]>
git.ipfire.org Git - people/ms/dnsmasq.git/log
Simon Kelley [Wed, 18 Jun 2014 19:52:53 +0000 (20:52 +0100)]
Fix FTBFS with Nettle-3.0.
Simon Kelley [Tue, 17 Jun 2014 18:49:31 +0000 (19:49 +0100)]
Build config: add -DNO_GMP for use with nettle/mini-gmp
Neil Jerram [Wed, 11 Jun 2014 20:22:40 +0000 (21:22 +0100)]
Allow wildcard aliases in --bridge-interface option
This is useful when using dnsmasq as DHCP server for a set of VMs
whose data is routed by the host instead of being bridged. In this
scenario:
- There is an unbounded set of TAP interfaces that have no IP address
at the host end.
- DHCP allocation is done from an IPv4 address range associated with a
dummy interface.
- We run dnsmasq with --interface dummy --interface tap*
--bind-dynamic, so that it listens on all the TAP interfaces, and
--bridge-interface=dummy,tap*, so that it will allocate IP addresses
via the TAP interfaces from the range associated with the dummy
interface.
Simon Kelley [Wed, 11 Jun 2014 19:51:27 +0000 (20:51 +0100)]
Makefile typo.
Simon Kelley [Sun, 8 Jun 2014 20:51:29 +0000 (21:51 +0100)]
Fix bug when >1 IPv6 address supplied to Dbus SetServers method.
Simon Kelley [Sat, 7 Jun 2014 20:23:34 +0000 (21:23 +0100)]
Attribution update.
Daniel Collins [Sat, 7 Jun 2014 20:21:44 +0000 (21:21 +0100)]
New DBus methods.
Simon Kelley [Sat, 7 Jun 2014 19:05:08 +0000 (20:05 +0100)]
Copyright update.
Simon Kelley [Sat, 7 Jun 2014 12:38:48 +0000 (13:38 +0100)]
Handle async notification of address changes using the event system.
Simon Kelley [Thu, 5 Jun 2014 21:38:53 +0000 (22:38 +0100)]
Suppress re-entrant calls to dhcp_construct_contexts()
Simon Kelley [Mon, 2 Jun 2014 19:30:07 +0000 (20:30 +0100)]
ipsets equivalent in *BSD, using pf tables.
Simon Kelley [Fri, 23 May 2014 19:44:59 +0000 (20:44 +0100)]
LOG error of ARP-injection fails.
Simon Kelley [Tue, 20 May 2014 20:01:34 +0000 (21:01 +0100)]
Bump Debian version.
Simon Kelley [Tue, 20 May 2014 20:00:02 +0000 (21:00 +0100)]
Debian: Dynamically create /var/run/dnsmasq when systemd in use too.
Simon Kelley [Tue, 20 May 2014 19:56:55 +0000 (20:56 +0100)]
Debian: Write pid-file in the correct place when using systemd.
Simon Kelley [Tue, 20 May 2014 19:38:25 +0000 (20:38 +0100)]
Merge branch 'mobile-ra'
Conflicts:
CHANGELOG
Simon Kelley [Tue, 20 May 2014 19:34:41 +0000 (20:34 +0100)]
Use ECC crypto in Nettle now.
Simon Ruderich [Tue, 20 May 2014 19:27:31 +0000 (20:27 +0100)]
Debian/rules fixes to enable hardening.
Simon Kelley [Fri, 16 May 2014 19:21:55 +0000 (20:21 +0100)]
Bump Debian version.
Andreas Metzler [Sun, 11 May 2014 16:53:54 +0000 (17:53 +0100)]
Debian fix: Enable dnsmasq systemd unit on install.
Simon Kelley [Fri, 9 May 2014 19:47:09 +0000 (20:47 +0100)]
Debian change: write pid-file even using systemd.
Simon Kelley [Fri, 9 May 2014 09:29:43 +0000 (10:29 +0100)]
Fix DNS failure of cachesize set to zero.
Simon Kelley [Sun, 4 May 2014 20:45:26 +0000 (21:45 +0100)]
Debian packaging fixes.
