2 Fix compilation problem in Mac OS X Lion. Thanks to Olaf
5 Fix DHCP when using --listen-address with an IP address
6 which is not the primary address of an interface.
8 Add --dhcp-client-update option.
10 Add Lua integration. Dnsmasq can now execute a DHCP
11 lease-change script written in Lua. This needs to be
12 enabled at compile time by setting HAVE_LUASCRIPT in
13 src/config.h or running "make COPTS=-DHAVE_LUASCRIPT"
14 Thanks to Jan-Piet Mens for the idea and proof-of-concept
17 Tidied src/config.h to distinguish between
18 platform-dependent compile-time options which are selected
19 automatically, and builder-selectable compile time
20 options. Document the latter better, and describe how to
21 set them from the make command line.
23 Tidied up IPPROTO_IP/SOL_IP (and IPv6 equivalent)
24 confusion. IPPROTO_IP works everywhere now.
26 Set TOS on DHCP sockets, this improves things on busy
27 wireless networks. Thanks to Dave Taht for the patch.
29 Determine VERSION automatically based on git magic:
30 release tags or hash values.
32 Improve start-up speed when reading large hosts files
33 containing many distinct addresses.
35 Fix problem if dnsmasq is started without the stdin,
36 stdout and stderr file descriptors open. This can manifest
37 itself as 100% CPU use. Thanks to Chris Moore for finding
40 Fix shell-scripting bug in bld/pkg-wrapper. Thanks to
41 Mark Mitchell for the patch.
43 Allow the TFP server or boot server in --pxe-service, to
44 be a domain name instead of an IP address. This allows for
45 round-robin to multiple servers, in the same way as
46 --dhcp-boot. A good suggestion from Cristiano Cumer.
48 Support BUILDDIR variable in the Makefile. Allows builds
49 for multiple archs from the same source tree with eg.
50 make BUILDDIR=linux (relative to dnsmasq tree)
51 make BUILDDIR=/tmp/openbsd (absolute path)
52 If BUILDDIR is not set, compilation happens in the src
53 directory, as before. Suggestion from Mark Mitchell.
55 Support DHCPv6. Support is there for the sort of things
56 the existing v4 server does, including tags, options,
57 static addresses and relay support. Missing is prefix
58 delegation, which is probably not required in the dnsmasq
59 niche, and an easy way to accept prefix delegations from
60 an upstream DHCPv6 server, which is. Future plans include
61 support for DHCPv6 router option and MAC address option
62 (to make selecting clients by MAC address work like IPv4).
63 These will be added as the standards mature.
64 This code has been tested, but this is the first release,
65 so don't bet the farm on it just yet. Many thanks to all
66 testers who have got it this far.
68 Support IPv6 router advertisements. This is a
69 simple-minded implementation, aimed at providing the
70 vestigial RA needed to go alongside IPv6. Is picks up
71 configuration from the DHCPv6 conf, and should just need
72 enabling with --enable-ra.
74 Fix long-standing wrinkle with --localise-queries that
75 could result in wrong answers when DNS packets arrive
76 via an interface other than the expected one. Thanks to
77 Lorenzo Milesi and John Hanks for spotting this one.
79 Update French translation. Thanks to Gildas Le Nadan.
81 Update Polish translation. Thanks to Jan Psota.
85 Fix regression in 2.58 which caused failure to start up
86 with some combinations of dnsmasq config and IPv6 kernel
87 network config. Thanks to Brielle Bruns for the bug
90 Improve dnsmasq's behaviour when network interfaces are
91 still doing duplicate address detection (DAD). Previously,
92 dnsmasq would wait up to 20 seconds at start-up for the
93 DAD state to terminate. This is broken for bridge
94 interfaces on recent Linux kernels, which don't start DAD
95 until the bridge comes up, and so can take arbitrary
96 time. The new behaviour lets dnsmasq poll for an arbitrary
97 time whilst providing service on other interfaces. Thanks
98 to Stephen Hemminger for pointing out the problem.
102 Provide a definition of the SA_SIZE macro where it's
103 missing. Fixes build failure on openBSD.
105 Don't include a zero terminator at the end of messages
106 sent to /dev/log when /dev/log is a datagram socket.
107 Thanks to Didier Rabound for spotting the problem.
109 Add --dhcp-sequential-ip flag, to force allocation of IP
110 addresses in ascending order. Note that the default
111 pseudo-random mode is in general better but some
112 server-deployment applications need this.
114 Fix problem where a server-id of 0.0.0.0 is sent to a
115 client when a dhcp-relay is in use if a client renews a
116 lease after dnsmasq restart and before any clients on the
117 subnet get a new lease. Thanks to Mike Ruiz for assistance
118 in chasing this one down.
120 Don't return NXDOMAIN to an AAAA query if we have CNAME
121 which points to an A record only: NODATA is the correct
122 reply in this case. Thanks to Tom Fernandes for spotting
125 Relax the need to supply a netmask in --dhcp-range for
126 networks which use a DHCP relay. Whilst this is still
127 desireable, in the absence of a netmask dnsmasq will use
128 a default based on the class (A, B, or C) of the address.
