1: version 2.66
2: Add the ability to act as an authoritative DNS
3: server. Dnsmasq can now answer queries from the wider 'net
4: with local data, as long as the correct NS records are set
5: up. Only local data is provided, to avoid creating an open
6: DNS relay. Zone transfer is supported, to allow secondary
7: servers to be configured.
8:
9: Add "constructed DHCP ranges" for DHCPv6. This is intended
10: for IPv6 routers which get prefixes dynamically via prefix
11: delegation. With suitable configuration, stateful DHCPv6
12: and RA can happen automatically as prefixes are delegated
13: and then deprecated, without having to re-write the
14: dnsmasq configuration file or restart the daemon. Thanks to
15: Steven Barth for extensive testing and development work on
16: this idea.
17:
18: Fix crash on startup on Solaris 11. Regression probably
19: introduced in 2.61. Thanks to Geoff Johnstone for the
20: patch.
21:
22: Add code to make behaviour for TCP DNS requests that same
23: as for UDP requests, when a request arrives for an allowed
24: address, but via a banned interface. This change is only
25: active on Linux, since the relevant API is missing (AFAIK)
26: on other platforms. Many thanks to Tomas Hozza for
27: spotting the problem, and doing invaluable discovery of
28: the obscure and undocumented API required for the solution.
29:
30: Don't send the default DHCP option advertising dnsmasq as
31: the local DNS server if dnsmasq is configured to not act
32: as DNS server, or it's configured to a non-standard port.
33:
34: Add DNSMASQ_CIRCUIT_ID, DNSMASQ_SUBCRIBER_ID,
35: DNSMASQ_REMOTE_ID variables to the environment of the
36: lease-change script (and the corresponding Lua). These hold
37: information inserted into the DHCP request by a DHCP relay
38: agent. Thanks to Lakefield Communications for providing a
39: bounty for this addition.
40:
41: Fixed crash, introduced in 2.64, whilst handling DHCPv6
42: information-requests with some common configurations.
43: Thanks to Robert M. Albrecht for the bug report and
44: chasing the problem.
45:
46: Add --ipset option. Thanks to Jason A. Donenfeld for the
47: patch.
48:
49: Don't erroneously reject some option names in --dhcp-match
50: options. Thanks to Benedikt Hochstrasser for the bug report.
51:
52: Allow a trailing '*' wildcard in all interface-name
53: configurations. Thanks to Christian Parpart for the patch.
54:
55: Handle the situation where libc headers define
56: SO_REUSEPORT, but the kernel in use doesn't, to cope with
57: the introduction of this option to Linux. Thanks to Rich
58: Felker for the bug report.
59:
60: Update Polish translation. Thanks to Jan Psota.
61:
62: Fix crash if the configured DHCP lease limit is
63: reached. Regression occurred in 2.61. Thanks to Tsachi for
64: the bug report.
65:
66: Update the French translation. Thanks to Gildas le Nadan.
67:
68:
69: version 2.65
70: Fix regression which broke forwarding of queries sent via
71: TCP which are not for A and AAAA and which were directed to
72: non-default servers. Thanks to Niax for the bug report.
73:
74: Fix failure to build with DHCP support excluded. Thanks to
75: Gustavo Zacarias for the patch.
76:
77: Fix nasty regression in 2.64 which completely broke cacheing.
78:
79:
80: version 2.64
81: Handle DHCP FQDN options with all flag bits zero and
82: --dhcp-client-update set. Thanks to Bernd Krumbroeck for
83: spotting the problem.
84:
85: Finesse the check for /etc/hosts names which conflict with
86: DHCP names. Previously a name/address pair in /etc/hosts
87: which didn't match the name/address of a DHCP lease would
88: generate a warning. Now that only happesn if there is not
89: also a match. This allows multiple addresses for a name in
90: /etc/hosts with one of them assigned via DHCP.
91:
92: Fix broken vendor-option processing for BOOTP. Thanks to
93: Hans-Joachim Baader for the bug report.
94:
95: Don't report spurious netlink errors, regression in
96: 2.63. Thanks to Vladislav Grishenko for the patch.
97:
98: Flag DHCP or DHCPv6 in starup logging. Thanks to
99: Vladislav Grishenko for the patch.
100:
101: Add SetServersEx method in DBus interface. Thanks to Dan
102: Williams for the patch.
103:
104: Add SetDomainServers method in DBus interface. Thanks to
105: Roy Marples for the patch.
106:
107: Fix build with later Lua libraries. Thansk to Cristian
108: Rodriguez for the patch.
109:
110: Add --max-cache-ttl option. Thanks to Dennis Kaarsemaker
111: for the patch.
112:
113: Fix breakage of --host-record parsing, resulting in
114: infinte loop at startup. Regression in 2.63. Thanks to
115: Haim Gelfenbeyn for spotting this.
116:
117: Set SO_REUSEADDRESS and SO_V6ONLY options on the DHCPv6
118: socket, this allows multiple instances of dnsmasq on a
119: single machine, in the same way as for DHCPv4. Thanks to
120: Gene Czarcinski and Vladislav Grishenko for work on this.
121:
122: Fix DHCPv6 to do access control correctly when it's
123: configured with --listen-address. Thanks to
124: Gene Czarcinski for sorting this out.
125:
126: Add a "wildcard" dhcp-range which works for any IPv6
127: subnet, --dhcp-range=::,static Useful for Stateless
128: DHCPv6. Thanks to Vladislav Grishenko for the patch.
129:
130: Don't include lease-time in DHCPACK replies to DHCPINFORM
131: queries, since RFC-2131 says we shouldn't. Thanks to
132: Wouter Ibens for pointing this out.
133:
134: Makefile tweak to do dependency checking on header files.
135: Thanks to Johan Peeters for the patch.
136:
137: Check interface for outgoing unsolicited router
138: advertisements, rather than relying on interface address
139: configuration. Thanks to Gene Czarinski for the patch.
140:
141: Handle better attempts to transmit on interfaces which are
142: still doing DAD, and specifically do not just transmit
143: without setting source address and interface, since this
144: can cause very puzzling effects when a router
145: advertisement goes astray. Thanks again to Gene Czarinski.
146:
147: Get RA timers right when there is more than one
148: dhcp-range on a subnet.
149:
150:
151: version 2.63
152: Do duplicate dhcp-host address check in --test mode.
153:
154: Check that tftp-root directories are accessible before
155: start-up. Thanks to Daniel Veillard for the initial patch.
156:
157: Allow more than one --tfp-root flag. The per-interface
158: stuff is pointless without that.
159:
160: Add --bind-dynamic. A hybrid mode between the default and
161: --bind-interfaces which copes with dynamically created
162: interfaces.
163:
164: A couple of fixes to the build system for Android. Thanks
165: to Metin Kaya for the patches.
166:
167: Remove the interface:<interface> argument in --dhcp-range, and
168: the interface argument to --enable-tftp. These were a
169: still-born attempt to allow automatic isolated
170: configuration by libvirt, but have never (to my knowledge)
171: been used, had very strange semantics, and have been
172: superceded by other mechanisms.
173:
174: Fixed bug logging filenames when duplicate dhcp-host
175: addresses are found. Thanks to John Hanks for the patch.
