]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - CHANGELOG
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
DHCP FQDN option tweaks.
[people/ms/dnsmasq.git] / CHANGELOG
CommitLineData
797a7afb
GT		 1version 2.67
2 Fix crash if upstream server returns SERVFAIL when
3 --conntrack in use. Thanks to Giacomo Tazzari for finding
4 this and supplying the patch.
aa63a21c
SK		 5
6 Repair regression in 2.64. That release stopped sending
7 lease-time information in the reply to DHCPINFORM
8 requests, on the correct grounds that it was a standards
9 violation. However, this broke the dnsmasq-specific
10 dhcp_lease_time utility. Now, DHCPINFORM returns
11 lease-time only if it's specifically requested
12 (maintaining standards) and the dhcp_lease_time utility
13 has been taught to ask for it (restoring functionality).
86e92f99
SK		 14
15 Fix --dhcp-match, --dhcp-vendorclass and --dhcp-userclass
16 to work with BOOTP and well as DHCP. Thanks to Peter
17 Korsgaard for spotting the problem.
2bb73af7
SK		 18
19 Add --synth-domain. Thanks to Vishvananda Ishaya for
20 suggesting this.
d5052fb2
SK		 21
22 Fix failure to compile ipset.c if old kernel headers are
23 in use. Thanks to Eugene Rudoy for pointing this out.
3f2873d4
SK		 24
25 Handle IPv4 interface-address labels in Linux. These are
26 often used to emulate the old IP-alias addresses. Before,
27 using --interface=eth0 would service all the addresses of
28 eth0, including ones configured as aliases, which appear
29 in ifconfig as eth0:0. Now, only addresses with the label
30 eth0 are active. This is not backwards compatible: if you
31 want to continue to bind the aliases too, you need to add
32 eg. --interface=eth0:0 to the config.
797a7afb 33
cfcad42f
SK		 34 Fix "failed to set SO_BINDTODEVICE on DHCP socket: Socket
35 operation on non-socket" error on startup with
36 configurations which have exactly one --interface option
37 and do RA but _not_ DHCPv6. Thanks to Trever Adams for the
38 bug report.
797a7afb 39
115ac3e4
SK		 40 Generalise --interface-name to cope with IPv6 addresses
41 and multiple addresses per interface per address family.
42
3e8ed78b
SK		 43 Fix option parsing for --dhcp-host, which was generating a
44 spurious error when all seven possible items were
45 included. Thanks to Zhiqiang Wang for the bug report.
baa80ae5
SK		 46
47 Remove restriction on prefix-length in --auth-zone. Thanks
48 to Toke Hoiland-Jorgensen for suggesting this.
49
0da5e897
MSB		 50 Log when the maximum number of concurrent DNS queries is
51 reached. Thanks to Marcelo Salhab Brogliato for the patch.
52
e2ba0df2
SK		 53 If wildcards are used in --interface, don't assume that
54 there will only ever be one available interface for DHCP
55 just because there is one at start-up. More may appear, so
56 we can't use SO_BINDTODEVICE. Thanks to Natrio for the bug
57 report.
58
b4b93080
SK		 59 Increase timeout/number of retries in TFTP to accomodate
60 AudioCodes Voice Gateways doing streaming writes to flash.
61 Thanks to Damian Kaczkowski for spotting the problem.
62
d859ca2f
KM		 63 Allow hostnames to start with a number, as allowed in
64 RFC-1123. Thanks to Kyle Mestery for the patch.
65
3f3adae6
RM		 66 Fixes to DHCP FQDN option handling: don't terminate FQDN
67 if domain not known and allow a FQDN option with blank
68 name to request that a FQDN option is returned in the
69 reply. Thanks to Roy Marples for the patch.
70
b4b93080 71
333b2ceb
SK		 72version 2.66
73 Add the ability to act as an authoritative DNS
74 server. Dnsmasq can now answer queries from the wider 'net
75 with local data, as long as the correct NS records are set
76 up. Only local data is provided, to avoid creating an open
77 DNS relay. Zone transfer is supported, to allow secondary
78 servers to be configured.
79
80 Add "constructed DHCP ranges" for DHCPv6. This is intended
81 for IPv6 routers which get prefixes dynamically via prefix
82 delegation. With suitable configuration, stateful DHCPv6
83 and RA can happen automatically as prefixes are delegated
84 and then deprecated, without having to re-write the
85 dnsmasq configuration file or restart the daemon. Thanks to
86 Steven Barth for extensive testing and development work on
87 this idea.
71c73ac1
SK		 88
89 Fix crash on startup on Solaris 11. Regression probably
22ce550e
SK		 90 introduced in 2.61. Thanks to Geoff Johnstone for the
91 patch.
92
93 Add code to make behaviour for TCP DNS requests that same
94 as for UDP requests, when a request arrives for an allowed
95 address, but via a banned interface. This change is only
96 active on Linux, since the relevant API is missing (AFAIK)
97 on other platforms. Many thanks to Tomas Hozza for
98 spotting the problem, and doing invaluable discovery of
99 the obscure and undocumented API required for the solution.
a21e27bc
SK		 100
101 Don't send the default DHCP option advertising dnsmasq as
102 the local DNS server if dnsmasq is configured to not act
103 as DNS server, or it's configured to a non-standard port.
dd1721c7
SK		 104
105 Add DNSMASQ_CIRCUIT_ID, DNSMASQ_SUBCRIBER_ID,
106 DNSMASQ_REMOTE_ID variables to the environment of the
3d77c046 107 lease-change script (and the corresponding Lua). These hold
dd1721c7
SK		 108 information inserted into the DHCP request by a DHCP relay
109 agent. Thanks to Lakefield Communications for providing a
110 bounty for this addition.
111
4038ae20
SK		 112 Fixed crash, introduced in 2.64, whilst handling DHCPv6
113 information-requests with some common configurations.
114 Thanks to Robert M. Albrecht for the bug report and
115 chasing the problem.
116
13d86c73
JD		 117 Add --ipset option. Thanks to Jason A. Donenfeld for the
118 patch.
119
c7961075 120 Don't erroneously reject some option names in --dhcp-match
3d77c046 121 options. Thanks to Benedikt Hochstrasser for the bug report.
49333cbd
SK		 122
123 Allow a trailing '*' wildcard in all interface-name
124 configurations. Thanks to Christian Parpart for the patch.
c7961075 125
56a1142f
SK		 126 Handle the situation where libc headers define
127 SO_REUSEPORT, but the kernel in use doesn't, to cope with
128 the introduction of this option to Linux. Thanks to Rich
129 Felker for the bug report.
130
cd1e04a2 131 Update Polish translation. Thanks to Jan Psota.
0b0a73c1
SK		 132
133 Fix crash if the configured DHCP lease limit is
134 reached. Regression occurred in 2.61. Thanks to Tsachi for
135 the bug report.
cd1e04a2 136
834f36fe
SK		 137 Update the French translation. Thanks to Gildas le Nadan.
138
49333cbd 139
ee86ce68
SK		 140version 2.65
141 Fix regression which broke forwarding of queries sent via
142 TCP which are not for A and AAAA and which were directed to
143 non-default servers. Thanks to Niax for the bug report.
144
b5a8dd1d
SK		 145 Fix failure to build with DHCP support excluded. Thanks to
146 Gustavo Zacarias for the patch.
1d6c6393
SK		 147
148 Fix nasty regression in 2.64 which completely broke cacheing.
b5a8dd1d
SK		 149
150
2e34ac14
SK		 151version 2.64
152 Handle DHCP FQDN options with all flag bits zero and
153 --dhcp-client-update set. Thanks to Bernd Krumbroeck for
154 spotting the problem.
155
12d71ed2
SK		 156 Finesse the check for /etc/hosts names which conflict with
157 DHCP names. Previously a name/address pair in /etc/hosts
158 which didn't match the name/address of a DHCP lease would
159 generate a warning. Now that only happesn if there is not
160 also a match. This allows multiple addresses for a name in
161 /etc/hosts with one of them assigned via DHCP.
162
4d0f5b4c
SK		 163 Fix broken vendor-option processing for BOOTP. Thanks to
164 Hans-Joachim Baader for the bug report.
165
dfb23b3f
SK		 166 Don't report spurious netlink errors, regression in
167 2.63. Thanks to Vladislav Grishenko for the patch.
