
1258: the DHCP subsystem. Thanks to Olaf Westrik for the patch.
1259:
1260: Omit timestamps from logs when a) logging to stderr and
1261: b) --keep-in-forground is set. The logging facility on the
1262: other end of stderr can be assumned to supply them. Thanks
1263: to John Hallam for the patch.
1264:
1265: Don't complain about strings longer than 255 characters in
1266: --txt-record, just split the long strings into 255
1267: character chunks instead.
1268:
1269: Fix crash on double-free. This bug can only happen when
1270: dhcp-script is in use and then only in rare circumstances
1271: triggered by high DHCP transaction rate and a slow
1272: script. Thanks to Ferenc Wagner for finding the problem.
1273:
1274: Only log that a file has been sent by TFTP after the
1275: transfer has completed succesfully.
1276:
1277: A good suggestion from Ferenc Wagner: extend
1278: the --domain option to allow this sort of thing:
1279: --domain=thekelleys.org.uk,192.168.0.0/24,local
1280: which automatically creates
1281: --local=/thekelleys.org.uk/
1282: --local=/0.168.192.in-addr.arpa/
1283:
1284: Tighten up syntax checking of hex contants in the config
1285: file. Thanks to Fred Damen for spotting this.
1286:
1287: Add dnsmasq logo/icon, contributed by Justin Swift. Many
1288: thanks for that.
1289:
1290: Never cache DNS replies which have the 'cd' bit set, or
1291: which result from queries forwarded with the 'cd' bit
1292: set. The 'cd' bit instructs a DNSSEC validating server
1293: upstream to ignore signature failures and return replies
1294: anyway. Without this change it's possible to pollute the
1295: dnsmasq cache with bad data by making a query with the
1296: 'cd' bit set and subsequent queries would return this data
1297: without its being marked as suspect. Thanks to Anders
1298: Kaseorg for pointing out this problem.
1299:
1300: Add --proxy-dnssec flag, for compliance with RFC
1301: 4035. Dnsmasq will now clear the 'ad' bit in answers returned
1302: from upstream validating nameservers unless this option is
1303: set.
1304:
1305: Allow a filename of "-" for --conf-file to read
1306: stdin. Suggestion from Timothy Redaelli.
1307:
1308: Rotate the order of SRV records in replies, to provide
1309: round-robin load balancing when all the priorities are
1310: equal. Thanks to Peter McKinney for the suggestion.
1311:
1312: Edit
1313: contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist
1314: so that it doesn't log all queries to a file by
1315: default. Thanks again to Peter McKinney.
1316:
1317: By default, setting an IPv4 address for a domain but not
1318: an IPv6 address causes dnsmasq to return
1319: an NODATA reply for IPv6 (or vice-versa). So
1320: --address=/google.com/1.2.3.4 stops IPv6 queries for
1321: *google.com from being forwarded. Make it possible to
1322: override this behaviour by defining the sematics if the
1323: same domain appears in both --server and --address.
1324: In that case, the --address has priority for the address
1325: family in which is appears, but the --server has priority
1326: of the address family which doesn't appear in --adddress
1327: So:
1328: --address=/google.com/1.2.3.4
1329: --server=/google.com/#
1330: will return 1.2.3.4 for IPv4 queries for *.google.com but
1331: forward IPv6 queries to the normal upstream nameserver.
1332: Similarly when setting an IPv6 address
1333: only this will allow forwarding of IPv4 queries. Thanks to
1334: William for pointing out the need for this.
1335:
1336: Allow more than one --dhcp-optsfile and --dhcp-hostsfile
1337: and make them understand directories as arguments in the
1338: same way as --addn-hosts. Suggestion from John Hanks.
1339:
1340: Ignore rebinding requests for leases we don't know
1341: about. Rebind is broadcast, so we might get to overhear a
1342: request meant for another DHCP server. NAKing this is
1343: wrong. Thanks to Brad D'Hondt for assistance with this.
1344:
1345: Fix cosmetic bug which produced strange output when
1346: dumping cache statistics with some configurations. Thanks
1347: to Fedor Kozhevnikov for spotting this.
1348:
1349:
1350: version 2.55
1351: Fix crash when /etc/ethers is in use. Thanks to
1352: Gianluigi Tiesi for finding this.
1353:
1354: Fix crash in netlink_multicast(). Thanks to Arno Wald for
1355: finding this one.