176:
177: Fix regression in 2.61 which broke caching of CNAME
178: chains. Thanks to Atul Gupta for the bug report.
179:
180: Allow the target of a --cname flag to be another --cname.
181:
182: Teach DHCPv6 about the RFC 4242 information-refresh-time
183: option, and add parsing if the minutes, hours and days
184: format for options. Thanks to Francois-Xavier Le Bail for
185: the suggestion.
186:
187: Allow "w" (for week) as multiplier in lease times, as well
188: as seconds, minutes, hours and days. Álvaro Gámez Machado
189: spotted the ommission.
190:
191: Update French translation. Thanks to Gildas Le Nadan.
192:
193: Allow a DBus service name to be given with --enable-dbus
194: which overrides the default,
195: uk.org.thekelleys.dnsmasq. Thanks to Mathieu
196: Trudel-Lapierre for the patch.
197:
198: Set the "prefix on-link" bit in Router
199: Advertisements. Thanks to Gui Iribarren for the patch.
200:
201:
202: version 2.62
203: Update German translation. Thanks to Conrad Kostecki.
204:
205: Cope with router-solict packets wich don't have a valid
206: source address. Thanks to Vladislav Grishenko for the patch.
207:
208: Fixed bug which caused missing periodic router
209: advertisements with some configurations. Thanks to
210: Vladislav Grishenko for the patch.
211:
212: Fixed bug which broke DHCPv6/RA with prefix lengths
213: which are not divisible by 8. Thanks to Andre Coetzee
214: for spotting this.
215:
216: Fix non-response to router-solicitations when
217: router-advertisement configured, but DHCPv6 not
218: configured. Thanks to Marien Zwart for the patch.
219:
220: Add --dns-rr, to allow arbitrary DNS resource records.
221:
222: Fixed bug which broke RA scheduling when an interface had
223: two addresses in the same network. Thanks to Jim Bos for
224: his help nailing this.
225:
226: version 2.61
227: Re-write interface discovery code on *BSD to use
228: getifaddrs. This is more portable, more straightforward,
229: and allows us to find the prefix length for IPv6
230: addresses.
231:
232: Add ra-names, ra-stateless and slaac keywords for DHCPv6.
233: Dnsmasq can now synthesise AAAA records for dual-stack
234: hosts which get IPv6 addresses via SLAAC. It is also now
235: possible to use SLAAC and stateless DHCPv6, and to
236: tell clients to use SLAAC addresses as well as DHCP ones.
237: Thanks to Dave Taht for help with this.
238:
239: Add --dhcp-duid to allow DUID-EN uids to be used.
240:
241: Explicity send DHCPv6 replies to the correct port, instead
242: of relying on clients to send requests with the correct
243: source address, since at least one client in the wild gets
244: this wrong. Thanks to Conrad Kostecki for help tracking
245: this down.
246:
247: Send a preference value of 255 in DHCPv6 replies when
248: --dhcp-authoritative is in effect. This tells clients not
249: to wait around for other DHCP servers.
250:
251: Better logging of DHCPv6 options.
252:
253: Add --host-record. Thanks to Rob Zwissler for the
254: suggestion.
255:
256: Invoke the DHCP script with action "tftp" when a TFTP file
257: transfer completes. The size of the file, address to which
258: it was sent and complete pathname are supplied. Note that
259: version 2.60 introduced some script incompatibilties
260: associated with DHCPv6, and this is a further change. To
261: be safe, scripts should ignore unknown actions, and if
262: not IPv6-aware, should exit if the environment
263: variable DNSMASQ_IAID is set. The use-case for this is
264: to track netboot/install. Suggestion from Shantanu
265: Gadgil.
266:
267: Update contrib/port-forward/dnsmasq-portforward to reflect
268: the above.
269:
270: Set the environment variable DNSMASQ_LOG_DHCP when running
271: the script id --log-dhcp is in effect, so that script can
272: taylor their logging verbosity. Suggestion from Malte
273: Forkel.
274:
275: Arrange that addresses specified with --listen-address
276: work even if there is no interface carrying the
277: address. This is chiefly useful for IPv4 loopback
278: addresses, where any address in 127.0.0.0/8 is a valid
279: loopback address, but normally only 127.0.0.1 appears on
280: the lo interface. Thanks to Mathieu Trudel-Lapierre for
281: the idea and initial patch.
282:
283: Fix crash, introduced in 2.60, when a DHCPINFORM is
284: received from a network which has no valid dhcp-range.
285: Thanks to Stephane Glondu for the bug report.
286:
287: Add a new DHCP lease time keyword, "deprecated" for
288: --dhcp-range. This is only valid for IPv6, and sets the
289: preffered lease time for both DHCP and RA to zero. The
290: effect is that clients can continue to use the address
291: for existing connections, but new connections will use
292: other addresses, if they exist. This makes hitless
293: renumbering at least possible.
294:
295: Fix bug in address6_available() which caused DHCPv6 lease
296: aquisition to fail if more than one dhcp-range in use.
297:
298: Provide RDNSS and DNSSL data in router advertisements,
299: using the settings provided for DHCP options
300: option6:domain-search and option6:dns-server.
301:
302: Tweak logo/favicon.ico to add some transparency. Thanks to
303: SamLT for work on this.
304:
305: Don't cache data from non-recursive nameservers, since it
306: may erroneously look like a valid CNAME to a non-exitant
307: name. Thanks to Ben Winslow for finding this.
308:
309: Call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP
310: on exactly one interface and --bind-interfaces is set. This
311: makes the OpenStack use-case of one dnsmasq per virtual
312: interface work. This is only available on Linux; it's not
313: supported on other platforms. Thanks to Vishvananda Ishaya
314: and the OpenStack team for the suggestion.
315:
316: Updated French translation. Thanks to Gildas Le Nadan.
317:
318: Give correct from-cache answers to explict CNAME queries.
319: Thanks to Rob Zwissler for spotting this.
320:
321: Add --tftp-lowercase option. Thanks to Oliver Rath for the
322: patch.
323:
324: Ensure that the DBus DhcpLeaseUpdated events are generated
325: when a lease goes through INIT_REBOOT state, even if the
326: dhcp-script is not in use. Thanks to Antoaneta-Ecaterina
327: Ene for the patch.
328:
329: Fix failure of TFTP over IPv4 on OpenBSD platform. Thanks
330: to Brad Smith for spotting this.
331:
332:
333: version 2.60
334: Fix compilation problem in Mac OS X Lion. Thanks to Olaf
335: Flebbe for the patch.
336:
337: Fix DHCP when using --listen-address with an IP address
338: which is not the primary address of an interface.
339:
340: Add --dhcp-client-update option.
341:
342: Add Lua integration. Dnsmasq can now execute a DHCP
343: lease-change script written in Lua. This needs to be
344: enabled at compile time by setting HAVE_LUASCRIPT in
345: src/config.h or running "make COPTS=-DHAVE_LUASCRIPT"
346: Thanks to Jan-Piet Mens for the idea and proof-of-concept
347: implementation.
348:
349: Tidied src/config.h to distinguish between
350: platform-dependent compile-time options which are selected
351: automatically, and builder-selectable compile time
352: options. Document the latter better, and describe how to
353: set them from the make command line.