Conrad Kostecki [Sun, 4 May 2014 19:43:49 +0000 (20:43 +0100)]
Update German translation.
Simon Kelley [Thu, 1 May 2014 17:19:12 +0000 (18:19 +0100)]
Another filter_rrsigs fix.
Simon Kelley [Thu, 1 May 2014 16:46:25 +0000 (17:46 +0100)]
Get packet size right when removing pseudoheader.
Simon Kelley [Tue, 29 Apr 2014 12:02:41 +0000 (13:02 +0100)]
Fix DNSSEC validation of ANY queries.
Simon Kelley [Tue, 29 Apr 2014 11:30:18 +0000 (12:30 +0100)]
Do SERVFAIL, therefore continue when searching for DS in TCP path too.
Simon Kelley [Sat, 26 Apr 2014 21:13:31 +0000 (22:13 +0100)]
Handle SERVFAIL replies when looking for proven-nonexistence of DS.
Simon Kelley [Fri, 25 Apr 2014 21:04:05 +0000 (22:04 +0100)]
ra-advrouter mode for RFC-3775 mobile IPv6 support.
Simon Kelley [Thu, 24 Apr 2014 16:59:58 +0000 (17:59 +0100)]
Need to fixup records in the additional section when removing DNSSEC stuff.
Simon Kelley [Thu, 24 Apr 2014 11:05:33 +0000 (12:05 +0100)]
Update doc.html - was positively antediluvian.
Simon Kelley [Wed, 23 Apr 2014 14:46:05 +0000 (15:46 +0100)]
CHANGELOG update for 2.70 release.
Simon Kelley [Wed, 23 Apr 2014 11:31:40 +0000 (12:31 +0100)]
Bump Debian version.
Matt Comben [Wed, 23 Apr 2014 11:28:04 +0000 (12:28 +0100)]
Typo.
Simon Kelley [Wed, 16 Apr 2014 21:20:55 +0000 (22:20 +0100)]
Fix crash on TCP DNS request when DNSSEC not enabled.
Simon Kelley [Sun, 13 Apr 2014 19:48:57 +0000 (20:48 +0100)]
Ensure request name in buffer for ipset lookup.
Simon Kelley [Fri, 11 Apr 2014 17:56:23 +0000 (18:56 +0100)]
Add donate button to doc.html.
Simon Kelley [Wed, 9 Apr 2014 19:36:53 +0000 (20:36 +0100)]
Update CHANGELOG/release-notes.
Lutz Preßler [Mon, 7 Apr 2014 21:06:23 +0000 (22:06 +0100)]
ipv6.arpa -> ip6.arpa
Simon Kelley [Thu, 3 Apr 2014 20:16:40 +0000 (21:16 +0100)]
Fix NXDOMAIN RCODE in auth PTR replies.
Simon Kelley [Sat, 29 Mar 2014 09:20:07 +0000 (09:20 +0000)]
Fix ipsets logging patch.
Wang Jian [Fri, 28 Mar 2014 20:52:47 +0000 (20:52 +0000)]
Log IPSET actions.
Simon Kelley [Fri, 28 Mar 2014 20:41:23 +0000 (20:41 +0000)]
Add --dnssec-no-timecheck
Simon Kelley [Thu, 27 Mar 2014 22:02:17 +0000 (22:02 +0000)]
Ensure ->sentto is valid for DNSSEC forwards. Otherwise retries SEGV.
Simon Kelley [Thu, 27 Mar 2014 20:54:34 +0000 (20:54 +0000)]
Cache stats availble in CHAOS .bind domain.
Simon Kelley [Wed, 26 Mar 2014 12:24:19 +0000 (12:24 +0000)]
Terminate DS-search when reaching the root via cache entries.
Simon Kelley [Tue, 25 Mar 2014 21:07:00 +0000 (21:07 +0000)]
SERVFAIL is an expected error return, don't try all servers.
Tomas Hozza [Tue, 25 Mar 2014 20:52:28 +0000 (20:52 +0000)]
Handle failure of hash_questions()
Tomas Hozza [Tue, 25 Mar 2014 20:43:21 +0000 (20:43 +0000)]
Memory leak in error path.