129 This should at least remove a cause of mysterious failure
130 for people using RFC1918 addresses and relays.
132 Add support for Linux conntrack connection marking. If
133 enabled with --conntrack, the connection mark for incoming
134 DNS queries will be copied to the outgoing connections
135 used to answer those queries. This allows clever firewall
136 and accounting stuff. Only available if dnsmasq is
137 compiled with HAVE_CONNTRACK and adds a dependency on
138 libnetfilter-conntrack. Thanks to Ed Wildgoose for the
139 initial idea, testing and sponsorship of this function.
141 Provide a sane error message when someone attempts to
142 match a tag in --dhcp-host.
144 Tweak the behaviour of --domain-needed, to avoid problems
145 with recursive nameservers downstream of dnsmasq. The new
146 behaviour only stops A and AAAA queries, and returns
147 NODATA rather than NXDOMAIN replies.
149 Efficiency fix for very large DHCP configurations, thanks
150 to James Gartrell and Mike Ruiz for help with this.
152 Allow the TFTP-server address in --dhcp-boot to be a
153 domain-name which is looked up in /etc/hosts. This can
154 give multiple IP addresses which are used round-robin,
155 thus doing TFTP server load-balancing. Thanks to Sushil
156 Agrawal for the patch.
158 When two tagged dhcp-options for a particular option
159 number are both valid, use the one which is valid without
160 a tag from the dhcp-range. Allows overriding of the value
161 of a DHCP option for a particular host as well as
162 per-network values. So
163 --dhcp-range=set:interface1,......
164 --dhcp-host=set:myhost,.....
165 --dhcp-option=tag:interface1,option:nis-domain,"domain1"
166 --dhcp-option=tag:myhost,option:nis-domain,"domain2"
167 will set the NIS-domain to domain1 for hosts in the range, but
168 override that to domain2 for a particular host.
170 Fix bug which resulted in truncated files and timeouts for
171 some TFTP transfers. The bug only occurs with netascii
172 transfers and needs an unfortunate relationship between
173 file size, blocksize and the number of newlines in the
174 last block before it manifests itself. Many thanks to
175 Alkis Georgopoulos for spotting the problem and providing
176 a comprehensive test-case.
178 Fix regression in TFTP server on *BSD platforms introduced
179 in version 2.56, due to confusion with sockaddr
180 length. Many thanks to Loïc Pefferkorn for finding this.
182 Support scope-ids in IPv6 addresses of nameservers from
183 /etc/resolv.conf and in --server options. Eg
184 nameserver fe80::202:a412:4512:7bbf%eth0 or
185 server=fe80::202:a412:4512:7bbf%eth0. Thanks to
186 Michael Stapelberg for the suggestion.
188 Update Polish translation, thanks to Jan Psota.
190 Update French translation. Thanks to Gildas Le Nadan.
194 Add patches to allow build under Android.
196 Provide our own header for the DNS protocol, rather than
197 relying on arpa/nameser.h. This has proved more or less
198 defective over the years and the final straw is that it's
199 effectively empty on Android.
201 Fix regression in 2.56 which caused hex constants in
202 configuration to be rejected if they contain the '*'
205 Correct wrong casts of arguments to ctype.h functions,
206 isdigit(), isxdigit() etc. Thanks to Matthias Andree for
209 Allow build with IDN support independently from i18n.
210 IDN support continues to be included automatically
211 when i18n is included.
212 'make COPTS=-DHAVE_IDN' is the magic incantation.
214 Modify check on extraneous command line junk (added in
215 2.56) so that it doesn't complain about extra _empty_
216 arguments. Otherwise this breaks libvirt.
220 Add a patch to allow dnsmasq to get interface names right in a
221 Solaris zone. Thanks to Dj Padzensky for this.
223 Improve data-type parsing heuristics so that
224 --dhcp-option=option:domain-search,.
225 treats the value as a string and not an IP address.
226 Thanks to Clemens Fischer for spotting that.
228 Add IPv6 support to the TFTP server. Many thanks to Jan
229 'RedBully' Seiffert for the patches.
231 Log DNS queries at level LOG_INFO, rather then
232 LOG_DEBUG. This makes things consistent with DHCP
233 logging. Thanks to Adam Pribyl for spotting the problem.
235 Ensure that dnsmasq terminates cleanly when using
236 --syslog-async even if it cannot make a connection to the
239 Add --add-mac option. This is to support currently
240 experimental DNS filtering facilities. Thanks to Benjamin
241 Petrin for the orignal patch.
243 Fix bug which meant that tags were ignored in dhcp-range
244 configuration specifying PXE-proxy service. Thanks to
245 Cristiano Cumer for spotting this.
247 Raise an error if there is extra junk, not part of an
248 option, on the command line.
250 Flag a couple of log messages in cache.c as coming from
251 the DHCP subsystem. Thanks to Olaf Westrik for the patch.
