2 Re-write interface discovery code on *BSD to use
3 getifaddrs. This is more portable, more straightforward,
4 and allows us to find the prefix length for IPv6
7 Add ra-names, ra-stateless and slaac keywords for DHCPv6.
8 Dnsmasq can now synthesise AAAA records for dual-stack
9 hosts which get IPv6 addresses via SLAAC. It is also now
10 possible to use SLAAC and stateless DHCPv6, and to
11 tell clients to use SLAAC addresses as well as DHCP ones.
12 Thanks to Dave Taht for help with this.
14 Add --dhcp-duid to allow DUID-EN uids to be used.
16 Explicity send DHCPv6 replies to the correct port, instead
17 of relying on clients to send requests with the correct
18 source address, since at least one client in the wild gets
19 this wrong. Thanks to Conrda Kostecki for help tracking
22 Send a preference value of 255 in DHCPv6 replies when
23 --dhcp-authoritative is in effect. This tells clients not
24 to wait around for other DHCP servers.
26 Better logging of DHCPv6 options.
28 Add --host-record. Thanks to Rob Zwissler for the
31 Invoke the DHCP script with action "tftp" when a TFTP file
32 transfer completes. The size of the file, address to which
33 it was sent and complete pathname are supplied. Note that
34 version 2.60 introduced some script incompatibilties
35 associated with DHCPv6, and this is a further change. To
36 be safe, scripts should ignore unknown actions, and if
37 not IPv6-aware, should exit if the environment
38 variable DNSMASQ_IAID is set. The use-case for this is
39 to track netboot/install. Suggestion from Shantanu
42 Update contrib/port-forward/dnsmasq-portforward to reflect
45 Set the environment variable DNSMASQ_LOG_DHCP when running
46 the script id --log-dhcp is in effect, so that script can
47 taylor their logging verbosity. Suggestion from Malte
50 Arrange that addresses specified with --listen-address
51 work even if there is no interface carrying the
52 address. This is chiefly useful for IPv4 loopback
53 addresses, where any address in 127.0.0.0/8 is a valid
54 loopback address, but normally only 127.0.0.1 appears on
55 the lo interface. Thanks to Mathieu Trudel-Lapierre for
56 the idea and initial patch.
58 Fix crash, introduced in 2.60, when a DHCPINFORM is
59 received from a network which has no valid dhcp-range.
60 Thanks to Stephane Glondu for the bug report.
62 Add a new DHCP lease time keyword, "deprecated" for
63 --dhcp-range. This is only valid for IPv6, and sets the
64 preffered lease time for both DHCP and RA to zero. The
65 effect is that clients can continue to use the address
66 for existing connections, but new connections will use
67 other addresses, if they exist. This makes hitless
68 renumbering at least possible.
70 Fix bug in address6_available() which caused DHCPv6 lease
71 aquistion to fail if more than one dhcp-range in use.
73 Provide RDNSS and DNSSL data in router advertisements,
74 using the settings provided for DHCP options
75 option6:domain-search and option6:dns-server.
77 Tweak logo/favicon.ico to add some transparency. Thanks to
78 SamLT for work on this.
80 Don't cache data from non-recursive nameservers, since it
81 may erroneously look like a valid CNAME to a non-exitant
82 name. Thanks to Ben Winslow for finding this.
84 Call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP
85 on exacly one interface and --bind-interfaces is set. This
86 makes the OpenStack use-case of one dnsmasq per virtual
87 interface work. This is only available on Linux; it's not
88 supported on other platforms. Thanks to Vishvananda Ishaya
89 and the OpenStack team for the suggestion.
91 Updated French translation. Thanks to Gildas Le Nadan.
93 Give correct from-cache answers to explict CNAME queries.
94 Thanks to Rob Zwissler for spotting this.
96 Add --tftp-lowercase option. Thanks to Oliver Rath for the
99 Ensure that the DBus DhcpLeaseUpdated events are generated
100 when a lease goes through INIT_REBOOT state, even if the
101 dhcp-script is not in use. thanks to Antoaneta-Ecaterina
104 Fix failure of TFTP over IPv4 on OpenBSD platform. Thanks
105 to Brad Smith for spotting this.
109 Fix compilation problem in Mac OS X Lion. Thanks to Olaf
110 Flebbe for the patch.
112 Fix DHCP when using --listen-address with an IP address
113 which is not the primary address of an interface.
115 Add --dhcp-client-update option.
117 Add Lua integration. Dnsmasq can now execute a DHCP
118 lease-change script written in Lua. This needs to be
119 enabled at compile time by setting HAVE_LUASCRIPT in
120 src/config.h or running "make COPTS=-DHAVE_LUASCRIPT"
121 Thanks to Jan-Piet Mens for the idea and proof-of-concept
124 Tidied src/config.h to distinguish between
125 platform-dependent compile-time options which are selected
126 automatically, and builder-selectable compile time
127 options. Document the latter better, and describe how to
128 set them from the make command line.
130 Tidied up IPPROTO_IP/SOL_IP (and IPv6 equivalent)
131 confusion. IPPROTO_IP works everywhere now.
133 Set TOS on DHCP sockets, this improves things on busy
134 wireless networks. Thanks to Dave Taht for the patch.
136 Determine VERSION automatically based on git magic:
137 release tags or hash values.
139 Improve start-up speed when reading large hosts files
140 containing many distinct addresses.
142 Fix problem if dnsmasq is started without the stdin,
143 stdout and stderr file descriptors open. This can manifest
144 itself as 100% CPU use. Thanks to Chris Moore for finding
147 Fix shell-scripting bug in bld/pkg-wrapper. Thanks to
148 Mark Mitchell for the patch.
150 Allow the TFP server or boot server in --pxe-service, to
151 be a domain name instead of an IP address. This allows for
152 round-robin to multiple servers, in the same way as
153 --dhcp-boot. A good suggestion from Cristiano Cumer.
155 Support BUILDDIR variable in the Makefile. Allows builds
156 for multiple archs from the same source tree with eg.
157 make BUILDDIR=linux (relative to dnsmasq tree)
158 make BUILDDIR=/tmp/openbsd (absolute path)
159 If BUILDDIR is not set, compilation happens in the src
160 directory, as before. Suggestion from Mark Mitchell.
162 Support DHCPv6. Support is there for the sort of things
163 the existing v4 server does, including tags, options,
164 static addresses and relay support. Missing is prefix
165 delegation, which is probably not required in the dnsmasq
166 niche, and an easy way to accept prefix delegations from
167 an upstream DHCPv6 server, which is. Future plans include
168 support for DHCPv6 router option and MAC address option
169 (to make selecting clients by MAC address work like IPv4).
170 These will be added as the standards mature.
171 This code has been tested, but this is the first release,
172 so don't bet the farm on it just yet. Many thanks to all
173 testers who have got it this far.
175 Support IPv6 router advertisements. This is a
176 simple-minded implementation, aimed at providing the
177 vestigial RA needed to go alongside IPv6. Is picks up
178 configuration from the DHCPv6 conf, and should just need
179 enabling with --enable-ra.
181 Fix long-standing wrinkle with --localise-queries that
182 could result in wrong answers when DNS packets arrive
183 via an interface other than the expected one. Thanks to
184 Lorenzo Milesi and John Hanks for spotting this one.
186 Update French translation. Thanks to Gildas Le Nadan.
188 Update Polish translation. Thanks to Jan Psota.
192 Fix regression in 2.58 which caused failure to start up
193 with some combinations of dnsmasq config and IPv6 kernel
194 network config. Thanks to Brielle Bruns for the bug
197 Improve dnsmasq's behaviour when network interfaces are
198 still doing duplicate address detection (DAD). Previously,
199 dnsmasq would wait up to 20 seconds at start-up for the
200 DAD state to terminate. This is broken for bridge
201 interfaces on recent Linux kernels, which don't start DAD
202 until the bridge comes up, and so can take arbitrary
203 time. The new behaviour lets dnsmasq poll for an arbitrary
204 time whilst providing service on other interfaces. Thanks
205 to Stephen Hemminger for pointing out the problem.
209 Provide a definition of the SA_SIZE macro where it's
210 missing. Fixes build failure on openBSD.
212 Don't include a zero terminator at the end of messages
213 sent to /dev/log when /dev/log is a datagram socket.
214 Thanks to Didier Rabound for spotting the problem.
216 Add --dhcp-sequential-ip flag, to force allocation of IP
217 addresses in ascending order. Note that the default
218 pseudo-random mode is in general better but some
219 server-deployment applications need this.
221 Fix problem where a server-id of 0.0.0.0 is sent to a
222 client when a dhcp-relay is in use if a client renews a
223 lease after dnsmasq restart and before any clients on the
224 subnet get a new lease. Thanks to Mike Ruiz for assistance
225 in chasing this one down.
227 Don't return NXDOMAIN to an AAAA query if we have CNAME
228 which points to an A record only: NODATA is the correct
229 reply in this case. Thanks to Tom Fernandes for spotting
232 Relax the need to supply a netmask in --dhcp-range for
233 networks which use a DHCP relay. Whilst this is still
234 desireable, in the absence of a netmask dnsmasq will use
235 a default based on the class (A, B, or C) of the address.
236 This should at least remove a cause of mysterious failure
237 for people using RFC1918 addresses and relays.
239 Add support for Linux conntrack connection marking. If
240 enabled with --conntrack, the connection mark for incoming
241 DNS queries will be copied to the outgoing connections
242 used to answer those queries. This allows clever firewall
243 and accounting stuff. Only available if dnsmasq is
244 compiled with HAVE_CONNTRACK and adds a dependency on
245 libnetfilter-conntrack. Thanks to Ed Wildgoose for the
246 initial idea, testing and sponsorship of this function.
248 Provide a sane error message when someone attempts to
249 match a tag in --dhcp-host.
251 Tweak the behaviour of --domain-needed, to avoid problems
252 with recursive nameservers downstream of dnsmasq. The new
253 behaviour only stops A and AAAA queries, and returns
254 NODATA rather than NXDOMAIN replies.
256 Efficiency fix for very large DHCP configurations, thanks
257 to James Gartrell and Mike Ruiz for help with this.
259 Allow the TFTP-server address in --dhcp-boot to be a
260 domain-name which is looked up in /etc/hosts. This can
261 give multiple IP addresses which are used round-robin,
262 thus doing TFTP server load-balancing. Thanks to Sushil
263 Agrawal for the patch.
265 When two tagged dhcp-options for a particular option
266 number are both valid, use the one which is valid without
267 a tag from the dhcp-range. Allows overriding of the value
268 of a DHCP option for a particular host as well as
269 per-network values. So
270 --dhcp-range=set:interface1,......
271 --dhcp-host=set:myhost,.....
272 --dhcp-option=tag:interface1,option:nis-domain,"domain1"
273 --dhcp-option=tag:myhost,option:nis-domain,"domain2"
274 will set the NIS-domain to domain1 for hosts in the range, but
275 override that to domain2 for a particular host.
277 Fix bug which resulted in truncated files and timeouts for
278 some TFTP transfers. The bug only occurs with netascii
279 transfers and needs an unfortunate relationship between
280 file size, blocksize and the number of newlines in the
281 last block before it manifests itself. Many thanks to
282 Alkis Georgopoulos for spotting the problem and providing
283 a comprehensive test-case.
285 Fix regression in TFTP server on *BSD platforms introduced
286 in version 2.56, due to confusion with sockaddr
287 length. Many thanks to Loïc Pefferkorn for finding this.
289 Support scope-ids in IPv6 addresses of nameservers from
290 /etc/resolv.conf and in --server options. Eg
291 nameserver fe80::202:a412:4512:7bbf%eth0 or
292 server=fe80::202:a412:4512:7bbf%eth0. Thanks to
293 Michael Stapelberg for the suggestion.
295 Update Polish translation, thanks to Jan Psota.
297 Update French translation. Thanks to Gildas Le Nadan.
301 Add patches to allow build under Android.
303 Provide our own header for the DNS protocol, rather than
304 relying on arpa/nameser.h. This has proved more or less
305 defective over the years and the final straw is that it's
306 effectively empty on Android.
308 Fix regression in 2.56 which caused hex constants in
309 configuration to be rejected if they contain the '*'
312 Correct wrong casts of arguments to ctype.h functions,
313 isdigit(), isxdigit() etc. Thanks to Matthias Andree for
316 Allow build with IDN support independently from i18n.
317 IDN support continues to be included automatically
318 when i18n is included.
319 'make COPTS=-DHAVE_IDN' is the magic incantation.
321 Modify check on extraneous command line junk (added in
322 2.56) so that it doesn't complain about extra _empty_
323 arguments. Otherwise this breaks libvirt.
327 Add a patch to allow dnsmasq to get interface names right in a
328 Solaris zone. Thanks to Dj Padzensky for this.
330 Improve data-type parsing heuristics so that
331 --dhcp-option=option:domain-search,.
332 treats the value as a string and not an IP address.
333 Thanks to Clemens Fischer for spotting that.
335 Add IPv6 support to the TFTP server. Many thanks to Jan
336 'RedBully' Seiffert for the patches.
338 Log DNS queries at level LOG_INFO, rather then
339 LOG_DEBUG. This makes things consistent with DHCP
340 logging. Thanks to Adam Pribyl for spotting the problem.
342 Ensure that dnsmasq terminates cleanly when using
343 --syslog-async even if it cannot make a connection to the
346 Add --add-mac option. This is to support currently
347 experimental DNS filtering facilities. Thanks to Benjamin
348 Petrin for the orignal patch.
350 Fix bug which meant that tags were ignored in dhcp-range
351 configuration specifying PXE-proxy service. Thanks to
352 Cristiano Cumer for spotting this.
354 Raise an error if there is extra junk, not part of an
355 option, on the command line.
357 Flag a couple of log messages in cache.c as coming from
358 the DHCP subsystem. Thanks to Olaf Westrik for the patch.
360 Omit timestamps from logs when a) logging to stderr and
361 b) --keep-in-forground is set. The logging facility on the
362 other end of stderr can be assumned to supply them. Thanks
363 to John Hallam for the patch.
365 Don't complain about strings longer than 255 characters in
366 --txt-record, just split the long strings into 255
367 character chunks instead.
369 Fix crash on double-free. This bug can only happen when
370 dhcp-script is in use and then only in rare circumstances
371 triggered by high DHCP transaction rate and a slow
372 script. Thanks to Ferenc Wagner for finding the problem.
374 Only log that a file has been sent by TFTP after the
375 transfer has completed succesfully.
377 A good suggestion from Ferenc Wagner: extend
378 the --domain option to allow this sort of thing:
379 --domain=thekelleys.org.uk,192.168.0.0/24,local
380 which automatically creates
381 --local=/thekelleys.org.uk/
382 --local=/0.168.192.in-addr.arpa/
384 Tighten up syntax checking of hex contants in the config
385 file. Thanks to Fred Damen for spotting this.
387 Add dnsmasq logo/icon, contributed by Justin Swift. Many
390 Never cache DNS replies which have the 'cd' bit set, or
391 which result from queries forwarded with the 'cd' bit
392 set. The 'cd' bit instructs a DNSSEC validating server
393 upstream to ignore signature failures and return replies
394 anyway. Without this change it's possible to pollute the
395 dnsmasq cache with bad data by making a query with the
396 'cd' bit set and subsequent queries would return this data
397 without its being marked as suspect. Thanks to Anders
398 Kaseorg for pointing out this problem.
400 Add --proxy-dnssec flag, for compliance with RFC
401 4035. Dnsmasq will now clear the 'ad' bit in answers returned
402 from upstream validating nameservers unless this option is
405 Allow a filename of "-" for --conf-file to read
406 stdin. Suggestion from Timothy Redaelli.
408 Rotate the order of SRV records in replies, to provide
409 round-robin load balancing when all the priorities are
410 equal. Thanks to Peter McKinney for the suggestion.
413 contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist
414 so that it doesn't log all queries to a file by
415 default. Thanks again to Peter McKinney.
417 By default, setting an IPv4 address for a domain but not
418 an IPv6 address causes dnsmasq to return
419 an NODATA reply for IPv6 (or vice-versa). So
420 --address=/google.com/1.2.3.4 stops IPv6 queries for
421 *google.com from being forwarded. Make it possible to
422 override this behaviour by defining the sematics if the
423 same domain appears in both --server and --address.
424 In that case, the --address has priority for the address
425 family in which is appears, but the --server has priority
426 of the address family which doesn't appear in --adddress
428 --address=/google.com/1.2.3.4
429 --server=/google.com/#
430 will return 1.2.3.4 for IPv4 queries for *.google.com but
431 forward IPv6 queries to the normal upstream nameserver.
432 Similarly when setting an IPv6 address
433 only this will allow forwarding of IPv4 queries. Thanks to
434 William for pointing out the need for this.
436 Allow more than one --dhcp-optsfile and --dhcp-hostsfile
437 and make them understand directories as arguments in the
438 same way as --addn-hosts. Suggestion from John Hanks.
440 Ignore rebinding requests for leases we don't know
441 about. Rebind is broadcast, so we might get to overhear a
442 request meant for another DHCP server. NAKing this is
443 wrong. Thanks to Brad D'Hondt for assistance with this.
445 Fix cosmetic bug which produced strange output when
446 dumping cache statistics with some configurations. Thanks
447 to Fedor Kozhevnikov for spotting this.
451 Fix crash when /etc/ethers is in use. Thanks to
452 Gianluigi Tiesi for finding this.
454 Fix crash in netlink_multicast(). Thanks to Arno Wald for
457 Allow the empty domain "." in dhcp domain-search (119)
462 There is no version 2.54 to avoid confusion with 2.53,
463 which incorrectly identifies itself as 2.54.
467 Fix failure to compile on Debian/kFreeBSD. Thanks to
468 Axel Beckert and Petr Salinger.
470 Fix code to avoid scary strict-aliasing warnings
471 generated by gcc 4.4.
473 Added FAQ entry warning about DHCP failures with Vista
474 when firewalls block 255.255.255.255.
476 Fixed bug which caused bad things to happen if a
477 resolv.conf file which exists is subsequently removed.
478 Thanks to Nikolai Saoukh for the patch.
480 Rationalised the DHCP tag system. Every configuration item
481 which can set a tag does so by adding "set:<tag>" and
482 every configuration item which is conditional on a tag is
483 made so by "tag:<tag>". The NOT operator changes to '!',
484 which is a bit more intuitive too. Dhcp-host directives
485 can set more than one tag now. The old '#' NOT,
486 "net:" prefix and no-prefixes are still honoured, so
487 no existing config file needs to be changed, but
488 the documentation and new-style config files should be
491 Added --tag-if to allow boolean operations on tags.
492 This allows complicated logic to be clearer and more
493 general. A great suggestion from Richard Voigt.
495 Add broadcast/unicast information to DHCP logging.
497 Allow --dhcp-broadcast to be unconditional.
499 Fixed incorrect behaviour with NOT <tag> conditionals in
500 dhcp-options. Thanks to Max Turkewitz for assistance
503 If we send vendor-class encapsulated options based on the
504 vendor-class supplied by the client, and no explicit
505 vendor-class option is given, echo back the vendor-class
508 Fix bug which stopped dnsmasq from matching both a
509 circuitid and a remoteid. Thanks to Ignacio Bravo for
512 Add --dhcp-proxy, which makes it possible to configure
513 dnsmasq to use a DHCP relay agent as a full proxy, with
514 all DHCP messages passing through the proxy. This is
515 useful if the relay adds extra information to the packets
516 it forwards, but cannot be configured with the RFC 5107
517 server-override option.
519 Added interface:<iface name> part to dhcp-range. The
520 semantics of this are very odd at first sight, but it
521 allows a single line of the form
522 dhcp-range=interface:virt0,192.168.0.4,192.168.0.200
523 to be added to dnsmasq configuration which then supplies
524 DHCP and DNS services to that interface, without affecting
525 what services are supplied to other interfaces and
526 irrespective of the existance or lack of
527 interface=<interface>
528 lines elsewhere in the dnsmasq configuration. The idea is
529 that such a line can be added automatically by libvirt
530 or equivalent systems, without disturbing any manual
533 Similarly to the above, allow --enable-tftp=<interface>
535 Allow a TFTP root to be set separately for requests via
536 different interfaces, --tftp-root=<path>,<interface>
538 Correctly handle and log clashes between CNAMES and
539 DNS names being given to DHCP leases. This fixes a bug
540 which caused nonsense IP addresses to be logged. Thanks to
541 Sergei Zhirikov for finding and analysing the problem.
543 Tweak flush_log so as to avoid leaving the log
544 file in non-blocking mode. O_NONBLOCK is a property of the
545 file, not the process/descriptor.
547 Fix contrib/Solaris10/create_package
548 (/usr/man -> /usr/share/man) Thanks to Vita Batrla.
550 Fix a problem where, if a client got a lease, then went
551 to another subnet and got another lease, then moved back,
552 it couldn't resume the old lease, but would instead get
553 a new address. Thanks to Leonardo Rodrigues for spotting
554 this and testing the fix.
556 Fix weird bug which sometimes omitted certain characters
557 from the start of quoted strings in dhcp-options. Thanks
558 to Dayton Turner for spotting the problem.
560 Add facility to redirect some domains to the standard
561 upstream servers: this allows something like
562 --server=/google.com/1.2.3.4 --server=/www.google.com/#
563 which will send queries for *.google.com to 1.2.3.4,
564 except *www.google.com which will be forwarded as usual.
565 Thanks to AJ Weber for prompting this addition.
567 Improve the hash-algorithm used to generate IP addresses
568 from MAC addresses during initial DHCP address
569 allocation. This improves performance when large numbers
570 of hosts with similar MAC addresses all try and get an IP
571 address at the same time. Thanks to Paul Smith for his
574 Tweak DHCP code so that --bridge-interface can be used to
575 select which IP alias of an interface should be used for
576 DHCP purposes on Linux. If eth0 has an alias eth0:dhcp
577 then adding --bridge-interface=eth0:dhcp,eth0 will use
578 the address of eth0:dhcp to determine the correct subnet
579 for DHCP address allocation. Thanks to Pawel Golaszewski
580 for prompting this and Eric Cooper for further testing.
582 Add --dhcp-generate-names. Suggestion by Ferenc Wagner.
584 Tweak DNS server selection algorithm when there is more
585 than one server available for a domain, eg.
586 --server=/mydomain/1.1.1.1
587 --server=/mydomain/2.2.2.2
588 Thanks to Alberto Cuesta-Canada for spotting a weakness
591 Add --max-ttl. Thanks to Fredrik Ringertz for the patch.
593 Allow --log-facility=- to force all logging to
594 stderr. Suggestion from Clemens Fischer.
596 Fix regression which caused configuration like
597 --address=/.domain.com/1.2.3.4 to be rejected. The dot to the
598 left of the domain has been implied and not required for a
599 long time, but it should be accepted for backward
600 compatibility. Thanks to Andrew Burcin for spotting this.
602 Add --rebind-domain-ok and --rebind-localhost-ok.
603 Suggestion from Clemens Fischer.
605 Log replies to queries of type TXT, when --log-queries
608 Fix compiler warnings when compiled with -DNO_DHCP. Thanks
609 to Shantanu Gadgil for the patch.
611 Updated French translation. Thanks to Gildas Le Nadan.
613 Updated Polish translation. Thanks to Jan Psota.
615 Updated German translation. Thanks to Matthias Andree.
617 Added contrib/static-arp, thanks to Darren Hoo.
619 Fix corruption of the domain when a name from /etc/hosts
620 overrides one supplied by a DHCP client. Thanks to Fedor
621 Kozhevnikov for spotting the problem.
623 Updated Spanish translation. Thanks to Chris Chatham.
627 Work around a Linux kernel bug which insists that the
628 length of the option passed to setsockopt must be at least
629 sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
630 and the device name is "lo". Note that this is fixed
631 in kernel 2.6.31, but the workaround is harmless and
632 allows earlier kernels to be used. Also fix dnsmasq
633 bug which reported the wrong address when this failed.
634 Thanks to Fedor for finding this.
636 The API for IPv6 PKTINFO changed around Linux kernel
637 2.6.14. Workaround the case where dnsmasq is compiled
638 against newer headers, but then run on an old kernel:
639 necessary for some *WRT distros.
641 Re-read the set of network interfaces when re-loading
642 /etc/resolv.conf if --bind-interfaces is not set. This
643 handles the case that loopback interfaces do not exist
644 when dnsmasq is first started.
646 Tweak the PXE code to support port 4011. This should
647 reduce broadcasts and make things more reliable when other
648 servers are around. It also improves inter-operability
649 with certain clients.
651 Make a pxe-service configuration with no filename or boot
652 service type legal: this does a local boot. eg.
653 pxe-service=x86PC, "Local boot"
655 Be more conservative in detecting "A for A"
656 queries. Dnsmasq checks if the name in a type=A query looks
657 like a dotted-quad IP address and answers the query itself
658 if so, rather than forwarding it. Previously dnsmasq
659 relied in the library function inet_addr() to convert
660 addresses, and that will accept some things which are
661 confusing in this context, like 1.2.3 or even just
662 1234. Now we only do A for A processing for four decimal
663 numbers delimited by dots.
665 A couple of tweaks to fix compilation on Solaris. Thanks
666 to Joel Macklow for help with this.
668 Another Solaris compilation tweak, needed for Solaris
669 2009.06. Thanks to Lee Essen for that.
671 Added extract packaging stuff from Lee Essen to
674 Increased the default limit on number of leases to 1000
675 (from 150). This is mainly a defence against DoS attacks,
676 and for the average "one for two class C networks"
677 installation, IP address exhaustion does that just as
678 well. Making the limit greater than the number of IP
679 addresses available in such an installation removes a
680 surprise which otherwise can catch people out.
682 Removed extraneous trailing space in the value of the
683 DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and
684 DNSMASQ_LEASE_EXPIRES environment variables. Thanks to
685 Gildas Le Nadan for spotting this.
687 Provide the network-id tags for a DHCP transaction to
688 the lease-change script in the environment variable
689 DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.
691 Add support for RFC3925 "Vendor-Identifying Vendor
692 Options". The syntax looks like this:
693 --dhcp-option=vi-encap:<enterprise number>, .........
695 Add support to --dhcp-match to allow matching against
696 RFC3925 "Vendor-Identifying Vendor Classes". The syntax
698 --dhcp-match=tag,vi-encap<enterprise number>, <value>
700 Add some application specific code to assist in
701 implementing the Broadband forum TR069 CPE-WAN
702 specification. The details are in contrib/CPE-WAN/README
704 Increase the default DNS packet size limit to 4096, as
705 recommended by RFC5625 section 4.4.3. This can be
706 reconfigured using --edns-packet-max if needed. Thanks to
707 Francis Dupont for pointing this out.
709 Rewrite query-ids even for TSIG signed packets, since
710 this is allowed by RFC5625 section 4.5.
712 Use getopt_long by default on OS X. It has been supported
713 since version 10.3.0. Thanks to Arek Dreyer for spotting
716 Added up-to-date startup configuration for MacOSX/launchd
717 in contrib/MacOSX-launchd. Thanks to Arek Dreyer for
720 Fix link error when including Dbus but excluding DHCP.
721 Thanks to Oschtan for the bug report.
723 Updated French translation. Thanks to Gildas Le Nadan.
725 Updated Polish translation. Thanks to Jan Psota.
727 Updated Spanish translation. Thanks to Chris Chatham.
729 Fixed confusion about domains, when looking up DHCP hosts
730 in /etc/hosts. This could cause spurious "Ignoring
731 domain..." messages. Thanks to Fedor Kozhevnikov for
732 finding and analysing the problem.
736 Add support for internationalised DNS. Non-ASCII characters
737 in domain names found in /etc/hosts, /etc/ethers and
738 /etc/dnsmasq.conf will be correctly handled by translation to
739 punycode, as specified in RFC3490. This function is only
740 available if dnsmasq is compiled with internationalisation
741 support, and adds a dependency on GNU libidn. Without i18n
742 support, dnsmasq continues to be compilable with just
743 standard tools. Thanks to Yves Dorfsman for the
746 Add two more environment variables for lease-change scripts:
747 First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
748 supplied by a client, even if the actual hostname used is
749 over-ridden by dhcp-host or dhcp-ignore-names directives.
750 Also DNSMASQ_RELAY_ADDRESS which gives the address of
751 a DHCP relay, if used.
752 Suggestions from Michael Rack.
754 Fix regression which broke echo of relay-agent
755 options. Thanks to Michael Rack for spotting this.
757 Don't treat option 67 as being interchangeable with
758 dhcp-boot parameters if it's specified as
761 Make the code to call scripts on lease-change compile-time
762 optional. It can be switched off by editing src/config.h
763 or building with "make COPTS=-DNO_SCRIPT".
765 Make the TFTP server cope with filenames from Windows/DOS
766 which use '\' as pathname separator. Thanks to Ralf for
769 Updated Polish translation. Thanks to Jan Psota.
771 Warn if an IP address is duplicated in /etc/ethers. Thanks
772 to Felix Schwarz for pointing this out.
774 Teach --conf-dir to take an option list of file suffices
775 which will be ignored when scanning the directory. Useful
776 for backup files etc. Thanks to Helmut Hullen for the
779 Add new DHCP option named tftpserver-address, which
780 corresponds to the third argument of dhcp-boot. This
781 allows the complete functionality of dhcp-boot to be
782 replicated with dhcp-option. Useful when using
785 Test which upstream nameserver to use every 10 seconds
786 or 50 queries and not just when a query times out and
787 is retried. This should improve performance when there
788 is a slow nameserver in the list. Thanks to Joe for the
791 Don't do any PXE processing, even for clients with the
792 correct vendorclass, unless at least one pxe-prompt or
793 pxe-service option is given. This stops dnsmasq
794 interfering with proxy PXE subsystems when it is just
795 the DHCP server. Thanks to Spencer Clark for spotting this.
797 Limit the blocksize used for TFTP transfers to a value
798 which avoids packet fragmentation, based on the MTU of the
799 local interface. Many netboot ROMs can't cope with
802 Honour dhcp-ignore configuration for PXE and proxy-PXE
803 requests. Thanks to Niels Basjes for the bug report.
805 Updated French translation. Thanks to Gildas Le Nadan.
809 Fix security problem which allowed any host permitted to
810 do TFTP to possibly compromise dnsmasq by remote buffer
811 overflow when TFTP enabled. Thanks to Core Security
812 Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
813 Pablo Rodriguez, MartÃn Coco, Alberto Soliño Testa and
814 Pablo Annetta. This problem has Bugtraq id: 36121
817 Fix a problem which allowed a malicious TFTP client to
818 crash dnsmasq. Thanks to Steve Grubb at Red Hat for
819 spotting this. This problem has Bugtraq id: 36120 and
824 Fix regression in 2.48 which disables the lease-change
825 script. Thanks to Jose Luis Duran for spotting this.
827 Log TFTP "file not found" errors. These were not logged,
828 since a normal PXELinux boot generates many of them, but
829 the lack of the messages seems to be more confusing than
830 routinely seeing them when there is no real error.
832 Update Spanish translation. Thanks to Chris Chatham.
836 Archived the extensive, backwards, changelog to
837 CHANGELOG.archive. The current changelog now runs from
838 version 2.43 and runs conventionally.
840 Fixed bug which broke binding of servers to physical
841 interfaces when interface names were longer than four
842 characters. Thanks to MURASE Katsunori for the patch.
844 Fixed netlink code to check that messages come from the
845 correct source, and not another userspace process. Thanks
846 to Steve Grubb for the patch.
848 Maintainability drive: removed bug and missing feature
849 workarounds for some old platforms. Solaris 9, OpenBSD
850 older than 4.1, Glibc older than 2.2, Linux 2.2.x and
851 DBus older than 1.1.x are no longer supported.
853 Don't read included configuration files more than once:
854 allows complex configuration structures without problems.
856 Mark log messages from the various subsystems in dnsmasq:
857 messages from the DHCP subsystem now have the ident string
858 "dnsmasq-dhcp" and messages from TFTP have ident
859 "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.
861 Fix possible infinite DHCP protocol loop when an IP
862 address nailed to a hostname (not a MAC address) and a
863 host sometimes provides the name, sometimes not.
865 Allow --addn-hosts to take a directory: all the files
866 in the directory are read. Thanks to Phil Cornelius for
869 Support --bridge-interface on all platforms, not just BSD.
871 Added support for advanced PXE functions. It's now
872 possible to define a prompt and menu options which will
873 be displayed when a client PXE boots. It's also possible to
874 hand-off booting to other boot servers. Proxy-DHCP, where
875 dnsmasq just supplies the PXE information and another DHCP
876 server does address allocation, is also allowed. See the
877 --pxe-prompt and --pxe-service keywords. Thanks to
878 Alkis Georgopoulos for the suggestion and Guilherme Moro
879 and Michael Brown for assistance.
881 Improvements to DHCP logging. Thanks to Tom Metro for
884 Add ability to build dnsmasq without DHCP support. To do
885 this, edit src/config.h or build with
886 "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch.
888 Added --test command-line switch - syntax check
889 configuration files only.
891 Updated French translation. Thanks to Gildas Le Nadan.
895 Updated French translation. Thanks to Gildas Le Nadan.
897 Fixed interface enumeration code to work on NetBSD
898 5.0. Thanks to Roy Marples for the patch.
900 Updated config.h to use the same location for the lease
901 file on NetBSD as the other *BSD variants. Also allow
902 LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.
904 Handle duplicate address detection on IPv6 more
905 intelligently. In IPv6, an interface can have an address
906 which is not usable, because it is still undergoing DAD
907 (such addresses are marked "tentative"). Attempting to
908 bind to an address in this state returns an error,
909 EADDRNOTAVAIL. Previously, on getting such an error,
910 dnsmasq would silently abandon the address, and never
911 listen on it. Now, it retries once per second for 20
912 seconds before generating a fatal error. 20 seconds should
913 be long enough for any DAD process to complete, but can be
914 adjusted in src/config.h if necessary. Thanks to Martin
915 Krafft for the bug report.
917 Add DBus introspection. Patch from Jeremy Laine.
919 Update Dbus configuration file. Patch from Colin Walters.
921 http://bugs.freedesktop.org/show_bug.cgi?id=18961
923 Support arbitrarily encapsulated DHCP options, suggestion
924 and initial patch from Samium Gromoff. This is useful for
925 (eg) gPXE, which expect all its private options to be
926 encapsulated inside a single option 175. So, eg,
928 dhcp-option = encap:175, 190, "iscsi-client0"
929 dhcp-option = encap:175, 191, "iscsi-client0-secret"
931 will provide iSCSI parameters to gPXE.
933 Enhance --dhcp-match to allow testing of the contents of a
934 client-sent option, as well as its presence. This
935 application in mind for this is RFC 4578
936 client-architecture specifiers, but it's generally useful.
937 Joey Korkames suggested the enhancement.
939 Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
940 OpenSolaris. Thanks to Bastian Machek for the heads-up.
942 No longer complain about blank lines in
943 /etc/ethers. Thanks to Jon Nelson for the patch.
945 Fix binding of servers to physical devices, eg
946 --server=/domain/1.2.3.4@eth0 which was broken from 2.43
947 onwards unless --query-port=0 set. Thanks to Peter Naulls
950 Reply to DHCPINFORM requests even when the supplied ciaddr
951 doesn't fall in any dhcp-range. In this case it's not
952 possible to supply a complete configuration, but
953 individually-configured options (eg PAC) may be useful.
955 Allow the source address of an alias to be a range:
956 --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
957 subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
959 --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
960 maps only the 192.168.0.10->192.168.0.40 region. Thanks to
961 Ib Uhrskov for the suggestion.
963 Don't dynamically allocate DHCP addresses which may break
964 Windows. Addresses which end in .255 or .0 are broken in
965 Windows even when using supernetting.
966 --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means
967 192.168.0.255 is a valid IP address, but not for Windows.
968 See Microsoft KB281579. We therefore no longer allocate
969 these addresses to avoid hard-to-diagnose problems.
971 Update Polish translation. Thanks to Jan Psota.
973 Delete the PID-file when dnsmasq shuts down. Note that by
974 this time, dnsmasq is normally not running as root, so
975 this will fail if the PID-file is stored in a root-owned
976 directory; such failure is silently ignored. To take
977 advantage of this feature, the PID-file must be stored in a
978 directory owned and write-able by the user running
983 Allow --bootp-dynamic to take a netid tag, so that it may
984 be selectively enabled. Thanks to Olaf Westrik for the
987 Remove ISC-leasefile reading code. This has been
988 deprecated for a long time, and last time I removed it, it
989 ended up going back by request of one user. This time,
990 it's gone for good; otherwise it would need to be
991 re-worked to support multiple domains (see below).
993 Support DHCP clients in multiple DNS domains. This is a
994 long-standing request. Clients are assigned to a domain
995 based in their IP address.
997 Add --dhcp-fqdn flag, which changes behaviour if DNS names
998 assigned to DHCP clients. When this is set, there must be
999 a domain associated with each client, and only
1000 fully-qualified domain names are added to the DNS. The
1001 advantage is that the only the FQDN needs to be unique,
1002 so that two or more DHCP clients can share a hostname, as
1003 long as they are in different domains.
1005 Set environment variable DNSMASQ_DOMAIN when invoking
1006 lease-change script. This may be useful information to
1007 have now that it's variable.
1009 Tighten up data-checking code for DNS packet
1010 handling. Thanks to Steve Dodd who found certain illegal
1011 packets which could crash dnsmasq. No memory overwrite was
1012 possible, so this is not a security issue beyond the DoS
1015 Update example config dhcp option 47, the previous
1016 suggestion generated an illegal, zero-length,
1017 option. Thanks to Matthias Andree for finding this.
1019 Rewrite hosts-file reading code to remove the limit of
1020 1024 characters per line. John C Meuser found this.
1022 Create a net-id tag with the name of the interface on
1023 which the DHCP request was received.
1025 Fixed minor memory leak in DBus code, thanks to Jeremy
1026 Laine for the patch.
1028 Emit DBus signals as the DHCP lease database
1029 changes. Thanks to Jeremy Laine for the patch.
1031 Allow for more that one MAC address in a dhcp-host
1032 line. This configuration tells dnsmasq that it's OK to
1033 abandon a DHCP lease of the fixed address to one MAC
1034 address, if another MAC address in the dhcp-host statement
1035 asks for an address. This is useful to give a fixed
1036 address to a host which has two network interfaces
1037 (say, a laptop with wired and wireless interfaces.)
1038 It's very important to ensure that only one interface
1039 at a time is up, since dnsmasq abandons the first lease
1040 and re-uses the address before the leased time has
1041 elapsed. John Gray suggested this.
1043 Tweak the response to a DHCP request packet with a wrong
1044 server-id when --dhcp-authoritative is set; dnsmasq now
1045 returns a DHCPNAK, rather than silently ignoring the
1046 packet. Thanks to Chris Marget for spotting this
1049 Add --cname option. This provides a limited alias
1050 function, usable for DHCP names. Thanks to AJ Weber for
1051 suggestions on this.
1053 Updated contrib/webmin with latest version from Neil
1056 Updated Polish translation. Thanks to Jan Psota.
1058 Correct the text names for DHCP options 64 and 65 to be
1059 "nis+-domain" and "nis+-servers".
1061 Updated Spanish translation. Thanks to Chris Chatham.
1063 Force re-reading of /etc/resolv.conf when an "interface
1068 Fix total DNS failure in release 2.44 unless --min-port
1069 specified. Thanks to Steven Barth and Grant Coady for
1070 bugreport. Also reject out-of-range port spec, which could
1071 break things too: suggestion from Gilles Espinasse.
1075 Fix crash when unknown client attempts to renew a DHCP
1076 lease, problem introduced in version 2.43. Thanks to
1077 Carlos Carvalho for help chasing this down.
1079 Fix potential crash when a host which doesn't have a lease
1080 does DHCPINFORM. Again introduced in 2.43. This bug has
1081 never been reported in the wild.
1083 Fix crash in netlink code introduced in 2.43. Thanks to
1084 Jean Wolter for finding this.
1086 Change implementation of min_port to work even if min-port
1089 Patch to enable compilation of latest Mac OS X. Thanks to
1092 Update Spanish translation. Thanks to Christopher Chatham.
1096 Updated Polish translation. Thanks to Jan Psota.
1098 Flag errors when configuration options are repeated
1101 Further tweaks for GNU/kFreeBSD
1103 Add --no-wrap to msgmerge call - provides nicer .po file
1106 Honour lease-time spec in dhcp-host lines even for
1107 BOOTP. The user is assumed to known what they are doing in
1108 this case. (Hosts without the time spec still get infinite
1109 leases for BOOTP, over-riding the default in the
1110 dhcp-range.) Thanks to Peter Katzmann for uncovering this.
1112 Fix problem matching relay-agent ids. Thanks to Michael
1113 Rack for the bug report.
1115 Add --naptr-record option. Suggestion from Johan
1118 Implement RFC 5107 server-id-override DHCP relay agent
1121 Apply patches from Stefan Kruger for compilation on
1122 Solaris 10 under Sun studio.
1124 Yet more tweaking of Linux capability code, to suppress
1125 pointless wingeing from kernel 2.6.25 and above.
1127 Improve error checking during startup. Previously, some
1128 errors which occurred during startup would be worked
1129 around, with dnsmasq still starting up. Some were logged,
1130 some silent. Now, they all cause a fatal error and dnsmasq
1131 terminates with a non-zero exit code. The errors are those
1132 associated with changing uid and gid, setting process
1133 capabilities and writing the pidfile. Thanks to Uwe
1134 Gansert and the Suse security team for pointing out
1135 this improvement, and Bill Reimers for good implementation
1138 Provide NO_LARGEFILE compile option to switch off largefile
1139 support when compiling against versions of uclibc which
1140 don't support it. Thanks to Stephane Billiart for the patch.
1142 Implement random source ports for interactions with
1143 upstream nameservers. New spoofing attacks have been found
1144 against nameservers which do not do this, though it is not
1145 clear if dnsmasq is vulnerable, since to doesn't implement
1146 recursion. By default dnsmasq will now use a different
1147 source port (and socket) for each query it sends
1148 upstream. This behaviour can suppressed using the
1149 --query-port option, and the old default behaviour
1150 restored using --query-port=0. Explicit source-port
1151 specifications in --server configs are still honoured.
1153 Replace the random number generator, for better
1154 security. On most BSD systems, dnsmasq uses the
1155 arc4random() RNG, which is secure, but on other platforms,
1156 it relied on the C-library RNG, which may be
1157 guessable and therefore allow spoofing. This release
1158 replaces the libc RNG with the SURF RNG, from Daniel
1159 J. Berstein's DJBDNS package.
1161 Don't attempt to change user or group or set capabilities
1162 if dnsmasq is run as a non-root user. Without this, the
1163 change from soft to hard errors when these fail causes
1164 problems for non-root daemons listening on high
1165 ports. Thanks to Patrick McLean for spotting this.
1167 Updated French translation. Thanks to Gildas Le Nadan.
1171 The changelog for version 2.42 and earlier is
1172 available in CHANGELOG.archive.