1356:
1357: Allow the empty domain "." in dhcp domain-search (119)
1358: options.
1359:
1360:
1361: version 2.54
1362: There is no version 2.54 to avoid confusion with 2.53,
1363: which incorrectly identifies itself as 2.54.
1364:
1365:
1366: version 2.53
1367: Fix failure to compile on Debian/kFreeBSD. Thanks to
1368: Axel Beckert and Petr Salinger.
1369:
1370: Fix code to avoid scary strict-aliasing warnings
1371: generated by gcc 4.4.
1372:
1373: Added FAQ entry warning about DHCP failures with Vista
1374: when firewalls block 255.255.255.255.
1375:
1376: Fixed bug which caused bad things to happen if a
1377: resolv.conf file which exists is subsequently removed.
1378: Thanks to Nikolai Saoukh for the patch.
1379:
1380: Rationalised the DHCP tag system. Every configuration item
1381: which can set a tag does so by adding "set:<tag>" and
1382: every configuration item which is conditional on a tag is
1383: made so by "tag:<tag>". The NOT operator changes to '!',
1384: which is a bit more intuitive too. Dhcp-host directives
1385: can set more than one tag now. The old '#' NOT,
1386: "net:" prefix and no-prefixes are still honoured, so
1387: no existing config file needs to be changed, but
1388: the documentation and new-style config files should be
1389: much less confusing.
1390:
1391: Added --tag-if to allow boolean operations on tags.
1392: This allows complicated logic to be clearer and more
1393: general. A great suggestion from Richard Voigt.
1394:
1395: Add broadcast/unicast information to DHCP logging.
1396:
1397: Allow --dhcp-broadcast to be unconditional.
1398:
1399: Fixed incorrect behaviour with NOT <tag> conditionals in
1400: dhcp-options. Thanks to Max Turkewitz for assistance
1401: finding this.
1402:
1403: If we send vendor-class encapsulated options based on the
1404: vendor-class supplied by the client, and no explicit
1405: vendor-class option is given, echo back the vendor-class
1406: from the client.
1407:
1408: Fix bug which stopped dnsmasq from matching both a
1409: circuitid and a remoteid. Thanks to Ignacio Bravo for
1410: finding this.
1411:
1412: Add --dhcp-proxy, which makes it possible to configure
1413: dnsmasq to use a DHCP relay agent as a full proxy, with
1414: all DHCP messages passing through the proxy. This is
1415: useful if the relay adds extra information to the packets
1416: it forwards, but cannot be configured with the RFC 5107
1417: server-override option.
1418:
1419: Added interface:<iface name> part to dhcp-range. The
1420: semantics of this are very odd at first sight, but it
1421: allows a single line of the form
1422: dhcp-range=interface:virt0,192.168.0.4,192.168.0.200
1423: to be added to dnsmasq configuration which then supplies
1424: DHCP and DNS services to that interface, without affecting
1425: what services are supplied to other interfaces and
1426: irrespective of the existance or lack of
1427: interface=<interface>
1428: lines elsewhere in the dnsmasq configuration. The idea is
1429: that such a line can be added automatically by libvirt
1430: or equivalent systems, without disturbing any manual
1431: configuration.
1432:
1433: Similarly to the above, allow --enable-tftp=<interface>
1434:
1435: Allow a TFTP root to be set separately for requests via
1436: different interfaces, --tftp-root=<path>,<interface>
1437:
1438: Correctly handle and log clashes between CNAMES and
1439: DNS names being given to DHCP leases. This fixes a bug
1440: which caused nonsense IP addresses to be logged. Thanks to
1441: Sergei Zhirikov for finding and analysing the problem.
1442:
1443: Tweak flush_log so as to avoid leaving the log
1444: file in non-blocking mode. O_NONBLOCK is a property of the
1445: file, not the process/descriptor.
1446:
1447: Fix contrib/Solaris10/create_package
1448: (/usr/man -> /usr/share/man) Thanks to Vita Batrla.
1449:
1450: Fix a problem where, if a client got a lease, then went
1451: to another subnet and got another lease, then moved back,
1452: it couldn't resume the old lease, but would instead get
1453: a new address. Thanks to Leonardo Rodrigues for spotting
1454: this and testing the fix.
1455:
1456: Fix weird bug which sometimes omitted certain characters
1457: from the start of quoted strings in dhcp-options. Thanks
1458: to Dayton Turner for spotting the problem.