Simon Kelley [Mon, 24 Mar 2014 22:04:42 +0000 (22:04 +0000)]
Reorder sanity checks on UDP packet reception, to cope with failed recvfrom()
Simon Kelley [Mon, 24 Mar 2014 21:13:49 +0000 (21:13 +0000)]
Add dnssec-check-unsigned to example config file.
Simon Kelley [Sat, 22 Mar 2014 19:33:43 +0000 (19:33 +0000)]
CHANGELOG update.
Simon Kelley [Sat, 22 Mar 2014 19:18:06 +0000 (19:18 +0000)]
Ignore DNS queries from port 0: http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html
Andy [Sat, 22 Mar 2014 19:10:07 +0000 (19:10 +0000)]
Tidy uid defines.
Simon Kelley [Fri, 21 Mar 2014 11:13:55 +0000 (11:13 +0000)]
Fix DNSSEC crash retrying to IPv6 server.
Simon Kelley [Thu, 20 Mar 2014 16:25:43 +0000 (16:25 +0000)]
Initialise uid when creating CNAME cache record.
Simon Kelley [Thu, 20 Mar 2014 15:47:18 +0000 (15:47 +0000)]
Make --quiet-dhcp apply to DHCPDISCOVER when client ignored.
Moritz Warning [Thu, 20 Mar 2014 15:32:22 +0000 (15:32 +0000)]
Manpage typos.
Simon Kelley [Tue, 18 Mar 2014 22:38:30 +0000 (22:38 +0000)]
Tidy and fix cache->uid handling.
Some CNAMES left the value of ->uid undefined.
Since there are now special values if this, for CNAMES
to interface names, that could cause a crash
if the undefined value hit the special value.
Also ensure that the special value can't arise
when the uid is encoding the source of an F_CONFIG
record, in case there's a CNAME to it.
Andy [Mon, 17 Mar 2014 19:50:29 +0000 (19:50 +0000)]
Ensure next_uid() can never return 0.
Simon Kelley [Sun, 16 Mar 2014 22:56:58 +0000 (22:56 +0000)]
Handle integer overflow in uid counter. Fixes rare crashes in cache code.
Simon Kelley [Wed, 12 Mar 2014 20:12:56 +0000 (20:12 +0000)]
Warn about non-local queries once only for UDP.
Simon Kelley [Wed, 12 Mar 2014 20:07:12 +0000 (20:07 +0000)]
Typo
Simon Kelley [Thu, 6 Mar 2014 13:27:57 +0000 (13:27 +0000)]
OPT_LOCAL_SERVICE needs up-to-date interface list too.
Simon Kelley [Wed, 5 Mar 2014 15:01:08 +0000 (15:01 +0000)]
Set --local-service in Debian package startup.
Simon Kelley [Wed, 5 Mar 2014 14:29:54 +0000 (14:29 +0000)]
--local-service. Default protection from DNS amplification attacks.
Simon Kelley [Wed, 5 Mar 2014 11:01:23 +0000 (11:01 +0000)]
Add --static to pkg-config command when appropriate.
Simon Kelley [Mon, 3 Mar 2014 14:19:19 +0000 (14:19 +0000)]
Compiler warning.
Simon Kelley [Sun, 2 Mar 2014 14:30:05 +0000 (14:30 +0000)]
Man page updates for DNSSEC.
Simon Kelley [Sun, 2 Mar 2014 12:46:51 +0000 (12:46 +0000)]
KEYBLOCK LEN better as a multiple of 8.
Simon Kelley [Sat, 1 Mar 2014 22:53:57 +0000 (22:53 +0000)]
Can have local DS records (trust anchors).
Simon Kelley [Sat, 1 Mar 2014 20:48:24 +0000 (20:48 +0000)]
Mass edit of INSECURE->BOGUS returns for server failure/bad input.
Simon Kelley [Sat, 1 Mar 2014 20:08:58 +0000 (20:08 +0000)]
Don't cache secure replies which we've messsed with.