354:
355: Tidied up IPPROTO_IP/SOL_IP (and IPv6 equivalent)
356: confusion. IPPROTO_IP works everywhere now.
357:
358: Set TOS on DHCP sockets, this improves things on busy
359: wireless networks. Thanks to Dave Taht for the patch.
360:
361: Determine VERSION automatically based on git magic:
362: release tags or hash values.
363:
364: Improve start-up speed when reading large hosts files
365: containing many distinct addresses.
366:
367: Fix problem if dnsmasq is started without the stdin,
368: stdout and stderr file descriptors open. This can manifest
369: itself as 100% CPU use. Thanks to Chris Moore for finding
370: this.
371:
372: Fix shell-scripting bug in bld/pkg-wrapper. Thanks to
373: Mark Mitchell for the patch.
374:
375: Allow the TFP server or boot server in --pxe-service, to
376: be a domain name instead of an IP address. This allows for
377: round-robin to multiple servers, in the same way as
378: --dhcp-boot. A good suggestion from Cristiano Cumer.
379:
380: Support BUILDDIR variable in the Makefile. Allows builds
381: for multiple archs from the same source tree with eg.
382: make BUILDDIR=linux (relative to dnsmasq tree)
383: make BUILDDIR=/tmp/openbsd (absolute path)
384: If BUILDDIR is not set, compilation happens in the src
385: directory, as before. Suggestion from Mark Mitchell.
386:
387: Support DHCPv6. Support is there for the sort of things
388: the existing v4 server does, including tags, options,
389: static addresses and relay support. Missing is prefix
390: delegation, which is probably not required in the dnsmasq
391: niche, and an easy way to accept prefix delegations from
392: an upstream DHCPv6 server, which is. Future plans include
393: support for DHCPv6 router option and MAC address option
394: (to make selecting clients by MAC address work like IPv4).
395: These will be added as the standards mature.
396: This code has been tested, but this is the first release,
397: so don't bet the farm on it just yet. Many thanks to all
398: testers who have got it this far.
399:
400: Support IPv6 router advertisements. This is a
401: simple-minded implementation, aimed at providing the
402: vestigial RA needed to go alongside IPv6. Is picks up
403: configuration from the DHCPv6 conf, and should just need
404: enabling with --enable-ra.
405:
406: Fix long-standing wrinkle with --localise-queries that
407: could result in wrong answers when DNS packets arrive
408: via an interface other than the expected one. Thanks to
409: Lorenzo Milesi and John Hanks for spotting this one.
410:
411: Update French translation. Thanks to Gildas Le Nadan.
412:
413: Update Polish translation. Thanks to Jan Psota.
414:
415:
416: version 2.59
417: Fix regression in 2.58 which caused failure to start up
418: with some combinations of dnsmasq config and IPv6 kernel
419: network config. Thanks to Brielle Bruns for the bug
420: report.
421:
422: Improve dnsmasq's behaviour when network interfaces are
423: still doing duplicate address detection (DAD). Previously,
424: dnsmasq would wait up to 20 seconds at start-up for the
425: DAD state to terminate. This is broken for bridge
426: interfaces on recent Linux kernels, which don't start DAD
427: until the bridge comes up, and so can take arbitrary
428: time. The new behaviour lets dnsmasq poll for an arbitrary
429: time whilst providing service on other interfaces. Thanks
430: to Stephen Hemminger for pointing out the problem.
431:
432:
433: version 2.58
434: Provide a definition of the SA_SIZE macro where it's
435: missing. Fixes build failure on openBSD.
436:
437: Don't include a zero terminator at the end of messages
438: sent to /dev/log when /dev/log is a datagram socket.
439: Thanks to Didier Rabound for spotting the problem.
440:
441: Add --dhcp-sequential-ip flag, to force allocation of IP
442: addresses in ascending order. Note that the default
443: pseudo-random mode is in general better but some
444: server-deployment applications need this.
445:
446: Fix problem where a server-id of 0.0.0.0 is sent to a
447: client when a dhcp-relay is in use if a client renews a
448: lease after dnsmasq restart and before any clients on the
449: subnet get a new lease. Thanks to Mike Ruiz for assistance
450: in chasing this one down.
451:
452: Don't return NXDOMAIN to an AAAA query if we have CNAME
453: which points to an A record only: NODATA is the correct
454: reply in this case. Thanks to Tom Fernandes for spotting
455: the problem.
456:
457: Relax the need to supply a netmask in --dhcp-range for
458: networks which use a DHCP relay. Whilst this is still
459: desireable, in the absence of a netmask dnsmasq will use
460: a default based on the class (A, B, or C) of the address.
461: This should at least remove a cause of mysterious failure
462: for people using RFC1918 addresses and relays.
463:
464: Add support for Linux conntrack connection marking. If
465: enabled with --conntrack, the connection mark for incoming
466: DNS queries will be copied to the outgoing connections
467: used to answer those queries. This allows clever firewall
468: and accounting stuff. Only available if dnsmasq is
469: compiled with HAVE_CONNTRACK and adds a dependency on
470: libnetfilter-conntrack. Thanks to Ed Wildgoose for the
471: initial idea, testing and sponsorship of this function.
472:
473: Provide a sane error message when someone attempts to
474: match a tag in --dhcp-host.
475:
476: Tweak the behaviour of --domain-needed, to avoid problems
477: with recursive nameservers downstream of dnsmasq. The new
478: behaviour only stops A and AAAA queries, and returns
479: NODATA rather than NXDOMAIN replies.
480:
481: Efficiency fix for very large DHCP configurations, thanks
482: to James Gartrell and Mike Ruiz for help with this.
483:
484: Allow the TFTP-server address in --dhcp-boot to be a
485: domain-name which is looked up in /etc/hosts. This can
486: give multiple IP addresses which are used round-robin,
487: thus doing TFTP server load-balancing. Thanks to Sushil
488: Agrawal for the patch.
489:
490: When two tagged dhcp-options for a particular option
491: number are both valid, use the one which is valid without
492: a tag from the dhcp-range. Allows overriding of the value
493: of a DHCP option for a particular host as well as
494: per-network values. So
495: --dhcp-range=set:interface1,......
496: --dhcp-host=set:myhost,.....
497: --dhcp-option=tag:interface1,option:nis-domain,"domain1"
498: --dhcp-option=tag:myhost,option:nis-domain,"domain2"
499: will set the NIS-domain to domain1 for hosts in the range, but
500: override that to domain2 for a particular host.
501:
502: Fix bug which resulted in truncated files and timeouts for
503: some TFTP transfers. The bug only occurs with netascii
504: transfers and needs an unfortunate relationship between
505: file size, blocksize and the number of newlines in the
506: last block before it manifests itself. Many thanks to
507: Alkis Georgopoulos for spotting the problem and providing
508: a comprehensive test-case.
509:
510: Fix regression in TFTP server on *BSD platforms introduced
511: in version 2.56, due to confusion with sockaddr
512: length. Many thanks to Loic Pefferkorn for finding this.
513:
514: Support scope-ids in IPv6 addresses of nameservers from
515: /etc/resolv.conf and in --server options. Eg
516: nameserver fe80::202:a412:4512:7bbf%eth0 or
517: server=fe80::202:a412:4512:7bbf%eth0. Thanks to
518: Michael Stapelberg for the suggestion.