168
2b127a1e
SK		 169 Flag DHCP or DHCPv6 in starup logging. Thanks to
170 Vladislav Grishenko for the patch.
171
295a54ee 172 Add SetServersEx method in DBus interface. Thanks to Dan
faafb3f7
SK		 173 Williams for the patch.
174
295a54ee
SK		 175 Add SetDomainServers method in DBus interface. Thanks to
176 Roy Marples for the patch.
177
289a2535
SK		 178 Fix build with later Lua libraries. Thansk to Cristian
179 Rodriguez for the patch.
2e34ac14 180
1d860415
SK		 181 Add --max-cache-ttl option. Thanks to Dennis Kaarsemaker
182 for the patch.
183
e4807d8b
SK		 184 Fix breakage of --host-record parsing, resulting in
185 infinte loop at startup. Regression in 2.63. Thanks to
186 Haim Gelfenbeyn for spotting this.
187
2022310f
SK		 188 Set SO_REUSEADDRESS and SO_V6ONLY options on the DHCPv6
189 socket, this allows multiple instances of dnsmasq on a
190 single machine, in the same way as for DHCPv4. Thanks to
191 Gene Czarcinski and Vladislav Grishenko for work on this.
192
be6cfb42
SK		 193 Fix DHCPv6 to do access control correctly when it's
194 configured with --listen-address. Thanks to
195 Gene Czarcinski for sorting this out.
196
819ff4dd
SK		 197 Add a "wildcard" dhcp-range which works for any IPv6
198 subnet, --dhcp-range=::,static Useful for Stateless
199 DHCPv6. Thanks to Vladislav Grishenko for the patch.
200
d1a5975f
SK		 201 Don't include lease-time in DHCPACK replies to DHCPINFORM
202 queries, since RFC-2131 says we shouldn't. Thanks to
203 Wouter Ibens for pointing this out.
8e4b8791
SK		 204
205 Makefile tweak to do dependency checking on header files.
206 Thanks to Johan Peeters for the patch.
d89fb4ed
SK		 207
208 Check interface for outgoing unsolicited router
209 advertisements, rather than relying on interface address
210 configuration. Thanks to Gene Czarinski for the patch.
29d28dda
SK		 211
212 Handle better attempts to transmit on interfaces which are
213 still doing DAD, and specifically do not just transmit
214 without setting source address and interface, since this
215 can cause very puzzling effects when a router
216 advertisement goes astray. Thanks again to Gene Czarinski.
217
218 Get RA timers right when there is more than one
219 dhcp-range on a subnet.
289a2535 220
d1a5975f 221
078a630b
SK		 222version 2.63
223 Do duplicate dhcp-host address check in --test mode.
224
8b3ae2fd
SK		 225 Check that tftp-root directories are accessible before
226 start-up. Thanks to Daniel Veillard for the initial patch.
227
228 Allow more than one --tfp-root flag. The per-interface
229 stuff is pointless without that.
230
54dd393f
SK		 231 Add --bind-dynamic. A hybrid mode between the default and
232 --bind-interfaces which copes with dynamically created
233 interfaces.
6b617c0d
SK		 234
235 A couple of fixes to the build system for Android. Thanks
236 to Metin Kaya for the patches.
54dd393f 237
8bc4cece
SK		 238 Remove the interface:<interface> argument in --dhcp-range, and
239 the interface argument to --enable-tftp. These were a
240 still-born attempt to allow automatic isolated
241 configuration by libvirt, but have never (to my knowledge)
242 been used, had very strange semantics, and have been
243 superceded by other mechanisms.
244
c4a7f90e
SK		 245 Fixed bug logging filenames when duplicate dhcp-host
246 addresses are found. Thanks to John Hanks for the patch.
247
611ebc5f
SK		 248 Fix regression in 2.61 which broke caching of CNAME
249 chains. Thanks to Atul Gupta for the bug report.
250
b271446f 251 Allow the target of a --cname flag to be another --cname.
611ebc5f 252
42243214
SK		 253 Teach DHCPv6 about the RFC 4242 information-refresh-time
254 option, and add parsing if the minutes, hours and days
255 format for options. Thanks to Francois-Xavier Le Bail for
256 the suggestion.
257
258 Allow "w" (for week) as multiplier in lease times, as well
259 as seconds, minutes, hours and days. Álvaro Gámez Machado
260 spotted the ommission.
c4c0488a
SK		 261
262 Update French translation. Thanks to Gildas Le Nadan.
42243214 263
ad094275
SK		 264 Allow a DBus service name to be given with --enable-dbus
265 which overrides the default,
266 uk.org.thekelleys.dnsmasq. Thanks to Mathieu
267 Trudel-Lapierre for the patch.
268
fd05f127
SK		 269 Set the "prefix on-link" bit in Router
270 Advertisements. Thanks to Gui Iribarren for the patch.
271
078a630b 272
8358e0f4
SK		 273version 2.62
274 Update German translation. Thanks to Conrad Kostecki.
275
f632e567
SK		 276 Cope with router-solict packets wich don't have a valid
277 source address. Thanks to Vladislav Grishenko for the patch.
278
919dd7cf
SK		 279 Fixed bug which caused missing periodic router
280 advertisements with some configurations. Thanks to
281 Vladislav Grishenko for the patch.
282
c64b7f6a
SK		 283 Fixed bug which broke DHCPv6/RA with prefix lengths
284 which are not divisible by 8. Thanks to Andre Coetzee
285 for spotting this.
286
18c63eff
SK		 287 Fix non-response to router-solicitations when
288 router-advertisement configured, but DHCPv6 not
289 configured. Thanks to Marien Zwart for the patch.
290
9f7f3b12
SK		 291 Add --dns-rr, to allow arbitrary DNS resource records.
292
5ae34bf3
SK		 293 Fixed bug which broke RA scheduling when an interface had
294 two addresses in the same network. Thanks to Jim Bos for
295 his help nailing this.
296
eabc6dd7
SK		 297version 2.61
298 Re-write interface discovery code on *BSD to use
299 getifaddrs. This is more portable, more straightforward,
300 and allows us to find the prefix length for IPv6
301 addresses.
302
01d1b8dd
SK		 303 Add ra-names, ra-stateless and slaac keywords for DHCPv6.
304 Dnsmasq can now synthesise AAAA records for dual-stack
305 hosts which get IPv6 addresses via SLAAC. It is also now
306 possible to use SLAAC and stateless DHCPv6, and to
307 tell clients to use SLAAC addresses as well as DHCP ones.
308 Thanks to Dave Taht for help with this.
7023e382 309
8b372704
SK		 310 Add --dhcp-duid to allow DUID-EN uids to be used.
311
8643ec7f
SK		 312 Explicity send DHCPv6 replies to the correct port, instead
313 of relying on clients to send requests with the correct
314 source address, since at least one client in the wild gets
8358e0f4 315 this wrong. Thanks to Conrad Kostecki for help tracking
8643ec7f 316 this down.
eabc6dd7 317
8643ec7f
SK		 318 Send a preference value of 255 in DHCPv6 replies when
319 --dhcp-authoritative is in effect. This tells clients not
320 to wait around for other DHCP servers.
321
322 Better logging of DHCPv6 options.
323
e759d426
SK		 324 Add --host-record. Thanks to Rob Zwissler for the
325 suggestion.
326
a9530964
SK		 327 Invoke the DHCP script with action "tftp" when a TFTP file
328 transfer completes. The size of the file, address to which
329 it was sent and complete pathname are supplied. Note that
330 version 2.60 introduced some script incompatibilties
331 associated with DHCPv6, and this is a further change. To
332 be safe, scripts should ignore unknown actions, and if
333 not IPv6-aware, should exit if the environment
334 variable DNSMASQ_IAID is set. The use-case for this is
335 to track netboot/install. Suggestion from Shantanu
336 Gadgil.
337
338 Update contrib/port-forward/dnsmasq-portforward to reflect
339 the above.