1459:
1460: Add facility to redirect some domains to the standard
1461: upstream servers: this allows something like
1462: --server=/google.com/1.2.3.4 --server=/www.google.com/#
1463: which will send queries for *.google.com to 1.2.3.4,
1464: except *www.google.com which will be forwarded as usual.
1465: Thanks to AJ Weber for prompting this addition.
1466:
1467: Improve the hash-algorithm used to generate IP addresses
1468: from MAC addresses during initial DHCP address
1469: allocation. This improves performance when large numbers
1470: of hosts with similar MAC addresses all try and get an IP
1471: address at the same time. Thanks to Paul Smith for his
1472: work on this.
1473:
1474: Tweak DHCP code so that --bridge-interface can be used to
1475: select which IP alias of an interface should be used for
1476: DHCP purposes on Linux. If eth0 has an alias eth0:dhcp
1477: then adding --bridge-interface=eth0:dhcp,eth0 will use
1478: the address of eth0:dhcp to determine the correct subnet
1479: for DHCP address allocation. Thanks to Pawel Golaszewski
1480: for prompting this and Eric Cooper for further testing.
1481:
1482: Add --dhcp-generate-names. Suggestion by Ferenc Wagner.
1483:
1484: Tweak DNS server selection algorithm when there is more
1485: than one server available for a domain, eg.
1486: --server=/mydomain/1.1.1.1
1487: --server=/mydomain/2.2.2.2
1488: Thanks to Alberto Cuesta-Canada for spotting a weakness
1489: here.
1490:
1491: Add --max-ttl. Thanks to Fredrik Ringertz for the patch.
1492:
1493: Allow --log-facility=- to force all logging to
1494: stderr. Suggestion from Clemens Fischer.
1495:
1496: Fix regression which caused configuration like
1497: --address=/.domain.com/1.2.3.4 to be rejected. The dot to the
1498: left of the domain has been implied and not required for a
1499: long time, but it should be accepted for backward
1500: compatibility. Thanks to Andrew Burcin for spotting this.
1501:
1502: Add --rebind-domain-ok and --rebind-localhost-ok.
1503: Suggestion from Clemens Fischer.
1504:
1505: Log replies to queries of type TXT, when --log-queries
1506: is set.
1507:
1508: Fix compiler warnings when compiled with -DNO_DHCP. Thanks
1509: to Shantanu Gadgil for the patch.
1510:
1511: Updated French translation. Thanks to Gildas Le Nadan.
1512:
1513: Updated Polish translation. Thanks to Jan Psota.
1514:
1515: Updated German translation. Thanks to Matthias Andree.
1516:
1517: Added contrib/static-arp, thanks to Darren Hoo.
1518:
1519: Fix corruption of the domain when a name from /etc/hosts
1520: overrides one supplied by a DHCP client. Thanks to Fedor
1521: Kozhevnikov for spotting the problem.
1522:
1523: Updated Spanish translation. Thanks to Chris Chatham.
1524:
1525:
1526: version 2.52
1527: Work around a Linux kernel bug which insists that the
1528: length of the option passed to setsockopt must be at least
1529: sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
1530: and the device name is "lo". Note that this is fixed
1531: in kernel 2.6.31, but the workaround is harmless and
1532: allows earlier kernels to be used. Also fix dnsmasq
1533: bug which reported the wrong address when this failed.
1534: Thanks to Fedor for finding this.
1535:
1536: The API for IPv6 PKTINFO changed around Linux kernel
1537: 2.6.14. Workaround the case where dnsmasq is compiled
1538: against newer headers, but then run on an old kernel:
1539: necessary for some *WRT distros.
1540:
1541: Re-read the set of network interfaces when re-loading
1542: /etc/resolv.conf if --bind-interfaces is not set. This
1543: handles the case that loopback interfaces do not exist
1544: when dnsmasq is first started.
1545:
1546: Tweak the PXE code to support port 4011. This should
1547: reduce broadcasts and make things more reliable when other
1548: servers are around. It also improves inter-operability
1549: with certain clients.
1550:
1551: Make a pxe-service configuration with no filename or boot
1552: service type legal: this does a local boot. eg.