519:
520: Update Polish translation, thanks to Jan Psota.
521:
522: Update French translation. Thanks to Gildas Le Nadan.
523:
524:
525: version 2.57
526: Add patches to allow build under Android.
527:
528: Provide our own header for the DNS protocol, rather than
529: relying on arpa/nameser.h. This has proved more or less
530: defective over the years and the final straw is that it's
531: effectively empty on Android.
532:
533: Fix regression in 2.56 which caused hex constants in
534: configuration to be rejected if they contain the '*'
535: wildcard.
536:
537: Correct wrong casts of arguments to ctype.h functions,
538: isdigit(), isxdigit() etc. Thanks to Matthias Andree for
539: spotting this.
540:
541: Allow build with IDN support independently from i18n.
542: IDN support continues to be included automatically
543: when i18n is included.
544: 'make COPTS=-DHAVE_IDN' is the magic incantation.
545:
546: Modify check on extraneous command line junk (added in
547: 2.56) so that it doesn't complain about extra _empty_
548: arguments. Otherwise this breaks libvirt.
549:
550:
551: version 2.56
552: Add a patch to allow dnsmasq to get interface names right in a
553: Solaris zone. Thanks to Dj Padzensky for this.
554:
555: Improve data-type parsing heuristics so that
556: --dhcp-option=option:domain-search,.
557: treats the value as a string and not an IP address.
558: Thanks to Clemens Fischer for spotting that.
559:
560: Add IPv6 support to the TFTP server. Many thanks to Jan
561: 'RedBully' Seiffert for the patches.
562:
563: Log DNS queries at level LOG_INFO, rather then
564: LOG_DEBUG. This makes things consistent with DHCP
565: logging. Thanks to Adam Pribyl for spotting the problem.
566:
567: Ensure that dnsmasq terminates cleanly when using
568: --syslog-async even if it cannot make a connection to the
569: syslogd.
570:
571: Add --add-mac option. This is to support currently
572: experimental DNS filtering facilities. Thanks to Benjamin
573: Petrin for the orignal patch.
574:
575: Fix bug which meant that tags were ignored in dhcp-range
576: configuration specifying PXE-proxy service. Thanks to
577: Cristiano Cumer for spotting this.
578:
579: Raise an error if there is extra junk, not part of an
580: option, on the command line.
581:
582: Flag a couple of log messages in cache.c as coming from
583: the DHCP subsystem. Thanks to Olaf Westrik for the patch.
584:
585: Omit timestamps from logs when a) logging to stderr and
586: b) --keep-in-forground is set. The logging facility on the
587: other end of stderr can be assumned to supply them. Thanks
588: to John Hallam for the patch.
589:
590: Don't complain about strings longer than 255 characters in
591: --txt-record, just split the long strings into 255
592: character chunks instead.
593:
594: Fix crash on double-free. This bug can only happen when
595: dhcp-script is in use and then only in rare circumstances
596: triggered by high DHCP transaction rate and a slow
597: script. Thanks to Ferenc Wagner for finding the problem.
598:
599: Only log that a file has been sent by TFTP after the
600: transfer has completed succesfully.
601:
602: A good suggestion from Ferenc Wagner: extend
603: the --domain option to allow this sort of thing:
604: --domain=thekelleys.org.uk,192.168.0.0/24,local
605: which automatically creates
606: --local=/thekelleys.org.uk/
607: --local=/0.168.192.in-addr.arpa/
608:
609: Tighten up syntax checking of hex contants in the config
610: file. Thanks to Fred Damen for spotting this.
611:
612: Add dnsmasq logo/icon, contributed by Justin Swift. Many
613: thanks for that.
614:
615: Never cache DNS replies which have the 'cd' bit set, or
616: which result from queries forwarded with the 'cd' bit
617: set. The 'cd' bit instructs a DNSSEC validating server
618: upstream to ignore signature failures and return replies
619: anyway. Without this change it's possible to pollute the
620: dnsmasq cache with bad data by making a query with the
621: 'cd' bit set and subsequent queries would return this data
622: without its being marked as suspect. Thanks to Anders
623: Kaseorg for pointing out this problem.
624:
625: Add --proxy-dnssec flag, for compliance with RFC
626: 4035. Dnsmasq will now clear the 'ad' bit in answers returned
627: from upstream validating nameservers unless this option is
628: set.
629:
630: Allow a filename of "-" for --conf-file to read
631: stdin. Suggestion from Timothy Redaelli.
632:
633: Rotate the order of SRV records in replies, to provide
634: round-robin load balancing when all the priorities are
635: equal. Thanks to Peter McKinney for the suggestion.
636:
637: Edit
638: contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist
639: so that it doesn't log all queries to a file by
640: default. Thanks again to Peter McKinney.
641:
642: By default, setting an IPv4 address for a domain but not
643: an IPv6 address causes dnsmasq to return
644: an NODATA reply for IPv6 (or vice-versa). So
645: --address=/google.com/1.2.3.4 stops IPv6 queries for
646: *google.com from being forwarded. Make it possible to
647: override this behaviour by defining the sematics if the
648: same domain appears in both --server and --address.
649: In that case, the --address has priority for the address
650: family in which is appears, but the --server has priority
651: of the address family which doesn't appear in --adddress
652: So:
653: --address=/google.com/1.2.3.4
654: --server=/google.com/#
655: will return 1.2.3.4 for IPv4 queries for *.google.com but
656: forward IPv6 queries to the normal upstream nameserver.
657: Similarly when setting an IPv6 address
658: only this will allow forwarding of IPv4 queries. Thanks to
659: William for pointing out the need for this.
660:
661: Allow more than one --dhcp-optsfile and --dhcp-hostsfile
662: and make them understand directories as arguments in the
663: same way as --addn-hosts. Suggestion from John Hanks.
664:
665: Ignore rebinding requests for leases we don't know
666: about. Rebind is broadcast, so we might get to overhear a
667: request meant for another DHCP server. NAKing this is
668: wrong. Thanks to Brad D'Hondt for assistance with this.
669:
670: Fix cosmetic bug which produced strange output when
671: dumping cache statistics with some configurations. Thanks
672: to Fedor Kozhevnikov for spotting this.
673:
674:
675: version 2.55
676: Fix crash when /etc/ethers is in use. Thanks to
677: Gianluigi Tiesi for finding this.
678:
679: Fix crash in netlink_multicast(). Thanks to Arno Wald for
680: finding this one.
681:
682: Allow the empty domain "." in dhcp domain-search (119)
683: options.
684:
685:
686: version 2.54
687: There is no version 2.54 to avoid confusion with 2.53,
688: which incorrectly identifies itself as 2.54.
689:
690:
691: version 2.53
692: Fix failure to compile on Debian/kFreeBSD. Thanks to
693: Axel Beckert and Petr Salinger.
694:
695: Fix code to avoid scary strict-aliasing warnings
696: generated by gcc 4.4.
697:
698: Added FAQ entry warning about DHCP failures with Vista
699: when firewalls block 255.255.255.255.
700:
701: Fixed bug which caused bad things to happen if a
702: resolv.conf file which exists is subsequently removed.
703: Thanks to Nikolai Saoukh for the patch.
704:
705: Rationalised the DHCP tag system. Every configuration item
706: which can set a tag does so by adding "set:<tag>" and
707: every configuration item which is conditional on a tag is
708: made so by "tag:<tag>". The NOT operator changes to '!',
709: which is a bit more intuitive too. Dhcp-host directives
710: can set more than one tag now. The old '#' NOT,
711: "net:" prefix and no-prefixes are still honoured, so
712: no existing config file needs to be changed, but
713: the documentation and new-style config files should be
714: much less confusing.
715:
716: Added --tag-if to allow boolean operations on tags.
717: This allows complicated logic to be clearer and more
718: general. A great suggestion from Richard Voigt.
719:
720: Add broadcast/unicast information to DHCP logging.
721:
722: Allow --dhcp-broadcast to be unconditional.
723:
724: Fixed incorrect behaviour with NOT <tag> conditionals in
725: dhcp-options. Thanks to Max Turkewitz for assistance
726: finding this.
727:
728: If we send vendor-class encapsulated options based on the
729: vendor-class supplied by the client, and no explicit
730: vendor-class option is given, echo back the vendor-class
731: from the client.
732:
733: Fix bug which stopped dnsmasq from matching both a
734: circuitid and a remoteid. Thanks to Ignacio Bravo for
735: finding this.
736:
737: Add --dhcp-proxy, which makes it possible to configure
738: dnsmasq to use a DHCP relay agent as a full proxy, with
739: all DHCP messages passing through the proxy. This is
740: useful if the relay adds extra information to the packets
741: it forwards, but cannot be configured with the RFC 5107
742: server-override option.
743:
744: Added interface:<iface name> part to dhcp-range. The
745: semantics of this are very odd at first sight, but it
746: allows a single line of the form
747: dhcp-range=interface:virt0,192.168.0.4,192.168.0.200
748: to be added to dnsmasq configuration which then supplies
749: DHCP and DNS services to that interface, without affecting
750: what services are supplied to other interfaces and
751: irrespective of the existance or lack of
752: interface=<interface>
753: lines elsewhere in the dnsmasq configuration. The idea is
754: that such a line can be added automatically by libvirt
755: or equivalent systems, without disturbing any manual
756: configuration.
757:
758: Similarly to the above, allow --enable-tftp=<interface>
759:
760: Allow a TFTP root to be set separately for requests via
761: different interfaces, --tftp-root=<path>,<interface>
762:
763: Correctly handle and log clashes between CNAMES and
764: DNS names being given to DHCP leases. This fixes a bug
765: which caused nonsense IP addresses to be logged. Thanks to
766: Sergei Zhirikov for finding and analysing the problem.
767:
768: Tweak flush_log so as to avoid leaving the log
769: file in non-blocking mode. O_NONBLOCK is a property of the
770: file, not the process/descriptor.
771:
772: Fix contrib/Solaris10/create_package
773: (/usr/man -> /usr/share/man) Thanks to Vita Batrla.
774:
775: Fix a problem where, if a client got a lease, then went
776: to another subnet and got another lease, then moved back,
777: it couldn't resume the old lease, but would instead get
778: a new address. Thanks to Leonardo Rodrigues for spotting
779: this and testing the fix.
780:
781: Fix weird bug which sometimes omitted certain characters
782: from the start of quoted strings in dhcp-options. Thanks
783: to Dayton Turner for spotting the problem.
784:
785: Add facility to redirect some domains to the standard
786: upstream servers: this allows something like
787: --server=/google.com/1.2.3.4 --server=/www.google.com/#
788: which will send queries for *.google.com to 1.2.3.4,
789: except *www.google.com which will be forwarded as usual.
790: Thanks to AJ Weber for prompting this addition.
791:
792: Improve the hash-algorithm used to generate IP addresses
793: from MAC addresses during initial DHCP address
794: allocation. This improves performance when large numbers
795: of hosts with similar MAC addresses all try and get an IP
796: address at the same time. Thanks to Paul Smith for his
797: work on this.
798:
799: Tweak DHCP code so that --bridge-interface can be used to
800: select which IP alias of an interface should be used for
801: DHCP purposes on Linux. If eth0 has an alias eth0:dhcp
802: then adding --bridge-interface=eth0:dhcp,eth0 will use
803: the address of eth0:dhcp to determine the correct subnet
804: for DHCP address allocation. Thanks to Pawel Golaszewski
805: for prompting this and Eric Cooper for further testing.
806:
807: Add --dhcp-generate-names. Suggestion by Ferenc Wagner.
808:
809: Tweak DNS server selection algorithm when there is more
810: than one server available for a domain, eg.
811: --server=/mydomain/1.1.1.1
812: --server=/mydomain/2.2.2.2
813: Thanks to Alberto Cuesta-Canada for spotting a weakness
814: here.
815:
816: Add --max-ttl. Thanks to Fredrik Ringertz for the patch.
817:
818: Allow --log-facility=- to force all logging to
819: stderr. Suggestion from Clemens Fischer.
820:
821: Fix regression which caused configuration like
822: --address=/.domain.com/1.2.3.4 to be rejected. The dot to the
823: left of the domain has been implied and not required for a
824: long time, but it should be accepted for backward
825: compatibility. Thanks to Andrew Burcin for spotting this.
826:
827: Add --rebind-domain-ok and --rebind-localhost-ok.
828: Suggestion from Clemens Fischer.
829:
830: Log replies to queries of type TXT, when --log-queries
831: is set.
832:
833: Fix compiler warnings when compiled with -DNO_DHCP. Thanks
834: to Shantanu Gadgil for the patch.
835:
836: Updated French translation. Thanks to Gildas Le Nadan.
837:
838: Updated Polish translation. Thanks to Jan Psota.
839:
840: Updated German translation. Thanks to Matthias Andree.
841:
842: Added contrib/static-arp, thanks to Darren Hoo.
843:
844: Fix corruption of the domain when a name from /etc/hosts
845: overrides one supplied by a DHCP client. Thanks to Fedor
846: Kozhevnikov for spotting the problem.
847:
848: Updated Spanish translation. Thanks to Chris Chatham.
849:
850:
851: version 2.52
852: Work around a Linux kernel bug which insists that the
853: length of the option passed to setsockopt must be at least
854: sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
855: and the device name is "lo". Note that this is fixed
856: in kernel 2.6.31, but the workaround is harmless and
857: allows earlier kernels to be used. Also fix dnsmasq
858: bug which reported the wrong address when this failed.
859: Thanks to Fedor for finding this.
860:
861: The API for IPv6 PKTINFO changed around Linux kernel
862: 2.6.14. Workaround the case where dnsmasq is compiled
863: against newer headers, but then run on an old kernel:
864: necessary for some *WRT distros.
865:
866: Re-read the set of network interfaces when re-loading
867: /etc/resolv.conf if --bind-interfaces is not set. This
868: handles the case that loopback interfaces do not exist
869: when dnsmasq is first started.
870:
871: Tweak the PXE code to support port 4011. This should
872: reduce broadcasts and make things more reliable when other
873: servers are around. It also improves inter-operability
874: with certain clients.