340
341 Set the environment variable DNSMASQ_LOG_DHCP when running
342 the script id --log-dhcp is in effect, so that script can
52d4abf2
SK		 343 taylor their logging verbosity. Suggestion from Malte
344 Forkel.
345
346 Arrange that addresses specified with --listen-address
347 work even if there is no interface carrying the
348 address. This is chiefly useful for IPv4 loopback
349 addresses, where any address in 127.0.0.0/8 is a valid
350 loopback address, but normally only 127.0.0.1 appears on
351 the lo interface. Thanks to Mathieu Trudel-Lapierre for
352 the idea and initial patch.
a9530964 353
7d2b5c95
SK		 354 Fix crash, introduced in 2.60, when a DHCPINFORM is
355 received from a network which has no valid dhcp-range.
356 Thanks to Stephane Glondu for the bug report.
357
c8257540
SK		 358 Add a new DHCP lease time keyword, "deprecated" for
359 --dhcp-range. This is only valid for IPv6, and sets the
360 preffered lease time for both DHCP and RA to zero. The
361 effect is that clients can continue to use the address
362 for existing connections, but new connections will use
363 other addresses, if they exist. This makes hitless
364 renumbering at least possible.
365
366 Fix bug in address6_available() which caused DHCPv6 lease
8358e0f4 367 aquisition to fail if more than one dhcp-range in use.
18f0fb05
SK		 368
369 Provide RDNSS and DNSSL data in router advertisements,
370 using the settings provided for DHCP options
371 option6:domain-search and option6:dns-server.
6c559c34
SK		 372
373 Tweak logo/favicon.ico to add some transparency. Thanks to
374 SamLT for work on this.
c8257540 375
1023dcbc
SK		 376 Don't cache data from non-recursive nameservers, since it
377 may erroneously look like a valid CNAME to a non-exitant
378 name. Thanks to Ben Winslow for finding this.
9380ba70
SK		 379
380 Call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP
8358e0f4 381 on exactly one interface and --bind-interfaces is set. This
9380ba70
SK		 382 makes the OpenStack use-case of one dnsmasq per virtual
383 interface work. This is only available on Linux; it's not
384 supported on other platforms. Thanks to Vishvananda Ishaya
e46164e0
SK		 385 and the OpenStack team for the suggestion.
386
387 Updated French translation. Thanks to Gildas Le Nadan.
d1c759c5
SK		 388
389 Give correct from-cache answers to explict CNAME queries.
390 Thanks to Rob Zwissler for spotting this.
1023dcbc 391
fc92ead0 392 Add --tftp-lowercase option. Thanks to Oliver Rath for the
61ce600b 393 patch.
dcffad2a
SK		 394
395 Ensure that the DBus DhcpLeaseUpdated events are generated
396 when a lease goes through INIT_REBOOT state, even if the
8358e0f4 397 dhcp-script is not in use. Thanks to Antoaneta-Ecaterina
dcffad2a 398 Ene for the patch.
19d69be2
SK		 399
400 Fix failure of TFTP over IPv4 on OpenBSD platform. Thanks
401 to Brad Smith for spotting this.
61ce600b 402
c8257540 403
c72daea8
SK		 404version 2.60
405 Fix compilation problem in Mac OS X Lion. Thanks to Olaf
406 Flebbe for the patch.
407
408 Fix DHCP when using --listen-address with an IP address
409 which is not the primary address of an interface.
410
411 Add --dhcp-client-update option.
412
413 Add Lua integration. Dnsmasq can now execute a DHCP
414 lease-change script written in Lua. This needs to be
415 enabled at compile time by setting HAVE_LUASCRIPT in
416 src/config.h or running "make COPTS=-DHAVE_LUASCRIPT"
417 Thanks to Jan-Piet Mens for the idea and proof-of-concept
418 implementation.
419
420 Tidied src/config.h to distinguish between
421 platform-dependent compile-time options which are selected
422 automatically, and builder-selectable compile time
423 options. Document the latter better, and describe how to
424 set them from the make command line.
425
426 Tidied up IPPROTO_IP/SOL_IP (and IPv6 equivalent)
427 confusion. IPPROTO_IP works everywhere now.
428
429 Set TOS on DHCP sockets, this improves things on busy
430 wireless networks. Thanks to Dave Taht for the patch.
431
984d2fde
SK		 432 Determine VERSION automatically based on git magic:
433 release tags or hash values.
c72daea8 434
a2761754
SK		 435 Improve start-up speed when reading large hosts files
436 containing many distinct addresses.
437
438 Fix problem if dnsmasq is started without the stdin,
439 stdout and stderr file descriptors open. This can manifest
440 itself as 100% CPU use. Thanks to Chris Moore for finding
441 this.
442
9bbc8876
SK		 443 Fix shell-scripting bug in bld/pkg-wrapper. Thanks to
444 Mark Mitchell for the patch.
445
751d6f4a
SK		 446 Allow the TFP server or boot server in --pxe-service, to
447 be a domain name instead of an IP address. This allows for
448 round-robin to multiple servers, in the same way as
449 --dhcp-boot. A good suggestion from Cristiano Cumer.
450
fdacfb01
SK		 451 Support BUILDDIR variable in the Makefile. Allows builds
452 for multiple archs from the same source tree with eg.
453 make BUILDDIR=linux (relative to dnsmasq tree)
454 make BUILDDIR=/tmp/openbsd (absolute path)
e5ffdb9c 455 If BUILDDIR is not set, compilation happens in the src
b36ae194
SK		 456 directory, as before. Suggestion from Mark Mitchell.
457
fdacfb01
SK		 458 Support DHCPv6. Support is there for the sort of things
459 the existing v4 server does, including tags, options,
460 static addresses and relay support. Missing is prefix
461 delegation, which is probably not required in the dnsmasq
462 niche, and an easy way to accept prefix delegations from
463 an upstream DHCPv6 server, which is. Future plans include
464 support for DHCPv6 router option and MAC address option
465 (to make selecting clients by MAC address work like IPv4).
466 These will be added as the standards mature.
467 This code has been tested, but this is the first release,
468 so don't bet the farm on it just yet. Many thanks to all
469 testers who have got it this far.
1adadf58 470
ac8540c3
SK		 471 Support IPv6 router advertisements. This is a
472 simple-minded implementation, aimed at providing the
473 vestigial RA needed to go alongside IPv6. Is picks up
474 configuration from the DHCPv6 conf, and should just need
475 enabling with --enable-ra.
476
552af8b9
SK		 477 Fix long-standing wrinkle with --localise-queries that
478 could result in wrong answers when DNS packets arrive
479 via an interface other than the expected one. Thanks to
480 Lorenzo Milesi and John Hanks for spotting this one.
71ee7ee2
SK		 481
482 Update French translation. Thanks to Gildas Le Nadan.
552af8b9 483
df66e341
SK		 484 Update Polish translation. Thanks to Jan Psota.
485
486
74c95c25 487version 2.59
c72daea8
SK		 488 Fix regression in 2.58 which caused failure to start up
489 with some combinations of dnsmasq config and IPv6 kernel
490 network config. Thanks to Brielle Bruns for the bug
491 report.
492
493 Improve dnsmasq's behaviour when network interfaces are
494 still doing duplicate address detection (DAD). Previously,
495 dnsmasq would wait up to 20 seconds at start-up for the
496 DAD state to terminate. This is broken for bridge
497 interfaces on recent Linux kernels, which don't start DAD
498 until the bridge comes up, and so can take arbitrary
499 time. The new behaviour lets dnsmasq poll for an arbitrary
500 time whilst providing service on other interfaces. Thanks
501 to Stephen Hemminger for pointing out the problem.
74c95c25
SK		 502
503
7de060b0
SK		 504version 2.58
505 Provide a definition of the SA_SIZE macro where it's
506 missing. Fixes build failure on openBSD.
507
508 Don't include a zero terminator at the end of messages
509 sent to /dev/log when /dev/log is a datagram socket.
510 Thanks to Didier Rabound for spotting the problem.
511
512 Add --dhcp-sequential-ip flag, to force allocation of IP
513 addresses in ascending order. Note that the default
514 pseudo-random mode is in general better but some
515 server-deployment applications need this.
516
517 Fix problem where a server-id of 0.0.0.0 is sent to a
518 client when a dhcp-relay is in use if a client renews a
519 lease after dnsmasq restart and before any clients on the
520 subnet get a new lease. Thanks to Mike Ruiz for assistance
521 in chasing this one down.