253 Omit timestamps from logs when a) logging to stderr and
254 b) --keep-in-forground is set. The logging facility on the
255 other end of stderr can be assumned to supply them. Thanks
256 to John Hallam for the patch.
258 Don't complain about strings longer than 255 characters in
259 --txt-record, just split the long strings into 255
260 character chunks instead.
262 Fix crash on double-free. This bug can only happen when
263 dhcp-script is in use and then only in rare circumstances
264 triggered by high DHCP transaction rate and a slow
265 script. Thanks to Ferenc Wagner for finding the problem.
267 Only log that a file has been sent by TFTP after the
268 transfer has completed succesfully.
270 A good suggestion from Ferenc Wagner: extend
271 the --domain option to allow this sort of thing:
272 --domain=thekelleys.org.uk,192.168.0.0/24,local
273 which automatically creates
274 --local=/thekelleys.org.uk/
275 --local=/0.168.192.in-addr.arpa/
277 Tighten up syntax checking of hex contants in the config
278 file. Thanks to Fred Damen for spotting this.
280 Add dnsmasq logo/icon, contributed by Justin Swift. Many
283 Never cache DNS replies which have the 'cd' bit set, or
284 which result from queries forwarded with the 'cd' bit
285 set. The 'cd' bit instructs a DNSSEC validating server
286 upstream to ignore signature failures and return replies
287 anyway. Without this change it's possible to pollute the
288 dnsmasq cache with bad data by making a query with the
289 'cd' bit set and subsequent queries would return this data
290 without its being marked as suspect. Thanks to Anders
291 Kaseorg for pointing out this problem.
293 Add --proxy-dnssec flag, for compliance with RFC
294 4035. Dnsmasq will now clear the 'ad' bit in answers returned
295 from upstream validating nameservers unless this option is
298 Allow a filename of "-" for --conf-file to read
299 stdin. Suggestion from Timothy Redaelli.
301 Rotate the order of SRV records in replies, to provide
302 round-robin load balancing when all the priorities are
303 equal. Thanks to Peter McKinney for the suggestion.
306 contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist
307 so that it doesn't log all queries to a file by
308 default. Thanks again to Peter McKinney.
310 By default, setting an IPv4 address for a domain but not
311 an IPv6 address causes dnsmasq to return
312 an NODATA reply for IPv6 (or vice-versa). So
313 --address=/google.com/1.2.3.4 stops IPv6 queries for
314 *google.com from being forwarded. Make it possible to
315 override this behaviour by defining the sematics if the
316 same domain appears in both --server and --address.
317 In that case, the --address has priority for the address
318 family in which is appears, but the --server has priority
319 of the address family which doesn't appear in --adddress
321 --address=/google.com/1.2.3.4
322 --server=/google.com/#
323 will return 1.2.3.4 for IPv4 queries for *.google.com but
324 forward IPv6 queries to the normal upstream nameserver.
325 Similarly when setting an IPv6 address
326 only this will allow forwarding of IPv4 queries. Thanks to
327 William for pointing out the need for this.
329 Allow more than one --dhcp-optsfile and --dhcp-hostsfile
330 and make them understand directories as arguments in the
331 same way as --addn-hosts. Suggestion from John Hanks.
333 Ignore rebinding requests for leases we don't know
334 about. Rebind is broadcast, so we might get to overhear a
335 request meant for another DHCP server. NAKing this is
336 wrong. Thanks to Brad D'Hondt for assistance with this.
338 Fix cosmetic bug which produced strange output when
339 dumping cache statistics with some configurations. Thanks
340 to Fedor Kozhevnikov for spotting this.
344 Fix crash when /etc/ethers is in use. Thanks to
345 Gianluigi Tiesi for finding this.
347 Fix crash in netlink_multicast(). Thanks to Arno Wald for
350 Allow the empty domain "." in dhcp domain-search (119)
355 There is no version 2.54 to avoid confusion with 2.53,
356 which incorrectly identifies itself as 2.54.
360 Fix failure to compile on Debian/kFreeBSD. Thanks to
361 Axel Beckert and Petr Salinger.
363 Fix code to avoid scary strict-aliasing warnings
364 generated by gcc 4.4.
366 Added FAQ entry warning about DHCP failures with Vista
367 when firewalls block 255.255.255.255.
369 Fixed bug which caused bad things to happen if a
370 resolv.conf file which exists is subsequently removed.
371 Thanks to Nikolai Saoukh for the patch.
373 Rationalised the DHCP tag system. Every configuration item
374 which can set a tag does so by adding "set:<tag>" and
375 every configuration item which is conditional on a tag is
376 made so by "tag:<tag>". The NOT operator changes to '!',
377 which is a bit more intuitive too. Dhcp-host directives
378 can set more than one tag now. The old '#' NOT,
379 "net:" prefix and no-prefixes are still honoured, so
380 no existing config file needs to be changed, but
381 the documentation and new-style config files should be
384 Added --tag-if to allow boolean operations on tags.
385 This allows complicated logic to be clearer and more
386 general. A great suggestion from Richard Voigt.
