Fix broken DNSSEC validation of ECDSA signatures.
Add --dnssec-timestamp option, which provides an automatic
- way to detect when the system time becomes valid after boot
- on systems without an RTC, whilst allowing DNS queries before the
- clock is valid so that NTP can run. Thanks to
- Kevin Darbyshire-Bryant for developing this idea.
+ way to detect when the system time becomes valid after
+ boot on systems without an RTC, whilst allowing DNS
+ queries before the clock is valid so that NTP can run.
+ Thanks to Kevin Darbyshire-Bryant for developing this idea.
Add --tftp-no-fail option. Thanks to Stefan Tomanek for
the patch.
- Fix crash caused by looking up servers.bind, CHAOS text record,
- when more than about five --servers= lines are in the dnsmasq
- config. This causes memory corruption which causes a crash later.
- Thanks to Matt Coddington for sterling work chasing this down.
+ Fix crash caused by looking up servers.bind, CHAOS text
+ record, when more than about five --servers= lines are
+ in the dnsmasq config. This causes memory corruption
+ which causes a crash later. Thanks to Matt Coddington for
+ sterling work chasing this down.
+
+ Fix crash on receipt of certain malformed DNS requests.
+ Thanks to Nick Sampanis for spotting the problem.
+
+ Fix crash in authoritative DNS code, if a .arpa zone
+ is declared as authoritative, and then a PTR query which
+ is not to be treated as authoritative arrived. Normally,
+ directly declaring .arpa zone as authoritative is not
+ done, so this crash wouldn't be seen. Instead the
+ relevant .arpa zone should be specified as a subnet
+ in the auth-zone declaration. Thanks to Johnny S. Lee
+ for the bugreport and initial patch.
version 2.72
Fix problem with --local-service option on big-endian platforms
Thanks to Richard Genoud for the patch.
- Fix crash on receipt of certain malformed DNS requests. Thanks
- to Nick Sampanis for spotting the problem.
-
version 2.71
Subtle change to error handling to help DNSSEC validation
when servers fail to provide NODATA answers for
for (zone = daemon->auth_zones; zone; zone = zone->next)
if ((subnet = find_subnet(zone, flag, &addr)))
break;
-
+
if (!zone)
{
auth = 0;
if (intr)
{
- if (in_zone(zone, intr->name, NULL))
+ if (local_query || in_zone(zone, intr->name, NULL))
{
found = 1;
log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
*p = 0; /* must be bare name */
/* add external domain */
- strcat(name, ".");
- strcat(name, zone->domain);
+ if (zone)
+ {
+ strcat(name, ".");
+ strcat(name, zone->domain);
+ }
log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid));
found = 1;
if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
T_PTR, C_IN, "d", name))
anscount++;
}
- else if (crecp->flags & (F_DHCP | F_HOSTS) && in_zone(zone, name, NULL))
+ else if (crecp->flags & (F_DHCP | F_HOSTS) && (local_query || in_zone(zone, name, NULL)))
{
log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid));
found = 1;