1553: pxe-service=x86PC, "Local boot"
1554:
1555: Be more conservative in detecting "A for A"
1556: queries. Dnsmasq checks if the name in a type=A query looks
1557: like a dotted-quad IP address and answers the query itself
1558: if so, rather than forwarding it. Previously dnsmasq
1559: relied in the library function inet_addr() to convert
1560: addresses, and that will accept some things which are
1561: confusing in this context, like 1.2.3 or even just
1562: 1234. Now we only do A for A processing for four decimal
1563: numbers delimited by dots.
1564:
1565: A couple of tweaks to fix compilation on Solaris. Thanks
1566: to Joel Macklow for help with this.
1567:
1568: Another Solaris compilation tweak, needed for Solaris
1569: 2009.06. Thanks to Lee Essen for that.
1570:
1571: Added extract packaging stuff from Lee Essen to
1572: contrib/Solaris10.
1573:
1574: Increased the default limit on number of leases to 1000
1575: (from 150). This is mainly a defence against DoS attacks,
1576: and for the average "one for two class C networks"
1577: installation, IP address exhaustion does that just as
1578: well. Making the limit greater than the number of IP
1579: addresses available in such an installation removes a
1580: surprise which otherwise can catch people out.
1581:
1582: Removed extraneous trailing space in the value of the
1583: DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and
1584: DNSMASQ_LEASE_EXPIRES environment variables. Thanks to
1585: Gildas Le Nadan for spotting this.
1586:
1587: Provide the network-id tags for a DHCP transaction to
1588: the lease-change script in the environment variable
1589: DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.
1590:
1591: Add support for RFC3925 "Vendor-Identifying Vendor
1592: Options". The syntax looks like this:
1593: --dhcp-option=vi-encap:<enterprise number>, .........
1594:
1595: Add support to --dhcp-match to allow matching against
1596: RFC3925 "Vendor-Identifying Vendor Classes". The syntax
1597: looks like this:
1598: --dhcp-match=tag,vi-encap<enterprise number>, <value>
1599:
1600: Add some application specific code to assist in
1601: implementing the Broadband forum TR069 CPE-WAN
1602: specification. The details are in contrib/CPE-WAN/README
1603:
1604: Increase the default DNS packet size limit to 4096, as
1605: recommended by RFC5625 section 4.4.3. This can be
1606: reconfigured using --edns-packet-max if needed. Thanks to
1607: Francis Dupont for pointing this out.
1608:
1609: Rewrite query-ids even for TSIG signed packets, since
1610: this is allowed by RFC5625 section 4.5.
1611:
1612: Use getopt_long by default on OS X. It has been supported
1613: since version 10.3.0. Thanks to Arek Dreyer for spotting
1614: this.
1615:
1616: Added up-to-date startup configuration for MacOSX/launchd
1617: in contrib/MacOSX-launchd. Thanks to Arek Dreyer for
1618: providing this.
1619:
1620: Fix link error when including Dbus but excluding DHCP.
1621: Thanks to Oschtan for the bug report.
1622:
1623: Updated French translation. Thanks to Gildas Le Nadan.
1624:
1625: Updated Polish translation. Thanks to Jan Psota.
1626:
1627: Updated Spanish translation. Thanks to Chris Chatham.
1628:
1629: Fixed confusion about domains, when looking up DHCP hosts
1630: in /etc/hosts. This could cause spurious "Ignoring
1631: domain..." messages. Thanks to Fedor Kozhevnikov for
1632: finding and analysing the problem.
1633:
1634:
1635: version 2.51
1636: Add support for internationalised DNS. Non-ASCII characters
1637: in domain names found in /etc/hosts, /etc/ethers and
1638: /etc/dnsmasq.conf will be correctly handled by translation to
1639: punycode, as specified in RFC3490. This function is only
1640: available if dnsmasq is compiled with internationalisation
1641: support, and adds a dependency on GNU libidn. Without i18n
1642: support, dnsmasq continues to be compilable with just
1643: standard tools. Thanks to Yves Dorfsman for the
1644: suggestion.
1645:
1646: Add two more environment variables for lease-change scripts:
1647: First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
1648: supplied by a client, even if the actual hostname used is
1649: over-ridden by dhcp-host or dhcp-ignore-names directives.
1650: Also DNSMASQ_RELAY_ADDRESS which gives the address of
1651: a DHCP relay, if used.
1652: Suggestions from Michael Rack.
1653:
1654: Fix regression which broke echo of relay-agent
1655: options. Thanks to Michael Rack for spotting this.