388 Add broadcast/unicast information to DHCP logging.
390 Allow --dhcp-broadcast to be unconditional.
392 Fixed incorrect behaviour with NOT <tag> conditionals in
393 dhcp-options. Thanks to Max Turkewitz for assistance
396 If we send vendor-class encapsulated options based on the
397 vendor-class supplied by the client, and no explicit
398 vendor-class option is given, echo back the vendor-class
401 Fix bug which stopped dnsmasq from matching both a
402 circuitid and a remoteid. Thanks to Ignacio Bravo for
405 Add --dhcp-proxy, which makes it possible to configure
406 dnsmasq to use a DHCP relay agent as a full proxy, with
407 all DHCP messages passing through the proxy. This is
408 useful if the relay adds extra information to the packets
409 it forwards, but cannot be configured with the RFC 5107
410 server-override option.
412 Added interface:<iface name> part to dhcp-range. The
413 semantics of this are very odd at first sight, but it
414 allows a single line of the form
415 dhcp-range=interface:virt0,192.168.0.4,192.168.0.200
416 to be added to dnsmasq configuration which then supplies
417 DHCP and DNS services to that interface, without affecting
418 what services are supplied to other interfaces and
419 irrespective of the existance or lack of
420 interface=<interface>
421 lines elsewhere in the dnsmasq configuration. The idea is
422 that such a line can be added automatically by libvirt
423 or equivalent systems, without disturbing any manual
426 Similarly to the above, allow --enable-tftp=<interface>
428 Allow a TFTP root to be set separately for requests via
429 different interfaces, --tftp-root=<path>,<interface>
431 Correctly handle and log clashes between CNAMES and
432 DNS names being given to DHCP leases. This fixes a bug
433 which caused nonsense IP addresses to be logged. Thanks to
434 Sergei Zhirikov for finding and analysing the problem.
436 Tweak flush_log so as to avoid leaving the log
437 file in non-blocking mode. O_NONBLOCK is a property of the
438 file, not the process/descriptor.
440 Fix contrib/Solaris10/create_package
441 (/usr/man -> /usr/share/man) Thanks to Vita Batrla.
443 Fix a problem where, if a client got a lease, then went
444 to another subnet and got another lease, then moved back,
445 it couldn't resume the old lease, but would instead get
446 a new address. Thanks to Leonardo Rodrigues for spotting
447 this and testing the fix.
449 Fix weird bug which sometimes omitted certain characters
450 from the start of quoted strings in dhcp-options. Thanks
451 to Dayton Turner for spotting the problem.
453 Add facility to redirect some domains to the standard
454 upstream servers: this allows something like
455 --server=/google.com/1.2.3.4 --server=/www.google.com/#
456 which will send queries for *.google.com to 1.2.3.4,
457 except *www.google.com which will be forwarded as usual.
458 Thanks to AJ Weber for prompting this addition.
460 Improve the hash-algorithm used to generate IP addresses
461 from MAC addresses during initial DHCP address
462 allocation. This improves performance when large numbers
463 of hosts with similar MAC addresses all try and get an IP
464 address at the same time. Thanks to Paul Smith for his
467 Tweak DHCP code so that --bridge-interface can be used to
468 select which IP alias of an interface should be used for
469 DHCP purposes on Linux. If eth0 has an alias eth0:dhcp
470 then adding --bridge-interface=eth0:dhcp,eth0 will use
471 the address of eth0:dhcp to determine the correct subnet
472 for DHCP address allocation. Thanks to Pawel Golaszewski
473 for prompting this and Eric Cooper for further testing.
475 Add --dhcp-generate-names. Suggestion by Ferenc Wagner.
477 Tweak DNS server selection algorithm when there is more
478 than one server available for a domain, eg.
479 --server=/mydomain/1.1.1.1
480 --server=/mydomain/2.2.2.2
481 Thanks to Alberto Cuesta-Canada for spotting a weakness
484 Add --max-ttl. Thanks to Fredrik Ringertz for the patch.
486 Allow --log-facility=- to force all logging to
487 stderr. Suggestion from Clemens Fischer.
489 Fix regression which caused configuration like
490 --address=/.domain.com/1.2.3.4 to be rejected. The dot to the
491 left of the domain has been implied and not required for a
492 long time, but it should be accepted for backward
493 compatibility. Thanks to Andrew Burcin for spotting this.
495 Add --rebind-domain-ok and --rebind-localhost-ok.
496 Suggestion from Clemens Fischer.
498 Log replies to queries of type TXT, when --log-queries
501 Fix compiler warnings when compiled with -DNO_DHCP. Thanks
502 to Shantanu Gadgil for the patch.