875:
876: Make a pxe-service configuration with no filename or boot
877: service type legal: this does a local boot. eg.
878: pxe-service=x86PC, "Local boot"
879:
880: Be more conservative in detecting "A for A"
881: queries. Dnsmasq checks if the name in a type=A query looks
882: like a dotted-quad IP address and answers the query itself
883: if so, rather than forwarding it. Previously dnsmasq
884: relied in the library function inet_addr() to convert
885: addresses, and that will accept some things which are
886: confusing in this context, like 1.2.3 or even just
887: 1234. Now we only do A for A processing for four decimal
888: numbers delimited by dots.
889:
890: A couple of tweaks to fix compilation on Solaris. Thanks
891: to Joel Macklow for help with this.
892:
893: Another Solaris compilation tweak, needed for Solaris
894: 2009.06. Thanks to Lee Essen for that.
895:
896: Added extract packaging stuff from Lee Essen to
897: contrib/Solaris10.
898:
899: Increased the default limit on number of leases to 1000
900: (from 150). This is mainly a defence against DoS attacks,
901: and for the average "one for two class C networks"
902: installation, IP address exhaustion does that just as
903: well. Making the limit greater than the number of IP
904: addresses available in such an installation removes a
905: surprise which otherwise can catch people out.
906:
907: Removed extraneous trailing space in the value of the
908: DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and
909: DNSMASQ_LEASE_EXPIRES environment variables. Thanks to
910: Gildas Le Nadan for spotting this.
911:
912: Provide the network-id tags for a DHCP transaction to
913: the lease-change script in the environment variable
914: DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.
915:
916: Add support for RFC3925 "Vendor-Identifying Vendor
917: Options". The syntax looks like this:
918: --dhcp-option=vi-encap:<enterprise number>, .........
919:
920: Add support to --dhcp-match to allow matching against
921: RFC3925 "Vendor-Identifying Vendor Classes". The syntax
922: looks like this:
923: --dhcp-match=tag,vi-encap<enterprise number>, <value>
924:
925: Add some application specific code to assist in
926: implementing the Broadband forum TR069 CPE-WAN
927: specification. The details are in contrib/CPE-WAN/README
928:
929: Increase the default DNS packet size limit to 4096, as
930: recommended by RFC5625 section 4.4.3. This can be
931: reconfigured using --edns-packet-max if needed. Thanks to
932: Francis Dupont for pointing this out.
933:
934: Rewrite query-ids even for TSIG signed packets, since
935: this is allowed by RFC5625 section 4.5.
936:
937: Use getopt_long by default on OS X. It has been supported
938: since version 10.3.0. Thanks to Arek Dreyer for spotting
939: this.
940:
941: Added up-to-date startup configuration for MacOSX/launchd
942: in contrib/MacOSX-launchd. Thanks to Arek Dreyer for
943: providing this.
944:
945: Fix link error when including Dbus but excluding DHCP.
946: Thanks to Oschtan for the bug report.
947:
948: Updated French translation. Thanks to Gildas Le Nadan.
949:
950: Updated Polish translation. Thanks to Jan Psota.
951:
952: Updated Spanish translation. Thanks to Chris Chatham.
953:
954: Fixed confusion about domains, when looking up DHCP hosts
955: in /etc/hosts. This could cause spurious "Ignoring
956: domain..." messages. Thanks to Fedor Kozhevnikov for
957: finding and analysing the problem.
958:
959:
960: version 2.51
961: Add support for internationalised DNS. Non-ASCII characters
962: in domain names found in /etc/hosts, /etc/ethers and
963: /etc/dnsmasq.conf will be correctly handled by translation to
964: punycode, as specified in RFC3490. This function is only
965: available if dnsmasq is compiled with internationalisation
966: support, and adds a dependency on GNU libidn. Without i18n
967: support, dnsmasq continues to be compilable with just
968: standard tools. Thanks to Yves Dorfsman for the
969: suggestion.
970:
971: Add two more environment variables for lease-change scripts:
972: First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
973: supplied by a client, even if the actual hostname used is
974: over-ridden by dhcp-host or dhcp-ignore-names directives.
975: Also DNSMASQ_RELAY_ADDRESS which gives the address of
976: a DHCP relay, if used.
977: Suggestions from Michael Rack.
978:
979: Fix regression which broke echo of relay-agent
980: options. Thanks to Michael Rack for spotting this.
981:
982: Don't treat option 67 as being interchangeable with
983: dhcp-boot parameters if it's specified as
984: dhcp-option-force.
985:
986: Make the code to call scripts on lease-change compile-time
987: optional. It can be switched off by editing src/config.h
988: or building with "make COPTS=-DNO_SCRIPT".
989:
990: Make the TFTP server cope with filenames from Windows/DOS
991: which use '\' as pathname separator. Thanks to Ralf for
992: the patch.
993:
994: Updated Polish translation. Thanks to Jan Psota.
995:
996: Warn if an IP address is duplicated in /etc/ethers. Thanks
997: to Felix Schwarz for pointing this out.
998:
999: Teach --conf-dir to take an option list of file suffices
1000: which will be ignored when scanning the directory. Useful
1001: for backup files etc. Thanks to Helmut Hullen for the
1002: suggestion.
1003:
1004: Add new DHCP option named tftpserver-address, which
1005: corresponds to the third argument of dhcp-boot. This
1006: allows the complete functionality of dhcp-boot to be
1007: replicated with dhcp-option. Useful when using
1008: dhcp-optsfile.
1009:
1010: Test which upstream nameserver to use every 10 seconds
1011: or 50 queries and not just when a query times out and
1012: is retried. This should improve performance when there
1013: is a slow nameserver in the list. Thanks to Joe for the
1014: suggestion.
1015:
1016: Don't do any PXE processing, even for clients with the
1017: correct vendorclass, unless at least one pxe-prompt or
1018: pxe-service option is given. This stops dnsmasq
1019: interfering with proxy PXE subsystems when it is just
1020: the DHCP server. Thanks to Spencer Clark for spotting this.
1021:
1022: Limit the blocksize used for TFTP transfers to a value
1023: which avoids packet fragmentation, based on the MTU of the
1024: local interface. Many netboot ROMs can't cope with
1025: fragmented packets.
1026:
1027: Honour dhcp-ignore configuration for PXE and proxy-PXE
1028: requests. Thanks to Niels Basjes for the bug report.
1029:
1030: Updated French translation. Thanks to Gildas Le Nadan.
1031:
1032:
1033: version 2.50
1034: Fix security problem which allowed any host permitted to
1035: do TFTP to possibly compromise dnsmasq by remote buffer
1036: overflow when TFTP enabled. Thanks to Core Security
1037: Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
1038: Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
1039: Pablo Annetta. This problem has Bugtraq id: 36121
1040: and CVE: 2009-2957
1041:
1042: Fix a problem which allowed a malicious TFTP client to
1043: crash dnsmasq. Thanks to Steve Grubb at Red Hat for
1044: spotting this. This problem has Bugtraq id: 36120 and
1045: CVE: 2009-2958
1046:
1047:
1048: version 2.49
1049: Fix regression in 2.48 which disables the lease-change
1050: script. Thanks to Jose Luis Duran for spotting this.