522
523 Don't return NXDOMAIN to an AAAA query if we have CNAME
524 which points to an A record only: NODATA is the correct
525 reply in this case. Thanks to Tom Fernandes for spotting
526 the problem.
527
528 Relax the need to supply a netmask in --dhcp-range for
529 networks which use a DHCP relay. Whilst this is still
530 desireable, in the absence of a netmask dnsmasq will use
531 a default based on the class (A, B, or C) of the address.
532 This should at least remove a cause of mysterious failure
533 for people using RFC1918 addresses and relays.
534
535 Add support for Linux conntrack connection marking. If
536 enabled with --conntrack, the connection mark for incoming
537 DNS queries will be copied to the outgoing connections
538 used to answer those queries. This allows clever firewall
539 and accounting stuff. Only available if dnsmasq is
540 compiled with HAVE_CONNTRACK and adds a dependency on
541 libnetfilter-conntrack. Thanks to Ed Wildgoose for the
542 initial idea, testing and sponsorship of this function.
543
544 Provide a sane error message when someone attempts to
545 match a tag in --dhcp-host.
546
547 Tweak the behaviour of --domain-needed, to avoid problems
548 with recursive nameservers downstream of dnsmasq. The new
549 behaviour only stops A and AAAA queries, and returns
550 NODATA rather than NXDOMAIN replies.
551
552 Efficiency fix for very large DHCP configurations, thanks
553 to James Gartrell and Mike Ruiz for help with this.
554
555 Allow the TFTP-server address in --dhcp-boot to be a
556 domain-name which is looked up in /etc/hosts. This can
557 give multiple IP addresses which are used round-robin,
558 thus doing TFTP server load-balancing. Thanks to Sushil
559 Agrawal for the patch.
560
561 When two tagged dhcp-options for a particular option
562 number are both valid, use the one which is valid without
563 a tag from the dhcp-range. Allows overriding of the value
564 of a DHCP option for a particular host as well as
565 per-network values. So
566 --dhcp-range=set:interface1,......
567 --dhcp-host=set:myhost,.....
568 --dhcp-option=tag:interface1,option:nis-domain,"domain1"
569 --dhcp-option=tag:myhost,option:nis-domain,"domain2"
570 will set the NIS-domain to domain1 for hosts in the range, but
571 override that to domain2 for a particular host.
572
573 Fix bug which resulted in truncated files and timeouts for
574 some TFTP transfers. The bug only occurs with netascii
575 transfers and needs an unfortunate relationship between
576 file size, blocksize and the number of newlines in the
577 last block before it manifests itself. Many thanks to
578 Alkis Georgopoulos for spotting the problem and providing
579 a comprehensive test-case.
580
581 Fix regression in TFTP server on *BSD platforms introduced
582 in version 2.56, due to confusion with sockaddr
de604c18 583 length. Many thanks to Loic Pefferkorn for finding this.
7de060b0
SK		 584
585 Support scope-ids in IPv6 addresses of nameservers from
586 /etc/resolv.conf and in --server options. Eg
587 nameserver fe80::202:a412:4512:7bbf%eth0 or
588 server=fe80::202:a412:4512:7bbf%eth0. Thanks to
589 Michael Stapelberg for the suggestion.
590
591 Update Polish translation, thanks to Jan Psota.
592
593 Update French translation. Thanks to Gildas Le Nadan.
594
595
572b41eb
SK		 596version 2.57
597 Add patches to allow build under Android.
598
599 Provide our own header for the DNS protocol, rather than
600 relying on arpa/nameser.h. This has proved more or less
601 defective over the years and the final straw is that it's
602 effectively empty on Android.
603
604 Fix regression in 2.56 which caused hex constants in
605 configuration to be rejected if they contain the '*'
606 wildcard.
607
608 Correct wrong casts of arguments to ctype.h functions,
609 isdigit(), isxdigit() etc. Thanks to Matthias Andree for
610 spotting this.
611
612 Allow build with IDN support independently from i18n.
613 IDN support continues to be included automatically
614 when i18n is included.
615 'make COPTS=-DHAVE_IDN' is the magic incantation.
616
617 Modify check on extraneous command line junk (added in
618 2.56) so that it doesn't complain about extra _empty_
619 arguments. Otherwise this breaks libvirt.
620
621
28866e95
SK		 622version 2.56
623 Add a patch to allow dnsmasq to get interface names right in a
624 Solaris zone. Thanks to Dj Padzensky for this.
625
626 Improve data-type parsing heuristics so that
627 --dhcp-option=option:domain-search,.
628 treats the value as a string and not an IP address.
629 Thanks to Clemens Fischer for spotting that.
630
631 Add IPv6 support to the TFTP server. Many thanks to Jan
632 'RedBully' Seiffert for the patches.
633
634 Log DNS queries at level LOG_INFO, rather then
635 LOG_DEBUG. This makes things consistent with DHCP
636 logging. Thanks to Adam Pribyl for spotting the problem.
637
638 Ensure that dnsmasq terminates cleanly when using
639 --syslog-async even if it cannot make a connection to the
640 syslogd.
641
642 Add --add-mac option. This is to support currently
643 experimental DNS filtering facilities. Thanks to Benjamin
644 Petrin for the orignal patch.
645
646 Fix bug which meant that tags were ignored in dhcp-range
647 configuration specifying PXE-proxy service. Thanks to
648 Cristiano Cumer for spotting this.
649
650 Raise an error if there is extra junk, not part of an
651 option, on the command line.
652
653 Flag a couple of log messages in cache.c as coming from
654 the DHCP subsystem. Thanks to Olaf Westrik for the patch.
655
656 Omit timestamps from logs when a) logging to stderr and
657 b) --keep-in-forground is set. The logging facility on the
658 other end of stderr can be assumned to supply them. Thanks
659 to John Hallam for the patch.
660
661 Don't complain about strings longer than 255 characters in
662 --txt-record, just split the long strings into 255
663 character chunks instead.
664
665 Fix crash on double-free. This bug can only happen when
666 dhcp-script is in use and then only in rare circumstances
667 triggered by high DHCP transaction rate and a slow
668 script. Thanks to Ferenc Wagner for finding the problem.
669
670 Only log that a file has been sent by TFTP after the
671 transfer has completed succesfully.
672
673 A good suggestion from Ferenc Wagner: extend
674 the --domain option to allow this sort of thing:
675 --domain=thekelleys.org.uk,192.168.0.0/24,local
676 which automatically creates
677 --local=/thekelleys.org.uk/
678 --local=/0.168.192.in-addr.arpa/
679
680 Tighten up syntax checking of hex contants in the config
681 file. Thanks to Fred Damen for spotting this.
682
683 Add dnsmasq logo/icon, contributed by Justin Swift. Many
684 thanks for that.
685
686 Never cache DNS replies which have the 'cd' bit set, or
687 which result from queries forwarded with the 'cd' bit
688 set. The 'cd' bit instructs a DNSSEC validating server
689 upstream to ignore signature failures and return replies
690 anyway. Without this change it's possible to pollute the
691 dnsmasq cache with bad data by making a query with the
692 'cd' bit set and subsequent queries would return this data
693 without its being marked as suspect. Thanks to Anders
694 Kaseorg for pointing out this problem.
695
696 Add --proxy-dnssec flag, for compliance with RFC
697 4035. Dnsmasq will now clear the 'ad' bit in answers returned
698 from upstream validating nameservers unless this option is
699 set.
700
701 Allow a filename of "-" for --conf-file to read
702 stdin. Suggestion from Timothy Redaelli.
703
704 Rotate the order of SRV records in replies, to provide
705 round-robin load balancing when all the priorities are
706 equal. Thanks to Peter McKinney for the suggestion.
707
708 Edit
709 contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist
710 so that it doesn't log all queries to a file by
711 default. Thanks again to Peter McKinney.
712
713 By default, setting an IPv4 address for a domain but not
714 an IPv6 address causes dnsmasq to return
715 an NODATA reply for IPv6 (or vice-versa). So
716 --address=/google.com/1.2.3.4 stops IPv6 queries for
717 *google.com from being forwarded. Make it possible to
718 override this behaviour by defining the sematics if the
719 same domain appears in both --server and --address.