504 Updated French translation. Thanks to Gildas Le Nadan.
506 Updated Polish translation. Thanks to Jan Psota.
508 Updated German translation. Thanks to Matthias Andree.
510 Added contrib/static-arp, thanks to Darren Hoo.
512 Fix corruption of the domain when a name from /etc/hosts
513 overrides one supplied by a DHCP client. Thanks to Fedor
514 Kozhevnikov for spotting the problem.
516 Updated Spanish translation. Thanks to Chris Chatham.
520 Work around a Linux kernel bug which insists that the
521 length of the option passed to setsockopt must be at least
522 sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
523 and the device name is "lo". Note that this is fixed
524 in kernel 2.6.31, but the workaround is harmless and
525 allows earlier kernels to be used. Also fix dnsmasq
526 bug which reported the wrong address when this failed.
527 Thanks to Fedor for finding this.
529 The API for IPv6 PKTINFO changed around Linux kernel
530 2.6.14. Workaround the case where dnsmasq is compiled
531 against newer headers, but then run on an old kernel:
532 necessary for some *WRT distros.
534 Re-read the set of network interfaces when re-loading
535 /etc/resolv.conf if --bind-interfaces is not set. This
536 handles the case that loopback interfaces do not exist
537 when dnsmasq is first started.
539 Tweak the PXE code to support port 4011. This should
540 reduce broadcasts and make things more reliable when other
541 servers are around. It also improves inter-operability
542 with certain clients.
544 Make a pxe-service configuration with no filename or boot
545 service type legal: this does a local boot. eg.
546 pxe-service=x86PC, "Local boot"
548 Be more conservative in detecting "A for A"
549 queries. Dnsmasq checks if the name in a type=A query looks
550 like a dotted-quad IP address and answers the query itself
551 if so, rather than forwarding it. Previously dnsmasq
552 relied in the library function inet_addr() to convert
553 addresses, and that will accept some things which are
554 confusing in this context, like 1.2.3 or even just
555 1234. Now we only do A for A processing for four decimal
556 numbers delimited by dots.
558 A couple of tweaks to fix compilation on Solaris. Thanks
559 to Joel Macklow for help with this.
561 Another Solaris compilation tweak, needed for Solaris
562 2009.06. Thanks to Lee Essen for that.
564 Added extract packaging stuff from Lee Essen to
567 Increased the default limit on number of leases to 1000
568 (from 150). This is mainly a defence against DoS attacks,
569 and for the average "one for two class C networks"
570 installation, IP address exhaustion does that just as
571 well. Making the limit greater than the number of IP
572 addresses available in such an installation removes a
573 surprise which otherwise can catch people out.
575 Removed extraneous trailing space in the value of the
576 DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and
577 DNSMASQ_LEASE_EXPIRES environment variables. Thanks to
578 Gildas Le Nadan for spotting this.
580 Provide the network-id tags for a DHCP transaction to
581 the lease-change script in the environment variable
582 DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.
584 Add support for RFC3925 "Vendor-Identifying Vendor
585 Options". The syntax looks like this:
586 --dhcp-option=vi-encap:<enterprise number>, .........
588 Add support to --dhcp-match to allow matching against
589 RFC3925 "Vendor-Identifying Vendor Classes". The syntax
591 --dhcp-match=tag,vi-encap<enterprise number>, <value>
593 Add some application specific code to assist in
594 implementing the Broadband forum TR069 CPE-WAN
595 specification. The details are in contrib/CPE-WAN/README
597 Increase the default DNS packet size limit to 4096, as
598 recommended by RFC5625 section 4.4.3. This can be
599 reconfigured using --edns-packet-max if needed. Thanks to
600 Francis Dupont for pointing this out.
602 Rewrite query-ids even for TSIG signed packets, since
603 this is allowed by RFC5625 section 4.5.
605 Use getopt_long by default on OS X. It has been supported
606 since version 10.3.0. Thanks to Arek Dreyer for spotting
609 Added up-to-date startup configuration for MacOSX/launchd
610 in contrib/MacOSX-launchd. Thanks to Arek Dreyer for
613 Fix link error when including Dbus but excluding DHCP.
614 Thanks to Oschtan for the bug report.
616 Updated French translation. Thanks to Gildas Le Nadan.
618 Updated Polish translation. Thanks to Jan Psota.
620 Updated Spanish translation. Thanks to Chris Chatham.
622 Fixed confusion about domains, when looking up DHCP hosts
623 in /etc/hosts. This could cause spurious "Ignoring
624 domain..." messages. Thanks to Fedor Kozhevnikov for
625 finding and analysing the problem.
629 Add support for internationalised DNS. Non-ASCII characters
630 in domain names found in /etc/hosts, /etc/ethers and
631 /etc/dnsmasq.conf will be correctly handled by translation to
632 punycode, as specified in RFC3490. This function is only
633 available if dnsmasq is compiled with internationalisation
634 support, and adds a dependency on GNU libidn. Without i18n
635 support, dnsmasq continues to be compilable with just
636 standard tools. Thanks to Yves Dorfsman for the
639 Add two more environment variables for lease-change scripts:
640 First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
641 supplied by a client, even if the actual hostname used is
642 over-ridden by dhcp-host or dhcp-ignore-names directives.
643 Also DNSMASQ_RELAY_ADDRESS which gives the address of
644 a DHCP relay, if used.