1051:
1052: Log TFTP "file not found" errors. These were not logged,
1053: since a normal PXELinux boot generates many of them, but
1054: the lack of the messages seems to be more confusing than
1055: routinely seeing them when there is no real error.
1056:
1057: Update Spanish translation. Thanks to Chris Chatham.
1058:
1059:
1060: version 2.48
1061: Archived the extensive, backwards, changelog to
1062: CHANGELOG.archive. The current changelog now runs from
1063: version 2.43 and runs conventionally.
1064:
1065: Fixed bug which broke binding of servers to physical
1066: interfaces when interface names were longer than four
1067: characters. Thanks to MURASE Katsunori for the patch.
1068:
1069: Fixed netlink code to check that messages come from the
1070: correct source, and not another userspace process. Thanks
1071: to Steve Grubb for the patch.
1072:
1073: Maintainability drive: removed bug and missing feature
1074: workarounds for some old platforms. Solaris 9, OpenBSD
1075: older than 4.1, Glibc older than 2.2, Linux 2.2.x and
1076: DBus older than 1.1.x are no longer supported.
1077:
1078: Don't read included configuration files more than once:
1079: allows complex configuration structures without problems.
1080:
1081: Mark log messages from the various subsystems in dnsmasq:
1082: messages from the DHCP subsystem now have the ident string
1083: "dnsmasq-dhcp" and messages from TFTP have ident
1084: "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.
1085:
1086: Fix possible infinite DHCP protocol loop when an IP
1087: address nailed to a hostname (not a MAC address) and a
1088: host sometimes provides the name, sometimes not.
1089:
1090: Allow --addn-hosts to take a directory: all the files
1091: in the directory are read. Thanks to Phil Cornelius for
1092: the suggestion.
1093:
1094: Support --bridge-interface on all platforms, not just BSD.
1095:
1096: Added support for advanced PXE functions. It's now
1097: possible to define a prompt and menu options which will
1098: be displayed when a client PXE boots. It's also possible to
1099: hand-off booting to other boot servers. Proxy-DHCP, where
1100: dnsmasq just supplies the PXE information and another DHCP
1101: server does address allocation, is also allowed. See the
1102: --pxe-prompt and --pxe-service keywords. Thanks to
1103: Alkis Georgopoulos for the suggestion and Guilherme Moro
1104: and Michael Brown for assistance.
1105:
1106: Improvements to DHCP logging. Thanks to Tom Metro for
1107: useful suggestions.
1108:
1109: Add ability to build dnsmasq without DHCP support. To do
1110: this, edit src/config.h or build with
1111: "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch.
1112:
1113: Added --test command-line switch - syntax check
1114: configuration files only.
1115:
1116: Updated French translation. Thanks to Gildas Le Nadan.
1117:
1118:
1119: version 2.47
1120: Updated French translation. Thanks to Gildas Le Nadan.
1121:
1122: Fixed interface enumeration code to work on NetBSD
1123: 5.0. Thanks to Roy Marples for the patch.
1124:
1125: Updated config.h to use the same location for the lease
1126: file on NetBSD as the other *BSD variants. Also allow
1127: LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.
1128:
1129: Handle duplicate address detection on IPv6 more
1130: intelligently. In IPv6, an interface can have an address
1131: which is not usable, because it is still undergoing DAD
1132: (such addresses are marked "tentative"). Attempting to
1133: bind to an address in this state returns an error,
1134: EADDRNOTAVAIL. Previously, on getting such an error,
1135: dnsmasq would silently abandon the address, and never
1136: listen on it. Now, it retries once per second for 20
1137: seconds before generating a fatal error. 20 seconds should
1138: be long enough for any DAD process to complete, but can be
1139: adjusted in src/config.h if necessary. Thanks to Martin
1140: Krafft for the bug report.
1141:
1142: Add DBus introspection. Patch from Jeremy Laine.
1143:
1144: Update Dbus configuration file. Patch from Colin Walters.
1145: Fix for this bug:
1146: http://bugs.freedesktop.org/show_bug.cgi?id=18961
1147:
1148: Support arbitrarily encapsulated DHCP options, suggestion
1149: and initial patch from Samium Gromoff. This is useful for
1150: (eg) gPXE, which expect all its private options to be
1151: encapsulated inside a single option 175. So, eg,
1152:
1153: dhcp-option = encap:175, 190, "iscsi-client0"
1154: dhcp-option = encap:175, 191, "iscsi-client0-secret"
1155:
1156: will provide iSCSI parameters to gPXE.
1157:
1158: Enhance --dhcp-match to allow testing of the contents of a
1159: client-sent option, as well as its presence. This
1160: application in mind for this is RFC 4578
1161: client-architecture specifiers, but it's generally useful.
1162: Joey Korkames suggested the enhancement.
1163:
1164: Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
1165: OpenSolaris. Thanks to Bastian Machek for the heads-up.
1166:
1167: No longer complain about blank lines in
1168: /etc/ethers. Thanks to Jon Nelson for the patch.
1169:
1170: Fix binding of servers to physical devices, eg
1171: --server=/domain/1.2.3.4@eth0 which was broken from 2.43
1172: onwards unless --query-port=0 set. Thanks to Peter Naulls
1173: for the bug report.
1174:
1175: Reply to DHCPINFORM requests even when the supplied ciaddr
1176: doesn't fall in any dhcp-range. In this case it's not
1177: possible to supply a complete configuration, but
1178: individually-configured options (eg PAC) may be useful.
1179:
1180: Allow the source address of an alias to be a range:
1181: --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
1182: subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
1183: as before.
1184: --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
1185: maps only the 192.168.0.10->192.168.0.40 region. Thanks to
1186: Ib Uhrskov for the suggestion.
1187:
1188: Don't dynamically allocate DHCP addresses which may break
1189: Windows. Addresses which end in .255 or .0 are broken in
1190: Windows even when using supernetting.
1191: --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means
1192: 192.168.0.255 is a valid IP address, but not for Windows.
1193: See Microsoft KB281579. We therefore no longer allocate
1194: these addresses to avoid hard-to-diagnose problems.
1195:
1196: Update Polish translation. Thanks to Jan Psota.
1197:
1198: Delete the PID-file when dnsmasq shuts down. Note that by
1199: this time, dnsmasq is normally not running as root, so
1200: this will fail if the PID-file is stored in a root-owned
1201: directory; such failure is silently ignored. To take
1202: advantage of this feature, the PID-file must be stored in a
1203: directory owned and write-able by the user running
1204: dnsmasq.
1205:
1206:
1207: version 2.46
1208: Allow --bootp-dynamic to take a netid tag, so that it may
1209: be selectively enabled. Thanks to Olaf Westrik for the
1210: suggestion.
1211:
1212: Remove ISC-leasefile reading code. This has been
1213: deprecated for a long time, and last time I removed it, it
1214: ended up going back by request of one user. This time,
1215: it's gone for good; otherwise it would need to be
1216: re-worked to support multiple domains (see below).
1217:
1218: Support DHCP clients in multiple DNS domains. This is a
1219: long-standing request. Clients are assigned to a domain
1220: based in their IP address.