720 In that case, the --address has priority for the address
721 family in which is appears, but the --server has priority
722 of the address family which doesn't appear in --adddress
723 So:
724 --address=/google.com/1.2.3.4
725 --server=/google.com/#
726 will return 1.2.3.4 for IPv4 queries for *.google.com but
727 forward IPv6 queries to the normal upstream nameserver.
728 Similarly when setting an IPv6 address
729 only this will allow forwarding of IPv4 queries. Thanks to
730 William for pointing out the need for this.
731
732 Allow more than one --dhcp-optsfile and --dhcp-hostsfile
733 and make them understand directories as arguments in the
734 same way as --addn-hosts. Suggestion from John Hanks.
735
736 Ignore rebinding requests for leases we don't know
737 about. Rebind is broadcast, so we might get to overhear a
738 request meant for another DHCP server. NAKing this is
739 wrong. Thanks to Brad D'Hondt for assistance with this.
740
572b41eb
SK		 741 Fix cosmetic bug which produced strange output when
742 dumping cache statistics with some configurations. Thanks
743 to Fedor Kozhevnikov for spotting this.
28866e95
SK		 744
745
c52e1897 746version 2.55
28866e95
SK		 747 Fix crash when /etc/ethers is in use. Thanks to
748 Gianluigi Tiesi for finding this.
c52e1897 749
28866e95
SK		 750 Fix crash in netlink_multicast(). Thanks to Arno Wald for
751 finding this one.
c52e1897 752
28866e95
SK		 753 Allow the empty domain "." in dhcp domain-search (119)
754 options.
c52e1897
SK		 755
756
757version 2.54
28866e95
SK		 758 There is no version 2.54 to avoid confusion with 2.53,
759 which incorrectly identifies itself as 2.54.
c52e1897
SK		 760
761
8ef5ada2
SK		 762version 2.53
763 Fix failure to compile on Debian/kFreeBSD. Thanks to
764 Axel Beckert and Petr Salinger.
765
766 Fix code to avoid scary strict-aliasing warnings
767 generated by gcc 4.4.
768
769 Added FAQ entry warning about DHCP failures with Vista
770 when firewalls block 255.255.255.255.
771
772 Fixed bug which caused bad things to happen if a
773 resolv.conf file which exists is subsequently removed.
774 Thanks to Nikolai Saoukh for the patch.
775
776 Rationalised the DHCP tag system. Every configuration item
777 which can set a tag does so by adding "set:<tag>" and
778 every configuration item which is conditional on a tag is
779 made so by "tag:<tag>". The NOT operator changes to '!',
780 which is a bit more intuitive too. Dhcp-host directives
781 can set more than one tag now. The old '#' NOT,
782 "net:" prefix and no-prefixes are still honoured, so
783 no existing config file needs to be changed, but
784 the documentation and new-style config files should be
785 much less confusing.
786
787 Added --tag-if to allow boolean operations on tags.
788 This allows complicated logic to be clearer and more
789 general. A great suggestion from Richard Voigt.
790
791 Add broadcast/unicast information to DHCP logging.
792
793 Allow --dhcp-broadcast to be unconditional.
794
795 Fixed incorrect behaviour with NOT <tag> conditionals in
796 dhcp-options. Thanks to Max Turkewitz for assistance
797 finding this.
798
799 If we send vendor-class encapsulated options based on the
800 vendor-class supplied by the client, and no explicit
801 vendor-class option is given, echo back the vendor-class
802 from the client.
803
804 Fix bug which stopped dnsmasq from matching both a
805 circuitid and a remoteid. Thanks to Ignacio Bravo for
806 finding this.
807
808 Add --dhcp-proxy, which makes it possible to configure
809 dnsmasq to use a DHCP relay agent as a full proxy, with
810 all DHCP messages passing through the proxy. This is
811 useful if the relay adds extra information to the packets
812 it forwards, but cannot be configured with the RFC 5107
813 server-override option.
814
815 Added interface:<iface name> part to dhcp-range. The
816 semantics of this are very odd at first sight, but it
817 allows a single line of the form
818 dhcp-range=interface:virt0,192.168.0.4,192.168.0.200
819 to be added to dnsmasq configuration which then supplies
820 DHCP and DNS services to that interface, without affecting
821 what services are supplied to other interfaces and
822 irrespective of the existance or lack of
823 interface=<interface>
824 lines elsewhere in the dnsmasq configuration. The idea is
825 that such a line can be added automatically by libvirt
826 or equivalent systems, without disturbing any manual
827 configuration.
828
829 Similarly to the above, allow --enable-tftp=<interface>
830
831 Allow a TFTP root to be set separately for requests via
832 different interfaces, --tftp-root=<path>,<interface>
833
834 Correctly handle and log clashes between CNAMES and
835 DNS names being given to DHCP leases. This fixes a bug
836 which caused nonsense IP addresses to be logged. Thanks to
837 Sergei Zhirikov for finding and analysing the problem.
838
839 Tweak flush_log so as to avoid leaving the log
840 file in non-blocking mode. O_NONBLOCK is a property of the
841 file, not the process/descriptor.
842
843 Fix contrib/Solaris10/create_package
844 (/usr/man -> /usr/share/man) Thanks to Vita Batrla.
845
846 Fix a problem where, if a client got a lease, then went
847 to another subnet and got another lease, then moved back,
848 it couldn't resume the old lease, but would instead get
849 a new address. Thanks to Leonardo Rodrigues for spotting
850 this and testing the fix.
851
852 Fix weird bug which sometimes omitted certain characters
853 from the start of quoted strings in dhcp-options. Thanks
854 to Dayton Turner for spotting the problem.
855
856 Add facility to redirect some domains to the standard
857 upstream servers: this allows something like
858 --server=/google.com/1.2.3.4 --server=/www.google.com/#
859 which will send queries for *.google.com to 1.2.3.4,
860 except *www.google.com which will be forwarded as usual.
861 Thanks to AJ Weber for prompting this addition.
862
863 Improve the hash-algorithm used to generate IP addresses
864 from MAC addresses during initial DHCP address
865 allocation. This improves performance when large numbers
866 of hosts with similar MAC addresses all try and get an IP
867 address at the same time. Thanks to Paul Smith for his
868 work on this.
869
870 Tweak DHCP code so that --bridge-interface can be used to
871 select which IP alias of an interface should be used for
872 DHCP purposes on Linux. If eth0 has an alias eth0:dhcp
873 then adding --bridge-interface=eth0:dhcp,eth0 will use
874 the address of eth0:dhcp to determine the correct subnet
875 for DHCP address allocation. Thanks to Pawel Golaszewski
876 for prompting this and Eric Cooper for further testing.
877
878 Add --dhcp-generate-names. Suggestion by Ferenc Wagner.
879
880 Tweak DNS server selection algorithm when there is more
881 than one server available for a domain, eg.
882 --server=/mydomain/1.1.1.1
883 --server=/mydomain/2.2.2.2
884 Thanks to Alberto Cuesta-Canada for spotting a weakness
885 here.
886
887 Add --max-ttl. Thanks to Fredrik Ringertz for the patch.
888
889 Allow --log-facility=- to force all logging to
890 stderr. Suggestion from Clemens Fischer.
891
892 Fix regression which caused configuration like
893 --address=/.domain.com/1.2.3.4 to be rejected. The dot to the
894 left of the domain has been implied and not required for a
895 long time, but it should be accepted for backward
896 compatibility. Thanks to Andrew Burcin for spotting this.
897
898 Add --rebind-domain-ok and --rebind-localhost-ok.
899 Suggestion from Clemens Fischer.
900
901 Log replies to queries of type TXT, when --log-queries
902 is set.
903
904 Fix compiler warnings when compiled with -DNO_DHCP. Thanks
905 to Shantanu Gadgil for the patch.
906
907 Updated French translation. Thanks to Gildas Le Nadan.
908
909 Updated Polish translation. Thanks to Jan Psota.
910
911 Updated German translation. Thanks to Matthias Andree.
912
913 Added contrib/static-arp, thanks to Darren Hoo.
914
915 Fix corruption of the domain when a name from /etc/hosts
916 overrides one supplied by a DHCP client. Thanks to Fedor
917 Kozhevnikov for spotting the problem.
918
919 Updated Spanish translation. Thanks to Chris Chatham.
920
921
316e2730
SK		 922version 2.52
923 Work around a Linux kernel bug which insists that the
924 length of the option passed to setsockopt must be at least
925 sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
926 and the device name is "lo". Note that this is fixed
927 in kernel 2.6.31, but the workaround is harmless and
928 allows earlier kernels to be used. Also fix dnsmasq
929 bug which reported the wrong address when this failed.