Simon Kelley [Sat, 1 Mar 2014 20:03:47 +0000 (20:03 +0000)]
Tweak tuning params.
Simon Kelley [Sat, 1 Mar 2014 18:07:57 +0000 (18:07 +0000)]
Handle replies with no answers and no NS in validate_reply.
Simon Kelley [Sat, 1 Mar 2014 17:58:28 +0000 (17:58 +0000)]
Don't free blockdata for negative DS cache entries.
Simon Kelley [Sat, 1 Mar 2014 16:12:28 +0000 (16:12 +0000)]
Fix off-by-one overwrite.
Simon Kelley [Sat, 1 Mar 2014 15:35:50 +0000 (15:35 +0000)]
Tidy.
Simon Kelley [Fri, 28 Feb 2014 18:10:55 +0000 (18:10 +0000)]
Check that unsigned replies come from unsigned zones if --dnssec-check-unsigned set.
Simon Kelley [Thu, 27 Feb 2014 14:30:03 +0000 (14:30 +0000)]
Negative caching for DS records.
Simon Kelley [Tue, 25 Feb 2014 23:13:28 +0000 (23:13 +0000)]
Return INSECURE when validation fails with proved non-existent DS.
Simon Kelley [Tue, 25 Feb 2014 23:02:28 +0000 (23:02 +0000)]
Strip DNSSEC RRs when query doesn't have DO bit set.
Simon Kelley [Mon, 24 Feb 2014 21:46:44 +0000 (21:46 +0000)]
Speeling.
Simon Kelley [Mon, 24 Feb 2014 21:01:09 +0000 (21:01 +0000)]
Code cleanup.
Simon Kelley [Mon, 24 Feb 2014 20:20:00 +0000 (20:20 +0000)]
An NSEC record cannot attest to its own non-existance!
Simon Kelley [Sun, 23 Feb 2014 16:20:46 +0000 (16:20 +0000)]
Check signer name in RRSIGs.
Simon Kelley [Sun, 23 Feb 2014 15:24:26 +0000 (15:24 +0000)]
Bugfix for last commit.
Simon Kelley [Sun, 23 Feb 2014 10:48:32 +0000 (10:48 +0000)]
NSEC3 validation. First pass.
Simon Kelley [Thu, 20 Feb 2014 13:43:28 +0000 (13:43 +0000)]
Add --servers-file option.
Simon Kelley [Wed, 19 Feb 2014 18:14:33 +0000 (18:14 +0000)]
Omit ECC from DNSSEC if nettle library is old.
Simon Kelley [Wed, 19 Feb 2014 17:45:17 +0000 (17:45 +0000)]
More server cleanup.
Simon Kelley [Tue, 18 Feb 2014 22:30:30 +0000 (22:30 +0000)]
Cleanup of server reading code, preparation, for dynamic reading from files.
Simon Kelley [Mon, 17 Feb 2014 21:43:27 +0000 (21:43 +0000)]
--rev-server option. Syntactic sugar for PTR queries.
Simon Kelley [Thu, 13 Feb 2014 16:56:30 +0000 (16:56 +0000)]
Log BOGUS validation result when upstream sends SERVFAIL.
Simon Kelley [Thu, 13 Feb 2014 16:43:49 +0000 (16:43 +0000)]
TYpo.
Simon Kelley [Thu, 13 Feb 2014 16:42:02 +0000 (16:42 +0000)]
No CD in forwarded queries unless dnssec-debug for TCP too.
Simon Kelley [Thu, 13 Feb 2014 16:38:23 +0000 (16:38 +0000)]
Don't mess with the TTL of DNSSEC RRs.
Simon Kelley [Thu, 13 Feb 2014 14:56:10 +0000 (14:56 +0000)]
Add RFC-6605 ECDSA DNSSEC verification.
Simon Kelley [Tue, 11 Feb 2014 11:07:22 +0000 (11:07 +0000)]
Use DS records as trust anchors, not DNSKEYs.
This allows us to query for the root zone DNSKEY RRset and validate
it, thus automatically handling KSK rollover.