]>
Commit | Line | Data |
---|---|---|
797a7afb GT |
1 | version 2.67 |
2 | Fix crash if upstream server returns SERVFAIL when | |
3 | --conntrack in use. Thanks to Giacomo Tazzari for finding | |
4 | this and supplying the patch. | |
aa63a21c SK |
5 | |
6 | Repair regression in 2.64. That release stopped sending | |
7 | lease-time information in the reply to DHCPINFORM | |
8 | requests, on the correct grounds that it was a standards | |
9 | violation. However, this broke the dnsmasq-specific | |
10 | dhcp_lease_time utility. Now, DHCPINFORM returns | |
11 | lease-time only if it's specifically requested | |
12 | (maintaining standards) and the dhcp_lease_time utility | |
13 | has been taught to ask for it (restoring functionality). | |
86e92f99 SK |
14 | |
15 | Fix --dhcp-match, --dhcp-vendorclass and --dhcp-userclass | |
16 | to work with BOOTP and well as DHCP. Thanks to Peter | |
17 | Korsgaard for spotting the problem. | |
2bb73af7 SK |
18 | |
19 | Add --synth-domain. Thanks to Vishvananda Ishaya for | |
20 | suggesting this. | |
d5052fb2 SK |
21 | |
22 | Fix failure to compile ipset.c if old kernel headers are | |
23 | in use. Thanks to Eugene Rudoy for pointing this out. | |
3f2873d4 SK |
24 | |
25 | Handle IPv4 interface-address labels in Linux. These are | |
26 | often used to emulate the old IP-alias addresses. Before, | |
27 | using --interface=eth0 would service all the addresses of | |
28 | eth0, including ones configured as aliases, which appear | |
29 | in ifconfig as eth0:0. Now, only addresses with the label | |
30 | eth0 are active. This is not backwards compatible: if you | |
31 | want to continue to bind the aliases too, you need to add | |
32 | eg. --interface=eth0:0 to the config. | |
797a7afb | 33 | |
cfcad42f SK |
34 | Fix "failed to set SO_BINDTODEVICE on DHCP socket: Socket |
35 | operation on non-socket" error on startup with | |
36 | configurations which have exactly one --interface option | |
37 | and do RA but _not_ DHCPv6. Thanks to Trever Adams for the | |
38 | bug report. | |
797a7afb | 39 | |
115ac3e4 SK |
40 | Generalise --interface-name to cope with IPv6 addresses |
41 | and multiple addresses per interface per address family. | |
42 | ||
3e8ed78b SK |
43 | Fix option parsing for --dhcp-host, which was generating a |
44 | spurious error when all seven possible items were | |
45 | included. Thanks to Zhiqiang Wang for the bug report. | |
baa80ae5 SK |
46 | |
47 | Remove restriction on prefix-length in --auth-zone. Thanks | |
48 | to Toke Hoiland-Jorgensen for suggesting this. | |
49 | ||
0da5e897 MSB |
50 | Log when the maximum number of concurrent DNS queries is |
51 | reached. Thanks to Marcelo Salhab Brogliato for the patch. | |
52 | ||
e2ba0df2 SK |
53 | If wildcards are used in --interface, don't assume that |
54 | there will only ever be one available interface for DHCP | |
55 | just because there is one at start-up. More may appear, so | |
56 | we can't use SO_BINDTODEVICE. Thanks to Natrio for the bug | |
57 | report. | |
58 | ||
b4b93080 SK |
59 | Increase timeout/number of retries in TFTP to accomodate |
60 | AudioCodes Voice Gateways doing streaming writes to flash. | |
61 | Thanks to Damian Kaczkowski for spotting the problem. | |
62 | ||
d859ca2f KM |
63 | Allow hostnames to start with a number, as allowed in |
64 | RFC-1123. Thanks to Kyle Mestery for the patch. | |
65 | ||
3f3adae6 RM |
66 | Fixes to DHCP FQDN option handling: don't terminate FQDN |
67 | if domain not known and allow a FQDN option with blank | |
68 | name to request that a FQDN option is returned in the | |
69 | reply. Thanks to Roy Marples for the patch. | |
70 | ||
b4b93080 | 71 | |
333b2ceb SK |
72 | version 2.66 |
73 | Add the ability to act as an authoritative DNS | |
74 | server. Dnsmasq can now answer queries from the wider 'net | |
75 | with local data, as long as the correct NS records are set | |
76 | up. Only local data is provided, to avoid creating an open | |
77 | DNS relay. Zone transfer is supported, to allow secondary | |
78 | servers to be configured. | |
79 | ||
80 | Add "constructed DHCP ranges" for DHCPv6. This is intended | |
81 | for IPv6 routers which get prefixes dynamically via prefix | |
82 | delegation. With suitable configuration, stateful DHCPv6 | |
83 | and RA can happen automatically as prefixes are delegated | |
84 | and then deprecated, without having to re-write the | |
85 | dnsmasq configuration file or restart the daemon. Thanks to | |
86 | Steven Barth for extensive testing and development work on | |
87 | this idea. | |
71c73ac1 SK |
88 | |
89 | Fix crash on startup on Solaris 11. Regression probably | |
22ce550e SK |
90 | introduced in 2.61. Thanks to Geoff Johnstone for the |
91 | patch. | |
92 | ||
93 | Add code to make behaviour for TCP DNS requests that same | |
94 | as for UDP requests, when a request arrives for an allowed | |
95 | address, but via a banned interface. This change is only | |
96 | active on Linux, since the relevant API is missing (AFAIK) | |
97 | on other platforms. Many thanks to Tomas Hozza for | |
98 | spotting the problem, and doing invaluable discovery of | |
99 | the obscure and undocumented API required for the solution. | |
a21e27bc SK |
100 | |
101 | Don't send the default DHCP option advertising dnsmasq as | |
102 | the local DNS server if dnsmasq is configured to not act | |
103 | as DNS server, or it's configured to a non-standard port. | |
dd1721c7 SK |
104 | |
105 | Add DNSMASQ_CIRCUIT_ID, DNSMASQ_SUBCRIBER_ID, | |
106 | DNSMASQ_REMOTE_ID variables to the environment of the | |
3d77c046 | 107 | lease-change script (and the corresponding Lua). These hold |
dd1721c7 SK |
108 | information inserted into the DHCP request by a DHCP relay |
109 | agent. Thanks to Lakefield Communications for providing a | |
110 | bounty for this addition. | |
111 | ||
4038ae20 SK |
112 | Fixed crash, introduced in 2.64, whilst handling DHCPv6 |
113 | information-requests with some common configurations. | |
114 | Thanks to Robert M. Albrecht for the bug report and | |
115 | chasing the problem. | |
116 | ||
13d86c73 JD |
117 | Add --ipset option. Thanks to Jason A. Donenfeld for the |
118 | patch. | |
119 | ||
c7961075 | 120 | Don't erroneously reject some option names in --dhcp-match |
3d77c046 | 121 | options. Thanks to Benedikt Hochstrasser for the bug report. |
49333cbd SK |
122 | |
123 | Allow a trailing '*' wildcard in all interface-name | |
124 | configurations. Thanks to Christian Parpart for the patch. | |
c7961075 | 125 | |
56a1142f SK |
126 | Handle the situation where libc headers define |
127 | SO_REUSEPORT, but the kernel in use doesn't, to cope with | |
128 | the introduction of this option to Linux. Thanks to Rich | |
129 | Felker for the bug report. | |
130 | ||
cd1e04a2 | 131 | Update Polish translation. Thanks to Jan Psota. |
0b0a73c1 SK |
132 | |
133 | Fix crash if the configured DHCP lease limit is | |
134 | reached. Regression occurred in 2.61. Thanks to Tsachi for | |
135 | the bug report. | |
cd1e04a2 | 136 | |
834f36fe SK |
137 | Update the French translation. Thanks to Gildas le Nadan. |
138 | ||
49333cbd | 139 | |
ee86ce68 SK |
140 | version 2.65 |
141 | Fix regression which broke forwarding of queries sent via | |
142 | TCP which are not for A and AAAA and which were directed to | |
143 | non-default servers. Thanks to Niax for the bug report. | |
144 | ||
b5a8dd1d SK |
145 | Fix failure to build with DHCP support excluded. Thanks to |
146 | Gustavo Zacarias for the patch. | |
1d6c6393 SK |
147 | |
148 | Fix nasty regression in 2.64 which completely broke cacheing. | |
b5a8dd1d SK |
149 | |
150 | ||
2e34ac14 SK |
151 | version 2.64 |
152 | Handle DHCP FQDN options with all flag bits zero and | |
153 | --dhcp-client-update set. Thanks to Bernd Krumbroeck for | |
154 | spotting the problem. | |
155 | ||
12d71ed2 SK |
156 | Finesse the check for /etc/hosts names which conflict with |
157 | DHCP names. Previously a name/address pair in /etc/hosts | |
158 | which didn't match the name/address of a DHCP lease would | |
159 | generate a warning. Now that only happesn if there is not | |
160 | also a match. This allows multiple addresses for a name in | |
161 | /etc/hosts with one of them assigned via DHCP. | |
162 | ||
4d0f5b4c SK |
163 | Fix broken vendor-option processing for BOOTP. Thanks to |
164 | Hans-Joachim Baader for the bug report. | |
165 | ||
dfb23b3f SK |
166 | Don't report spurious netlink errors, regression in |
167 | 2.63. Thanks to Vladislav Grishenko for the patch. | |
168 | ||
2b127a1e SK |
169 | Flag DHCP or DHCPv6 in starup logging. Thanks to |
170 | Vladislav Grishenko for the patch. | |
171 | ||
295a54ee | 172 | Add SetServersEx method in DBus interface. Thanks to Dan |
faafb3f7 SK |
173 | Williams for the patch. |
174 | ||
295a54ee SK |
175 | Add SetDomainServers method in DBus interface. Thanks to |
176 | Roy Marples for the patch. | |
177 | ||
289a2535 SK |
178 | Fix build with later Lua libraries. Thansk to Cristian |