930 Thanks to Fedor for finding this.
931
932 The API for IPv6 PKTINFO changed around Linux kernel
933 2.6.14. Workaround the case where dnsmasq is compiled
934 against newer headers, but then run on an old kernel:
935 necessary for some *WRT distros.
936
937 Re-read the set of network interfaces when re-loading
938 /etc/resolv.conf if --bind-interfaces is not set. This
939 handles the case that loopback interfaces do not exist
940 when dnsmasq is first started.
941
942 Tweak the PXE code to support port 4011. This should
943 reduce broadcasts and make things more reliable when other
944 servers are around. It also improves inter-operability
945 with certain clients.
946
947 Make a pxe-service configuration with no filename or boot
948 service type legal: this does a local boot. eg.
949 pxe-service=x86PC, "Local boot"
950
951 Be more conservative in detecting "A for A"
952 queries. Dnsmasq checks if the name in a type=A query looks
953 like a dotted-quad IP address and answers the query itself
954 if so, rather than forwarding it. Previously dnsmasq
955 relied in the library function inet_addr() to convert
956 addresses, and that will accept some things which are
957 confusing in this context, like 1.2.3 or even just
958 1234. Now we only do A for A processing for four decimal
959 numbers delimited by dots.
960
961 A couple of tweaks to fix compilation on Solaris. Thanks
962 to Joel Macklow for help with this.
963
964 Another Solaris compilation tweak, needed for Solaris
965 2009.06. Thanks to Lee Essen for that.
966
967 Added extract packaging stuff from Lee Essen to
968 contrib/Solaris10.
969
970 Increased the default limit on number of leases to 1000
971 (from 150). This is mainly a defence against DoS attacks,
972 and for the average "one for two class C networks"
973 installation, IP address exhaustion does that just as
974 well. Making the limit greater than the number of IP
975 addresses available in such an installation removes a
976 surprise which otherwise can catch people out.
977
978 Removed extraneous trailing space in the value of the
979 DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and
980 DNSMASQ_LEASE_EXPIRES environment variables. Thanks to
981 Gildas Le Nadan for spotting this.
982
983 Provide the network-id tags for a DHCP transaction to
984 the lease-change script in the environment variable
985 DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.
986
987 Add support for RFC3925 "Vendor-Identifying Vendor
988 Options". The syntax looks like this:
989 --dhcp-option=vi-encap:<enterprise number>, .........
990
991 Add support to --dhcp-match to allow matching against
992 RFC3925 "Vendor-Identifying Vendor Classes". The syntax
993 looks like this:
994 --dhcp-match=tag,vi-encap<enterprise number>, <value>
995
996 Add some application specific code to assist in
997 implementing the Broadband forum TR069 CPE-WAN
998 specification. The details are in contrib/CPE-WAN/README
999
1000 Increase the default DNS packet size limit to 4096, as
1001 recommended by RFC5625 section 4.4.3. This can be
1002 reconfigured using --edns-packet-max if needed. Thanks to
1003 Francis Dupont for pointing this out.
1004
8ef5ada2 1005 Rewrite query-ids even for TSIG signed packets, since
316e2730
SK		 1006 this is allowed by RFC5625 section 4.5.
1007
1008 Use getopt_long by default on OS X. It has been supported
1009 since version 10.3.0. Thanks to Arek Dreyer for spotting
1010 this.
1011
1012 Added up-to-date startup configuration for MacOSX/launchd
1013 in contrib/MacOSX-launchd. Thanks to Arek Dreyer for
1014 providing this.
1015
1016 Fix link error when including Dbus but excluding DHCP.
1017 Thanks to Oschtan for the bug report.
1018
1019 Updated French translation. Thanks to Gildas Le Nadan.
1020
1021 Updated Polish translation. Thanks to Jan Psota.
1022
1023 Updated Spanish translation. Thanks to Chris Chatham.
1024
8ef5ada2
SK		 1025 Fixed confusion about domains, when looking up DHCP hosts
1026 in /etc/hosts. This could cause spurious "Ignoring
1027 domain..." messages. Thanks to Fedor Kozhevnikov for
1028 finding and analysing the problem.
316e2730 1029
8ef5ada2 1030
1f15b81d
SK		 1031version 2.51
1032 Add support for internationalised DNS. Non-ASCII characters
1033 in domain names found in /etc/hosts, /etc/ethers and
1034 /etc/dnsmasq.conf will be correctly handled by translation to
1035 punycode, as specified in RFC3490. This function is only
1036 available if dnsmasq is compiled with internationalisation
1037 support, and adds a dependency on GNU libidn. Without i18n
1038 support, dnsmasq continues to be compilable with just
1039 standard tools. Thanks to Yves Dorfsman for the
1040 suggestion.
1041
1042 Add two more environment variables for lease-change scripts:
1043 First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
1044 supplied by a client, even if the actual hostname used is
1045 over-ridden by dhcp-host or dhcp-ignore-names directives.
1046 Also DNSMASQ_RELAY_ADDRESS which gives the address of
1047 a DHCP relay, if used.
1048 Suggestions from Michael Rack.
1049
1050 Fix regression which broke echo of relay-agent
1051 options. Thanks to Michael Rack for spotting this.
1052
1053 Don't treat option 67 as being interchangeable with
1054 dhcp-boot parameters if it's specified as
1055 dhcp-option-force.
1056
1057 Make the code to call scripts on lease-change compile-time
1058 optional. It can be switched off by editing src/config.h
1059 or building with "make COPTS=-DNO_SCRIPT".
1060
1061 Make the TFTP server cope with filenames from Windows/DOS
1062 which use '\' as pathname separator. Thanks to Ralf for
1063 the patch.
1064
1065 Updated Polish translation. Thanks to Jan Psota.
1066
1067 Warn if an IP address is duplicated in /etc/ethers. Thanks
1068 to Felix Schwarz for pointing this out.
1069
1070 Teach --conf-dir to take an option list of file suffices
1071 which will be ignored when scanning the directory. Useful
1072 for backup files etc. Thanks to Helmut Hullen for the
1073 suggestion.
1074
1075 Add new DHCP option named tftpserver-address, which
1076 corresponds to the third argument of dhcp-boot. This
1077 allows the complete functionality of dhcp-boot to be
1078 replicated with dhcp-option. Useful when using
1079 dhcp-optsfile.
1080
1081 Test which upstream nameserver to use every 10 seconds
1082 or 50 queries and not just when a query times out and
1083 is retried. This should improve performance when there
1084 is a slow nameserver in the list. Thanks to Joe for the
1085 suggestion.
1086
1087 Don't do any PXE processing, even for clients with the
1088 correct vendorclass, unless at least one pxe-prompt or
1089 pxe-service option is given. This stops dnsmasq
1090 interfering with proxy PXE subsystems when it is just
1091 the DHCP server. Thanks to Spencer Clark for spotting this.
1092
1093 Limit the blocksize used for TFTP transfers to a value
1094 which avoids packet fragmentation, based on the MTU of the
1095 local interface. Many netboot ROMs can't cope with
1096 fragmented packets.
1097
1098 Honour dhcp-ignore configuration for PXE and proxy-PXE
1099 requests. Thanks to Niels Basjes for the bug report.
1100
1101 Updated French translation. Thanks to Gildas Le Nadan.
1102
1103
77e94da7 1104version 2.50
1f15b81d 1105 Fix security problem which allowed any host permitted to
77e94da7
SK		 1106 do TFTP to possibly compromise dnsmasq by remote buffer
1107 overflow when TFTP enabled. Thanks to Core Security
1108 Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
1109 Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
1110 Pablo Annetta. This problem has Bugtraq id: 36121
1111 and CVE: 2009-2957
1112
1113 Fix a problem which allowed a malicious TFTP client to
1114 crash dnsmasq. Thanks to Steve Grubb at Red Hat for
1115 spotting this. This problem has Bugtraq id: 36120 and
1116 CVE: 2009-2958
1117
1118
03a97b61
SK		 1119version 2.49
1120 Fix regression in 2.48 which disables the lease-change
1121 script. Thanks to Jose Luis Duran for spotting this.