1656:
1657: Don't treat option 67 as being interchangeable with
1658: dhcp-boot parameters if it's specified as
1659: dhcp-option-force.
1660:
1661: Make the code to call scripts on lease-change compile-time
1662: optional. It can be switched off by editing src/config.h
1663: or building with "make COPTS=-DNO_SCRIPT".
1664:
1665: Make the TFTP server cope with filenames from Windows/DOS
1666: which use '\' as pathname separator. Thanks to Ralf for
1667: the patch.
1668:
1669: Updated Polish translation. Thanks to Jan Psota.
1670:
1671: Warn if an IP address is duplicated in /etc/ethers. Thanks
1672: to Felix Schwarz for pointing this out.
1673:
1674: Teach --conf-dir to take an option list of file suffices
1675: which will be ignored when scanning the directory. Useful
1676: for backup files etc. Thanks to Helmut Hullen for the
1677: suggestion.
1678:
1679: Add new DHCP option named tftpserver-address, which
1680: corresponds to the third argument of dhcp-boot. This
1681: allows the complete functionality of dhcp-boot to be
1682: replicated with dhcp-option. Useful when using
1683: dhcp-optsfile.
1684:
1685: Test which upstream nameserver to use every 10 seconds
1686: or 50 queries and not just when a query times out and
1687: is retried. This should improve performance when there
1688: is a slow nameserver in the list. Thanks to Joe for the
1689: suggestion.
1690:
1691: Don't do any PXE processing, even for clients with the
1692: correct vendorclass, unless at least one pxe-prompt or
1693: pxe-service option is given. This stops dnsmasq
1694: interfering with proxy PXE subsystems when it is just
1695: the DHCP server. Thanks to Spencer Clark for spotting this.
1696:
1697: Limit the blocksize used for TFTP transfers to a value
1698: which avoids packet fragmentation, based on the MTU of the
1699: local interface. Many netboot ROMs can't cope with
1700: fragmented packets.
1701:
1702: Honour dhcp-ignore configuration for PXE and proxy-PXE
1703: requests. Thanks to Niels Basjes for the bug report.
1704:
1705: Updated French translation. Thanks to Gildas Le Nadan.
1706:
1707:
1708: version 2.50
1709: Fix security problem which allowed any host permitted to
1710: do TFTP to possibly compromise dnsmasq by remote buffer
1711: overflow when TFTP enabled. Thanks to Core Security
1712: Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
1713: Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
1714: Pablo Annetta. This problem has Bugtraq id: 36121
1715: and CVE: 2009-2957
1716:
1717: Fix a problem which allowed a malicious TFTP client to
1718: crash dnsmasq. Thanks to Steve Grubb at Red Hat for
1719: spotting this. This problem has Bugtraq id: 36120 and
1720: CVE: 2009-2958
1721:
1722:
1723: version 2.49
1724: Fix regression in 2.48 which disables the lease-change
1725: script. Thanks to Jose Luis Duran for spotting this.
1726:
1727: Log TFTP "file not found" errors. These were not logged,
1728: since a normal PXELinux boot generates many of them, but
1729: the lack of the messages seems to be more confusing than
1730: routinely seeing them when there is no real error.
1731:
1732: Update Spanish translation. Thanks to Chris Chatham.
1733:
1734:
1735: version 2.48
1736: Archived the extensive, backwards, changelog to
1737: CHANGELOG.archive. The current changelog now runs from
1738: version 2.43 and runs conventionally.
1739:
1740: Fixed bug which broke binding of servers to physical
1741: interfaces when interface names were longer than four
1742: characters. Thanks to MURASE Katsunori for the patch.
1743:
1744: Fixed netlink code to check that messages come from the
1745: correct source, and not another userspace process. Thanks
1746: to Steve Grubb for the patch.
1747:
1748: Maintainability drive: removed bug and missing feature
1749: workarounds for some old platforms. Solaris 9, OpenBSD
1750: older than 4.1, Glibc older than 2.2, Linux 2.2.x and
1751: DBus older than 1.1.x are no longer supported.
1752:
1753: Don't read included configuration files more than once:
1754: allows complex configuration structures without problems.
1755:
1756: Mark log messages from the various subsystems in dnsmasq:
1757: messages from the DHCP subsystem now have the ident string
1758: "dnsmasq-dhcp" and messages from TFTP have ident
1759: "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.
