Dnsmasq: 2.60 update

[tomato.git] / release / src / router / dnsmasq / CHANGELOG

version 2.60
            Fix compilation problem in Mac OS X Lion. Thanks to Olaf
            Flebbe for the patch.

            Fix DHCP when using --listen-address with an IP address
            which is not the primary address of an interface.

            Add --dhcp-client-update option.

            Add Lua integration. Dnsmasq can now execute a DHCP
            lease-change script written in Lua. This needs to be
            enabled at compile time by setting HAVE_LUASCRIPT in 
            src/config.h or running "make COPTS=-DHAVE_LUASCRIPT"
            Thanks to Jan-Piet Mens for the idea and proof-of-concept 
            implementation.
            
            Tidied src/config.h to distinguish between
            platform-dependent compile-time options which are selected
            automatically, and builder-selectable compile time
            options. Document the latter better, and describe how to
            set them from the make command line.

            Tidied up IPPROTO_IP/SOL_IP (and IPv6 equivalent)
            confusion. IPPROTO_IP works everywhere now.
            
            Set TOS on DHCP sockets, this improves things on busy
            wireless networks. Thanks to Dave Taht for the patch.

            Determine VERSION automatically based on git magic:
            release tags or hash values.

            Improve start-up speed when reading large hosts files 
            containing many distinct addresses.

            Fix problem if dnsmasq is started without the stdin,
            stdout and stderr file descriptors open. This can manifest
            itself as 100% CPU use. Thanks to Chris Moore for finding
            this.

            Fix shell-scripting bug in bld/pkg-wrapper. Thanks to 
            Mark Mitchell for the patch.

            Allow the TFP server or boot server in --pxe-service, to
            be a domain name instead of an IP address. This allows for
            round-robin to multiple servers, in the same way as
            --dhcp-boot. A good suggestion from Cristiano Cumer.

            Support BUILDDIR variable in the Makefile. Allows builds 
            for multiple archs from the same source tree with eg.
            make BUILDDIR=linux             (relative to dnsmasq tree)
            make BUILDDIR=/tmp/openbsd      (absolute path)
            If BUILDDIR is not set, compilation happens in the src
            directory, as before. Suggestion from Mark Mitchell.

            Support DHCPv6. Support is there for the sort of things
            the existing v4 server does, including tags, options, 
            static addresses and relay support. Missing is prefix 
            delegation, which is probably not required in the dnsmasq
            niche, and an easy way to accept prefix delegations from
            an upstream DHCPv6 server, which is. Future plans include
            support for DHCPv6 router option and MAC address option
            (to make selecting clients by MAC address work like IPv4).
            These will be added as the standards mature.
            This code has been tested, but this is the first release,
            so don't bet the farm on it just yet. Many thanks to all 
            testers who have got it this far.

            Support IPv6 router advertisements. This is a
            simple-minded implementation, aimed at providing the
            vestigial RA needed to go alongside IPv6. Is picks up
            configuration from the DHCPv6 conf, and should just need
            enabling with --enable-ra.   

            Fix long-standing wrinkle with --localise-queries that
            could result in wrong answers when DNS packets arrive
            via an interface other than the expected one. Thanks to 
            Lorenzo Milesi and John Hanks for spotting this one.
 
            Update French translation. Thanks to Gildas Le Nadan.

            Update Polish translation. Thanks to Jan Psota.


version 2.59
            Fix regression in 2.58 which caused failure to start up
            with some combinations of dnsmasq config and IPv6 kernel
            network config. Thanks to Brielle Bruns for the bug
            report.

            Improve dnsmasq's behaviour when network interfaces are
            still doing duplicate address detection (DAD). Previously,
            dnsmasq would wait up to 20 seconds at start-up for the
            DAD state to terminate. This is broken for bridge
            interfaces on recent Linux kernels, which don't start DAD
            until the bridge comes up, and so can take arbitrary
            time. The new behaviour lets dnsmasq poll for an arbitrary
            time whilst providing service on other interfaces. Thanks
            to Stephen Hemminger for pointing out the problem.


version 2.58
            Provide a definition of the SA_SIZE macro where it's 
            missing. Fixes build failure on openBSD.

            Don't include a zero terminator at the end of messages
            sent to /dev/log when /dev/log is a datagram socket.
            Thanks to Didier Rabound for spotting the problem.

            Add --dhcp-sequential-ip flag, to force allocation of IP
            addresses in ascending order. Note that the default
            pseudo-random mode is in general better but some
            server-deployment applications need this.

            Fix problem where a server-id of 0.0.0.0 is sent to a
            client when a dhcp-relay is in use if a client renews a
            lease after dnsmasq restart and before any clients on the
            subnet get a new lease. Thanks to Mike Ruiz for assistance
            in chasing this one down. 

            Don't return NXDOMAIN to an AAAA query if we have CNAME
            which points to an A record only: NODATA is the correct
            reply in this case. Thanks to Tom Fernandes for spotting
            the problem.

            Relax the need to supply a netmask in --dhcp-range for
            networks which use a DHCP relay. Whilst this is still
            desireable, in the absence of a netmask dnsmasq will use
            a default based on the class (A, B, or C) of the address. 
            This should at least remove a cause of mysterious failure 
            for people using RFC1918 addresses and relays.

            Add support for Linux conntrack connection marking. If 
            enabled with --conntrack, the connection mark for incoming
            DNS queries will be copied  to the outgoing connections
            used to answer those queries. This allows clever firewall
            and accounting stuff. Only available if dnsmasq is
            compiled with HAVE_CONNTRACK and adds a dependency on 
            libnetfilter-conntrack. Thanks to Ed Wildgoose for the
            initial idea, testing and sponsorship of this function.

            Provide a sane error message when someone attempts to 
            match a tag in --dhcp-host.

            Tweak the behaviour of --domain-needed, to avoid problems
            with recursive nameservers downstream of dnsmasq. The new
            behaviour only stops A and AAAA queries, and returns
            NODATA rather than NXDOMAIN replies. 

            Efficiency fix for very large DHCP configurations, thanks
            to James Gartrell and Mike Ruiz for help with this. 

            Allow the TFTP-server address in --dhcp-boot to be a
            domain-name which is looked up in /etc/hosts. This can 
            give multiple IP addresses which are used round-robin,
            thus doing TFTP server load-balancing. Thanks to Sushil
            Agrawal for the patch.

            When two tagged dhcp-options for a particular option
            number are both valid, use the one which is valid without
            a tag from the dhcp-range. Allows overriding of the value
            of a DHCP option for a particular host as well as
            per-network values.  So 
            --dhcp-range=set:interface1,......
            --dhcp-host=set:myhost,.....  
            --dhcp-option=tag:interface1,option:nis-domain,"domain1" 
            --dhcp-option=tag:myhost,option:nis-domain,"domain2" 
            will set the NIS-domain to domain1 for hosts in the range, but
            override that to domain2 for a particular host.

            Fix bug which resulted in truncated files and timeouts for
            some TFTP transfers. The bug only occurs with netascii
            transfers and needs an unfortunate relationship between
            file size, blocksize and the number of newlines in the
            last block before it manifests itself. Many thanks to 
            Alkis Georgopoulos for spotting the problem and providing
            a comprehensive test-case. 

            Fix regression in TFTP server on *BSD platforms introduced
            in version 2.56, due to confusion with sockaddr
            length. Many thanks to Loïc Pefferkorn for finding this.

            Support scope-ids in IPv6 addresses of nameservers from
            /etc/resolv.conf and in --server options. Eg
            nameserver fe80::202:a412:4512:7bbf%eth0 or
            server=fe80::202:a412:4512:7bbf%eth0. Thanks to 
            Michael Stapelberg for the suggestion.

            Update Polish translation, thanks to Jan Psota.

            Update French translation. Thanks to Gildas Le Nadan.


version 2.57
            Add patches to allow build under Android.

            Provide our own header for the DNS protocol, rather than
            relying on arpa/nameser.h. This has proved more or less
            defective over the years and the final straw is that it's
            effectively empty on Android.

            Fix regression in 2.56 which caused hex constants in
            configuration to be rejected if they contain the '*'
            wildcard.

            Correct wrong casts of arguments to ctype.h functions,
            isdigit(), isxdigit() etc. Thanks to Matthias Andree for
            spotting this.

            Allow build with IDN support independently from i18n. 
            IDN support continues to be included automatically 
            when i18n is included. 
            'make COPTS=-DHAVE_IDN' is the magic incantation. 

            Modify check on extraneous command line junk (added in
            2.56) so that it doesn't complain about extra _empty_ 
            arguments. Otherwise this breaks libvirt.


version 2.56
            Add a patch to allow dnsmasq to get interface names right in a
            Solaris zone. Thanks to Dj Padzensky for this.

            Improve data-type parsing heuristics so that
            --dhcp-option=option:domain-search,. 
            treats the value as a string and not an IP address.
            Thanks to Clemens Fischer for spotting that.

            Add IPv6 support to the TFTP server. Many thanks to Jan 
            'RedBully' Seiffert for the patches.
            
            Log DNS queries at level LOG_INFO, rather then
            LOG_DEBUG. This makes things consistent with DHCP
            logging. Thanks to Adam Pribyl for spotting the problem.

            Ensure that dnsmasq terminates cleanly when using
            --syslog-async even if it cannot make a connection to the
            syslogd.

            Add --add-mac option. This is to support currently 
            experimental DNS filtering facilities. Thanks to Benjamin
            Petrin for the orignal patch. 

            Fix bug which meant that tags were ignored in dhcp-range
            configuration specifying PXE-proxy service. Thanks to
            Cristiano Cumer for spotting this.

            Raise an error if there is extra junk, not part of an
            option, on the command line.

            Flag a couple of log messages in cache.c as coming from
            the DHCP subsystem. Thanks to Olaf Westrik for the patch.

            Omit timestamps from logs when a) logging to stderr and 
            b) --keep-in-forground is set. The logging facility on the
            other end of stderr can be assumned to supply them. Thanks
            to John Hallam for the patch.

            Don't complain about strings longer than 255 characters in
            --txt-record, just split the long strings into 255
            character chunks instead.

            Fix crash on double-free. This bug can only happen when
            dhcp-script is in use and then only in rare circumstances
            triggered by high DHCP transaction rate and a slow
            script. Thanks to Ferenc Wagner for finding the problem.

            Only log that a file has been sent by TFTP after the
            transfer has completed succesfully. 

            A good suggestion from Ferenc Wagner: extend
            the --domain option to allow this sort of thing:
            --domain=thekelleys.org.uk,192.168.0.0/24,local
            which automatically creates
            --local=/thekelleys.org.uk/
            --local=/0.168.192.in-addr.arpa/ 

            Tighten up syntax checking of hex contants in the config
            file.  Thanks to Fred Damen for spotting this.

            Add dnsmasq logo/icon, contributed by Justin Swift. Many
            thanks for that.

            Never cache DNS replies which have the 'cd' bit set, or
            which result from queries forwarded with the 'cd' bit
            set. The 'cd' bit instructs a DNSSEC validating server
            upstream to ignore signature failures and return replies
            anyway. Without this change it's possible to pollute the
            dnsmasq cache with bad data by making a query with the
            'cd' bit set and subsequent queries would return this data
            without its being marked as suspect. Thanks to Anders
            Kaseorg for pointing out this problem.

            Add --proxy-dnssec flag, for compliance with RFC
            4035. Dnsmasq will now clear the 'ad' bit in answers returned
            from upstream validating nameservers unless this option is
            set.

            Allow a filename of "-" for --conf-file to read
            stdin. Suggestion from Timothy Redaelli.

            Rotate the order of SRV records in replies, to provide
            round-robin load balancing when all the priorities are
            equal. Thanks to Peter McKinney for the suggestion. 

            Edit
            contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist 
            so that it doesn't log all queries to a file by
            default. Thanks again to Peter McKinney.    

            By default, setting an IPv4 address for a domain but not
            an IPv6 address causes dnsmasq to return
            an NODATA reply for IPv6 (or vice-versa). So
            --address=/google.com/1.2.3.4 stops IPv6 queries for
            *google.com from being forwarded. Make it possible to
            override this behaviour by defining the sematics if the
            same domain appears in  both --server and --address.
            In that case, the --address has priority for the address
            family in which is appears, but the --server has priority
            of the address family which doesn't appear in --adddress  
            So:
            --address=/google.com/1.2.3.4
            --server=/google.com/#
            will return 1.2.3.4 for IPv4 queries for *.google.com but
            forward IPv6 queries to the normal upstream nameserver.
            Similarly when setting an IPv6 address
            only this will allow forwarding of IPv4 queries. Thanks to
            William for pointing out the need for this.

            Allow more than one --dhcp-optsfile and --dhcp-hostsfile
            and make them understand directories as arguments in the
            same way as --addn-hosts. Suggestion from John Hanks. 

            Ignore rebinding requests for leases we don't know
            about. Rebind is broadcast, so we might get to overhear a
            request meant for another DHCP server. NAKing this is
            wrong. Thanks to Brad D'Hondt for assistance with this.

            Fix cosmetic bug which produced strange output when
            dumping cache statistics with some configurations. Thanks
            to Fedor Kozhevnikov for spotting this.


version 2.55
            Fix crash when /etc/ethers is in use. Thanks to 
            Gianluigi Tiesi for finding this.

            Fix crash in netlink_multicast(). Thanks to Arno Wald for
            finding this one.

            Allow the empty domain "." in dhcp domain-search (119)
            options. 


version 2.54
            There is no version 2.54 to avoid confusion with 2.53,
            which incorrectly identifies itself as 2.54.


version 2.53
            Fix failure to compile on Debian/kFreeBSD. Thanks to 
            Axel Beckert and Petr Salinger.

            Fix code to avoid scary strict-aliasing warnings
            generated by gcc 4.4.
            
            Added FAQ entry warning about DHCP failures with Vista
            when firewalls block 255.255.255.255.
            
            Fixed bug which caused bad things to happen if a 
            resolv.conf file which exists is subsequently removed.
            Thanks to Nikolai Saoukh for the patch.

            Rationalised the DHCP tag system. Every configuration item
            which can set a tag does so by adding "set:<tag>" and
            every configuration item which is conditional on a tag is
            made so by "tag:<tag>". The NOT operator changes to '!',
            which is a bit more intuitive too. Dhcp-host directives
            can set more than one tag now. The old '#' NOT, 
            "net:" prefix and no-prefixes are still honoured, so 
            no existing config file needs to be changed, but 
            the documentation and new-style config files should be 
            much less confusing. 

            Added --tag-if to allow boolean operations on tags. 
            This allows complicated logic to be clearer and more 
            general. A great suggestion from Richard Voigt. 

            Add broadcast/unicast information to DHCP logging.

            Allow --dhcp-broadcast to be unconditional.

            Fixed incorrect behaviour with NOT <tag> conditionals in
            dhcp-options. Thanks to Max Turkewitz for assistance
            finding this.

            If we send vendor-class encapsulated options based on the
            vendor-class supplied by the client, and no explicit 
            vendor-class option is given, echo back the vendor-class
            from the client.
 
            Fix bug which stopped dnsmasq from matching both a
            circuitid and a remoteid. Thanks to Ignacio Bravo for
            finding this.

            Add --dhcp-proxy, which makes it possible to configure
            dnsmasq to use a DHCP relay agent as a full proxy, with
            all DHCP messages passing through the proxy. This is
            useful if the relay adds extra information to the packets
            it forwards, but cannot be configured with the RFC 5107 
            server-override option.

            Added interface:<iface name> part to dhcp-range. The
            semantics of this are very odd at first sight, but it
            allows a single line  of the form
                dhcp-range=interface:virt0,192.168.0.4,192.168.0.200
            to be added to dnsmasq configuration which then supplies
            DHCP and DNS services to that interface, without affecting
            what services are supplied to other interfaces and 
            irrespective of the existance or lack of 
                interface=<interface> 
            lines elsewhere in the dnsmasq configuration. The idea is
            that such a line can be added automatically by libvirt
            or equivalent systems, without disturbing any manual
            configuration.

            Similarly to the above, allow --enable-tftp=<interface>

            Allow a TFTP root to be set separately for requests via
            different interfaces, --tftp-root=<path>,<interface>             

            Correctly handle and log clashes between CNAMES and 
            DNS names being given to DHCP leases. This fixes a bug 
            which caused nonsense IP addresses to be logged. Thanks to 
            Sergei Zhirikov for finding and analysing the problem.

            Tweak flush_log so as to avoid leaving the log
            file in non-blocking mode. O_NONBLOCK is a property of the
            file, not the process/descriptor.

            Fix contrib/Solaris10/create_package
            (/usr/man -> /usr/share/man) Thanks to Vita Batrla.

            Fix a problem where, if a client got a lease, then went
            to another subnet and got another lease, then moved back,
            it couldn't resume the old lease, but would instead get 
            a new address. Thanks to Leonardo Rodrigues for spotting
            this and testing the fix.
            
            Fix weird bug which sometimes omitted certain characters
            from the start of quoted strings in dhcp-options. Thanks
            to Dayton Turner for spotting the problem.

            Add facility to redirect some domains to the standard
            upstream servers: this allows something like 
            --server=/google.com/1.2.3.4 --server=/www.google.com/#
            which will send queries for *.google.com to 1.2.3.4,
            except *www.google.com which will be forwarded as usual.
            Thanks to AJ Weber for prompting this addition.
 
            Improve the hash-algorithm used to generate IP addresses
            from MAC addresses during initial DHCP address
            allocation. This improves performance when large numbers
            of hosts with similar MAC addresses all try and get an IP
            address at the same time. Thanks to Paul Smith for his
            work on this.

            Tweak DHCP code so that --bridge-interface can be used to
            select which IP alias of an interface should be used for
            DHCP purposes on Linux. If eth0 has an alias eth0:dhcp
            then adding  --bridge-interface=eth0:dhcp,eth0 will use 
            the address of eth0:dhcp to determine the correct subnet 
            for DHCP address allocation. Thanks to Pawel Golaszewski 
            for prompting this and Eric Cooper for further testing.

            Add --dhcp-generate-names. Suggestion by Ferenc Wagner.

            Tweak DNS server selection algorithm when there is more
            than one server available for a domain, eg.
            --server=/mydomain/1.1.1.1
            --server=/mydomain/2.2.2.2
            Thanks to Alberto Cuesta-Canada for spotting a weakness
            here.

            Add --max-ttl. Thanks to Fredrik Ringertz for the patch.

            Allow --log-facility=- to force all logging to
            stderr. Suggestion from Clemens Fischer.

            Fix regression which caused configuration like
            --address=/.domain.com/1.2.3.4 to be rejected. The dot to the 
            left of the domain has been implied and not required for a
            long time, but it should be accepted for backward
            compatibility. Thanks to Andrew Burcin for spotting this.
    
            Add --rebind-domain-ok and --rebind-localhost-ok.
            Suggestion from Clemens Fischer.

            Log replies to queries of type TXT, when --log-queries 
            is set.

            Fix compiler warnings when compiled with -DNO_DHCP. Thanks
            to Shantanu Gadgil for the patch.

            Updated French translation. Thanks to Gildas Le Nadan.

            Updated Polish translation. Thanks to Jan Psota.

            Updated German translation. Thanks to Matthias Andree.

            Added contrib/static-arp, thanks to Darren Hoo.
 
            Fix corruption of the domain when a name from /etc/hosts
            overrides one supplied by a DHCP client. Thanks to Fedor
            Kozhevnikov for spotting the problem.

            Updated Spanish translation. Thanks to Chris Chatham.


version 2.52
            Work around a Linux kernel bug which insists that the 
            length of the option passed to setsockopt must be at least
            sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
            and the device name is "lo".  Note that this is fixed 
            in kernel 2.6.31, but the workaround is harmless and 
            allows earlier kernels to be used. Also fix dnsmasq 
            bug which reported the wrong address when this failed. 
            Thanks to Fedor for finding this.

            The API for IPv6 PKTINFO changed around Linux kernel
            2.6.14. Workaround the case where dnsmasq is compiled
            against newer headers, but then run on an old kernel:
            necessary for some *WRT distros.

            Re-read the set of network interfaces when re-loading
            /etc/resolv.conf if --bind-interfaces is not set. This
            handles the case that loopback interfaces do not exist
            when dnsmasq is first started.

            Tweak the PXE code to support port 4011. This should
            reduce broadcasts and make things more reliable when other
            servers are around. It also improves inter-operability
            with certain clients.

            Make a pxe-service configuration with no filename or boot 
            service type legal: this does a local boot. eg.
            pxe-service=x86PC, "Local boot" 

            Be more conservative in detecting "A for A"
            queries. Dnsmasq checks if the name in a type=A query looks
            like a dotted-quad IP address and answers the query itself
            if so, rather than forwarding it. Previously dnsmasq
            relied in the library function inet_addr() to convert
            addresses, and that will accept some things which are
            confusing in this context, like 1.2.3 or even just
            1234. Now we only do A for A processing for four decimal
            numbers delimited by dots.

            A couple of tweaks to fix compilation on Solaris. Thanks
            to Joel Macklow for help with this.

            Another Solaris compilation tweak, needed for Solaris
            2009.06. Thanks to Lee Essen for that.

            Added extract packaging stuff from Lee Essen to 
            contrib/Solaris10.
          
            Increased the default limit on number of leases to 1000
            (from 150). This is mainly a defence against DoS attacks,
            and for the average "one for two class C networks"
            installation, IP address exhaustion does that just as
            well. Making the limit greater than the number of IP
            addresses available in such an installation removes a
            surprise which otherwise can catch people out.

            Removed extraneous trailing space in the value of the
            DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and
            DNSMASQ_LEASE_EXPIRES environment variables. Thanks to
            Gildas Le Nadan for spotting this.

            Provide the network-id tags for a DHCP transaction to 
            the lease-change script in the environment variable
            DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.  

            Add support for RFC3925 "Vendor-Identifying Vendor
            Options". The syntax looks like this:  
            --dhcp-option=vi-encap:<enterprise number>, .........

            Add support to --dhcp-match to allow matching against
            RFC3925 "Vendor-Identifying Vendor Classes". The syntax
            looks like this:
            --dhcp-match=tag,vi-encap<enterprise number>, <value>
            
            Add some application specific code to assist in
            implementing the Broadband forum TR069 CPE-WAN
            specification. The details are in contrib/CPE-WAN/README

            Increase the default DNS packet size limit to 4096, as
            recommended by RFC5625 section 4.4.3. This can be
            reconfigured using --edns-packet-max if needed. Thanks to
            Francis Dupont for pointing this out.

            Rewrite query-ids even for TSIG signed packets, since
            this is allowed by RFC5625 section 4.5.
            
            Use getopt_long by default on OS X. It has been supported
            since version 10.3.0. Thanks to Arek Dreyer for spotting
            this.

            Added up-to-date startup configuration for MacOSX/launchd
            in contrib/MacOSX-launchd. Thanks to Arek Dreyer for
            providing this.

            Fix link error when including Dbus but excluding DHCP. 
            Thanks to Oschtan for the bug report.

            Updated French translation. Thanks to Gildas Le Nadan.
 
            Updated Polish translation. Thanks to Jan Psota.

            Updated Spanish translation. Thanks to Chris Chatham.

            Fixed confusion about domains, when looking up DHCP hosts
            in /etc/hosts. This could cause spurious "Ignoring
            domain..." messages. Thanks to Fedor Kozhevnikov for
            finding and analysing the problem.

            
version 2.51
            Add support for internationalised DNS. Non-ASCII characters
            in domain names found in /etc/hosts, /etc/ethers and 
            /etc/dnsmasq.conf will be correctly handled by translation to
            punycode, as specified in RFC3490. This function is only
            available if dnsmasq is compiled with internationalisation
            support, and adds a dependency on GNU libidn. Without i18n
            support, dnsmasq continues to be compilable with just
            standard tools. Thanks to Yves Dorfsman for the
            suggestion. 

            Add two more environment variables for lease-change scripts:
            First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
            supplied by a client, even if the actual hostname used is
            over-ridden by dhcp-host or dhcp-ignore-names directives.
            Also DNSMASQ_RELAY_ADDRESS which gives the address of 
            a DHCP relay, if used.
            Suggestions from Michael Rack.

            Fix regression which broke echo of relay-agent
            options. Thanks to Michael Rack for spotting this.
          
            Don't treat option 67 as being interchangeable with
            dhcp-boot parameters if it's specified as
            dhcp-option-force.

            Make the code to call scripts on lease-change compile-time
            optional. It can be switched off by editing src/config.h
            or building with "make COPTS=-DNO_SCRIPT".
 
            Make the TFTP server cope with filenames from Windows/DOS
            which use '\' as pathname separator. Thanks to Ralf for
            the patch.

            Updated Polish translation. Thanks to Jan Psota.
 
            Warn if an IP address is duplicated in /etc/ethers. Thanks
            to Felix Schwarz for pointing this out.

            Teach --conf-dir to take an option list of file suffices
            which will be ignored when scanning the directory. Useful
            for backup files etc. Thanks to Helmut Hullen for the
            suggestion. 

            Add new DHCP option named tftpserver-address, which
            corresponds to the third argument of dhcp-boot. This
            allows the complete functionality of dhcp-boot to be
            replicated with dhcp-option. Useful when using 
            dhcp-optsfile.

            Test which upstream nameserver to use every 10 seconds
            or 50 queries and not just when a query times out and 
            is retried. This should improve performance when there
            is a slow nameserver in the list. Thanks to Joe for the
            suggestion. 

            Don't do any PXE processing, even for clients with the 
            correct vendorclass, unless at least one pxe-prompt or 
            pxe-service option is given. This stops dnsmasq 
            interfering with proxy PXE subsystems when it is just 
            the DHCP server. Thanks to Spencer Clark for spotting this.

            Limit the blocksize used for TFTP transfers to a value
            which avoids packet fragmentation, based on the MTU of the
            local interface. Many netboot ROMs can't cope with
            fragmented packets.

            Honour dhcp-ignore configuration for PXE and proxy-PXE 
            requests. Thanks to Niels Basjes for the bug report.

            Updated French translation. Thanks to Gildas Le Nadan.


version 2.50
            Fix security problem which allowed any host permitted to 
            do TFTP to possibly compromise dnsmasq by remote buffer 
            overflow when TFTP enabled. Thanks to Core Security 
            Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro 
            Pablo Rodriguez, Martín Coco, Alberto Soliño Testa and
            Pablo Annetta. This problem has Bugtraq id: 36121 
            and CVE: 2009-2957

            Fix a problem which allowed a malicious TFTP client to 
            crash dnsmasq. Thanks to Steve Grubb at Red Hat for 
            spotting this. This problem has Bugtraq id: 36120 and 
            CVE: 2009-2958


version 2.49
            Fix regression in 2.48 which disables the lease-change
            script. Thanks to Jose Luis Duran for spotting this.

            Log TFTP "file not found" errors. These were not logged,
            since a normal PXELinux boot generates many of them, but
            the lack of the messages seems to be more confusing than
            routinely seeing them when there is no real error.

            Update Spanish translation. Thanks to Chris Chatham.
 

version 2.48
            Archived the extensive, backwards, changelog to
            CHANGELOG.archive. The current changelog now runs from
            version 2.43 and runs conventionally.

            Fixed bug which broke binding of servers to physical
            interfaces when interface names were longer than four
            characters. Thanks to MURASE Katsunori for the patch.

            Fixed netlink code to check that messages come from the
            correct source, and not another userspace process. Thanks
            to Steve Grubb for the patch.

            Maintainability drive: removed bug and missing feature
            workarounds for some old platforms. Solaris 9, OpenBSD
            older than 4.1, Glibc older than 2.2, Linux 2.2.x and 
            DBus older than 1.1.x are no longer supported. 

            Don't read included configuration files more than once:
            allows complex configuration structures without problems.

            Mark log messages from the various subsystems in dnsmasq:
            messages from the DHCP subsystem now have the ident string
            "dnsmasq-dhcp" and messages from TFTP have ident
            "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.

            Fix possible infinite DHCP protocol loop when an IP
            address nailed to a hostname (not a MAC address)  and a 
            host sometimes provides the name, sometimes not.

            Allow --addn-hosts to take a directory: all the files 
            in the directory are read. Thanks to Phil Cornelius for 
            the suggestion. 

            Support --bridge-interface on all platforms, not just BSD.
 
            Added support for advanced PXE functions. It's now
            possible to define a prompt and menu options which will
            be displayed when a client PXE boots. It's also possible to
            hand-off booting to other boot servers. Proxy-DHCP, where
            dnsmasq just supplies the PXE information and another DHCP
            server does address allocation, is also allowed. See the
            --pxe-prompt and --pxe-service keywords. Thanks to 
            Alkis Georgopoulos for the suggestion and Guilherme Moro
            and Michael Brown for assistance.

            Improvements to DHCP logging. Thanks to Tom Metro for
            useful suggestions.
            
            Add ability to build dnsmasq without DHCP support. To do
            this, edit src/config.h or build with
            "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch. 
            
            Added --test command-line switch - syntax check
            configuration files only.
 
            Updated French translation. Thanks to Gildas Le Nadan.


version 2.47
            Updated French translation. Thanks to Gildas Le Nadan.

            Fixed interface enumeration code to work on NetBSD
            5.0. Thanks to Roy Marples for the patch. 

            Updated config.h to use the same location for the lease
            file on NetBSD as the other *BSD variants. Also allow
            LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.  

            Handle duplicate address detection on IPv6 more
            intelligently. In IPv6, an interface can have an address
            which is not usable, because it is still undergoing DAD
            (such addresses are marked "tentative"). Attempting to
            bind to an address in this state returns an error,
            EADDRNOTAVAIL. Previously, on getting such an error,
            dnsmasq would silently abandon the address, and never
            listen on it. Now, it retries once per second for 20
            seconds before generating a fatal error. 20 seconds should
            be long enough for any DAD process to complete, but can be
            adjusted in src/config.h if necessary. Thanks to Martin
            Krafft for the bug report.

            Add DBus introspection. Patch from Jeremy Laine.

            Update Dbus configuration file. Patch from Colin Walters.
            Fix for this bug:
            http://bugs.freedesktop.org/show_bug.cgi?id=18961

            Support arbitrarily encapsulated DHCP options, suggestion
            and initial patch from Samium Gromoff. This is useful for
            (eg) gPXE, which expect all its private options to be
            encapsulated inside a single option 175. So, eg, 

            dhcp-option = encap:175, 190, "iscsi-client0"
            dhcp-option = encap:175, 191, "iscsi-client0-secret"
            
            will provide iSCSI parameters to gPXE.

            Enhance --dhcp-match to allow testing of the contents of a
            client-sent option, as well as its presence. This
            application in mind for this is RFC 4578
            client-architecture specifiers, but it's generally useful.
            Joey Korkames suggested the enhancement. 

            Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
            OpenSolaris. Thanks to Bastian Machek for the heads-up.

            No longer complain about blank lines in
            /etc/ethers. Thanks to Jon Nelson for the patch.

            Fix binding of servers to physical devices, eg
            --server=/domain/1.2.3.4@eth0 which was broken from 2.43
            onwards unless --query-port=0 set. Thanks to Peter Naulls
            for the bug report.

            Reply to DHCPINFORM requests even when the supplied ciaddr
            doesn't fall in any dhcp-range. In this case it's not
            possible to supply a complete configuration, but
            individually-configured options (eg PAC) may be useful.

            Allow the source address of an alias to be a range:
            --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
            subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
            as before.
            --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
            maps only the 192.168.0.10->192.168.0.40 region. Thanks to
            Ib Uhrskov for the suggestion.

            Don't dynamically allocate DHCP addresses which may break
            Windows.  Addresses which end in .255 or .0 are broken in
            Windows even when using supernetting.
            --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means 
            192.168.0.255 is a valid IP address, but not for Windows. 
            See Microsoft KB281579. We therefore no longer allocate 
            these addresses to avoid hard-to-diagnose problems. 

            Update Polish translation. Thanks to Jan Psota.

            Delete the PID-file when dnsmasq shuts down. Note that by
            this time, dnsmasq is normally not running as root, so
            this will fail if the PID-file is stored in a root-owned
            directory; such failure is silently ignored. To take
            advantage of this feature, the PID-file must be stored in a
            directory owned and write-able by the user running
            dnsmasq.


version 2.46
            Allow --bootp-dynamic to take a netid tag, so that it may
            be selectively enabled. Thanks to Olaf Westrik for the
            suggestion. 

            Remove ISC-leasefile reading code. This has been
            deprecated for a long time, and last time I removed it, it
            ended up going back by request of one user. This time,
            it's gone for good; otherwise it would need to be
            re-worked to support multiple domains (see below).

            Support DHCP clients in multiple DNS domains. This is a
            long-standing request. Clients are assigned to a domain
            based in their IP address.  

            Add --dhcp-fqdn flag, which changes behaviour if DNS names
            assigned to DHCP clients. When this is set, there must be
            a domain associated with each client, and only
            fully-qualified domain names are added to the DNS. The
            advantage is that the only the FQDN needs to be unique,
            so that two or more DHCP clients can share a hostname, as
            long as they are in different domains.

            Set environment variable DNSMASQ_DOMAIN when invoking
            lease-change script. This may be useful information to
            have now that it's variable.

            Tighten up data-checking code for DNS packet
            handling. Thanks to Steve Dodd who found certain illegal
            packets which could crash dnsmasq. No memory overwrite was
            possible, so this is not a security issue beyond the DoS
            potential.  

            Update example config dhcp option 47, the previous
            suggestion generated an illegal, zero-length,
            option. Thanks to Matthias Andree for finding this.

            Rewrite hosts-file reading code to remove the limit of
            1024 characters per line. John C Meuser found this.

            Create a net-id tag with the name of the interface on
            which the DHCP request was received.

            Fixed minor memory leak in DBus code, thanks to Jeremy
            Laine for the patch.

            Emit DBus signals as the DHCP lease database
            changes. Thanks to Jeremy Laine for the patch.

            Allow for more that one MAC address in a dhcp-host
            line. This configuration tells dnsmasq that it's OK to
            abandon a DHCP lease of the fixed address to one MAC
            address, if another MAC address in the dhcp-host statement 
            asks for an address. This is useful to give a fixed
            address to a host which has two network interfaces
            (say, a laptop with wired and wireless interfaces.) 
            It's very important to ensure that only one interface 
            at a time is up, since dnsmasq abandons the first lease 
            and re-uses the address before the leased time has
            elapsed. John Gray suggested this.

            Tweak the response to a DHCP request packet with a wrong
            server-id when --dhcp-authoritative is set; dnsmasq now
            returns a DHCPNAK, rather than silently ignoring the
            packet. Thanks to Chris Marget for spotting this
            improvement.

            Add --cname option. This provides a limited alias
            function, usable for DHCP names. Thanks to AJ Weber for
            suggestions on this.

            Updated contrib/webmin with latest version from Neil
            Fisher.

            Updated Polish translation. Thanks to Jan Psota.
            
            Correct the text names for DHCP options 64 and 65 to be
            "nis+-domain" and "nis+-servers".

            Updated Spanish translation. Thanks to Chris Chatham.

            Force re-reading of /etc/resolv.conf when an "interface
            up" event occurs.


version 2.45
            Fix total DNS failure in release 2.44 unless --min-port 
            specified. Thanks to Steven Barth and Grant Coady for
            bugreport. Also reject out-of-range port spec, which could
            break things too: suggestion from Gilles Espinasse.
            

version 2.44
            Fix  crash when unknown client attempts to renew a DHCP
            lease, problem introduced in version 2.43. Thanks to
            Carlos Carvalho for help chasing this down.

            Fix potential crash when a host which doesn't have a lease
            does DHCPINFORM. Again introduced in 2.43. This bug has
            never been reported in the wild.

            Fix crash in netlink code introduced in 2.43. Thanks to
            Jean Wolter for finding this.

            Change implementation of min_port to work even if min-port
            is large.

            Patch to enable compilation of latest Mac OS X. Thanks to
            David Gilman.

            Update Spanish translation. Thanks to Christopher Chatham.


version 2.43
            Updated Polish translation. Thanks to Jan Psota.

            Flag errors when configuration options are repeated
            illegally.

            Further tweaks for GNU/kFreeBSD

            Add --no-wrap to msgmerge call - provides nicer .po file
            format.

            Honour lease-time spec in dhcp-host lines even for
            BOOTP. The user is assumed to known what they are doing in
            this case. (Hosts without the time spec still get infinite
            leases for BOOTP, over-riding the default in the
            dhcp-range.) Thanks to Peter Katzmann for uncovering this.

            Fix problem matching relay-agent ids. Thanks to Michael
            Rack for the bug report.

            Add --naptr-record option. Suggestion from Johan
            Bergquist.

            Implement RFC 5107 server-id-override DHCP relay agent
            option.

            Apply patches from Stefan Kruger for compilation on
            Solaris 10 under Sun studio.

            Yet more tweaking of Linux capability code, to suppress
            pointless wingeing from kernel 2.6.25 and above.

            Improve error checking during startup. Previously, some
            errors which occurred during startup would be worked
            around, with dnsmasq still starting up. Some were logged,
            some silent. Now, they all cause a fatal error and dnsmasq 
            terminates with a non-zero exit code. The errors are those
            associated with changing uid and gid, setting process 
            capabilities and writing the pidfile. Thanks to Uwe
            Gansert and the Suse security team for pointing out 
            this improvement, and Bill Reimers for good implementation
            suggestions.

            Provide NO_LARGEFILE compile option to switch off largefile
            support when compiling against versions of uclibc which
            don't support it. Thanks to Stephane Billiart for the patch.
  
            Implement random source ports for interactions with
            upstream nameservers. New spoofing attacks have been found
            against nameservers which do not do this, though it is not
            clear if dnsmasq is vulnerable, since to doesn't implement
            recursion. By default dnsmasq will now use a different
            source port (and socket) for each query it sends
            upstream. This behaviour can suppressed using the
            --query-port option, and the old default behaviour
            restored using --query-port=0. Explicit source-port
            specifications in --server configs are still honoured.

            Replace the random number generator, for better
            security. On most BSD systems, dnsmasq uses the
            arc4random() RNG, which is secure, but on other platforms,
            it relied on the C-library RNG, which may be
            guessable and therefore allow spoofing. This release
            replaces the libc RNG with the SURF RNG, from Daniel
            J. Berstein's DJBDNS package.  

            Don't attempt to change user or group or set capabilities
            if dnsmasq is run as a non-root user. Without this, the
            change from soft to hard errors when these fail causes
            problems for non-root daemons listening on high
            ports. Thanks to Patrick McLean for spotting this.

            Updated French translation. Thanks to Gildas Le Nadan.


version 2.42
            The changelog for version 2.42 and earlier is 
            available in CHANGELOG.archive.