1122
1123 Log TFTP "file not found" errors. These were not logged,
1124 since a normal PXELinux boot generates many of them, but
1125 the lack of the messages seems to be more confusing than
1126 routinely seeing them when there is no real error.
1127
1128 Update Spanish translation. Thanks to Chris Chatham.
1129
1130
7622fc06
SK		 1131version 2.48
1132 Archived the extensive, backwards, changelog to
1133 CHANGELOG.archive. The current changelog now runs from
1134 version 2.43 and runs conventionally.
9e4abcb5 1135
7622fc06
SK		 1136 Fixed bug which broke binding of servers to physical
1137 interfaces when interface names were longer than four
1138 characters. Thanks to MURASE Katsunori for the patch.
9e4abcb5 1139
7622fc06
SK		 1140 Fixed netlink code to check that messages come from the
1141 correct source, and not another userspace process. Thanks
1142 to Steve Grubb for the patch.
9e4abcb5 1143
7622fc06
SK		 1144 Maintainability drive: removed bug and missing feature
1145 workarounds for some old platforms. Solaris 9, OpenBSD
1146 older than 4.1, Glibc older than 2.2, Linux 2.2.x and
1147 DBus older than 1.1.x are no longer supported.
9e4abcb5 1148
7622fc06
SK		 1149 Don't read included configuration files more than once:
1150 allows complex configuration structures without problems.
9e4abcb5 1151
7622fc06
SK		 1152 Mark log messages from the various subsystems in dnsmasq:
1153 messages from the DHCP subsystem now have the ident string
1154 "dnsmasq-dhcp" and messages from TFTP have ident
1155 "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.
9e4abcb5 1156
7622fc06
SK		 1157 Fix possible infinite DHCP protocol loop when an IP
1158 address nailed to a hostname (not a MAC address) and a
1159 host sometimes provides the name, sometimes not.
9e4abcb5 1160
7622fc06
SK		 1161 Allow --addn-hosts to take a directory: all the files
1162 in the directory are read. Thanks to Phil Cornelius for
1163 the suggestion.
9e4abcb5 1164
7622fc06 1165 Support --bridge-interface on all platforms, not just BSD.
1ab84e2f 1166
7622fc06
SK		 1167 Added support for advanced PXE functions. It's now
1168 possible to define a prompt and menu options which will
1169 be displayed when a client PXE boots. It's also possible to
1170 hand-off booting to other boot servers. Proxy-DHCP, where
1171 dnsmasq just supplies the PXE information and another DHCP
1172 server does address allocation, is also allowed. See the
1173 --pxe-prompt and --pxe-service keywords. Thanks to
1174 Alkis Georgopoulos for the suggestion and Guilherme Moro
1175 and Michael Brown for assistance.
1176
1177 Improvements to DHCP logging. Thanks to Tom Metro for
1178 useful suggestions.
3be34541 1179
7622fc06
SK		 1180 Add ability to build dnsmasq without DHCP support. To do
1181 this, edit src/config.h or build with
1182 "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch.
36717eee 1183
7622fc06
SK		 1184 Added --test command-line switch - syntax check
1185 configuration files only.
36717eee 1186
7622fc06 1187 Updated French translation. Thanks to Gildas Le Nadan.
fd9fa481 1188
3d8df260 1189
7622fc06
SK		 1190version 2.47
1191 Updated French translation. Thanks to Gildas Le Nadan.
3d8df260 1192
7622fc06
SK		 1193 Fixed interface enumeration code to work on NetBSD
1194 5.0. Thanks to Roy Marples for the patch.
3d8df260 1195
7622fc06
SK		 1196 Updated config.h to use the same location for the lease
1197 file on NetBSD as the other *BSD variants. Also allow
1198 LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.
3d8df260 1199
7622fc06
SK		 1200 Handle duplicate address detection on IPv6 more
1201 intelligently. In IPv6, an interface can have an address
1202 which is not usable, because it is still undergoing DAD
1203 (such addresses are marked "tentative"). Attempting to
1204 bind to an address in this state returns an error,
1205 EADDRNOTAVAIL. Previously, on getting such an error,
1206 dnsmasq would silently abandon the address, and never
1207 listen on it. Now, it retries once per second for 20
1208 seconds before generating a fatal error. 20 seconds should
1209 be long enough for any DAD process to complete, but can be
1210 adjusted in src/config.h if necessary. Thanks to Martin
1211 Krafft for the bug report.
3d8df260 1212
7622fc06 1213 Add DBus introspection. Patch from Jeremy Laine.
b8187c80 1214
7622fc06
SK		 1215 Update Dbus configuration file. Patch from Colin Walters.
1216 Fix for this bug:
1217 http://bugs.freedesktop.org/show_bug.cgi?id=18961
b8187c80 1218
7622fc06
SK		 1219 Support arbitrarily encapsulated DHCP options, suggestion
1220 and initial patch from Samium Gromoff. This is useful for
1221 (eg) gPXE, which expect all its private options to be
1222 encapsulated inside a single option 175. So, eg,
b8187c80 1223
7622fc06
SK		 1224 dhcp-option = encap:175, 190, "iscsi-client0"
1225 dhcp-option = encap:175, 191, "iscsi-client0-secret"
b8187c80 1226
7622fc06 1227 will provide iSCSI parameters to gPXE.
b8187c80 1228
7622fc06
SK		 1229 Enhance --dhcp-match to allow testing of the contents of a
1230 client-sent option, as well as its presence. This
1231 application in mind for this is RFC 4578
1232 client-architecture specifiers, but it's generally useful.
1233 Joey Korkames suggested the enhancement.
b8187c80 1234
7622fc06
SK		 1235 Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
1236 OpenSolaris. Thanks to Bastian Machek for the heads-up.
b8187c80 1237
7622fc06
SK		 1238 No longer complain about blank lines in
1239 /etc/ethers. Thanks to Jon Nelson for the patch.
b8187c80 1240
7622fc06
SK		 1241 Fix binding of servers to physical devices, eg
1242 --server=/domain/1.2.3.4@eth0 which was broken from 2.43
1243 onwards unless --query-port=0 set. Thanks to Peter Naulls
cdeda28f
SK		 1244 for the bug report.
1245
7622fc06
SK		 1246 Reply to DHCPINFORM requests even when the supplied ciaddr
1247 doesn't fall in any dhcp-range. In this case it's not
1248 possible to supply a complete configuration, but
1249 individually-configured options (eg PAC) may be useful.
5aabfc78 1250
7622fc06
SK		 1251 Allow the source address of an alias to be a range:
1252 --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
1253 subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
1254 as before.
1255 --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
1256 maps only the 192.168.0.10->192.168.0.40 region. Thanks to
1257 Ib Uhrskov for the suggestion.
5aabfc78 1258
7622fc06
SK		 1259 Don't dynamically allocate DHCP addresses which may break
1260 Windows. Addresses which end in .255 or .0 are broken in
1261 Windows even when using supernetting.
1262 --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means
1263 192.168.0.255 is a valid IP address, but not for Windows.
1264 See Microsoft KB281579. We therefore no longer allocate
1265 these addresses to avoid hard-to-diagnose problems.
5aabfc78 1266
7622fc06 1267 Update Polish translation. Thanks to Jan Psota.
5aabfc78 1268
7622fc06
SK		 1269 Delete the PID-file when dnsmasq shuts down. Note that by
1270 this time, dnsmasq is normally not running as root, so
1271 this will fail if the PID-file is stored in a root-owned
1272 directory; such failure is silently ignored. To take
1273 advantage of this feature, the PID-file must be stored in a
1274 directory owned and write-able by the user running
1275 dnsmasq.
5aabfc78 1276
5aabfc78 1277
7622fc06
SK		 1278version 2.46
1279 Allow --bootp-dynamic to take a netid tag, so that it may
1280 be selectively enabled. Thanks to Olaf Westrik for the
1281 suggestion.
5aabfc78 1282
7622fc06
SK		 1283 Remove ISC-leasefile reading code. This has been
1284 deprecated for a long time, and last time I removed it, it
1285 ended up going back by request of one user. This time,
1286 it's gone for good; otherwise it would need to be
1287 re-worked to support multiple domains (see below).