1760:
1761: Fix possible infinite DHCP protocol loop when an IP
1762: address nailed to a hostname (not a MAC address) and a
1763: host sometimes provides the name, sometimes not.
1764:
1765: Allow --addn-hosts to take a directory: all the files
1766: in the directory are read. Thanks to Phil Cornelius for
1767: the suggestion.
1768:
1769: Support --bridge-interface on all platforms, not just BSD.
1770:
1771: Added support for advanced PXE functions. It's now
1772: possible to define a prompt and menu options which will
1773: be displayed when a client PXE boots. It's also possible to
1774: hand-off booting to other boot servers. Proxy-DHCP, where
1775: dnsmasq just supplies the PXE information and another DHCP
1776: server does address allocation, is also allowed. See the
1777: --pxe-prompt and --pxe-service keywords. Thanks to
1778: Alkis Georgopoulos for the suggestion and Guilherme Moro
1779: and Michael Brown for assistance.
1780:
1781: Improvements to DHCP logging. Thanks to Tom Metro for
1782: useful suggestions.
1783:
1784: Add ability to build dnsmasq without DHCP support. To do
1785: this, edit src/config.h or build with
1786: "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch.
1787:
1788: Added --test command-line switch - syntax check
1789: configuration files only.
1790:
1791: Updated French translation. Thanks to Gildas Le Nadan.
1792:
1793:
1794: version 2.47
1795: Updated French translation. Thanks to Gildas Le Nadan.
1796:
1797: Fixed interface enumeration code to work on NetBSD
1798: 5.0. Thanks to Roy Marples for the patch.
1799:
1800: Updated config.h to use the same location for the lease
1801: file on NetBSD as the other *BSD variants. Also allow
1802: LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.
1803:
1804: Handle duplicate address detection on IPv6 more
1805: intelligently. In IPv6, an interface can have an address
1806: which is not usable, because it is still undergoing DAD
1807: (such addresses are marked "tentative"). Attempting to
1808: bind to an address in this state returns an error,
1809: EADDRNOTAVAIL. Previously, on getting such an error,
1810: dnsmasq would silently abandon the address, and never
1811: listen on it. Now, it retries once per second for 20
1812: seconds before generating a fatal error. 20 seconds should
1813: be long enough for any DAD process to complete, but can be
1814: adjusted in src/config.h if necessary. Thanks to Martin
1815: Krafft for the bug report.
1816:
1817: Add DBus introspection. Patch from Jeremy Laine.
1818:
1819: Update Dbus configuration file. Patch from Colin Walters.
1820: Fix for this bug:
1821: http://bugs.freedesktop.org/show_bug.cgi?id=18961
1822:
1823: Support arbitrarily encapsulated DHCP options, suggestion
1824: and initial patch from Samium Gromoff. This is useful for
1825: (eg) gPXE, which expect all its private options to be
1826: encapsulated inside a single option 175. So, eg,
1827:
1828: dhcp-option = encap:175, 190, "iscsi-client0"
1829: dhcp-option = encap:175, 191, "iscsi-client0-secret"
1830:
1831: will provide iSCSI parameters to gPXE.
1832:
1833: Enhance --dhcp-match to allow testing of the contents of a
1834: client-sent option, as well as its presence. This
1835: application in mind for this is RFC 4578
1836: client-architecture specifiers, but it's generally useful.
1837: Joey Korkames suggested the enhancement.
1838:
1839: Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
1840: OpenSolaris. Thanks to Bastian Machek for the heads-up.
1841:
1842: No longer complain about blank lines in
1843: /etc/ethers. Thanks to Jon Nelson for the patch.
1844:
1845: Fix binding of servers to physical devices, eg
1846: --server=/domain/1.2.3.4@eth0 which was broken from 2.43
1847: onwards unless --query-port=0 set. Thanks to Peter Naulls
1848: for the bug report.
1849:
1850: Reply to DHCPINFORM requests even when the supplied ciaddr
1851: doesn't fall in any dhcp-range. In this case it's not
1852: possible to supply a complete configuration, but
1853: individually-configured options (eg PAC) may be useful.
1854:
1855: Allow the source address of an alias to be a range:
1856: --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
1857: subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
1858: as before.
1859: --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
1860: maps only the 192.168.0.10->192.168.0.40 region. Thanks to
1861: Ib Uhrskov for the suggestion.