179 | Rodriguez for the patch. | |
2e34ac14 | 180 | |
1d860415 SK |
181 | Add --max-cache-ttl option. Thanks to Dennis Kaarsemaker |
182 | for the patch. | |
183 | ||
e4807d8b SK |
184 | Fix breakage of --host-record parsing, resulting in |
185 | infinte loop at startup. Regression in 2.63. Thanks to | |
186 | Haim Gelfenbeyn for spotting this. | |
187 | ||
2022310f SK |
188 | Set SO_REUSEADDRESS and SO_V6ONLY options on the DHCPv6 |
189 | socket, this allows multiple instances of dnsmasq on a | |
190 | single machine, in the same way as for DHCPv4. Thanks to | |
191 | Gene Czarcinski and Vladislav Grishenko for work on this. | |
192 | ||
be6cfb42 SK |
193 | Fix DHCPv6 to do access control correctly when it's |
194 | configured with --listen-address. Thanks to | |
195 | Gene Czarcinski for sorting this out. | |
196 | ||
819ff4dd SK |
197 | Add a "wildcard" dhcp-range which works for any IPv6 |
198 | subnet, --dhcp-range=::,static Useful for Stateless | |
199 | DHCPv6. Thanks to Vladislav Grishenko for the patch. | |
200 | ||
d1a5975f SK |
201 | Don't include lease-time in DHCPACK replies to DHCPINFORM |
202 | queries, since RFC-2131 says we shouldn't. Thanks to | |
203 | Wouter Ibens for pointing this out. | |
8e4b8791 SK |
204 | |
205 | Makefile tweak to do dependency checking on header files. | |
206 | Thanks to Johan Peeters for the patch. | |
d89fb4ed SK |
207 | |
208 | Check interface for outgoing unsolicited router | |
209 | advertisements, rather than relying on interface address | |
210 | configuration. Thanks to Gene Czarinski for the patch. | |
29d28dda SK |
211 | |
212 | Handle better attempts to transmit on interfaces which are | |
213 | still doing DAD, and specifically do not just transmit | |
214 | without setting source address and interface, since this | |
215 | can cause very puzzling effects when a router | |
216 | advertisement goes astray. Thanks again to Gene Czarinski. | |
217 | ||
218 | Get RA timers right when there is more than one | |
219 | dhcp-range on a subnet. | |
289a2535 | 220 | |
d1a5975f | 221 | |
078a630b SK |
222 | version 2.63 |
223 | Do duplicate dhcp-host address check in --test mode. | |
224 | ||
8b3ae2fd SK |
225 | Check that tftp-root directories are accessible before |
226 | start-up. Thanks to Daniel Veillard for the initial patch. | |
227 | ||
228 | Allow more than one --tfp-root flag. The per-interface | |
229 | stuff is pointless without that. | |
230 | ||
54dd393f SK |
231 | Add --bind-dynamic. A hybrid mode between the default and |
232 | --bind-interfaces which copes with dynamically created | |
233 | interfaces. | |
6b617c0d SK |
234 | |
235 | A couple of fixes to the build system for Android. Thanks | |
236 | to Metin Kaya for the patches. | |
54dd393f | 237 | |
8bc4cece SK |
238 | Remove the interface:<interface> argument in --dhcp-range, and |
239 | the interface argument to --enable-tftp. These were a | |
240 | still-born attempt to allow automatic isolated | |
241 | configuration by libvirt, but have never (to my knowledge) | |
242 | been used, had very strange semantics, and have been | |
243 | superceded by other mechanisms. | |
244 | ||
c4a7f90e SK |
245 | Fixed bug logging filenames when duplicate dhcp-host |
246 | addresses are found. Thanks to John Hanks for the patch. | |
247 | ||
611ebc5f SK |
248 | Fix regression in 2.61 which broke caching of CNAME |
249 | chains. Thanks to Atul Gupta for the bug report. | |
250 | ||
b271446f | 251 | Allow the target of a --cname flag to be another --cname. |
611ebc5f | 252 | |
42243214 SK |
253 | Teach DHCPv6 about the RFC 4242 information-refresh-time |
254 | option, and add parsing if the minutes, hours and days | |
255 | format for options. Thanks to Francois-Xavier Le Bail for | |
256 | the suggestion. | |
257 | ||
258 | Allow "w" (for week) as multiplier in lease times, as well | |
259 | as seconds, minutes, hours and days. Álvaro Gámez Machado | |
260 | spotted the ommission. | |
c4c0488a SK |
261 | |
262 | Update French translation. Thanks to Gildas Le Nadan. | |
42243214 | 263 | |
ad094275 SK |
264 | Allow a DBus service name to be given with --enable-dbus |
265 | which overrides the default, | |
266 | uk.org.thekelleys.dnsmasq. Thanks to Mathieu | |
267 | Trudel-Lapierre for the patch. | |
268 | ||
fd05f127 SK |
269 | Set the "prefix on-link" bit in Router |
270 | Advertisements. Thanks to Gui Iribarren for the patch. | |
271 | ||
078a630b | 272 | |
8358e0f4 SK |
273 | version 2.62 |
274 | Update German translation. Thanks to Conrad Kostecki. | |
275 | ||
f632e567 SK |
276 | Cope with router-solict packets wich don't have a valid |
277 | source address. Thanks to Vladislav Grishenko for the patch. | |
278 | ||
919dd7cf SK |
279 | Fixed bug which caused missing periodic router |
280 | advertisements with some configurations. Thanks to | |
281 | Vladislav Grishenko for the patch. | |
282 | ||
c64b7f6a SK |
283 | Fixed bug which broke DHCPv6/RA with prefix lengths |
284 | which are not divisible by 8. Thanks to Andre Coetzee | |
285 | for spotting this. | |
286 | ||
18c63eff SK |
287 | Fix non-response to router-solicitations when |
288 | router-advertisement configured, but DHCPv6 not | |
289 | configured. Thanks to Marien Zwart for the patch. | |
290 | ||
9f7f3b12 SK |
291 | Add --dns-rr, to allow arbitrary DNS resource records. |
292 | ||
5ae34bf3 SK |
293 | Fixed bug which broke RA scheduling when an interface had |
294 | two addresses in the same network. Thanks to Jim Bos for | |
295 | his help nailing this. | |
296 | ||
eabc6dd7 SK |
297 | version 2.61 |
298 | Re-write interface discovery code on *BSD to use | |
299 | getifaddrs. This is more portable, more straightforward, | |
300 | and allows us to find the prefix length for IPv6 | |
301 | addresses. | |
302 | ||
01d1b8dd SK |
303 | Add ra-names, ra-stateless and slaac keywords for DHCPv6. |
304 | Dnsmasq can now synthesise AAAA records for dual-stack | |
305 | hosts which get IPv6 addresses via SLAAC. It is also now | |
306 | possible to use SLAAC and stateless DHCPv6, and to | |
307 | tell clients to use SLAAC addresses as well as DHCP ones. | |
308 | Thanks to Dave Taht for help with this. | |
7023e382 | 309 | |
8b372704 SK |
310 | Add --dhcp-duid to allow DUID-EN uids to be used. |
311 | ||
8643ec7f SK |
312 | Explicity send DHCPv6 replies to the correct port, instead |
313 | of relying on clients to send requests with the correct | |
314 | source address, since at least one client in the wild gets | |
8358e0f4 | 315 | this wrong. Thanks to Conrad Kostecki for help tracking |
8643ec7f | 316 | this down. |
eabc6dd7 | 317 | |
8643ec7f SK |
318 | Send a preference value of 255 in DHCPv6 replies when |
319 | --dhcp-authoritative is in effect. This tells clients not | |
320 | to wait around for other DHCP servers. | |
321 | ||
322 | Better logging of DHCPv6 options. | |
323 | ||
e759d426 SK |
324 | Add --host-record. Thanks to Rob Zwissler for the |
325 | suggestion. | |
326 | ||
a9530964 SK |
327 | Invoke the DHCP script with action "tftp" when a TFTP file |
328 | transfer completes. The size of the file, address to which | |
329 | it was sent and complete pathname are supplied. Note that | |
330 | version 2.60 introduced some script incompatibilties | |
331 | associated with DHCPv6, and this is a further change. To | |
332 | be safe, scripts should ignore unknown actions, and if | |
333 | not IPv6-aware, should exit if the environment | |
334 | variable DNSMASQ_IAID is set. The use-case for this is | |
335 | to track netboot/install. Suggestion from Shantanu | |
336 | Gadgil. | |
337 | ||
338 | Update contrib/port-forward/dnsmasq-portforward to reflect | |
339 | the above. | |
340 | ||
341 | Set the environment variable DNSMASQ_LOG_DHCP when running | |
342 | the script id --log-dhcp is in effect, so that script can | |
52d4abf2 SK |
343 | taylor their logging verbosity. Suggestion from Malte |
344 | Forkel. | |
345 | ||
346 | Arrange that addresses specified with --listen-address | |
347 | work even if there is no interface carrying the | |
348 | address. This is chiefly useful for IPv4 loopback | |
349 | addresses, where any address in 127.0.0.0/8 is a valid | |
350 | loopback address, but normally only 127.0.0.1 appears on | |
351 | the lo interface. Thanks to Mathieu Trudel-Lapierre for | |
352 | the idea and initial patch. | |
a9530964 | 353 | |
7d2b5c95 SK |
354 | Fix crash, introduced in 2.60, when a DHCPINFORM is |
355 | received from a network which has no valid dhcp-range. | |
356 | Thanks to Stephane Glondu for the bug report. | |
357 | ||
c8257540 SK |
358 | Add a new DHCP lease time keyword, "deprecated" for |
359 | --dhcp-range. This is only valid for IPv6, and sets the | |
360 | preffered lease time for both DHCP and RA to zero. The | |
361 | effect is that clients can continue to use the address | |
362 | for existing connections, but new connections will use | |
363 | other addresses, if they exist. This makes hitless | |
364 | renumbering at least possible. | |
365 | ||
366 | Fix bug in address6_available() which caused DHCPv6 lease | |
8358e0f4 | 367 | aquisition to fail if more than one dhcp-range in use. |
18f0fb05 SK |
368 | |
369 | Provide RDNSS and DNSSL data in router advertisements, | |
370 | using the settings provided for DHCP options | |
371 | option6:domain-search and option6:dns-server. | |
6c559c34 SK |
372 | |
373 | Tweak logo/favicon.ico to add some transparency. Thanks to | |
374 | SamLT for work on this. | |
c8257540 | 375 | |
1023dcbc SK |
376 | Don't cache data from non-recursive nameservers, since it |
377 | may erroneously look like a valid CNAME to a non-exitant | |
378 | name. Thanks to Ben Winslow for finding this. | |
9380ba70 SK |
379 | |
380 | Call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP | |
8358e0f4 | 381 | on exactly one interface and --bind-interfaces is set. This |
9380ba70 SK |
382 | makes the OpenStack use-case of one dnsmasq per virtual |
383 | interface work. This is only available on Linux; it's not | |
384 | supported on other platforms. Thanks to Vishvananda Ishaya | |
e46164e0 SK |
385 | and the OpenStack team for the suggestion. |
386 | ||
387 | Updated French translation. Thanks to Gildas Le Nadan. | |
d1c759c5 SK |
388 | |
389 | Give correct from-cache answers to explict CNAME queries. | |
390 | Thanks to Rob Zwissler for spotting this. | |
1023dcbc | 391 | |
fc92ead0 | 392 | Add --tftp-lowercase option. Thanks to Oliver Rath for the |
61ce600b | 393 | patch. |
dcffad2a SK |
394 | |
395 | Ensure that the DBus DhcpLeaseUpdated events are generated | |
396 | when a lease goes through INIT_REBOOT state, even if the | |
8358e0f4 | 397 | dhcp-script is not in use. Thanks to Antoaneta-Ecaterina |
dcffad2a | 398 | Ene for the patch. |
19d69be2 SK |
399 | |
400 | Fix failure of TFTP over IPv4 on OpenBSD platform. Thanks | |
401 | to Brad Smith for spotting this. | |
61ce600b | 402 | |
c8257540 | 403 | |
c72daea8 SK |
404 | version 2.60 |
405 | Fix compilation problem in Mac OS X Lion. Thanks to Olaf | |
406 | Flebbe for the patch. | |
407 | ||
408 | Fix DHCP when using --listen-address with an IP address | |
409 | which is not the primary address of an interface. | |
410 | ||
411 | Add --dhcp-client-update option. | |
412 | ||
413 | Add Lua integration. Dnsmasq can now execute a DHCP | |
414 | lease-change script written in Lua. This needs to be | |
415 | enabled at compile time by setting HAVE_LUASCRIPT in | |
416 | src/config.h or running "make COPTS=-DHAVE_LUASCRIPT" | |
417 | Thanks to Jan-Piet Mens for the idea and proof-of-concept | |
418 | implementation. | |
419 | ||
420 | Tidied src/config.h to distinguish between | |
421 | platform-dependent compile-time options which are selected | |
422 | automatically, and builder-selectable compile time | |
423 | options. Document the latter better, and describe how to | |
424 | set them from the make command line. | |
425 | ||
426 | Tidied up IPPROTO_IP/SOL_IP (and IPv6 equivalent) | |
427 | confusion. IPPROTO_IP works everywhere now. | |
428 | ||
429 | Set TOS on DHCP sockets, this improves things on busy | |
430 | wireless networks. Thanks to Dave Taht for the patch. | |
431 | ||
984d2fde SK |
432 | Determine VERSION automatically based on git magic: |
433 | release tags or hash values. | |
c72daea8 | 434 | |
a2761754 SK |
435 | Improve start-up speed when reading large hosts files |
436 | containing many distinct addresses. | |
437 | ||
438 | Fix problem if dnsmasq is started without the stdin, | |
439 | stdout and stderr file descriptors open. This can manifest | |
440 | itself as 100% CPU use. Thanks to Chris Moore for finding | |
441 | this. | |
442 | ||
9bbc8876 SK |
443 | Fix shell-scripting bug in bld/pkg-wrapper. Thanks to |
444 | Mark Mitchell for the patch. | |
445 | ||
751d6f4a SK |
446 | Allow the TFP server or boot server in --pxe-service, to |
447 | be a domain name instead of an IP address. This allows for | |
448 | round-robin to multiple servers, in the same way as | |
449 | --dhcp-boot. A good suggestion from Cristiano Cumer. | |
450 | ||
fdacfb01 SK |
451 | Support BUILDDIR variable in the Makefile. Allows builds |
452 | for multiple archs from the same source tree with eg. | |
453 | make BUILDDIR=linux (relative to dnsmasq tree) | |
454 | make BUILDDIR=/tmp/openbsd (absolute path) | |
e5ffdb9c | 455 | If BUILDDIR is not set, compilation happens in the src |
b36ae194 SK |
456 | directory, as before. Suggestion from Mark Mitchell. |
457 | ||
fdacfb01 SK |
458 | Support DHCPv6. Support is there for the sort of things |
459 | the existing v4 server does, including tags, options, | |
460 | static addresses and relay support. Missing is prefix | |
461 | delegation, which is probably not required in the dnsmasq | |
462 | niche, and an easy way to accept prefix delegations from | |
463 | an upstream DHCPv6 server, which is. Future plans include | |
464 | support for DHCPv6 router option and MAC address option | |
465 | (to make selecting clients by MAC address work like IPv4). | |
466 | These will be added as the standards mature. | |
467 | This code has been tested, but this is the first release, | |
468 | so don't bet the farm on it just yet. Many thanks to all | |
469 | testers who have got it this far. | |
1adadf58 | 470 | |
ac8540c3 SK |
471 | Support IPv6 router advertisements. This is a |
472 | simple-minded implementation, aimed at providing the | |
473 | vestigial RA needed to go alongside IPv6. Is picks up | |
474 | configuration from the DHCPv6 conf, and should just need | |
475 | enabling with --enable-ra. | |
476 | ||
552af8b9 SK |
477 | Fix long-standing wrinkle with --localise-queries that |
478 | could result in wrong answers when DNS packets arrive | |
479 | via an interface other than the expected one. Thanks to | |
480 | Lorenzo Milesi and John Hanks for spotting this one. | |
71ee7ee2 SK |
481 | |
482 | Update French translation. Thanks to Gildas Le Nadan. | |
552af8b9 | 483 | |
df66e341 SK |
484 | Update Polish translation. Thanks to Jan Psota. |
485 | ||
486 | ||
74c95c25 | 487 | version 2.59 |
c72daea8 SK |
488 | Fix regression in 2.58 which caused failure to start up |
489 | with some combinations of dnsmasq config and IPv6 kernel | |
490 | network config. Thanks to Brielle Bruns for the bug | |
491 | report. | |
492 | ||
493 | Improve dnsmasq's behaviour when network interfaces are | |
494 | still doing duplicate address detection (DAD). Previously, | |
495 | dnsmasq would wait up to 20 seconds at start-up for the | |
496 | DAD state to terminate. This is broken for bridge | |
497 | interfaces on recent Linux kernels, which don't start DAD | |
498 | until the bridge comes up, and so can take arbitrary | |
499 | time. The new behaviour lets dnsmasq poll for an arbitrary | |
500 | time whilst providing service on other interfaces. Thanks | |
501 | to Stephen Hemminger for pointing out the problem. | |
74c95c25 SK |
502 | |
503 | ||
7de060b0 SK |
504 | version 2.58 |
505 | Provide a definition of the SA_SIZE macro where it's | |
506 | missing. Fixes build failure on openBSD. | |
507 | ||
508 | Don't include a zero terminator at the end of messages | |
509 | sent to /dev/log when /dev/log is a datagram socket. | |
510 | Thanks to Didier Rabound for spotting the problem. | |
511 | ||
512 | Add --dhcp-sequential-ip flag, to force allocation of IP | |
513 | addresses in ascending order. Note that the default | |
514 | pseudo-random mode is in general better but some | |
515 | server-deployment applications need this. | |
516 | ||
517 | Fix problem where a server-id of 0.0.0.0 is sent to a | |
518 | client when a dhcp-relay is in use if a client renews a | |
519 | lease after dnsmasq restart and before any clients on the | |
520 | subnet get a new lease. Thanks to Mike Ruiz for assistance | |
521 | in chasing this one down. | |
522 | ||
523 | Don't return NXDOMAIN to an AAAA query if we have CNAME | |
524 | which points to an A record only: NODATA is the correct | |
525 | reply in this case. Thanks to Tom Fernandes for spotting | |
526 | the problem. | |
527 | ||
528 | Relax the need to supply a netmask in --dhcp-range for | |
529 | networks which use a DHCP relay. Whilst this is still | |
530 | desireable, in the absence of a netmask dnsmasq will use | |
531 | a default based on the class (A, B, or C) of the address. | |
532 | This should at least remove a cause of mysterious failure | |
533 | for people using RFC1918 addresses and relays. | |
534 | ||
535 | Add support for Linux conntrack connection marking. If | |
536 | enabled with --conntrack, the connection mark for incoming | |
537 | DNS queries will be copied to the outgoing connections | |
538 | used to answer those queries. This allows clever firewall | |
539 | and accounting stuff. Only available if dnsmasq is | |
540 | compiled with HAVE_CONNTRACK and adds a dependency on | |
541 | libnetfilter-conntrack. Thanks to Ed Wildgoose for the | |
542 | initial idea, testing and sponsorship of this function. | |
543 | ||
544 | Provide a sane error message when someone attempts to | |
545 | match a tag in --dhcp-host. | |
546 | ||
547 | Tweak the behaviour of --domain-needed, to avoid problems | |
548 | with recursive nameservers downstream of dnsmasq. The new | |
549 | behaviour only stops A and AAAA queries, and returns | |
550 | NODATA rather than NXDOMAIN replies. | |
551 | ||
552 | Efficiency fix for very large DHCP configurations, thanks | |
553 | to James Gartrell and Mike Ruiz for help with this. | |
554 | ||
555 | Allow the TFTP-server address in --dhcp-boot to be a | |
556 | domain-name which is looked up in /etc/hosts. This can | |
557 | give multiple IP addresses which are used round-robin, | |
558 | thus doing TFTP server load-balancing. Thanks to Sushil | |
559 | Agrawal for the patch. | |
560 | ||
561 | When two tagged dhcp-options for a particular option | |
562 | number are both valid, use the one which is valid without | |
563 | a tag from the dhcp-range. Allows overriding of the value | |
564 | of a DHCP option for a particular host as well as | |
565 | per-network values. So | |
566 | --dhcp-range=set:interface1,...... | |
567 | --dhcp-host=set:myhost,..... | |
568 | --dhcp-option=tag:interface1,option:nis-domain,"domain1" | |
569 | --dhcp-option=tag:myhost,option:nis-domain,"domain2" | |
570 | will set the NIS-domain to domain1 for hosts in the range, but | |
571 | override that to domain2 for a particular host. | |
572 | ||
573 | Fix bug which resulted in truncated files and timeouts for | |
574 | some TFTP transfers. The bug only occurs with netascii | |
575 | transfers and needs an unfortunate relationship between | |
576 | file size, blocksize and the number of newlines in the | |
577 | last block before it manifests itself. Many thanks to | |
578 | Alkis Georgopoulos for spotting the problem and providing | |
579 | a comprehensive test-case. | |
580 | ||
581 | Fix regression in TFTP server on *BSD platforms introduced | |
582 | in version 2.56, due to confusion with sockaddr | |
de604c18 | 583 | length. Many thanks to Loic Pefferkorn for finding this. |
7de060b0 SK |
584 | |
585 | Support scope-ids in IPv6 addresses of nameservers from | |
586 | /etc/resolv.conf and in --server options. Eg | |
587 | nameserver fe80::202:a412:4512:7bbf%eth0 or | |
588 | server=fe80::202:a412:4512:7bbf%eth0. Thanks to | |
589 | Michael Stapelberg for the suggestion. | |
590 | ||
591 | Update Polish translation, thanks to Jan Psota. | |
592 | ||
593 | Update French translation. Thanks to Gildas Le Nadan. | |
594 | ||
595 | ||
572b41eb SK |
596 | version 2.57 |
597 | Add patches to allow build under Android. | |
598 | ||
599 | Provide our own header for the DNS protocol, rather than | |
600 | relying on arpa/nameser.h. This has proved more or less | |
601 | defective over the years and the final straw is that it's | |
602 | effectively empty on Android. | |
603 | ||
604 | Fix regression in 2.56 which caused hex constants in | |
605 | configuration to be rejected if they contain the '*' | |
606 | wildcard. | |
607 | ||
608 | Correct wrong casts of arguments to ctype.h functions, | |
609 | isdigit(), isxdigit() etc. Thanks to Matthias Andree for | |
610 | spotting this. | |
611 | ||
612 | Allow build with IDN support independently from i18n. | |
613 | IDN support continues to be included automatically | |
614 | when i18n is included. | |
615 | 'make COPTS=-DHAVE_IDN' is the magic incantation. | |
616 | ||
617 | Modify check on extraneous command line junk (added in | |
618 | 2.56) so that it doesn't complain about extra _empty_ | |
619 | arguments. Otherwise this breaks libvirt. | |
620 | ||
621 | ||
28866e95 SK |
622 | version 2.56 |
623 | Add a patch to allow dnsmasq to get interface names right in a | |
624 | Solaris zone. Thanks to Dj Padzensky for this. | |
625 | ||
626 | Improve data-type parsing heuristics so that | |
627 | --dhcp-option=option:domain-search,. | |
628 | treats the value as a string and not an IP address. | |
629 | Thanks to Clemens Fischer for spotting that. | |
630 | ||
631 | Add IPv6 support to the TFTP server. Many thanks to Jan | |
632 | 'RedBully' Seiffert for the patches. | |
633 | ||
634 | Log DNS queries at level LOG_INFO, rather then | |
635 | LOG_DEBUG. This makes things consistent with DHCP | |
636 | logging. Thanks to Adam Pribyl for spotting the problem. | |
637 | ||
638 | Ensure that dnsmasq terminates cleanly when using | |
639 | --syslog-async even if it cannot make a connection to the | |
640 | syslogd. | |
641 | ||
642 | Add --add-mac option. This is to support currently | |
643 | experimental DNS filtering facilities. Thanks to Benjamin | |
644 | Petrin for the orignal patch. | |
645 | ||
646 | Fix bug which meant that tags were ignored in dhcp-range | |
647 | configuration specifying PXE-proxy service. Thanks to | |
648 | Cristiano Cumer for spotting this. | |
649 | ||
650 | Raise an error if there is extra junk, not part of an | |
651 | option, on the command line. | |
652 | ||
653 | Flag a couple of log messages in cache.c as coming from | |
654 | the DHCP subsystem. Thanks to Olaf Westrik for the patch. | |
655 | ||
656 | Omit timestamps from logs when a) logging to stderr and | |
657 | b) --keep-in-forground is set. The logging facility on the | |
658 | other end of stderr can be assumned to supply them. Thanks | |
659 | to John Hallam for the patch. | |
660 | ||
661 | Don't complain about strings longer than 255 characters in | |
662 | --txt-record, just split the long strings into 255 | |
663 | character chunks instead. | |
664 | ||
665 | Fix crash on double-free. This bug can only happen when | |
666 | dhcp-script is in use and then only in rare circumstances | |
667 | triggered by high DHCP transaction rate and a slow | |
668 | script. Thanks to Ferenc Wagner for finding the problem. | |
669 | ||
670 | Only log that a file has been sent by TFTP after the | |
671 | transfer has completed succesfully. | |
672 | ||
673 | A good suggestion from Ferenc Wagner: extend | |
674 | the --domain option to allow this sort of thing: | |
675 | --domain=thekelleys.org.uk,192.168.0.0/24,local | |
676 | which automatically creates | |
677 | --local=/thekelleys.org.uk/ | |
678 | --local=/0.168.192.in-addr.arpa/ | |
679 | ||
680 | Tighten up syntax checking of hex contants in the config | |
681 | file. Thanks to Fred Damen for spotting this. | |
682 | ||
683 | Add dnsmasq logo/icon, contributed by Justin Swift. Many | |
684 | thanks for that. | |
685 | ||
686 | Never cache DNS replies which have the 'cd' bit set, or | |
687 | which result from queries forwarded with the 'cd' bit | |
688 | set. The 'cd' bit instructs a DNSSEC validating server | |
689 | upstream to ignore signature failures and return replies | |
690 | anyway. Without this change it's possible to pollute the | |
691 | dnsmasq cache with bad data by making a query with the | |
692 | 'cd' bit set and subsequent queries would return this data | |
693 | without its being marked as suspect. Thanks to Anders | |
694 | Kaseorg for pointing out this problem. | |
695 | ||
696 | Add --proxy-dnssec flag, for compliance with RFC | |
697 | 4035. Dnsmasq will now clear the 'ad' bit in answers returned | |
698 | from upstream validating nameservers unless this option is | |
699 | set. | |
700 | ||
701 | Allow a filename of "-" for --conf-file to read | |
702 | stdin. Suggestion from Timothy Redaelli. | |
703 | ||
704 | Rotate the order of SRV records in replies, to provide | |
705 | round-robin load balancing when all the priorities are | |
706 | equal. Thanks to Peter McKinney for the suggestion. | |
707 | ||
708 | Edit | |
709 | contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist | |
710 | so that it doesn't log all queries to a file by | |
711 | default. Thanks again to Peter McKinney. | |
712 | ||
713 | By default, setting an IPv4 address for a domain but not | |
714 | an IPv6 address causes dnsmasq to return | |
715 | an NODATA reply for IPv6 (or vice-versa). So | |
716 | --address=/google.com/1.2.3.4 stops IPv6 queries for | |
717 | *google.com from being forwarded. Make it possible to | |
718 | override this behaviour by defining the sematics if the | |
719 | same domain appears in both --server and --address. | |
720 | In that case, the --address has priority for the address | |
721 | family in which is appears, but the --server has priority | |
722 | of the address family which doesn't appear in --adddress | |
723 | So: | |
724 | --address=/google.com/1.2.3.4 | |
725 | --server=/google.com/# | |
726 | will return 1.2.3.4 for IPv4 queries for *.google.com but | |
727 | forward IPv6 queries to the normal upstream nameserver. | |
728 | Similarly when setting an IPv6 address | |
729 | only this will allow forwarding of IPv4 queries. Thanks to | |
730 | William for pointing out the need for this. | |
731 | ||
732 | Allow more than one --dhcp-optsfile and --dhcp-hostsfile | |
733 | and make them understand directories as arguments in the | |
734 | same way as --addn-hosts. Suggestion from John Hanks. | |
735 | ||
736 | Ignore rebinding requests for leases we don't know | |
737 | about. Rebind is broadcast, so we might get to overhear a | |
738 | request meant for another DHCP server. NAKing this is | |
739 | wrong. Thanks to Brad D'Hondt for assistance with this. | |
740 | ||
572b41eb SK |
741 | Fix cosmetic bug which produced strange output when |
742 | dumping cache statistics with some configurations. Thanks | |
743 | to Fedor Kozhevnikov for spotting this. | |
28866e95 SK |
744 | |
745 | ||
c52e1897 | 746 | version 2.55 |
28866e95 SK |
747 | Fix crash when /etc/ethers is in use. Thanks to |
748 | Gianluigi Tiesi for finding this. | |
c52e1897 | 749 | |
28866e95 SK |
750 | Fix crash in netlink_multicast(). Thanks to Arno Wald for |
751 | finding this one. | |
c52e1897 | 752 | |
28866e95 SK |
753 | Allow the empty domain "." in dhcp domain-search (119) |
754 | options. | |
c52e1897 SK |
755 | |
756 | ||
757 | version 2.54 | |
28866e95 SK |
758 | There is no version 2.54 to avoid confusion with 2.53, |
759 | which incorrectly identifies itself as 2.54. | |
c52e1897 SK |
760 | |
761 | ||
8ef5ada2 SK |
762 | version 2.53 |
763 | Fix failure to compile on Debian/kFreeBSD. Thanks to | |
764 | Axel Beckert and Petr Salinger. | |
765 | ||
766 | Fix code to avoid scary strict-aliasing warnings | |
767 | generated by gcc 4.4. | |
768 | ||
769 | Added FAQ entry warning about DHCP failures with Vista | |
770 | when firewalls block 255.255.255.255. | |
771 | ||
772 | Fixed bug which caused bad things to happen if a | |
773 | resolv.conf file which exists is subsequently removed. | |
774 | Thanks to Nikolai Saoukh for the patch. | |
775 | ||
776 | Rationalised the DHCP tag system. Every configuration item | |
777 | which can set a tag does so by adding "set:<tag>" and | |
778 | every configuration item which is conditional on a tag is | |
779 | made so by "tag:<tag>". The NOT operator changes to '!', | |
780 | which is a bit more intuitive too. Dhcp-host directives | |
781 | can set more than one tag now. The old '#' NOT, | |
782 | "net:" prefix and no-prefixes are still honoured, so | |
783 | no existing config file needs to be changed, but | |
784 | the documentation and new-style config files should be | |
785 | much less confusing. | |
786 | ||
787 | Added --tag-if to allow boolean operations on tags. | |
788 | This allows complicated logic to be clearer and more | |
789 | general. A great suggestion from Richard Voigt. | |
790 | ||
791 | Add broadcast/unicast information to DHCP logging. | |
792 | ||
793 | Allow --dhcp-broadcast to be unconditional. | |
794 | ||
795 | Fixed incorrect behaviour with NOT <tag> conditionals in | |
796 | dhcp-options. Thanks to Max Turkewitz for assistance | |
797 | finding this. | |
798 | ||
799 | If we send vendor-class encapsulated options based on the | |
800 | vendor-class supplied by the client, and no explicit | |
801 | vendor-class option is given, echo back the vendor-class | |
802 | from the client. | |
803 | ||
804 | Fix bug which stopped dnsmasq from matching both a | |
805 | circuitid and a remoteid. Thanks to Ignacio Bravo for | |
806 | finding this. | |
807 | ||
808 | Add --dhcp-proxy, which makes it possible to configure | |
809 | dnsmasq to use a DHCP relay agent as a full proxy, with | |
810 | all DHCP messages passing through the proxy. This is | |
811 | useful if the relay adds extra information to the packets | |
812 | it forwards, but cannot be configured with the RFC 5107 | |
813 | server-override option. | |
814 | ||
815 | Added interface:<iface name> part to dhcp-range. The | |
816 | semantics of this are very odd at first sight, but it | |
817 | allows a single line of the form | |
818 | dhcp-range=interface:virt0,192.168.0.4,192.168.0.200 | |
819 | to be added to dnsmasq configuration which then supplies | |
820 | DHCP and DNS services to that interface, without affecting | |
821 | what services are supplied to other interfaces and | |
822 | irrespective of the existance or lack of | |
823 | interface=<interface> | |
824 | lines elsewhere in the dnsmasq configuration. The idea is | |
825 | that such a line can be added automatically by libvirt | |
826 | or equivalent systems, without disturbing any manual | |
827 | configuration. | |
828 | ||
829 | Similarly to the above, allow --enable-tftp=<interface> | |
830 | ||
831 | Allow a TFTP root to be set separately for requests via | |
832 | different interfaces, --tftp-root=<path>,<interface> | |
833 | ||
834 | Correctly handle and log clashes between CNAMES and | |
835 | DNS names being given to DHCP leases. This fixes a bug | |
836 | which caused nonsense IP addresses to be logged. Thanks to | |
837 | Sergei Zhirikov for finding and analysing the problem. | |
838 | ||
839 | Tweak flush_log so as to avoid leaving the log | |
840 | file in non-blocking mode. O_NONBLOCK is a property of the | |
841 | file, not the process/descriptor. | |
842 | ||
843 | Fix contrib/Solaris10/create_package | |
844 | (/usr/man -> /usr/share/man) Thanks to Vita Batrla. | |
845 | ||
846 | Fix a problem where, if a client got a lease, then went | |
847 | to another subnet and got another lease, then moved back, | |
848 | it couldn't resume the old lease, but would instead get | |
849 | a new address. Thanks to Leonardo Rodrigues for spotting | |
850 | this and testing the fix. | |
851 | ||
852 | Fix weird bug which sometimes omitted certain characters | |
853 | from the start of quoted strings in dhcp-options. Thanks | |
854 | to Dayton Turner for spotting the problem. | |
855 | ||
856 | Add facility to redirect some domains to the standard | |
857 | upstream servers: this allows something like | |
858 | --server=/google.com/1.2.3.4 --server=/www.google.com/# | |
859 | which will send queries for *.google.com to 1.2.3.4, | |
860 | except *www.google.com which will be forwarded as usual. | |
861 | Thanks to AJ Weber for prompting this addition. | |
862 | ||
863 | Improve the hash-algorithm used to generate IP addresses | |
864 | from MAC addresses during initial DHCP address | |
865 | allocation. This improves performance when large numbers | |
866 | of hosts with similar MAC addresses all try and get an IP | |
867 | address at the same time. Thanks to Paul Smith for his | |
868 | work on this. | |
869 | ||
870 | Tweak DHCP code so that --bridge-interface can be used to | |
871 | select which IP alias of an interface should be used for | |
872 | DHCP purposes on Linux. If eth0 has an alias eth0:dhcp | |
873 | then adding --bridge-interface=eth0:dhcp,eth0 will use | |
874 | the address of eth0:dhcp to determine the correct subnet | |
875 | for DHCP address allocation. Thanks to Pawel Golaszewski | |
876 | for prompting this and Eric Cooper for further testing. | |
877 | ||
878 | Add --dhcp-generate-names. Suggestion by Ferenc Wagner. | |
879 | ||
880 | Tweak DNS server selection algorithm when there is more | |
881 | than one server available for a domain, eg. | |
882 | --server=/mydomain/1.1.1.1 | |
883 | --server=/mydomain/2.2.2.2 | |
884 | Thanks to Alberto Cuesta-Canada for spotting a weakness | |
885 | here. | |
886 | ||
887 | Add --max-ttl. Thanks to Fredrik Ringertz for the patch. | |
888 | ||
889 | Allow --log-facility=- to force all logging to | |
890 | stderr. Suggestion from Clemens Fischer. | |
891 | ||
892 | Fix regression which caused configuration like | |
893 | --address=/.domain.com/1.2.3.4 to be rejected. The dot to the | |
894 | left of the domain has been implied and not required for a | |
895 | long time, but it should be accepted for backward | |
896 | compatibility. Thanks to Andrew Burcin for spotting this. | |
897 | ||
898 | Add --rebind-domain-ok and --rebind-localhost-ok. | |
899 | Suggestion from Clemens Fischer. | |
900 | ||
901 | Log replies to queries of type TXT, when --log-queries | |
902 | is set. | |
903 | ||
904 | Fix compiler warnings when compiled with -DNO_DHCP. Thanks | |
905 | to Shantanu Gadgil for the patch. | |
906 | ||
907 | Updated French translation. Thanks to Gildas Le Nadan. | |
908 | ||
909 | Updated Polish translation. Thanks to Jan Psota. | |
910 | ||
911 | Updated German translation. Thanks to Matthias Andree. | |
912 | ||
913 | Added contrib/static-arp, thanks to Darren Hoo. | |
914 | ||
915 | Fix corruption of the domain when a name from /etc/hosts | |
916 | overrides one supplied by a DHCP client. Thanks to Fedor | |
917 | Kozhevnikov for spotting the problem. | |
918 | ||
919 | Updated Spanish translation. Thanks to Chris Chatham. | |
920 | ||
921 | ||
316e2730 SK |
922 | version 2.52 |
923 | Work around a Linux kernel bug which insists that the | |
924 | length of the option passed to setsockopt must be at least | |
925 | sizeof(int) bytes, even if we're calling SO_BINDTODEVICE | |
926 | and the device name is "lo". Note that this is fixed | |
927 | in kernel 2.6.31, but the workaround is harmless and | |
928 | allows earlier kernels to be used. Also fix dnsmasq | |
929 | bug which reported the wrong address when this failed. | |
930 | Thanks to Fedor for finding this. | |
931 | ||
932 | The API for IPv6 PKTINFO changed around Linux kernel | |
933 | 2.6.14. Workaround the case where dnsmasq is compiled | |
934 | against newer headers, but then run on an old kernel: | |
935 | necessary for some *WRT distros. | |
936 | ||
937 | Re-read the set of network interfaces when re-loading | |
938 | /etc/resolv.conf if --bind-interfaces is not set. This | |
939 | handles the case that loopback interfaces do not exist | |
940 | when dnsmasq is first started. | |
941 | ||
942 | Tweak the PXE code to support port 4011. This should | |
943 | reduce broadcasts and make things more reliable when other | |
944 | servers are around. It also improves inter-operability | |
945 | with certain clients. | |
946 | ||
947 | Make a pxe-service configuration with no filename or boot | |
948 | service type legal: this does a local boot. eg. | |
949 | pxe-service=x86PC, "Local boot" | |
950 | ||
951 | Be more conservative in detecting "A for A" | |
952 | queries. Dnsmasq checks if the name in a type=A query looks | |
953 | like a dotted-quad IP address and answers the query itself | |
954 | if so, rather than forwarding it. Previously dnsmasq | |
955 | relied in the library function inet_addr() to convert | |
956 | addresses, and that will accept some things which are | |
957 | confusing in this context, like 1.2.3 or even just | |
958 | 1234. Now we only do A for A processing for four decimal | |
959 | numbers delimited by dots. | |
960 | ||
961 | A couple of tweaks to fix compilation on Solaris. Thanks | |
962 | to Joel Macklow for help with this. | |
963 | ||
964 | Another Solaris compilation tweak, needed for Solaris | |
965 | 2009.06. Thanks to Lee Essen for that. | |
966 | ||
967 | Added extract packaging stuff from Lee Essen to | |
968 | contrib/Solaris10. | |
969 | ||
970 | Increased the default limit on number of leases to 1000 | |
971 | (from 150). This is mainly a defence against DoS attacks, | |
972 | and for the average "one for two class C networks" | |
973 | installation, IP address exhaustion does that just as | |
974 | well. Making the limit greater than the number of IP | |
975 | addresses available in such an installation removes a | |
976 | surprise which otherwise can catch people out. | |
977 | ||
978 | Removed extraneous trailing space in the value of the | |
979 | DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and | |
980 | DNSMASQ_LEASE_EXPIRES environment variables. Thanks to | |
981 | Gildas Le Nadan for spotting this. | |
982 | ||
983 | Provide the network-id tags for a DHCP transaction to | |
984 | the lease-change script in the environment variable | |
985 | DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan. | |
986 | ||
987 | Add support for RFC3925 "Vendor-Identifying Vendor | |
988 | Options". The syntax looks like this: | |
989 | --dhcp-option=vi-encap:<enterprise number>, ......... | |
990 | ||
991 | Add support to --dhcp-match to allow matching against | |
992 | RFC3925 "Vendor-Identifying Vendor Classes". The syntax | |
993 | looks like this: | |
994 | --dhcp-match=tag,vi-encap<enterprise number>, <value> | |
995 | ||
996 | Add some application specific code to assist in | |
997 | implementing the Broadband forum TR069 CPE-WAN | |
998 | specification. The details are in contrib/CPE-WAN/README | |
999 | ||
1000 | Increase the default DNS packet size limit to 4096, as | |
1001 | recommended by RFC5625 section 4.4.3. This can be | |
1002 | reconfigured using --edns-packet-max if needed. Thanks to | |
1003 | Francis Dupont for pointing this out. | |
1004 | ||
8ef5ada2 | 1005 | Rewrite query-ids even for TSIG signed packets, since |
316e2730 SK |
1006 | this is allowed by RFC5625 section 4.5. |
1007 | ||
1008 | Use getopt_long by default on OS X. It has been supported | |
1009 | since version 10.3.0. Thanks to Arek Dreyer for spotting | |
1010 | this. | |
1011 | ||
1012 | Added up-to-date startup configuration for MacOSX/launchd | |
1013 | in contrib/MacOSX-launchd. Thanks to Arek Dreyer for | |
1014 | providing this. | |
1015 | ||
1016 | Fix link error when including Dbus but excluding DHCP. | |
1017 | Thanks to Oschtan for the bug report. | |
1018 | ||
1019 | Updated French translation. Thanks to Gildas Le Nadan. | |
1020 | ||
1021 | Updated Polish translation. Thanks to Jan Psota. | |
1022 | ||
1023 | Updated Spanish translation. Thanks to Chris Chatham. | |
1024 | ||
8ef5ada2 SK |
1025 | Fixed confusion about domains, when looking up DHCP hosts |
1026 | in /etc/hosts. This could cause spurious "Ignoring | |
1027 | domain..." messages. Thanks to Fedor Kozhevnikov for | |
1028 | finding and analysing the problem. | |
316e2730 | 1029 | |
8ef5ada2 | 1030 | |
1f15b81d SK |
1031 | version 2.51 |
1032 | Add support for internationalised DNS. Non-ASCII characters | |
1033 | in domain names found in /etc/hosts, /etc/ethers and | |
1034 | /etc/dnsmasq.conf will be correctly handled by translation to | |
1035 | punycode, as specified in RFC3490. This function is only | |
1036 | available if dnsmasq is compiled with internationalisation | |
1037 | support, and adds a dependency on GNU libidn. Without i18n | |
1038 | support, dnsmasq continues to be compilable with just | |
1039 | standard tools. Thanks to Yves Dorfsman for the | |
1040 | suggestion. | |
1041 | ||
1042 | Add two more environment variables for lease-change scripts: | |
1043 | First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname | |
1044 | supplied by a client, even if the actual hostname used is | |
1045 | over-ridden by dhcp-host or dhcp-ignore-names directives. | |
1046 | Also DNSMASQ_RELAY_ADDRESS which gives the address of | |
1047 | a DHCP relay, if used. | |
1048 | Suggestions from Michael Rack. | |
1049 | ||
1050 | Fix regression which broke echo of relay-agent | |
1051 | options. Thanks to Michael Rack for spotting this. | |
1052 | ||
1053 | Don't treat option 67 as being interchangeable with | |
1054 | dhcp-boot parameters if it's specified as | |
1055 | dhcp-option-force. | |
1056 | ||
1057 | Make the code to call scripts on lease-change compile-time | |
1058 | optional. It can be switched off by editing src/config.h | |
1059 | or building with "make COPTS=-DNO_SCRIPT". | |
1060 | ||
1061 | Make the TFTP server cope with filenames from Windows/DOS | |
1062 | which use '\' as pathname separator. Thanks to Ralf for | |
1063 | the patch. | |
1064 | ||
1065 | Updated Polish translation. Thanks to Jan Psota. | |
1066 | ||
1067 | Warn if an IP address is duplicated in /etc/ethers. Thanks | |
1068 | to Felix Schwarz for pointing this out. | |
1069 | ||
1070 | Teach --conf-dir to take an option list of file suffices | |
1071 | which will be ignored when scanning the directory. Useful | |
1072 | for backup files etc. Thanks to Helmut Hullen for the | |
1073 | suggestion. | |
1074 | ||
1075 | Add new DHCP option named tftpserver-address, which | |
1076 | corresponds to the third argument of dhcp-boot. This | |
1077 | allows the complete functionality of dhcp-boot to be | |
1078 | replicated with dhcp-option. Useful when using | |
1079 | dhcp-optsfile. | |
1080 | ||
1081 | Test which upstream nameserver to use every 10 seconds | |
1082 | or 50 queries and not just when a query times out and | |
1083 | is retried. This should improve performance when there | |
1084 | is a slow nameserver in the list. Thanks to Joe for the | |
1085 | suggestion. | |
1086 | ||
1087 | Don't do any PXE processing, even for clients with the | |
1088 | correct vendorclass, unless at least one pxe-prompt or | |
1089 | pxe-service option is given. This stops dnsmasq | |
1090 | interfering with proxy PXE subsystems when it is just | |
1091 | the DHCP server. Thanks to Spencer Clark for spotting this. | |
1092 | ||
1093 | Limit the blocksize used for TFTP transfers to a value | |
1094 | which avoids packet fragmentation, based on the MTU of the | |
1095 | local interface. Many netboot ROMs can't cope with | |
1096 | fragmented packets. | |
1097 | ||
1098 | Honour dhcp-ignore configuration for PXE and proxy-PXE | |
1099 | requests. Thanks to Niels Basjes for the bug report. | |
1100 | ||
1101 | Updated French translation. Thanks to Gildas Le Nadan. | |
1102 | ||
1103 | ||
77e94da7 | 1104 | version 2.50 |
1f15b81d | 1105 | Fix security problem which allowed any host permitted to |
77e94da7 SK |
1106 | do TFTP to possibly compromise dnsmasq by remote buffer |
1107 | overflow when TFTP enabled. Thanks to Core Security | |
1108 | Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro | |
1109 | Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and | |
1110 | Pablo Annetta. This problem has Bugtraq id: 36121 | |
1111 | and CVE: 2009-2957 | |
1112 | ||
1113 | Fix a problem which allowed a malicious TFTP client to | |
1114 | crash dnsmasq. Thanks to Steve Grubb at Red Hat for | |
1115 | spotting this. This problem has Bugtraq id: 36120 and | |
1116 | CVE: 2009-2958 | |
1117 | ||
1118 | ||
03a97b61 SK |
1119 | version 2.49 |
1120 | Fix regression in 2.48 which disables the lease-change | |
1121 | script. Thanks to Jose Luis Duran for spotting this. | |
1122 | ||
1123 | Log TFTP "file not found" errors. These were not logged, | |
1124 | since a normal PXELinux boot generates many of them, but | |
1125 | the lack of the messages seems to be more confusing than | |
1126 | routinely seeing them when there is no real error. | |
1127 | ||
1128 | Update Spanish translation. Thanks to Chris Chatham. | |
1129 | ||
1130 | ||
7622fc06 SK |
1131 | version 2.48 |
1132 | Archived the extensive, backwards, changelog to | |
1133 | CHANGELOG.archive. The current changelog now runs from | |
1134 | version 2.43 and runs conventionally. | |
9e4abcb5 | 1135 | |
7622fc06 SK |
1136 | Fixed bug which broke binding of servers to physical |
1137 | interfaces when interface names were longer than four | |
1138 | characters. Thanks to MURASE Katsunori for the patch. | |
9e4abcb5 | 1139 | |
7622fc06 SK |
1140 | Fixed netlink code to check that messages come from the |
1141 | correct source, and not another userspace process. Thanks | |
1142 | to Steve Grubb for the patch. | |
9e4abcb5 | 1143 | |
7622fc06 SK |
1144 | Maintainability drive: removed bug and missing feature |
1145 | workarounds for some old platforms. Solaris 9, OpenBSD | |
1146 | older than 4.1, Glibc older than 2.2, Linux 2.2.x and | |
1147 | DBus older than 1.1.x are no longer supported. | |
9e4abcb5 | 1148 | |
7622fc06 SK |
1149 | Don't read included configuration files more than once: |
1150 | allows complex configuration structures without problems. | |
9e4abcb5 | 1151 | |
7622fc06 SK |
1152 | Mark log messages from the various subsystems in dnsmasq: |
1153 | messages from the DHCP subsystem now have the ident string | |
1154 | "dnsmasq-dhcp" and messages from TFTP have ident | |
1155 | "dnsmasq-tftp". Thanks to Olaf Westrik for the patch. | |
9e4abcb5 | 1156 | |
7622fc06 SK |
1157 | Fix possible infinite DHCP protocol loop when an IP |
1158 | address nailed to a hostname (not a MAC address) and a | |
1159 | host sometimes provides the name, sometimes not. | |
9e4abcb5 | 1160 | |
7622fc06 SK |
1161 | Allow --addn-hosts to take a directory: all the files |
1162 | in the directory are read. Thanks to Phil Cornelius for | |
1163 | the suggestion. | |
9e4abcb5 | 1164 | |
7622fc06 | 1165 | Support --bridge-interface on all platforms, not just BSD. |
1ab84e2f | 1166 | |
7622fc06 SK |
1167 | Added support for advanced PXE functions. It's now |
1168 | possible to define a prompt and menu options which will | |
1169 | be displayed when a client PXE boots. It's also possible to | |
1170 | hand-off booting to other boot servers. Proxy-DHCP, where | |
1171 | dnsmasq just supplies the PXE information and another DHCP | |
1172 | server does address allocation, is also allowed. See the | |
1173 | --pxe-prompt and --pxe-service keywords. Thanks to | |
1174 | Alkis Georgopoulos for the suggestion and Guilherme Moro | |
1175 | and Michael Brown for assistance. | |
1176 | ||
1177 | Improvements to DHCP logging. Thanks to Tom Metro for | |
1178 | useful suggestions. | |
3be34541 | 1179 | |
7622fc06 SK |
1180 | Add ability to build dnsmasq without DHCP support. To do |
1181 | this, edit src/config.h or build with | |
1182 | "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch. | |
36717eee | 1183 | |
7622fc06 SK |
1184 | Added --test command-line switch - syntax check |
1185 | configuration files only. | |
36717eee | 1186 | |
7622fc06 | 1187 | Updated French translation. Thanks to Gildas Le Nadan. |
fd9fa481 | 1188 | |
3d8df260 | 1189 | |
7622fc06 SK |
1190 | version 2.47 |
1191 | Updated French translation. Thanks to Gildas Le Nadan. | |
3d8df260 | 1192 | |
7622fc06 SK |
1193 | Fixed interface enumeration code to work on NetBSD |
1194 | 5.0. Thanks to Roy Marples for the patch. | |
3d8df260 | 1195 | |
7622fc06 SK |
1196 | Updated config.h to use the same location for the lease |
1197 | file on NetBSD as the other *BSD variants. Also allow | |
1198 | LEASEFILE and CONFFILE symbols to be overriden in CFLAGS. | |
3d8df260 | 1199 | |
7622fc06 SK |
1200 | Handle duplicate address detection on IPv6 more |
1201 | intelligently. In IPv6, an interface can have an address | |
1202 | which is not usable, because it is still undergoing DAD | |
1203 | (such addresses are marked "tentative"). Attempting to | |
1204 | bind to an address in this state returns an error, | |
1205 | EADDRNOTAVAIL. Previously, on getting such an error, | |
1206 | dnsmasq would silently abandon the address, and never | |
1207 | listen on it. Now, it retries once per second for 20 | |
1208 | seconds before generating a fatal error. 20 seconds should | |
1209 | be long enough for any DAD process to complete, but can be | |
1210 | adjusted in src/config.h if necessary. Thanks to Martin | |
1211 | Krafft for the bug report. | |
3d8df260 | 1212 | |
7622fc06 | 1213 | Add DBus introspection. Patch from Jeremy Laine. |
b8187c80 | 1214 | |
7622fc06 SK |
1215 | Update Dbus configuration file. Patch from Colin Walters. |
1216 | Fix for this bug: | |
1217 | http://bugs.freedesktop.org/show_bug.cgi?id=18961 | |
b8187c80 | 1218 | |
7622fc06 SK |
1219 | Support arbitrarily encapsulated DHCP options, suggestion |
1220 | and initial patch from Samium Gromoff. This is useful for | |
1221 | (eg) gPXE, which expect all its private options to be | |
1222 | encapsulated inside a single option 175. So, eg, | |
b8187c80 | 1223 | |
7622fc06 SK |
1224 | dhcp-option = encap:175, 190, "iscsi-client0" |
1225 | dhcp-option = encap:175, 191, "iscsi-client0-secret" | |
b8187c80 | 1226 | |
7622fc06 | 1227 | will provide iSCSI parameters to gPXE. |
b8187c80 | 1228 | |
7622fc06 SK |
1229 | Enhance --dhcp-match to allow testing of the contents of a |
1230 | client-sent option, as well as its presence. This | |
1231 | application in mind for this is RFC 4578 | |
1232 | client-architecture specifiers, but it's generally useful. | |
1233 | Joey Korkames suggested the enhancement. | |
b8187c80 | 1234 | |
7622fc06 SK |
1235 | Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on |
1236 | OpenSolaris. Thanks to Bastian Machek for the heads-up. | |
b8187c80 | 1237 | |
7622fc06 SK |
1238 | No longer complain about blank lines in |
1239 | /etc/ethers. Thanks to Jon Nelson for the patch. | |
b8187c80 | 1240 | |
7622fc06 SK |
1241 | Fix binding of servers to physical devices, eg |
1242 | --server=/domain/1.2.3.4@eth0 which was broken from 2.43 | |
1243 | onwards unless --query-port=0 set. Thanks to Peter Naulls | |
cdeda28f SK |
1244 | for the bug report. |
1245 | ||
7622fc06 SK |
1246 | Reply to DHCPINFORM requests even when the supplied ciaddr |
1247 | doesn't fall in any dhcp-range. In this case it's not | |
1248 | possible to supply a complete configuration, but | |
1249 | individually-configured options (eg PAC) may be useful. | |
5aabfc78 | 1250 | |
7622fc06 SK |
1251 | Allow the source address of an alias to be a range: |
1252 | --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole | |
1253 | subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255, | |
1254 | as before. | |
1255 | --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 | |
1256 | maps only the 192.168.0.10->192.168.0.40 region. Thanks to | |
1257 | Ib Uhrskov for the suggestion. | |
5aabfc78 | 1258 | |
7622fc06 SK |
1259 | Don't dynamically allocate DHCP addresses which may break |
1260 | Windows. Addresses which end in .255 or .0 are broken in | |
1261 | Windows even when using supernetting. | |
1262 | --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means | |
1263 | 192.168.0.255 is a valid IP address, but not for Windows. | |
1264 | See Microsoft KB281579. We therefore no longer allocate | |
1265 | these addresses to avoid hard-to-diagnose problems. | |
5aabfc78 | 1266 | |
7622fc06 | 1267 | Update Polish translation. Thanks to Jan Psota. |
5aabfc78 | 1268 | |
7622fc06 SK |
1269 | Delete the PID-file when dnsmasq shuts down. Note that by |
1270 | this time, dnsmasq is normally not running as root, so | |
1271 | this will fail if the PID-file is stored in a root-owned | |
1272 | directory; such failure is silently ignored. To take | |
1273 | advantage of this feature, the PID-file must be stored in a | |
1274 | directory owned and write-able by the user running | |
1275 | dnsmasq. | |
5aabfc78 | 1276 | |
5aabfc78 | 1277 | |
7622fc06 SK |
1278 | version 2.46 |
1279 | Allow --bootp-dynamic to take a netid tag, so that it may | |
1280 | be selectively enabled. Thanks to Olaf Westrik for the | |
1281 | suggestion. | |
5aabfc78 | 1282 | |
7622fc06 SK |
1283 | Remove ISC-leasefile reading code. This has been |
1284 | deprecated for a long time, and last time I removed it, it | |
1285 | ended up going back by request of one user. This time, | |
1286 | it's gone for good; otherwise it would need to be | |
1287 | re-worked to support multiple domains (see below). | |
5aabfc78 | 1288 | |
7622fc06 SK |
1289 | Support DHCP clients in multiple DNS domains. This is a |
1290 | long-standing request. Clients are assigned to a domain | |
1291 | based in their IP address. | |
5aabfc78 | 1292 | |
7622fc06 SK |
1293 | Add --dhcp-fqdn flag, which changes behaviour if DNS names |
1294 | assigned to DHCP clients. When this is set, there must be | |
1295 | a domain associated with each client, and only | |
1296 | fully-qualified domain names are added to the DNS. The | |
1297 | advantage is that the only the FQDN needs to be unique, | |
1298 | so that two or more DHCP clients can share a hostname, as | |
1299 | long as they are in different domains. | |
5aabfc78 | 1300 | |
7622fc06 SK |
1301 | Set environment variable DNSMASQ_DOMAIN when invoking |
1302 | lease-change script. This may be useful information to | |
1303 | have now that it's variable. | |
5aabfc78 | 1304 | |
7622fc06 SK |
1305 | Tighten up data-checking code for DNS packet |
1306 | handling. Thanks to Steve Dodd who found certain illegal | |
1307 | packets which could crash dnsmasq. No memory overwrite was | |
1308 | possible, so this is not a security issue beyond the DoS | |
1309 | potential. | |
824af85b | 1310 | |
7622fc06 SK |
1311 | Update example config dhcp option 47, the previous |
1312 | suggestion generated an illegal, zero-length, | |
1313 | option. Thanks to Matthias Andree for finding this. | |
824af85b | 1314 | |
7622fc06 SK |
1315 | Rewrite hosts-file reading code to remove the limit of |
1316 | 1024 characters per line. John C Meuser found this. | |
824af85b | 1317 | |
7622fc06 SK |
1318 | Create a net-id tag with the name of the interface on |
1319 | which the DHCP request was received. | |
824af85b | 1320 | |
7622fc06 SK |
1321 | Fixed minor memory leak in DBus code, thanks to Jeremy |
1322 | Laine for the patch. | |
824af85b | 1323 | |
7622fc06 SK |
1324 | Emit DBus signals as the DHCP lease database |
1325 | changes. Thanks to Jeremy Laine for the patch. | |
824af85b | 1326 | |
7622fc06 SK |
1327 | Allow for more that one MAC address in a dhcp-host |
1328 | line. This configuration tells dnsmasq that it's OK to | |
1329 | abandon a DHCP lease of the fixed address to one MAC | |
1330 | address, if another MAC address in the dhcp-host statement | |
1331 | asks for an address. This is useful to give a fixed | |
1332 | address to a host which has two network interfaces | |
1333 | (say, a laptop with wired and wireless interfaces.) | |
1334 | It's very important to ensure that only one interface | |
1335 | at a time is up, since dnsmasq abandons the first lease | |
1336 | and re-uses the address before the leased time has | |
1337 | elapsed. John Gray suggested this. | |
824af85b | 1338 | |
7622fc06 SK |
1339 | Tweak the response to a DHCP request packet with a wrong |
1340 | server-id when --dhcp-authoritative is set; dnsmasq now | |
1341 | returns a DHCPNAK, rather than silently ignoring the | |
1342 | packet. Thanks to Chris Marget for spotting this | |
1343 | improvement. | |
824af85b | 1344 | |
7622fc06 SK |
1345 | Add --cname option. This provides a limited alias |
1346 | function, usable for DHCP names. Thanks to AJ Weber for | |
1347 | suggestions on this. | |
824af85b | 1348 | |
7622fc06 SK |
1349 | Updated contrib/webmin with latest version from Neil |
1350 | Fisher. | |
824af85b | 1351 | |
7622fc06 | 1352 | Updated Polish translation. Thanks to Jan Psota. |
824af85b | 1353 | |
7622fc06 SK |
1354 | Correct the text names for DHCP options 64 and 65 to be |
1355 | "nis+-domain" and "nis+-servers". | |
9e038946 | 1356 | |
7622fc06 | 1357 | Updated Spanish translation. Thanks to Chris Chatham. |
9e038946 | 1358 | |
7622fc06 SK |
1359 | Force re-reading of /etc/resolv.conf when an "interface |
1360 | up" event occurs. | |
9e038946 | 1361 | |
824af85b | 1362 | |
7622fc06 SK |
1363 | version 2.45 |
1364 | Fix total DNS failure in release 2.44 unless --min-port | |
1365 | specified. Thanks to Steven Barth and Grant Coady for | |
1366 | bugreport. Also reject out-of-range port spec, which could | |
1367 | break things too: suggestion from Gilles Espinasse. | |
824af85b | 1368 | |
9e038946 | 1369 | |
7622fc06 SK |
1370 | version 2.44 |
1371 | Fix crash when unknown client attempts to renew a DHCP | |
1372 | lease, problem introduced in version 2.43. Thanks to | |
1373 | Carlos Carvalho for help chasing this down. | |
9e038946 | 1374 | |
7622fc06 SK |
1375 | Fix potential crash when a host which doesn't have a lease |
1376 | does DHCPINFORM. Again introduced in 2.43. This bug has | |
1377 | never been reported in the wild. | |
9e038946 | 1378 | |
7622fc06 SK |
1379 | Fix crash in netlink code introduced in 2.43. Thanks to |
1380 | Jean Wolter for finding this. | |
9e038946 | 1381 | |
7622fc06 SK |
1382 | Change implementation of min_port to work even if min-port |
1383 | is large. | |
9e038946 | 1384 | |
7622fc06 SK |
1385 | Patch to enable compilation of latest Mac OS X. Thanks to |
1386 | David Gilman. | |
9e038946 | 1387 | |
7622fc06 | 1388 | Update Spanish translation. Thanks to Christopher Chatham. |
1a6bca81 SK |
1389 | |
1390 | ||
1391 | version 2.43 | |
1392 | Updated Polish translation. Thanks to Jan Psota. | |
1393 | ||
1394 | Flag errors when configuration options are repeated | |
1395 | illegally. | |
1396 | ||
1397 | Further tweaks for GNU/kFreeBSD | |
1398 | ||
1399 | Add --no-wrap to msgmerge call - provides nicer .po file | |
1400 | format. | |
1401 | ||
1402 | Honour lease-time spec in dhcp-host lines even for | |
1403 | BOOTP. The user is assumed to known what they are doing in | |
1404 | this case. (Hosts without the time spec still get infinite | |
1405 | leases for BOOTP, over-riding the default in the | |
1406 | dhcp-range.) Thanks to Peter Katzmann for uncovering this. | |
1407 | ||
1408 | Fix problem matching relay-agent ids. Thanks to Michael | |
1409 | Rack for the bug report. | |
1410 | ||
1411 | Add --naptr-record option. Suggestion from Johan | |
1412 | Bergquist. | |
1413 | ||
1414 | Implement RFC 5107 server-id-override DHCP relay agent | |
1415 | option. | |
1416 | ||
1417 | Apply patches from Stefan Kruger for compilation on | |
1418 | Solaris 10 under Sun studio. | |
1419 | ||
1420 | Yet more tweaking of Linux capability code, to suppress | |
1421 | pointless wingeing from kernel 2.6.25 and above. | |
1422 | ||
1423 | Improve error checking during startup. Previously, some | |
1424 | errors which occurred during startup would be worked | |
1425 | around, with dnsmasq still starting up. Some were logged, | |
1426 | some silent. Now, they all cause a fatal error and dnsmasq | |
1427 | terminates with a non-zero exit code. The errors are those | |
1428 | associated with changing uid and gid, setting process | |
1429 | capabilities and writing the pidfile. Thanks to Uwe | |
1430 | Gansert and the Suse security team for pointing out | |
1431 | this improvement, and Bill Reimers for good implementation | |
1432 | suggestions. | |
1433 | ||
1434 | Provide NO_LARGEFILE compile option to switch off largefile | |
1435 | support when compiling against versions of uclibc which | |
1436 | don't support it. Thanks to Stephane Billiart for the patch. | |
1437 | ||
1438 | Implement random source ports for interactions with | |
1439 | upstream nameservers. New spoofing attacks have been found | |
1440 | against nameservers which do not do this, though it is not | |
1441 | clear if dnsmasq is vulnerable, since to doesn't implement | |
1442 | recursion. By default dnsmasq will now use a different | |
1443 | source port (and socket) for each query it sends | |
1444 | upstream. This behaviour can suppressed using the | |
1445 | --query-port option, and the old default behaviour | |
1446 | restored using --query-port=0. Explicit source-port | |
1447 | specifications in --server configs are still honoured. | |
1448 | ||
1449 | Replace the random number generator, for better | |
1450 | security. On most BSD systems, dnsmasq uses the | |
1451 | arc4random() RNG, which is secure, but on other platforms, | |
1452 | it relied on the C-library RNG, which may be | |
1453 | guessable and therefore allow spoofing. This release | |
1454 | replaces the libc RNG with the SURF RNG, from Daniel | |
1455 | J. Berstein's DJBDNS package. | |
1456 | ||
1457 | Don't attempt to change user or group or set capabilities | |
1458 | if dnsmasq is run as a non-root user. Without this, the | |
1459 | change from soft to hard errors when these fail causes | |
1460 | problems for non-root daemons listening on high | |
1461 | ports. Thanks to Patrick McLean for spotting this. | |
1462 | ||
1463 | Updated French translation. Thanks to Gildas Le Nadan. | |
1f15b81d SK |
1464 | |
1465 | ||
1466 | version 2.42 | |
1467 | The changelog for version 2.42 and earlier is | |
1468 | available in CHANGELOG.archive. |