5aabfc78 1288
7622fc06
SK		 1289 Support DHCP clients in multiple DNS domains. This is a
1290 long-standing request. Clients are assigned to a domain
1291 based in their IP address.
5aabfc78 1292
7622fc06
SK		 1293 Add --dhcp-fqdn flag, which changes behaviour if DNS names
1294 assigned to DHCP clients. When this is set, there must be
1295 a domain associated with each client, and only
1296 fully-qualified domain names are added to the DNS. The
1297 advantage is that the only the FQDN needs to be unique,
1298 so that two or more DHCP clients can share a hostname, as
1299 long as they are in different domains.
5aabfc78 1300
7622fc06
SK		 1301 Set environment variable DNSMASQ_DOMAIN when invoking
1302 lease-change script. This may be useful information to
1303 have now that it's variable.
5aabfc78 1304
7622fc06
SK		 1305 Tighten up data-checking code for DNS packet
1306 handling. Thanks to Steve Dodd who found certain illegal
1307 packets which could crash dnsmasq. No memory overwrite was
1308 possible, so this is not a security issue beyond the DoS
1309 potential.
824af85b 1310
7622fc06
SK		 1311 Update example config dhcp option 47, the previous
1312 suggestion generated an illegal, zero-length,
1313 option. Thanks to Matthias Andree for finding this.
824af85b 1314
7622fc06
SK		 1315 Rewrite hosts-file reading code to remove the limit of
1316 1024 characters per line. John C Meuser found this.
824af85b 1317
7622fc06
SK		 1318 Create a net-id tag with the name of the interface on
1319 which the DHCP request was received.
824af85b 1320
7622fc06
SK		 1321 Fixed minor memory leak in DBus code, thanks to Jeremy
1322 Laine for the patch.
824af85b 1323
7622fc06
SK		 1324 Emit DBus signals as the DHCP lease database
1325 changes. Thanks to Jeremy Laine for the patch.
824af85b 1326
7622fc06
SK		 1327 Allow for more that one MAC address in a dhcp-host
1328 line. This configuration tells dnsmasq that it's OK to
1329 abandon a DHCP lease of the fixed address to one MAC
1330 address, if another MAC address in the dhcp-host statement
1331 asks for an address. This is useful to give a fixed
1332 address to a host which has two network interfaces
1333 (say, a laptop with wired and wireless interfaces.)
1334 It's very important to ensure that only one interface
1335 at a time is up, since dnsmasq abandons the first lease
1336 and re-uses the address before the leased time has
1337 elapsed. John Gray suggested this.
824af85b 1338
7622fc06
SK		 1339 Tweak the response to a DHCP request packet with a wrong
1340 server-id when --dhcp-authoritative is set; dnsmasq now
1341 returns a DHCPNAK, rather than silently ignoring the
1342 packet. Thanks to Chris Marget for spotting this
1343 improvement.
824af85b 1344
7622fc06
SK		 1345 Add --cname option. This provides a limited alias
1346 function, usable for DHCP names. Thanks to AJ Weber for
1347 suggestions on this.
824af85b 1348
7622fc06
SK		 1349 Updated contrib/webmin with latest version from Neil
1350 Fisher.
824af85b 1351
7622fc06 1352 Updated Polish translation. Thanks to Jan Psota.
824af85b 1353
7622fc06
SK		 1354 Correct the text names for DHCP options 64 and 65 to be
1355 "nis+-domain" and "nis+-servers".
9e038946 1356
7622fc06 1357 Updated Spanish translation. Thanks to Chris Chatham.
9e038946 1358
7622fc06
SK		 1359 Force re-reading of /etc/resolv.conf when an "interface
1360 up" event occurs.
9e038946 1361
824af85b 1362
7622fc06
SK		 1363version 2.45
1364 Fix total DNS failure in release 2.44 unless --min-port
1365 specified. Thanks to Steven Barth and Grant Coady for
1366 bugreport. Also reject out-of-range port spec, which could
1367 break things too: suggestion from Gilles Espinasse.
824af85b 1368
9e038946 1369
7622fc06
SK		 1370version 2.44
1371 Fix crash when unknown client attempts to renew a DHCP
1372 lease, problem introduced in version 2.43. Thanks to
1373 Carlos Carvalho for help chasing this down.
9e038946 1374
7622fc06
SK		 1375 Fix potential crash when a host which doesn't have a lease
1376 does DHCPINFORM. Again introduced in 2.43. This bug has
1377 never been reported in the wild.
9e038946 1378
7622fc06
SK		 1379 Fix crash in netlink code introduced in 2.43. Thanks to
1380 Jean Wolter for finding this.
9e038946 1381
7622fc06
SK		 1382 Change implementation of min_port to work even if min-port
1383 is large.
9e038946 1384
7622fc06
SK		 1385 Patch to enable compilation of latest Mac OS X. Thanks to
1386 David Gilman.
9e038946 1387
7622fc06 1388 Update Spanish translation. Thanks to Christopher Chatham.
1a6bca81
SK		 1389
1390
1391version 2.43
1392 Updated Polish translation. Thanks to Jan Psota.
1393
1394 Flag errors when configuration options are repeated
1395 illegally.
1396
1397 Further tweaks for GNU/kFreeBSD
1398
1399 Add --no-wrap to msgmerge call - provides nicer .po file
1400 format.
1401
1402 Honour lease-time spec in dhcp-host lines even for
1403 BOOTP. The user is assumed to known what they are doing in
1404 this case. (Hosts without the time spec still get infinite
1405 leases for BOOTP, over-riding the default in the
1406 dhcp-range.) Thanks to Peter Katzmann for uncovering this.
1407
1408 Fix problem matching relay-agent ids. Thanks to Michael
1409 Rack for the bug report.
1410
1411 Add --naptr-record option. Suggestion from Johan
1412 Bergquist.
1413
1414 Implement RFC 5107 server-id-override DHCP relay agent
1415 option.
1416
1417 Apply patches from Stefan Kruger for compilation on
1418 Solaris 10 under Sun studio.
1419
1420 Yet more tweaking of Linux capability code, to suppress
1421 pointless wingeing from kernel 2.6.25 and above.
1422
1423 Improve error checking during startup. Previously, some
1424 errors which occurred during startup would be worked
1425 around, with dnsmasq still starting up. Some were logged,
1426 some silent. Now, they all cause a fatal error and dnsmasq
1427 terminates with a non-zero exit code. The errors are those
1428 associated with changing uid and gid, setting process
1429 capabilities and writing the pidfile. Thanks to Uwe
1430 Gansert and the Suse security team for pointing out
1431 this improvement, and Bill Reimers for good implementation
1432 suggestions.
1433
1434 Provide NO_LARGEFILE compile option to switch off largefile
1435 support when compiling against versions of uclibc which
1436 don't support it. Thanks to Stephane Billiart for the patch.
1437
1438 Implement random source ports for interactions with
1439 upstream nameservers. New spoofing attacks have been found
1440 against nameservers which do not do this, though it is not
1441 clear if dnsmasq is vulnerable, since to doesn't implement
1442 recursion. By default dnsmasq will now use a different
1443 source port (and socket) for each query it sends
1444 upstream. This behaviour can suppressed using the
1445 --query-port option, and the old default behaviour
1446 restored using --query-port=0. Explicit source-port
1447 specifications in --server configs are still honoured.
1448
1449 Replace the random number generator, for better
1450 security. On most BSD systems, dnsmasq uses the
1451 arc4random() RNG, which is secure, but on other platforms,
1452 it relied on the C-library RNG, which may be
1453 guessable and therefore allow spoofing. This release
1454 replaces the libc RNG with the SURF RNG, from Daniel
1455 J. Berstein's DJBDNS package.
1456
1457 Don't attempt to change user or group or set capabilities
1458 if dnsmasq is run as a non-root user. Without this, the
1459 change from soft to hard errors when these fail causes
1460 problems for non-root daemons listening on high
1461 ports. Thanks to Patrick McLean for spotting this.
1462
1463 Updated French translation. Thanks to Gildas Le Nadan.
1f15b81d
SK		 1464
1465
1466version 2.42
1467 The changelog for version 2.42 and earlier is
1468 available in CHANGELOG.archive.
Michael's tree of dnsmasq.