645 Suggestions from Michael Rack.
647 Fix regression which broke echo of relay-agent
648 options. Thanks to Michael Rack for spotting this.
650 Don't treat option 67 as being interchangeable with
651 dhcp-boot parameters if it's specified as
654 Make the code to call scripts on lease-change compile-time
655 optional. It can be switched off by editing src/config.h
656 or building with "make COPTS=-DNO_SCRIPT".
658 Make the TFTP server cope with filenames from Windows/DOS
659 which use '\' as pathname separator. Thanks to Ralf for
662 Updated Polish translation. Thanks to Jan Psota.
664 Warn if an IP address is duplicated in /etc/ethers. Thanks
665 to Felix Schwarz for pointing this out.
667 Teach --conf-dir to take an option list of file suffices
668 which will be ignored when scanning the directory. Useful
669 for backup files etc. Thanks to Helmut Hullen for the
672 Add new DHCP option named tftpserver-address, which
673 corresponds to the third argument of dhcp-boot. This
674 allows the complete functionality of dhcp-boot to be
675 replicated with dhcp-option. Useful when using
678 Test which upstream nameserver to use every 10 seconds
679 or 50 queries and not just when a query times out and
680 is retried. This should improve performance when there
681 is a slow nameserver in the list. Thanks to Joe for the
684 Don't do any PXE processing, even for clients with the
685 correct vendorclass, unless at least one pxe-prompt or
686 pxe-service option is given. This stops dnsmasq
687 interfering with proxy PXE subsystems when it is just
688 the DHCP server. Thanks to Spencer Clark for spotting this.
690 Limit the blocksize used for TFTP transfers to a value
691 which avoids packet fragmentation, based on the MTU of the
692 local interface. Many netboot ROMs can't cope with
695 Honour dhcp-ignore configuration for PXE and proxy-PXE
696 requests. Thanks to Niels Basjes for the bug report.
698 Updated French translation. Thanks to Gildas Le Nadan.
702 Fix security problem which allowed any host permitted to
703 do TFTP to possibly compromise dnsmasq by remote buffer
704 overflow when TFTP enabled. Thanks to Core Security
705 Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
706 Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
707 Pablo Annetta. This problem has Bugtraq id: 36121
710 Fix a problem which allowed a malicious TFTP client to
711 crash dnsmasq. Thanks to Steve Grubb at Red Hat for
712 spotting this. This problem has Bugtraq id: 36120 and
717 Fix regression in 2.48 which disables the lease-change
718 script. Thanks to Jose Luis Duran for spotting this.
720 Log TFTP "file not found" errors. These were not logged,
721 since a normal PXELinux boot generates many of them, but
722 the lack of the messages seems to be more confusing than
723 routinely seeing them when there is no real error.
725 Update Spanish translation. Thanks to Chris Chatham.
729 Archived the extensive, backwards, changelog to
730 CHANGELOG.archive. The current changelog now runs from
731 version 2.43 and runs conventionally.
733 Fixed bug which broke binding of servers to physical
734 interfaces when interface names were longer than four
735 characters. Thanks to MURASE Katsunori for the patch.
737 Fixed netlink code to check that messages come from the
738 correct source, and not another userspace process. Thanks
739 to Steve Grubb for the patch.
741 Maintainability drive: removed bug and missing feature
742 workarounds for some old platforms. Solaris 9, OpenBSD
743 older than 4.1, Glibc older than 2.2, Linux 2.2.x and
744 DBus older than 1.1.x are no longer supported.
746 Don't read included configuration files more than once:
747 allows complex configuration structures without problems.
749 Mark log messages from the various subsystems in dnsmasq:
750 messages from the DHCP subsystem now have the ident string
751 "dnsmasq-dhcp" and messages from TFTP have ident
752 "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.
754 Fix possible infinite DHCP protocol loop when an IP
755 address nailed to a hostname (not a MAC address) and a
756 host sometimes provides the name, sometimes not.
758 Allow --addn-hosts to take a directory: all the files
759 in the directory are read. Thanks to Phil Cornelius for
762 Support --bridge-interface on all platforms, not just BSD.
764 Added support for advanced PXE functions. It's now
765 possible to define a prompt and menu options which will
766 be displayed when a client PXE boots. It's also possible to
767 hand-off booting to other boot servers. Proxy-DHCP, where
768 dnsmasq just supplies the PXE information and another DHCP
769 server does address allocation, is also allowed. See the
770 --pxe-prompt and --pxe-service keywords. Thanks to
771 Alkis Georgopoulos for the suggestion and Guilherme Moro
772 and Michael Brown for assistance.
774 Improvements to DHCP logging. Thanks to Tom Metro for
777 Add ability to build dnsmasq without DHCP support. To do
778 this, edit src/config.h or build with
779 "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch.
781 Added --test command-line switch - syntax check
782 configuration files only.
784 Updated French translation. Thanks to Gildas Le Nadan.
788 Updated French translation. Thanks to Gildas Le Nadan.
790 Fixed interface enumeration code to work on NetBSD
791 5.0. Thanks to Roy Marples for the patch.
793 Updated config.h to use the same location for the lease
794 file on NetBSD as the other *BSD variants. Also allow
795 LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.
797 Handle duplicate address detection on IPv6 more
798 intelligently. In IPv6, an interface can have an address
799 which is not usable, because it is still undergoing DAD
800 (such addresses are marked "tentative"). Attempting to
801 bind to an address in this state returns an error,
802 EADDRNOTAVAIL. Previously, on getting such an error,
803 dnsmasq would silently abandon the address, and never
804 listen on it. Now, it retries once per second for 20
805 seconds before generating a fatal error. 20 seconds should
806 be long enough for any DAD process to complete, but can be
807 adjusted in src/config.h if necessary. Thanks to Martin
808 Krafft for the bug report.
810 Add DBus introspection. Patch from Jeremy Laine.
812 Update Dbus configuration file. Patch from Colin Walters.
814 http://bugs.freedesktop.org/show_bug.cgi?id=18961
816 Support arbitrarily encapsulated DHCP options, suggestion
817 and initial patch from Samium Gromoff. This is useful for
818 (eg) gPXE, which expect all its private options to be
819 encapsulated inside a single option 175. So, eg,
821 dhcp-option = encap:175, 190, "iscsi-client0"
822 dhcp-option = encap:175, 191, "iscsi-client0-secret"
824 will provide iSCSI parameters to gPXE.
826 Enhance --dhcp-match to allow testing of the contents of a
827 client-sent option, as well as its presence. This
828 application in mind for this is RFC 4578
829 client-architecture specifiers, but it's generally useful.
830 Joey Korkames suggested the enhancement.
832 Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
833 OpenSolaris. Thanks to Bastian Machek for the heads-up.
835 No longer complain about blank lines in
836 /etc/ethers. Thanks to Jon Nelson for the patch.
838 Fix binding of servers to physical devices, eg
839 --server=/domain/1.2.3.4@eth0 which was broken from 2.43
840 onwards unless --query-port=0 set. Thanks to Peter Naulls
843 Reply to DHCPINFORM requests even when the supplied ciaddr
844 doesn't fall in any dhcp-range. In this case it's not
845 possible to supply a complete configuration, but
846 individually-configured options (eg PAC) may be useful.
848 Allow the source address of an alias to be a range:
849 --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
850 subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
852 --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
853 maps only the 192.168.0.10->192.168.0.40 region. Thanks to
854 Ib Uhrskov for the suggestion.
856 Don't dynamically allocate DHCP addresses which may break
857 Windows. Addresses which end in .255 or .0 are broken in
858 Windows even when using supernetting.
859 --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means
860 192.168.0.255 is a valid IP address, but not for Windows.
861 See Microsoft KB281579. We therefore no longer allocate
862 these addresses to avoid hard-to-diagnose problems.
864 Update Polish translation. Thanks to Jan Psota.
866 Delete the PID-file when dnsmasq shuts down. Note that by
867 this time, dnsmasq is normally not running as root, so
868 this will fail if the PID-file is stored in a root-owned
869 directory; such failure is silently ignored. To take
870 advantage of this feature, the PID-file must be stored in a
871 directory owned and write-able by the user running
876 Allow --bootp-dynamic to take a netid tag, so that it may
877 be selectively enabled. Thanks to Olaf Westrik for the
880 Remove ISC-leasefile reading code. This has been
881 deprecated for a long time, and last time I removed it, it
882 ended up going back by request of one user. This time,
883 it's gone for good; otherwise it would need to be
884 re-worked to support multiple domains (see below).
886 Support DHCP clients in multiple DNS domains. This is a
887 long-standing request. Clients are assigned to a domain
888 based in their IP address.
890 Add --dhcp-fqdn flag, which changes behaviour if DNS names
891 assigned to DHCP clients. When this is set, there must be
892 a domain associated with each client, and only
893 fully-qualified domain names are added to the DNS. The
894 advantage is that the only the FQDN needs to be unique,
895 so that two or more DHCP clients can share a hostname, as
896 long as they are in different domains.
898 Set environment variable DNSMASQ_DOMAIN when invoking
899 lease-change script. This may be useful information to
900 have now that it's variable.
902 Tighten up data-checking code for DNS packet
903 handling. Thanks to Steve Dodd who found certain illegal
904 packets which could crash dnsmasq. No memory overwrite was
905 possible, so this is not a security issue beyond the DoS
908 Update example config dhcp option 47, the previous
909 suggestion generated an illegal, zero-length,
910 option. Thanks to Matthias Andree for finding this.
912 Rewrite hosts-file reading code to remove the limit of
913 1024 characters per line. John C Meuser found this.
915 Create a net-id tag with the name of the interface on
916 which the DHCP request was received.
918 Fixed minor memory leak in DBus code, thanks to Jeremy
921 Emit DBus signals as the DHCP lease database
922 changes. Thanks to Jeremy Laine for the patch.
924 Allow for more that one MAC address in a dhcp-host
925 line. This configuration tells dnsmasq that it's OK to
926 abandon a DHCP lease of the fixed address to one MAC
927 address, if another MAC address in the dhcp-host statement
928 asks for an address. This is useful to give a fixed
929 address to a host which has two network interfaces
930 (say, a laptop with wired and wireless interfaces.)
931 It's very important to ensure that only one interface
932 at a time is up, since dnsmasq abandons the first lease
933 and re-uses the address before the leased time has
934 elapsed. John Gray suggested this.
936 Tweak the response to a DHCP request packet with a wrong
937 server-id when --dhcp-authoritative is set; dnsmasq now
938 returns a DHCPNAK, rather than silently ignoring the
939 packet. Thanks to Chris Marget for spotting this
942 Add --cname option. This provides a limited alias
943 function, usable for DHCP names. Thanks to AJ Weber for
946 Updated contrib/webmin with latest version from Neil
949 Updated Polish translation. Thanks to Jan Psota.
951 Correct the text names for DHCP options 64 and 65 to be
952 "nis+-domain" and "nis+-servers".
954 Updated Spanish translation. Thanks to Chris Chatham.
956 Force re-reading of /etc/resolv.conf when an "interface
961 Fix total DNS failure in release 2.44 unless --min-port
962 specified. Thanks to Steven Barth and Grant Coady for
963 bugreport. Also reject out-of-range port spec, which could
964 break things too: suggestion from Gilles Espinasse.
968 Fix crash when unknown client attempts to renew a DHCP
969 lease, problem introduced in version 2.43. Thanks to
970 Carlos Carvalho for help chasing this down.
972 Fix potential crash when a host which doesn't have a lease
973 does DHCPINFORM. Again introduced in 2.43. This bug has
974 never been reported in the wild.
976 Fix crash in netlink code introduced in 2.43. Thanks to
977 Jean Wolter for finding this.
979 Change implementation of min_port to work even if min-port
982 Patch to enable compilation of latest Mac OS X. Thanks to
985 Update Spanish translation. Thanks to Christopher Chatham.
989 Updated Polish translation. Thanks to Jan Psota.
991 Flag errors when configuration options are repeated
994 Further tweaks for GNU/kFreeBSD
996 Add --no-wrap to msgmerge call - provides nicer .po file
999 Honour lease-time spec in dhcp-host lines even for
1000 BOOTP. The user is assumed to known what they are doing in
1001 this case. (Hosts without the time spec still get infinite
1002 leases for BOOTP, over-riding the default in the
1003 dhcp-range.) Thanks to Peter Katzmann for uncovering this.
1005 Fix problem matching relay-agent ids. Thanks to Michael
1006 Rack for the bug report.
1008 Add --naptr-record option. Suggestion from Johan
1011 Implement RFC 5107 server-id-override DHCP relay agent
1014 Apply patches from Stefan Kruger for compilation on
1015 Solaris 10 under Sun studio.
1017 Yet more tweaking of Linux capability code, to suppress
1018 pointless wingeing from kernel 2.6.25 and above.
1020 Improve error checking during startup. Previously, some
1021 errors which occurred during startup would be worked
1022 around, with dnsmasq still starting up. Some were logged,
1023 some silent. Now, they all cause a fatal error and dnsmasq
1024 terminates with a non-zero exit code. The errors are those
1025 associated with changing uid and gid, setting process
1026 capabilities and writing the pidfile. Thanks to Uwe
1027 Gansert and the Suse security team for pointing out
1028 this improvement, and Bill Reimers for good implementation
1031 Provide NO_LARGEFILE compile option to switch off largefile
1032 support when compiling against versions of uclibc which
1033 don't support it. Thanks to Stephane Billiart for the patch.
1035 Implement random source ports for interactions with
1036 upstream nameservers. New spoofing attacks have been found
1037 against nameservers which do not do this, though it is not
1038 clear if dnsmasq is vulnerable, since to doesn't implement
1039 recursion. By default dnsmasq will now use a different
1040 source port (and socket) for each query it sends
1041 upstream. This behaviour can suppressed using the
1042 --query-port option, and the old default behaviour
1043 restored using --query-port=0. Explicit source-port
1044 specifications in --server configs are still honoured.
1046 Replace the random number generator, for better
1047 security. On most BSD systems, dnsmasq uses the
1048 arc4random() RNG, which is secure, but on other platforms,
1049 it relied on the C-library RNG, which may be
1050 guessable and therefore allow spoofing. This release
1051 replaces the libc RNG with the SURF RNG, from Daniel
1052 J. Berstein's DJBDNS package.
1054 Don't attempt to change user or group or set capabilities
1055 if dnsmasq is run as a non-root user. Without this, the
1056 change from soft to hard errors when these fail causes
1057 problems for non-root daemons listening on high
1058 ports. Thanks to Patrick McLean for spotting this.
1060 Updated French translation. Thanks to Gildas Le Nadan.
1064 The changelog for version 2.42 and earlier is
1065 available in CHANGELOG.archive.