1862:
1863: Don't dynamically allocate DHCP addresses which may break
1864: Windows. Addresses which end in .255 or .0 are broken in
1865: Windows even when using supernetting.
1866: --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means
1867: 192.168.0.255 is a valid IP address, but not for Windows.
1868: See Microsoft KB281579. We therefore no longer allocate
1869: these addresses to avoid hard-to-diagnose problems.
1870:
1871: Update Polish translation. Thanks to Jan Psota.
1872:
1873: Delete the PID-file when dnsmasq shuts down. Note that by
1874: this time, dnsmasq is normally not running as root, so
1875: this will fail if the PID-file is stored in a root-owned
1876: directory; such failure is silently ignored. To take
1877: advantage of this feature, the PID-file must be stored in a
1878: directory owned and write-able by the user running
1879: dnsmasq.
1880:
1881:
1882: version 2.46
1883: Allow --bootp-dynamic to take a netid tag, so that it may
1884: be selectively enabled. Thanks to Olaf Westrik for the
1885: suggestion.
1886:
1887: Remove ISC-leasefile reading code. This has been
1888: deprecated for a long time, and last time I removed it, it
1889: ended up going back by request of one user. This time,
1890: it's gone for good; otherwise it would need to be
1891: re-worked to support multiple domains (see below).
1892:
1893: Support DHCP clients in multiple DNS domains. This is a
1894: long-standing request. Clients are assigned to a domain
1895: based in their IP address.
1896:
1897: Add --dhcp-fqdn flag, which changes behaviour if DNS names
1898: assigned to DHCP clients. When this is set, there must be
1899: a domain associated with each client, and only
1900: fully-qualified domain names are added to the DNS. The
1901: advantage is that the only the FQDN needs to be unique,
1902: so that two or more DHCP clients can share a hostname, as
1903: long as they are in different domains.
1904:
1905: Set environment variable DNSMASQ_DOMAIN when invoking
1906: lease-change script. This may be useful information to
1907: have now that it's variable.
1908:
1909: Tighten up data-checking code for DNS packet
1910: handling. Thanks to Steve Dodd who found certain illegal
1911: packets which could crash dnsmasq. No memory overwrite was
1912: possible, so this is not a security issue beyond the DoS
1913: potential.
1914:
1915: Update example config dhcp option 47, the previous
1916: suggestion generated an illegal, zero-length,
1917: option. Thanks to Matthias Andree for finding this.
1918:
1919: Rewrite hosts-file reading code to remove the limit of
1920: 1024 characters per line. John C Meuser found this.
1921:
1922: Create a net-id tag with the name of the interface on
1923: which the DHCP request was received.
1924:
1925: Fixed minor memory leak in DBus code, thanks to Jeremy
1926: Laine for the patch.
1927:
1928: Emit DBus signals as the DHCP lease database
1929: changes. Thanks to Jeremy Laine for the patch.
1930:
1931: Allow for more that one MAC address in a dhcp-host
1932: line. This configuration tells dnsmasq that it's OK to
1933: abandon a DHCP lease of the fixed address to one MAC
1934: address, if another MAC address in the dhcp-host statement
1935: asks for an address. This is useful to give a fixed
1936: address to a host which has two network interfaces
1937: (say, a laptop with wired and wireless interfaces.)
1938: It's very important to ensure that only one interface
1939: at a time is up, since dnsmasq abandons the first lease
1940: and re-uses the address before the leased time has
1941: elapsed. John Gray suggested this.
1942:
1943: Tweak the response to a DHCP request packet with a wrong
1944: server-id when --dhcp-authoritative is set; dnsmasq now
1945: returns a DHCPNAK, rather than silently ignoring the
1946: packet. Thanks to Chris Marget for spotting this
1947: improvement.
1948:
1949: Add --cname option. This provides a limited alias
1950: function, usable for DHCP names. Thanks to AJ Weber for
1951: suggestions on this.
1952:
1953: Updated contrib/webmin with latest version from Neil
1954: Fisher.
1955:
1956: Updated Polish translation. Thanks to Jan Psota.
1957:
1958: Correct the text names for DHCP options 64 and 65 to be
1959: "nis+-domain" and "nis+-servers".
1960:
1961: Updated Spanish translation. Thanks to Chris Chatham.
1962:
1963: Force re-reading of /etc/resolv.conf when an "interface
1964: up" event occurs.