1221:
1222: Add --dhcp-fqdn flag, which changes behaviour if DNS names
1223: assigned to DHCP clients. When this is set, there must be
1224: a domain associated with each client, and only
1225: fully-qualified domain names are added to the DNS. The
1226: advantage is that the only the FQDN needs to be unique,
1227: so that two or more DHCP clients can share a hostname, as
1228: long as they are in different domains.
1229:
1230: Set environment variable DNSMASQ_DOMAIN when invoking
1231: lease-change script. This may be useful information to
1232: have now that it's variable.
1233:
1234: Tighten up data-checking code for DNS packet
1235: handling. Thanks to Steve Dodd who found certain illegal
1236: packets which could crash dnsmasq. No memory overwrite was
1237: possible, so this is not a security issue beyond the DoS
1238: potential.
1239:
1240: Update example config dhcp option 47, the previous
1241: suggestion generated an illegal, zero-length,
1242: option. Thanks to Matthias Andree for finding this.
1243:
1244: Rewrite hosts-file reading code to remove the limit of
1245: 1024 characters per line. John C Meuser found this.
1246:
1247: Create a net-id tag with the name of the interface on
1248: which the DHCP request was received.
1249:
1250: Fixed minor memory leak in DBus code, thanks to Jeremy
1251: Laine for the patch.
1252:
1253: Emit DBus signals as the DHCP lease database
1254: changes. Thanks to Jeremy Laine for the patch.
1255:
1256: Allow for more that one MAC address in a dhcp-host
1257: line. This configuration tells dnsmasq that it's OK to
1258: abandon a DHCP lease of the fixed address to one MAC
1259: address, if another MAC address in the dhcp-host statement
1260: asks for an address. This is useful to give a fixed
1261: address to a host which has two network interfaces
1262: (say, a laptop with wired and wireless interfaces.)
1263: It's very important to ensure that only one interface
1264: at a time is up, since dnsmasq abandons the first lease
1265: and re-uses the address before the leased time has
1266: elapsed. John Gray suggested this.
1267:
1268: Tweak the response to a DHCP request packet with a wrong
1269: server-id when --dhcp-authoritative is set; dnsmasq now
1270: returns a DHCPNAK, rather than silently ignoring the
1271: packet. Thanks to Chris Marget for spotting this
1272: improvement.
1273:
1274: Add --cname option. This provides a limited alias
1275: function, usable for DHCP names. Thanks to AJ Weber for
1276: suggestions on this.
1277:
1278: Updated contrib/webmin with latest version from Neil
1279: Fisher.
1280:
1281: Updated Polish translation. Thanks to Jan Psota.
1282:
1283: Correct the text names for DHCP options 64 and 65 to be
1284: "nis+-domain" and "nis+-servers".
1285:
1286: Updated Spanish translation. Thanks to Chris Chatham.
1287:
1288: Force re-reading of /etc/resolv.conf when an "interface
1289: up" event occurs.
1290:
1291:
1292: version 2.45
1293: Fix total DNS failure in release 2.44 unless --min-port
1294: specified. Thanks to Steven Barth and Grant Coady for
1295: bugreport. Also reject out-of-range port spec, which could
1296: break things too: suggestion from Gilles Espinasse.
1297:
1298:
1299: version 2.44
1300: Fix crash when unknown client attempts to renew a DHCP
1301: lease, problem introduced in version 2.43. Thanks to
1302: Carlos Carvalho for help chasing this down.
1303:
1304: Fix potential crash when a host which doesn't have a lease
1305: does DHCPINFORM. Again introduced in 2.43. This bug has
1306: never been reported in the wild.
1307:
1308: Fix crash in netlink code introduced in 2.43. Thanks to
1309: Jean Wolter for finding this.
1310:
1311: Change implementation of min_port to work even if min-port
1312: is large.
1313:
1314: Patch to enable compilation of latest Mac OS X. Thanks to
1315: David Gilman.
1316:
1317: Update Spanish translation. Thanks to Christopher Chatham.
1318:
1319:
1320: version 2.43
1321: Updated Polish translation. Thanks to Jan Psota.
1322:
1323: Flag errors when configuration options are repeated
1324: illegally.
1325:
1326: Further tweaks for GNU/kFreeBSD
1327:
1328: Add --no-wrap to msgmerge call - provides nicer .po file
1329: format.
1330:
1331: Honour lease-time spec in dhcp-host lines even for
1332: BOOTP. The user is assumed to known what they are doing in
1333: this case. (Hosts without the time spec still get infinite
1334: leases for BOOTP, over-riding the default in the
1335: dhcp-range.) Thanks to Peter Katzmann for uncovering this.
1336:
1337: Fix problem matching relay-agent ids. Thanks to Michael
1338: Rack for the bug report.
1339:
1340: Add --naptr-record option. Suggestion from Johan
1341: Bergquist.
1342:
1343: Implement RFC 5107 server-id-override DHCP relay agent
1344: option.
1345:
1346: Apply patches from Stefan Kruger for compilation on
1347: Solaris 10 under Sun studio.
1348:
1349: Yet more tweaking of Linux capability code, to suppress
1350: pointless wingeing from kernel 2.6.25 and above.
1351:
1352: Improve error checking during startup. Previously, some
1353: errors which occurred during startup would be worked
1354: around, with dnsmasq still starting up. Some were logged,
1355: some silent. Now, they all cause a fatal error and dnsmasq
1356: terminates with a non-zero exit code. The errors are those
1357: associated with changing uid and gid, setting process
1358: capabilities and writing the pidfile. Thanks to Uwe
1359: Gansert and the Suse security team for pointing out
1360: this improvement, and Bill Reimers for good implementation
1361: suggestions.
1362:
1363: Provide NO_LARGEFILE compile option to switch off largefile
1364: support when compiling against versions of uclibc which
1365: don't support it. Thanks to Stephane Billiart for the patch.
1366:
1367: Implement random source ports for interactions with
1368: upstream nameservers. New spoofing attacks have been found
1369: against nameservers which do not do this, though it is not
1370: clear if dnsmasq is vulnerable, since to doesn't implement
1371: recursion. By default dnsmasq will now use a different
1372: source port (and socket) for each query it sends
1373: upstream. This behaviour can suppressed using the
1374: --query-port option, and the old default behaviour
1375: restored using --query-port=0. Explicit source-port
1376: specifications in --server configs are still honoured.
1377:
1378: Replace the random number generator, for better
1379: security. On most BSD systems, dnsmasq uses the
1380: arc4random() RNG, which is secure, but on other platforms,
1381: it relied on the C-library RNG, which may be
1382: guessable and therefore allow spoofing. This release
1383: replaces the libc RNG with the SURF RNG, from Daniel
1384: J. Berstein's DJBDNS package.
1385:
1386: Don't attempt to change user or group or set capabilities
1387: if dnsmasq is run as a non-root user. Without this, the
1388: change from soft to hard errors when these fail causes
1389: problems for non-root daemons listening on high
1390: ports. Thanks to Patrick McLean for spotting this.
1391:
1392: Updated French translation. Thanks to Gildas Le Nadan.
1393:
1394:
1395: version 2.42
1396: The changelog for version 2.42 and earlier is
1397: available in CHANGELOG.archive.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to CHANGELOG CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq