]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - CHANGELOG
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Allow trailing '*' wildcard in interface names.
[people/ms/dnsmasq.git] / CHANGELOG
CommitLineData
333b2ceb
SK		 1version 2.66
2 Add the ability to act as an authoritative DNS
3 server. Dnsmasq can now answer queries from the wider 'net
4 with local data, as long as the correct NS records are set
5 up. Only local data is provided, to avoid creating an open
6 DNS relay. Zone transfer is supported, to allow secondary
7 servers to be configured.
8
9 Add "constructed DHCP ranges" for DHCPv6. This is intended
10 for IPv6 routers which get prefixes dynamically via prefix
11 delegation. With suitable configuration, stateful DHCPv6
12 and RA can happen automatically as prefixes are delegated
13 and then deprecated, without having to re-write the
14 dnsmasq configuration file or restart the daemon. Thanks to
15 Steven Barth for extensive testing and development work on
16 this idea.
71c73ac1
SK		 17
18 Fix crash on startup on Solaris 11. Regression probably
22ce550e
SK		 19 introduced in 2.61. Thanks to Geoff Johnstone for the
20 patch.
21
22 Add code to make behaviour for TCP DNS requests that same
23 as for UDP requests, when a request arrives for an allowed
24 address, but via a banned interface. This change is only
25 active on Linux, since the relevant API is missing (AFAIK)
26 on other platforms. Many thanks to Tomas Hozza for
27 spotting the problem, and doing invaluable discovery of
28 the obscure and undocumented API required for the solution.
a21e27bc
SK		 29
30 Don't send the default DHCP option advertising dnsmasq as
31 the local DNS server if dnsmasq is configured to not act
32 as DNS server, or it's configured to a non-standard port.
dd1721c7
SK		 33
34 Add DNSMASQ_CIRCUIT_ID, DNSMASQ_SUBCRIBER_ID,
35 DNSMASQ_REMOTE_ID variables to the environment of the
36 lease-change script (and the correponding Lua). These hold
37 information inserted into the DHCP request by a DHCP relay
38 agent. Thanks to Lakefield Communications for providing a
39 bounty for this addition.
40
4038ae20
SK		 41 Fixed crash, introduced in 2.64, whilst handling DHCPv6
42 information-requests with some common configurations.
43 Thanks to Robert M. Albrecht for the bug report and
44 chasing the problem.
45
13d86c73
JD		 46 Add --ipset option. Thanks to Jason A. Donenfeld for the
47 patch.
48
c7961075
SK		 49 Don't erroneously reject some option names in --dhcp-match
50 options. Thnaks to Benedikt Hochstrasser for the bug report.
49333cbd
SK		 51
52 Allow a trailing '*' wildcard in all interface-name
53 configurations. Thanks to Christian Parpart for the patch.
c7961075 54
49333cbd 55
ee86ce68
SK		 56version 2.65
57 Fix regression which broke forwarding of queries sent via
58 TCP which are not for A and AAAA and which were directed to
59 non-default servers. Thanks to Niax for the bug report.
60
b5a8dd1d
SK		 61 Fix failure to build with DHCP support excluded. Thanks to
62 Gustavo Zacarias for the patch.
1d6c6393
SK		 63
64 Fix nasty regression in 2.64 which completely broke cacheing.
b5a8dd1d
SK		 65
66
2e34ac14
SK		 67version 2.64
68 Handle DHCP FQDN options with all flag bits zero and
69 --dhcp-client-update set. Thanks to Bernd Krumbroeck for
70 spotting the problem.
71
12d71ed2
SK		 72 Finesse the check for /etc/hosts names which conflict with
73 DHCP names. Previously a name/address pair in /etc/hosts
74 which didn't match the name/address of a DHCP lease would
75 generate a warning. Now that only happesn if there is not
76 also a match. This allows multiple addresses for a name in
77 /etc/hosts with one of them assigned via DHCP.
78
4d0f5b4c
SK		 79 Fix broken vendor-option processing for BOOTP. Thanks to
80 Hans-Joachim Baader for the bug report.
81
dfb23b3f
SK		 82 Don't report spurious netlink errors, regression in
83 2.63. Thanks to Vladislav Grishenko for the patch.
84
2b127a1e
SK		 85 Flag DHCP or DHCPv6 in starup logging. Thanks to
86 Vladislav Grishenko for the patch.
87
295a54ee 88 Add SetServersEx method in DBus interface. Thanks to Dan
faafb3f7
SK		 89 Williams for the patch.
90
295a54ee
SK		 91 Add SetDomainServers method in DBus interface. Thanks to
92 Roy Marples for the patch.
93
289a2535
SK		 94 Fix build with later Lua libraries. Thansk to Cristian
95 Rodriguez for the patch.
2e34ac14 96
1d860415
SK		 97 Add --max-cache-ttl option. Thanks to Dennis Kaarsemaker
98 for the patch.
99
e4807d8b
SK		 100 Fix breakage of --host-record parsing, resulting in
101 infinte loop at startup. Regression in 2.63. Thanks to
102 Haim Gelfenbeyn for spotting this.
103
2022310f
SK		 104 Set SO_REUSEADDRESS and SO_V6ONLY options on the DHCPv6
105 socket, this allows multiple instances of dnsmasq on a
106 single machine, in the same way as for DHCPv4. Thanks to
107 Gene Czarcinski and Vladislav Grishenko for work on this.
108
be6cfb42
SK		 109 Fix DHCPv6 to do access control correctly when it's
110 configured with --listen-address. Thanks to
111 Gene Czarcinski for sorting this out.
112
819ff4dd
SK		 113 Add a "wildcard" dhcp-range which works for any IPv6
114 subnet, --dhcp-range=::,static Useful for Stateless
115 DHCPv6. Thanks to Vladislav Grishenko for the patch.
116
d1a5975f
SK		 117 Don't include lease-time in DHCPACK replies to DHCPINFORM
118 queries, since RFC-2131 says we shouldn't. Thanks to
119 Wouter Ibens for pointing this out.
8e4b8791
SK		 120
121 Makefile tweak to do dependency checking on header files.
122 Thanks to Johan Peeters for the patch.
d89fb4ed
SK		 123
124 Check interface for outgoing unsolicited router
125 advertisements, rather than relying on interface address
126 configuration. Thanks to Gene Czarinski for the patch.
29d28dda
SK		 127
128 Handle better attempts to transmit on interfaces which are
129 still doing DAD, and specifically do not just transmit
130 without setting source address and interface, since this
131 can cause very puzzling effects when a router
132 advertisement goes astray. Thanks again to Gene Czarinski.
133
134 Get RA timers right when there is more than one
135 dhcp-range on a subnet.
289a2535 136
d1a5975f 137
078a630b
SK		 138version 2.63
139 Do duplicate dhcp-host address check in --test mode.
140
8b3ae2fd
SK		 141 Check that tftp-root directories are accessible before
142 start-up. Thanks to Daniel Veillard for the initial patch.
143
144 Allow more than one --tfp-root flag. The per-interface
145 stuff is pointless without that.
146
54dd393f
SK		 147 Add --bind-dynamic. A hybrid mode between the default and
148 --bind-interfaces which copes with dynamically created
149 interfaces.
6b617c0d
SK		 150
151 A couple of fixes to the build system for Android. Thanks
152 to Metin Kaya for the patches.
54dd393f 153
8bc4cece
SK		 154 Remove the interface:<interface> argument in --dhcp-range, and
155 the interface argument to --enable-tftp. These were a
156 still-born attempt to allow automatic isolated
157 configuration by libvirt, but have never (to my knowledge)
158 been used, had very strange semantics, and have been
159 superceded by other mechanisms.
160
c4a7f90e
SK		 161 Fixed bug logging filenames when duplicate dhcp-host
162 addresses are found. Thanks to John Hanks for the patch.
163
611ebc5f
SK		 164 Fix regression in 2.61 which broke caching of CNAME
165 chains. Thanks to Atul Gupta for the bug report.
166
b271446f 167 Allow the target of a --cname flag to be another --cname.
611ebc5f 168
42243214
SK		 169 Teach DHCPv6 about the RFC 4242 information-refresh-time
170 option, and add parsing if the minutes, hours and days
171 format for options. Thanks to Francois-Xavier Le Bail for
172 the suggestion.
173
174 Allow "w" (for week) as multiplier in lease times, as well
175 as seconds, minutes, hours and days. Álvaro Gámez Machado
176 spotted the ommission.
c4c0488a
SK		 177
178 Update French translation. Thanks to Gildas Le Nadan.
42243214 179
ad094275
SK		 180 Allow a DBus service name to be given with --enable-dbus
181 which overrides the default,
182 uk.org.thekelleys.dnsmasq. Thanks to Mathieu
183 Trudel-Lapierre for the patch.
184
fd05f127
SK		 185 Set the "prefix on-link" bit in Router
186 Advertisements. Thanks to Gui Iribarren for the patch.
187
078a630b 188
8358e0f4
SK		 189version 2.62
190 Update German translation. Thanks to Conrad Kostecki.
191
f632e567
SK		 192 Cope with router-solict packets wich don't have a valid
193 source address. Thanks to Vladislav Grishenko for the patch.
194
919dd7cf
SK		 195 Fixed bug which caused missing periodic router
196 advertisements with some configurations. Thanks to
197 Vladislav Grishenko for the patch.
198
c64b7f6a
SK		 199 Fixed bug which broke DHCPv6/RA with prefix lengths
200 which are not divisible by 8. Thanks to Andre Coetzee
201 for spotting this.
202
18c63eff
SK		 203 Fix non-response to router-solicitations when
204 router-advertisement configured, but DHCPv6 not
205 configured. Thanks to Marien Zwart for the patch.
206
9f7f3b12
SK		 207 Add --dns-rr, to allow arbitrary DNS resource records.
208
5ae34bf3
SK		 209 Fixed bug which broke RA scheduling when an interface had
210 two addresses in the same network. Thanks to Jim Bos for
211 his help nailing this.
212
eabc6dd7
SK		 213version 2.61
214 Re-write interface discovery code on *BSD to use
215 getifaddrs. This is more portable, more straightforward,
216 and allows us to find the prefix length for IPv6
217 addresses.
218
01d1b8dd
SK		 219 Add ra-names, ra-stateless and slaac keywords for DHCPv6.
220 Dnsmasq can now synthesise AAAA records for dual-stack
221 hosts which get IPv6 addresses via SLAAC. It is also now
222 possible to use SLAAC and stateless DHCPv6, and to
223 tell clients to use SLAAC addresses as well as DHCP ones.
224 Thanks to Dave Taht for help with this.
7023e382 225
8b372704
SK		 226 Add --dhcp-duid to allow DUID-EN uids to be used.
227
8643ec7f
SK		 228 Explicity send DHCPv6 replies to the correct port, instead
229 of relying on clients to send requests with the correct
230 source address, since at least one client in the wild gets
8358e0f4 231 this wrong. Thanks to Conrad Kostecki for help tracking
8643ec7f 232 this down.
eabc6dd7 233
8643ec7f
SK		 234 Send a preference value of 255 in DHCPv6 replies when
235 --dhcp-authoritative is in effect. This tells clients not
236 to wait around for other DHCP servers.
237
238 Better logging of DHCPv6 options.
239
e759d426
SK		 240 Add --host-record. Thanks to Rob Zwissler for the
241 suggestion.
242
a9530964
SK		 243 Invoke the DHCP script with action "tftp" when a TFTP file
244 transfer completes. The size of the file, address to which
245 it was sent and complete pathname are supplied. Note that
246 version 2.60 introduced some script incompatibilties
247 associated with DHCPv6, and this is a further change. To
248 be safe, scripts should ignore unknown actions, and if
249 not IPv6-aware, should exit if the environment
250 variable DNSMASQ_IAID is set. The use-case for this is
251 to track netboot/install. Suggestion from Shantanu
252 Gadgil.
253
254 Update contrib/port-forward/dnsmasq-portforward to reflect
255 the above.
256
257 Set the environment variable DNSMASQ_LOG_DHCP when running
258 the script id --log-dhcp is in effect, so that script can
52d4abf2
SK		 259 taylor their logging verbosity. Suggestion from Malte
260 Forkel.
261
262 Arrange that addresses specified with --listen-address
263 work even if there is no interface carrying the
264 address. This is chiefly useful for IPv4 loopback
265 addresses, where any address in 127.0.0.0/8 is a valid
266 loopback address, but normally only 127.0.0.1 appears on
267 the lo interface. Thanks to Mathieu Trudel-Lapierre for
268 the idea and initial patch.
a9530964 269
7d2b5c95
SK		 270 Fix crash, introduced in 2.60, when a DHCPINFORM is
271 received from a network which has no valid dhcp-range.
272 Thanks to Stephane Glondu for the bug report.
273
c8257540
SK		 274 Add a new DHCP lease time keyword, "deprecated" for
275 --dhcp-range. This is only valid for IPv6, and sets the
276 preffered lease time for both DHCP and RA to zero. The
277 effect is that clients can continue to use the address
278 for existing connections, but new connections will use
279 other addresses, if they exist. This makes hitless
280 renumbering at least possible.
281
282 Fix bug in address6_available() which caused DHCPv6 lease
8358e0f4 283 aquisition to fail if more than one dhcp-range in use.
18f0fb05
SK		 284
285 Provide RDNSS and DNSSL data in router advertisements,
286 using the settings provided for DHCP options
287 option6:domain-search and option6:dns-server.
6c559c34
SK		 288
289 Tweak logo/favicon.ico to add some transparency. Thanks to
290 SamLT for work on this.
c8257540 291
1023dcbc
SK		 292 Don't cache data from non-recursive nameservers, since it
293 may erroneously look like a valid CNAME to a non-exitant
294 name. Thanks to Ben Winslow for finding this.
9380ba70
SK		 295
296 Call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP
8358e0f4 297 on exactly one interface and --bind-interfaces is set. This
9380ba70
SK		 298 makes the OpenStack use-case of one dnsmasq per virtual
299 interface work. This is only available on Linux; it's not
300 supported on other platforms. Thanks to Vishvananda Ishaya
e46164e0
SK		 301 and the OpenStack team for the suggestion.
302
303 Updated French translation. Thanks to Gildas Le Nadan.
d1c759c5
SK		 304
305 Give correct from-cache answers to explict CNAME queries.
306 Thanks to Rob Zwissler for spotting this.
1023dcbc 307
fc92ead0 308 Add --tftp-lowercase option. Thanks to Oliver Rath for the
61ce600b 309 patch.
dcffad2a
SK		 310
311 Ensure that the DBus DhcpLeaseUpdated events are generated
312 when a lease goes through INIT_REBOOT state, even if the
8358e0f4 313 dhcp-script is not in use. Thanks to Antoaneta-Ecaterina
dcffad2a 314 Ene for the patch.
19d69be2
SK		 315
316 Fix failure of TFTP over IPv4 on OpenBSD platform. Thanks
317 to Brad Smith for spotting this.
61ce600b 318
c8257540 319
c72daea8
SK		 320version 2.60
321 Fix compilation problem in Mac OS X Lion. Thanks to Olaf
322 Flebbe for the patch.
323
324 Fix DHCP when using --listen-address with an IP address
325 which is not the primary address of an interface.
326
327 Add --dhcp-client-update option.
328
329 Add Lua integration. Dnsmasq can now execute a DHCP
330 lease-change script written in Lua. This needs to be
331 enabled at compile time by setting HAVE_LUASCRIPT in
332 src/config.h or running "make COPTS=-DHAVE_LUASCRIPT"
333 Thanks to Jan-Piet Mens for the idea and proof-of-concept
334 implementation.
335
336 Tidied src/config.h to distinguish between
337 platform-dependent compile-time options which are selected
338 automatically, and builder-selectable compile time
339 options. Document the latter better, and describe how to
340 set them from the make command line.
341
342 Tidied up IPPROTO_IP/SOL_IP (and IPv6 equivalent)
343 confusion. IPPROTO_IP works everywhere now.
344
345 Set TOS on DHCP sockets, this improves things on busy
346 wireless networks. Thanks to Dave Taht for the patch.
347
984d2fde
SK		 348 Determine VERSION automatically based on git magic:
349 release tags or hash values.
c72daea8 350
a2761754
SK		 351 Improve start-up speed when reading large hosts files
352 containing many distinct addresses.
353
354 Fix problem if dnsmasq is started without the stdin,
355 stdout and stderr file descriptors open. This can manifest
356 itself as 100% CPU use. Thanks to Chris Moore for finding
357 this.
358
9bbc8876
SK		 359 Fix shell-scripting bug in bld/pkg-wrapper. Thanks to
360 Mark Mitchell for the patch.
361
751d6f4a
SK		 362 Allow the TFP server or boot server in --pxe-service, to
363 be a domain name instead of an IP address. This allows for
364 round-robin to multiple servers, in the same way as
365 --dhcp-boot. A good suggestion from Cristiano Cumer.
366
fdacfb01
SK		 367 Support BUILDDIR variable in the Makefile. Allows builds
368 for multiple archs from the same source tree with eg.
369 make BUILDDIR=linux (relative to dnsmasq tree)
370 make BUILDDIR=/tmp/openbsd (absolute path)
e5ffdb9c 371 If BUILDDIR is not set, compilation happens in the src
b36ae194
SK		 372 directory, as before. Suggestion from Mark Mitchell.
373
fdacfb01
SK		 374 Support DHCPv6. Support is there for the sort of things
375 the existing v4 server does, including tags, options,
376 static addresses and relay support. Missing is prefix
377 delegation, which is probably not required in the dnsmasq
378 niche, and an easy way to accept prefix delegations from
379 an upstream DHCPv6 server, which is. Future plans include
380 support for DHCPv6 router option and MAC address option
381 (to make selecting clients by MAC address work like IPv4).
382 These will be added as the standards mature.
383 This code has been tested, but this is the first release,
384 so don't bet the farm on it just yet. Many thanks to all
385 testers who have got it this far.
1adadf58 386
ac8540c3
SK		 387 Support IPv6 router advertisements. This is a
388 simple-minded implementation, aimed at providing the
389 vestigial RA needed to go alongside IPv6. Is picks up
390 configuration from the DHCPv6 conf, and should just need
391 enabling with --enable-ra.
392
552af8b9
SK		 393 Fix long-standing wrinkle with --localise-queries that
394 could result in wrong answers when DNS packets arrive
395 via an interface other than the expected one. Thanks to
396 Lorenzo Milesi and John Hanks for spotting this one.
71ee7ee2
SK		 397
398 Update French translation. Thanks to Gildas Le Nadan.
552af8b9 399
df66e341
SK		 400 Update Polish translation. Thanks to Jan Psota.
401
402
74c95c25 403version 2.59
c72daea8
SK		 404 Fix regression in 2.58 which caused failure to start up
405 with some combinations of dnsmasq config and IPv6 kernel
406 network config. Thanks to Brielle Bruns for the bug
407 report.
408
409 Improve dnsmasq's behaviour when network interfaces are
410 still doing duplicate address detection (DAD). Previously,
411 dnsmasq would wait up to 20 seconds at start-up for the
412 DAD state to terminate. This is broken for bridge
413 interfaces on recent Linux kernels, which don't start DAD
414 until the bridge comes up, and so can take arbitrary
415 time. The new behaviour lets dnsmasq poll for an arbitrary
416 time whilst providing service on other interfaces. Thanks
417 to Stephen Hemminger for pointing out the problem.
74c95c25
SK		 418
419
7de060b0
SK		 420version 2.58
421 Provide a definition of the SA_SIZE macro where it's
422 missing. Fixes build failure on openBSD.
423
424 Don't include a zero terminator at the end of messages
425 sent to /dev/log when /dev/log is a datagram socket.
426 Thanks to Didier Rabound for spotting the problem.
427
428 Add --dhcp-sequential-ip flag, to force allocation of IP
429 addresses in ascending order. Note that the default
430 pseudo-random mode is in general better but some
431 server-deployment applications need this.
432
433 Fix problem where a server-id of 0.0.0.0 is sent to a
434 client when a dhcp-relay is in use if a client renews a
435 lease after dnsmasq restart and before any clients on the
436 subnet get a new lease. Thanks to Mike Ruiz for assistance
437 in chasing this one down.
438
439 Don't return NXDOMAIN to an AAAA query if we have CNAME
440 which points to an A record only: NODATA is the correct
441 reply in this case. Thanks to Tom Fernandes for spotting
442 the problem.
443
444 Relax the need to supply a netmask in --dhcp-range for
445 networks which use a DHCP relay. Whilst this is still
446 desireable, in the absence of a netmask dnsmasq will use
447 a default based on the class (A, B, or C) of the address.
448 This should at least remove a cause of mysterious failure
449 for people using RFC1918 addresses and relays.
450
451 Add support for Linux conntrack connection marking. If
452 enabled with --conntrack, the connection mark for incoming
453 DNS queries will be copied to the outgoing connections
454 used to answer those queries. This allows clever firewall
455 and accounting stuff. Only available if dnsmasq is
456 compiled with HAVE_CONNTRACK and adds a dependency on
457 libnetfilter-conntrack. Thanks to Ed Wildgoose for the
458 initial idea, testing and sponsorship of this function.
459
460 Provide a sane error message when someone attempts to
461 match a tag in --dhcp-host.
462
463 Tweak the behaviour of --domain-needed, to avoid problems
464 with recursive nameservers downstream of dnsmasq. The new
465 behaviour only stops A and AAAA queries, and returns
466 NODATA rather than NXDOMAIN replies.
467
468 Efficiency fix for very large DHCP configurations, thanks
469 to James Gartrell and Mike Ruiz for help with this.
470
471 Allow the TFTP-server address in --dhcp-boot to be a
472 domain-name which is looked up in /etc/hosts. This can
473 give multiple IP addresses which are used round-robin,
474 thus doing TFTP server load-balancing. Thanks to Sushil
475 Agrawal for the patch.
476
477 When two tagged dhcp-options for a particular option
478 number are both valid, use the one which is valid without
479 a tag from the dhcp-range. Allows overriding of the value
480 of a DHCP option for a particular host as well as
481 per-network values. So
482 --dhcp-range=set:interface1,......
483 --dhcp-host=set:myhost,.....
484 --dhcp-option=tag:interface1,option:nis-domain,"domain1"
485 --dhcp-option=tag:myhost,option:nis-domain,"domain2"
486 will set the NIS-domain to domain1 for hosts in the range, but
487 override that to domain2 for a particular host.
488
489 Fix bug which resulted in truncated files and timeouts for
490 some TFTP transfers. The bug only occurs with netascii
491 transfers and needs an unfortunate relationship between
492 file size, blocksize and the number of newlines in the
493 last block before it manifests itself. Many thanks to
494 Alkis Georgopoulos for spotting the problem and providing
495 a comprehensive test-case.
496
497 Fix regression in TFTP server on *BSD platforms introduced
498 in version 2.56, due to confusion with sockaddr
de604c18 499 length. Many thanks to Loic Pefferkorn for finding this.
7de060b0
SK		 500
501 Support scope-ids in IPv6 addresses of nameservers from
502 /etc/resolv.conf and in --server options. Eg
503 nameserver fe80::202:a412:4512:7bbf%eth0 or
504 server=fe80::202:a412:4512:7bbf%eth0. Thanks to
505 Michael Stapelberg for the suggestion.
506
507 Update Polish translation, thanks to Jan Psota.
508
509 Update French translation. Thanks to Gildas Le Nadan.
510
511
572b41eb
SK		 512version 2.57
513 Add patches to allow build under Android.
514
515 Provide our own header for the DNS protocol, rather than
516 relying on arpa/nameser.h. This has proved more or less
517 defective over the years and the final straw is that it's
518 effectively empty on Android.
519
520 Fix regression in 2.56 which caused hex constants in
521 configuration to be rejected if they contain the '*'
522 wildcard.
523
524 Correct wrong casts of arguments to ctype.h functions,
525 isdigit(), isxdigit() etc. Thanks to Matthias Andree for
526 spotting this.
527
528 Allow build with IDN support independently from i18n.
529 IDN support continues to be included automatically
530 when i18n is included.
531 'make COPTS=-DHAVE_IDN' is the magic incantation.
532
533 Modify check on extraneous command line junk (added in
534 2.56) so that it doesn't complain about extra _empty_
535 arguments. Otherwise this breaks libvirt.
536
537
28866e95
SK		 538version 2.56
539 Add a patch to allow dnsmasq to get interface names right in a
540 Solaris zone. Thanks to Dj Padzensky for this.
541
542 Improve data-type parsing heuristics so that
543 --dhcp-option=option:domain-search,.
544 treats the value as a string and not an IP address.
545 Thanks to Clemens Fischer for spotting that.
546
547 Add IPv6 support to the TFTP server. Many thanks to Jan
548 'RedBully' Seiffert for the patches.
549
550 Log DNS queries at level LOG_INFO, rather then
551 LOG_DEBUG. This makes things consistent with DHCP
552 logging. Thanks to Adam Pribyl for spotting the problem.
553
554 Ensure that dnsmasq terminates cleanly when using
555 --syslog-async even if it cannot make a connection to the
556 syslogd.
557
558 Add --add-mac option. This is to support currently
559 experimental DNS filtering facilities. Thanks to Benjamin
560 Petrin for the orignal patch.
561
562 Fix bug which meant that tags were ignored in dhcp-range
563 configuration specifying PXE-proxy service. Thanks to
564 Cristiano Cumer for spotting this.
565
566 Raise an error if there is extra junk, not part of an
567 option, on the command line.
568
569 Flag a couple of log messages in cache.c as coming from
570 the DHCP subsystem. Thanks to Olaf Westrik for the patch.
571
572 Omit timestamps from logs when a) logging to stderr and
573 b) --keep-in-forground is set. The logging facility on the
574 other end of stderr can be assumned to supply them. Thanks
575 to John Hallam for the patch.
576
577 Don't complain about strings longer than 255 characters in
578 --txt-record, just split the long strings into 255
579 character chunks instead.
580
581 Fix crash on double-free. This bug can only happen when
582 dhcp-script is in use and then only in rare circumstances
583 triggered by high DHCP transaction rate and a slow
584 script. Thanks to Ferenc Wagner for finding the problem.
585
586 Only log that a file has been sent by TFTP after the
587 transfer has completed succesfully.
588
589 A good suggestion from Ferenc Wagner: extend
590 the --domain option to allow this sort of thing:
591 --domain=thekelleys.org.uk,192.168.0.0/24,local
592 which automatically creates
593 --local=/thekelleys.org.uk/
594 --local=/0.168.192.in-addr.arpa/
595
596 Tighten up syntax checking of hex contants in the config
597 file. Thanks to Fred Damen for spotting this.
598
599 Add dnsmasq logo/icon, contributed by Justin Swift. Many
600 thanks for that.
601
602 Never cache DNS replies which have the 'cd' bit set, or
603 which result from queries forwarded with the 'cd' bit
604 set. The 'cd' bit instructs a DNSSEC validating server
605 upstream to ignore signature failures and return replies
606 anyway. Without this change it's possible to pollute the
607 dnsmasq cache with bad data by making a query with the
608 'cd' bit set and subsequent queries would return this data
609 without its being marked as suspect. Thanks to Anders
610 Kaseorg for pointing out this problem.
611
612 Add --proxy-dnssec flag, for compliance with RFC
613 4035. Dnsmasq will now clear the 'ad' bit in answers returned
614 from upstream validating nameservers unless this option is
615 set.
616
617 Allow a filename of "-" for --conf-file to read
618 stdin. Suggestion from Timothy Redaelli.
619
620 Rotate the order of SRV records in replies, to provide
621 round-robin load balancing when all the priorities are
622 equal. Thanks to Peter McKinney for the suggestion.
623
624 Edit
625 contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist
626 so that it doesn't log all queries to a file by
627 default. Thanks again to Peter McKinney.
628
629 By default, setting an IPv4 address for a domain but not
630 an IPv6 address causes dnsmasq to return
631 an NODATA reply for IPv6 (or vice-versa). So
632 --address=/google.com/1.2.3.4 stops IPv6 queries for
633 *google.com from being forwarded. Make it possible to
634 override this behaviour by defining the sematics if the
635 same domain appears in both --server and --address.
636 In that case, the --address has priority for the address
637 family in which is appears, but the --server has priority
638 of the address family which doesn't appear in --adddress
639 So:
640 --address=/google.com/1.2.3.4
641 --server=/google.com/#
642 will return 1.2.3.4 for IPv4 queries for *.google.com but
643 forward IPv6 queries to the normal upstream nameserver.
644 Similarly when setting an IPv6 address
645 only this will allow forwarding of IPv4 queries. Thanks to
646 William for pointing out the need for this.
647
648 Allow more than one --dhcp-optsfile and --dhcp-hostsfile
649 and make them understand directories as arguments in the
650 same way as --addn-hosts. Suggestion from John Hanks.
651
652 Ignore rebinding requests for leases we don't know
653 about. Rebind is broadcast, so we might get to overhear a
654 request meant for another DHCP server. NAKing this is
655 wrong. Thanks to Brad D'Hondt for assistance with this.
656
572b41eb
SK		 657 Fix cosmetic bug which produced strange output when
658 dumping cache statistics with some configurations. Thanks
659 to Fedor Kozhevnikov for spotting this.
28866e95
SK		 660
661
c52e1897 662version 2.55
28866e95
SK		 663 Fix crash when /etc/ethers is in use. Thanks to
664 Gianluigi Tiesi for finding this.
c52e1897 665
28866e95
SK		 666 Fix crash in netlink_multicast(). Thanks to Arno Wald for
667 finding this one.
c52e1897 668
28866e95
SK		 669 Allow the empty domain "." in dhcp domain-search (119)
670 options.
c52e1897
SK		 671
672
673version 2.54
28866e95
SK		 674 There is no version 2.54 to avoid confusion with 2.53,
675 which incorrectly identifies itself as 2.54.
c52e1897
SK		 676
677
8ef5ada2
SK		 678version 2.53
679 Fix failure to compile on Debian/kFreeBSD. Thanks to
680 Axel Beckert and Petr Salinger.
681
682 Fix code to avoid scary strict-aliasing warnings
683 generated by gcc 4.4.
684
685 Added FAQ entry warning about DHCP failures with Vista
686 when firewalls block 255.255.255.255.
687
688 Fixed bug which caused bad things to happen if a
689 resolv.conf file which exists is subsequently removed.
690 Thanks to Nikolai Saoukh for the patch.
691
692 Rationalised the DHCP tag system. Every configuration item
693 which can set a tag does so by adding "set:<tag>" and
694 every configuration item which is conditional on a tag is
695 made so by "tag:<tag>". The NOT operator changes to '!',
696 which is a bit more intuitive too. Dhcp-host directives
697 can set more than one tag now. The old '#' NOT,
698 "net:" prefix and no-prefixes are still honoured, so
699 no existing config file needs to be changed, but
700 the documentation and new-style config files should be
701 much less confusing.
702
703 Added --tag-if to allow boolean operations on tags.
704 This allows complicated logic to be clearer and more
705 general. A great suggestion from Richard Voigt.
706
707 Add broadcast/unicast information to DHCP logging.
708
709 Allow --dhcp-broadcast to be unconditional.
710
711 Fixed incorrect behaviour with NOT <tag> conditionals in
712 dhcp-options. Thanks to Max Turkewitz for assistance
713 finding this.
714
715 If we send vendor-class encapsulated options based on the
716 vendor-class supplied by the client, and no explicit
717 vendor-class option is given, echo back the vendor-class
718 from the client.
719
720 Fix bug which stopped dnsmasq from matching both a
721 circuitid and a remoteid. Thanks to Ignacio Bravo for
722 finding this.
723
724 Add --dhcp-proxy, which makes it possible to configure
725 dnsmasq to use a DHCP relay agent as a full proxy, with
726 all DHCP messages passing through the proxy. This is
727 useful if the relay adds extra information to the packets
728 it forwards, but cannot be configured with the RFC 5107
729 server-override option.
730
731 Added interface:<iface name> part to dhcp-range. The
732 semantics of this are very odd at first sight, but it
733 allows a single line of the form
734 dhcp-range=interface:virt0,192.168.0.4,192.168.0.200
735 to be added to dnsmasq configuration which then supplies
736 DHCP and DNS services to that interface, without affecting
737 what services are supplied to other interfaces and
738 irrespective of the existance or lack of
739 interface=<interface>
740 lines elsewhere in the dnsmasq configuration. The idea is
741 that such a line can be added automatically by libvirt
742 or equivalent systems, without disturbing any manual
743 configuration.
744
745 Similarly to the above, allow --enable-tftp=<interface>
746
747 Allow a TFTP root to be set separately for requests via
748 different interfaces, --tftp-root=<path>,<interface>
749
750 Correctly handle and log clashes between CNAMES and
751 DNS names being given to DHCP leases. This fixes a bug
752 which caused nonsense IP addresses to be logged. Thanks to
753 Sergei Zhirikov for finding and analysing the problem.
754
755 Tweak flush_log so as to avoid leaving the log
756 file in non-blocking mode. O_NONBLOCK is a property of the
757 file, not the process/descriptor.
758
759 Fix contrib/Solaris10/create_package
760 (/usr/man -> /usr/share/man) Thanks to Vita Batrla.
761
762 Fix a problem where, if a client got a lease, then went
763 to another subnet and got another lease, then moved back,
764 it couldn't resume the old lease, but would instead get
765 a new address. Thanks to Leonardo Rodrigues for spotting
766 this and testing the fix.
767
768 Fix weird bug which sometimes omitted certain characters
769 from the start of quoted strings in dhcp-options. Thanks
770 to Dayton Turner for spotting the problem.
771
772 Add facility to redirect some domains to the standard
773 upstream servers: this allows something like
774 --server=/google.com/1.2.3.4 --server=/www.google.com/#
775 which will send queries for *.google.com to 1.2.3.4,
776 except *www.google.com which will be forwarded as usual.
777 Thanks to AJ Weber for prompting this addition.
778
779 Improve the hash-algorithm used to generate IP addresses
780 from MAC addresses during initial DHCP address
781 allocation. This improves performance when large numbers
782 of hosts with similar MAC addresses all try and get an IP
783 address at the same time. Thanks to Paul Smith for his
784 work on this.
785
786 Tweak DHCP code so that --bridge-interface can be used to
787 select which IP alias of an interface should be used for
788 DHCP purposes on Linux. If eth0 has an alias eth0:dhcp
789 then adding --bridge-interface=eth0:dhcp,eth0 will use
790 the address of eth0:dhcp to determine the correct subnet
791 for DHCP address allocation. Thanks to Pawel Golaszewski
792 for prompting this and Eric Cooper for further testing.
793
794 Add --dhcp-generate-names. Suggestion by Ferenc Wagner.
795
796 Tweak DNS server selection algorithm when there is more
797 than one server available for a domain, eg.
798 --server=/mydomain/1.1.1.1
799 --server=/mydomain/2.2.2.2
800 Thanks to Alberto Cuesta-Canada for spotting a weakness
801 here.
802
803 Add --max-ttl. Thanks to Fredrik Ringertz for the patch.
804
805 Allow --log-facility=- to force all logging to
806 stderr. Suggestion from Clemens Fischer.
807
808 Fix regression which caused configuration like
809 --address=/.domain.com/1.2.3.4 to be rejected. The dot to the
810 left of the domain has been implied and not required for a
811 long time, but it should be accepted for backward
812 compatibility. Thanks to Andrew Burcin for spotting this.
813
814 Add --rebind-domain-ok and --rebind-localhost-ok.
815 Suggestion from Clemens Fischer.
816
817 Log replies to queries of type TXT, when --log-queries
818 is set.
819
820 Fix compiler warnings when compiled with -DNO_DHCP. Thanks
821 to Shantanu Gadgil for the patch.
822
823 Updated French translation. Thanks to Gildas Le Nadan.
824
825 Updated Polish translation. Thanks to Jan Psota.
826
827 Updated German translation. Thanks to Matthias Andree.
828
829 Added contrib/static-arp, thanks to Darren Hoo.
830
831 Fix corruption of the domain when a name from /etc/hosts
832 overrides one supplied by a DHCP client. Thanks to Fedor
833 Kozhevnikov for spotting the problem.
834
835 Updated Spanish translation. Thanks to Chris Chatham.
836
837
316e2730
SK		 838version 2.52
839 Work around a Linux kernel bug which insists that the
840 length of the option passed to setsockopt must be at least
841 sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
842 and the device name is "lo". Note that this is fixed
843 in kernel 2.6.31, but the workaround is harmless and
844 allows earlier kernels to be used. Also fix dnsmasq
845 bug which reported the wrong address when this failed.
846 Thanks to Fedor for finding this.
847
848 The API for IPv6 PKTINFO changed around Linux kernel
849 2.6.14. Workaround the case where dnsmasq is compiled
850 against newer headers, but then run on an old kernel:
851 necessary for some *WRT distros.
852
853 Re-read the set of network interfaces when re-loading
854 /etc/resolv.conf if --bind-interfaces is not set. This
855 handles the case that loopback interfaces do not exist
856 when dnsmasq is first started.
857
858 Tweak the PXE code to support port 4011. This should
859 reduce broadcasts and make things more reliable when other
860 servers are around. It also improves inter-operability
861 with certain clients.
862
863 Make a pxe-service configuration with no filename or boot
864 service type legal: this does a local boot. eg.
865 pxe-service=x86PC, "Local boot"
866
867 Be more conservative in detecting "A for A"
868 queries. Dnsmasq checks if the name in a type=A query looks
869 like a dotted-quad IP address and answers the query itself
870 if so, rather than forwarding it. Previously dnsmasq
871 relied in the library function inet_addr() to convert
872 addresses, and that will accept some things which are
873 confusing in this context, like 1.2.3 or even just
874 1234. Now we only do A for A processing for four decimal
875 numbers delimited by dots.
876
877 A couple of tweaks to fix compilation on Solaris. Thanks
878 to Joel Macklow for help with this.
879
880 Another Solaris compilation tweak, needed for Solaris
881 2009.06. Thanks to Lee Essen for that.
882
883 Added extract packaging stuff from Lee Essen to
884 contrib/Solaris10.
885
886 Increased the default limit on number of leases to 1000
887 (from 150). This is mainly a defence against DoS attacks,
888 and for the average "one for two class C networks"
889 installation, IP address exhaustion does that just as
890 well. Making the limit greater than the number of IP
891 addresses available in such an installation removes a
892 surprise which otherwise can catch people out.
893
894 Removed extraneous trailing space in the value of the
895 DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and
896 DNSMASQ_LEASE_EXPIRES environment variables. Thanks to
897 Gildas Le Nadan for spotting this.
898
899 Provide the network-id tags for a DHCP transaction to
900 the lease-change script in the environment variable
901 DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.
902
903 Add support for RFC3925 "Vendor-Identifying Vendor
904 Options". The syntax looks like this:
905 --dhcp-option=vi-encap:<enterprise number>, .........
906
907 Add support to --dhcp-match to allow matching against
908 RFC3925 "Vendor-Identifying Vendor Classes". The syntax
909 looks like this:
910 --dhcp-match=tag,vi-encap<enterprise number>, <value>
911
912 Add some application specific code to assist in
913 implementing the Broadband forum TR069 CPE-WAN
914 specification. The details are in contrib/CPE-WAN/README
915
916 Increase the default DNS packet size limit to 4096, as
917 recommended by RFC5625 section 4.4.3. This can be
918 reconfigured using --edns-packet-max if needed. Thanks to
919 Francis Dupont for pointing this out.
920
8ef5ada2 921 Rewrite query-ids even for TSIG signed packets, since
316e2730
SK		 922 this is allowed by RFC5625 section 4.5.
923
924 Use getopt_long by default on OS X. It has been supported
925 since version 10.3.0. Thanks to Arek Dreyer for spotting
926 this.
927
928 Added up-to-date startup configuration for MacOSX/launchd
929 in contrib/MacOSX-launchd. Thanks to Arek Dreyer for
930 providing this.
931
932 Fix link error when including Dbus but excluding DHCP.
933 Thanks to Oschtan for the bug report.
934
935 Updated French translation. Thanks to Gildas Le Nadan.
936
937 Updated Polish translation. Thanks to Jan Psota.
938
939 Updated Spanish translation. Thanks to Chris Chatham.
940
8ef5ada2
SK		 941 Fixed confusion about domains, when looking up DHCP hosts
942 in /etc/hosts. This could cause spurious "Ignoring
943 domain..." messages. Thanks to Fedor Kozhevnikov for
944 finding and analysing the problem.
316e2730 945
8ef5ada2 946
1f15b81d
SK		 947version 2.51
948 Add support for internationalised DNS. Non-ASCII characters
949 in domain names found in /etc/hosts, /etc/ethers and
950 /etc/dnsmasq.conf will be correctly handled by translation to
951 punycode, as specified in RFC3490. This function is only
952 available if dnsmasq is compiled with internationalisation
953 support, and adds a dependency on GNU libidn. Without i18n
954 support, dnsmasq continues to be compilable with just
955 standard tools. Thanks to Yves Dorfsman for the
956 suggestion.
957
958 Add two more environment variables for lease-change scripts:
959 First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
960 supplied by a client, even if the actual hostname used is
961 over-ridden by dhcp-host or dhcp-ignore-names directives.
962 Also DNSMASQ_RELAY_ADDRESS which gives the address of
963 a DHCP relay, if used.
964 Suggestions from Michael Rack.
965
966 Fix regression which broke echo of relay-agent
967 options. Thanks to Michael Rack for spotting this.
968
969 Don't treat option 67 as being interchangeable with
970 dhcp-boot parameters if it's specified as
971 dhcp-option-force.
972
973 Make the code to call scripts on lease-change compile-time
974 optional. It can be switched off by editing src/config.h
975 or building with "make COPTS=-DNO_SCRIPT".
976
977 Make the TFTP server cope with filenames from Windows/DOS
978 which use '\' as pathname separator. Thanks to Ralf for
979 the patch.
980
981 Updated Polish translation. Thanks to Jan Psota.
982
983 Warn if an IP address is duplicated in /etc/ethers. Thanks
984 to Felix Schwarz for pointing this out.
985
986 Teach --conf-dir to take an option list of file suffices
987 which will be ignored when scanning the directory. Useful
988 for backup files etc. Thanks to Helmut Hullen for the
989 suggestion.
990
991 Add new DHCP option named tftpserver-address, which
992 corresponds to the third argument of dhcp-boot. This
993 allows the complete functionality of dhcp-boot to be
994 replicated with dhcp-option. Useful when using
995 dhcp-optsfile.
996
997 Test which upstream nameserver to use every 10 seconds
998 or 50 queries and not just when a query times out and
999 is retried. This should improve performance when there
1000 is a slow nameserver in the list. Thanks to Joe for the
1001 suggestion.
1002
1003 Don't do any PXE processing, even for clients with the
1004 correct vendorclass, unless at least one pxe-prompt or
1005 pxe-service option is given. This stops dnsmasq
1006 interfering with proxy PXE subsystems when it is just
1007 the DHCP server. Thanks to Spencer Clark for spotting this.
1008
1009 Limit the blocksize used for TFTP transfers to a value
1010 which avoids packet fragmentation, based on the MTU of the
1011 local interface. Many netboot ROMs can't cope with
1012 fragmented packets.
1013
1014 Honour dhcp-ignore configuration for PXE and proxy-PXE
1015 requests. Thanks to Niels Basjes for the bug report.
1016
1017 Updated French translation. Thanks to Gildas Le Nadan.
1018
1019
77e94da7 1020version 2.50
1f15b81d 1021 Fix security problem which allowed any host permitted to
77e94da7
SK		 1022 do TFTP to possibly compromise dnsmasq by remote buffer
1023 overflow when TFTP enabled. Thanks to Core Security
1024 Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
1025 Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
1026 Pablo Annetta. This problem has Bugtraq id: 36121
1027 and CVE: 2009-2957
1028
1029 Fix a problem which allowed a malicious TFTP client to
1030 crash dnsmasq. Thanks to Steve Grubb at Red Hat for
1031 spotting this. This problem has Bugtraq id: 36120 and
1032 CVE: 2009-2958
1033
1034
03a97b61
SK		 1035version 2.49
1036 Fix regression in 2.48 which disables the lease-change
1037 script. Thanks to Jose Luis Duran for spotting this.
1038
1039 Log TFTP "file not found" errors. These were not logged,
1040 since a normal PXELinux boot generates many of them, but
1041 the lack of the messages seems to be more confusing than
1042 routinely seeing them when there is no real error.
1043
1044 Update Spanish translation. Thanks to Chris Chatham.
1045
1046
7622fc06
SK		 1047version 2.48
1048 Archived the extensive, backwards, changelog to
1049 CHANGELOG.archive. The current changelog now runs from
1050 version 2.43 and runs conventionally.
9e4abcb5 1051
7622fc06
SK		 1052 Fixed bug which broke binding of servers to physical
1053 interfaces when interface names were longer than four
1054 characters. Thanks to MURASE Katsunori for the patch.
9e4abcb5 1055
7622fc06
SK		 1056 Fixed netlink code to check that messages come from the
1057 correct source, and not another userspace process. Thanks
1058 to Steve Grubb for the patch.
9e4abcb5 1059
7622fc06
SK		 1060 Maintainability drive: removed bug and missing feature
1061 workarounds for some old platforms. Solaris 9, OpenBSD
1062 older than 4.1, Glibc older than 2.2, Linux 2.2.x and
1063 DBus older than 1.1.x are no longer supported.
9e4abcb5 1064
7622fc06
SK		 1065 Don't read included configuration files more than once:
1066 allows complex configuration structures without problems.
9e4abcb5 1067
7622fc06
SK		 1068 Mark log messages from the various subsystems in dnsmasq:
1069 messages from the DHCP subsystem now have the ident string
1070 "dnsmasq-dhcp" and messages from TFTP have ident
1071 "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.
9e4abcb5 1072
7622fc06
SK		 1073 Fix possible infinite DHCP protocol loop when an IP
1074 address nailed to a hostname (not a MAC address) and a
1075 host sometimes provides the name, sometimes not.
9e4abcb5 1076
7622fc06
SK		 1077 Allow --addn-hosts to take a directory: all the files
1078 in the directory are read. Thanks to Phil Cornelius for
1079 the suggestion.
9e4abcb5 1080
7622fc06 1081 Support --bridge-interface on all platforms, not just BSD.
1ab84e2f 1082
7622fc06
SK		 1083 Added support for advanced PXE functions. It's now
1084 possible to define a prompt and menu options which will
1085 be displayed when a client PXE boots. It's also possible to
1086 hand-off booting to other boot servers. Proxy-DHCP, where
1087 dnsmasq just supplies the PXE information and another DHCP
1088 server does address allocation, is also allowed. See the
1089 --pxe-prompt and --pxe-service keywords. Thanks to
1090 Alkis Georgopoulos for the suggestion and Guilherme Moro
1091 and Michael Brown for assistance.
1092
1093 Improvements to DHCP logging. Thanks to Tom Metro for
1094 useful suggestions.
3be34541 1095
7622fc06
SK		 1096 Add ability to build dnsmasq without DHCP support. To do
1097 this, edit src/config.h or build with
1098 "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch.
36717eee 1099
7622fc06
SK		 1100 Added --test command-line switch - syntax check
1101 configuration files only.
36717eee 1102
7622fc06 1103 Updated French translation. Thanks to Gildas Le Nadan.
fd9fa481 1104
3d8df260 1105
7622fc06
SK		 1106version 2.47
1107 Updated French translation. Thanks to Gildas Le Nadan.
3d8df260 1108
7622fc06
SK		 1109 Fixed interface enumeration code to work on NetBSD
1110 5.0. Thanks to Roy Marples for the patch.
3d8df260 1111
7622fc06
SK		 1112 Updated config.h to use the same location for the lease
1113 file on NetBSD as the other *BSD variants. Also allow
1114 LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.
3d8df260 1115
7622fc06
SK		 1116 Handle duplicate address detection on IPv6 more
1117 intelligently. In IPv6, an interface can have an address
1118 which is not usable, because it is still undergoing DAD
1119 (such addresses are marked "tentative"). Attempting to
1120 bind to an address in this state returns an error,
1121 EADDRNOTAVAIL. Previously, on getting such an error,
1122 dnsmasq would silently abandon the address, and never
1123 listen on it. Now, it retries once per second for 20
1124 seconds before generating a fatal error. 20 seconds should
1125 be long enough for any DAD process to complete, but can be
1126 adjusted in src/config.h if necessary. Thanks to Martin
1127 Krafft for the bug report.
3d8df260 1128
7622fc06 1129 Add DBus introspection. Patch from Jeremy Laine.
b8187c80 1130
7622fc06
SK		 1131 Update Dbus configuration file. Patch from Colin Walters.
1132 Fix for this bug:
1133 http://bugs.freedesktop.org/show_bug.cgi?id=18961
b8187c80 1134
7622fc06
SK		 1135 Support arbitrarily encapsulated DHCP options, suggestion
1136 and initial patch from Samium Gromoff. This is useful for
1137 (eg) gPXE, which expect all its private options to be
1138 encapsulated inside a single option 175. So, eg,
b8187c80 1139
7622fc06
SK		 1140 dhcp-option = encap:175, 190, "iscsi-client0"
1141 dhcp-option = encap:175, 191, "iscsi-client0-secret"
b8187c80 1142
7622fc06 1143 will provide iSCSI parameters to gPXE.
b8187c80 1144
7622fc06
SK		 1145 Enhance --dhcp-match to allow testing of the contents of a
1146 client-sent option, as well as its presence. This
1147 application in mind for this is RFC 4578
1148 client-architecture specifiers, but it's generally useful.
1149 Joey Korkames suggested the enhancement.
b8187c80 1150
7622fc06
SK		 1151 Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
1152 OpenSolaris. Thanks to Bastian Machek for the heads-up.
b8187c80 1153
7622fc06
SK		 1154 No longer complain about blank lines in
1155 /etc/ethers. Thanks to Jon Nelson for the patch.
b8187c80 1156
7622fc06
SK		 1157 Fix binding of servers to physical devices, eg
1158 --server=/domain/1.2.3.4@eth0 which was broken from 2.43
1159 onwards unless --query-port=0 set. Thanks to Peter Naulls
cdeda28f
SK		 1160 for the bug report.
1161
7622fc06
SK		 1162 Reply to DHCPINFORM requests even when the supplied ciaddr
1163 doesn't fall in any dhcp-range. In this case it's not
1164 possible to supply a complete configuration, but
1165 individually-configured options (eg PAC) may be useful.
5aabfc78 1166
7622fc06
SK		 1167 Allow the source address of an alias to be a range:
1168 --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
1169 subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
1170 as before.
1171 --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
1172 maps only the 192.168.0.10->192.168.0.40 region. Thanks to
1173 Ib Uhrskov for the suggestion.
5aabfc78 1174
7622fc06
SK		 1175 Don't dynamically allocate DHCP addresses which may break
1176 Windows. Addresses which end in .255 or .0 are broken in
1177 Windows even when using supernetting.
1178 --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means
1179 192.168.0.255 is a valid IP address, but not for Windows.
1180 See Microsoft KB281579. We therefore no longer allocate
1181 these addresses to avoid hard-to-diagnose problems.
5aabfc78 1182
7622fc06 1183 Update Polish translation. Thanks to Jan Psota.
5aabfc78 1184
7622fc06
SK		 1185 Delete the PID-file when dnsmasq shuts down. Note that by
1186 this time, dnsmasq is normally not running as root, so
1187 this will fail if the PID-file is stored in a root-owned
1188 directory; such failure is silently ignored. To take
1189 advantage of this feature, the PID-file must be stored in a
1190 directory owned and write-able by the user running
1191 dnsmasq.
5aabfc78 1192
5aabfc78 1193
7622fc06
SK		 1194version 2.46
1195 Allow --bootp-dynamic to take a netid tag, so that it may
1196 be selectively enabled. Thanks to Olaf Westrik for the
1197 suggestion.
5aabfc78 1198
7622fc06
SK		 1199 Remove ISC-leasefile reading code. This has been
1200 deprecated for a long time, and last time I removed it, it
1201 ended up going back by request of one user. This time,
1202 it's gone for good; otherwise it would need to be
1203 re-worked to support multiple domains (see below).
5aabfc78 1204
7622fc06
SK		 1205 Support DHCP clients in multiple DNS domains. This is a
1206 long-standing request. Clients are assigned to a domain
1207 based in their IP address.
5aabfc78 1208
7622fc06
SK		 1209 Add --dhcp-fqdn flag, which changes behaviour if DNS names
1210 assigned to DHCP clients. When this is set, there must be
1211 a domain associated with each client, and only
1212 fully-qualified domain names are added to the DNS. The
1213 advantage is that the only the FQDN needs to be unique,
1214 so that two or more DHCP clients can share a hostname, as
1215 long as they are in different domains.
5aabfc78 1216
7622fc06
SK		 1217 Set environment variable DNSMASQ_DOMAIN when invoking
1218 lease-change script. This may be useful information to
1219 have now that it's variable.
5aabfc78 1220
7622fc06
SK		 1221 Tighten up data-checking code for DNS packet
1222 handling. Thanks to Steve Dodd who found certain illegal
1223 packets which could crash dnsmasq. No memory overwrite was
1224 possible, so this is not a security issue beyond the DoS
1225 potential.
824af85b 1226
7622fc06
SK		 1227 Update example config dhcp option 47, the previous
1228 suggestion generated an illegal, zero-length,
1229 option. Thanks to Matthias Andree for finding this.
824af85b 1230
7622fc06
SK		 1231 Rewrite hosts-file reading code to remove the limit of
1232 1024 characters per line. John C Meuser found this.
824af85b 1233
7622fc06
SK		 1234 Create a net-id tag with the name of the interface on
1235 which the DHCP request was received.
824af85b 1236
7622fc06
SK		 1237 Fixed minor memory leak in DBus code, thanks to Jeremy
1238 Laine for the patch.
824af85b 1239
7622fc06
SK		 1240 Emit DBus signals as the DHCP lease database
1241 changes. Thanks to Jeremy Laine for the patch.
824af85b 1242
7622fc06
SK		 1243 Allow for more that one MAC address in a dhcp-host
1244 line. This configuration tells dnsmasq that it's OK to
1245 abandon a DHCP lease of the fixed address to one MAC
1246 address, if another MAC address in the dhcp-host statement
1247 asks for an address. This is useful to give a fixed
1248 address to a host which has two network interfaces
1249 (say, a laptop with wired and wireless interfaces.)
1250 It's very important to ensure that only one interface
1251 at a time is up, since dnsmasq abandons the first lease
1252 and re-uses the address before the leased time has
1253 elapsed. John Gray suggested this.
824af85b 1254
7622fc06
SK		 1255 Tweak the response to a DHCP request packet with a wrong
1256 server-id when --dhcp-authoritative is set; dnsmasq now
1257 returns a DHCPNAK, rather than silently ignoring the
1258 packet. Thanks to Chris Marget for spotting this
1259 improvement.
824af85b 1260
7622fc06
SK		 1261 Add --cname option. This provides a limited alias
1262 function, usable for DHCP names. Thanks to AJ Weber for
1263 suggestions on this.
824af85b 1264
7622fc06
SK		 1265 Updated contrib/webmin with latest version from Neil
1266 Fisher.
824af85b 1267
7622fc06 1268 Updated Polish translation. Thanks to Jan Psota.
824af85b 1269
7622fc06
SK		 1270 Correct the text names for DHCP options 64 and 65 to be
1271 "nis+-domain" and "nis+-servers".
9e038946 1272
7622fc06 1273 Updated Spanish translation. Thanks to Chris Chatham.
9e038946 1274
7622fc06
SK		 1275 Force re-reading of /etc/resolv.conf when an "interface
1276 up" event occurs.
9e038946 1277
824af85b 1278
7622fc06
SK		 1279version 2.45
1280 Fix total DNS failure in release 2.44 unless --min-port
1281 specified. Thanks to Steven Barth and Grant Coady for
1282 bugreport. Also reject out-of-range port spec, which could
1283 break things too: suggestion from Gilles Espinasse.
824af85b 1284
9e038946 1285
7622fc06
SK		 1286version 2.44
1287 Fix crash when unknown client attempts to renew a DHCP
1288 lease, problem introduced in version 2.43. Thanks to
1289 Carlos Carvalho for help chasing this down.
9e038946 1290
7622fc06
SK		 1291 Fix potential crash when a host which doesn't have a lease
1292 does DHCPINFORM. Again introduced in 2.43. This bug has
1293 never been reported in the wild.
9e038946 1294
7622fc06
SK		 1295 Fix crash in netlink code introduced in 2.43. Thanks to
1296 Jean Wolter for finding this.
9e038946 1297
7622fc06
SK		 1298 Change implementation of min_port to work even if min-port
1299 is large.
9e038946 1300
7622fc06
SK		 1301 Patch to enable compilation of latest Mac OS X. Thanks to
1302 David Gilman.
9e038946 1303
7622fc06 1304 Update Spanish translation. Thanks to Christopher Chatham.
1a6bca81
SK		 1305
1306
1307version 2.43
1308 Updated Polish translation. Thanks to Jan Psota.
1309
1310 Flag errors when configuration options are repeated
1311 illegally.
1312
1313 Further tweaks for GNU/kFreeBSD
1314
1315 Add --no-wrap to msgmerge call - provides nicer .po file
1316 format.
1317
1318 Honour lease-time spec in dhcp-host lines even for
1319 BOOTP. The user is assumed to known what they are doing in
1320 this case. (Hosts without the time spec still get infinite
1321 leases for BOOTP, over-riding the default in the
1322 dhcp-range.) Thanks to Peter Katzmann for uncovering this.
1323
1324 Fix problem matching relay-agent ids. Thanks to Michael
1325 Rack for the bug report.
1326
1327 Add --naptr-record option. Suggestion from Johan
1328 Bergquist.
1329
1330 Implement RFC 5107 server-id-override DHCP relay agent
1331 option.
1332
1333 Apply patches from Stefan Kruger for compilation on
1334 Solaris 10 under Sun studio.
1335
1336 Yet more tweaking of Linux capability code, to suppress
1337 pointless wingeing from kernel 2.6.25 and above.
1338
1339 Improve error checking during startup. Previously, some
1340 errors which occurred during startup would be worked
1341 around, with dnsmasq still starting up. Some were logged,
1342 some silent. Now, they all cause a fatal error and dnsmasq
1343 terminates with a non-zero exit code. The errors are those
1344 associated with changing uid and gid, setting process
1345 capabilities and writing the pidfile. Thanks to Uwe
1346 Gansert and the Suse security team for pointing out
1347 this improvement, and Bill Reimers for good implementation
1348 suggestions.
1349
1350 Provide NO_LARGEFILE compile option to switch off largefile
1351 support when compiling against versions of uclibc which
1352 don't support it. Thanks to Stephane Billiart for the patch.
1353
1354 Implement random source ports for interactions with
1355 upstream nameservers. New spoofing attacks have been found
1356 against nameservers which do not do this, though it is not
1357 clear if dnsmasq is vulnerable, since to doesn't implement
1358 recursion. By default dnsmasq will now use a different
1359 source port (and socket) for each query it sends
1360 upstream. This behaviour can suppressed using the
1361 --query-port option, and the old default behaviour
1362 restored using --query-port=0. Explicit source-port
1363 specifications in --server configs are still honoured.
1364
1365 Replace the random number generator, for better
1366 security. On most BSD systems, dnsmasq uses the
1367 arc4random() RNG, which is secure, but on other platforms,
1368 it relied on the C-library RNG, which may be
1369 guessable and therefore allow spoofing. This release
1370 replaces the libc RNG with the SURF RNG, from Daniel
1371 J. Berstein's DJBDNS package.
1372
1373 Don't attempt to change user or group or set capabilities
1374 if dnsmasq is run as a non-root user. Without this, the
1375 change from soft to hard errors when these fail causes
1376 problems for non-root daemons listening on high
1377 ports. Thanks to Patrick McLean for spotting this.
1378
1379 Updated French translation. Thanks to Gildas Le Nadan.
1f15b81d
SK		 1380
1381
1382version 2.42
1383 The changelog for version 2.42 and earlier is
1384 available in CHANGELOG.archive.
Michael's tree of dnsmasq.