1965:
1966:
1967: version 2.45
1968: Fix total DNS failure in release 2.44 unless --min-port
1969: specified. Thanks to Steven Barth and Grant Coady for
1970: bugreport. Also reject out-of-range port spec, which could
1971: break things too: suggestion from Gilles Espinasse.
1972:
1973:
1974: version 2.44
1975: Fix crash when unknown client attempts to renew a DHCP
1976: lease, problem introduced in version 2.43. Thanks to
1977: Carlos Carvalho for help chasing this down.
1978:
1979: Fix potential crash when a host which doesn't have a lease
1980: does DHCPINFORM. Again introduced in 2.43. This bug has
1981: never been reported in the wild.
1982:
1983: Fix crash in netlink code introduced in 2.43. Thanks to
1984: Jean Wolter for finding this.
1985:
1986: Change implementation of min_port to work even if min-port
1987: is large.
1988:
1989: Patch to enable compilation of latest Mac OS X. Thanks to
1990: David Gilman.
1991:
1992: Update Spanish translation. Thanks to Christopher Chatham.
1993:
1994:
1995: version 2.43
1996: Updated Polish translation. Thanks to Jan Psota.
1997:
1998: Flag errors when configuration options are repeated
1999: illegally.
2000:
2001: Further tweaks for GNU/kFreeBSD
2002:
2003: Add --no-wrap to msgmerge call - provides nicer .po file
2004: format.
2005:
2006: Honour lease-time spec in dhcp-host lines even for
2007: BOOTP. The user is assumed to known what they are doing in
2008: this case. (Hosts without the time spec still get infinite
2009: leases for BOOTP, over-riding the default in the
2010: dhcp-range.) Thanks to Peter Katzmann for uncovering this.
2011:
2012: Fix problem matching relay-agent ids. Thanks to Michael
2013: Rack for the bug report.
2014:
2015: Add --naptr-record option. Suggestion from Johan
2016: Bergquist.
2017:
2018: Implement RFC 5107 server-id-override DHCP relay agent
2019: option.
2020:
2021: Apply patches from Stefan Kruger for compilation on
2022: Solaris 10 under Sun studio.
2023:
2024: Yet more tweaking of Linux capability code, to suppress
2025: pointless wingeing from kernel 2.6.25 and above.
2026:
2027: Improve error checking during startup. Previously, some
2028: errors which occurred during startup would be worked
2029: around, with dnsmasq still starting up. Some were logged,
2030: some silent. Now, they all cause a fatal error and dnsmasq
2031: terminates with a non-zero exit code. The errors are those
2032: associated with changing uid and gid, setting process
2033: capabilities and writing the pidfile. Thanks to Uwe
2034: Gansert and the Suse security team for pointing out
2035: this improvement, and Bill Reimers for good implementation
2036: suggestions.
2037:
2038: Provide NO_LARGEFILE compile option to switch off largefile
2039: support when compiling against versions of uclibc which
2040: don't support it. Thanks to Stephane Billiart for the patch.
2041:
2042: Implement random source ports for interactions with
2043: upstream nameservers. New spoofing attacks have been found
2044: against nameservers which do not do this, though it is not
2045: clear if dnsmasq is vulnerable, since to doesn't implement
2046: recursion. By default dnsmasq will now use a different
2047: source port (and socket) for each query it sends
2048: upstream. This behaviour can suppressed using the
2049: --query-port option, and the old default behaviour
2050: restored using --query-port=0. Explicit source-port
2051: specifications in --server configs are still honoured.
2052:
2053: Replace the random number generator, for better
2054: security. On most BSD systems, dnsmasq uses the
2055: arc4random() RNG, which is secure, but on other platforms,
2056: it relied on the C-library RNG, which may be
2057: guessable and therefore allow spoofing. This release
2058: replaces the libc RNG with the SURF RNG, from Daniel
2059: J. Berstein's DJBDNS package.
2060:
2061: Don't attempt to change user or group or set capabilities
2062: if dnsmasq is run as a non-root user. Without this, the
2063: change from soft to hard errors when these fail causes
2064: problems for non-root daemons listening on high
2065: ports. Thanks to Patrick McLean for spotting this.
2066:
2067: Updated French translation. Thanks to Gildas Le Nadan.
2068:
2069:
2070: version 2.42
2071: The changelog for version 2.42 and earlier is
2072: available in CHANGELOG.archive.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to CHANGELOG CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq