From 70d82e00397c5699a9f37ed93678560116f8ac62 Mon Sep 17 00:00:00 2001
From: cheoleun moon <chleun.moon@samsung.com>
Date: Mon, 27 Feb 2023 12:23:19 +0900
Subject: [PATCH] Imported Upstream version 2.88

Change-Id: I71efe884b7eb0d77b9804525cf3ac4f8eee40a30
---
 CHANGELOG                           |  155 ++
 COPYING                             |   43 +-
 Makefile                            |   16 +-
 VERSION                             |    2 +-
 contrib/Suse/README                 |    6 -
 contrib/Suse/README.susefirewall    |   27 -
 contrib/Suse/dnsmasq-SuSE.patch     |   23 -
 contrib/Suse/dnsmasq-suse.spec      |  111 --
 contrib/Suse/rc.dnsmasq-suse        |   79 -
 contrib/lease-tools/dhcp_release.c  |    1 +
 contrib/lease-tools/dhcp_release6.c |   37 +-
 dbus/DBus-interface                 |   13 +
 dnsmasq.conf.example                |   10 +
 man/dnsmasq.8                       |  189 ++-
 po/de.po                            | 1341 +++++++++--------
 po/es.po                            | 1235 +++++++++-------
 po/fi.po                            | 1213 +++++++++-------
 po/fr.po                            | 1236 +++++++++-------
 po/id.po                            | 1251 +++++++++-------
 po/it.po                            | 1213 +++++++++-------
 po/ka.po                            | 2746 +++++++++++++++++++++++++++++++++++
 po/no.po                            | 1233 +++++++++-------
 po/pl.po                            | 1235 +++++++++-------
 po/pt_BR.po                         | 1213 +++++++++-------
 po/ro.po                            | 1233 +++++++++-------
 src/arp.c                           |    2 +-
 src/auth.c                          |   52 +-
 src/blockdata.c                     |    4 +-
 src/bpf.c                           |    2 +-
 src/cache.c                         |  314 ++--
 src/config.h                        |   17 +-
 src/conntrack.c                     |    2 +-
 src/crypto.c                        |   31 +-
 src/dbus.c                          |  199 ++-
 src/dhcp-common.c                   |   72 +-
 src/dhcp-protocol.h                 |    3 +-
 src/dhcp.c                          |  179 ++-
 src/dhcp6-protocol.h                |    5 +-
 src/dhcp6.c                         |   97 +-
 src/dns-protocol.h                  |    2 +-
 src/dnsmasq.c                       |  102 +-
 src/dnsmasq.h                       |  189 ++-
 src/dnssec.c                        |  142 +-
 src/domain-match.c                  |  309 ++--
 src/domain.c                        |   33 +-
 src/dump.c                          |  144 +-
 src/edns0.c                         |  142 +-
 src/forward.c                       | 1072 +++++++++-----
 src/hash-questions.c                |   10 +-
 src/helper.c                        |   80 +-
 src/inotify.c                       |  144 +-
 src/ip6addr.h                       |    2 +-
 src/lease.c                         |   10 +-
 src/log.c                           |   25 +-
 src/loop.c                          |    2 +-
 src/metrics.c                       |   24 +-
 src/metrics.h                       |    5 +-
 src/netlink.c                       |   24 +-
 src/network.c                       |  128 +-
 src/nftset.c                        |   94 ++
 src/option.c                        |  979 +++++++++----
 src/outpacket.c                     |    2 +-
 src/pattern.c                       |   10 +-
 src/poll.c                          |   19 +-
 src/radv-protocol.h                 |    2 +-
 src/radv.c                          |   50 +-
 src/rfc1035.c                       |  343 +++--
 src/rfc2131.c                       |   35 +-
 src/rfc3315.c                       |  295 ++--
 src/rrfilter.c                      |   55 +-
 src/slaac.c                         |    2 +-
 src/tftp.c                          |   53 +-
 src/ubus.c                          |    2 +-
 src/util.c                          |  125 +-
 74 files changed, 14139 insertions(+), 7356 deletions(-)
 delete mode 100644 contrib/Suse/README
 delete mode 100644 contrib/Suse/README.susefirewall
 delete mode 100644 contrib/Suse/dnsmasq-SuSE.patch
 delete mode 100644 contrib/Suse/dnsmasq-suse.spec
 delete mode 100644 contrib/Suse/rc.dnsmasq-suse
 create mode 100644 po/ka.po
 create mode 100644 src/nftset.c

diff --git a/CHANGELOG b/CHANGELOG
index 5e54df9..0f36a0f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,155 @@
+version 2.88
+	Fix bug in --dynamic-host when an interface has /16 IPv4
+	address. Thanks to Mark Dietzer for spotting this.
+	
+	Add --fast-dns-retry option. This gives dnsmasq the ability
+	to originate retries for upstream DNS queries itself, rather
+	than relying on the downstream client. This is most useful
+	when doing DNSSEC over unreliable upstream networks. It comes
+	with some cost in memory usage and network bandwidth.
+
+	Add --use-stale-cache option. When set, if a DNS name exists
+	in the cache, but its time-to-live has expired, dnsmasq will
+	return the data anyway. (It attempts to refresh the
+	data with an upstream query after returning the stale data.)
+	This can improve speed and reliability. It comes 
+	at the expense of sometimes returning out-of-date data and
+	less efficient cache utilisation, since old data cannot be
+	flushed when its TTL expires, so the cache becomes
+	strictly least-recently-used.
+
+	Make --hostsdir (but NOT --dhcp-hostsdir and --dhcp-optsdir)
+	handle removal of whole files or entries within files.
+	Thanks to Dominik Derigs for the initial patches for this.
+
+	Fix bug, introduced in 2.87, which could result in DNS
+	servers being removed from the configuration when reloading
+	server configuration from DBus, or re-reading /etc/resolv.conf
+	Only servers from the same source should be replaced, but some
+	servers from other sources (i.e., hard coded or another dynamic source)
+	could mysteriously disappear. Thanks to all reporting this,
+	but especially Christopher J. Madsen who reduced the problem
+	to an easily reproducible case which saved much labour in
+	finding it.
+
+	Add --no-round-robin option.
+
+	Allow domain names as well as IP addresses when specifying
+	upstream DNS servers. There are some gotchas associated with this
+	(it will mysteriously fail to work if the dnsmasq instance
+	being started is in the path from the system resolver to the DNS),
+	and a seemingly sensible configuration like
+	--server=domain.name@1.2.3.4 is unactionable if domain.name
+	only resolves to an IPv6 address). There are, however,
+	cases where is can be useful. Thanks to Dominik Derigs for
+	the patch.
+
+	Handle DS records for unsupported crypto algorithms correctly.
+	Such a DS, as long as it is validated, should allow answers
+	in the domain it attests to be returned as unvalidated, and not
+	as a validation error.
+
+	Optimise reading large numbers of --server options. When re-reading
+	upstream servers from /etc/resolv.conf or other sources that
+	can change dnsmasq tries to avoid memory fragmentation by re-using
+	existing records that are being re-read unchanged. This involves
+	seaching all the server records for each new one installed.
+	During startup this search is pointless, and can cause long
+	start times with thousands of --server options because the work
+	needed is O(n^2). Handle this case more intelligently.
+	Thanks to Ye Zhou for spotting the problem and an initial patch.
+	
+	If we detect that a DNS reply from upstream is malformed don't
+	return it to the requestor; send a SEVFAIL rcode instead.
+
+	
+version 2.87
+        Allow arbitrary prefix lengths in --rev-server and
+	--domain=....,local
+
+	Replace --address=/#/..... functionality which got
+	missed in the 2.86 domain search rewrite.
+
+	Add --nftset option, like --ipset but for the newer nftables.
+	Thanks to Chen Zhenge for the patch.
+	
+	Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
+	addresses from DNS answers.
+
+	Fix crash doing netbooting when --port is set to zero
+	to disable the DNS server. Thanks to Drexl Johannes
+	for the bug report.
+
+	Generalise --dhcp-relay. Sending via broadcast/multicast is
+	now supported for both IPv4 and IPv6 and the configuration
+	syntax made easier (but backwards compatible).
+	
+	Add snooping of IPv6 prefix-delegations to the DHCP-relay system.
+
+	Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated
+	as hex, the pattern must consist of only hex digits AND contain
+	at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped
+	over a pattern consisting of a decimal number which was interpreted
+	surprisingly.
+
+	Include client address in TFTP file-not-found error reports.
+	Thanks to Stefan Rink for the initial patch, which has been
+	re-worked by me (srk). All bugs mine.
+
+	Note in manpage the change in behaviour of -address. This behaviour
+	actually changed in v2.86, but was undocumented there. From 2.86 on,
+	(eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other
+	types of query will be sent upstream. Pre 2.86, that would catch the
+	whole example.com domain and queries for other types would get
+	a local NODATA answer. The pre-2.86 behaviour is still available,
+	by configuring --address=/example.com/1.2.3.4 --local=/example.com/
+
+        Fix problem with binding DHCP sockets to an individual interface.
+	Despite the fact that the system call tales the interface _name_ as
+	a parameter, it actually, binds the socket to interface _index_.
+	Deleting the interface and creating a new one with the same name
+	leaves the socket bound to the old index. (Creating new sockets
+	always allocates a fresh index, they are not reused). We now
+	take this behaviour into account and keep up with changing indexes.
+
+	Add --conf-script configuration option.
+
+	Enhance --domain to accept, for instance,
+	--domain=net2.thekelleys.org.uk,eth2 so that hosts get a domain
+	which relects the interface they are attached to in a way which
+	doesn't require hard-coding addresses. Thanks to Sten Spans for
+	the idea.
+
+	Fix write-after-free error in DHCPv6 server code.
+	CVE-2022-0934 refers.
+	
+	Add the ability to specify destination port in
+	DHCP-relay mode. This change also removes a previous bug
+	where --dhcp-alternate-port would affect the port used
+	to relay _to_ as well as the port being listened on.
+	The new feature allows configuration to provide bug-for-bug
+	compatibility, if required. Thanks to Damian Kaczkowski 
+	for the feature suggestion.
+
+	Bound the value of UDP packet size in the EDNS0 header of
+	forwarded queries to the configured or default value of
+	edns-packet-max. There's no point letting a client set a larger
+	value if we're unable to return the answer. Thanks to Bertie
+	Taylor for pointing out the problem and supplying the patch.
+	
+	Fix problem with the configuration
+	
+	--server=/some.domain/# --address=/#/<ip> --server=<server_ip>
+
+	This would return <ip> for queries in some.domain, rather than
+	forwarding the query via the default server.
+
+	Tweak DHCPv6 relay code so that packets relayed towards a server
+	have source address on the server-facing network, not the
+	client facing network. Thanks to Luis Thomas for spotting this
+	and initial patch.
+
+
 version 2.86
 	Handle DHCPREBIND requests in the DHCPv6 server code.
 	Thanks to Aichun Li for spotting this omission, and the initial
@@ -92,6 +244,9 @@ version 2.86
 	of filename). Thanks to Ed Wildgoose for the initial patch
 	and motivation for this.
 
+	Allow adding IP address to nftables set in addition to
+	ipset.
+
 	
 version 2.85
         Fix problem with DNS retries in 2.83/2.84.
diff --git a/COPYING b/COPYING
index 60549be..d159169 100644
--- a/COPYING
+++ b/COPYING
@@ -1,12 +1,12 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
-			    Preamble
+                            Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -15,7 +15,7 @@ software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
+the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
 
   When we speak of free software, we are referring to freedom, not
@@ -55,8 +55,8 @@ patent must be licensed for everyone's free use or not licensed at all.
 
   The precise terms and conditions for copying, distribution and
 modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
+
+                    GNU GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License applies to any program or other work which contains
@@ -110,7 +110,7 @@ above, provided that you also meet all of these conditions:
     License.  (Exception: if the Program itself is interactive but
     does not normally print such an announcement, your work based on
     the Program is not required to print an announcement.)
-
+
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
@@ -168,7 +168,7 @@ access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
-
+
   4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
@@ -225,7 +225,7 @@ impose that choice.
 
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
-
+
   8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
@@ -255,7 +255,7 @@ make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
 
-			    NO WARRANTY
+                            NO WARRANTY
 
   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
@@ -277,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
 
   If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@@ -291,7 +291,7 @@ convey the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
     <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) 19yy  <name of author>
+    Copyright (C) <year>  <name of author>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -303,17 +303,16 @@ the "copyright" line and a pointer to where the full notice is found.
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
 
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 Also add information on how to contact you by electronic and paper mail.
 
 If the program is interactive, make it output a short notice like this
 when it starts in an interactive mode:
 
-    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision version 69, Copyright (C) year name of author
     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.
@@ -336,5 +335,5 @@ necessary.  Here is a sample; alter the names:
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
+library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
diff --git a/Makefile b/Makefile
index 0cd592e..48e8d3b 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-# dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+# dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@@ -70,7 +70,9 @@ nettle_libs =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC     $(PKG_CO
                                                         HAVE_NETTLEHASH $(PKG_CONFIG) --libs nettle`
 gmp_libs =      `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
 sunos_libs =    `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
-version =     -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
+nft_cflags =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_NFTSET $(PKG_CONFIG) --cflags libnftables` 
+nft_libs =      `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_NFTSET $(PKG_CONFIG) --libs libnftables`
+version =       -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
 
 sum?=$(shell $(CC) -DDNSMASQ_COMPILE_OPTS $(COPTS) -E $(top)/$(SRC)/dnsmasq.h | ( md5sum 2>/dev/null || md5 ) | cut -f 1 -d ' ')
 sum!=$(CC) -DDNSMASQ_COMPILE_OPTS $(COPTS) -E $(top)/$(SRC)/dnsmasq.h | ( md5sum 2>/dev/null || md5 ) | cut -f 1 -d ' '
@@ -82,7 +84,7 @@ objs = cache.o rfc1035.o util.o option.o forward.o network.o \
        dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o pattern.o \
        domain.o dnssec.o blockdata.o tables.o loop.o inotify.o \
        poll.o rrfilter.o edns0.o arp.o crypto.o dump.o ubus.o \
-       metrics.o hash-questions.o domain-match.o
+       metrics.o hash-questions.o domain-match.o nftset.o
 
 hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
        dns-protocol.h radv-protocol.h ip6addr.h metrics.h
@@ -90,8 +92,8 @@ hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
 all : $(BUILDDIR)
 	@cd $(BUILDDIR) && $(MAKE) \
  top="$(top)" \
- build_cflags="$(version) $(dbus_cflags) $(idn2_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags)" \
- build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs) $(ubus_libs)" \
+ build_cflags="$(version) $(dbus_cflags) $(idn2_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags) $(nft_cflags)" \
+ build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs) $(ubus_libs) $(nft_libs)" \
  -f $(top)/Makefile dnsmasq 
 
 mostly_clean :
@@ -115,8 +117,8 @@ all-i18n : $(BUILDDIR)
 	@cd $(BUILDDIR) && $(MAKE) \
  top="$(top)" \
  i18n=-DLOCALEDIR=\'\"$(LOCALEDIR)\"\' \
- build_cflags="$(version) $(dbus_cflags) $(idn2_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags)" \
- build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs) $(ubus_libs)"  \
+ build_cflags="$(version) $(dbus_cflags) $(idn2_cflags) $(idn_cflags) $(ct_cflags) $(lua_cflags) $(nettle_cflags) $(nft_cflags)" \
+ build_libs="$(dbus_libs) $(idn2_libs) $(idn_libs) $(ct_libs) $(lua_libs) $(sunos_libs) $(nettle_libs) $(gmp_libs) $(ubus_libs) $(nft_libs)"  \
  -f $(top)/Makefile dnsmasq
 	for f in `cd $(PO); echo *.po`; do \
 		cd $(top) && cd $(BUILDDIR) && $(MAKE) top="$(top)" -f $(top)/Makefile $${f%.po}.mo; \
diff --git a/VERSION b/VERSION
index 81fd6fc..b2c4a0f 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
- (HEAD -> master, tag: v2.86)
+ (HEAD -> master, tag: v2.88)
diff --git a/contrib/Suse/README b/contrib/Suse/README
deleted file mode 100644
index 3fdc186..0000000
--- a/contrib/Suse/README
+++ /dev/null
@@ -1,6 +0,0 @@
-This packaging is now unmaintained in the dnsmasq source: dnsmasq is
-included in Suse proper, and up-to-date packages are now available
-from 
-
-ftp://ftp.suse.com/pub/people/ug/
-
diff --git a/contrib/Suse/README.susefirewall b/contrib/Suse/README.susefirewall
deleted file mode 100644
index 0b94108..0000000
--- a/contrib/Suse/README.susefirewall
+++ /dev/null
@@ -1,27 +0,0 @@
-This is a patch against SuSEfirewall2-3.1-206 (SuSE 9.x and older)
-It fixes the dependency from the dns daemon name 'named'
-After appending the patch, the SuSEfirewall is again able to autodetect 
-the dnsmasq named service.
-This is a very old bug in the SuSEfirewall script.
-The SuSE people think the name of the dns server will always 'named'
-
-
---- /sbin/SuSEfirewall2.orig	2004-01-23 13:30:09.000000000 +0100
-+++ /sbin/SuSEfirewall2	2004-01-23 13:31:56.000000000 +0100
-@@ -764,7 +764,7 @@
-     echo 'FW_ALLOW_INCOMING_HIGHPORTS_UDP should be set to yes, if you are running a DNS server!'
- 
- test "$FW_SERVICE_AUTODETECT" = yes -o "$FW_SERVICE_AUTODETECT" = dmz -o "$FW_SERVICE_AUTODETECT" = ext && {
--    test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv named && {
-+    test "$FW_SERVICE_DNS" = no -a '!' "$START_NAMED" = no && check_srv dnsmasq && {
- 	echo -e 'Warning: detected activated named, enabling FW_SERVICE_DNS!
- You still have to allow tcp/udp port 53 on internal, dmz and/or external.'
- 	FW_SERVICE_DNS=$FW_SERVICE_AUTODETECT
-@@ -878,7 +878,7 @@
- test -e /etc/resolv.conf || echo "Warning: /etc/resolv.conf not found"
- # Get ports/IP bindings of NAMED/SQUID
- test "$FW_SERVICE_DNS" = yes -o "$FW_SERVICE_DNS" = dmz -o "$FW_SERVICE_DNS" = ext -o "$START_NAMED" = yes && DNS_PORT=`$LSOF -i -n -P | \
--    $AWK -F: '/^named .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un`
-+    $AWK -F: '/^dnsmasq .* UDP / {print $2}'| $GREP -vw 53 | $SORT -un`
- test "$FW_SERVICE_SQUID" = yes -o "$FW_SERVICE_SQUID" = dmz -o "$FW_SERVICE_SQUID" = ext -o "$START_SQUID" = yes && SQUID_PORT=`$LSOF -i -n -P | \
-     $AWK -F: '/^squid .* UDP/ {print $2}'| $SORT -un`
diff --git a/contrib/Suse/dnsmasq-SuSE.patch b/contrib/Suse/dnsmasq-SuSE.patch
deleted file mode 100644
index 626245f..0000000
--- a/contrib/Suse/dnsmasq-SuSE.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- man/dnsmasq.8	2004-08-08 20:57:56.000000000 +0200
-+++ man/dnsmasq.8	2004-08-12 00:40:01.000000000 +0200
-@@ -69,7 +69,7 @@
- .TP
- .B \-g, --group=<groupname> 
- Specify the group which dnsmasq will run
--as. The defaults to "dip", if available, to facilitate access to
-+as. The defaults to "dialout", if available, to facilitate access to
- /etc/ppp/resolv.conf which is not normally world readable.
- .TP
- .B \-v, --version
---- src/config.h	2004-08-11 11:39:18.000000000 +0200
-+++ src/config.h	2004-08-12 00:40:01.000000000 +0200
-@@ -44,7 +44,7 @@
- #endif
- #define DEFLEASE 3600 /* default lease time, 1 hour */
- #define CHUSER "nobody"
--#define CHGRP "dip"
-+#define CHGRP "dialout"
- #define DHCP_SERVER_PORT 67
- #define DHCP_CLIENT_PORT 68
- 
-
diff --git a/contrib/Suse/dnsmasq-suse.spec b/contrib/Suse/dnsmasq-suse.spec
deleted file mode 100644
index ff8ba8f..0000000
--- a/contrib/Suse/dnsmasq-suse.spec
+++ /dev/null
@@ -1,111 +0,0 @@
-###############################################################################
-#
-# General
-#
-###############################################################################
-
-Name: dnsmasq
-Version: 2.33
-Release: 1
-Copyright: GPL
-Group: Productivity/Networking/DNS/Servers
-Vendor: Simon Kelley
-Packager: Simon Kelley
-URL: http://www.thekelleys.org.uk/dnsmasq
-Provides: dns_daemon
-Conflicts: bind bind8 bind9
-PreReq: %fillup_prereq %insserv_prereq
-Autoreqprov: on
-Source0: %{name}-%{version}.tar.bz2
-BuildRoot: /var/tmp/%{name}-%{version}
-Summary: A lightweight caching nameserver
-
-%description
-Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It 
-is designed to provide DNS and, optionally, DHCP, to a small network. It can
-serve the names of local machines which are not in the global DNS. The DHCP 
-server integrates with the DNS server and allows machines with DHCP-allocated
-addresses to appear in the DNS with names configured either in each host or 
-in a central configuration file. Dnsmasq supports static and dynamic DHCP 
-leases and BOOTP for network booting of diskless machines.
-
-
-
-###############################################################################
-#
-# Build
-#
-###############################################################################
-
-%prep
-%setup -q
-patch -p0 <rpm/%{name}-SuSE.patch
-
-%build
-%{?suse_update_config:%{suse_update_config -f}}
-make all-i18n DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr
-
-###############################################################################
-#
-# Install
-#
-###############################################################################
-
-%install
-rm -rf $RPM_BUILD_ROOT
-mkdir -p ${RPM_BUILD_ROOT}/etc/init.d
-make install-i18n DESTDIR=$RPM_BUILD_ROOT PREFIX=/usr
-install -o root -g root -m 755 rpm/rc.dnsmasq-suse $RPM_BUILD_ROOT/etc/init.d/dnsmasq
-install -o root -g root -m 644 dnsmasq.conf.example $RPM_BUILD_ROOT/etc/dnsmasq.conf
-strip $RPM_BUILD_ROOT/usr/sbin/dnsmasq
-ln -sf ../../etc/init.d/dnsmasq $RPM_BUILD_ROOT/usr/sbin/rcdnsmasq
-
-###############################################################################
-#
-# Clean up
-#
-###############################################################################
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-###############################################################################
-#
-# Post-install scriptlet
-#
-###############################################################################
-
-%post
-%{fillup_and_insserv dnsmasq}
-
-###############################################################################
-#
-# Post-uninstall scriptlet
-#
-# The %postun script executes after the package has been removed. It is the
-# last chance for a package to clean up after itself.
-#
-###############################################################################
-
-%postun
-%{insserv_cleanup}
-
-###############################################################################
-#
-# File list
-#
-###############################################################################
-
-%files
-%defattr(-,root,root)
-%doc CHANGELOG COPYING FAQ doc.html setup.html UPGRADING_to_2.0 rpm/README.susefirewall
-%doc contrib
-%config /etc/init.d/dnsmasq
-%config /etc/dnsmasq.conf
-/usr/sbin/rcdnsmasq
-/usr/sbin/dnsmasq
-/usr/share/locale/*/LC_MESSAGES/*
-%doc %{_mandir}/man8/dnsmasq.8.gz
-%doc %{_mandir}/*/man8/dnsmasq.8.gz
-
-
diff --git a/contrib/Suse/rc.dnsmasq-suse b/contrib/Suse/rc.dnsmasq-suse
deleted file mode 100644
index 71f4c72..0000000
--- a/contrib/Suse/rc.dnsmasq-suse
+++ /dev/null
@@ -1,79 +0,0 @@
-#! /bin/sh
-#
-# init.d/dnsmasq
-#
-### BEGIN INIT INFO
-# Provides:       dnsmasq
-# Required-Start: $network $remote_fs $syslog
-# Required-Stop:
-# Default-Start:  3 5
-# Default-Stop:
-# Description:    Starts internet name service masq caching server (DNS)
-### END INIT INFO
-
-NAMED_BIN=/usr/sbin/dnsmasq
-NAMED_PID=/var/run/dnsmasq.pid
-NAMED_CONF=/etc/dnsmasq.conf
-
-if [ ! -x $NAMED_BIN ] ; then
-	echo -n "dnsmasq not installed ! "
-	exit 5
-fi
-
-. /etc/rc.status
-rc_reset
-
-case "$1" in
-    start)
-	echo -n "Starting name service masq caching server "
-        checkproc -p $NAMED_PID $NAMED_BIN
-        if [ $? -eq 0 ] ; then
-           echo -n "- Warning: dnsmasq already running ! "
-        else
-           [ -e $NAMED_PID ] && echo -n "- Warning: $NAMED_PID exists ! "
-	fi
-	startproc -p $NAMED_PID $NAMED_BIN -u nobody
-	rc_status -v
-	;;
-    stop)
-	echo -n "Shutting name service masq caching server "
-	checkproc -p $NAMED_PID $NAMED_BIN
-	[ $? -ne 0 ] && echo -n "- Warning: dnsmasq not running ! "
-	killproc -p $NAMED_PID -TERM $NAMED_BIN
-	rc_status -v
-	;;
-    try-restart)
-	$0 stop  &&  $0 start
-	rc_status
-	;;
-    restart)
-	$0 stop
-	$0 start
-	rc_status
-	;;
-    force-reload)
-	$0 reload
-	rc_status
-	;;
-    reload)
-	echo -n "Reloading name service masq caching server "
-	checkproc -p $NAMED_PID $NAMED_BIN
-	[ $? -ne 0 ] && echo -n "- Warning: dnsmasq not running ! "
-	killproc -p $NAMED_PID -HUP $NAMED_BIN
-	rc_status -v
-	;;
-    status)
-	echo -n "Checking for name service masq caching server "
-	checkproc -p $NAMED_PID $NAMED_BIN
-	rc_status -v
-	;;
-    probe)
-	test $NAMED_CONF -nt $NAMED_PID && echo reload
-	;;
-    *)
-	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
-	exit 1
-	;;
-esac
-rc_exit
-
diff --git a/contrib/lease-tools/dhcp_release.c b/contrib/lease-tools/dhcp_release.c
index c1c835b..84f5610 100644
--- a/contrib/lease-tools/dhcp_release.c
+++ b/contrib/lease-tools/dhcp_release.c
@@ -280,6 +280,7 @@ int main(int argc, char **argv)
   
   /* This voodoo fakes up a packet coming from the correct interface, which really matters for 
      a DHCP server */
+  memset(&ifr, 0, sizeof(ifr));
   strncpy(ifr.ifr_name, argv[1], sizeof(ifr.ifr_name)-1);
   ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0';
   if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1)
diff --git a/contrib/lease-tools/dhcp_release6.c b/contrib/lease-tools/dhcp_release6.c
index d680222..9b3438f 100644
--- a/contrib/lease-tools/dhcp_release6.c
+++ b/contrib/lease-tools/dhcp_release6.c
@@ -318,6 +318,12 @@ void usage(const char* arg, FILE* stream)
   fprintf (stream, "Usage: %s %s\n", arg, usage_string);   
 }
 
+static void fail_fatal(const char *errstr, int exitcode)
+{
+  perror(errstr);
+  exit(exitcode);
+}
+
 int send_release_packet(const char* iface, struct dhcp6_packet* packet)
 {
   struct sockaddr_in6 server_addr, client_addr;
@@ -343,18 +349,19 @@ int send_release_packet(const char* iface, struct dhcp6_packet* packet)
     client_addr.sin6_port = htons(DHCP6_CLIENT_PORT);
     client_addr.sin6_flowinfo = 0;
     client_addr.sin6_scope_id =0;
-    inet_pton(AF_INET6, "::", &client_addr.sin6_addr);
-    bind(sock, (struct sockaddr*)&client_addr, sizeof(struct sockaddr_in6));
-    inet_pton(AF_INET6, DHCP6_MULTICAST_ADDRESS, &server_addr.sin6_addr);
+    if (inet_pton(AF_INET6, "::", &client_addr.sin6_addr) <= 0)
+      fail_fatal("inet_pton", 5);
+    if (bind(sock, (struct sockaddr*)&client_addr, sizeof(struct sockaddr_in6)) != 0)
+      perror("bind"); /* continue on bind error */
+    if (inet_pton(AF_INET6, DHCP6_MULTICAST_ADDRESS, &server_addr.sin6_addr) <= 0)
+      fail_fatal("inet_pton", 5);
     server_addr.sin6_port = htons(DHCP6_SERVER_PORT);
-    int16_t recv_size = 0;
+    ssize_t recv_size = 0;
+    int result;
     for (i = 0; i < 5; i++)
       {
         if (sendto(sock, packet->buf, packet->len, 0, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0)
-	  {
-	    perror("sendto failed");
-            exit(4);
-	  }
+	  fail_fatal("sendto failed", 4);
 	
         recv_size = recvfrom(sock, response, sizeof(response), MSG_DONTWAIT, NULL, 0);
         if (recv_size == -1)
@@ -367,16 +374,18 @@ int send_release_packet(const char* iface, struct dhcp6_packet* packet)
 	    else
 	      {
                 perror("recvfrom");
+		result = UNSPEC_FAIL;
 	      }
 	  }
-	
-        int16_t result = parse_packet(response, recv_size);
-        if (result == NOT_REPLY_CODE)
+	else
 	  {
-            sleep(1);
-            continue;
+	    result = parse_packet(response, recv_size);
+	    if (result == NOT_REPLY_CODE)
+	      {
+		sleep(1);
+		continue;
+	      }
 	  }
-
         close(sock);
         return result;
       }
diff --git a/dbus/DBus-interface b/dbus/DBus-interface
index 954c5b9..59b41b1 100644
--- a/dbus/DBus-interface
+++ b/dbus/DBus-interface
@@ -48,6 +48,10 @@ SetBogusPrivOption
 ------------------
 Takes boolean, sets or resets the --bogus-priv option.
 
+SetLocaliseQueriesOption
+------------------------
+Takes boolean, sets or resets the --localise-queries option.
+
 SetServers
 ----------
 Returns nothing. Takes a set of arguments representing the new
@@ -248,6 +252,15 @@ GetMetrics
 
 Returns an array with various metrics for DNS and DHCP.
 
+GetServerMetrics
+----------------
+
+Returns per-DNS-server metrics.
+
+ClearMetrics
+------------
+
+Clear call metric counters, global and per-server.
 
 2. SIGNALS
 ----------
diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example
index bf19424..2047630 100644
--- a/dnsmasq.conf.example
+++ b/dnsmasq.conf.example
@@ -85,6 +85,16 @@
 # subdomains to the vpn and search ipsets:
 #ipset=/yahoo.com/google.com/vpn,search
 
+# Add the IPs of all queries to yahoo.com, google.com, and their
+# subdomains to netfilters sets, which is equivalent to
+# 'nft add element ip test vpn { ... }; nft add element ip test search { ... }'
+#nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search
+
+# Use netfilters sets for both IPv4 and IPv6:
+# This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses.
+#nftset=/yahoo.com/4#ip#test#vpn4
+#nftset=/yahoo.com/6#ip#test#vpn6
+
 # You can control how dnsmasq talks to a server: this forces
 # queries to 10.1.2.3 to be routed via eth1
 # server=10.1.2.3@eth1
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 7ffccad..2495ed1 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -60,7 +60,8 @@ in alphabetical order.
 .TP
 .B --hostsdir=<path>
 Read all the hosts files contained in the directory. New or changed files
-are read automatically. See \fB--dhcp-hostsdir\fP for details.
+are read automatically and modified and deleted files have removed records
+automatically deleted.
 .TP
 .B \-E, --expand-hosts
 Add the domain to simple names (without a period) in /etc/hosts
@@ -105,6 +106,16 @@ Dnsmasq limits the value of this option to one hour, unless recompiled.
 .B --auth-ttl=<time>
 Set the TTL value returned in answers from the authoritative server.
 .TP
+.B --fast-dns-retry=[<initial retry delay in ms>[,<time to continue retries in ms>]]
+Under normal circumstances, dnsmasq relies on DNS clients to do retries; it
+does not generate timeouts itself. Setting this option
+instructs dnsmasq to generate its own retries starting after a delay
+which defaults to 1000ms. If the second parameter is given this controls
+how long the retries will continue for
+otherwise this defaults to 10000ms. Retries are repeated with exponential
+backoff. Using this option increases memory usage and
+network bandwidth.
+.TP
 .B \-k, --keep-in-foreground
 Do not go into the background at startup but otherwise run as
 normal. This is intended for use when dnsmasq is run under daemontools
@@ -180,7 +191,15 @@ specific UDP port <query_port> instead of using random ports. NOTE
 that using this option will make dnsmasq less secure against DNS
 spoofing attacks but it may be faster and use less resources.  Setting this option
 to zero makes dnsmasq use a single port allocated to it by the
-OS: this was the default behaviour in versions prior to 2.43. 
+OS: this was the default behaviour in versions prior to 2.43.
+.TP
+.B --port-limit=<#ports>
+By default, when sending a query via random ports to multiple upstream servers or
+retrying a query dnsmasq will use a single random port for all the tries/retries.
+This option allows a larger number of ports to be used, which can increase robustness
+in certain network configurations. Note that increasing this to more than
+two or three can have security and resource implications and should only
+be done with understanding of those.
 .TP
 .B --min-port=<port>
 Do not use ports less than that given as source for outbound DNS
@@ -304,7 +323,8 @@ Return answers to DNS queries from /etc/hosts and \fB--interface-name\fP and \fB
 received. If a name has more than one address associated with
 it, and at least one of those addresses is on the same subnet as the
 interface to which the query was sent, then return only the
-address(es) on that subnet. This allows for a server  to have multiple
+address(es) on that subnet and return all the available addresses otherwise.
+This allows for a server  to have multiple
 addresses in /etc/hosts corresponding to each of its interfaces, and
 hosts will get the correct address based on which network they are
 attached to. Currently this facility is limited to IPv4.
@@ -345,8 +365,15 @@ forged answer to a DNS request for certain domain, before the correct answer can
 .B \-f, --filterwin2k
 Later versions of windows make periodic DNS requests which don't get sensible answers from
 the public DNS and can cause problems by triggering dial-on-demand links. This flag turns on an option
-to filter such requests. The requests blocked are for records of types SOA and SRV, and type ANY where the 
-requested name has underscores, to catch LDAP requests.
+to filter such requests. The requests blocked are for records of type ANY
+where the requested name has underscores, to catch LDAP requests, and for
+\fBall\fP records of types SOA and SRV.
+.TP
+.B --filter-A
+Remove A records from answers. No IPv4 addresses will be returned.
+.TP
+.B --filter-AAAA
+Remove AAAA records from answers. No IPv6 addresses will be returned.
 .TP
 .B \-r, --resolv-file=<file>
 Read the IP addresses of the upstream nameservers from <file>, instead of
@@ -435,8 +462,8 @@ Tells dnsmasq to never forward A or AAAA queries for plain names, without dots
 or domain parts, to upstream nameservers. If the name is not known
 from /etc/hosts or DHCP then a "not found" answer is returned.
 .TP
-.B \-S, --local, --server=[/[<domain>]/[domain/]][<ipaddr>[#<port>]][@<interface>][@<source-ip>[#<port>]]
-Specify IP address of upstream servers directly. Setting this flag does
+.B \-S, --local, --server=[/[<domain>]/[domain/]][<server>[#<port>]][@<interface>][@<source-ip>[#<port>]]
+Specify upstream servers directly. Setting this flag does
 not suppress reading of /etc/resolv.conf, use \fB--no-resolv\fP to do that. If one or more
 optional domains are given, that server is used only for those domains
 and they are queried only using the specified server. This is
@@ -504,22 +531,27 @@ The query-port flag is ignored for any servers which have a
 source address specified but the port may be specified directly as
 part of the source address. Forcing queries to an interface is not
 implemented on all platforms supported by dnsmasq.
+
+Upstream servers may be specified with a hostname rather than an IP address.
+In this case, dnsmasq will try to use the system resolver to get the IP address
+of a server during startup. If name resolution fails, starting dnsmasq fails, too.
+If the system's configuration is such that the system resolver sends DNS queries
+through the dnsmasq instance which is starting up then this will time-out and fail.
 .TP
-.B --rev-server=<ip-address>/<prefix-len>[,<ipaddr>][#<port>][@<interface>][@<source-ip>[#<port>]]
+.B --rev-server=<ip-address>[/<prefix-len>][,<server>][#<port>][@<interface>][@<source-ip>[#<port>]]
 This is functionally the same as 
 .B --server, 
 but provides some syntactic sugar to make specifying address-to-name queries easier. For example
 .B --rev-server=1.2.3.0/24,192.168.0.1
 is exactly equivalent to 
 .B --server=/3.2.1.in-addr.arpa/192.168.0.1
+Allowed prefix lengths are 1-32 (IPv4) and 1-128 (IPv6). If the prefix length is omitted, dnsmasq substitutes either 32 (IPv4) or 128 (IPv6).
 .TP
 .B \-A, --address=/<domain>[/<domain>...]/[<ipaddr>]
 Specify an IP address to return for any host in the given domains.
-Queries in the domains are never forwarded and always replied to
+A (or AAAA) queries in the domains are never forwarded and always replied to
 with the specified IP address which may be IPv4 or IPv6. To give
-both IPv4 and IPv6 addresses for a domain, use repeated \fB--address\fP flags.
-To include multiple IP addresses for a single query, use
-\fB--addn-hosts=<path>\fP instead.
+multiple addresses or both IPv4 and IPv6 addresses for a domain, use repeated \fB--address\fP flags.
 Note that /etc/hosts and DHCP leases override this for individual
 names. A common use of this is to redirect the entire doubleclick.net
 domain to some friendly local web server to avoid banner ads. The
@@ -537,6 +569,11 @@ address of 0.0.0.0 and its IPv6 equivalent of :: so
 its subdomains. This is partly syntactic sugar for \fB--address=/example.com/0.0.0.0\fP
 and \fB--address=/example.com/::\fP but is also more efficient than including both
 as separate configuration lines. Note that NULL addresses normally work in the same way as localhost, so beware that clients looking up these names are likely to end up talking to themselves.
+
+Note that the behaviour for queries which don't match the specified address literal changed in version 2.86.
+Previous versions, configured with (eg) --address=/example.com/1.2.3.4 and then queried for a RR type other than
+A would return a NoData answer. From  2.86, the query is sent upstream. To restore the pre-2.86 behaviour,
+use the configuration --address=/example.com/1.2.3.4 --local=/example.com/
 .TP
 .B --ipset=/<domain>[/<domain>...]/<ipset>[,<ipset>...]
 Places the resolved IP addresses of queries for one or more domains in
@@ -549,6 +586,15 @@ These IP sets must already exist. See
 .BR ipset (8)
 for more details.
 .TP
+.B --nftset=/<domain>[/<domain>...]/[(6|4)#[<family>#]<table>#<set>[,[(6|4)#[<family>#]<table>#<set>]...]
+Similar to the \fB--ipset\fP option, but accepts one or more nftables 
+sets to add IP addresses into.
+These sets must already exist. See
+.BR nft (8)
+for more details. The family, table and set are passed directly to the nft. If the spec starts with 4# or 6# then
+only A or AAAA records respectively are added to the set. Since an nftset can hold only IPv4 or IPv6 addresses, this
+avoids errors being logged for addresses of the wrong type.
+.TP
 .B --connmark-allowlist-enable[=<mask>]
 Enables filtering of incoming DNS queries with associated Linux connection track marks
 according to individual allowlists configured via a series of \fB--connmark-allowlist\fP
@@ -714,7 +760,7 @@ Specify the location of a pcap-format file which dnsmasq uses to dump copies of
 .TP
 .B --dumpmask=<mask>
 Specify which types of packets should be added to the dumpfile. The argument should be the OR of the bitmasks for each type of packet to be dumped: it can be specified in hex by preceding the number with 0x in  the normal way. Each time a packet is written to the dumpfile, dnsmasq logs the packet sequence and the mask
-representing its type. The current types are: 0x0001 - DNS queries from clients 0x0002 DNS replies to clients 0x0004 - DNS queries to upstream 0x0008 - DNS replies from upstream 0x0010 - queries send upstream for DNSSEC validation 0x0020 - replies to queries for DNSSEC validation 0x0040 - replies to client queries which fail DNSSEC validation 0x0080 replies to queries for DNSSEC validation which fail validation.
+representing its type. The current types are: 0x0001 - DNS queries from clients, 0x0002 DNS replies to clients, 0x0004 - DNS queries to upstream, 0x0008 - DNS replies from upstream, 0x0010 - queries send upstream for DNSSEC validation, 0x0020 - replies to queries for DNSSEC validation, 0x0040 - replies to client queries which fail DNSSEC validation, 0x0080 replies to queries for DNSSEC validation which fail validation, 0x1000 - DHCPv4, 0x2000 - DHCPv6, 0x4000 - Router advertisement, 0x8000 - TFTP.
 .TP
 .B --add-mac[=base64|text]
 Add the MAC address of the requestor to DNS queries which are
@@ -727,6 +773,9 @@ have security and privacy implications. The warning about caching
 given for \fB--add-subnet\fP applies to \fB--add-mac\fP too. An alternative encoding of the
 MAC, as base64, is enabled by adding the "base64" parameter and a human-readable encoding of hex-and-colons is enabled by added the "text" parameter.
 .TP
+.B --strip-mac
+Remove any MAC address information already in downstream queries before forwarding upstream.  
+.TP
 .B --add-cpe-id=<string>
 Add an arbitrary identifying string to DNS queries which are
 forwarded upstream.
@@ -752,12 +801,18 @@ will add 1.2.3.0/24 for IPv4 requestors and ::/0 for IPv6 requestors.
 .B --add-subnet=1.2.3.4/24,1.2.3.4/24
 will add 1.2.3.0/24 for both IPv4 and IPv6 requestors.
 .TP
-.B --umbrella[=deviceid:<deviceid>[,orgid:<orgid>]]
+.B --strip-subnet
+Remove any subnet address already present in a downstream query before forwarding it upstream. If --add-subnet is set this also
+ensures that any downstream-provided subnet is replaced by the one added by dnsmasq. Otherwise, dnsmasq will NOT replace an
+existing subnet in the query.
+.TP
+.B --umbrella[=[deviceid:<deviceid>][,orgid:<orgid>][,assetid:<id>]]
 Embeds the requestor's IP address in DNS queries forwarded upstream.
-If device id or organization id are specified, the information is
+If device id or, asset id or organization id are specified, the information is
 included in the forwarded queries and may be able to be used in
-filtering policies and reporting. The order of the deviceid and orgid
-attributes is irrelevant, but must be separated by a comma.
+filtering policies and reporting. The order of the id
+attributes is irrelevant, but they must be separated by a comma. Deviceid is
+a sixteen digit hexadecimal number, org and asset ids are decimal numbers.
 .TP
 .B \-c, --cache-size=<cachesize>
 Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching. Note: huge cache size impacts performance.
@@ -767,6 +822,19 @@ Disable negative caching. Negative caching allows dnsmasq to remember
 "no such domain" answers from upstream nameservers and answer
 identical queries without forwarding them again. 
 .TP
+.B --no-round-robin
+Dnsmasq normally permutes the order of A or AAAA records for the same
+name on successive queries, for load-balancing. This turns off that
+behaviour, so that the records are always returned in the order
+that they are received from upstream.
+.TP
+.B --use-stale-cache[=<max TTL excess in s>]
+When set, if a DNS name exists in the cache, but its time-to-live has expired, dnsmasq will return the data anyway. (It attempts to refresh the
+data with an upstream query after returning the stale data.) This can improve speed and reliability. It comes at the expense
+of sometimes returning out-of-date data and less efficient cache utilisation, since old data cannot be flushed when its TTL expires, so the cache becomes
+mostly least-recently-used. To mitigate issues caused by massively outdated DNS replies, the maximum overaging of cached records can be specified in seconds
+(defaulting to not serve anything older than one day). Setting the TTL excess time to zero will serve stale cache data regardless how long it has expired.
+.TP
 .B \-0, --dns-forward-max=<queries>
 Set the maximum number of concurrent DNS queries. The default value is
 150, which should be fine for most setups. The only known situation
@@ -1036,7 +1104,7 @@ is also included, as described in RFC-3775 section 7.3.
 tells dnsmasq to advertise the prefix without the on-link (aka L) bit set.
 
 .TP
-.B \-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][tag:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
+.B \-G, --dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,tag:<tag>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
 Specify per host parameters for the DHCP server. This allows a machine
 with a particular hardware address to be always allocated the same
 hostname, IP address and lease time. A hostname specified like this
@@ -1099,7 +1167,8 @@ given in a
 .B --dhcp-host
 option, but aliases are possible by using CNAMEs. (See 
 .B --cname
-).
+). Note that /etc/hosts is NOT used when the DNS server side of dnsmasq
+is disabled by setting the DNS server port to zero.
 
 More than one
 .B --dhcp-host
@@ -1135,7 +1204,10 @@ ignore requests from unknown machines using
 If the host matches only a \fB--dhcp-host\fP directive which cannot
 be used because it specifies an address on different subnet, the tag "known-othernet" is set.
 
-The tag:<tag> construct filters which dhcp-host directives are used. Tagged directives are used in preference to untagged ones.
+The tag:<tag> construct filters which dhcp-host directives are used; more than
+one can be provided, in this case the request must match all of them. Tagged
+directives are used in preference to untagged ones. Note that one of <hwaddr>,
+<client_id> or <hostname> still needs to be specified (can be a wildcard).
 
 Ethernet addresses (but not client-ids) may have
 wildcard bytes, so for example 
@@ -1309,7 +1381,7 @@ DHCP options. This make extra space available in the DHCP packet for
 options but can, rarely, confuse old or broken clients. This flag
 forces "simple and safe" behaviour to avoid problems in such a case.
 .TP
-.B --dhcp-relay=<local address>,<server address>[,<interface]
+.B --dhcp-relay=<local address>[,<server address>[#<server port>]][,<interface]
 Configure dnsmasq to do DHCP relay. The local address is an address
 allocated to an interface on the host running dnsmasq. All DHCP
 requests arriving on that interface will we relayed to a remote DHCP
@@ -1317,10 +1389,12 @@ server at the server address. It is possible to relay from a single local
 address to multiple remote servers by using multiple \fB--dhcp-relay\fP
 configs with the same local address and different server
 addresses. A server address must be an IP literal address, not a
-domain name. In the case of DHCPv6, the server address may be the
-ALL_SERVERS multicast address, ff05::1:3. In this case the interface
-must be given, not be wildcard, and is used to direct the multicast to the
-correct interface to reach the DHCP server. 
+domain name. If the server address is omitted, the request will be
+forwarded by broadcast (IPv4) or multicast (IPv6). In this case the interface
+must be given and not be wildcard. The server address may specify a non-standard
+port to relay to. If this is used then \fB--dhcp-proxy\fP should likely also be set,
+otherwise parts of the DHCP conversation which do not pass through the relay
+will be delivered to the wrong port.
 
 Access control for DHCP clients has the same rules as for the DHCP
 server, see \fB--interface\fP, \fB--except-interface\fP, etc. The optional
@@ -1340,6 +1414,11 @@ supported: the relay function will take precedence.
 
 Both DHCPv4 and DHCPv6 relay is supported. It's not possible to relay
 DHCPv4 to a DHCPv6 server or vice-versa.
+
+The DHCP relay function for IPv6 includes the ability to snoop
+prefix-delegation from relayed DHCP transactions. See
+.B --dhcp-script
+for details. 
 .TP
 .B \-U, --dhcp-vendorclass=set:<tag>,[enterprise:<IANA-enterprise number>,]<vendor-class>
 Map from a vendor-class string to a tag. Most DHCP clients provide a 
@@ -1675,7 +1754,13 @@ If dnsmasq was compiled with HAVE_BROKEN_RTC, then
 the length of the lease (in seconds) is stored in
 DNSMASQ_LEASE_LENGTH, otherwise the time of lease expiry is stored in
 DNSMASQ_LEASE_EXPIRES. The number of seconds until lease expiry is
-always stored in DNSMASQ_TIME_REMAINING. 
+always stored in DNSMASQ_TIME_REMAINING.
+
+DNSMASQ_DATA_MISSING is set to "1" during "old" events for existing
+leases generated at startup to indicate that data not stored in the
+persistent lease database will not be present. This comprises everything
+other than IP address, hostname, MAC address, DUID, IAID and lease length
+or expiry time.
 
 If a lease used to have a hostname, which is
 removed, an "old" event is generated with the new state of the lease, 
@@ -1697,6 +1782,11 @@ DNSMASQ_LOG_DHCP is set if
 .B --log-dhcp
 is in effect.
 
+DNSMASQ_REQUESTED_OPTIONS a string containing the decimal values in the Parameter Request List option, comma separated, if the parameter request list option is provided by the client.
+
+DNSMASQ_MUD_URL the Manufacturer Usage Description URL if provided by the client. (See RFC8520 for details.)
+
+
 For IPv4 only:
 
 DNSMASQ_CLIENT_ID if the host provided a client-id.
@@ -1706,8 +1796,6 @@ DHCP relay-agent added any of these options.
  
 If the client provides vendor-class, DNSMASQ_VENDOR_CLASS.
 
-DNSMASQ_REQUESTED_OPTIONS a string containing the decimal values in the Parameter Request List option, comma separated, if the parameter request list option is provided by the client.
-
 For IPv6 only:
 
 If the client provides vendor-class, DNSMASQ_VENDOR_CLASS_ID,
@@ -1750,15 +1838,25 @@ receives a HUP signal, the script will be invoked for existing leases
 with an "old" event.
 
 
-There are four further actions which may appear as the first argument
-to the script, "init", "arp-add", "arp-del" and "tftp". More may be added in the future, so
+There are five further actions which may appear as the first argument
+to the script, "init", "arp-add", "arp-del", "relay-snoop" and "tftp".
+More may be added in the future, so
 scripts should be written to ignore unknown actions. "init" is
 described below in 
 .B --leasefile-ro
+
 The "tftp" action is invoked when a TFTP file transfer completes: the
 arguments are the file size in bytes, the address to which the file
 was sent, and the complete pathname of the file.
- 
+
+The "relay-snoop" action is invoked when dnsmasq is configured as a DHCP
+relay for DHCPv6 and it relays a prefx delegation to a client. The arguments
+are the name of the interface where the client is conected, its (link-local)
+address on that interface and the delegated prefix. This information is
+sufficient to install routes to the delegated prefix of a router. See
+.B --dhcp-relay
+for more details on configuring DHCP relay.
+
 The "arp-add" and "arp-del" actions are only called if enabled with
 .B --script-arp
 They are are supplied with a MAC address and IP address as arguments. "arp-add" indicates
@@ -1889,7 +1987,7 @@ is the address of the relay and the second, as before, specifies an extra subnet
 addresses may be allocated from.
 
 .TP
-.B \-s, --domain=<domain>[,<address range>[,local]]
+.B \-s, --domain=<domain>[[,<address range>[,local]]|<interface>]
 Specifies DNS domains for the DHCP server. Domains may be be given 
 unconditionally (without the IP range) or for limited IP ranges. This has two effects;
 firstly it causes the DHCP server to return the domain to any hosts
@@ -1923,7 +2021,11 @@ additional flag "local" may be supplied which has the effect of adding
 is identical to
 .B --domain=thekelleys.org.uk,192.168.0.0/24
 .B --local=/thekelleys.org.uk/ --local=/0.168.192.in-addr.arpa/
-The network size must be 8, 16 or 24 for this to be legal.
+
+The address range can also be given as a network interface name, in which case
+all of the subnets currently assigned to the interface are used in matching the
+address. This allows hosts on different physical subnets to be given different
+domains in a way which updates automatically as the interface addresses change.
 .TP
 .B --dhcp-fqdn
 In the default mode, dnsmasq inserts the unqualified names of
@@ -2096,6 +2198,23 @@ A special case of
 which differs in two respects. Firstly, only \fB--server\fP and \fB--rev-server\fP are allowed
 in the configuration file included. Secondly, the file is re-read and the configuration
 therein is updated when dnsmasq receives SIGHUP.
+.TP
+.B \--conf-script=<file>[ <arg]
+Execute <file>, and treat what it emits to stdout as the contents of a configuration file.
+If the script exits with a non-zero exit code, dnsmasq treats this as a fatal error.
+The script can be passed arguments, space seperated from the filename and each other so, for instance
+.B --conf-dir="/etc/dnsmasq-uncompress-ads /share/ads-domains.gz"
+
+with /etc/dnsmasq-uncompress-ads containing 
+
+set -e
+
+zcat ${1} | sed -e "s:^:address=/:" -e "s:$:/:" 
+
+exit 0
+
+and /share/ads-domains.gz containing a compressed
+list of ad server domains will save disk space with large ad-server blocklists.
 .SH CONFIG FILE
 At startup, dnsmasq reads
 .I /etc/dnsmasq.conf,
@@ -2492,7 +2611,9 @@ file/directory, permissions).
 5 - Other miscellaneous problem.
 .PP
 11 or greater - a non zero return code was received from the
-lease-script process "init" call. The exit code from dnsmasq is the
+lease-script process "init" call or a
+.B \--conf-script
+file. The exit code from dnsmasq is the
 script's exit code with 10 added. 
 
 .SH LIMITS
diff --git a/po/de.po b/po/de.po
index 9cd48ee..da73f52 100644
--- a/po/de.po
+++ b/po/de.po
@@ -2,7 +2,7 @@
 #
 # This revised version is (C) Copyright by
 # Matthias Andree <matthias.andree@gmx.de>, 2010 - 2021.
-# Conrad Kostecki <ck@conrad-kostecki.de>, 2014 - 2020.
+# Conrad Kostecki <conrad@kostecki.com>, 2014 - 2022.
 # It is subject to the GNU General Public License v2,
 # or at your option, any later version.
 #
@@ -10,84 +10,90 @@
 # Simon Kelley <simon@thekelleys.org.uk>, 2005.
 msgid ""
 msgstr ""
-"Project-Id-Version: dnsmasq 2.85rc2\n"
+"Project-Id-Version: dnsmasq 2.88\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2021-03-20 00:00+0000\n"
-"PO-Revision-Date: 2021-03-27 15:30+0100\n"
-"Last-Translator: Matthias Andree <matthias.andree@gmx.de>\n"
+"PO-Revision-Date: 2022-11-17 20:08+0100\n"
+"Last-Translator: Conrad Kostecki <conrad@kostecki.com>\n"
 "Language-Team: German <de@li.org>\n"
 "Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 3.2\n"
 
-#: cache.c:572
+#: cache.c:652
 msgid "Internal error in cache."
 msgstr "Interner Fehler im Cache."
 
-#: cache.c:1094
+#: cache.c:1179
 #, c-format
 msgid "failed to load names from %s: %s"
 msgstr "Fehler beim Laden der Namen von %s: %s"
 
-#: cache.c:1116 dhcp.c:931
+#: cache.c:1201 dhcp.c:943
 #, c-format
 msgid "bad address at %s line %d"
 msgstr "Fehlerhafte Adresse in %s Zeile %d"
 
-#: cache.c:1169 dhcp.c:947
+#: cache.c:1254 dhcp.c:959
 #, c-format
 msgid "bad name at %s line %d"
 msgstr "Fehlerhafter Name in %s Zeile %d"
 
-#: cache.c:1180 dhcp.c:1022
-#, c-format
-msgid "read %s - %d addresses"
+#: cache.c:1265
+#, fuzzy, c-format
+msgid "read %s - %d names"
 msgstr "%s gelesen - %d Adressen"
 
-#: cache.c:1296
+#: cache.c:1381
 msgid "cleared cache"
 msgstr "Cache geleert"
 
-#: cache.c:1358
+#: cache.c:1445
 #, c-format
 msgid "No IPv4 address found for %s"
 msgstr "Keine IPv4-Adresse für %s gefunden"
 
-#: cache.c:1404
+#: cache.c:1491
 #, c-format
 msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
 msgstr "%s ist ein CNAME, weise es der DHCP-Lease von %s nicht zu"
 
-#: cache.c:1428
+#: cache.c:1515
 #, c-format
 msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
 msgstr "Name %s wurde dem DHCP-Lease von %s nicht zugewiesen, da der Name in %s bereits mit Adresse %s existiert"
 
-#: cache.c:1674
+#: cache.c:1760
 #, c-format
 msgid "time %lu"
 msgstr "Zeit %lu"
 
-#: cache.c:1675
+#: cache.c:1761
 #, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
 msgstr "Cache Größe %d, %d/%d Cache-Einfügungen verwendeten nicht abgelaufene Cache-Einträge wieder."
 
-#: cache.c:1677
+#: cache.c:1763
 #, c-format
 msgid "queries forwarded %u, queries answered locally %u"
 msgstr "weitergeleitete Anfragen %u, lokal beantwortete Anfragen %u"
 
-#: cache.c:1680
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
 #, c-format
 msgid "queries for authoritative zones %u"
 msgstr "Anfragen nach autoritativen Zonen %u"
 
-#: cache.c:1702
-#, c-format
-msgid "server %s#%d: queries sent %u, retried or failed %u"
+#: cache.c:1796
+#, fuzzy, c-format
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
 msgstr "Server %s#%d: Anfragen gesendet %u, erneut versucht oder fehlgeschlagen %u"
 
 #: util.c:51
@@ -95,738 +101,788 @@ msgstr "Server %s#%d: Anfragen gesendet %u, erneut versucht oder fehlgeschlagen
 msgid "failed to seed the random number generator: %s"
 msgstr "Konnte den Zufallszahlengenerator nicht initialisieren: %s"
 
-#: util.c:228
+#: util.c:246
 msgid "failed to allocate memory"
 msgstr "Konnte Speicher nicht belegen"
 
-#: util.c:285 option.c:665
+#: util.c:305 option.c:696
 msgid "could not get memory"
 msgstr "Speicher nicht verfügbar"
 
-#: util.c:306
+#: util.c:326
 #, c-format
 msgid "cannot create pipe: %s"
 msgstr "Konnte Pipe nicht erzeugen: %s"
 
-#: util.c:314
+#: util.c:334
 #, c-format
 msgid "failed to allocate %d bytes"
 msgstr "Konnte %d Bytes nicht belegen"
 
+#: util.c:344
+#, fuzzy, c-format
+msgid "failed to reallocate %d bytes"
+msgstr "Konnte %d Bytes nicht belegen"
+
+#: util.c:465
+#, fuzzy, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr "kann Netlink-Socket nicht erzeugen: %s"
+
 # @Simon: not perfect but I cannot get nearer right now.
-#: util.c:520
+#: util.c:579
 #, c-format
 msgid "infinite"
 msgstr "unendlich"
 
-#: util.c:808
+#: util.c:867
 #, c-format
 msgid "failed to find kernel version: %s"
 msgstr "konnte Kernelversion nicht finden: %s"
 
-#: option.c:372
+#: option.c:393
 msgid "Specify local address(es) to listen on."
 msgstr "Lokale abzuhörende Adresse(n) angeben."
 
-#: option.c:373
+#: option.c:394
 msgid "Return ipaddr for all hosts in specified domains."
 msgstr "IP-Adresse für alle Hosts in angegebenen Domänen festlegen."
 
-#: option.c:374
+#: option.c:395
 msgid "Fake reverse lookups for RFC1918 private address ranges."
 msgstr "Rückwärtsauflösungen für private Adressbereiche nach RFC1918 falsch erfinden."
 
-#: option.c:375
+#: option.c:396
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
 msgstr "Diese IP-Adresse als NXDOMAIN interpretieren (wehrt \"Suchhilfen\" ab)."
 
-#: option.c:376
+#: option.c:397
 #, c-format
 msgid "Specify the size of the cache in entries (defaults to %s)."
 msgstr "Größe des Caches (Zahl der Einträge) festlegen (Voreinstellung: %s)."
 
-#: option.c:377
+#: option.c:398
 #, c-format
 msgid "Specify configuration file (defaults to %s)."
 msgstr "Konfigurationsdatei festlegen (Voreinstellung: %s)."
 
-#: option.c:378
+#: option.c:399
 msgid "Do NOT fork into the background: run in debug mode."
 msgstr "NICHT in den Hintergrund gehen: Betrieb im Debug-Modus."
 
-#: option.c:379
+#: option.c:400
 msgid "Do NOT forward queries with no domain part."
 msgstr "Anfragen ohne Domänen-Teil NICHT weiterschicken."
 
-#: option.c:380
+#: option.c:401
 msgid "Return self-pointing MX records for local hosts."
 msgstr "Für lokale Einträge MX-Einträge liefern, die auf sich selbst zeigen."
 
-#: option.c:381
+#: option.c:402
 msgid "Expand simple names in /etc/hosts with domain-suffix."
 msgstr "Einfache Namen in /etc/hosts um Domänen-Endung erweitern."
 
-#: option.c:382
+#: option.c:403
 msgid "Don't forward spurious DNS requests from Windows hosts."
 msgstr "Unberechtigte DNS-Anfragen von Windows-Rechnern nicht weiterleiten."
 
-#: option.c:383
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr ""
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr ""
+
+#: option.c:406
 msgid "Enable DHCP in the range given with lease duration."
 msgstr "DHCP für angegebenen Bereich und Lease-Dauer einschalten."
 
-#: option.c:384
+#: option.c:407
 #, c-format
 msgid "Change to this group after startup (defaults to %s)."
 msgstr "Nach dem Start in diese Benutzergruppe wechseln (Voreinstellung %s)."
 
-#: option.c:385
+#: option.c:408
 msgid "Set address or hostname for a specified machine."
 msgstr "Adresse oder Hostnamen für einen angegebenen Computer setzen."
 
-#: option.c:386
+#: option.c:409
 msgid "Read DHCP host specs from file."
 msgstr "DHCP-Host-Angaben aus Datei lesen."
 
-#: option.c:387
+#: option.c:410
 msgid "Read DHCP option specs from file."
 msgstr "DHCP-Optionen aus Datei lesen."
 
-#: option.c:388
+#: option.c:411
 msgid "Read DHCP host specs from a directory."
 msgstr "DHCP-Host-Angaben aus einem Verzeichnis lesen."
 
-#: option.c:389
+#: option.c:412
 msgid "Read DHCP options from a directory."
 msgstr "DHCP-Optionen aus einem Verzeichnis lesen."
 
-#: option.c:390
+#: option.c:413
 msgid "Evaluate conditional tag expression."
 msgstr "Auswertung eines Ausdrucks bedingter Marken."
 
-#: option.c:391
+#: option.c:414
 #, c-format
 msgid "Do NOT load %s file."
 msgstr "%s-Datei NICHT laden."
 
-#: option.c:392
+#: option.c:415
 #, c-format
 msgid "Specify a hosts file to be read in addition to %s."
 msgstr "Hosts-Datei festlegen, die zusätzlich zu %s gelesen wird."
 
-#: option.c:393
+#: option.c:416
 msgid "Read hosts files from a directory."
 msgstr "DHCP-Host-Dateien aus einem Verzeichnis lesen."
 
-#: option.c:394
+#: option.c:417
 msgid "Specify interface(s) to listen on."
 msgstr "Schnittstelle(n) zum Empfang festlegen."
 
-#: option.c:395
+#: option.c:418
 msgid "Specify interface(s) NOT to listen on."
 msgstr "Schnittstelle(n) festlegen, die NICHT empfangen sollen."
 
-#: option.c:396
+#: option.c:419
 msgid "Map DHCP user class to tag."
 msgstr "DHCP-Benutzerklasse auf Marke abbilden."
 
-#: option.c:397
+#: option.c:420
 msgid "Map RFC3046 circuit-id to tag."
 msgstr "RFC3046 \"circuit-id\" auf Marke abbilden."
 
-#: option.c:398
+#: option.c:421
 msgid "Map RFC3046 remote-id to tag."
 msgstr "RFC3046 \"remote-id\" auf Marke abbilden."
 
-#: option.c:399
+#: option.c:422
 msgid "Map RFC3993 subscriber-id to tag."
 msgstr "RFC3993 \"subscriber-id\" auf Marke abbilden."
 
-#: option.c:400
+#: option.c:423
 msgid "Specify vendor class to match for PXE requests."
-msgstr "Herstellerklasse für Vergleich von PXE-Anforderungen angeben"
+msgstr "Herstellerklasse für Vergleich von PXE-Anforderungen angeben."
 
-#: option.c:401
+#: option.c:424
 msgid "Don't do DHCP for hosts with tag set."
 msgstr "Kein DHCP für Hosts mit gesetzter Marke verwenden."
 
-#: option.c:402
+#: option.c:425
 msgid "Force broadcast replies for hosts with tag set."
 msgstr "Antwort per Broadcast für Hosts mit gesetzter Marke erzwingen."
 
-#: option.c:403
+#: option.c:426
 msgid "Do NOT fork into the background, do NOT run in debug mode."
 msgstr "NICHT in den Hintergrund wechseln, NICHT im Debug-Modus laufen."
 
-#: option.c:404
+#: option.c:427
 msgid "Assume we are the only DHCP server on the local network."
 msgstr "Unterstellen, dass wir der einzige DHCP-Server im lokalen Netz sind."
 
-#: option.c:405
+#: option.c:428
 #, c-format
 msgid "Specify where to store DHCP leases (defaults to %s)."
 msgstr "Festlegen, wo DHCP-Leases gespeichert werden (Voreinstellung %s)."
 
-#: option.c:406
+#: option.c:429
 msgid "Return MX records for local hosts."
 msgstr "MX-Einträge für lokale Hosts liefern."
 
-#: option.c:407
+#: option.c:430
 msgid "Specify an MX record."
 msgstr "Einen MX-Eintrag festlegen."
 
-#: option.c:408
+#: option.c:431
 msgid "Specify BOOTP options to DHCP server."
 msgstr "BOOTP-Optionen für DHCP-Server festlegen."
 
-#: option.c:409
+#: option.c:432
 #, c-format
 msgid "Do NOT poll %s file, reload only on SIGHUP."
 msgstr "%s-Datei NICHT abfragen, nur bei SIGHUP neu laden."
 
-#: option.c:410
+#: option.c:433
 msgid "Do NOT cache failed search results."
 msgstr "Fehlerhafte Suchergebnisse NICHT zwischenspeichern."
 
-#: option.c:411
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
+#: option.c:435
 #, c-format
 msgid "Use nameservers strictly in the order given in %s."
 msgstr "Namensserver streng in der in %s angegebenen Reihenfolge verwenden."
 
-#: option.c:412
+#: option.c:436
 msgid "Specify options to be sent to DHCP clients."
 msgstr "Optionen festlegen, die an DHCP-Klienten gesendet werden."
 
-#: option.c:413
+#: option.c:437
 msgid "DHCP option sent even if the client does not request it."
 msgstr "DHCP-Option, die selbst ohne Klientenanfrage gesendet wird."
 
-#: option.c:414
+#: option.c:438
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
 msgstr "Port zum Empfangen der DNS-Anfragen festlegen (53 voreingestellt)."
 
-#: option.c:415
+#: option.c:439
 #, c-format
 msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
 msgstr "Maximale unterstützte UDP-Paketgröße für EDNS.0 (Voreinstellung %s)."
 
-#: option.c:416
+#: option.c:440
 msgid "Log DNS queries."
 msgstr "DNS-Anfragen protokollieren."
 
-#: option.c:417
+#: option.c:441
 msgid "Force the originating port for upstream DNS queries."
 msgstr "Ausgehenden Port für DNS-Anfragen an vorgelagerte Server erzwingen."
 
-#: option.c:418
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
+#: option.c:443
 msgid "Do NOT read resolv.conf."
 msgstr "Die resolv.conf NICHT lesen."
 
-#: option.c:419
+#: option.c:444
 #, c-format
 msgid "Specify path to resolv.conf (defaults to %s)."
 msgstr "Pfad zu resolv.conf festlegen (%s voreingestellt)."
 
-#: option.c:420
+#: option.c:445
 msgid "Specify path to file with server= options"
 msgstr "Pfad für Datei mit server=-Optionen angeben"
 
-#: option.c:421
+#: option.c:446
 msgid "Specify address(es) of upstream servers with optional domains."
 msgstr "Adresse(n) vorgelagerter Server festlegen, optional mit Domänen."
 
-#: option.c:422
+#: option.c:447
 msgid "Specify address of upstream servers for reverse address queries"
 msgstr "Adresse(n) vorgelagerter Server festlegen, für Rückwärtsauflösung"
 
-#: option.c:423
+#: option.c:448
 msgid "Never forward queries to specified domains."
 msgstr "Anfragen für angegebene Domänen niemals weiterleiten."
 
-#: option.c:424
+#: option.c:449
 msgid "Specify the domain to be assigned in DHCP leases."
 msgstr "Domäne festlegen, die für DHCP-Leases zugewiesen wird."
 
-#: option.c:425
+#: option.c:450
 msgid "Specify default target in an MX record."
 msgstr "Voreingestelltes Ziel für MX-Einträge festlegen."
 
-#: option.c:426
+#: option.c:451
 msgid "Specify time-to-live in seconds for replies from /etc/hosts."
 msgstr "Gültigkeitsdauer für Antworten aus /etc/hosts festlegen."
 
-#: option.c:427
+#: option.c:452
 msgid "Specify time-to-live in seconds for negative caching."
 msgstr "Gültigkeitsdauer in Sekunden für Zwischenspeicher negativer Ergebnisse festlegen."
 
-#: option.c:428
+#: option.c:453
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
 msgstr "Gültigkeitsdauer in Sekunden für Caching negativer Ergebnisse festlegen."
 
-#: option.c:429
+#: option.c:454
 msgid "Specify time-to-live ceiling for cache."
 msgstr "Spezifiziere obere Gültigkeitsdauergrenze für Zwischenspeicher."
 
-#: option.c:430
+#: option.c:455
 msgid "Specify time-to-live floor for cache."
 msgstr "Spezifiziere untere Gültigkeitsdauergrenze für Zwischenspeicher."
 
-#: option.c:431
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
+#: option.c:457
 #, c-format
 msgid "Change to this user after startup. (defaults to %s)."
 msgstr "Nach dem Start diese Benutzerrechte annehmen (%s voreingestellt)."
 
-#: option.c:432
+#: option.c:458
 msgid "Map DHCP vendor class to tag."
 msgstr "DHCP-\"vendor class\" auf Marke abbilden."
 
-#: option.c:433
+#: option.c:459
 msgid "Display dnsmasq version and copyright information."
 msgstr "DNSMasq-Version und Urheberrecht anzeigen."
 
-#: option.c:434
+#: option.c:460
 msgid "Translate IPv4 addresses from upstream servers."
 msgstr "IPv4-Adressen von vorgelagerten Servern umsetzen."
 
-#: option.c:435
+#: option.c:461
 msgid "Specify a SRV record."
 msgstr "SRV-Eintrag festlegen."
 
-#: option.c:436
+#: option.c:462
 msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
 msgstr "Diese Hilfe anzeigen. Benutzen Sie --help dhcp oder --help dhcp6 für bekannte DHCP-Optionen."
 
-#: option.c:437
+#: option.c:463
 #, c-format
 msgid "Specify path of PID file (defaults to %s)."
 msgstr "Pfad für Prozesskennungsdatei (PID) festlegen (Voreinstellung: %s)."
 
-#: option.c:438
+#: option.c:464
 #, c-format
 msgid "Specify maximum number of DHCP leases (defaults to %s)."
 msgstr "Höchstzahl der DHCP-Leases festlegen (%s voreingestellt)."
 
-#: option.c:439
+#: option.c:465
 msgid "Answer DNS queries based on the interface a query was sent to."
 msgstr "DNS-Anfragen abhängig der Empfangsschnittstelle beantworten."
 
-#: option.c:440
+#: option.c:466
 msgid "Specify TXT DNS record."
 msgstr "DNS-TXT-Eintrag festlegen."
 
-#: option.c:441
+#: option.c:467
 msgid "Specify PTR DNS record."
 msgstr "DNS-PTR-Eintrag festlegen."
 
-#: option.c:442
+#: option.c:468
 msgid "Give DNS name to IPv4 address of interface."
 msgstr "Schnittstellennamen zur IPv4-Adresse der Schnittstelle auflösen."
 
-#: option.c:443
+#: option.c:469
 msgid "Bind only to interfaces in use."
 msgstr "Nur an verwendete Schnittstellen binden."
 
-#: option.c:444
+#: option.c:470
 #, c-format
 msgid "Read DHCP static host information from %s."
 msgstr "Statische DHCP-Host-Information aus %s lesen."
 
-#: option.c:445
+#: option.c:471
 msgid "Enable the DBus interface for setting upstream servers, etc."
 msgstr "DBus-Schnittstelle zum Festlegen vorgelagerter Server usw. festlegen."
 
-#: option.c:446
+#: option.c:472
 msgid "Enable the UBus interface."
 msgstr "UBus-Schnittstelle aktivieren."
 
-#: option.c:447
+#: option.c:473
 msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr "Auf dieser Schnittstelle kein DHCP anbieten, sondern nur DNS."
 
-#: option.c:448
+#: option.c:474
 msgid "Enable dynamic address allocation for bootp."
 msgstr "Dynamische Adressbelegung für bootp einschalten."
 
-#: option.c:449
+#: option.c:475
 msgid "Map MAC address (with wildcards) to option set."
 msgstr "MAC-Adresse (mit Jokerzeichen) auf Optionenmenge abbilden."
 
-#: option.c:450
+#: option.c:476
 msgid "Treat DHCP requests on aliases as arriving from interface."
 msgstr "DHCP-Anfragen von Alias-Schnittstellen für die Hauptschnittstelle beantworten."
 
-#: option.c:451
+#: option.c:477
 msgid "Specify extra networks sharing a broadcast domain for DHCP"
 msgstr "Geben Sie zusätzliche Netzwerke an, die eine Broadcast-Domäne für DHCP gemeinsam nutzen"
 
-#: option.c:452
+#: option.c:478
 msgid "Disable ICMP echo address checking in the DHCP server."
 msgstr "ICMP-Echo-Adressprüfung im DHCP-Server abschalten."
 
-#: option.c:453
+#: option.c:479
 msgid "Shell script to run on DHCP lease creation and destruction."
 msgstr "Skript, das bei Erzeugung/Löschung einer DHCP-Lease laufen soll."
 
-#: option.c:454
+#: option.c:480
 msgid "Lua script to run on DHCP lease creation and destruction."
 msgstr "Lua-Skript, welches bei Erzeugung/Löschung eines DHCP-Leases laufen soll."
 
-#: option.c:455
+#: option.c:481
 msgid "Run lease-change scripts as this user."
 msgstr "Lease-Änderungs-Skript mit den Rechten dieses Nutzers ausführen."
 
-#: option.c:456
+#: option.c:482
 msgid "Call dhcp-script with changes to local ARP table."
 msgstr "Rufe dhcp-script mit Änderungen an der lokalen ARP-Tabelle auf."
 
-#: option.c:457
+#: option.c:483
 msgid "Read configuration from all the files in this directory."
 msgstr "Konfiguration aus allen Dateien in diesem Verzeichnis lesen."
 
-#: option.c:458
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr ""
+
+#: option.c:485
 msgid "Log to this syslog facility or file. (defaults to DAEMON)"
 msgstr "Für diese Syslog-Anlage oder in Datei loggen (Voreinstellung DAEMON)."
 
-#: option.c:459
+#: option.c:486
 msgid "Do not use leasefile."
 msgstr "Keine Lease-Datei benützen."
 
-#: option.c:460
+#: option.c:487
 #, c-format
 msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
 msgstr "Höchstzahl nebenläufiger DNS-Anfragen (%s voreingestellt)."
 
-#: option.c:461
+#: option.c:488
 #, c-format
 msgid "Clear DNS cache when reloading %s."
 msgstr "DNS-Zwischenspeicher beim Neuladen von %s löschen."
 
-#: option.c:462
+#: option.c:489
 msgid "Ignore hostnames provided by DHCP clients."
 msgstr "Von DHCP-Klienten gelieferte Hostnamen ignorieren."
 
-#: option.c:463
+#: option.c:490
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
 msgstr "Dateinamen und Server-Datenfelder NICHT für zusätzliche DHCP-Optionen wiederverwenden."
 
-#: option.c:464
+#: option.c:491
 msgid "Enable integrated read-only TFTP server."
 msgstr "Eingebauten schreibgeschützten TFTP-Server einschalten."
 
-#: option.c:465
+#: option.c:492
 msgid "Export files by TFTP only from the specified subtree."
 msgstr "Nur vom festgelegten Unterbaum Dateien per TFTP exportieren."
 
-#: option.c:466
+#: option.c:493
 msgid "Add client IP or hardware address to tftp-root."
 msgstr "IP-Adresse oder Hardware-Adresse des Klienten an tftp-root anhängen."
 
-#: option.c:467
+#: option.c:494
 msgid "Allow access only to files owned by the user running dnsmasq."
 msgstr "Zugriff nur auf Dateien gestatten, die dem dnsmasq betreibenden Benutzer gehören."
 
-#: option.c:468
+#: option.c:495
 msgid "Do not terminate the service if TFTP directories are inaccessible."
 msgstr "Den Dienst nicht beenden, wenn die TFTP-Verzeichnisse unerreichbar sind."
 
-#: option.c:469
+#: option.c:496
 #, c-format
 msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
 msgstr "Maximale Anzahl gleichzeitiger TFTP-Übertragungen (%s voreingestellt)."
 
-#: option.c:470
+#: option.c:497
 msgid "Maximum MTU to use for TFTP transfers."
 msgstr "Maximale MTU für TFTP-Übertragungen erreicht."
 
-#: option.c:471
+#: option.c:498
 msgid "Disable the TFTP blocksize extension."
 msgstr "TFTP-Blockgrößen-Erweiterung abschalten."
 
-#: option.c:472
+#: option.c:499
 msgid "Convert TFTP filenames to lowercase"
 msgstr "TFTP-Dateinamen in Kleinschreibung umsetzen"
 
-#: option.c:473
+#: option.c:500
 msgid "Ephemeral port range for use by TFTP transfers."
 msgstr "Bereich für vorübergehende Ports für TFTP-Übertragungen."
 
-#: option.c:474
+#: option.c:501
 msgid "Use only one port for TFTP server."
 msgstr "Bitte nur einen Port für den TFTP-Server nutzen."
 
-#: option.c:475
+#: option.c:502
 msgid "Extra logging for DHCP."
 msgstr "Erweiterte DHCP-Protokollierung."
 
-#: option.c:476
+#: option.c:503
 msgid "Enable async. logging; optionally set queue length."
 msgstr "Asynchrone Protokollierung einschalten, opt. Warteschlangenlänge festlegen."
 
-#: option.c:477
+#: option.c:504
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
 msgstr "DNS-Rebinding unterbinden, private IP-Bereiche bei der Auflösung ausfiltern."
 
-#: option.c:478
+#: option.c:505
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
 msgstr "Auflösung zu 127.0.0.0/8 erlauben, für RBL-Server."
 
-#: option.c:479
+#: option.c:506
 msgid "Inhibit DNS-rebind protection on this domain."
 msgstr "DNS-Rebind-Schutz für diese Domäne aufheben."
 
-#: option.c:480
+#: option.c:507
 msgid "Always perform DNS queries to all servers."
 msgstr "DNS-Anfragen immer an alle Server weiterleiten."
 
-#: option.c:481
+#: option.c:508
 msgid "Set tag if client includes matching option in request."
 msgstr "Marke setzen, wenn Klient eine entsprechende Option anfragt."
 
-#: option.c:482
+#: option.c:509
 msgid "Set tag if client provides given name."
 msgstr "Setzt das Tag, wenn der Client diesen Namen anbietet."
 
-#: option.c:483
+#: option.c:510
 msgid "Use alternative ports for DHCP."
 msgstr "Alternative Ports für DHCP verwenden."
 
-#: option.c:484
+#: option.c:511
 msgid "Specify NAPTR DNS record."
 msgstr "DNS-NAPTR-Eintrag festlegen."
 
-#: option.c:485
+#: option.c:512
 msgid "Specify lowest port available for DNS query transmission."
 msgstr "Niedrigsten verfügbaren Port für Übertragung von DNS-Anfragen festlegen."
 
-#: option.c:486
+#: option.c:513
 msgid "Specify highest port available for DNS query transmission."
 msgstr "Höchsten verfügbaren Port für Übertragung von DNS-Anfragen festlegen."
 
-#: option.c:487
+#: option.c:514
 msgid "Use only fully qualified domain names for DHCP clients."
 msgstr "Für DHCP-Klienten nur vollständig bestimmte Domänennamen benutzen."
 
 # FIXME: probably typo in original message. -- MA
-#: option.c:488
+#: option.c:515
 msgid "Generate hostnames based on MAC address for nameless clients."
 msgstr "Generiere Hostnamen auf Basis der MAC-Adresse für namenlose Klienten."
 
-#: option.c:489
+#: option.c:516
 msgid "Use these DHCP relays as full proxies."
 msgstr "Diese DHCP-Relais als vollwertige Proxies verwenden."
 
-#: option.c:490
+#: option.c:517
 msgid "Relay DHCP requests to a remote server"
 msgstr "Leite DHCP-Anfragen an entfernten Server weiter"
 
-#: option.c:491
+#: option.c:518
 msgid "Specify alias name for LOCAL DNS name."
 msgstr "Alias für LOKALEN DNS-Namen festlegen."
 
-#: option.c:492
+#: option.c:519
 msgid "Prompt to send to PXE clients."
 msgstr "Aufforderung, die an PXE-Klienten geschickt wird."
 
-#: option.c:493
+#: option.c:520
 msgid "Boot service for PXE menu."
 msgstr "Boot-Dienst für PXE-Menü."
 
-#: option.c:494
+#: option.c:521
 msgid "Check configuration syntax."
 msgstr "Konfigurationssyntax prüfen."
 
-#: option.c:495
+#: option.c:522
 msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr "Anfragende MAC-Adresse in die weiterleitende DNS-Anfrage einfügen."
 
-#: option.c:496
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr ""
+
+#: option.c:524
 msgid "Add specified IP subnet to forwarded DNS queries."
 msgstr "Füge spezifiziertes IP-Subnetz an weitergeleiteten DNS-Anfragen hinzu."
 
-#: option.c:497
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr ""
+
+#: option.c:526
 msgid "Add client identification to forwarded DNS queries."
 msgstr "Füge Klient Identifikationan weitergeleiteten DNS-Anfragen hinzu."
 
 # This is a rather liberal translation to convey the purpose.
 # something along "authorize upstream nameservers to validate DNSSEC [for us]"
-#: option.c:498
+#: option.c:527
 msgid "Proxy DNSSEC validation results from upstream nameservers."
 msgstr "Vorgelagerte Namensserver für DNSSEC-Validierung ermächtigen."
 
-#: option.c:499
+#: option.c:528
 msgid "Attempt to allocate sequential IP addresses to DHCP clients."
 msgstr "Versuche, sequenzielle IP-Adressen an DHCP-Klienten zu vergeben."
 
-#: option.c:500
+#: option.c:529
 msgid "Ignore client identifier option sent by DHCP clients."
 msgstr "Ignorieren Sie die von DHCP-Clients gesendete Client-ID-Option."
 
-#: option.c:501
+#: option.c:530
 msgid "Copy connection-track mark from queries to upstream connections."
 msgstr "Kopiere \"connection-track mark\" von Anfragen nach Upstream-Verbindungen."
 
-#: option.c:502
+#: option.c:531
 msgid "Allow DHCP clients to do their own DDNS updates."
 msgstr "Erlaube DHCP-Klienten, ihre eigenen DDNS-Updates durchzuführen."
 
-#: option.c:503
+#: option.c:532
 msgid "Send router-advertisements for interfaces doing DHCPv6"
 msgstr "Sende \"Router-Advertisments\" für Netzwerkschnittstellen, welche DHCPv6 nutzen"
 
-#: option.c:504
+#: option.c:533
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
 msgstr "Spezifiziere DUID_EN-type DHCPv6 Server DUID"
 
-#: option.c:505
+#: option.c:534
 msgid "Specify host (A/AAAA and PTR) records"
 msgstr "Spezifiziere Host (A/AAAA und PTR) Einträge"
 
-#: option.c:506
+#: option.c:535
 msgid "Specify host record in interface subnet"
 msgstr "Host-Eintrag für das Unternetzwerk der Schnittstelle angeben"
 
-#: option.c:507
+#: option.c:536
 msgid "Specify certification authority authorization record"
 msgstr "Autorisierungsdatensatz der Zertifizierungsstelle angeben"
 
-#: option.c:508
+#: option.c:537
 msgid "Specify arbitrary DNS resource record"
 msgstr "Spezifiziere einen beliebiegen DNS Eintrag"
 
-#: option.c:509
+#: option.c:538
 msgid "Bind to interfaces in use - check for new interfaces"
 msgstr "Bindung an Schnittstellen in Benutzung - prüfe auf neue Schnittstellen"
 
-#: option.c:510
+#: option.c:539
 msgid "Export local names to global DNS"
 msgstr "Exportiere lokale Namen in das globale DNS"
 
-#: option.c:511
+#: option.c:540
 msgid "Domain to export to global DNS"
 msgstr "Domain für globales DNS ausgeben"
 
-#: option.c:512
+#: option.c:541
 msgid "Set TTL for authoritative replies"
 msgstr "Setze Gültigkeitsdauer für autoritative Antworten"
 
-#: option.c:513
+#: option.c:542
 msgid "Set authoritative zone information"
 msgstr "Setze autoritative Zoneninformationen"
 
-#: option.c:514
+#: option.c:543
 msgid "Secondary authoritative nameservers for forward domains"
 msgstr "Sekundärer autoritativer Nameserver für weitergeleitete Domains"
 
-#: option.c:515
+#: option.c:544
 msgid "Peers which are allowed to do zone transfer"
 msgstr "Peers, die einen Zonentransfer durchführen dürfen"
 
-#: option.c:516
+#: option.c:545
 msgid "Specify ipsets to which matching domains should be added"
 msgstr "Spezifiziere IPSets, zu denen passende Domains hinzugefügt werden sollen"
 
-#: option.c:517
+#: option.c:546
+#, fuzzy
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr "Spezifiziere IPSets, zu denen passende Domains hinzugefügt werden sollen"
+
+#: option.c:547
 msgid "Enable filtering of DNS queries with connection-track marks."
-msgstr ""
+msgstr "Aktivieren Sie das Filtern von DNS-Abfragen mit \"connection-track\"-Markierungen."
 
-#: option.c:518
+#: option.c:548
 msgid "Set allowed DNS patterns for a connection-track mark."
-msgstr ""
+msgstr "Legen Sie zulässige DNS-Muster für eine \"connection-track\"-Markierung fest."
 
-#: option.c:519
+#: option.c:549
 msgid "Specify a domain and address range for synthesised names"
 msgstr "Spezifiziere eine Domain und Adressbereich für synthetisierte Namen"
 
-#: option.c:520
+#: option.c:550
 msgid "Activate DNSSEC validation"
 msgstr "Aktiviere DNSSEC-Validierung"
 
-#: option.c:521
+#: option.c:551
 msgid "Specify trust anchor key digest."
 msgstr "Spezifiziere Vertrauensursprung (Trust Anchor) der Schlüssel-Prüfdaten (Key Digest)."
 
 # while there is no German manual, mark "not for productive use"
-#: option.c:522
+#: option.c:552
 msgid "Disable upstream checking for DNSSEC debugging."
 msgstr "Deaktiviere die vorgelagerte Prüfung für die DNS-Fehlersuche. (Nicht für produktiven Einsatz!)"
 
-#: option.c:523
+#: option.c:553
 msgid "Ensure answers without DNSSEC are in unsigned zones."
 msgstr "Stellt sicher, dass Antworten ohne DNSSEC sich in einer unsignierten Zone befinden."
 
-#: option.c:524
+#: option.c:554
 msgid "Don't check DNSSEC signature timestamps until first cache-reload"
 msgstr "DNSSEC Signatur-Zeitstempel nicht prüfen, bis erstmalig der Cache neugeladen wird"
 
-#: option.c:525
+#: option.c:555
 msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr "Zeitstempel-Datei für die Verifizierung der Systemuhrzeit für DNSSEC"
 
-#: option.c:526
+#: option.c:556
 msgid "Set MTU, priority, resend-interval and router-lifetime"
 msgstr "Setze MTU, Priorität, Sendewiederholintervall und Router-Lebensdauer"
 
-#: option.c:527
+#: option.c:557
 msgid "Do not log routine DHCP."
 msgstr "Protokolliere kein Routine-DHCP."
 
-#: option.c:528
+#: option.c:558
 msgid "Do not log routine DHCPv6."
 msgstr "Protokolliere kein Routine-DHCPv6."
 
-#: option.c:529
+#: option.c:559
 msgid "Do not log RA."
 msgstr "RA nicht protokollieren."
 
-#: option.c:530
+#: option.c:560
 msgid "Log debugging information."
 msgstr "Debug-(Fehlersuch-)Information protokollieren."
 
-#: option.c:531
+#: option.c:561
 msgid "Accept queries only from directly-connected networks."
 msgstr "Akzeptiere nur Anfragen von direkt verbundenen Netzwerken."
 
-#: option.c:532
+#: option.c:562
 msgid "Detect and remove DNS forwarding loops."
 msgstr "Erkennen und Entfernen von DNS-Weiterleitungsschleifen."
 
-#: option.c:533
+#: option.c:563
 msgid "Ignore DNS responses containing ipaddr."
 msgstr "Ignoriere DNS-Antworten, die ipaddr enthalten."
 
-#: option.c:534
+#: option.c:564
 msgid "Set TTL in DNS responses with DHCP-derived addresses."
 msgstr "Setze TTL in DNS-Antworten mit DHCP-abgeleiteten Adressen."
 
-#: option.c:535
+#: option.c:565
 msgid "Delay DHCP replies for at least number of seconds."
 msgstr "Verzögere DHCP-Antworten mindestens für gegebene Anzahl von Sekunden."
 
-#: option.c:536
+#: option.c:566
 msgid "Enables DHCPv4 Rapid Commit option."
 msgstr "Aktiviert die DHCPv4-\"Rapid Commit\"-Option."
 
-#: option.c:537
+#: option.c:567
 msgid "Path to debug packet dump file"
 msgstr "Pfad zur Paketablagedatei zur Fehlersuche"
 
-#: option.c:538
+#: option.c:568
 msgid "Mask which packets to dump"
 msgstr "Maskiere Pakete, welche abgelegt werden sollen"
 
-#: option.c:539
+#: option.c:569
 msgid "Call dhcp-script when lease expiry changes."
 msgstr "Rufe dhcp-script auf, wenn der Ablauf des Leases sich ändert."
 
-#: option.c:540
+#: option.c:570
 msgid "Send Cisco Umbrella identifiers including remote IP."
-msgstr ""
+msgstr "Senden Sie Cisco Umbrella-Identifikatoren einschließlich der Remote-IP."
 
-#: option.c:541
-#, fuzzy
+#: option.c:571
 msgid "Do not log routine TFTP."
-msgstr "Protokolliere kein Routine-DHCP."
+msgstr "Protokolliere kein Routine-TFTP."
 
-#: option.c:771
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
+#: option.c:802
 #, c-format
 msgid ""
 "Usage: dnsmasq [options]\n"
@@ -835,373 +891,416 @@ msgstr ""
 "Verwendung: dnsmasq [Optionen]\n"
 "\n"
 
-#: option.c:773
+#: option.c:804
 #, c-format
 msgid "Use short options only on the command line.\n"
 msgstr "Auf der Befehlszeile nur kurze Optionen verwenden!\n"
 
-#: option.c:775
+#: option.c:806
 #, c-format
 msgid "Valid options are:\n"
 msgstr "Gültige Optionen sind:\n"
 
-#: option.c:822 option.c:933
+#: option.c:853 option.c:1055
 msgid "bad address"
 msgstr "Fehlerhafte Adresse"
 
-#: option.c:847 option.c:851
+#: option.c:882 option.c:886
 msgid "bad port"
 msgstr "Fehlerhafter Port"
 
-#: option.c:864 option.c:893 option.c:927
+#: option.c:899 option.c:1002 option.c:1048
 msgid "interface binding not supported"
 msgstr "Schnittstellenbindung nicht unterstützt"
 
-#: option.c:888 option.c:922
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
 msgid "interface can only be specified once"
 msgstr "Schnittstelle kann nur einmal angegeben werden"
 
-#: option.c:901 option.c:4362
+#: option.c:1011 option.c:4785
 msgid "bad interface name"
 msgstr "Fehlerhafter Schnittestellenname"
 
-#: option.c:1192
-msgid "inappropriate vendor:"
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
 msgstr ""
 
-#: option.c:1199
+#: option.c:1124
+#, fuzzy
+msgid "bad IPv4 prefix length"
+msgstr "fehlerhafte Präfixlänge"
+
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr "Fehler"
+
+#: option.c:1207
+#, fuzzy
+msgid "bad IPv6 prefix length"
+msgstr "fehlerhafte Präfixlänge"
+
+#: option.c:1467
+msgid "inappropriate vendor:"
+msgstr "Ungeeigneter Anbieter:"
+
+#: option.c:1474
 msgid "inappropriate encap:"
-msgstr ""
+msgstr "Ungeeignete Kapselung:"
 
-#: option.c:1225
+#: option.c:1500
 msgid "unsupported encapsulation for IPv6 option"
 msgstr "Nicht unterstützte Verkapselung für eine IPv6-Option"
 
-#: option.c:1239
+#: option.c:1514
 msgid "bad dhcp-option"
 msgstr "Fehlerhafte DHCP-Option"
 
-#: option.c:1317
+#: option.c:1592
 msgid "bad IP address"
 msgstr "Fehlerhafte IP-Adresse"
 
-#: option.c:1320 option.c:1459 option.c:3551
+#: option.c:1595 option.c:1734 option.c:3928
 msgid "bad IPv6 address"
 msgstr "Fehlerhafte IPv6-Adresse"
 
-#: option.c:1413
+#: option.c:1688
 msgid "bad IPv4 address"
 msgstr "Fehlerhafte IPv4-Adresse"
 
-#: option.c:1486 option.c:1581
+#: option.c:1761 option.c:1856
 msgid "bad domain in dhcp-option"
 msgstr "Fehlerhafte Domäne in DHCP-Option"
 
-#: option.c:1625
+#: option.c:1900
 msgid "dhcp-option too long"
 msgstr "DHCP-Option zu lang"
 
-#: option.c:1632
+#: option.c:1907
 msgid "illegal dhcp-match"
 msgstr "Unzulässige dhcp-match-Option"
 
-#: option.c:1691
+#: option.c:1966
 msgid "illegal repeated flag"
 msgstr "unzulässig wiederholte Markierung"
 
-#: option.c:1699
+#: option.c:1974
 msgid "illegal repeated keyword"
 msgstr "unzulässig wiederholtes Schlüsselwort"
 
-#: option.c:1770 option.c:5080
+#: option.c:2056 option.c:5533
 #, c-format
 msgid "cannot access directory %s: %s"
 msgstr "Kann auf Verzeichnis %s nicht zugreifen: %s"
 
-#: option.c:1816 tftp.c:566 dump.c:68
+#: option.c:2102 tftp.c:573 dump.c:72
 #, c-format
 msgid "cannot access %s: %s"
 msgstr "Kann auf %s nicht zugreifen: %s"
 
-#: option.c:1931
+#: option.c:2219
 msgid "setting log facility is not possible under Android"
 msgstr "Die Einstellung der \"log facility\" kann unter Android nicht gesetzt werden"
 
-#: option.c:1940
+#: option.c:2228
 msgid "bad log facility"
 msgstr "Falsche \"log facility\""
 
-#: option.c:1993
+#: option.c:2281
 msgid "bad MX preference"
 msgstr "fehlerhafte MX-Präferenz-Angabe"
 
-#: option.c:1998
+#: option.c:2289
 msgid "bad MX name"
 msgstr "fehlerhafter MX-Name"
 
-#: option.c:2012
+#: option.c:2304
 msgid "bad MX target"
 msgstr "fehlerhaftes MX-Ziel"
 
-#: option.c:2032
+#: option.c:2324
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
 msgstr "Neuübersetzung mit HAVE_SCRIPT nötig, um Lease-Änderungs-Skripte auszuführen"
 
-#: option.c:2036
+#: option.c:2328
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
 msgstr "Neuübersetzung mit HAVE_LUASCRIPT nötig, um benutzerdefinierte Lua-Skripte auszuführen"
 
-#: option.c:2291 option.c:2327
+#: option.c:2447
 #, fuzzy
+msgid "invalid auth-zone"
+msgstr "unzulässiger Alias-Bereich"
+
+#: option.c:2589 option.c:2621
 msgid "bad prefix length"
-msgstr "fehlerhaftes Präfix"
+msgstr "fehlerhafte Präfixlänge"
 
-#: option.c:2303 option.c:2348 option.c:2398
+#: option.c:2601 option.c:2642 option.c:2696
 msgid "bad prefix"
 msgstr "fehlerhaftes Präfix"
 
-#: option.c:2418
-#, fuzzy
+#: option.c:2716
 msgid "prefix length too small"
-msgstr "Die Präfixlänge muss mindestens 64 sein"
+msgstr "Präfixlänge ist zu klein"
 
-#: option.c:2697
-#, fuzzy
+#: option.c:3010
 msgid "Bad address in --address"
-msgstr "Adresse in Gebrauch"
+msgstr "Fehlerhafte Adresse in --address"
 
-#: option.c:2751
-#, fuzzy
-msgid "bad IPv4 prefix"
-msgstr "fehlerhaftes IPv6-Präfix"
-
-#: option.c:2756 option.c:3569
-msgid "bad IPv6 prefix"
-msgstr "fehlerhaftes IPv6-Präfix"
-
-#: option.c:2777
+#: option.c:3110
 msgid "recompile with HAVE_IPSET defined to enable ipset directives"
 msgstr "Neuübersetzung mit HAVE_IPSET nötig, um IPSet-Direktiven zu aktivieren"
 
-#: option.c:2843 option.c:2861
+#: option.c:3117
 #, fuzzy
-msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
 msgstr "Neuübersetzung mit HAVE_IPSET nötig, um IPSet-Direktiven zu aktivieren"
 
-#: option.c:3119
+#: option.c:3192 option.c:3210
+msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
+msgstr "Neukompilierung mit HAVE_CONNTRACK notwendig, um connmark-allowlist-Direktiven zu aktivieren"
+
+#: option.c:3496
 msgid "bad port range"
 msgstr "falscher Portbereich"
 
-#: option.c:3145
+#: option.c:3522
 msgid "bad bridge-interface"
 msgstr "fehlerhafte Brücken-Schnittstelle"
 
-#: option.c:3189
+#: option.c:3566
 msgid "bad shared-network"
 msgstr "fehlerhaftes geteiltes Netz (shared-network)"
 
-#: option.c:3243
+#: option.c:3620
 msgid "only one tag allowed"
 msgstr "nur eine Marke zulässig"
 
-#: option.c:3264 option.c:3280 option.c:3406 option.c:3414 option.c:3457
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
 msgid "bad dhcp-range"
 msgstr "fehlerhafter DHCP-Bereich"
 
-#: option.c:3298
+#: option.c:3675
 msgid "inconsistent DHCP range"
 msgstr "inkonsistenter DHCP-Bereich"
 
-#: option.c:3364
+#: option.c:3741
 msgid "prefix length must be exactly 64 for RA subnets"
 msgstr "Die Präfixlänge für RA-Subnetze muss genau 64 sein"
 
-#: option.c:3366
+#: option.c:3743
 msgid "prefix length must be exactly 64 for subnet constructors"
 msgstr "Die Präfixlänge für Subnet-Konstruktor muss genau 64 sein"
 
-#: option.c:3369
+#: option.c:3746
 msgid "prefix length must be at least 64"
 msgstr "Die Präfixlänge muss mindestens 64 sein"
 
-#: option.c:3372
+#: option.c:3749
 msgid "inconsistent DHCPv6 range"
 msgstr "Inkonsistenter DHCPv6-Bereich"
 
-#: option.c:3391
+#: option.c:3768
 msgid "prefix must be zero with \"constructor:\" argument"
 msgstr "Präfix muss in Verbindung mit \"constructor:\" Argument Null sein"
 
-#: option.c:3516 option.c:3594
+#: option.c:3893 option.c:3971
 msgid "bad hex constant"
 msgstr "Fehlerhafte Hex-Konstante"
 
-#: option.c:3617
+#: option.c:3946
+msgid "bad IPv6 prefix"
+msgstr "fehlerhaftes IPv6-Präfix"
+
+#: option.c:3994
 #, c-format
 msgid "duplicate dhcp-host IP address %s"
 msgstr "doppelte dhcp-host IP-Adresse %s"
 
-#: option.c:3678
+#: option.c:4056
 msgid "bad DHCP host name"
 msgstr "fehlerhafter DHCP-Hostname"
 
-#: option.c:3764
+#: option.c:4142
 msgid "bad tag-if"
 msgstr "fehlerhafte bedingte Marke (tag-if)"
 
-#: option.c:4107 option.c:4623
+#: option.c:4490 option.c:5046
 msgid "invalid port number"
 msgstr "unzulässige Portnummer"
 
-#: option.c:4163
+#: option.c:4546
 msgid "bad dhcp-proxy address"
 msgstr "Fehlerhafte DHCP-Proxy-Adresse"
 
-#: option.c:4204
+#: option.c:4627
 msgid "Bad dhcp-relay"
 msgstr "Unzulässiges \"dhcp-relay\""
 
-#: option.c:4248
+#: option.c:4671
 msgid "bad RA-params"
 msgstr "fehlerhafte RA-Parameter"
 
-#: option.c:4258
+#: option.c:4681
 msgid "bad DUID"
 msgstr "fehlerhafte DUID"
 
-#: option.c:4292
+#: option.c:4715
 msgid "missing address in alias"
 msgstr "Adresse fehlt in Alias"
 
-#: option.c:4298
+#: option.c:4721
 msgid "invalid alias range"
 msgstr "unzulässiger Alias-Bereich"
 
-#: option.c:4347
+#: option.c:4770
 msgid "missing address in dynamic host"
 msgstr "Adresse fehlt in dynamischem Host"
 
-#: option.c:4362
+#: option.c:4785
 msgid "bad dynamic host"
 msgstr "fehlerhafter dynamischer Host"
 
-#: option.c:4380 option.c:4396
+#: option.c:4803 option.c:4819
 msgid "bad CNAME"
 msgstr "fehlerhafter CNAME"
 
-#: option.c:4404
+#: option.c:4827
 msgid "duplicate CNAME"
 msgstr "doppelter CNAME"
 
-#: option.c:4431
+#: option.c:4854
 msgid "bad PTR record"
 msgstr "fehlerhafter PTR-Eintrag"
 
-#: option.c:4466
+#: option.c:4889
 msgid "bad NAPTR record"
 msgstr "fehlerhafter NAPTR-Eintrag"
 
-#: option.c:4502
+#: option.c:4925
 msgid "bad RR record"
 msgstr "fehlerhafter RR-Eintrag"
 
-#: option.c:4535
+#: option.c:4958
 msgid "bad CAA record"
 msgstr "fehlerhafter CAA-Eintrag"
 
-#: option.c:4564
+#: option.c:4987
 msgid "bad TXT record"
 msgstr "fehlerhafter TXT-Eintrag"
 
-#: option.c:4607
+#: option.c:5030
 msgid "bad SRV record"
 msgstr "fehlerhafter SRV-Eintrag"
 
-#: option.c:4614
+#: option.c:5037
 msgid "bad SRV target"
 msgstr "fehlerhaftes SRV-Ziel"
 
-#: option.c:4633
+#: option.c:5056
 msgid "invalid priority"
 msgstr "unzulässige Priorität"
 
-#: option.c:4638
+#: option.c:5061
 msgid "invalid weight"
 msgstr "unzulässige Wichtung"
 
-#: option.c:4661
+#: option.c:5084
 msgid "Bad host-record"
-msgstr "fehlerhafter \"host-record\""
+msgstr "Fehlerhafter \"host-record\""
 
-#: option.c:4700
+#: option.c:5123
 msgid "Bad name in host-record"
 msgstr "Fehlerhafter Name in \"host-record\""
 
-#: option.c:4742
+#: option.c:5165
 msgid "bad value for dnssec-check-unsigned"
 msgstr "Fehlerhafter Wert für \"dnssec-check-unsigned\""
 
-#: option.c:4778
+#: option.c:5201
 msgid "bad trust anchor"
 msgstr "fehlerhafter Vertrauensursprung (Trust Anchor)"
 
-#: option.c:4794
+#: option.c:5217
 msgid "bad HEX in trust anchor"
 msgstr "fehlerhafter Hexwert in Vertrauensursprung (Trust Anchor)"
 
-#: option.c:4805
+#: option.c:5228
 msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
 msgstr "Nicht unterstützte Option (prüfen Sie, ob DNSMasq mit DHCP/TFTP/DNSSEC/DBus-Unterstützung übersetzt wurde)"
 
-#: option.c:4865
+#: option.c:5290
 msgid "missing \""
 msgstr "fehlende \\\""
 
-#: option.c:4922
+#: option.c:5347
 msgid "bad option"
 msgstr "fehlerhafter Option"
 
-#: option.c:4924
+#: option.c:5349
 msgid "extraneous parameter"
 msgstr "überschüssiger Parameter"
 
-#: option.c:4926
+#: option.c:5351
 msgid "missing parameter"
 msgstr "fehlender Parameter"
 
-#: option.c:4928
+#: option.c:5353
 msgid "illegal option"
 msgstr "unzulässige Option"
 
-#: option.c:4935
-msgid "error"
-msgstr "Fehler"
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
+msgstr ""
 
-#: option.c:4937
+#: option.c:5365
 #, c-format
 msgid " at line %d of %s"
 msgstr " in Zeile %d von %s"
 
-#: option.c:4952 option.c:5229 option.c:5240
+#: option.c:5380 option.c:5683 option.c:5694
 #, c-format
 msgid "read %s"
 msgstr "%s gelesen"
 
-#: option.c:5015 option.c:5162 tftp.c:775
+#: option.c:5446
+#, fuzzy, c-format
+msgid "cannot execute %s: %s"
+msgstr "kann %s nicht erstellen: %s"
+
+#: option.c:5454 option.c:5615 tftp.c:790
 #, c-format
 msgid "cannot read %s: %s"
 msgstr "kann %s nicht lesen: %s"
 
-#: option.c:5316
+#: option.c:5473
+#, fuzzy, c-format
+msgid "error executing %s: %s"
+msgstr "konnte %s nicht ausführen: %s"
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr ""
+
+#: option.c:5775
 msgid "junk found in command line"
 msgstr "Müll in der Kommandozeile gefunden"
 
-#: option.c:5356
+#: option.c:5815
 #, c-format
 msgid "Dnsmasq version %s  %s\n"
 msgstr "Dnsmasq Version %s  %s\n"
 
-#: option.c:5357
+#: option.c:5816
 #, c-format
 msgid ""
 "Compile time options: %s\n"
@@ -1210,652 +1309,690 @@ msgstr ""
 "Kompilierungs-Optionen %s\n"
 "\n"
 
-#: option.c:5358
+#: option.c:5817
 #, c-format
 msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
 msgstr "Für diese Software wird ABSOLUT KEINE GARANTIE gewährt.\n"
 
 # FIXME: this must be one long string! -- MA
-#: option.c:5359
+#: option.c:5818
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
 msgstr "Dnsmasq ist freie Software, und darf unter den Bedingungen der\n"
 
-#: option.c:5360
+#: option.c:5819
 #, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
 msgstr "GNU General Public Lizenz, Version 2 oder 3, weiterverteilt werden.\n"
 
-#: option.c:5377
+#: option.c:5836
 msgid "try --help"
 msgstr "versuchen Sie --help"
 
-#: option.c:5379
+#: option.c:5838
 msgid "try -w"
 msgstr "versuchen Sie -w"
 
-#: option.c:5381
+#: option.c:5840
 #, c-format
 msgid "bad command line options: %s"
 msgstr "fehlerhafte Optionen auf der Befehlszeile: %s"
 
-#: option.c:5450
+#: option.c:5909
 #, c-format
 msgid "CNAME loop involving %s"
 msgstr "CNAME-Schleife mit %s"
 
-#: option.c:5491
+#: option.c:5950
 #, c-format
 msgid "cannot get host-name: %s"
 msgstr "kann Hostnamen nicht ermitteln: %s"
 
-#: option.c:5519
+#: option.c:5978
 msgid "only one resolv.conf file allowed in no-poll mode."
 msgstr "mit -n/--no-poll ist nur eine resolv.conf-Datei zulässig."
 
-#: option.c:5529
+#: option.c:5988
 msgid "must have exactly one resolv.conf to read domain from."
 msgstr "muss genau eine resolv.conf-Datei haben, um die Domäne zu lesen."
 
-#: option.c:5532 network.c:1670 dhcp.c:880
+#: option.c:5991 network.c:1727 dhcp.c:892
 #, c-format
 msgid "failed to read %s: %s"
 msgstr "konnte %s nicht lesen: %s"
 
-#: option.c:5549
+#: option.c:6008
 #, c-format
 msgid "no search directive found in %s"
 msgstr "keine \"search\"-Anweisung in %s gefunden"
 
-#: option.c:5570
+#: option.c:6029
 msgid "there must be a default domain when --dhcp-fqdn is set"
 msgstr "Es muss eine Standard-Domain gesetzt sein, wenn --dhcp-fqdn gesetzt ist"
 
-#: option.c:5579
+#: option.c:6038
 msgid "syntax check OK"
 msgstr "Syntaxprüfung OK"
 
-#: forward.c:104
+#: forward.c:107
 #, c-format
 msgid "failed to send packet: %s"
 msgstr "Paketversand gescheitert: %s"
 
-#: forward.c:601
+#: forward.c:715
 msgid "discarding DNS reply: subnet option mismatch"
 msgstr "Verwerfe DNS Antwort: Subnetoption stimmt nicht überrein"
 
-#: forward.c:666
+#: forward.c:780
 #, c-format
 msgid "nameserver %s refused to do a recursive query"
 msgstr "Namensserver %s hat eine rekursive Anfrage verweigert"
 
-#: forward.c:702
+#: forward.c:826
 #, c-format
 msgid "possible DNS-rebind attack detected: %s"
 msgstr "möglichen DNS-Rebind-Angriff entdeckt: %s"
 
-#: forward.c:1074
+#: forward.c:1239
 #, c-format
 msgid "reducing DNS packet size for nameserver %s to %d"
 msgstr "Reduziere die DNS-Paketgröße für Nameserver %s auf %d"
 
-#: forward.c:1381 forward.c:1910
-msgid "Ignoring query from non-local network"
+#: forward.c:1565
+#, fuzzy, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
+msgstr "Ignoriere Anfrage von auswärtigem Netzwerk"
+
+#: forward.c:2139
+#, fuzzy, c-format
+msgid "ignoring query from non-local network %s"
 msgstr "Ignoriere Anfrage von auswärtigem Netzwerk"
 
-#: forward.c:2198
+#: forward.c:2501
 #, c-format
 msgid "failed to bind server socket to %s: %s"
 msgstr "konnte nicht an Server-Socket für %s binden: %s"
 
-#: forward.c:2494
+#: forward.c:2867
 #, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
 msgstr "Höchstzahl an nebenläufiger DNS-Anfragen erreicht (max. %d)"
 
-#: forward.c:2496
-#, fuzzy, c-format
+#: forward.c:2869
+#, c-format
 msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
-msgstr "Höchstzahl an nebenläufiger DNS-Anfragen erreicht (max. %d)"
+msgstr "Maximale Anzahl gleichzeitiger DNS-Abfragen, die erreicht %s (max. %d)"
 
-#: network.c:670
+#: network.c:700
 #, c-format
 msgid "stopped listening on %s(#%d): %s port %d"
 msgstr "Empfang auf %s(#%d) beendet: %s Port %d"
 
-#: network.c:867
+#: network.c:911
 #, c-format
 msgid "failed to create listening socket for %s: %s"
 msgstr "Konnte Empfangs-Socket für %s nicht erzeugen: %s"
 
-#: network.c:1148
+#: network.c:1192
 #, c-format
 msgid "listening on %s(#%d): %s port %d"
 msgstr "Empfang auf %s(#%d): %s Port %d"
 
-#: network.c:1175
+#: network.c:1219
 #, c-format
 msgid "listening on %s port %d"
 msgstr "Empfang auf %s Port %d"
 
-#: network.c:1208
+#: network.c:1252
 #, c-format
 msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
 msgstr "LOUD WARNING: Empfang auf %s kann die Anfragen auf anderen Schnittstellen als %s akzeptieren"
 
-#: network.c:1215
+#: network.c:1259
 msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
 msgstr "LOUD WARNING: Es sollte --bind-dynamic anstatt --bind-interfaces benutzt werden, um DNS-Verstärkungsangriffe auf diesen Schnittstellen zu unterbinden"
 
-#: network.c:1224
+#: network.c:1268
 #, c-format
 msgid "warning: using interface %s instead"
 msgstr "Warnung: benutze stattdessen Schnittstelle %s"
 
-#: network.c:1233
+#: network.c:1277
 #, c-format
 msgid "warning: no addresses found for interface %s"
 msgstr "Warnung: keine Adressen für die Schnittstelle %s gefunden"
 
-#: network.c:1291
+#: network.c:1335
 #, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
 msgstr "Schnittstelle %s konnte DHCPv6-Multicast-Gruppe nicht beitreten: %s"
 
-#: network.c:1296
+#: network.c:1340
 msgid "try increasing /proc/sys/net/core/optmem_max"
 msgstr "Versuchen Sie, /proc/sys/net/core/optmem_max zu erhöhen"
 
-#: network.c:1492
+#: network.c:1545
 #, c-format
 msgid "failed to bind server socket for %s: %s"
 msgstr "konnte nicht an Server-Socket für %s binden: %s"
 
-#: network.c:1569
+#: network.c:1622
 #, c-format
 msgid "ignoring nameserver %s - local interface"
 msgstr "ignoriere Namensserver %s - lokale Schnittstelle"
 
-#: network.c:1580
+#: network.c:1633
 #, c-format
 msgid "ignoring nameserver %s - cannot make/bind socket: %s"
 msgstr "ignoriere Namensserver %s - kann Socket nicht erzeugen/binden: %s"
 
-#: network.c:1598
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr ""
+
+#: network.c:1654
 msgid "(no DNSSEC)"
 msgstr "(kein DNSSEC)"
 
 # FIXME: this isn't translatable - always provide full strings, do not assemble yourself! -- MA
-#: network.c:1601
+#: network.c:1657
 msgid "unqualified"
 msgstr "unqualifizierte"
 
-#: network.c:1601
+#: network.c:1657
 msgid "names"
 msgstr "Namen"
 
-#: network.c:1603
+#: network.c:1659
 msgid "default"
 msgstr "Standard"
 
-#: network.c:1605
+#: network.c:1661
 msgid "domain"
 msgstr "Domäne"
 
-#: network.c:1607
-#, fuzzy, c-format
+#: network.c:1663
+#, c-format
 msgid "using nameserver %s#%d for %s %s%s %s"
-msgstr "Benutze Namensserver %s#%d für %s %s %s"
+msgstr "benutze Namensserver %s#%d für %s %s%s %s"
 
-#: network.c:1611
+#: network.c:1667
 #, c-format
 msgid "NOT using nameserver %s#%d - query loop detected"
 msgstr "Benutze Namensserver %s#%d NICHT - Anfragenschleife festgetellt"
 
-#: network.c:1614
+#: network.c:1670
 #, c-format
 msgid "using nameserver %s#%d(via %s)"
 msgstr "Benutze Namensserver %s#%d(via %s)"
 
-#: network.c:1616
+#: network.c:1672
 #, c-format
 msgid "using nameserver %s#%d"
 msgstr "Benutze Namensserver %s#%d"
 
-#: network.c:1630
-#, fuzzy, c-format
+#: network.c:1687
+#, c-format
 msgid "using only locally-known addresses for %s"
-msgstr "Benutze nur lokal-bekannte Adressen für %s %s"
+msgstr "benutze nur lokal-bekannte Adressen für %s"
 
-#: network.c:1633
-#, fuzzy, c-format
+#: network.c:1690
+#, c-format
 msgid "using standard nameservers for %s"
-msgstr "Benutze standard Namensserver für %s %s"
+msgstr "benutze standard Namensserver für %s"
 
-#: network.c:1637
+#: network.c:1694
 #, c-format
 msgid "using %d more local addresses"
 msgstr "Benutze weitere %d lokale Adressen"
 
-#: network.c:1639
+#: network.c:1696
 #, c-format
 msgid "using %d more nameservers"
 msgstr "Benutze weitere %d Namensserver"
 
-#: dnsmasq.c:184
+#: dnsmasq.c:192
 msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
 msgstr "dhcp-hostsdir, dhcp-optsdir und hostsdir werden auf dieser Plattform nicht unterstüzt"
 
-#: dnsmasq.c:199
+#: dnsmasq.c:207
 msgid "no root trust anchor provided for DNSSEC"
 msgstr "Keine Root-Vertrauensanker (Root Trust Anchor) für DNSSEC verfügbar"
 
-#: dnsmasq.c:202
+#: dnsmasq.c:210
 msgid "cannot reduce cache size from default when DNSSEC enabled"
 msgstr "Kann die Standard-Zwischenspeichergröße nicht verkleinern, wenn DNSSEC aktiviert ist"
 
-#: dnsmasq.c:204
+#: dnsmasq.c:212
 msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
 msgstr "DNSSEC nicht verfügbar: setzen Sie HAVE_DNSSEC in src/config.h"
 
-#: dnsmasq.c:210
+#: dnsmasq.c:218
 msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
 msgstr "TFTP-Server nicht verfügbar, setzen Sie HAVE_TFTP in src/config.h"
 
-#: dnsmasq.c:217
+#: dnsmasq.c:225
 msgid "cannot use --conntrack AND --query-port"
 msgstr "Kann nicht --conntrack UND --query-port einsetzen"
 
-#: dnsmasq.c:223
+#: dnsmasq.c:231
 msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
 msgstr "Conntrack-Unterstützung nicht verfügbar: Aktivieren Sie HAVE_CONNTRACK in src/config.h"
 
-#: dnsmasq.c:228
+#: dnsmasq.c:236
 msgid "asynchronous logging is not available under Solaris"
 msgstr "asynchrone Protokollierung ist unter Solaris nicht verfügbar"
 
-#: dnsmasq.c:233
+#: dnsmasq.c:241
 msgid "asynchronous logging is not available under Android"
 msgstr "Asynchrone Protokollierung ist unter Android nicht verfügbar"
 
-#: dnsmasq.c:238
+#: dnsmasq.c:246
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
 msgstr "Autoritatives DNS nicht verfügbar: Setzen Sie HAVE_AUTH in src/config.h"
 
-#: dnsmasq.c:243
+#: dnsmasq.c:251
 msgid "loop detection not available: set HAVE_LOOP in src/config.h"
 msgstr "Loop-Erkennung nicht verfügbar, aktivieren Sie HAVE_LOOP in src/config.h"
 
-#: dnsmasq.c:248
+#: dnsmasq.c:256
 msgid "Ubus not available: set HAVE_UBUS in src/config.h"
 msgstr "UBus nicht verfügbar: setzen Sie HAVE_UBUS in src/config.h"
 
-#: dnsmasq.c:259
+#: dnsmasq.c:267
 msgid "max_port cannot be smaller than min_port"
 msgstr "max_port darf nicht kleiner als min_port sein"
 
-#: dnsmasq.c:266
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
 msgid "--auth-server required when an auth zone is defined."
 msgstr "--auth-server ist notwendig, wenn eine Auth-Zone definiert ist."
 
-#: dnsmasq.c:271
+#: dnsmasq.c:283
 msgid "zone serial must be configured in --auth-soa"
 msgstr "Seriennummer der Zone muss mit --auth-soa konfiguriert werden"
 
-#: dnsmasq.c:291
+#: dnsmasq.c:303
 msgid "dhcp-range constructor not available on this platform"
 msgstr "dhcp-range-Konstruktor ist auf dieser Plattform nicht verfügbar"
 
-#: dnsmasq.c:355
+#: dnsmasq.c:377
 msgid "cannot set --bind-interfaces and --bind-dynamic"
 msgstr "Kann nicht --bind-interfaces und --bind-dynamic setzen"
 
-#: dnsmasq.c:358
+#: dnsmasq.c:380
 #, c-format
 msgid "failed to find list of interfaces: %s"
 msgstr "konnte Schnitstellenliste nicht auffinden: %s"
 
-#: dnsmasq.c:367
+#: dnsmasq.c:389
 #, c-format
 msgid "unknown interface %s"
 msgstr "unbekannte Schnittstelle %s"
 
-#: dnsmasq.c:437
+#: dnsmasq.c:396
+#, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr "kann SO_BINDTODEVICE für DHCP-Socket nicht aktivieren: %s"
+
+#: dnsmasq.c:440
 msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
 msgstr "Paketmitschnitt nicht verfügbar: setzen Sie HAVE_DUMP in src/config.h"
 
-#: dnsmasq.c:445 dnsmasq.c:1207
+#: dnsmasq.c:448 dnsmasq.c:1232
 #, c-format
 msgid "DBus error: %s"
 msgstr "DBus-Fehler: %s"
 
-#: dnsmasq.c:448
+#: dnsmasq.c:451
 msgid "DBus not available: set HAVE_DBUS in src/config.h"
 msgstr "DBus nicht verfügbar: setzen Sie HAVE_DBUS in src/config.h"
 
-#: dnsmasq.c:456 dnsmasq.c:1228
-#, fuzzy, c-format
+#: dnsmasq.c:459 dnsmasq.c:1253
+#, c-format
 msgid "UBus error: %s"
-msgstr "DBus-Fehler: %s"
+msgstr "UBus-Fehler: %s"
 
-#: dnsmasq.c:459
+#: dnsmasq.c:462
 msgid "UBus not available: set HAVE_UBUS in src/config.h"
 msgstr "UBus nicht verfügbar: setzen Sie HAVE_UBUS in src/config.h"
 
-#: dnsmasq.c:489
+#: dnsmasq.c:492
 #, c-format
 msgid "unknown user or group: %s"
 msgstr "Unbekannter Benutzer oder Gruppe: %s"
 
-#: dnsmasq.c:565
+#: dnsmasq.c:568
 #, c-format
 msgid "process is missing required capability %s"
 msgstr "Prozess benötigt verlangte Fähigkeit %s"
 
-#: dnsmasq.c:597
+#: dnsmasq.c:600
 #, c-format
 msgid "cannot chdir to filesystem root: %s"
 msgstr "kann nicht ins Wurzelverzeichnis des Dateisystems wechseln: %s"
 
 # FIXME: this and the next would need commas after the version
-#: dnsmasq.c:845
+#: dnsmasq.c:852
 #, c-format
 msgid "started, version %s DNS disabled"
 msgstr "gestartet, Version %s, DNS abgeschaltet"
 
-#: dnsmasq.c:850
+#: dnsmasq.c:857
 #, c-format
 msgid "started, version %s cachesize %d"
 msgstr "gestartet, Version %s, Zwischenspeichergröße %d"
 
-#: dnsmasq.c:852
+#: dnsmasq.c:859
 msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
 msgstr "Eine Cachegröße größer als 10000 kann Performanceprobleme verursachen und Nutzen ist wenig wahrscheinlich."
 
-#: dnsmasq.c:855
+#: dnsmasq.c:862
 #, c-format
 msgid "started, version %s cache disabled"
 msgstr "Gestartet, Version %s, Zwischenspeicher deaktiviert"
 
-#: dnsmasq.c:858
+#: dnsmasq.c:865
 msgid "DNS service limited to local subnets"
 msgstr "DNS-Dienst auf Unternetze eingeschränkt"
 
-#: dnsmasq.c:861
+#: dnsmasq.c:868
 #, c-format
 msgid "compile time options: %s"
 msgstr "Optionen bei Übersetzung: %s"
 
-#: dnsmasq.c:870
+#: dnsmasq.c:877
 msgid "DBus support enabled: connected to system bus"
 msgstr "DBus-Unterstützung eingeschaltet: mit Systembus verbunden"
 
-#: dnsmasq.c:872
+#: dnsmasq.c:879
 msgid "DBus support enabled: bus connection pending"
 msgstr "DBus-Unterstützung eingeschaltet: warte auf Systembus-Verbindung"
 
-#: dnsmasq.c:880
+#: dnsmasq.c:887
 msgid "UBus support enabled: connected to system bus"
 msgstr "UBus-Unterstützung aktiviert: mit Systembus verbunden"
 
-#: dnsmasq.c:882
+#: dnsmasq.c:889
 msgid "UBus support enabled: bus connection pending"
 msgstr "UBus-Unterstützung aktiviert: Bus-Verbindung wird hergestellt"
 
-#: dnsmasq.c:902
+#: dnsmasq.c:909
 msgid "DNSSEC validation enabled but all unsigned answers are trusted"
 msgstr "DNSSEC-Validierung aktiviert, jedoch wird allen unsignierten Antworten vertraut"
 
-#: dnsmasq.c:904
+#: dnsmasq.c:911
 msgid "DNSSEC validation enabled"
 msgstr "DNSSEC-Validierung aktiviert"
 
-#: dnsmasq.c:908
+#: dnsmasq.c:915
 msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
 msgstr "DNSSEC-Signatur-Zeitstempel werden erst nach Empfang von SIGINT überprüft"
 
-#: dnsmasq.c:911
+#: dnsmasq.c:918
 msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr "DNSSEC Signatur-Zeitstempel werden erst überprüft, sobald die Systemuhrzeit gültig ist"
 
-#: dnsmasq.c:914
+#: dnsmasq.c:921
 #, c-format
 msgid "configured with trust anchor for %s keytag %u"
 msgstr "konfiguriert mit Vertrauensanker für %s Schlüsselanhänger %u"
 
-#: dnsmasq.c:920
+#: dnsmasq.c:927
 #, c-format
 msgid "warning: failed to change owner of %s: %s"
 msgstr "Warnung: konnte den Besitzer von %s nicht ändern: %s"
 
-#: dnsmasq.c:924
+#: dnsmasq.c:932
 msgid "setting --bind-interfaces option because of OS limitations"
 msgstr "Aktiviere --bind-interfaces wegen Einschränkungen des Betriebssystems"
 
-#: dnsmasq.c:936
+#: dnsmasq.c:945
 #, c-format
 msgid "warning: interface %s does not currently exist"
 msgstr "Warnung: Schnittstelle %s existiert derzeit nicht"
 
-#: dnsmasq.c:941
+#: dnsmasq.c:950
 msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr "Warnung: Ignoriere \"resolv-file\", weil \"no-resolv\" aktiv ist"
 
-#: dnsmasq.c:944
+#: dnsmasq.c:953
 msgid "warning: no upstream servers configured"
 msgstr "Warnung: keine vorgeschalteten Server konfiguriert"
 
-#: dnsmasq.c:948
+#: dnsmasq.c:957
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
 msgstr "asynchrone Protokollierung eingeschaltet, Warteschlange fasst %d Nachrichten"
 
-#: dnsmasq.c:969
+#: dnsmasq.c:978
 msgid "IPv6 router advertisement enabled"
 msgstr "IPv6-Router-Advertisement aktiviert"
 
-#: dnsmasq.c:974
+#: dnsmasq.c:983
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
 msgstr "DHCP, Sockets exklusiv an die Schnittstelle %s gebunden"
 
 # FIXME: this and the next few must be full strings to be translatable - do not assemble in code"
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "root is "
 msgstr "Wurzel ist "
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "enabled"
 msgstr "Aktiviert"
 
-#: dnsmasq.c:993
+#: dnsmasq.c:1002
 msgid "secure mode"
 msgstr "sicherer Modus"
 
-#: dnsmasq.c:994
+#: dnsmasq.c:1003
 msgid "single port mode"
 msgstr "Einzelport-Modus"
 
-#: dnsmasq.c:997
+#: dnsmasq.c:1006
 #, c-format
 msgid "warning: %s inaccessible"
 msgstr "Warnung: %s unerreichbar"
 
-#: dnsmasq.c:1001
+#: dnsmasq.c:1010
 #, c-format
 msgid "warning: TFTP directory %s inaccessible"
 msgstr "Warnung: Das TFTP-Verzeichnis %s ist unerreichbar"
 
-#: dnsmasq.c:1027
+#: dnsmasq.c:1036
 #, c-format
 msgid "restricting maximum simultaneous TFTP transfers to %d"
 msgstr "Begrenze gleichzeitige TFTP-Übertragungen auf maximal %d"
 
-#: dnsmasq.c:1204
+#: dnsmasq.c:1095
+#, fuzzy, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr "Fehler beim Senden des DHCP-Pakets an %s: %s"
+
+#: dnsmasq.c:1229
 msgid "connected to system DBus"
 msgstr "Mit System-DBus verbunden"
 
-#: dnsmasq.c:1225
-#, fuzzy
+#: dnsmasq.c:1250
 msgid "connected to system UBus"
-msgstr "Mit System-UBus verbunden"
+msgstr "mit System-UBus verbunden"
 
-#: dnsmasq.c:1391
+#: dnsmasq.c:1416
 #, c-format
 msgid "cannot fork into background: %s"
 msgstr "kann nicht in den Hintergrund abspalten: %s"
 
-#: dnsmasq.c:1395
+#: dnsmasq.c:1420
 #, c-format
 msgid "failed to create helper: %s"
 msgstr "kann Helfer nicht erzeugen: %s"
 
-#: dnsmasq.c:1399
+#: dnsmasq.c:1424
 #, c-format
 msgid "setting capabilities failed: %s"
 msgstr "kann \"capabilities\" nicht setzen: %s"
 
-#: dnsmasq.c:1403
+#: dnsmasq.c:1428
 #, c-format
 msgid "failed to change user-id to %s: %s"
 msgstr "Kann nicht Benutzerrechte %s annehmen: %s"
 
-#: dnsmasq.c:1407
+#: dnsmasq.c:1432
 #, c-format
 msgid "failed to change group-id to %s: %s"
 msgstr "Kann nicht Gruppenrechte %s annehmen: %s"
 
-#: dnsmasq.c:1411
+#: dnsmasq.c:1436
 #, c-format
 msgid "failed to open pidfile %s: %s"
 msgstr "kann die Prozessidentifikations-(PID)-Datei %s nicht öffnen: %s"
 
-#: dnsmasq.c:1415
+#: dnsmasq.c:1440
 #, c-format
 msgid "cannot open log %s: %s"
 msgstr "Kann Logdatei %s nicht öffnen: %s"
 
-#: dnsmasq.c:1419
+#: dnsmasq.c:1444
 #, c-format
 msgid "failed to load Lua script: %s"
 msgstr "Konnte Lua-Script nicht laden: %s"
 
-#: dnsmasq.c:1423
+#: dnsmasq.c:1448
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
 msgstr "Das TFTP-Verzeichnis %s ist unerreichbar: %s"
 
-#: dnsmasq.c:1427
+#: dnsmasq.c:1452
 #, c-format
 msgid "cannot create timestamp file %s: %s"
 msgstr "Kann keine Zeitstempel-Datei %s erzeugen: %s"
 
-#: dnsmasq.c:1511
+#: dnsmasq.c:1536
 #, c-format
 msgid "script process killed by signal %d"
 msgstr "Skriptprozess durch Signal %d beendet"
 
-#: dnsmasq.c:1515
+#: dnsmasq.c:1540
 #, c-format
 msgid "script process exited with status %d"
 msgstr "Scriptprozess hat sich mit Status %d beendet"
 
-#: dnsmasq.c:1519
+#: dnsmasq.c:1544
 #, c-format
 msgid "failed to execute %s: %s"
 msgstr "konnte %s nicht ausführen: %s"
 
-#: dnsmasq.c:1559
+#: dnsmasq.c:1584
 msgid "now checking DNSSEC signature timestamps"
 msgstr "Prüfe jetzt Zeitstempel der DNSSEC-Signaturen"
 
-#: dnsmasq.c:1594 dnssec.c:160 dnssec.c:204
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
 #, c-format
 msgid "failed to update mtime on %s: %s"
 msgstr "kann die mtime nicht auf %s aktualisieren: %s"
 
-#: dnsmasq.c:1606
+#: dnsmasq.c:1631
 msgid "exiting on receipt of SIGTERM"
 msgstr "beende nach Empfang von SIGTERM"
 
-#: dnsmasq.c:1634
+#: dnsmasq.c:1659
 #, c-format
 msgid "failed to access %s: %s"
 msgstr "konnte auf %s nicht zugreifen: %s"
 
-#: dnsmasq.c:1664
+#: dnsmasq.c:1690
 #, c-format
 msgid "reading %s"
 msgstr "lese %s"
 
-#: dnsmasq.c:1675
+#: dnsmasq.c:1706
 #, c-format
 msgid "no servers found in %s, will retry"
 msgstr "keine Server in %s gefunden, werde nochmal versuchen"
 
-#: dhcp.c:53
+#: dhcp.c:51
 #, c-format
 msgid "cannot create DHCP socket: %s"
 msgstr "kann DHCP-Socket nicht erzeugen: %s"
 
-#: dhcp.c:68
+#: dhcp.c:66
 #, c-format
 msgid "failed to set options on DHCP socket: %s"
 msgstr "kann Optionen für DHCP-Socket nicht setzen: %s"
 
-#: dhcp.c:89
+#: dhcp.c:87
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
 msgstr "kann SO_REUSE{ADDR|PORT} für DHCP-Socket nicht aktivieren: %s"
 
-#: dhcp.c:101
+#: dhcp.c:99
 #, c-format
 msgid "failed to bind DHCP server socket: %s"
 msgstr "kann nicht an DHCP-Server-Socket binden: %s"
 
-#: dhcp.c:127
+#: dhcp.c:125
 #, c-format
 msgid "cannot create ICMP raw socket: %s."
 msgstr "kann ICMP-Rohdaten-Socket nicht erzeugen: %s."
 
-#: dhcp.c:252 dhcp6.c:180
+#: dhcp.c:254 dhcp6.c:186
 #, c-format
 msgid "unknown interface %s in bridge-interface"
 msgstr "unbekannte Schnittstelle %s in bridge-interface"
 
-#: dhcp.c:293
+#: dhcp.c:295
 #, c-format
 msgid "DHCP packet received on %s which has no address"
 msgstr "DHCP-Paket ohne Adresse an Schnittstelle %s empfangen"
 
-#: dhcp.c:428
+#: dhcp.c:429
 #, c-format
 msgid "ARP-cache injection failed: %s"
 msgstr "Einspeisen in ARP-Zwischenspeicher fehlgeschlagen: %s"
 
-#: dhcp.c:473
+#: dhcp.c:490
 #, c-format
 msgid "Error sending DHCP packet to %s: %s"
 msgstr "Fehler beim Senden des DHCP-Pakets an %s: %s"
 
-#: dhcp.c:530
+#: dhcp.c:547
 #, c-format
 msgid "DHCP range %s -- %s is not consistent with netmask %s"
 msgstr "DHCP-Bereich %s - %s passt nicht zur Netzmaske %s"
 
-#: dhcp.c:918
+#: dhcp.c:930
 #, c-format
 msgid "bad line at %s line %d"
 msgstr "ungültige Zeile %2$d in Datei %1$s"
 
-#: dhcp.c:961
+#: dhcp.c:973
 #, c-format
 msgid "ignoring %s line %d, duplicate name or IP address"
 msgstr "ignoriere %s Zeile %d, doppelter Name oder doppelte IP-Adresse"
 
-#: dhcp.c:1105 rfc3315.c:2182
+#: dhcp.c:1034
+#, c-format
+msgid "read %s - %d addresses"
+msgstr "%s gelesen - %d Adressen"
+
+#: dhcp.c:1136
+#, fuzzy, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr "Kann nicht zum DHCPv6 Server multicasten ohne korrekte Schnittstelle"
+
+#: dhcp.c:1160
 #, c-format
-msgid "DHCP relay %s -> %s"
+msgid "broadcast via %s"
+msgstr ""
+
+#: dhcp.c:1163 rfc3315.c:2219
+#, fuzzy, c-format
+msgid "DHCP relay at %s -> %s"
 msgstr "DHCP Relais %s -> %s"
 
 #: lease.c:64
@@ -1926,7 +2063,7 @@ msgstr "Kein verfügbarer Adress-Bereich für DHCP-Anfrage %s %s"
 msgid "%u available DHCP subnet: %s/%s"
 msgstr "%u verfügbares DHCP-Subnetz: %s/%s"
 
-#: rfc2131.c:409 rfc3315.c:319
+#: rfc2131.c:409 rfc3315.c:320
 #, c-format
 msgid "%u available DHCP range: %s -- %s"
 msgstr "%u verfügbarer DHCP-Bereich: %s - %s"
@@ -1946,12 +2083,12 @@ msgstr "%u Benutzerklasse: %s"
 msgid "disabled"
 msgstr "deaktiviert"
 
-#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1532 rfc3315.c:632 rfc3315.c:815
-#: rfc3315.c:1121
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
 msgid "ignored"
 msgstr "ignoriert"
 
-#: rfc2131.c:613 rfc2131.c:1333 rfc3315.c:867
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
 msgid "address in use"
 msgstr "Adresse in Gebrauch"
 
@@ -1959,7 +2096,7 @@ msgstr "Adresse in Gebrauch"
 msgid "no address available"
 msgstr "keine Adresse verfügbar"
 
-#: rfc2131.c:634 rfc2131.c:1295
+#: rfc2131.c:634 rfc2131.c:1302
 msgid "wrong network"
 msgstr "Falsches Netzwerk"
 
@@ -1967,11 +2104,11 @@ msgstr "Falsches Netzwerk"
 msgid "no address configured"
 msgstr "keine Adresse konfiguriert"
 
-#: rfc2131.c:655 rfc2131.c:1346
+#: rfc2131.c:655 rfc2131.c:1353
 msgid "no leases left"
 msgstr "keine Leases übrig"
 
-#: rfc2131.c:756 rfc3315.c:499
+#: rfc2131.c:756 rfc3315.c:500
 #, c-format
 msgid "%u client provides name: %s"
 msgstr "%u Klient stellt Name bereit: %s"
@@ -1980,7 +2117,7 @@ msgstr "%u Klient stellt Name bereit: %s"
 msgid "PXE BIS not supported"
 msgstr "PXE BIS nicht unterstützt"
 
-#: rfc2131.c:1054 rfc3315.c:1222
+#: rfc2131.c:1054 rfc3315.c:1223
 #, c-format
 msgid "disabling DHCP static address %s for %s"
 msgstr "schalte statische DHCP-Adresse %s für %s ab"
@@ -2006,108 +2143,108 @@ msgid "not using configured address %s because it was previously declined"
 msgstr "benutze konfigurierte Adresse %s nicht, weil sie zuvor abgelehnt wurde"
 
 # FIXME: do not assemble
-#: rfc2131.c:1139 rfc2131.c:1339
+#: rfc2131.c:1139 rfc2131.c:1346
 msgid "no unique-id"
 msgstr "keine eindeutige ID"
 
-#: rfc2131.c:1231
+#: rfc2131.c:1238
 msgid "wrong server-ID"
 msgstr "falsche Server-ID"
 
-#: rfc2131.c:1250
+#: rfc2131.c:1257
 msgid "wrong address"
 msgstr "falsche Adresse"
 
-#: rfc2131.c:1268 rfc3315.c:975
+#: rfc2131.c:1275 rfc3315.c:976
 msgid "lease not found"
 msgstr "Lease nicht gefunden"
 
-#: rfc2131.c:1303
+#: rfc2131.c:1310
 msgid "address not available"
 msgstr "Adresse nicht verfügbar"
 
-#: rfc2131.c:1314
+#: rfc2131.c:1321
 msgid "static lease available"
 msgstr "Statischer Lease verfügbar"
 
-#: rfc2131.c:1318
+#: rfc2131.c:1325
 msgid "address reserved"
 msgstr "Adresse reserviert"
 
-#: rfc2131.c:1327
+#: rfc2131.c:1334
 #, c-format
 msgid "abandoning lease to %s of %s"
 msgstr "Gebe Lease von %2$s an %1$s auf"
 
-#: rfc2131.c:1866
+#: rfc2131.c:1870
 #, c-format
 msgid "%u bootfile name: %s"
 msgstr "%u Name der Bootdatei: %s"
 
-#: rfc2131.c:1875
+#: rfc2131.c:1879
 #, c-format
 msgid "%u server name: %s"
 msgstr "%u Servername: %s"
 
-#: rfc2131.c:1885
+#: rfc2131.c:1889
 #, c-format
 msgid "%u next server: %s"
 msgstr "%u nächster Server: %s"
 
-#: rfc2131.c:1889
+#: rfc2131.c:1893
 #, c-format
 msgid "%u broadcast response"
 msgstr "%u Antwort per Broadcast"
 
-#: rfc2131.c:1952
+#: rfc2131.c:1956
 #, c-format
 msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
 msgstr "kann DHCP/BOOTP-Opition %d nicht setzen: kein Platz mehr im Paket"
 
-#: rfc2131.c:2262
+#: rfc2131.c:2267
 msgid "PXE menu too large"
 msgstr "PXE-Menüeintrag zu groß"
 
-#: rfc2131.c:2425 rfc3315.c:1511
+#: rfc2131.c:2430 rfc3315.c:1517
 #, c-format
 msgid "%u requested options: %s"
 msgstr "%u angeforderte Optionen: %s"
 
-#: rfc2131.c:2742
+#: rfc2131.c:2747
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
 msgstr "Kann RFC3925-Option nicht senden: zu viele Optionen für Unternehmen Nr. %d"
 
-#: rfc2131.c:2805
+#: rfc2131.c:2810
 #, c-format
 msgid "%u reply delay: %d"
 msgstr "%u Antwortverzögerung: %d"
 
-#: netlink.c:93
+#: netlink.c:86
 #, c-format
 msgid "cannot create netlink socket: %s"
 msgstr "kann Netlink-Socket nicht erzeugen: %s"
 
-#: netlink.c:377
+#: netlink.c:379
 #, c-format
 msgid "netlink returns error: %s"
 msgstr "Netlink liefert Fehler %s"
 
-#: dbus.c:434
+#: dbus.c:491
 #, c-format
 msgid "Enabling --%s option from D-Bus"
 msgstr "Aktiviere --%s Option von D-Bus"
 
-#: dbus.c:439
+#: dbus.c:496
 #, c-format
 msgid "Disabling --%s option from D-Bus"
 msgstr "Deaktiviere --%s Option von D-Bus"
 
-#: dbus.c:713
+#: dbus.c:857
 msgid "setting upstream servers from DBus"
 msgstr "vorgeschaltete Server von DBus festgelegt"
 
-#: dbus.c:760
+#: dbus.c:907
 msgid "could not register a DBus message handler"
 msgstr "konnte Steuerungsprogramm für DBus-Nachrichten nicht anmelden"
 
@@ -2134,51 +2271,51 @@ msgstr "Unbekannte Protokollversion vom Route-Socket"
 msgid "lease() function missing in Lua script"
 msgstr "lease()-Funktion fehlt im Lua-Skript"
 
-#: tftp.c:349
+#: tftp.c:353
 msgid "unable to get free port for TFTP"
 msgstr "konnte keinen freien Port für TFTP bekommen"
 
-#: tftp.c:365
+#: tftp.c:369
 #, c-format
 msgid "unsupported request from %s"
 msgstr "nicht unterstützte Anfrage von %s"
 
-#: tftp.c:512
+#: tftp.c:520
 #, c-format
-msgid "file %s not found"
-msgstr "Datei %s nicht gefunden"
+msgid "file %s not found for %s"
+msgstr "Datei %s nicht gefunden für %s"
 
-#: tftp.c:602
+#: tftp.c:609
 #, c-format
 msgid "ignoring packet from %s (TID mismatch)"
-msgstr ""
+msgstr "Paket von %s wird ignoriert (TID-Nichtübereinstimmung)"
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "failed sending %s to %s"
 msgstr "konnte %s nicht an %s senden"
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "sent %s to %s"
 msgstr "%s an %s verschickt"
 
-#: tftp.c:696
+#: tftp.c:712
 #, c-format
 msgid "error %d %s received from %s"
 msgstr "Fehler %d %s von %s empfangen"
 
-#: log.c:190
+#: log.c:203
 #, c-format
 msgid "overflow: %d log entries lost"
 msgstr "Überlauf: %d Protokolleinträge verloren"
 
-#: log.c:268
+#: log.c:281
 #, c-format
 msgid "log failed: %s"
 msgstr "Protokollierung fehlgeschlagen: %s"
 
-#: log.c:477
+#: log.c:490
 msgid "FAILED to start up"
 msgstr "Start FEHLGESCHLAGEN"
 
@@ -2187,17 +2324,17 @@ msgstr "Start FEHLGESCHLAGEN"
 msgid "Conntrack connection mark retrieval failed: %s"
 msgstr "\"Conntrack connection mark\"-Abruf fehlgeschlagen: %s"
 
-#: dhcp6.c:52
+#: dhcp6.c:51
 #, c-format
 msgid "cannot create DHCPv6 socket: %s"
 msgstr "Kann DHCPv6-Socket nicht erzeugen: %s"
 
-#: dhcp6.c:73
+#: dhcp6.c:72
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
 msgstr "kann SO_REUSE{ADDR|PORT} für DHCPv6-Socket nicht aktivieren: %s"
 
-#: dhcp6.c:85
+#: dhcp6.c:84
 #, c-format
 msgid "failed to bind DHCPv6 server socket: %s"
 msgstr "Kann nicht an DHCPv6-Server-Socket binden: %s"
@@ -2212,145 +2349,151 @@ msgstr "Kein Adressbereich verfügbar für die DHCPv6-Anfrage vom Relais bei %s"
 msgid "no address range available for DHCPv6 request via %s"
 msgstr "Kein Adressbereich verfügbar für die DHCPv6-Anfrage via %s"
 
-#: rfc3315.c:316
+#: rfc3315.c:317
 #, c-format
 msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr "%u verfügbares DHCPv6-Subnetz: %s/%d"
 
-#: rfc3315.c:399
+#: rfc3315.c:400
 #, c-format
 msgid "%u vendor class: %u"
 msgstr "%u Herstellerklasse: %u"
 
-#: rfc3315.c:447
+#: rfc3315.c:448
 #, c-format
 msgid "%u client MAC address: %s"
 msgstr "%u Klient MAC-Adresse: %s"
 
-#: rfc3315.c:762 rfc3315.c:859
+#: rfc3315.c:763 rfc3315.c:860
 msgid "address unavailable"
 msgstr "Adresse nicht verfügbar"
 
-#: rfc3315.c:774 rfc3315.c:903 rfc3315.c:1272
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
 msgid "success"
 msgstr "Erfolg"
 
-#: rfc3315.c:789 rfc3315.c:798 rfc3315.c:911 rfc3315.c:913 rfc3315.c:1047
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
 msgid "no addresses available"
 msgstr "keine Adressen verfügbar"
 
-#: rfc3315.c:890
+#: rfc3315.c:891
 msgid "not on link"
 msgstr "nicht on link"
 
-#: rfc3315.c:979 rfc3315.c:1180 rfc3315.c:1261
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
 msgid "no binding found"
 msgstr "Keine Bindung gefunden"
 
-#: rfc3315.c:1016
+#: rfc3315.c:1017
 msgid "deprecated"
 msgstr "veraltet"
 
-#: rfc3315.c:1023
+#: rfc3315.c:1024
 msgid "address invalid"
 msgstr "Adresse ungültig"
 
-#: rfc3315.c:1081 rfc3315.c:1083
+#: rfc3315.c:1082 rfc3315.c:1084
 msgid "confirm failed"
 msgstr "Bestätigung fehlgeschlagen"
 
-#: rfc3315.c:1098
+#: rfc3315.c:1099
 msgid "all addresses still on link"
 msgstr "Alle Adressen immer noch in Verbindung"
 
-#: rfc3315.c:1189
+#: rfc3315.c:1190
 msgid "release received"
 msgstr "Freigabe empfangen"
 
-#: rfc3315.c:2173
-msgid "Cannot multicast to DHCPv6 server without correct interface"
+#: rfc3315.c:2200
+#, fuzzy, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
 msgstr "Kann nicht zum DHCPv6 Server multicasten ohne korrekte Schnittstelle"
 
-#: dhcp-common.c:154
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
+msgstr ""
+
+#: dhcp-common.c:187
 #, c-format
 msgid "Ignoring duplicate dhcp-option %d"
 msgstr "Ignoriere doppelt vorhandene DHCP-Option %d"
 
-#: dhcp-common.c:231
+#: dhcp-common.c:264
 #, c-format
 msgid "%u tags: %s"
 msgstr "%u Marken: %s"
 
-#: dhcp-common.c:451
+#: dhcp-common.c:484
 #, c-format
 msgid "%s has more than one address in hostsfile, using %s for DHCP"
 msgstr "%s hat mehr als eine Adresse in hosts-Datei, benutze %s für DHCP"
 
-#: dhcp-common.c:485
+#: dhcp-common.c:518
 #, c-format
 msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr "doppelte IP-Adresse %s (%s) in \"dhcp-config\"-Anweisung"
 
-#: dhcp-common.c:549
-#, c-format
-msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr "kann SO_BINDTODEVICE für DHCP-Socket nicht aktivieren: %s"
-
-#: dhcp-common.c:672
+#: dhcp-common.c:738
 #, c-format
 msgid "Known DHCP options:\n"
 msgstr "Bekannte DHCP-Optionen:\n"
 
-#: dhcp-common.c:683
+#: dhcp-common.c:749
 #, c-format
 msgid "Known DHCPv6 options:\n"
 msgstr "Bekannte DHCPv6-Optionen:\n"
 
-#: dhcp-common.c:880
+#: dhcp-common.c:946
 msgid ", prefix deprecated"
 msgstr ", Präfix veraltet"
 
-#: dhcp-common.c:883
+#: dhcp-common.c:949
 #, c-format
 msgid ", lease time "
 msgstr ", Leasezeit "
 
-#: dhcp-common.c:925
+#: dhcp-common.c:991
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
 msgstr "%s zustandslos auf %s%.0s%.0s%s"
 
-#: dhcp-common.c:927
+#: dhcp-common.c:993
 #, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
 msgstr "%s, nur statische Leases auf %.0s%s%s%.0s"
 
-#: dhcp-common.c:929
+#: dhcp-common.c:995
 #, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
 msgstr "%s, Proxy im Subnetz %.0s%s%.0s%.0s"
 
-#: dhcp-common.c:930
+#: dhcp-common.c:996
 #, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
 msgstr "%s, IP-Bereich %s -- %s%s%.0s"
 
-#: dhcp-common.c:943
+#: dhcp-common.c:1009
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
 msgstr "DHCPv4-abgeleitete IPv6 Namen auf %s%s"
 
-#: dhcp-common.c:946
+#: dhcp-common.c:1012
 #, c-format
 msgid "router advertisement on %s%s"
 msgstr "Router-Advertisment auf %s%s"
 
-#: dhcp-common.c:957
+#: dhcp-common.c:1043
+#, fuzzy, c-format
+msgid "DHCP relay from %s via %s"
+msgstr "DHCP Weiterleitung von %s nach %s"
+
+#: dhcp-common.c:1045
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
 msgstr "DHCP Weiterleitung von %s nach %s über %s"
 
-#: dhcp-common.c:959
+#: dhcp-common.c:1048
 #, c-format
 msgid "DHCP relay from %s to %s"
 msgstr "DHCP Weiterleitung von %s nach %s"
@@ -2360,7 +2503,7 @@ msgstr "DHCP Weiterleitung von %s nach %s"
 msgid "cannot create ICMPv6 socket: %s"
 msgstr "Kann ICMPv6-Socket nicht erzeugen: %s"
 
-#: auth.c:464
+#: auth.c:462
 #, c-format
 msgid "ignoring zone transfer request from %s"
 msgstr "ignoriere Zonentransfer-Anfrage von %s"
@@ -2378,108 +2521,108 @@ msgstr "Aktualisierung von ipset %s fehlgeschlagen: %s"
 #: pattern.c:29
 #, c-format
 msgid "[pattern.c:%d] Assertion failure: %s"
-msgstr ""
+msgstr "[pattern.c:%d] Assertion failure: %s"
 
 #: pattern.c:142
 #, c-format
 msgid "Invalid DNS name: Invalid character %c."
-msgstr ""
+msgstr "Ungültiger DNS-Name: Ungültiges Zeichen %c."
 
 #: pattern.c:151
 msgid "Invalid DNS name: Empty label."
-msgstr ""
+msgstr "Ungültiger DNS-Name: Leeres Label."
 
 #: pattern.c:156
 msgid "Invalid DNS name: Label starts with hyphen."
-msgstr ""
+msgstr "Ungültiger DNS-Name: Label beginnt mit Bindestrich."
 
 #: pattern.c:170
 msgid "Invalid DNS name: Label ends with hyphen."
-msgstr ""
+msgstr "Ungültiger DNS-Name: Bezeichnung endet mit Bindestrich."
 
 #: pattern.c:176
 #, c-format
 msgid "Invalid DNS name: Label is too long (%zu)."
-msgstr ""
+msgstr "Ungültiger DNS-Name: Label ist zu lang (%zu)."
 
 #: pattern.c:184
 #, c-format
 msgid "Invalid DNS name: Not enough labels (%zu)."
-msgstr ""
+msgstr "Ungültiger DNS-Name: Nicht genügend Labels (%zu)."
 
 #: pattern.c:189
 msgid "Invalid DNS name: Final label is fully numeric."
-msgstr ""
+msgstr "Ungültiger DNS-Name: Das endgültige Label ist vollständig numerisch."
 
 #: pattern.c:199
 msgid "Invalid DNS name: \"local\" pseudo-TLD."
-msgstr ""
+msgstr "Ungültiger DNS-Name: \"lokale\" Pseudo-TLD."
 
 #: pattern.c:204
 #, c-format
 msgid "DNS name has invalid length (%zu)."
-msgstr ""
+msgstr "Der DNS-Name hat eine ungültige Länge (%zu)."
 
 #: pattern.c:258
 #, c-format
 msgid "Invalid DNS name pattern: Invalid character %c."
-msgstr ""
+msgstr "Ungültiges DNS-Namensmuster: Ungültiges Zeichen %c."
 
 #: pattern.c:267
 msgid "Invalid DNS name pattern: Empty label."
-msgstr ""
+msgstr "Ungültiges DNS-Namensmuster: Leeres Label."
 
 #: pattern.c:272
 msgid "Invalid DNS name pattern: Label starts with hyphen."
-msgstr ""
+msgstr "Ungültiges DNS-Namensmuster: Bezeichnung beginnt mit Bindestrich."
 
 #: pattern.c:285
 msgid "Invalid DNS name pattern: Wildcard character used more than twice per label."
-msgstr ""
+msgstr "Ungültiges DNS-Namensmuster: Platzhalterzeichen werden mehr als zweimal pro Label verwendet."
 
 #: pattern.c:295
 msgid "Invalid DNS name pattern: Label ends with hyphen."
-msgstr ""
+msgstr "Ungültiges DNS-Namensmuster: Bezeichnung endet mit Bindestrich."
 
 #: pattern.c:301
 #, c-format
 msgid "Invalid DNS name pattern: Label is too long (%zu)."
-msgstr ""
+msgstr "Ungültiges DNS-Namensmuster: Label ist zu lang (%zu)."
 
 #: pattern.c:309
 #, c-format
 msgid "Invalid DNS name pattern: Not enough labels (%zu)."
-msgstr ""
+msgstr "Ungültiges DNS-Namensmuster: Nicht genügend Labels (%zu)."
 
 #: pattern.c:314
 msgid "Invalid DNS name pattern: Wildcard within final two labels."
-msgstr ""
+msgstr "Ungültiges DNS-Namensmuster: Platzhalter innerhalb der letzten beiden Labels."
 
 #: pattern.c:319
 msgid "Invalid DNS name pattern: Final label is fully numeric."
-msgstr ""
+msgstr "Ungültiges DNS-Namensmuster: Das endgültige Label ist vollständig numerisch."
 
 #: pattern.c:329
 msgid "Invalid DNS name pattern: \"local\" pseudo-TLD."
-msgstr ""
+msgstr "Ungültiges DNS-Namensmuster: \"lokale\" Pseudo-TLD."
 
 #: pattern.c:334
 #, c-format
 msgid "DNS name pattern has invalid length after removing wildcards (%zu)."
-msgstr ""
+msgstr "Das DNS-Namensmuster hat nach dem Entfernen von Platzhaltern (%zu) eine ungültige Länge."
 
 #: dnssec.c:206
 msgid "system time considered valid, now checking DNSSEC signature timestamps."
 msgstr "Systemzeit als gültig betrachtet, prüfe jetzt DNSSEC Signatur-Zeitstempel."
 
-#: dnssec.c:1014
+#: dnssec.c:1018
 #, c-format
 msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
 msgstr "Unsichere DS-Antwort für %s, bitte Domainkonfiguration und Upstream DNS-Server für DNSSEC-Unterstützung überprüfen"
 
 #: blockdata.c:55
-#, c-format
-msgid "pool memory in use %u, max %u, allocated %u"
+#, fuzzy, c-format
+msgid "pool memory in use %zu, max %zu, allocated %zu"
 msgstr "Speicherpool in Benutzung %u, Max %u, zugewiesen %u"
 
 #: tables.c:61
@@ -2541,38 +2684,58 @@ msgstr "zu viele Symlinks beim Verfolgen von %s"
 msgid "directory %s for resolv-file is missing, cannot poll"
 msgstr "Verzeichnis %s für resolv-file fehlt, kann nicht abfragen"
 
-#: inotify.c:131 inotify.c:168
+#: inotify.c:131 inotify.c:200
 #, c-format
 msgid "failed to create inotify for %s: %s"
 msgstr "Konnte \"inotify\" für %s nicht erzeugen: %s"
 
-#: inotify.c:153
+#: inotify.c:178 inotify.c:185
 #, c-format
 msgid "bad dynamic directory %s: %s"
 msgstr "fehlerhaftes dynamisches Verzeichnis %s: %s"
 
-#: inotify.c:257
+#: inotify.c:186
+#, fuzzy
+msgid "not a directory"
+msgstr "Kann auf Verzeichnis %s nicht zugreifen: %s"
+
+#: inotify.c:299
 #, c-format
-msgid "inotify, new or changed file %s"
+msgid "inotify: %s removed"
+msgstr ""
+
+#: inotify.c:301
+#, fuzzy, c-format
+msgid "inotify: %s new or modified"
 msgstr "inotify, neue oder geänderte Datei %s"
 
-#: dump.c:64
+#: inotify.c:309
+#, c-format
+msgid "inotify: flushed %u names read from %s"
+msgstr ""
+
+#: dump.c:68
 #, c-format
 msgid "cannot create %s: %s"
 msgstr "kann %s nicht erstellen: %s"
 
-#: dump.c:70
+#: dump.c:74
 #, c-format
 msgid "bad header in %s"
 msgstr "Fehlerhafter Kopf in %s"
 
-#: dump.c:205
+#: dump.c:287
 msgid "failed to write packet dump"
 msgstr "schreiben des Paketmitschnitts fehlgeschlagen"
 
-#: dump.c:207
-#, c-format
-msgid "dumping UDP packet %u mask 0x%04x"
+#: dump.c:289
+#, fuzzy, c-format
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr "Lade UDP Paket %u Maske 0x%04x ab"
+
+#: dump.c:291
+#, fuzzy, c-format
+msgid "dumping packet %u mask 0x%04x"
 msgstr "Lade UDP Paket %u Maske 0x%04x ab"
 
 #: ubus.c:79
@@ -2600,12 +2763,20 @@ msgstr "Von System-UBus trennen"
 #: ubus.c:179 ubus.c:326
 #, c-format
 msgid "UBus command failed: %d (%s)"
-msgstr ""
+msgstr "UBus-Befehl fehlgeschlagen: %d (%s)"
 
 #: hash-questions.c:40
 msgid "Failed to create SHA-256 hash object"
 msgstr "Kann SHA-256-Hash-Objekt nicht erstellen"
 
+#: nftset.c:35
+#, fuzzy
+msgid "failed to create nftset context"
+msgstr "konnte IPset-Kontroll-Socket nicht erzeugen: %s"
+
+#~ msgid "bad IPv4 prefix"
+#~ msgstr "fehlerhaftes IPv4-Präfix"
+
 #~ msgid "Cannot initialize UBus: connection failed"
 #~ msgstr "Kann UBus nicht initialisieren: Verbindung fehlgeschlagen"
 
diff --git a/po/es.po b/po/es.po
index 9bd61fc..05f83bc 100644
--- a/po/es.po
+++ b/po/es.po
@@ -16,72 +16,77 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: cache.c:572
+#: cache.c:652
 msgid "Internal error in cache."
 msgstr ""
 
-#: cache.c:1094
+#: cache.c:1179
 #, fuzzy, c-format
 msgid "failed to load names from %s: %s"
 msgstr "no se pudo cargar nombres desde %s: %s"
 
-#: cache.c:1116 dhcp.c:931
+#: cache.c:1201 dhcp.c:943
 #, fuzzy, c-format
 msgid "bad address at %s line %d"
 msgstr "dirección errónea en %s línea %d"
 
-#: cache.c:1169 dhcp.c:947
+#: cache.c:1254 dhcp.c:959
 #, c-format
 msgid "bad name at %s line %d"
 msgstr "nombre erróneo en %s línea %d"
 
-#: cache.c:1180 dhcp.c:1022
-#, c-format
-msgid "read %s - %d addresses"
+#: cache.c:1265
+#, fuzzy, c-format
+msgid "read %s - %d names"
 msgstr "direcciónes %s - %d leídas"
 
-#: cache.c:1296
+#: cache.c:1381
 msgid "cleared cache"
 msgstr "el caché fue liberado"
 
-#: cache.c:1358
+#: cache.c:1445
 #, c-format
 msgid "No IPv4 address found for %s"
 msgstr ""
 
-#: cache.c:1404
+#: cache.c:1491
 #, c-format
 msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
 msgstr "%s es un CNAME, no se le está dando concesión DHCP de %s"
 
-#: cache.c:1428
+#: cache.c:1515
 #, c-format
 msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
 msgstr "no otorgando nombre %s a concesión DHCP de %s porque el nombre existe en %s con dirección %s"
 
-#: cache.c:1674
+#: cache.c:1760
 #, c-format
 msgid "time %lu"
 msgstr "tiempo %lu"
 
-#: cache.c:1675
+#: cache.c:1761
 #, fuzzy, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
 msgstr "tamaño de caché %d, %d/%d inserciónes de caché reutilizaron objetos no vencidos."
 
-#: cache.c:1677
+#: cache.c:1763
 #, c-format
 msgid "queries forwarded %u, queries answered locally %u"
 msgstr "búsquedas reenviadas %u, búsquedas respondidas localmente %u"
 
-#: cache.c:1680
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
 #, fuzzy, c-format
 msgid "queries for authoritative zones %u"
 msgstr "Fijar TTL para respuestas autoritarias"
 
-#: cache.c:1702
-#, c-format
-msgid "server %s#%d: queries sent %u, retried or failed %u"
+#: cache.c:1796
+#, fuzzy, c-format
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
 msgstr "servidor %s#%d: búsquedas enviadas %u, reintentadas o fallidas %u"
 
 #: util.c:51
@@ -89,774 +94,825 @@ msgstr "servidor %s#%d: b
 msgid "failed to seed the random number generator: %s"
 msgstr "no se pudo crear valor semilla para el generador de números aleatorios: %s"
 
-#: util.c:228
+#: util.c:246
 #, fuzzy
 msgid "failed to allocate memory"
 msgstr "no se pudo asignar memoria"
 
-#: util.c:285 option.c:665
+#: util.c:305 option.c:696
 msgid "could not get memory"
 msgstr "no se pudo adquirir memoria"
 
-#: util.c:306
+#: util.c:326
 #, fuzzy, c-format
 msgid "cannot create pipe: %s"
 msgstr "no se puede crear pipe: %s"
 
-#: util.c:314
+#: util.c:334
 #, fuzzy, c-format
 msgid "failed to allocate %d bytes"
 msgstr "no se pudo asignar %d bytes"
 
-#: util.c:520
+#: util.c:344
+#, fuzzy, c-format
+msgid "failed to reallocate %d bytes"
+msgstr "no se pudo asignar %d bytes"
+
+#: util.c:465
+#, fuzzy, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr "no se puede crear zócalo netlink: %s"
+
+#: util.c:579
 #, c-format
 msgid "infinite"
 msgstr "infinito"
 
-#: util.c:808
+#: util.c:867
 #, fuzzy, c-format
 msgid "failed to find kernel version: %s"
 msgstr "no se pudo acoplar socket de servidor DHCP: %s"
 
-#: option.c:372
+#: option.c:393
 msgid "Specify local address(es) to listen on."
 msgstr "Especificar dirección(es) locales dónde escuchar."
 
-#: option.c:373
+#: option.c:394
 msgid "Return ipaddr for all hosts in specified domains."
 msgstr "Retornar ipaddr (dirección IP) para todos los hosts en los dominios especificados."
 
-#: option.c:374
+#: option.c:395
 msgid "Fake reverse lookups for RFC1918 private address ranges."
 msgstr "Falsificar búsquedas reversas para rangos de dirección privados RFC1918."
 
-#: option.c:375
+#: option.c:396
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
 msgstr "Tratar ipaddr (dirección IP) como NXDOMAIN (derrota comodín Verisign)."
 
-#: option.c:376
+#: option.c:397
 #, c-format
 msgid "Specify the size of the cache in entries (defaults to %s)."
 msgstr "Especificar tamaño de caché en cuanto a cantidad de objetos (%s por predeterminado)."
 
-#: option.c:377
+#: option.c:398
 #, c-format
 msgid "Specify configuration file (defaults to %s)."
 msgstr "Especificar archivo de configuración (%s por predeterminado)."
 
-#: option.c:378
+#: option.c:399
 msgid "Do NOT fork into the background: run in debug mode."
 msgstr "NO hacer un fork hacia el fondo: correr en modo debug."
 
-#: option.c:379
+#: option.c:400
 msgid "Do NOT forward queries with no domain part."
 msgstr "NO reenviar búsquedas sin parte de dominio."
 
-#: option.c:380
+#: option.c:401
 msgid "Return self-pointing MX records for local hosts."
 msgstr "Retornar expedientes MX auto-señaladores para hosts locales."
 
-#: option.c:381
+#: option.c:402
 msgid "Expand simple names in /etc/hosts with domain-suffix."
 msgstr "Expandir nombres simples en /etc/hosts con domain-suffix (sufijo de dominio)."
 
-#: option.c:382
+#: option.c:403
 msgid "Don't forward spurious DNS requests from Windows hosts."
 msgstr "No reenviar pedidos DNS falsos desde máquinas Windows."
 
-#: option.c:383
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr ""
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr ""
+
+#: option.c:406
 msgid "Enable DHCP in the range given with lease duration."
 msgstr "Habilitar DHCP dentro del rango brindado con duración de concesión."
 
-#: option.c:384
+#: option.c:407
 #, c-format
 msgid "Change to this group after startup (defaults to %s)."
 msgstr "Cambiar a este grupo después del inicio (%s por predeterminado)."
 
-#: option.c:385
+#: option.c:408
 msgid "Set address or hostname for a specified machine."
 msgstr "Fijar dirección o nombre de host para una máquina especificada."
 
-#: option.c:386
+#: option.c:409
 #, fuzzy
 msgid "Read DHCP host specs from file."
 msgstr "Leer especificaciones DHCP de host desde archivo"
 
-#: option.c:387
+#: option.c:410
 #, fuzzy
 msgid "Read DHCP option specs from file."
 msgstr "Leer opciones DHCP de host desde archivo"
 
-#: option.c:388
+#: option.c:411
 #, fuzzy
 msgid "Read DHCP host specs from a directory."
 msgstr "Leer especificaciones DHCP de host desde archivo"
 
-#: option.c:389
+#: option.c:412
 #, fuzzy
 msgid "Read DHCP options from a directory."
 msgstr "Leer opciones DHCP de host desde archivo"
 
-#: option.c:390
+#: option.c:413
 msgid "Evaluate conditional tag expression."
 msgstr "Evaluar expresión condicional de etiqueta."
 
-#: option.c:391
+#: option.c:414
 #, c-format
 msgid "Do NOT load %s file."
 msgstr "NO cargar archivo %s."
 
-#: option.c:392
+#: option.c:415
 #, c-format
 msgid "Specify a hosts file to be read in addition to %s."
 msgstr "Especificar un archivo de hosts para ser leído adicionalmente a %s."
 
-#: option.c:393
+#: option.c:416
 #, fuzzy
 msgid "Read hosts files from a directory."
 msgstr "Leer especificaciones DHCP de host desde archivo"
 
-#: option.c:394
+#: option.c:417
 msgid "Specify interface(s) to listen on."
 msgstr "Especificar interfase(s) donde escuchar."
 
-#: option.c:395
+#: option.c:418
 msgid "Specify interface(s) NOT to listen on."
 msgstr "Especificar interfase(s) donde NO escuchar."
 
-#: option.c:396
+#: option.c:419
 #, fuzzy
 msgid "Map DHCP user class to tag."
 msgstr "Trazar clase de usuario DHCP a etiqueta."
 
-#: option.c:397
+#: option.c:420
 msgid "Map RFC3046 circuit-id to tag."
 msgstr "Trazar circuit-id (identificación de circuito) RFC3046 a etiqueta."
 
-#: option.c:398
+#: option.c:421
 msgid "Map RFC3046 remote-id to tag."
 msgstr "Trazar remote-id (identificación remota) RFC3046 a etiqueta."
 
-#: option.c:399
+#: option.c:422
 msgid "Map RFC3993 subscriber-id to tag."
 msgstr "Trazar subscriber-id (identificación de suscritor) RFC3993 a etiqueta."
 
-#: option.c:400
+#: option.c:423
 msgid "Specify vendor class to match for PXE requests."
 msgstr ""
 
-#: option.c:401
+#: option.c:424
 #, fuzzy
 msgid "Don't do DHCP for hosts with tag set."
 msgstr "No hacer DHCP para hosts con etiqueta fijada."
 
-#: option.c:402
+#: option.c:425
 #, fuzzy
 msgid "Force broadcast replies for hosts with tag set."
 msgstr "Forzar respuestas broadcast para hosts con etiqueta fijada."
 
-#: option.c:403
+#: option.c:426
 msgid "Do NOT fork into the background, do NOT run in debug mode."
 msgstr "NO hacer un fork hacia el fondo, NO correr en modo debug."
 
-#: option.c:404
+#: option.c:427
 msgid "Assume we are the only DHCP server on the local network."
 msgstr "Asumir que somos el único servidor DHCP en la red local."
 
-#: option.c:405
+#: option.c:428
 #, c-format
 msgid "Specify where to store DHCP leases (defaults to %s)."
 msgstr "Especificar donde almacenar concesión DHCP (%s por predeterminado)."
 
-#: option.c:406
+#: option.c:429
 msgid "Return MX records for local hosts."
 msgstr "Retornar expedientes MX para hosts locales."
 
-#: option.c:407
+#: option.c:430
 msgid "Specify an MX record."
 msgstr "Especificar un expediente MX."
 
-#: option.c:408
+#: option.c:431
 msgid "Specify BOOTP options to DHCP server."
 msgstr "Especificar opciones BOOTP a servidor DHCP."
 
-#: option.c:409
+#: option.c:432
 #, c-format
 msgid "Do NOT poll %s file, reload only on SIGHUP."
 msgstr "NO revisar archivo %s periódicamente, recargar solo con SIGHUP."
 
-#: option.c:410
+#: option.c:433
 msgid "Do NOT cache failed search results."
 msgstr "NO almacenar en caché resultados de búsquedas fallidas."
 
-#: option.c:411
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
+#: option.c:435
 #, c-format
 msgid "Use nameservers strictly in the order given in %s."
 msgstr "Usar servidores DNS estrictamente en el órden brindado en %s."
 
-#: option.c:412
+#: option.c:436
 #, fuzzy
 msgid "Specify options to be sent to DHCP clients."
 msgstr "Especificar opciones para ser enviadas a clientes DHCP."
 
-#: option.c:413
+#: option.c:437
 msgid "DHCP option sent even if the client does not request it."
 msgstr "Opción DHCP enviada aún si el cliente no la pide."
 
-#: option.c:414
+#: option.c:438
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
 msgstr "Especificar puerto donde escuchar por búsquedas DNS (53 por predeterminado)."
 
-#: option.c:415
+#: option.c:439
 #, c-format
 msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
 msgstr "Tamaño máximo de paquetes UDP soportado para EDNS.0 (%s por predeterminado)."
 
-#: option.c:416
+#: option.c:440
 #, fuzzy
 msgid "Log DNS queries."
 msgstr "Bitacorear búsquedas DNS."
 
-#: option.c:417
+#: option.c:441
 #, fuzzy
 msgid "Force the originating port for upstream DNS queries."
 msgstr "Enforzar el puerto original para búsquedas DNS subida."
 
-#: option.c:418
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
+#: option.c:443
 msgid "Do NOT read resolv.conf."
 msgstr "NO leer resolv.conf."
 
-#: option.c:419
+#: option.c:444
 #, c-format
 msgid "Specify path to resolv.conf (defaults to %s)."
 msgstr "Especificar el path hacia resolv.conf (%s por predeterminado)."
 
-#: option.c:420
+#: option.c:445
 #, fuzzy
 msgid "Specify path to file with server= options"
 msgstr "Especificar path de archivo PID (%s por predeterminado)."
 
-#: option.c:421
+#: option.c:446
 msgid "Specify address(es) of upstream servers with optional domains."
 msgstr "Especificar dirección(es) de servidores subida con dominios opcionales."
 
-#: option.c:422
+#: option.c:447
 #, fuzzy
 msgid "Specify address of upstream servers for reverse address queries"
 msgstr "Especificar dirección(es) de servidores subida con dominios opcionales."
 
-#: option.c:423
+#: option.c:448
 msgid "Never forward queries to specified domains."
 msgstr "Nunca reenviar búsquedas a dominios especificados."
 
-#: option.c:424
+#: option.c:449
 msgid "Specify the domain to be assigned in DHCP leases."
 msgstr "Especificar el dominio para ser asignado en concesión DHCP."
 
-#: option.c:425
+#: option.c:450
 msgid "Specify default target in an MX record."
 msgstr "Especificar destino predeterminado en un expediente MX."
 
-#: option.c:426
+#: option.c:451
 msgid "Specify time-to-live in seconds for replies from /etc/hosts."
 msgstr "Especificar tiempo de vida en segundos para respuestas desde /etc/hosts."
 
-#: option.c:427
+#: option.c:452
 #, fuzzy
 msgid "Specify time-to-live in seconds for negative caching."
 msgstr "Especificar tiempo de vida en segundos para caché negativo."
 
-#: option.c:428
+#: option.c:453
 #, fuzzy
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
 msgstr "Especificar tiempo de vida en segundos para respuestas desde /etc/hosts."
 
-#: option.c:429
+#: option.c:454
 #, fuzzy
 msgid "Specify time-to-live ceiling for cache."
 msgstr "Especificar tiempo de vida en segundos para caché negativo."
 
-#: option.c:430
+#: option.c:455
 #, fuzzy
 msgid "Specify time-to-live floor for cache."
 msgstr "Especificar tiempo de vida en segundos para caché negativo."
 
-#: option.c:431
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
+#: option.c:457
 #, c-format
 msgid "Change to this user after startup. (defaults to %s)."
 msgstr "Cambiar a este usuario despues del inicio (%s por predeterminado)."
 
-#: option.c:432
+#: option.c:458
 #, fuzzy
 msgid "Map DHCP vendor class to tag."
 msgstr "Trazar clase de vendedor DHCP a etiqueta."
 
-#: option.c:433
+#: option.c:459
 msgid "Display dnsmasq version and copyright information."
 msgstr "Mostrar información sobre la versión y copyright de dnsmasq."
 
-#: option.c:434
+#: option.c:460
 msgid "Translate IPv4 addresses from upstream servers."
 msgstr "Traducir direcciones IPv4 desde servidores subida."
 
-#: option.c:435
+#: option.c:461
 msgid "Specify a SRV record."
 msgstr "Especificar un expediente SRV."
 
-#: option.c:436
+#: option.c:462
 #, fuzzy
 msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
 msgstr "Mostrar este mensaje. Usar --help dhcp para opciones DHCP conocidas."
 
-#: option.c:437
+#: option.c:463
 #, fuzzy, c-format
 msgid "Specify path of PID file (defaults to %s)."
 msgstr "Especificar path de archivo PID (%s por predeterminado)."
 
-#: option.c:438
+#: option.c:464
 #, c-format
 msgid "Specify maximum number of DHCP leases (defaults to %s)."
 msgstr "Especificar número máximo de concesión DHCP (%s por predeterminado)."
 
-#: option.c:439
+#: option.c:465
 msgid "Answer DNS queries based on the interface a query was sent to."
 msgstr "Responder a búsquedas DNS en base a la interfase a la cuál fueron enviadas."
 
-#: option.c:440
+#: option.c:466
 msgid "Specify TXT DNS record."
 msgstr "Especificar expediente DNS TXT."
 
-#: option.c:441
+#: option.c:467
 #, fuzzy
 msgid "Specify PTR DNS record."
 msgstr "Especificar expediente DNS PTR."
 
-#: option.c:442
+#: option.c:468
 msgid "Give DNS name to IPv4 address of interface."
 msgstr "Otorgar nombre DNS a dirección IPv4 de interfase."
 
-#: option.c:443
+#: option.c:469
 msgid "Bind only to interfaces in use."
 msgstr "Acoplar solo a interfases en uso."
 
-#: option.c:444
+#: option.c:470
 #, c-format
 msgid "Read DHCP static host information from %s."
 msgstr "Leer información sobre hosts DHCP estáticos desde %s."
 
-#: option.c:445
+#: option.c:471
 msgid "Enable the DBus interface for setting upstream servers, etc."
 msgstr "Habilitar la interfase DBus para fijar servidores subida, etc."
 
-#: option.c:446
+#: option.c:472
 msgid "Enable the UBus interface."
 msgstr ""
 
-#: option.c:447
+#: option.c:473
 msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr "No proveer DHCP en esta interfase, sólo proveer DNS."
 
-#: option.c:448
+#: option.c:474
 msgid "Enable dynamic address allocation for bootp."
 msgstr "Habilitar alocación dinámica de direcciónes para BOOTP."
 
-#: option.c:449
+#: option.c:475
 #, fuzzy
 msgid "Map MAC address (with wildcards) to option set."
 msgstr "Trazar dirección MAC (con comodínes) a opción fijada."
 
-#: option.c:450
+#: option.c:476
 msgid "Treat DHCP requests on aliases as arriving from interface."
 msgstr "Tratar pedidos DHCP en alias como si llegaran de la interfase."
 
-#: option.c:451
+#: option.c:477
 msgid "Specify extra networks sharing a broadcast domain for DHCP"
 msgstr ""
 
-#: option.c:452
+#: option.c:478
 msgid "Disable ICMP echo address checking in the DHCP server."
 msgstr "Deshabilitar verificación de direcciónes para echo ICMP en el servidor DHCP."
 
-#: option.c:453
+#: option.c:479
 #, fuzzy
 msgid "Shell script to run on DHCP lease creation and destruction."
 msgstr "Archivo guión para ejecutar cuando se crea o destruye una concesión DHCP."
 
-#: option.c:454
+#: option.c:480
 #, fuzzy
 msgid "Lua script to run on DHCP lease creation and destruction."
 msgstr "Archivo guión para ejecutar cuando se crea o destruye una concesión DHCP."
 
-#: option.c:455
+#: option.c:481
 #, fuzzy
 msgid "Run lease-change scripts as this user."
 msgstr "Correr archivo guión de cambio de concesión como este usuario."
 
-#: option.c:456
+#: option.c:482
 msgid "Call dhcp-script with changes to local ARP table."
 msgstr ""
 
-#: option.c:457
+#: option.c:483
 msgid "Read configuration from all the files in this directory."
 msgstr "Leer configuración desde todos los archivos en este directorio."
 
-#: option.c:458
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr ""
+
+#: option.c:485
 #, fuzzy
 msgid "Log to this syslog facility or file. (defaults to DAEMON)"
 msgstr "Bitacorear a esta facilidad syslog o archivo. (DAEMON por predeterminado)"
 
-#: option.c:459
+#: option.c:486
 msgid "Do not use leasefile."
 msgstr "No usar archivo de concesión."
 
-#: option.c:460
+#: option.c:487
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
 msgstr "Número máximo de búsquedas DNS simultáneas. (%s por predeterminado)"
 
-#: option.c:461
+#: option.c:488
 #, c-format
 msgid "Clear DNS cache when reloading %s."
 msgstr "Liberar caché DNS al recargar %s."
 
-#: option.c:462
+#: option.c:489
 msgid "Ignore hostnames provided by DHCP clients."
 msgstr "Ignorar nombres de host brindados por clientes DHCP."
 
-#: option.c:463
+#: option.c:490
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
 msgstr "NO reutilizar campos de nombre de archivo y servidor para opciones DHCP extra."
 
-#: option.c:464
+#: option.c:491
 msgid "Enable integrated read-only TFTP server."
 msgstr "Habilitar servidor integrado TFTP solo-lectura."
 
-#: option.c:465
+#: option.c:492
 msgid "Export files by TFTP only from the specified subtree."
 msgstr "Exportar archivos vía TFTP solo del sub-árbol especificado."
 
-#: option.c:466
+#: option.c:493
 #, fuzzy
 msgid "Add client IP or hardware address to tftp-root."
 msgstr "Agregar IP de cliente a tftp-root."
 
-#: option.c:467
+#: option.c:494
 msgid "Allow access only to files owned by the user running dnsmasq."
 msgstr "Permitir acceso solo a archivos pertenecientes al usuario que corre dnsmasq."
 
-#: option.c:468
+#: option.c:495
 msgid "Do not terminate the service if TFTP directories are inaccessible."
 msgstr ""
 
-#: option.c:469
+#: option.c:496
 #, fuzzy, c-format
 msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
 msgstr "Número máximo de transferencias TFTP simultáneas (%s por predeterminado)."
 
-#: option.c:470
+#: option.c:497
 #, fuzzy
 msgid "Maximum MTU to use for TFTP transfers."
 msgstr "Número máximo de transferencias TFTP simultáneas (%s por predeterminado)."
 
-#: option.c:471
+#: option.c:498
 msgid "Disable the TFTP blocksize extension."
 msgstr "Deshabilitar la extensión TFTP blocksize (tamaño de bloque)."
 
-#: option.c:472
+#: option.c:499
 msgid "Convert TFTP filenames to lowercase"
 msgstr "Convertir a minúsculas los nombres de archivos TFTP"
 
-#: option.c:473
+#: option.c:500
 msgid "Ephemeral port range for use by TFTP transfers."
 msgstr "Rango de puertos efímeros para ser usados en transferencias TFTP."
 
-#: option.c:474
+#: option.c:501
 msgid "Use only one port for TFTP server."
 msgstr ""
 
-#: option.c:475
+#: option.c:502
 msgid "Extra logging for DHCP."
 msgstr "Log extra para DHCP."
 
-#: option.c:476
+#: option.c:503
 msgid "Enable async. logging; optionally set queue length."
 msgstr "Habilitar registro asíncrono; opcionalmente fijar tamaño de cola."
 
-#: option.c:477
+#: option.c:504
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
 msgstr "Detener revinculación DNS. Filtrar rangos de IP privados al resolver."
 
-#: option.c:478
+#: option.c:505
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
 msgstr "Permitir revinculación de 127.0.0.0/8, para servidores RBL."
 
-#: option.c:479
+#: option.c:506
 msgid "Inhibit DNS-rebind protection on this domain."
 msgstr "Inhibir protección de revinculación DNS en este dominio."
 
-#: option.c:480
+#: option.c:507
 msgid "Always perform DNS queries to all servers."
 msgstr "Siempre realizar búsquedas DNS a todos los servidores."
 
-#: option.c:481
+#: option.c:508
 #, fuzzy
 msgid "Set tag if client includes matching option in request."
 msgstr "Fijar etiqueta si cliente incluye opción coincidente en pedido."
 
-#: option.c:482
+#: option.c:509
 #, fuzzy
 msgid "Set tag if client provides given name."
 msgstr "Fijar etiqueta si cliente incluye opción coincidente en pedido."
 
-#: option.c:483
+#: option.c:510
 msgid "Use alternative ports for DHCP."
 msgstr "Usar puertos alternativos para DHCP."
 
-#: option.c:484
+#: option.c:511
 #, fuzzy
 msgid "Specify NAPTR DNS record."
 msgstr "Especificar expediente DNS NAPTR."
 
-#: option.c:485
+#: option.c:512
 msgid "Specify lowest port available for DNS query transmission."
 msgstr "Especificar puerto más bajo disponible para transmisión de búsquedas DNS."
 
-#: option.c:486
+#: option.c:513
 #, fuzzy
 msgid "Specify highest port available for DNS query transmission."
 msgstr "Especificar puerto más bajo disponible para transmisión de búsquedas DNS."
 
-#: option.c:487
+#: option.c:514
 msgid "Use only fully qualified domain names for DHCP clients."
 msgstr "Usar solo nombres de dominio completamente calificados para clientes DHCP."
 
-#: option.c:488
+#: option.c:515
 msgid "Generate hostnames based on MAC address for nameless clients."
 msgstr "Generar hostnames basados en direcciones MAC para clientes sin nombre."
 
-#: option.c:489
+#: option.c:516
 msgid "Use these DHCP relays as full proxies."
 msgstr "Usar estos relays DHCP como proxies completos."
 
-#: option.c:490
+#: option.c:517
 msgid "Relay DHCP requests to a remote server"
 msgstr ""
 
-#: option.c:491
+#: option.c:518
 msgid "Specify alias name for LOCAL DNS name."
 msgstr "Especificar nombre alias para nombre DNS LOCAL."
 
-#: option.c:492
+#: option.c:519
 #, fuzzy
 msgid "Prompt to send to PXE clients."
 msgstr "Aviso a ser enviado a clientes PXE."
 
-#: option.c:493
+#: option.c:520
 msgid "Boot service for PXE menu."
 msgstr "Servicio de arranque para menú PXE."
 
-#: option.c:494
+#: option.c:521
 msgid "Check configuration syntax."
 msgstr "Revisar sintaxis de configuración."
 
-#: option.c:495
+#: option.c:522
 msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr "Añadir direcciones MAC de los peticionarios a los filtros DNS enviados"
 
-#: option.c:496
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr ""
+
+#: option.c:524
 #, fuzzy
 msgid "Add specified IP subnet to forwarded DNS queries."
 msgstr "Añadir direcciones MAC de los peticionarios a los filtros DNS enviados"
 
-#: option.c:497
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr ""
+
+#: option.c:526
 #, fuzzy
 msgid "Add client identification to forwarded DNS queries."
 msgstr "Añadir direcciones MAC de los peticionarios a los filtros DNS enviados"
 
-#: option.c:498
+#: option.c:527
 #, fuzzy
 msgid "Proxy DNSSEC validation results from upstream nameservers."
 msgstr "Traducir direcciones IPv4 desde servidores subida."
 
-#: option.c:499
+#: option.c:528
 msgid "Attempt to allocate sequential IP addresses to DHCP clients."
 msgstr "Intento de instaurar direcciones IP secuenciales a cliente DHCP"
 
-#: option.c:500
+#: option.c:529
 #, fuzzy
 msgid "Ignore client identifier option sent by DHCP clients."
 msgstr "Ignorar nombres de host brindados por clientes DHCP."
 
-#: option.c:501
+#: option.c:530
 msgid "Copy connection-track mark from queries to upstream connections."
 msgstr "Copiar la marca de connection-track desde los filtros a las conexiones salientes"
 
-#: option.c:502
+#: option.c:531
 msgid "Allow DHCP clients to do their own DDNS updates."
 msgstr "Permite a clientes DHCP realizar sus propias actualizaciones DDNS"
 
-#: option.c:503
+#: option.c:532
 msgid "Send router-advertisements for interfaces doing DHCPv6"
 msgstr "Enviar anuncios del router a los interfases realizando DHCPv6"
 
-#: option.c:504
+#: option.c:533
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
 msgstr ""
 
-#: option.c:505
+#: option.c:534
 #, fuzzy
 msgid "Specify host (A/AAAA and PTR) records"
 msgstr "Especificar un expediente MX."
 
-#: option.c:506
+#: option.c:535
 msgid "Specify host record in interface subnet"
 msgstr ""
 
-#: option.c:507
+#: option.c:536
 msgid "Specify certification authority authorization record"
 msgstr ""
 
-#: option.c:508
+#: option.c:537
 #, fuzzy
 msgid "Specify arbitrary DNS resource record"
 msgstr "Especificar expediente DNS TXT."
 
-#: option.c:509
+#: option.c:538
 #, fuzzy
 msgid "Bind to interfaces in use - check for new interfaces"
 msgstr "interfase desconocida %s en bridge-interfase"
 
-#: option.c:510
+#: option.c:539
 msgid "Export local names to global DNS"
 msgstr "Exportar nombres DNS locales a globales"
 
-#: option.c:511
+#: option.c:540
 msgid "Domain to export to global DNS"
 msgstr "Dominio a exportar a DNS global"
 
-#: option.c:512
+#: option.c:541
 msgid "Set TTL for authoritative replies"
 msgstr "Fijar TTL para respuestas autoritarias"
 
-#: option.c:513
+#: option.c:542
 #, fuzzy
 msgid "Set authoritative zone information"
 msgstr "Fijar información de zona autoritaria"
 
-#: option.c:514
+#: option.c:543
 msgid "Secondary authoritative nameservers for forward domains"
 msgstr "Nombres de servidor secundario autoritatorios para dominios enviados"
 
-#: option.c:515
+#: option.c:544
 msgid "Peers which are allowed to do zone transfer"
 msgstr "Colegas autorizados a la zona de transferencia (transfer)"
 
-#: option.c:516
+#: option.c:545
 msgid "Specify ipsets to which matching domains should be added"
 msgstr "Especificar los ipsets coincidentes en dominio que debrían ser añadidos"
 
-#: option.c:517
+#: option.c:546
+#, fuzzy
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr "Especificar los ipsets coincidentes en dominio que debrían ser añadidos"
+
+#: option.c:547
 msgid "Enable filtering of DNS queries with connection-track marks."
 msgstr ""
 
-#: option.c:518
+#: option.c:548
 msgid "Set allowed DNS patterns for a connection-track mark."
 msgstr ""
 
-#: option.c:519
+#: option.c:549
 #, fuzzy
 msgid "Specify a domain and address range for synthesised names"
 msgstr "Especificar dominio y rango de direcciones para los nombres acrónimos"
 
-#: option.c:520
+#: option.c:550
 msgid "Activate DNSSEC validation"
 msgstr ""
 
-#: option.c:521
+#: option.c:551
 msgid "Specify trust anchor key digest."
 msgstr ""
 
-#: option.c:522
+#: option.c:552
 msgid "Disable upstream checking for DNSSEC debugging."
 msgstr ""
 
-#: option.c:523
+#: option.c:553
 msgid "Ensure answers without DNSSEC are in unsigned zones."
 msgstr ""
 
-#: option.c:524
+#: option.c:554
 msgid "Don't check DNSSEC signature timestamps until first cache-reload"
 msgstr ""
 
-#: option.c:525
+#: option.c:555
 msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr ""
 
-#: option.c:526
+#: option.c:556
 msgid "Set MTU, priority, resend-interval and router-lifetime"
 msgstr ""
 
-#: option.c:527
+#: option.c:557
 msgid "Do not log routine DHCP."
 msgstr ""
 
-#: option.c:528
+#: option.c:558
 msgid "Do not log routine DHCPv6."
 msgstr ""
 
-#: option.c:529
+#: option.c:559
 msgid "Do not log RA."
 msgstr ""
 
-#: option.c:530
+#: option.c:560
 msgid "Log debugging information."
 msgstr ""
 
-#: option.c:531
+#: option.c:561
 msgid "Accept queries only from directly-connected networks."
 msgstr ""
 
-#: option.c:532
+#: option.c:562
 msgid "Detect and remove DNS forwarding loops."
 msgstr ""
 
-#: option.c:533
+#: option.c:563
 msgid "Ignore DNS responses containing ipaddr."
 msgstr ""
 
-#: option.c:534
+#: option.c:564
 msgid "Set TTL in DNS responses with DHCP-derived addresses."
 msgstr ""
 
-#: option.c:535
+#: option.c:565
 msgid "Delay DHCP replies for at least number of seconds."
 msgstr ""
 
-#: option.c:536
+#: option.c:566
 msgid "Enables DHCPv4 Rapid Commit option."
 msgstr ""
 
-#: option.c:537
+#: option.c:567
 msgid "Path to debug packet dump file"
 msgstr ""
 
-#: option.c:538
+#: option.c:568
 msgid "Mask which packets to dump"
 msgstr ""
 
-#: option.c:539
+#: option.c:569
 msgid "Call dhcp-script when lease expiry changes."
 msgstr ""
 
-#: option.c:540
+#: option.c:570
 msgid "Send Cisco Umbrella identifiers including remote IP."
 msgstr ""
 
-#: option.c:541
+#: option.c:571
 msgid "Do not log routine TFTP."
 msgstr ""
 
-#: option.c:771
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
+#: option.c:802
 #, c-format
 msgid ""
 "Usage: dnsmasq [options]\n"
@@ -865,402 +921,449 @@ msgstr ""
 "Modo de uso: dnsmasq [opciones]\n"
 "\n"
 
-#: option.c:773
+#: option.c:804
 #, c-format
 msgid "Use short options only on the command line.\n"
 msgstr "Usar opciones cortas solo en la línea de comandos.\n"
 
-#: option.c:775
+#: option.c:806
 #, fuzzy, c-format
 msgid "Valid options are:\n"
 msgstr "Opciones válidas son :\n"
 
-#: option.c:822 option.c:933
+#: option.c:853 option.c:1055
 #, fuzzy
 msgid "bad address"
 msgstr "dirección IP errónea"
 
-#: option.c:847 option.c:851
+#: option.c:882 option.c:886
 msgid "bad port"
 msgstr "puerto erróneo"
 
-#: option.c:864 option.c:893 option.c:927
+#: option.c:899 option.c:1002 option.c:1048
 msgid "interface binding not supported"
 msgstr "vinculación de interfase no está soportado"
 
-#: option.c:888 option.c:922
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
 msgid "interface can only be specified once"
 msgstr ""
 
-#: option.c:901 option.c:4362
+#: option.c:1011 option.c:4785
 #, fuzzy
 msgid "bad interface name"
 msgstr "nombre de interfase erróneo"
 
-#: option.c:1192
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
+msgstr ""
+
+#: option.c:1124
+#, fuzzy
+msgid "bad IPv4 prefix length"
+msgstr "prefijo erróneo"
+
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr "error"
+
+#: option.c:1207
+#, fuzzy
+msgid "bad IPv6 prefix length"
+msgstr "prefijo erróneo"
+
+#: option.c:1467
 msgid "inappropriate vendor:"
 msgstr ""
 
-#: option.c:1199
+#: option.c:1474
 msgid "inappropriate encap:"
 msgstr ""
 
-#: option.c:1225
+#: option.c:1500
 msgid "unsupported encapsulation for IPv6 option"
 msgstr "Encapsulación no soportada para opción IPv6"
 
-#: option.c:1239
+#: option.c:1514
 msgid "bad dhcp-option"
 msgstr "opción dhcp-option errónea"
 
-#: option.c:1317
+#: option.c:1592
 #, fuzzy
 msgid "bad IP address"
 msgstr "dirección IP errónea"
 
-#: option.c:1320 option.c:1459 option.c:3551
+#: option.c:1595 option.c:1734 option.c:3928
 #, fuzzy
 msgid "bad IPv6 address"
 msgstr "dirección IP errónea"
 
-#: option.c:1413
+#: option.c:1688
 #, fuzzy
 msgid "bad IPv4 address"
 msgstr "dirección IP errónea"
 
-#: option.c:1486 option.c:1581
+#: option.c:1761 option.c:1856
 msgid "bad domain in dhcp-option"
 msgstr "dominio erróneo en dhcp-option"
 
-#: option.c:1625
+#: option.c:1900
 msgid "dhcp-option too long"
 msgstr "opción dhcp-option demasiado larga"
 
-#: option.c:1632
+#: option.c:1907
 msgid "illegal dhcp-match"
 msgstr "dhcp-match ilegal"
 
-#: option.c:1691
+#: option.c:1966
 msgid "illegal repeated flag"
 msgstr "opción repetida ilegal"
 
-#: option.c:1699
+#: option.c:1974
 msgid "illegal repeated keyword"
 msgstr "palabra clave repetida ilegal"
 
-#: option.c:1770 option.c:5080
+#: option.c:2056 option.c:5533
 #, fuzzy, c-format
 msgid "cannot access directory %s: %s"
 msgstr "no se puede acceder a directorio %s: %s"
 
-#: option.c:1816 tftp.c:566 dump.c:68
+#: option.c:2102 tftp.c:573 dump.c:72
 #, fuzzy, c-format
 msgid "cannot access %s: %s"
 msgstr "no se puede acceder %s: %s"
 
-#: option.c:1931
+#: option.c:2219
 msgid "setting log facility is not possible under Android"
 msgstr "la creación de un registro no es posible en Android"
 
-#: option.c:1940
+#: option.c:2228
 msgid "bad log facility"
 msgstr "ubicación del registro errónea"
 
-#: option.c:1993
+#: option.c:2281
 msgid "bad MX preference"
 msgstr "preferencia MX errónea"
 
-#: option.c:1998
+#: option.c:2289
 msgid "bad MX name"
 msgstr "nombre MX erróneo"
 
-#: option.c:2012
+#: option.c:2304
 msgid "bad MX target"
 msgstr "destino MX erróneo"
 
-#: option.c:2032
+#: option.c:2324
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
 msgstr "recompilar con HAVE_SCRIPT definido para habilitar guiónes de cambio de concesión"
 
-#: option.c:2036
+#: option.c:2328
 #, fuzzy
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
 msgstr "recompilar con HAVE_SCRIPT definido para habilitar 'scripts' en Lua"
 
-#: option.c:2291 option.c:2327
+#: option.c:2447
+#, fuzzy
+msgid "invalid auth-zone"
+msgstr "rango alias inválido"
+
+#: option.c:2589 option.c:2621
 #, fuzzy
 msgid "bad prefix length"
 msgstr "prefijo erróneo"
 
-#: option.c:2303 option.c:2348 option.c:2398
+#: option.c:2601 option.c:2642 option.c:2696
 #, fuzzy
 msgid "bad prefix"
 msgstr "prefijo erróneo"
 
-#: option.c:2418
+#: option.c:2716
 #, fuzzy
 msgid "prefix length too small"
 msgstr "la longitud del prefijo debe ser al menos 64"
 
-#: option.c:2697
+#: option.c:3010
 #, fuzzy
 msgid "Bad address in --address"
 msgstr "dirección en uso"
 
-#: option.c:2751
-#, fuzzy
-msgid "bad IPv4 prefix"
-msgstr "prefijo erróneo"
-
-#: option.c:2756 option.c:3569
+#: option.c:3110
 #, fuzzy
-msgid "bad IPv6 prefix"
-msgstr "prefijo erróneo"
+msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+msgstr "recompilar con HAVE_SCRIPT definido para habilitar directivas ipset"
 
-#: option.c:2777
+#: option.c:3117
 #, fuzzy
-msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
 msgstr "recompilar con HAVE_SCRIPT definido para habilitar directivas ipset"
 
-#: option.c:2843 option.c:2861
+#: option.c:3192 option.c:3210
 #, fuzzy
 msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
 msgstr "recompilar con HAVE_SCRIPT definido para habilitar directivas ipset"
 
-#: option.c:3119
+#: option.c:3496
 #, fuzzy
 msgid "bad port range"
 msgstr "rango de puertos erróneo"
 
-#: option.c:3145
+#: option.c:3522
 msgid "bad bridge-interface"
 msgstr "opción bridge-interface (interfase puente) errónea"
 
-#: option.c:3189
+#: option.c:3566
 msgid "bad shared-network"
 msgstr ""
 
-#: option.c:3243
+#: option.c:3620
 msgid "only one tag allowed"
 msgstr "solo una etiqueta permitida"
 
-#: option.c:3264 option.c:3280 option.c:3406 option.c:3414 option.c:3457
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
 msgid "bad dhcp-range"
 msgstr "opción dhcp-range (rango DHCP) errónea"
 
-#: option.c:3298
+#: option.c:3675
 msgid "inconsistent DHCP range"
 msgstr "rango DHCP inconsistente"
 
-#: option.c:3364
+#: option.c:3741
 msgid "prefix length must be exactly 64 for RA subnets"
 msgstr "la longitud del prefijo debe ser 64 exacto para subredes RA"
 
-#: option.c:3366
+#: option.c:3743
 msgid "prefix length must be exactly 64 for subnet constructors"
 msgstr "la longitud del prefijo debe ser 64 exacto para subredes constructoras"
 
-#: option.c:3369
+#: option.c:3746
 msgid "prefix length must be at least 64"
 msgstr "la longitud del prefijo debe ser al menos 64"
 
-#: option.c:3372
+#: option.c:3749
 #, fuzzy
 msgid "inconsistent DHCPv6 range"
 msgstr "rango DHCP inconsistente"
 
-#: option.c:3391
+#: option.c:3768
 msgid "prefix must be zero with \"constructor:\" argument"
 msgstr "prefijo debe ser cero con argumento \"constructor:\""
 
-#: option.c:3516 option.c:3594
+#: option.c:3893 option.c:3971
 #, fuzzy
 msgid "bad hex constant"
 msgstr "constante hexadecimal errónea"
 
-#: option.c:3617
+#: option.c:3946
+#, fuzzy
+msgid "bad IPv6 prefix"
+msgstr "prefijo erróneo"
+
+#: option.c:3994
 #, fuzzy, c-format
 msgid "duplicate dhcp-host IP address %s"
 msgstr "dirección IP duplicada %s en %s."
 
-#: option.c:3678
+#: option.c:4056
 #, fuzzy
 msgid "bad DHCP host name"
 msgstr "nombre de host DHCP erróneo"
 
-#: option.c:3764
+#: option.c:4142
 #, fuzzy
 msgid "bad tag-if"
 msgstr "etiqueta tag-if errónea"
 
-#: option.c:4107 option.c:4623
+#: option.c:4490 option.c:5046
 msgid "invalid port number"
 msgstr "número de puerto inválido"
 
-#: option.c:4163
+#: option.c:4546
 #, fuzzy
 msgid "bad dhcp-proxy address"
 msgstr "dirección IP errónea"
 
-#: option.c:4204
+#: option.c:4627
 #, fuzzy
 msgid "Bad dhcp-relay"
 msgstr "opción dhcp-range (rango DHCP) errónea"
 
-#: option.c:4248
+#: option.c:4671
 msgid "bad RA-params"
 msgstr ""
 
-#: option.c:4258
+#: option.c:4681
 msgid "bad DUID"
 msgstr "DUID erróneo"
 
-#: option.c:4292
+#: option.c:4715
 #, fuzzy
 msgid "missing address in alias"
 msgstr "dirección en uso"
 
-#: option.c:4298
+#: option.c:4721
 #, fuzzy
 msgid "invalid alias range"
 msgstr "rango alias inválido"
 
-#: option.c:4347
+#: option.c:4770
 #, fuzzy
 msgid "missing address in dynamic host"
 msgstr "dirección en uso"
 
-#: option.c:4362
+#: option.c:4785
 #, fuzzy
 msgid "bad dynamic host"
 msgstr "no se puede acceder a directorio %s: %s"
 
-#: option.c:4380 option.c:4396
+#: option.c:4803 option.c:4819
 msgid "bad CNAME"
 msgstr "CNAME erróneo"
 
-#: option.c:4404
+#: option.c:4827
 msgid "duplicate CNAME"
 msgstr "CNAME duplicado"
 
-#: option.c:4431
+#: option.c:4854
 #, fuzzy
 msgid "bad PTR record"
 msgstr "registro PTR erróneo"
 
-#: option.c:4466
+#: option.c:4889
 #, fuzzy
 msgid "bad NAPTR record"
 msgstr "registro NAPTR erróneo"
 
-#: option.c:4502
+#: option.c:4925
 #, fuzzy
 msgid "bad RR record"
 msgstr "registro PTR erróneo"
 
-#: option.c:4535
+#: option.c:4958
 #, fuzzy
 msgid "bad CAA record"
 msgstr "registro PTR erróneo"
 
-#: option.c:4564
+#: option.c:4987
 msgid "bad TXT record"
 msgstr "registro TXT erróneo"
 
-#: option.c:4607
+#: option.c:5030
 msgid "bad SRV record"
 msgstr "registro SRV erróneo"
 
-#: option.c:4614
+#: option.c:5037
 msgid "bad SRV target"
 msgstr "destino SRV erróneo"
 
-#: option.c:4633
+#: option.c:5056
 msgid "invalid priority"
 msgstr "prioridad inválida"
 
-#: option.c:4638
+#: option.c:5061
 msgid "invalid weight"
 msgstr "peso inválido"
 
-#: option.c:4661
+#: option.c:5084
 #, fuzzy
 msgid "Bad host-record"
 msgstr "registro PTR erróneo"
 
-#: option.c:4700
+#: option.c:5123
 #, fuzzy
 msgid "Bad name in host-record"
 msgstr "nombre erróneo en %s"
 
-#: option.c:4742
+#: option.c:5165
 msgid "bad value for dnssec-check-unsigned"
 msgstr ""
 
-#: option.c:4778
+#: option.c:5201
 #, fuzzy
 msgid "bad trust anchor"
 msgstr "rango de puertos erróneo"
 
-#: option.c:4794
+#: option.c:5217
 msgid "bad HEX in trust anchor"
 msgstr ""
 
-#: option.c:4805
+#: option.c:5228
 #, fuzzy
 msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
 msgstr "opción no soportada (verificar que dnsmasq fue compilado con soporte para DHCP/TFTP/DBus)"
 
-#: option.c:4865
+#: option.c:5290
 msgid "missing \""
 msgstr "falta \""
 
-#: option.c:4922
+#: option.c:5347
 msgid "bad option"
 msgstr "opción errónea"
 
-#: option.c:4924
+#: option.c:5349
 msgid "extraneous parameter"
 msgstr "parámetro extraño"
 
-#: option.c:4926
+#: option.c:5351
 msgid "missing parameter"
 msgstr "parámetro ausente"
 
-#: option.c:4928
+#: option.c:5353
 #, fuzzy
 msgid "illegal option"
 msgstr "opción errónea"
 
-#: option.c:4935
-msgid "error"
-msgstr "error"
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
+msgstr ""
 
-#: option.c:4937
+#: option.c:5365
 #, fuzzy, c-format
 msgid " at line %d of %s"
 msgstr "%s en línea %d de %%s"
 
-#: option.c:4952 option.c:5229 option.c:5240
+#: option.c:5380 option.c:5683 option.c:5694
 #, fuzzy, c-format
 msgid "read %s"
 msgstr "lee %s"
 
-#: option.c:5015 option.c:5162 tftp.c:775
+#: option.c:5446
+#, fuzzy, c-format
+msgid "cannot execute %s: %s"
+msgstr "no se puede leer %s: %s"
+
+#: option.c:5454 option.c:5615 tftp.c:790
 #, c-format
 msgid "cannot read %s: %s"
 msgstr "no se puede leer %s: %s"
 
-#: option.c:5316
+#: option.c:5473
+#, fuzzy, c-format
+msgid "error executing %s: %s"
+msgstr "no se pudo ejecutar %s: %s"
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr ""
+
+#: option.c:5775
 msgid "junk found in command line"
 msgstr "basura encontrada en linea de comando"
 
-#: option.c:5356
+#: option.c:5815
 #, c-format
 msgid "Dnsmasq version %s  %s\n"
 msgstr "Versión dnsmasq %s  %s\n"
 
-#: option.c:5357
+#: option.c:5816
 #, fuzzy, c-format
 msgid ""
 "Compile time options: %s\n"
@@ -1269,665 +1372,704 @@ msgstr ""
 "Opciones de compilación %s\n"
 "\n"
 
-#: option.c:5358
+#: option.c:5817
 #, c-format
 msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
 msgstr "Este software viene SIN NINGUNA GARANTIA.\n"
 
-#: option.c:5359
+#: option.c:5818
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
 msgstr "Dnsmasq es software libre, y usted está autorizado a redistribuirlo\n"
 
-#: option.c:5360
+#: option.c:5819
 #, fuzzy, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
 msgstr "bajo los términos de la GNU General Public License, versión 2 o 3.\n"
 
-#: option.c:5377
+#: option.c:5836
 msgid "try --help"
 msgstr "pruebe --help"
 
-#: option.c:5379
+#: option.c:5838
 msgid "try -w"
 msgstr "pruebe -w"
 
-#: option.c:5381
+#: option.c:5840
 #, fuzzy, c-format
 msgid "bad command line options: %s"
 msgstr "opciones de línea de comandos erróneas: %s"
 
-#: option.c:5450
+#: option.c:5909
 #, c-format
 msgid "CNAME loop involving %s"
 msgstr ""
 
-#: option.c:5491
+#: option.c:5950
 #, c-format
 msgid "cannot get host-name: %s"
 msgstr "no se puede obtener host-name (nombre de host): %s"
 
-#: option.c:5519
+#: option.c:5978
 msgid "only one resolv.conf file allowed in no-poll mode."
 msgstr "solo un archivo resolv.conf está permitido en modo no-poll."
 
-#: option.c:5529
+#: option.c:5988
 msgid "must have exactly one resolv.conf to read domain from."
 msgstr "debe haber exáctamente un resolv.conf desde donde leer dominio."
 
-#: option.c:5532 network.c:1670 dhcp.c:880
+#: option.c:5991 network.c:1727 dhcp.c:892
 #, fuzzy, c-format
 msgid "failed to read %s: %s"
 msgstr "no se pudo leer %s: %s"
 
-#: option.c:5549
+#: option.c:6008
 #, c-format
 msgid "no search directive found in %s"
 msgstr "ninguna directiva de búsqueda encontrada en %s"
 
-#: option.c:5570
+#: option.c:6029
 #, fuzzy
 msgid "there must be a default domain when --dhcp-fqdn is set"
 msgstr "debe haber un dominio predeterminado cuando --dhcp-fqdn está fijado"
 
-#: option.c:5579
+#: option.c:6038
 msgid "syntax check OK"
 msgstr "revisión de sintaxis OK"
 
-#: forward.c:104
+#: forward.c:107
 #, fuzzy, c-format
 msgid "failed to send packet: %s"
 msgstr "no se pudo escuchar en socket: %s"
 
-#: forward.c:601
+#: forward.c:715
 msgid "discarding DNS reply: subnet option mismatch"
 msgstr ""
 
-#: forward.c:666
+#: forward.c:780
 #, c-format
 msgid "nameserver %s refused to do a recursive query"
 msgstr "servidor DNS %s rechazó realizar una búsqueda recursiva"
 
-#: forward.c:702
+#: forward.c:826
 #, fuzzy, c-format
 msgid "possible DNS-rebind attack detected: %s"
 msgstr "posible ataque de revinculación DNS detectado"
 
-#: forward.c:1074
+#: forward.c:1239
 #, c-format
 msgid "reducing DNS packet size for nameserver %s to %d"
 msgstr ""
 
-#: forward.c:1381 forward.c:1910
-msgid "Ignoring query from non-local network"
+#: forward.c:1565
+#, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
 msgstr ""
 
-#: forward.c:2198
+#: forward.c:2139
+#, c-format
+msgid "ignoring query from non-local network %s"
+msgstr ""
+
+#: forward.c:2501
 #, fuzzy, c-format
 msgid "failed to bind server socket to %s: %s"
 msgstr "no se pudo acoplar al zócalo del servidor para %s: %s"
 
-#: forward.c:2494
+#: forward.c:2867
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
 msgstr "Número máximo de búsquedas DNS simultáneas alcanzado. (%s por predeterminado)"
 
-#: forward.c:2496
+#: forward.c:2869
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
 msgstr "Número máximo de búsquedas DNS simultáneas alcanzado. (%s por predeterminado)"
 
-#: network.c:670
+#: network.c:700
 #, c-format
 msgid "stopped listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:867
+#: network.c:911
 #, fuzzy, c-format
 msgid "failed to create listening socket for %s: %s"
 msgstr "no se pudo crear un zócalo de escucha: %s"
 
-#: network.c:1148
+#: network.c:1192
 #, c-format
 msgid "listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:1175
+#: network.c:1219
 #, fuzzy, c-format
 msgid "listening on %s port %d"
 msgstr "TFTP no pudo enviar %s a %s"
 
-#: network.c:1208
+#: network.c:1252
 #, c-format
 msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
 msgstr ""
 
-#: network.c:1215
+#: network.c:1259
 msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
 msgstr ""
 
-#: network.c:1224
+#: network.c:1268
 #, fuzzy, c-format
 msgid "warning: using interface %s instead"
 msgstr "advertencia: interfase %s no existe actualmente"
 
-#: network.c:1233
+#: network.c:1277
 #, fuzzy, c-format
 msgid "warning: no addresses found for interface %s"
 msgstr "usando direcciones locales solo para %s %s"
 
-#: network.c:1291
+#: network.c:1335
 #, fuzzy, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
 msgstr "el interfase % falló al unirse al grupo multicast DHCPv6: %s"
 
-#: network.c:1296
+#: network.c:1340
 msgid "try increasing /proc/sys/net/core/optmem_max"
 msgstr ""
 
-#: network.c:1492
+#: network.c:1545
 #, fuzzy, c-format
 msgid "failed to bind server socket for %s: %s"
 msgstr "no se pudo acoplar al zócalo del servidor para %s: %s"
 
-#: network.c:1569
+#: network.c:1622
 #, c-format
 msgid "ignoring nameserver %s - local interface"
 msgstr "ignorando servidor DNS %s - interfase local"
 
-#: network.c:1580
+#: network.c:1633
 #, fuzzy, c-format
 msgid "ignoring nameserver %s - cannot make/bind socket: %s"
 msgstr "ignorando servidor DNS %s - no se puede crear/acoplar zócalo: %s"
 
-#: network.c:1598
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr ""
+
+#: network.c:1654
 msgid "(no DNSSEC)"
 msgstr ""
 
-#: network.c:1601
+#: network.c:1657
 msgid "unqualified"
 msgstr "no cualificado"
 
-#: network.c:1601
+#: network.c:1657
 msgid "names"
 msgstr "nombres"
 
-#: network.c:1603
+#: network.c:1659
 msgid "default"
 msgstr "predeterminado"
 
-#: network.c:1605
+#: network.c:1661
 msgid "domain"
 msgstr "dominio"
 
-#: network.c:1607
+#: network.c:1663
 #, fuzzy, c-format
 msgid "using nameserver %s#%d for %s %s%s %s"
 msgstr "usando nombre de servidor %s#%d para %s %s"
 
-#: network.c:1611
+#: network.c:1667
 #, fuzzy, c-format
 msgid "NOT using nameserver %s#%d - query loop detected"
 msgstr "usando nombre de servidor %s#%d para %s %s"
 
-#: network.c:1614
+#: network.c:1670
 #, fuzzy, c-format
 msgid "using nameserver %s#%d(via %s)"
 msgstr "usando nombre de servidor %s#%d(vía %s)"
 
-#: network.c:1616
+#: network.c:1672
 #, c-format
 msgid "using nameserver %s#%d"
 msgstr "usando nombre de servidor %s#%d"
 
-#: network.c:1630
+#: network.c:1687
 #, fuzzy, c-format
 msgid "using only locally-known addresses for %s"
 msgstr "usando direcciones locales solo para %s %s"
 
-#: network.c:1633
+#: network.c:1690
 #, fuzzy, c-format
 msgid "using standard nameservers for %s"
 msgstr "usando nombres estándar %s#%d para %s %s"
 
-#: network.c:1637
+#: network.c:1694
 #, fuzzy, c-format
 msgid "using %d more local addresses"
 msgstr "usando nombre de servidor %s#%d"
 
-#: network.c:1639
+#: network.c:1696
 #, fuzzy, c-format
 msgid "using %d more nameservers"
 msgstr "usando nombre de servidor %s#%d"
 
-#: dnsmasq.c:184
+#: dnsmasq.c:192
 msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
 msgstr ""
 
-#: dnsmasq.c:199
+#: dnsmasq.c:207
 msgid "no root trust anchor provided for DNSSEC"
 msgstr ""
 
-#: dnsmasq.c:202
+#: dnsmasq.c:210
 msgid "cannot reduce cache size from default when DNSSEC enabled"
 msgstr ""
 
-#: dnsmasq.c:204
+#: dnsmasq.c:212
 #, fuzzy
 msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
 msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
 
-#: dnsmasq.c:210
+#: dnsmasq.c:218
 #, fuzzy
 msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
 msgstr "servidor TFTP no disponible: fijar HAVE_TFTP en src/config.h"
 
-#: dnsmasq.c:217
+#: dnsmasq.c:225
 #, fuzzy
 msgid "cannot use --conntrack AND --query-port"
 msgstr "No puede usar --conntrack AND --query-port"
 
-#: dnsmasq.c:223
+#: dnsmasq.c:231
 #, fuzzy
 msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
 msgstr "servidor TFTP no disponible: fijar HAVE_TFTP en src/config.h"
 
-#: dnsmasq.c:228
+#: dnsmasq.c:236
 #, fuzzy
 msgid "asynchronous logging is not available under Solaris"
 msgstr "registro asíncrono no está disponible bajo Solaris"
 
-#: dnsmasq.c:233
+#: dnsmasq.c:241
 #, fuzzy
 msgid "asynchronous logging is not available under Android"
 msgstr "registro asíncrono no está disponible bajo Solaris"
 
-#: dnsmasq.c:238
+#: dnsmasq.c:246
 #, fuzzy
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
 msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
 
-#: dnsmasq.c:243
+#: dnsmasq.c:251
 #, fuzzy
 msgid "loop detection not available: set HAVE_LOOP in src/config.h"
 msgstr "servidor TFTP no disponible: fijar HAVE_TFTP en src/config.h"
 
-#: dnsmasq.c:248
+#: dnsmasq.c:256
 #, fuzzy
 msgid "Ubus not available: set HAVE_UBUS in src/config.h"
 msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
 
-#: dnsmasq.c:259
+#: dnsmasq.c:267
 msgid "max_port cannot be smaller than min_port"
 msgstr ""
 
-#: dnsmasq.c:266
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
 msgid "--auth-server required when an auth zone is defined."
 msgstr ""
 
-#: dnsmasq.c:271
+#: dnsmasq.c:283
 msgid "zone serial must be configured in --auth-soa"
 msgstr "zona serie debe ser configurada en --auth-soa"
 
-#: dnsmasq.c:291
+#: dnsmasq.c:303
 msgid "dhcp-range constructor not available on this platform"
 msgstr "constructor rango dhcp no disponible en esta plataforma"
 
-#: dnsmasq.c:355
+#: dnsmasq.c:377
 msgid "cannot set --bind-interfaces and --bind-dynamic"
 msgstr "no puede usar --bind-interfases y --bind-dynamic"
 
-#: dnsmasq.c:358
+#: dnsmasq.c:380
 #, c-format
 msgid "failed to find list of interfaces: %s"
 msgstr "no se pudo encontrar lista de interfases: %s"
 
-#: dnsmasq.c:367
+#: dnsmasq.c:389
 #, c-format
 msgid "unknown interface %s"
 msgstr "interfase desconocida %s"
 
-#: dnsmasq.c:437
+#: dnsmasq.c:396
+#, fuzzy, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr "no se pudo fijar SO_REUSE{ADDR|PORT} en socket DHCP: %s"
+
+#: dnsmasq.c:440
 #, fuzzy
 msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
 msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
 
-#: dnsmasq.c:445 dnsmasq.c:1207
+#: dnsmasq.c:448 dnsmasq.c:1232
 #, c-format
 msgid "DBus error: %s"
 msgstr "error DBus: %s"
 
-#: dnsmasq.c:448
+#: dnsmasq.c:451
 msgid "DBus not available: set HAVE_DBUS in src/config.h"
 msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
 
-#: dnsmasq.c:456 dnsmasq.c:1228
+#: dnsmasq.c:459 dnsmasq.c:1253
 #, fuzzy, c-format
 msgid "UBus error: %s"
 msgstr "error DBus: %s"
 
-#: dnsmasq.c:459
+#: dnsmasq.c:462
 #, fuzzy
 msgid "UBus not available: set HAVE_UBUS in src/config.h"
 msgstr "DBus no disponible: fijar HAVE_DBUS en src/config.h"
 
-#: dnsmasq.c:489
+#: dnsmasq.c:492
 #, c-format
 msgid "unknown user or group: %s"
 msgstr "usuario o grupo desconocido: %s"
 
-#: dnsmasq.c:565
+#: dnsmasq.c:568
 #, c-format
 msgid "process is missing required capability %s"
 msgstr ""
 
-#: dnsmasq.c:597
+#: dnsmasq.c:600
 #, c-format
 msgid "cannot chdir to filesystem root: %s"
 msgstr "no se puede cambiar directorio a raíz de sistema de archivos: %s"
 
-#: dnsmasq.c:845
+#: dnsmasq.c:852
 #, fuzzy, c-format
 msgid "started, version %s DNS disabled"
 msgstr "iniciado, versión %s DNS deshabilitado"
 
-#: dnsmasq.c:850
+#: dnsmasq.c:857
 #, c-format
 msgid "started, version %s cachesize %d"
 msgstr "iniciado, versión %s tamaño de caché %d"
 
-#: dnsmasq.c:852
+#: dnsmasq.c:859
 msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
 msgstr ""
 
-#: dnsmasq.c:855
+#: dnsmasq.c:862
 #, c-format
 msgid "started, version %s cache disabled"
 msgstr "iniciado, versión %s caché deshabilitado"
 
-#: dnsmasq.c:858
+#: dnsmasq.c:865
 msgid "DNS service limited to local subnets"
 msgstr ""
 
-#: dnsmasq.c:861
+#: dnsmasq.c:868
 #, c-format
 msgid "compile time options: %s"
 msgstr "opciones de compilación: %s"
 
-#: dnsmasq.c:870
+#: dnsmasq.c:877
 msgid "DBus support enabled: connected to system bus"
 msgstr "soporte DBus habilitado: conectado a bus de sistema"
 
-#: dnsmasq.c:872
+#: dnsmasq.c:879
 msgid "DBus support enabled: bus connection pending"
 msgstr "soporte DBus habilitado: conexión a bus pendiente"
 
-#: dnsmasq.c:880
+#: dnsmasq.c:887
 #, fuzzy
 msgid "UBus support enabled: connected to system bus"
 msgstr "soporte DBus habilitado: conectado a bus de sistema"
 
-#: dnsmasq.c:882
+#: dnsmasq.c:889
 #, fuzzy
 msgid "UBus support enabled: bus connection pending"
 msgstr "soporte DBus habilitado: conexión a bus pendiente"
 
-#: dnsmasq.c:902
+#: dnsmasq.c:909
 msgid "DNSSEC validation enabled but all unsigned answers are trusted"
 msgstr ""
 
-#: dnsmasq.c:904
+#: dnsmasq.c:911
 msgid "DNSSEC validation enabled"
 msgstr ""
 
-#: dnsmasq.c:908
+#: dnsmasq.c:915
 msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
 msgstr ""
 
-#: dnsmasq.c:911
+#: dnsmasq.c:918
 msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr ""
 
-#: dnsmasq.c:914
+#: dnsmasq.c:921
 #, c-format
 msgid "configured with trust anchor for %s keytag %u"
 msgstr ""
 
-#: dnsmasq.c:920
+#: dnsmasq.c:927
 #, fuzzy, c-format
 msgid "warning: failed to change owner of %s: %s"
 msgstr "advertencia: no se pudo cambiar propietario de %s: %s"
 
-#: dnsmasq.c:924
+#: dnsmasq.c:932
 msgid "setting --bind-interfaces option because of OS limitations"
 msgstr "fijando opción --bind-interfases debido a limitaciones de sistema operativo"
 
-#: dnsmasq.c:936
+#: dnsmasq.c:945
 #, c-format
 msgid "warning: interface %s does not currently exist"
 msgstr "advertencia: interfase %s no existe actualmente"
 
-#: dnsmasq.c:941
+#: dnsmasq.c:950
 msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr "advertencia: ignorando opción resolv-file porque no-resolv está fijado"
 
-#: dnsmasq.c:944
+#: dnsmasq.c:953
 #, fuzzy
 msgid "warning: no upstream servers configured"
 msgstr "advertencia: ningún servidor de subida configurado"
 
-#: dnsmasq.c:948
+#: dnsmasq.c:957
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
 msgstr "registro asíncrono habilitado, el límite de la cola es %d mensajes"
 
-#: dnsmasq.c:969
+#: dnsmasq.c:978
 msgid "IPv6 router advertisement enabled"
 msgstr "Anuncio de router IPv6 habilitado"
 
-#: dnsmasq.c:974
+#: dnsmasq.c:983
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "root is "
 msgstr "root está "
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 #, fuzzy
 msgid "enabled"
 msgstr "habilitado"
 
-#: dnsmasq.c:993
+#: dnsmasq.c:1002
 msgid "secure mode"
 msgstr "modo seguro"
 
-#: dnsmasq.c:994
+#: dnsmasq.c:1003
 #, fuzzy
 msgid "single port mode"
 msgstr "número de puerto inválido"
 
-#: dnsmasq.c:997
+#: dnsmasq.c:1006
 #, c-format
 msgid "warning: %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1001
+#: dnsmasq.c:1010
 #, fuzzy, c-format
 msgid "warning: TFTP directory %s inaccessible"
 msgstr "directorio TFTP % inaccesible: %s"
 
-#: dnsmasq.c:1027
+#: dnsmasq.c:1036
 #, c-format
 msgid "restricting maximum simultaneous TFTP transfers to %d"
 msgstr "limitando número máximo de transferencias TFTP simultáneas a %d"
 
-#: dnsmasq.c:1204
+#: dnsmasq.c:1095
+#, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr ""
+
+#: dnsmasq.c:1229
 msgid "connected to system DBus"
 msgstr "conectado a DBus de sistema"
 
-#: dnsmasq.c:1225
+#: dnsmasq.c:1250
 #, fuzzy
 msgid "connected to system UBus"
 msgstr "conectado a DBus de sistema"
 
-#: dnsmasq.c:1391
+#: dnsmasq.c:1416
 #, c-format
 msgid "cannot fork into background: %s"
 msgstr "no se puede hacer fork en background: %s"
 
-#: dnsmasq.c:1395
+#: dnsmasq.c:1420
 #, fuzzy, c-format
 msgid "failed to create helper: %s"
 msgstr "no se pudo crear ayudante: %s"
 
-#: dnsmasq.c:1399
+#: dnsmasq.c:1424
 #, fuzzy, c-format
 msgid "setting capabilities failed: %s"
 msgstr "configuración de capacidades ha fallado: %s"
 
-#: dnsmasq.c:1403
+#: dnsmasq.c:1428
 #, fuzzy, c-format
 msgid "failed to change user-id to %s: %s"
 msgstr "no se pudo cambiar user-id a %s: %s"
 
-#: dnsmasq.c:1407
+#: dnsmasq.c:1432
 #, fuzzy, c-format
 msgid "failed to change group-id to %s: %s"
 msgstr "no se pudo cambiar group-id a %s: %s"
 
-#: dnsmasq.c:1411
+#: dnsmasq.c:1436
 #, fuzzy, c-format
 msgid "failed to open pidfile %s: %s"
 msgstr "no se pudo abrir archivo PID %s: %s"
 
-#: dnsmasq.c:1415
+#: dnsmasq.c:1440
 #, fuzzy, c-format
 msgid "cannot open log %s: %s"
 msgstr "no se puede abrir registro %s: %s"
 
-#: dnsmasq.c:1419
+#: dnsmasq.c:1444
 #, fuzzy, c-format
 msgid "failed to load Lua script: %s"
 msgstr "no se pudo cargar script Lua %s: %s"
 
-#: dnsmasq.c:1423
+#: dnsmasq.c:1448
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
 msgstr "directorio TFTP % inaccesible: %s"
 
-#: dnsmasq.c:1427
+#: dnsmasq.c:1452
 #, fuzzy, c-format
 msgid "cannot create timestamp file %s: %s"
 msgstr "no se puede abrir o crear archivo de concesión %s: %s"
 
-#: dnsmasq.c:1511
+#: dnsmasq.c:1536
 #, fuzzy, c-format
 msgid "script process killed by signal %d"
 msgstr "proceso script eliminado por señal %d"
 
-#: dnsmasq.c:1515
+#: dnsmasq.c:1540
 #, fuzzy, c-format
 msgid "script process exited with status %d"
 msgstr "proceso script salió con con estado %d"
 
-#: dnsmasq.c:1519
+#: dnsmasq.c:1544
 #, fuzzy, c-format
 msgid "failed to execute %s: %s"
 msgstr "no se pudo ejecutar %s: %s"
 
-#: dnsmasq.c:1559
+#: dnsmasq.c:1584
 msgid "now checking DNSSEC signature timestamps"
 msgstr ""
 
-#: dnsmasq.c:1594 dnssec.c:160 dnssec.c:204
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
 #, fuzzy, c-format
 msgid "failed to update mtime on %s: %s"
 msgstr "no se pudo abrir archivo PID %s: %s"
 
-#: dnsmasq.c:1606
+#: dnsmasq.c:1631
 msgid "exiting on receipt of SIGTERM"
 msgstr "saliendo al recibir SIGTERM"
 
-#: dnsmasq.c:1634
+#: dnsmasq.c:1659
 #, fuzzy, c-format
 msgid "failed to access %s: %s"
 msgstr "no se pudo acceder %s: %s"
 
-#: dnsmasq.c:1664
+#: dnsmasq.c:1690
 #, c-format
 msgid "reading %s"
 msgstr "leyendo %s"
 
-#: dnsmasq.c:1675
+#: dnsmasq.c:1706
 #, fuzzy, c-format
 msgid "no servers found in %s, will retry"
 msgstr "ningún servidor encontrado en %s, se reintentará"
 
-#: dhcp.c:53
+#: dhcp.c:51
 #, c-format
 msgid "cannot create DHCP socket: %s"
 msgstr "no se puede crear zócalo DHCP: %s"
 
-#: dhcp.c:68
+#: dhcp.c:66
 #, c-format
 msgid "failed to set options on DHCP socket: %s"
 msgstr "no se pudo fijar opciones en zócalo DHCP: %s"
 
-#: dhcp.c:89
+#: dhcp.c:87
 #, fuzzy, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
 msgstr "no se pudo fijar SO_REUSE{ADDR|PORT} en zócalo DHCP: %s"
 
-#: dhcp.c:101
+#: dhcp.c:99
 #, c-format
 msgid "failed to bind DHCP server socket: %s"
 msgstr "no se pudo acoplar zócalo de servidor DHCP: %s"
 
-#: dhcp.c:127
+#: dhcp.c:125
 #, c-format
 msgid "cannot create ICMP raw socket: %s."
 msgstr "no se puede crear zócalo puro ICMP: %s."
 
-#: dhcp.c:252 dhcp6.c:180
+#: dhcp.c:254 dhcp6.c:186
 #, fuzzy, c-format
 msgid "unknown interface %s in bridge-interface"
 msgstr "interfase desconocida %s en bridge-interface"
 
-#: dhcp.c:293
+#: dhcp.c:295
 #, c-format
 msgid "DHCP packet received on %s which has no address"
 msgstr "Paquete DHCP recibido en %s que no tiene dirección"
 
-#: dhcp.c:428
+#: dhcp.c:429
 #, c-format
 msgid "ARP-cache injection failed: %s"
 msgstr ""
 
-#: dhcp.c:473
+#: dhcp.c:490
 #, c-format
 msgid "Error sending DHCP packet to %s: %s"
 msgstr ""
 
-#: dhcp.c:530
+#: dhcp.c:547
 #, c-format
 msgid "DHCP range %s -- %s is not consistent with netmask %s"
 msgstr "rango DHCP %s -- %s no coincide con máscara de subred %s"
 
-#: dhcp.c:918
+#: dhcp.c:930
 #, fuzzy, c-format
 msgid "bad line at %s line %d"
 msgstr "línea errónea en %s línea %d"
 
-#: dhcp.c:961
+#: dhcp.c:973
 #, c-format
 msgid "ignoring %s line %d, duplicate name or IP address"
 msgstr "ignorando %s línea %d, nombre o dirección IP duplicada"
 
-#: dhcp.c:1105 rfc3315.c:2182
+#: dhcp.c:1034
+#, c-format
+msgid "read %s - %d addresses"
+msgstr "direcciónes %s - %d leídas"
+
+#: dhcp.c:1136
+#, fuzzy, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr "No puede hacer multicast DHCPv6 sin el interfase correcto"
+
+#: dhcp.c:1160
 #, c-format
-msgid "DHCP relay %s -> %s"
+msgid "broadcast via %s"
+msgstr ""
+
+#: dhcp.c:1163 rfc3315.c:2219
+#, fuzzy, c-format
+msgid "DHCP relay at %s -> %s"
 msgstr "DHCP relay %s -> %s"
 
 #: lease.c:64
@@ -1997,7 +2139,7 @@ msgstr "ning
 msgid "%u available DHCP subnet: %s/%s"
 msgstr "%u Subred DHCP disponible: %s/%s"
 
-#: rfc2131.c:409 rfc3315.c:319
+#: rfc2131.c:409 rfc3315.c:320
 #, fuzzy, c-format
 msgid "%u available DHCP range: %s -- %s"
 msgstr "%u Rango DHCP disponible: %s -- %s"
@@ -2016,12 +2158,12 @@ msgstr "%u Clase de usuario: %s"
 msgid "disabled"
 msgstr "deshabilitado"
 
-#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1532 rfc3315.c:632 rfc3315.c:815
-#: rfc3315.c:1121
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
 msgid "ignored"
 msgstr "ignorado"
 
-#: rfc2131.c:613 rfc2131.c:1333 rfc3315.c:867
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
 msgid "address in use"
 msgstr "dirección en uso"
 
@@ -2029,7 +2171,7 @@ msgstr "direcci
 msgid "no address available"
 msgstr "ninguna dirección disponible"
 
-#: rfc2131.c:634 rfc2131.c:1295
+#: rfc2131.c:634 rfc2131.c:1302
 msgid "wrong network"
 msgstr "red equivocada"
 
@@ -2037,11 +2179,11 @@ msgstr "red equivocada"
 msgid "no address configured"
 msgstr "ninguna dirección configurada"
 
-#: rfc2131.c:655 rfc2131.c:1346
+#: rfc2131.c:655 rfc2131.c:1353
 msgid "no leases left"
 msgstr "no sobra ninguna concesión"
 
-#: rfc2131.c:756 rfc3315.c:499
+#: rfc2131.c:756 rfc3315.c:500
 #, fuzzy, c-format
 msgid "%u client provides name: %s"
 msgstr "%u cliente provee nombre: %s"
@@ -2050,7 +2192,7 @@ msgstr "%u cliente provee nombre: %s"
 msgid "PXE BIS not supported"
 msgstr "no hay soporte para BIS PXE"
 
-#: rfc2131.c:1054 rfc3315.c:1222
+#: rfc2131.c:1054 rfc3315.c:1223
 #, fuzzy, c-format
 msgid "disabling DHCP static address %s for %s"
 msgstr "deshabilitando dirección DHCP estática %s para %s"
@@ -2074,108 +2216,108 @@ msgstr "no usando direcci
 msgid "not using configured address %s because it was previously declined"
 msgstr "no usando dirección configurada %s porque fué previamente denegada"
 
-#: rfc2131.c:1139 rfc2131.c:1339
+#: rfc2131.c:1139 rfc2131.c:1346
 msgid "no unique-id"
 msgstr "ningún unique-id (identificación única)"
 
-#: rfc2131.c:1231
+#: rfc2131.c:1238
 msgid "wrong server-ID"
 msgstr "ID de servidor equivocada"
 
-#: rfc2131.c:1250
+#: rfc2131.c:1257
 msgid "wrong address"
 msgstr "dirección equivocada"
 
-#: rfc2131.c:1268 rfc3315.c:975
+#: rfc2131.c:1275 rfc3315.c:976
 msgid "lease not found"
 msgstr "concesión no encontrada"
 
-#: rfc2131.c:1303
+#: rfc2131.c:1310
 msgid "address not available"
 msgstr "dirección no disponible"
 
-#: rfc2131.c:1314
+#: rfc2131.c:1321
 msgid "static lease available"
 msgstr "concesión estática disponible"
 
-#: rfc2131.c:1318
+#: rfc2131.c:1325
 msgid "address reserved"
 msgstr "dirección reservada"
 
-#: rfc2131.c:1327
+#: rfc2131.c:1334
 #, c-format
 msgid "abandoning lease to %s of %s"
 msgstr "abandonando concesión a %s de %s"
 
-#: rfc2131.c:1866
+#: rfc2131.c:1870
 #, c-format
 msgid "%u bootfile name: %s"
 msgstr "%u nombre de bootfile: %s"
 
-#: rfc2131.c:1875
+#: rfc2131.c:1879
 #, c-format
 msgid "%u server name: %s"
 msgstr "%u nombre de servidor: %s"
 
-#: rfc2131.c:1885
+#: rfc2131.c:1889
 #, fuzzy, c-format
 msgid "%u next server: %s"
 msgstr "%u siguiente servidor: %s"
 
-#: rfc2131.c:1889
+#: rfc2131.c:1893
 #, c-format
 msgid "%u broadcast response"
 msgstr "%u respuesta broadcast"
 
-#: rfc2131.c:1952
+#: rfc2131.c:1956
 #, fuzzy, c-format
 msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
 msgstr "no se puede enviar opción DHCP/BOOTP %d: no queda espacio en el paquete"
 
-#: rfc2131.c:2262
+#: rfc2131.c:2267
 msgid "PXE menu too large"
 msgstr "menú PXE demasiado largo"
 
-#: rfc2131.c:2425 rfc3315.c:1511
+#: rfc2131.c:2430 rfc3315.c:1517
 #, fuzzy, c-format
 msgid "%u requested options: %s"
 msgstr "%u opciones solicitadas: %s"
 
-#: rfc2131.c:2742
+#: rfc2131.c:2747
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
 msgstr "no se puede enviar opción RFC3925: demasiadas opciones para número enterprise %d"
 
-#: rfc2131.c:2805
+#: rfc2131.c:2810
 #, c-format
 msgid "%u reply delay: %d"
 msgstr ""
 
-#: netlink.c:93
+#: netlink.c:86
 #, fuzzy, c-format
 msgid "cannot create netlink socket: %s"
 msgstr "no se puede crear zócalo netlink: %s"
 
-#: netlink.c:377
+#: netlink.c:379
 #, fuzzy, c-format
 msgid "netlink returns error: %s"
 msgstr "netlink retorna error: %s"
 
-#: dbus.c:434
+#: dbus.c:491
 #, c-format
 msgid "Enabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:439
+#: dbus.c:496
 #, c-format
 msgid "Disabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:713
+#: dbus.c:857
 msgid "setting upstream servers from DBus"
 msgstr "fijando servidores subida desde DBus"
 
-#: dbus.c:760
+#: dbus.c:907
 msgid "could not register a DBus message handler"
 msgstr "no se pudo registrar un manejador de mensajes DBus"
 
@@ -2202,51 +2344,51 @@ msgstr ""
 msgid "lease() function missing in Lua script"
 msgstr "la función lease() no se encuentra en el script Lua"
 
-#: tftp.c:349
+#: tftp.c:353
 msgid "unable to get free port for TFTP"
 msgstr "incapaz de conseguir puerto libre para TFTP"
 
-#: tftp.c:365
+#: tftp.c:369
 #, c-format
 msgid "unsupported request from %s"
 msgstr "pedido no-soportado desde %s"
 
-#: tftp.c:512
+#: tftp.c:520
 #, fuzzy, c-format
-msgid "file %s not found"
-msgstr "archivo %s no encontrado"
+msgid "file %s not found for %s"
+msgstr "archivo %s no encontrado por %s"
 
-#: tftp.c:602
+#: tftp.c:609
 #, c-format
 msgid "ignoring packet from %s (TID mismatch)"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, fuzzy, c-format
 msgid "failed sending %s to %s"
 msgstr "TFTP no pudo enviar %s a %s"
 
-#: tftp.c:646
+#: tftp.c:662
 #, fuzzy, c-format
 msgid "sent %s to %s"
 msgstr "TFTP envió %s a %s"
 
-#: tftp.c:696
+#: tftp.c:712
 #, fuzzy, c-format
 msgid "error %d %s received from %s"
 msgstr "error TFTP %d %s recibido de %s"
 
-#: log.c:190
+#: log.c:203
 #, c-format
 msgid "overflow: %d log entries lost"
 msgstr "desbordamiento: %d entradas de registro perdidas"
 
-#: log.c:268
+#: log.c:281
 #, c-format
 msgid "log failed: %s"
 msgstr "registro falló: %s"
 
-#: log.c:477
+#: log.c:490
 msgid "FAILED to start up"
 msgstr "el inicio ha FALLADO"
 
@@ -2255,17 +2397,17 @@ msgstr "el inicio ha FALLADO"
 msgid "Conntrack connection mark retrieval failed: %s"
 msgstr "Conexión conntrack con marca recuperación falló"
 
-#: dhcp6.c:52
+#: dhcp6.c:51
 #, fuzzy, c-format
 msgid "cannot create DHCPv6 socket: %s"
 msgstr "no se puede crear zócalo DHCP: %s"
 
-#: dhcp6.c:73
+#: dhcp6.c:72
 #, fuzzy, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
 msgstr "no se pudo fijar SO_REUSE{ADDR|PORT} en zócalo DHCP: %s"
 
-#: dhcp6.c:85
+#: dhcp6.c:84
 #, fuzzy, c-format
 msgid "failed to bind DHCPv6 server socket: %s"
 msgstr "no se pudo acoplar zócalo de servidor DHCP: %s"
@@ -2280,149 +2422,155 @@ msgstr "ning
 msgid "no address range available for DHCPv6 request via %s"
 msgstr "ningún rango de direcciónes disponible para pedido DHCP %s %s"
 
-#: rfc3315.c:316
+#: rfc3315.c:317
 #, fuzzy, c-format
 msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr "%u Subred DHCP disponible: %s/%s"
 
-#: rfc3315.c:399
+#: rfc3315.c:400
 #, fuzzy, c-format
 msgid "%u vendor class: %u"
 msgstr "%u Clase de vendedor: %s"
 
-#: rfc3315.c:447
+#: rfc3315.c:448
 #, fuzzy, c-format
 msgid "%u client MAC address: %s"
 msgstr "%u cliente provee nombre: %s"
 
-#: rfc3315.c:762 rfc3315.c:859
+#: rfc3315.c:763 rfc3315.c:860
 #, fuzzy
 msgid "address unavailable"
 msgstr "dirección no disponible"
 
-#: rfc3315.c:774 rfc3315.c:903 rfc3315.c:1272
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
 msgid "success"
 msgstr ""
 
-#: rfc3315.c:789 rfc3315.c:798 rfc3315.c:911 rfc3315.c:913 rfc3315.c:1047
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
 #, fuzzy
 msgid "no addresses available"
 msgstr "ninguna dirección disponible"
 
-#: rfc3315.c:890
+#: rfc3315.c:891
 msgid "not on link"
 msgstr "no en el enlace"
 
-#: rfc3315.c:979 rfc3315.c:1180 rfc3315.c:1261
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
 msgid "no binding found"
 msgstr "uniones no encontradas"
 
-#: rfc3315.c:1016
+#: rfc3315.c:1017
 msgid "deprecated"
 msgstr "descartado"
 
-#: rfc3315.c:1023
+#: rfc3315.c:1024
 #, fuzzy
 msgid "address invalid"
 msgstr "dirección en uso"
 
-#: rfc3315.c:1081 rfc3315.c:1083
+#: rfc3315.c:1082 rfc3315.c:1084
 msgid "confirm failed"
 msgstr "confirmación falló"
 
-#: rfc3315.c:1098
+#: rfc3315.c:1099
 #, fuzzy
 msgid "all addresses still on link"
 msgstr "dirección errónea en %s línea %d"
 
-#: rfc3315.c:1189
+#: rfc3315.c:1190
 msgid "release received"
 msgstr "concesión recibida"
 
-#: rfc3315.c:2173
-msgid "Cannot multicast to DHCPv6 server without correct interface"
+#: rfc3315.c:2200
+#, fuzzy, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
 msgstr "No puede hacer multicast DHCPv6 sin el interfase correcto"
 
-#: dhcp-common.c:154
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
+msgstr ""
+
+#: dhcp-common.c:187
 #, c-format
 msgid "Ignoring duplicate dhcp-option %d"
 msgstr "Ignorando opción DHCP duplicada"
 
-#: dhcp-common.c:231
+#: dhcp-common.c:264
 #, c-format
 msgid "%u tags: %s"
 msgstr "%u etiquetas: %s"
 
-#: dhcp-common.c:451
+#: dhcp-common.c:484
 #, c-format
 msgid "%s has more than one address in hostsfile, using %s for DHCP"
 msgstr "%s tiene más de una dirección en hostsfile, usando %s para DHCP"
 
-#: dhcp-common.c:485
+#: dhcp-common.c:518
 #, c-format
 msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr "dirección IP duplicada %s (%s) en directiva dhcp-config"
 
-#: dhcp-common.c:549
-#, fuzzy, c-format
-msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr "no se pudo fijar SO_REUSE{ADDR|PORT} en socket DHCP: %s"
-
-#: dhcp-common.c:672
+#: dhcp-common.c:738
 #, c-format
 msgid "Known DHCP options:\n"
 msgstr "Opciones DHCP conocidas:\n"
 
-#: dhcp-common.c:683
+#: dhcp-common.c:749
 #, fuzzy, c-format
 msgid "Known DHCPv6 options:\n"
 msgstr "Opciones DHCP conocidas:\n"
 
-#: dhcp-common.c:880
+#: dhcp-common.c:946
 msgid ", prefix deprecated"
 msgstr ", prefijo descartado"
 
-#: dhcp-common.c:883
+#: dhcp-common.c:949
 #, c-format
 msgid ", lease time "
 msgstr ", tiempo de concesión"
 
-#: dhcp-common.c:925
+#: dhcp-common.c:991
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
 msgstr "%s apátrida en %s%.0s%.0s%s"
 
-#: dhcp-common.c:927
+#: dhcp-common.c:993
 #, fuzzy, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
 msgstr "DHCP, concesión estática solo en %.0s%s, tiempo de concesión %s"
 
-#: dhcp-common.c:929
+#: dhcp-common.c:995
 #, fuzzy, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
 msgstr "DHCP, proxy en subred %.0s%s%.0s"
 
-#: dhcp-common.c:930
+#: dhcp-common.c:996
 #, fuzzy, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
 msgstr "DHCP, rango de IPs %s -- %s, tiempo de concesión %s"
 
-#: dhcp-common.c:943
+#: dhcp-common.c:1009
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
 msgstr ""
 
-#: dhcp-common.c:946
+#: dhcp-common.c:1012
 #, fuzzy, c-format
 msgid "router advertisement on %s%s"
 msgstr "DHCP, concesión estáticos solo en %.0s%s, tiempo de concesión %s"
 
-#: dhcp-common.c:957
+#: dhcp-common.c:1043
+#, fuzzy, c-format
+msgid "DHCP relay from %s via %s"
+msgstr "DHCP relay %s -> %s"
+
+#: dhcp-common.c:1045
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
 msgstr ""
 
-#: dhcp-common.c:959
+#: dhcp-common.c:1048
 #, c-format
 msgid "DHCP relay from %s to %s"
 msgstr ""
@@ -2432,7 +2580,7 @@ msgstr ""
 msgid "cannot create ICMPv6 socket: %s"
 msgstr "no se puede crear socket DHCP: %s"
 
-#: auth.c:464
+#: auth.c:462
 #, fuzzy, c-format
 msgid "ignoring zone transfer request from %s"
 msgstr "pedido no-soportado desde %s"
@@ -2544,14 +2692,14 @@ msgstr ""
 msgid "system time considered valid, now checking DNSSEC signature timestamps."
 msgstr ""
 
-#: dnssec.c:1014
+#: dnssec.c:1018
 #, c-format
 msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
 msgstr ""
 
 #: blockdata.c:55
 #, c-format
-msgid "pool memory in use %u, max %u, allocated %u"
+msgid "pool memory in use %zu, max %zu, allocated %zu"
 msgstr ""
 
 #: tables.c:61
@@ -2613,39 +2761,59 @@ msgstr ""
 msgid "directory %s for resolv-file is missing, cannot poll"
 msgstr ""
 
-#: inotify.c:131 inotify.c:168
+#: inotify.c:131 inotify.c:200
 #, fuzzy, c-format
 msgid "failed to create inotify for %s: %s"
 msgstr "no se pudo crear un zócalo de escucha: %s"
 
-#: inotify.c:153
+#: inotify.c:178 inotify.c:185
 #, fuzzy, c-format
 msgid "bad dynamic directory %s: %s"
 msgstr "no se puede acceder a directorio %s: %s"
 
-#: inotify.c:257
+#: inotify.c:186
+#, fuzzy
+msgid "not a directory"
+msgstr "no se puede acceder a directorio %s: %s"
+
+#: inotify.c:299
 #, c-format
-msgid "inotify, new or changed file %s"
+msgid "inotify: %s removed"
 msgstr ""
 
-#: dump.c:64
+#: inotify.c:301
+#, c-format
+msgid "inotify: %s new or modified"
+msgstr ""
+
+#: inotify.c:309
+#, c-format
+msgid "inotify: flushed %u names read from %s"
+msgstr ""
+
+#: dump.c:68
 #, fuzzy, c-format
 msgid "cannot create %s: %s"
 msgstr "no se puede leer %s: %s"
 
-#: dump.c:70
+#: dump.c:74
 #, fuzzy, c-format
 msgid "bad header in %s"
 msgstr "dirección en uso"
 
-#: dump.c:205
+#: dump.c:287
 #, fuzzy
 msgid "failed to write packet dump"
 msgstr "no se pudo escuchar en socket: %s"
 
-#: dump.c:207
+#: dump.c:289
 #, c-format
-msgid "dumping UDP packet %u mask 0x%04x"
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr ""
+
+#: dump.c:291
+#, c-format
+msgid "dumping packet %u mask 0x%04x"
 msgstr ""
 
 #: ubus.c:79
@@ -2679,6 +2847,15 @@ msgstr ""
 msgid "Failed to create SHA-256 hash object"
 msgstr ""
 
+#: nftset.c:35
+#, fuzzy
+msgid "failed to create nftset context"
+msgstr "no se pudo crear socket TFTP: %s"
+
+#, fuzzy
+#~ msgid "bad IPv4 prefix"
+#~ msgstr "prefijo erróneo"
+
 #, fuzzy
 #~ msgid "Cannot add object to UBus: %s"
 #~ msgstr "no se puede abrir registro %s: %s"
diff --git a/po/fi.po b/po/fi.po
index f414461..700adbf 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -16,72 +16,77 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: cache.c:572
+#: cache.c:652
 msgid "Internal error in cache."
 msgstr ""
 
-#: cache.c:1094
+#: cache.c:1179
 #, c-format
 msgid "failed to load names from %s: %s"
 msgstr ""
 
-#: cache.c:1116 dhcp.c:931
+#: cache.c:1201 dhcp.c:943
 #, c-format
 msgid "bad address at %s line %d"
 msgstr ""
 
-#: cache.c:1169 dhcp.c:947
+#: cache.c:1254 dhcp.c:959
 #, c-format
 msgid "bad name at %s line %d"
 msgstr ""
 
-#: cache.c:1180 dhcp.c:1022
+#: cache.c:1265
 #, c-format
-msgid "read %s - %d addresses"
+msgid "read %s - %d names"
 msgstr ""
 
-#: cache.c:1296
+#: cache.c:1381
 msgid "cleared cache"
 msgstr ""
 
-#: cache.c:1358
+#: cache.c:1445
 #, c-format
 msgid "No IPv4 address found for %s"
 msgstr ""
 
-#: cache.c:1404
+#: cache.c:1491
 #, c-format
 msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
 msgstr ""
 
-#: cache.c:1428
+#: cache.c:1515
 #, c-format
 msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
 msgstr ""
 
-#: cache.c:1674
+#: cache.c:1760
 #, c-format
 msgid "time %lu"
 msgstr ""
 
-#: cache.c:1675
+#: cache.c:1761
 #, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
 msgstr ""
 
-#: cache.c:1677
+#: cache.c:1763
 #, c-format
 msgid "queries forwarded %u, queries answered locally %u"
 msgstr ""
 
-#: cache.c:1680
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
 #, c-format
 msgid "queries for authoritative zones %u"
 msgstr ""
 
-#: cache.c:1702
+#: cache.c:1796
 #, c-format
-msgid "server %s#%d: queries sent %u, retried or failed %u"
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
 msgstr ""
 
 #: util.c:51
@@ -89,1747 +94,1880 @@ msgstr ""
 msgid "failed to seed the random number generator: %s"
 msgstr ""
 
-#: util.c:228
+#: util.c:246
 msgid "failed to allocate memory"
 msgstr ""
 
-#: util.c:285 option.c:665
+#: util.c:305 option.c:696
 msgid "could not get memory"
 msgstr ""
 
-#: util.c:306
+#: util.c:326
 #, c-format
 msgid "cannot create pipe: %s"
 msgstr ""
 
-#: util.c:314
+#: util.c:334
 #, c-format
 msgid "failed to allocate %d bytes"
 msgstr ""
 
-#: util.c:520
+#: util.c:344
+#, c-format
+msgid "failed to reallocate %d bytes"
+msgstr ""
+
+#: util.c:465
+#, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr ""
+
+#: util.c:579
 #, c-format
 msgid "infinite"
 msgstr ""
 
-#: util.c:808
+#: util.c:867
 #, c-format
 msgid "failed to find kernel version: %s"
 msgstr ""
 
-#: option.c:372
+#: option.c:393
 msgid "Specify local address(es) to listen on."
 msgstr ""
 
-#: option.c:373
+#: option.c:394
 msgid "Return ipaddr for all hosts in specified domains."
 msgstr ""
 
-#: option.c:374
+#: option.c:395
 msgid "Fake reverse lookups for RFC1918 private address ranges."
 msgstr ""
 
-#: option.c:375
+#: option.c:396
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
 msgstr ""
 
-#: option.c:376
+#: option.c:397
 #, c-format
 msgid "Specify the size of the cache in entries (defaults to %s)."
 msgstr ""
 
-#: option.c:377
+#: option.c:398
 #, c-format
 msgid "Specify configuration file (defaults to %s)."
 msgstr ""
 
-#: option.c:378
+#: option.c:399
 msgid "Do NOT fork into the background: run in debug mode."
 msgstr ""
 
-#: option.c:379
+#: option.c:400
 msgid "Do NOT forward queries with no domain part."
 msgstr ""
 
-#: option.c:380
+#: option.c:401
 msgid "Return self-pointing MX records for local hosts."
 msgstr ""
 
-#: option.c:381
+#: option.c:402
 msgid "Expand simple names in /etc/hosts with domain-suffix."
 msgstr ""
 
-#: option.c:382
+#: option.c:403
 msgid "Don't forward spurious DNS requests from Windows hosts."
 msgstr ""
 
-#: option.c:383
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr ""
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr ""
+
+#: option.c:406
 msgid "Enable DHCP in the range given with lease duration."
 msgstr ""
 
-#: option.c:384
+#: option.c:407
 #, c-format
 msgid "Change to this group after startup (defaults to %s)."
 msgstr ""
 
-#: option.c:385
+#: option.c:408
 msgid "Set address or hostname for a specified machine."
 msgstr ""
 
-#: option.c:386
+#: option.c:409
 msgid "Read DHCP host specs from file."
 msgstr ""
 
-#: option.c:387
+#: option.c:410
 msgid "Read DHCP option specs from file."
 msgstr ""
 
-#: option.c:388
+#: option.c:411
 msgid "Read DHCP host specs from a directory."
 msgstr ""
 
-#: option.c:389
+#: option.c:412
 msgid "Read DHCP options from a directory."
 msgstr ""
 
-#: option.c:390
+#: option.c:413
 msgid "Evaluate conditional tag expression."
 msgstr ""
 
-#: option.c:391
+#: option.c:414
 #, c-format
 msgid "Do NOT load %s file."
 msgstr ""
 
-#: option.c:392
+#: option.c:415
 #, c-format
 msgid "Specify a hosts file to be read in addition to %s."
 msgstr ""
 
-#: option.c:393
+#: option.c:416
 msgid "Read hosts files from a directory."
 msgstr ""
 
-#: option.c:394
+#: option.c:417
 msgid "Specify interface(s) to listen on."
 msgstr ""
 
-#: option.c:395
+#: option.c:418
 msgid "Specify interface(s) NOT to listen on."
 msgstr ""
 
-#: option.c:396
+#: option.c:419
 msgid "Map DHCP user class to tag."
 msgstr ""
 
-#: option.c:397
+#: option.c:420
 msgid "Map RFC3046 circuit-id to tag."
 msgstr ""
 
-#: option.c:398
+#: option.c:421
 msgid "Map RFC3046 remote-id to tag."
 msgstr ""
 
-#: option.c:399
+#: option.c:422
 msgid "Map RFC3993 subscriber-id to tag."
 msgstr ""
 
-#: option.c:400
+#: option.c:423
 msgid "Specify vendor class to match for PXE requests."
 msgstr ""
 
-#: option.c:401
+#: option.c:424
 msgid "Don't do DHCP for hosts with tag set."
 msgstr ""
 
-#: option.c:402
+#: option.c:425
 msgid "Force broadcast replies for hosts with tag set."
 msgstr ""
 
-#: option.c:403
+#: option.c:426
 msgid "Do NOT fork into the background, do NOT run in debug mode."
 msgstr ""
 
-#: option.c:404
+#: option.c:427
 msgid "Assume we are the only DHCP server on the local network."
 msgstr ""
 
-#: option.c:405
+#: option.c:428
 #, c-format
 msgid "Specify where to store DHCP leases (defaults to %s)."
 msgstr ""
 
-#: option.c:406
+#: option.c:429
 msgid "Return MX records for local hosts."
 msgstr ""
 
-#: option.c:407
+#: option.c:430
 msgid "Specify an MX record."
 msgstr ""
 
-#: option.c:408
+#: option.c:431
 msgid "Specify BOOTP options to DHCP server."
 msgstr ""
 
-#: option.c:409
+#: option.c:432
 #, c-format
 msgid "Do NOT poll %s file, reload only on SIGHUP."
 msgstr ""
 
-#: option.c:410
+#: option.c:433
 msgid "Do NOT cache failed search results."
 msgstr ""
 
-#: option.c:411
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
+#: option.c:435
 #, c-format
 msgid "Use nameservers strictly in the order given in %s."
 msgstr ""
 
-#: option.c:412
+#: option.c:436
 msgid "Specify options to be sent to DHCP clients."
 msgstr ""
 
-#: option.c:413
+#: option.c:437
 msgid "DHCP option sent even if the client does not request it."
 msgstr ""
 
-#: option.c:414
+#: option.c:438
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
 msgstr ""
 
-#: option.c:415
+#: option.c:439
 #, c-format
 msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
 msgstr ""
 
-#: option.c:416
+#: option.c:440
 msgid "Log DNS queries."
 msgstr ""
 
-#: option.c:417
+#: option.c:441
 msgid "Force the originating port for upstream DNS queries."
 msgstr ""
 
-#: option.c:418
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
+#: option.c:443
 msgid "Do NOT read resolv.conf."
 msgstr ""
 
-#: option.c:419
+#: option.c:444
 #, c-format
 msgid "Specify path to resolv.conf (defaults to %s)."
 msgstr ""
 
-#: option.c:420
+#: option.c:445
 msgid "Specify path to file with server= options"
 msgstr ""
 
-#: option.c:421
+#: option.c:446
 msgid "Specify address(es) of upstream servers with optional domains."
 msgstr ""
 
-#: option.c:422
+#: option.c:447
 msgid "Specify address of upstream servers for reverse address queries"
 msgstr ""
 
-#: option.c:423
+#: option.c:448
 msgid "Never forward queries to specified domains."
 msgstr ""
 
-#: option.c:424
+#: option.c:449
 msgid "Specify the domain to be assigned in DHCP leases."
 msgstr ""
 
-#: option.c:425
+#: option.c:450
 msgid "Specify default target in an MX record."
 msgstr ""
 
-#: option.c:426
+#: option.c:451
 msgid "Specify time-to-live in seconds for replies from /etc/hosts."
 msgstr ""
 
-#: option.c:427
+#: option.c:452
 msgid "Specify time-to-live in seconds for negative caching."
 msgstr ""
 
-#: option.c:428
+#: option.c:453
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
 msgstr ""
 
-#: option.c:429
+#: option.c:454
 msgid "Specify time-to-live ceiling for cache."
 msgstr ""
 
-#: option.c:430
+#: option.c:455
 msgid "Specify time-to-live floor for cache."
 msgstr ""
 
-#: option.c:431
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
+#: option.c:457
 #, c-format
 msgid "Change to this user after startup. (defaults to %s)."
 msgstr ""
 
-#: option.c:432
+#: option.c:458
 msgid "Map DHCP vendor class to tag."
 msgstr ""
 
-#: option.c:433
+#: option.c:459
 msgid "Display dnsmasq version and copyright information."
 msgstr ""
 
-#: option.c:434
+#: option.c:460
 msgid "Translate IPv4 addresses from upstream servers."
 msgstr ""
 
-#: option.c:435
+#: option.c:461
 msgid "Specify a SRV record."
 msgstr ""
 
-#: option.c:436
+#: option.c:462
 msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
 msgstr ""
 
-#: option.c:437
+#: option.c:463
 #, c-format
 msgid "Specify path of PID file (defaults to %s)."
 msgstr ""
 
-#: option.c:438
+#: option.c:464
 #, c-format
 msgid "Specify maximum number of DHCP leases (defaults to %s)."
 msgstr ""
 
-#: option.c:439
+#: option.c:465
 msgid "Answer DNS queries based on the interface a query was sent to."
 msgstr ""
 
-#: option.c:440
+#: option.c:466
 msgid "Specify TXT DNS record."
 msgstr ""
 
-#: option.c:441
+#: option.c:467
 msgid "Specify PTR DNS record."
 msgstr ""
 
-#: option.c:442
+#: option.c:468
 msgid "Give DNS name to IPv4 address of interface."
 msgstr ""
 
-#: option.c:443
+#: option.c:469
 msgid "Bind only to interfaces in use."
 msgstr ""
 
-#: option.c:444
+#: option.c:470
 #, c-format
 msgid "Read DHCP static host information from %s."
 msgstr ""
 
-#: option.c:445
+#: option.c:471
 msgid "Enable the DBus interface for setting upstream servers, etc."
 msgstr ""
 
-#: option.c:446
+#: option.c:472
 msgid "Enable the UBus interface."
 msgstr ""
 
-#: option.c:447
+#: option.c:473
 msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr ""
 
-#: option.c:448
+#: option.c:474
 msgid "Enable dynamic address allocation for bootp."
 msgstr ""
 
-#: option.c:449
+#: option.c:475
 msgid "Map MAC address (with wildcards) to option set."
 msgstr ""
 
-#: option.c:450
+#: option.c:476
 msgid "Treat DHCP requests on aliases as arriving from interface."
 msgstr ""
 
-#: option.c:451
+#: option.c:477
 msgid "Specify extra networks sharing a broadcast domain for DHCP"
 msgstr ""
 
-#: option.c:452
+#: option.c:478
 msgid "Disable ICMP echo address checking in the DHCP server."
 msgstr ""
 
-#: option.c:453
+#: option.c:479
 msgid "Shell script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:454
+#: option.c:480
 msgid "Lua script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:455
+#: option.c:481
 msgid "Run lease-change scripts as this user."
 msgstr ""
 
-#: option.c:456
+#: option.c:482
 msgid "Call dhcp-script with changes to local ARP table."
 msgstr ""
 
-#: option.c:457
+#: option.c:483
 msgid "Read configuration from all the files in this directory."
 msgstr ""
 
-#: option.c:458
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr ""
+
+#: option.c:485
 msgid "Log to this syslog facility or file. (defaults to DAEMON)"
 msgstr ""
 
-#: option.c:459
+#: option.c:486
 msgid "Do not use leasefile."
 msgstr ""
 
-#: option.c:460
+#: option.c:487
 #, c-format
 msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
 msgstr ""
 
-#: option.c:461
+#: option.c:488
 #, c-format
 msgid "Clear DNS cache when reloading %s."
 msgstr ""
 
-#: option.c:462
+#: option.c:489
 msgid "Ignore hostnames provided by DHCP clients."
 msgstr ""
 
-#: option.c:463
+#: option.c:490
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
 msgstr ""
 
-#: option.c:464
+#: option.c:491
 msgid "Enable integrated read-only TFTP server."
 msgstr ""
 
-#: option.c:465
+#: option.c:492
 msgid "Export files by TFTP only from the specified subtree."
 msgstr ""
 
-#: option.c:466
+#: option.c:493
 msgid "Add client IP or hardware address to tftp-root."
 msgstr ""
 
-#: option.c:467
+#: option.c:494
 msgid "Allow access only to files owned by the user running dnsmasq."
 msgstr ""
 
-#: option.c:468
+#: option.c:495
 msgid "Do not terminate the service if TFTP directories are inaccessible."
 msgstr ""
 
-#: option.c:469
+#: option.c:496
 #, c-format
 msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
 msgstr ""
 
-#: option.c:470
+#: option.c:497
 msgid "Maximum MTU to use for TFTP transfers."
 msgstr ""
 
-#: option.c:471
+#: option.c:498
 msgid "Disable the TFTP blocksize extension."
 msgstr ""
 
-#: option.c:472
+#: option.c:499
 msgid "Convert TFTP filenames to lowercase"
 msgstr ""
 
-#: option.c:473
+#: option.c:500
 msgid "Ephemeral port range for use by TFTP transfers."
 msgstr ""
 
-#: option.c:474
+#: option.c:501
 msgid "Use only one port for TFTP server."
 msgstr ""
 
-#: option.c:475
+#: option.c:502
 msgid "Extra logging for DHCP."
 msgstr ""
 
-#: option.c:476
+#: option.c:503
 msgid "Enable async. logging; optionally set queue length."
 msgstr ""
 
-#: option.c:477
+#: option.c:504
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
 msgstr ""
 
-#: option.c:478
+#: option.c:505
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
 msgstr ""
 
-#: option.c:479
+#: option.c:506
 msgid "Inhibit DNS-rebind protection on this domain."
 msgstr ""
 
-#: option.c:480
+#: option.c:507
 msgid "Always perform DNS queries to all servers."
 msgstr ""
 
-#: option.c:481
+#: option.c:508
 msgid "Set tag if client includes matching option in request."
 msgstr ""
 
-#: option.c:482
+#: option.c:509
 msgid "Set tag if client provides given name."
 msgstr ""
 
-#: option.c:483
+#: option.c:510
 msgid "Use alternative ports for DHCP."
 msgstr ""
 
-#: option.c:484
+#: option.c:511
 msgid "Specify NAPTR DNS record."
 msgstr ""
 
-#: option.c:485
+#: option.c:512
 msgid "Specify lowest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:486
+#: option.c:513
 msgid "Specify highest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:487
+#: option.c:514
 msgid "Use only fully qualified domain names for DHCP clients."
 msgstr ""
 
-#: option.c:488
+#: option.c:515
 msgid "Generate hostnames based on MAC address for nameless clients."
 msgstr ""
 
-#: option.c:489
+#: option.c:516
 msgid "Use these DHCP relays as full proxies."
 msgstr ""
 
-#: option.c:490
+#: option.c:517
 msgid "Relay DHCP requests to a remote server"
 msgstr ""
 
-#: option.c:491
+#: option.c:518
 msgid "Specify alias name for LOCAL DNS name."
 msgstr ""
 
-#: option.c:492
+#: option.c:519
 msgid "Prompt to send to PXE clients."
 msgstr ""
 
-#: option.c:493
+#: option.c:520
 msgid "Boot service for PXE menu."
 msgstr ""
 
-#: option.c:494
+#: option.c:521
 msgid "Check configuration syntax."
 msgstr ""
 
-#: option.c:495
+#: option.c:522
 msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr ""
 
-#: option.c:496
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr ""
+
+#: option.c:524
 msgid "Add specified IP subnet to forwarded DNS queries."
 msgstr ""
 
-#: option.c:497
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr ""
+
+#: option.c:526
 msgid "Add client identification to forwarded DNS queries."
 msgstr ""
 
-#: option.c:498
+#: option.c:527
 msgid "Proxy DNSSEC validation results from upstream nameservers."
 msgstr ""
 
-#: option.c:499
+#: option.c:528
 msgid "Attempt to allocate sequential IP addresses to DHCP clients."
 msgstr ""
 
-#: option.c:500
+#: option.c:529
 msgid "Ignore client identifier option sent by DHCP clients."
 msgstr ""
 
-#: option.c:501
+#: option.c:530
 msgid "Copy connection-track mark from queries to upstream connections."
 msgstr ""
 
-#: option.c:502
+#: option.c:531
 msgid "Allow DHCP clients to do their own DDNS updates."
 msgstr ""
 
-#: option.c:503
+#: option.c:532
 msgid "Send router-advertisements for interfaces doing DHCPv6"
 msgstr ""
 
-#: option.c:504
+#: option.c:533
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
 msgstr ""
 
-#: option.c:505
+#: option.c:534
 msgid "Specify host (A/AAAA and PTR) records"
 msgstr ""
 
-#: option.c:506
+#: option.c:535
 msgid "Specify host record in interface subnet"
 msgstr ""
 
-#: option.c:507
+#: option.c:536
 msgid "Specify certification authority authorization record"
 msgstr ""
 
-#: option.c:508
+#: option.c:537
 msgid "Specify arbitrary DNS resource record"
 msgstr ""
 
-#: option.c:509
+#: option.c:538
 msgid "Bind to interfaces in use - check for new interfaces"
 msgstr ""
 
-#: option.c:510
+#: option.c:539
 msgid "Export local names to global DNS"
 msgstr ""
 
-#: option.c:511
+#: option.c:540
 msgid "Domain to export to global DNS"
 msgstr ""
 
-#: option.c:512
+#: option.c:541
 msgid "Set TTL for authoritative replies"
 msgstr ""
 
-#: option.c:513
+#: option.c:542
 msgid "Set authoritative zone information"
 msgstr ""
 
-#: option.c:514
+#: option.c:543
 msgid "Secondary authoritative nameservers for forward domains"
 msgstr ""
 
-#: option.c:515
+#: option.c:544
 msgid "Peers which are allowed to do zone transfer"
 msgstr ""
 
-#: option.c:516
+#: option.c:545
 msgid "Specify ipsets to which matching domains should be added"
 msgstr ""
 
-#: option.c:517
+#: option.c:546
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr ""
+
+#: option.c:547
 msgid "Enable filtering of DNS queries with connection-track marks."
 msgstr ""
 
-#: option.c:518
+#: option.c:548
 msgid "Set allowed DNS patterns for a connection-track mark."
 msgstr ""
 
-#: option.c:519
+#: option.c:549
 msgid "Specify a domain and address range for synthesised names"
 msgstr ""
 
-#: option.c:520
+#: option.c:550
 msgid "Activate DNSSEC validation"
 msgstr ""
 
-#: option.c:521
+#: option.c:551
 msgid "Specify trust anchor key digest."
 msgstr ""
 
-#: option.c:522
+#: option.c:552
 msgid "Disable upstream checking for DNSSEC debugging."
 msgstr ""
 
-#: option.c:523
+#: option.c:553
 msgid "Ensure answers without DNSSEC are in unsigned zones."
 msgstr ""
 
-#: option.c:524
+#: option.c:554
 msgid "Don't check DNSSEC signature timestamps until first cache-reload"
 msgstr ""
 
-#: option.c:525
+#: option.c:555
 msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr ""
 
-#: option.c:526
+#: option.c:556
 msgid "Set MTU, priority, resend-interval and router-lifetime"
 msgstr ""
 
-#: option.c:527
+#: option.c:557
 msgid "Do not log routine DHCP."
 msgstr ""
 
-#: option.c:528
+#: option.c:558
 msgid "Do not log routine DHCPv6."
 msgstr ""
 
-#: option.c:529
+#: option.c:559
 msgid "Do not log RA."
 msgstr ""
 
-#: option.c:530
+#: option.c:560
 msgid "Log debugging information."
 msgstr ""
 
-#: option.c:531
+#: option.c:561
 msgid "Accept queries only from directly-connected networks."
 msgstr ""
 
-#: option.c:532
+#: option.c:562
 msgid "Detect and remove DNS forwarding loops."
 msgstr ""
 
-#: option.c:533
+#: option.c:563
 msgid "Ignore DNS responses containing ipaddr."
 msgstr ""
 
-#: option.c:534
+#: option.c:564
 msgid "Set TTL in DNS responses with DHCP-derived addresses."
 msgstr ""
 
-#: option.c:535
+#: option.c:565
 msgid "Delay DHCP replies for at least number of seconds."
 msgstr ""
 
-#: option.c:536
+#: option.c:566
 msgid "Enables DHCPv4 Rapid Commit option."
 msgstr ""
 
-#: option.c:537
+#: option.c:567
 msgid "Path to debug packet dump file"
 msgstr ""
 
-#: option.c:538
+#: option.c:568
 msgid "Mask which packets to dump"
 msgstr ""
 
-#: option.c:539
+#: option.c:569
 msgid "Call dhcp-script when lease expiry changes."
 msgstr ""
 
-#: option.c:540
+#: option.c:570
 msgid "Send Cisco Umbrella identifiers including remote IP."
 msgstr ""
 
-#: option.c:541
+#: option.c:571
 msgid "Do not log routine TFTP."
 msgstr ""
 
-#: option.c:771
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
+#: option.c:802
 #, c-format
 msgid ""
 "Usage: dnsmasq [options]\n"
 "\n"
 msgstr ""
 
-#: option.c:773
+#: option.c:804
 #, c-format
 msgid "Use short options only on the command line.\n"
 msgstr ""
 
-#: option.c:775
+#: option.c:806
 #, c-format
 msgid "Valid options are:\n"
 msgstr ""
 
-#: option.c:822 option.c:933
+#: option.c:853 option.c:1055
 msgid "bad address"
 msgstr ""
 
-#: option.c:847 option.c:851
+#: option.c:882 option.c:886
 msgid "bad port"
 msgstr ""
 
-#: option.c:864 option.c:893 option.c:927
+#: option.c:899 option.c:1002 option.c:1048
 msgid "interface binding not supported"
 msgstr ""
 
-#: option.c:888 option.c:922
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
 msgid "interface can only be specified once"
 msgstr ""
 
-#: option.c:901 option.c:4362
+#: option.c:1011 option.c:4785
 msgid "bad interface name"
 msgstr ""
 
-#: option.c:1192
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
+msgstr ""
+
+#: option.c:1124
+msgid "bad IPv4 prefix length"
+msgstr ""
+
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr ""
+
+#: option.c:1207
+msgid "bad IPv6 prefix length"
+msgstr ""
+
+#: option.c:1467
 msgid "inappropriate vendor:"
 msgstr ""
 
-#: option.c:1199
+#: option.c:1474
 msgid "inappropriate encap:"
 msgstr ""
 
-#: option.c:1225
+#: option.c:1500
 msgid "unsupported encapsulation for IPv6 option"
 msgstr ""
 
-#: option.c:1239
+#: option.c:1514
 msgid "bad dhcp-option"
 msgstr ""
 
-#: option.c:1317
+#: option.c:1592
 msgid "bad IP address"
 msgstr ""
 
-#: option.c:1320 option.c:1459 option.c:3551
+#: option.c:1595 option.c:1734 option.c:3928
 msgid "bad IPv6 address"
 msgstr ""
 
-#: option.c:1413
+#: option.c:1688
 msgid "bad IPv4 address"
 msgstr ""
 
-#: option.c:1486 option.c:1581
+#: option.c:1761 option.c:1856
 msgid "bad domain in dhcp-option"
 msgstr ""
 
-#: option.c:1625
+#: option.c:1900
 msgid "dhcp-option too long"
 msgstr ""
 
-#: option.c:1632
+#: option.c:1907
 msgid "illegal dhcp-match"
 msgstr ""
 
-#: option.c:1691
+#: option.c:1966
 msgid "illegal repeated flag"
 msgstr ""
 
-#: option.c:1699
+#: option.c:1974
 msgid "illegal repeated keyword"
 msgstr ""
 
-#: option.c:1770 option.c:5080
+#: option.c:2056 option.c:5533
 #, c-format
 msgid "cannot access directory %s: %s"
 msgstr ""
 
-#: option.c:1816 tftp.c:566 dump.c:68
+#: option.c:2102 tftp.c:573 dump.c:72
 #, c-format
 msgid "cannot access %s: %s"
 msgstr ""
 
-#: option.c:1931
+#: option.c:2219
 msgid "setting log facility is not possible under Android"
 msgstr ""
 
-#: option.c:1940
+#: option.c:2228
 msgid "bad log facility"
 msgstr ""
 
-#: option.c:1993
+#: option.c:2281
 msgid "bad MX preference"
 msgstr ""
 
-#: option.c:1998
+#: option.c:2289
 msgid "bad MX name"
 msgstr ""
 
-#: option.c:2012
+#: option.c:2304
 msgid "bad MX target"
 msgstr ""
 
-#: option.c:2032
+#: option.c:2324
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
 msgstr ""
 
-#: option.c:2036
+#: option.c:2328
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
 msgstr ""
 
-#: option.c:2291 option.c:2327
+#: option.c:2447
+msgid "invalid auth-zone"
+msgstr ""
+
+#: option.c:2589 option.c:2621
 msgid "bad prefix length"
 msgstr ""
 
-#: option.c:2303 option.c:2348 option.c:2398
+#: option.c:2601 option.c:2642 option.c:2696
 msgid "bad prefix"
 msgstr ""
 
-#: option.c:2418
+#: option.c:2716
 msgid "prefix length too small"
 msgstr ""
 
-#: option.c:2697
+#: option.c:3010
 msgid "Bad address in --address"
 msgstr ""
 
-#: option.c:2751
-msgid "bad IPv4 prefix"
-msgstr ""
-
-#: option.c:2756 option.c:3569
-msgid "bad IPv6 prefix"
+#: option.c:3110
+msgid "recompile with HAVE_IPSET defined to enable ipset directives"
 msgstr ""
 
-#: option.c:2777
-msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+#: option.c:3117
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
 msgstr ""
 
-#: option.c:2843 option.c:2861
+#: option.c:3192 option.c:3210
 msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
 msgstr ""
 
-#: option.c:3119
+#: option.c:3496
 msgid "bad port range"
 msgstr ""
 
-#: option.c:3145
+#: option.c:3522
 msgid "bad bridge-interface"
 msgstr ""
 
-#: option.c:3189
+#: option.c:3566
 msgid "bad shared-network"
 msgstr ""
 
-#: option.c:3243
+#: option.c:3620
 msgid "only one tag allowed"
 msgstr ""
 
-#: option.c:3264 option.c:3280 option.c:3406 option.c:3414 option.c:3457
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
 msgid "bad dhcp-range"
 msgstr ""
 
-#: option.c:3298
+#: option.c:3675
 msgid "inconsistent DHCP range"
 msgstr ""
 
-#: option.c:3364
+#: option.c:3741
 msgid "prefix length must be exactly 64 for RA subnets"
 msgstr ""
 
-#: option.c:3366
+#: option.c:3743
 msgid "prefix length must be exactly 64 for subnet constructors"
 msgstr ""
 
-#: option.c:3369
+#: option.c:3746
 msgid "prefix length must be at least 64"
 msgstr ""
 
-#: option.c:3372
+#: option.c:3749
 msgid "inconsistent DHCPv6 range"
 msgstr ""
 
-#: option.c:3391
+#: option.c:3768
 msgid "prefix must be zero with \"constructor:\" argument"
 msgstr ""
 
-#: option.c:3516 option.c:3594
+#: option.c:3893 option.c:3971
 msgid "bad hex constant"
 msgstr ""
 
-#: option.c:3617
+#: option.c:3946
+msgid "bad IPv6 prefix"
+msgstr ""
+
+#: option.c:3994
 #, c-format
 msgid "duplicate dhcp-host IP address %s"
 msgstr ""
 
-#: option.c:3678
+#: option.c:4056
 msgid "bad DHCP host name"
 msgstr ""
 
-#: option.c:3764
+#: option.c:4142
 msgid "bad tag-if"
 msgstr ""
 
-#: option.c:4107 option.c:4623
+#: option.c:4490 option.c:5046
 msgid "invalid port number"
 msgstr ""
 
-#: option.c:4163
+#: option.c:4546
 msgid "bad dhcp-proxy address"
 msgstr ""
 
-#: option.c:4204
+#: option.c:4627
 msgid "Bad dhcp-relay"
 msgstr ""
 
-#: option.c:4248
+#: option.c:4671
 msgid "bad RA-params"
 msgstr ""
 
-#: option.c:4258
+#: option.c:4681
 msgid "bad DUID"
 msgstr ""
 
-#: option.c:4292
+#: option.c:4715
 msgid "missing address in alias"
 msgstr ""
 
-#: option.c:4298
+#: option.c:4721
 msgid "invalid alias range"
 msgstr ""
 
-#: option.c:4347
+#: option.c:4770
 msgid "missing address in dynamic host"
 msgstr ""
 
-#: option.c:4362
+#: option.c:4785
 msgid "bad dynamic host"
 msgstr ""
 
-#: option.c:4380 option.c:4396
+#: option.c:4803 option.c:4819
 msgid "bad CNAME"
 msgstr ""
 
-#: option.c:4404
+#: option.c:4827
 msgid "duplicate CNAME"
 msgstr ""
 
-#: option.c:4431
+#: option.c:4854
 msgid "bad PTR record"
 msgstr ""
 
-#: option.c:4466
+#: option.c:4889
 msgid "bad NAPTR record"
 msgstr ""
 
-#: option.c:4502
+#: option.c:4925
 msgid "bad RR record"
 msgstr ""
 
-#: option.c:4535
+#: option.c:4958
 msgid "bad CAA record"
 msgstr ""
 
-#: option.c:4564
+#: option.c:4987
 msgid "bad TXT record"
 msgstr ""
 
-#: option.c:4607
+#: option.c:5030
 msgid "bad SRV record"
 msgstr ""
 
-#: option.c:4614
+#: option.c:5037
 msgid "bad SRV target"
 msgstr ""
 
-#: option.c:4633
+#: option.c:5056
 msgid "invalid priority"
 msgstr ""
 
-#: option.c:4638
+#: option.c:5061
 msgid "invalid weight"
 msgstr ""
 
-#: option.c:4661
+#: option.c:5084
 msgid "Bad host-record"
 msgstr ""
 
-#: option.c:4700
+#: option.c:5123
 msgid "Bad name in host-record"
 msgstr ""
 
-#: option.c:4742
+#: option.c:5165
 msgid "bad value for dnssec-check-unsigned"
 msgstr ""
 
-#: option.c:4778
+#: option.c:5201
 msgid "bad trust anchor"
 msgstr ""
 
-#: option.c:4794
+#: option.c:5217
 msgid "bad HEX in trust anchor"
 msgstr ""
 
-#: option.c:4805
+#: option.c:5228
 msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
 msgstr ""
 
-#: option.c:4865
+#: option.c:5290
 msgid "missing \""
 msgstr ""
 
-#: option.c:4922
+#: option.c:5347
 msgid "bad option"
 msgstr ""
 
-#: option.c:4924
+#: option.c:5349
 msgid "extraneous parameter"
 msgstr ""
 
-#: option.c:4926
+#: option.c:5351
 msgid "missing parameter"
 msgstr ""
 
-#: option.c:4928
+#: option.c:5353
 msgid "illegal option"
 msgstr ""
 
-#: option.c:4935
-msgid "error"
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
 msgstr ""
 
-#: option.c:4937
+#: option.c:5365
 #, c-format
 msgid " at line %d of %s"
 msgstr ""
 
-#: option.c:4952 option.c:5229 option.c:5240
+#: option.c:5380 option.c:5683 option.c:5694
 #, c-format
 msgid "read %s"
 msgstr ""
 
-#: option.c:5015 option.c:5162 tftp.c:775
+#: option.c:5446
+#, c-format
+msgid "cannot execute %s: %s"
+msgstr ""
+
+#: option.c:5454 option.c:5615 tftp.c:790
 #, c-format
 msgid "cannot read %s: %s"
 msgstr ""
 
-#: option.c:5316
+#: option.c:5473
+#, c-format
+msgid "error executing %s: %s"
+msgstr ""
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr ""
+
+#: option.c:5775
 msgid "junk found in command line"
 msgstr ""
 
-#: option.c:5356
+#: option.c:5815
 #, c-format
 msgid "Dnsmasq version %s  %s\n"
 msgstr ""
 
-#: option.c:5357
+#: option.c:5816
 #, c-format
 msgid ""
 "Compile time options: %s\n"
 "\n"
 msgstr ""
 
-#: option.c:5358
+#: option.c:5817
 #, c-format
 msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
 msgstr ""
 
-#: option.c:5359
+#: option.c:5818
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
 msgstr ""
 
-#: option.c:5360
+#: option.c:5819
 #, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
 msgstr ""
 
-#: option.c:5377
+#: option.c:5836
 msgid "try --help"
 msgstr ""
 
-#: option.c:5379
+#: option.c:5838
 msgid "try -w"
 msgstr ""
 
-#: option.c:5381
+#: option.c:5840
 #, c-format
 msgid "bad command line options: %s"
 msgstr ""
 
-#: option.c:5450
+#: option.c:5909
 #, c-format
 msgid "CNAME loop involving %s"
 msgstr ""
 
-#: option.c:5491
+#: option.c:5950
 #, c-format
 msgid "cannot get host-name: %s"
 msgstr ""
 
-#: option.c:5519
+#: option.c:5978
 msgid "only one resolv.conf file allowed in no-poll mode."
 msgstr ""
 
-#: option.c:5529
+#: option.c:5988
 msgid "must have exactly one resolv.conf to read domain from."
 msgstr ""
 
-#: option.c:5532 network.c:1670 dhcp.c:880
+#: option.c:5991 network.c:1727 dhcp.c:892
 #, c-format
 msgid "failed to read %s: %s"
 msgstr ""
 
-#: option.c:5549
+#: option.c:6008
 #, c-format
 msgid "no search directive found in %s"
 msgstr ""
 
-#: option.c:5570
+#: option.c:6029
 msgid "there must be a default domain when --dhcp-fqdn is set"
 msgstr ""
 
-#: option.c:5579
+#: option.c:6038
 msgid "syntax check OK"
 msgstr ""
 
-#: forward.c:104
+#: forward.c:107
 #, c-format
 msgid "failed to send packet: %s"
 msgstr ""
 
-#: forward.c:601
+#: forward.c:715
 msgid "discarding DNS reply: subnet option mismatch"
 msgstr ""
 
-#: forward.c:666
+#: forward.c:780
 #, c-format
 msgid "nameserver %s refused to do a recursive query"
 msgstr ""
 
-#: forward.c:702
+#: forward.c:826
 #, c-format
 msgid "possible DNS-rebind attack detected: %s"
 msgstr ""
 
-#: forward.c:1074
+#: forward.c:1239
 #, c-format
 msgid "reducing DNS packet size for nameserver %s to %d"
 msgstr ""
 
-#: forward.c:1381 forward.c:1910
-msgid "Ignoring query from non-local network"
+#: forward.c:1565
+#, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
+msgstr ""
+
+#: forward.c:2139
+#, c-format
+msgid "ignoring query from non-local network %s"
 msgstr ""
 
-#: forward.c:2198
+#: forward.c:2501
 #, c-format
 msgid "failed to bind server socket to %s: %s"
 msgstr ""
 
-#: forward.c:2494
+#: forward.c:2867
 #, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
 msgstr ""
 
-#: forward.c:2496
+#: forward.c:2869
 #, c-format
 msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
 msgstr ""
 
-#: network.c:670
+#: network.c:700
 #, c-format
 msgid "stopped listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:867
+#: network.c:911
 #, c-format
 msgid "failed to create listening socket for %s: %s"
 msgstr ""
 
-#: network.c:1148
+#: network.c:1192
 #, c-format
 msgid "listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:1175
+#: network.c:1219
 #, c-format
 msgid "listening on %s port %d"
 msgstr ""
 
-#: network.c:1208
+#: network.c:1252
 #, c-format
 msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
 msgstr ""
 
-#: network.c:1215
+#: network.c:1259
 msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
 msgstr ""
 
-#: network.c:1224
+#: network.c:1268
 #, c-format
 msgid "warning: using interface %s instead"
 msgstr ""
 
-#: network.c:1233
+#: network.c:1277
 #, c-format
 msgid "warning: no addresses found for interface %s"
 msgstr ""
 
-#: network.c:1291
+#: network.c:1335
 #, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
 msgstr ""
 
-#: network.c:1296
+#: network.c:1340
 msgid "try increasing /proc/sys/net/core/optmem_max"
 msgstr ""
 
-#: network.c:1492
+#: network.c:1545
 #, c-format
 msgid "failed to bind server socket for %s: %s"
 msgstr ""
 
-#: network.c:1569
+#: network.c:1622
 #, c-format
 msgid "ignoring nameserver %s - local interface"
 msgstr ""
 
-#: network.c:1580
+#: network.c:1633
 #, c-format
 msgid "ignoring nameserver %s - cannot make/bind socket: %s"
 msgstr ""
 
-#: network.c:1598
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr ""
+
+#: network.c:1654
 msgid "(no DNSSEC)"
 msgstr ""
 
-#: network.c:1601
+#: network.c:1657
 msgid "unqualified"
 msgstr ""
 
-#: network.c:1601
+#: network.c:1657
 msgid "names"
 msgstr ""
 
-#: network.c:1603
+#: network.c:1659
 msgid "default"
 msgstr ""
 
-#: network.c:1605
+#: network.c:1661
 msgid "domain"
 msgstr ""
 
-#: network.c:1607
+#: network.c:1663
 #, c-format
 msgid "using nameserver %s#%d for %s %s%s %s"
 msgstr ""
 
-#: network.c:1611
+#: network.c:1667
 #, c-format
 msgid "NOT using nameserver %s#%d - query loop detected"
 msgstr ""
 
-#: network.c:1614
+#: network.c:1670
 #, c-format
 msgid "using nameserver %s#%d(via %s)"
 msgstr ""
 
-#: network.c:1616
+#: network.c:1672
 #, c-format
 msgid "using nameserver %s#%d"
 msgstr ""
 
-#: network.c:1630
+#: network.c:1687
 #, c-format
 msgid "using only locally-known addresses for %s"
 msgstr ""
 
-#: network.c:1633
+#: network.c:1690
 #, c-format
 msgid "using standard nameservers for %s"
 msgstr ""
 
-#: network.c:1637
+#: network.c:1694
 #, c-format
 msgid "using %d more local addresses"
 msgstr ""
 
-#: network.c:1639
+#: network.c:1696
 #, c-format
 msgid "using %d more nameservers"
 msgstr ""
 
-#: dnsmasq.c:184
+#: dnsmasq.c:192
 msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
 msgstr ""
 
-#: dnsmasq.c:199
+#: dnsmasq.c:207
 msgid "no root trust anchor provided for DNSSEC"
 msgstr ""
 
-#: dnsmasq.c:202
+#: dnsmasq.c:210
 msgid "cannot reduce cache size from default when DNSSEC enabled"
 msgstr ""
 
-#: dnsmasq.c:204
+#: dnsmasq.c:212
 msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:210
+#: dnsmasq.c:218
 msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:217
+#: dnsmasq.c:225
 msgid "cannot use --conntrack AND --query-port"
 msgstr ""
 
-#: dnsmasq.c:223
+#: dnsmasq.c:231
 msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:228
+#: dnsmasq.c:236
 msgid "asynchronous logging is not available under Solaris"
 msgstr ""
 
-#: dnsmasq.c:233
+#: dnsmasq.c:241
 msgid "asynchronous logging is not available under Android"
 msgstr ""
 
-#: dnsmasq.c:238
+#: dnsmasq.c:246
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:243
+#: dnsmasq.c:251
 msgid "loop detection not available: set HAVE_LOOP in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:248
+#: dnsmasq.c:256
 msgid "Ubus not available: set HAVE_UBUS in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:259
+#: dnsmasq.c:267
 msgid "max_port cannot be smaller than min_port"
 msgstr ""
 
-#: dnsmasq.c:266
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
 msgid "--auth-server required when an auth zone is defined."
 msgstr ""
 
-#: dnsmasq.c:271
+#: dnsmasq.c:283
 msgid "zone serial must be configured in --auth-soa"
 msgstr ""
 
-#: dnsmasq.c:291
+#: dnsmasq.c:303
 msgid "dhcp-range constructor not available on this platform"
 msgstr ""
 
-#: dnsmasq.c:355
+#: dnsmasq.c:377
 msgid "cannot set --bind-interfaces and --bind-dynamic"
 msgstr ""
 
-#: dnsmasq.c:358
+#: dnsmasq.c:380
 #, c-format
 msgid "failed to find list of interfaces: %s"
 msgstr ""
 
-#: dnsmasq.c:367
+#: dnsmasq.c:389
 #, c-format
 msgid "unknown interface %s"
 msgstr ""
 
-#: dnsmasq.c:437
+#: dnsmasq.c:396
+#, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr ""
+
+#: dnsmasq.c:440
 msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:445 dnsmasq.c:1207
+#: dnsmasq.c:448 dnsmasq.c:1232
 #, c-format
 msgid "DBus error: %s"
 msgstr ""
 
-#: dnsmasq.c:448
+#: dnsmasq.c:451
 msgid "DBus not available: set HAVE_DBUS in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:456 dnsmasq.c:1228
+#: dnsmasq.c:459 dnsmasq.c:1253
 #, c-format
 msgid "UBus error: %s"
 msgstr ""
 
-#: dnsmasq.c:459
+#: dnsmasq.c:462
 msgid "UBus not available: set HAVE_UBUS in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:489
+#: dnsmasq.c:492
 #, c-format
 msgid "unknown user or group: %s"
 msgstr ""
 
-#: dnsmasq.c:565
+#: dnsmasq.c:568
 #, c-format
 msgid "process is missing required capability %s"
 msgstr ""
 
-#: dnsmasq.c:597
+#: dnsmasq.c:600
 #, c-format
 msgid "cannot chdir to filesystem root: %s"
 msgstr ""
 
-#: dnsmasq.c:845
+#: dnsmasq.c:852
 #, c-format
 msgid "started, version %s DNS disabled"
 msgstr ""
 
-#: dnsmasq.c:850
+#: dnsmasq.c:857
 #, c-format
 msgid "started, version %s cachesize %d"
 msgstr ""
 
-#: dnsmasq.c:852
+#: dnsmasq.c:859
 msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
 msgstr ""
 
-#: dnsmasq.c:855
+#: dnsmasq.c:862
 #, c-format
 msgid "started, version %s cache disabled"
 msgstr ""
 
-#: dnsmasq.c:858
+#: dnsmasq.c:865
 msgid "DNS service limited to local subnets"
 msgstr ""
 
-#: dnsmasq.c:861
+#: dnsmasq.c:868
 #, c-format
 msgid "compile time options: %s"
 msgstr ""
 
-#: dnsmasq.c:870
+#: dnsmasq.c:877
 msgid "DBus support enabled: connected to system bus"
 msgstr ""
 
-#: dnsmasq.c:872
+#: dnsmasq.c:879
 msgid "DBus support enabled: bus connection pending"
 msgstr ""
 
-#: dnsmasq.c:880
+#: dnsmasq.c:887
 msgid "UBus support enabled: connected to system bus"
 msgstr ""
 
-#: dnsmasq.c:882
+#: dnsmasq.c:889
 msgid "UBus support enabled: bus connection pending"
 msgstr ""
 
-#: dnsmasq.c:902
+#: dnsmasq.c:909
 msgid "DNSSEC validation enabled but all unsigned answers are trusted"
 msgstr ""
 
-#: dnsmasq.c:904
+#: dnsmasq.c:911
 msgid "DNSSEC validation enabled"
 msgstr ""
 
-#: dnsmasq.c:908
+#: dnsmasq.c:915
 msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
 msgstr ""
 
-#: dnsmasq.c:911
+#: dnsmasq.c:918
 msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr ""
 
-#: dnsmasq.c:914
+#: dnsmasq.c:921
 #, c-format
 msgid "configured with trust anchor for %s keytag %u"
 msgstr ""
 
-#: dnsmasq.c:920
+#: dnsmasq.c:927
 #, c-format
 msgid "warning: failed to change owner of %s: %s"
 msgstr ""
 
-#: dnsmasq.c:924
+#: dnsmasq.c:932
 msgid "setting --bind-interfaces option because of OS limitations"
 msgstr ""
 
-#: dnsmasq.c:936
+#: dnsmasq.c:945
 #, c-format
 msgid "warning: interface %s does not currently exist"
 msgstr ""
 
-#: dnsmasq.c:941
+#: dnsmasq.c:950
 msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr ""
 
-#: dnsmasq.c:944
+#: dnsmasq.c:953
 msgid "warning: no upstream servers configured"
 msgstr ""
 
-#: dnsmasq.c:948
+#: dnsmasq.c:957
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
 msgstr ""
 
-#: dnsmasq.c:969
+#: dnsmasq.c:978
 msgid "IPv6 router advertisement enabled"
 msgstr ""
 
-#: dnsmasq.c:974
+#: dnsmasq.c:983
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "root is "
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "enabled"
 msgstr ""
 
-#: dnsmasq.c:993
+#: dnsmasq.c:1002
 msgid "secure mode"
 msgstr ""
 
-#: dnsmasq.c:994
+#: dnsmasq.c:1003
 msgid "single port mode"
 msgstr ""
 
-#: dnsmasq.c:997
+#: dnsmasq.c:1006
 #, c-format
 msgid "warning: %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1001
+#: dnsmasq.c:1010
 #, c-format
 msgid "warning: TFTP directory %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1027
+#: dnsmasq.c:1036
 #, c-format
 msgid "restricting maximum simultaneous TFTP transfers to %d"
 msgstr ""
 
-#: dnsmasq.c:1204
+#: dnsmasq.c:1095
+#, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr ""
+
+#: dnsmasq.c:1229
 msgid "connected to system DBus"
 msgstr ""
 
-#: dnsmasq.c:1225
+#: dnsmasq.c:1250
 msgid "connected to system UBus"
 msgstr ""
 
-#: dnsmasq.c:1391
+#: dnsmasq.c:1416
 #, c-format
 msgid "cannot fork into background: %s"
 msgstr ""
 
-#: dnsmasq.c:1395
+#: dnsmasq.c:1420
 #, c-format
 msgid "failed to create helper: %s"
 msgstr ""
 
-#: dnsmasq.c:1399
+#: dnsmasq.c:1424
 #, c-format
 msgid "setting capabilities failed: %s"
 msgstr ""
 
-#: dnsmasq.c:1403
+#: dnsmasq.c:1428
 #, c-format
 msgid "failed to change user-id to %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1407
+#: dnsmasq.c:1432
 #, c-format
 msgid "failed to change group-id to %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1411
+#: dnsmasq.c:1436
 #, c-format
 msgid "failed to open pidfile %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1415
+#: dnsmasq.c:1440
 #, c-format
 msgid "cannot open log %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1419
+#: dnsmasq.c:1444
 #, c-format
 msgid "failed to load Lua script: %s"
 msgstr ""
 
-#: dnsmasq.c:1423
+#: dnsmasq.c:1448
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
 msgstr ""
 
-#: dnsmasq.c:1427
+#: dnsmasq.c:1452
 #, c-format
 msgid "cannot create timestamp file %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1511
+#: dnsmasq.c:1536
 #, c-format
 msgid "script process killed by signal %d"
 msgstr ""
 
-#: dnsmasq.c:1515
+#: dnsmasq.c:1540
 #, c-format
 msgid "script process exited with status %d"
 msgstr ""
 
-#: dnsmasq.c:1519
+#: dnsmasq.c:1544
 #, c-format
 msgid "failed to execute %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1559
+#: dnsmasq.c:1584
 msgid "now checking DNSSEC signature timestamps"
 msgstr ""
 
-#: dnsmasq.c:1594 dnssec.c:160 dnssec.c:204
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
 #, c-format
 msgid "failed to update mtime on %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1606
+#: dnsmasq.c:1631
 msgid "exiting on receipt of SIGTERM"
 msgstr ""
 
-#: dnsmasq.c:1634
+#: dnsmasq.c:1659
 #, c-format
 msgid "failed to access %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1664
+#: dnsmasq.c:1690
 #, c-format
 msgid "reading %s"
 msgstr ""
 
-#: dnsmasq.c:1675
+#: dnsmasq.c:1706
 #, c-format
 msgid "no servers found in %s, will retry"
 msgstr ""
 
-#: dhcp.c:53
+#: dhcp.c:51
 #, c-format
 msgid "cannot create DHCP socket: %s"
 msgstr ""
 
-#: dhcp.c:68
+#: dhcp.c:66
 #, c-format
 msgid "failed to set options on DHCP socket: %s"
 msgstr ""
 
-#: dhcp.c:89
+#: dhcp.c:87
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
 msgstr ""
 
-#: dhcp.c:101
+#: dhcp.c:99
 #, c-format
 msgid "failed to bind DHCP server socket: %s"
 msgstr ""
 
-#: dhcp.c:127
+#: dhcp.c:125
 #, c-format
 msgid "cannot create ICMP raw socket: %s."
 msgstr ""
 
-#: dhcp.c:252 dhcp6.c:180
+#: dhcp.c:254 dhcp6.c:186
 #, c-format
 msgid "unknown interface %s in bridge-interface"
 msgstr ""
 
-#: dhcp.c:293
+#: dhcp.c:295
 #, c-format
 msgid "DHCP packet received on %s which has no address"
 msgstr ""
 
-#: dhcp.c:428
+#: dhcp.c:429
 #, c-format
 msgid "ARP-cache injection failed: %s"
 msgstr ""
 
-#: dhcp.c:473
+#: dhcp.c:490
 #, c-format
 msgid "Error sending DHCP packet to %s: %s"
 msgstr ""
 
-#: dhcp.c:530
+#: dhcp.c:547
 #, c-format
 msgid "DHCP range %s -- %s is not consistent with netmask %s"
 msgstr ""
 
-#: dhcp.c:918
+#: dhcp.c:930
 #, c-format
 msgid "bad line at %s line %d"
 msgstr ""
 
-#: dhcp.c:961
+#: dhcp.c:973
 #, c-format
 msgid "ignoring %s line %d, duplicate name or IP address"
 msgstr ""
 
-#: dhcp.c:1105 rfc3315.c:2182
+#: dhcp.c:1034
 #, c-format
-msgid "DHCP relay %s -> %s"
+msgid "read %s - %d addresses"
+msgstr ""
+
+#: dhcp.c:1136
+#, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr ""
+
+#: dhcp.c:1160
+#, c-format
+msgid "broadcast via %s"
+msgstr ""
+
+#: dhcp.c:1163 rfc3315.c:2219
+#, c-format
+msgid "DHCP relay at %s -> %s"
 msgstr ""
 
 #: lease.c:64
@@ -1898,7 +2036,7 @@ msgstr ""
 msgid "%u available DHCP subnet: %s/%s"
 msgstr ""
 
-#: rfc2131.c:409 rfc3315.c:319
+#: rfc2131.c:409 rfc3315.c:320
 #, c-format
 msgid "%u available DHCP range: %s -- %s"
 msgstr ""
@@ -1917,12 +2055,12 @@ msgstr ""
 msgid "disabled"
 msgstr ""
 
-#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1532 rfc3315.c:632 rfc3315.c:815
-#: rfc3315.c:1121
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
 msgid "ignored"
 msgstr ""
 
-#: rfc2131.c:613 rfc2131.c:1333 rfc3315.c:867
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
 msgid "address in use"
 msgstr ""
 
@@ -1930,7 +2068,7 @@ msgstr ""
 msgid "no address available"
 msgstr ""
 
-#: rfc2131.c:634 rfc2131.c:1295
+#: rfc2131.c:634 rfc2131.c:1302
 msgid "wrong network"
 msgstr ""
 
@@ -1938,11 +2076,11 @@ msgstr ""
 msgid "no address configured"
 msgstr ""
 
-#: rfc2131.c:655 rfc2131.c:1346
+#: rfc2131.c:655 rfc2131.c:1353
 msgid "no leases left"
 msgstr ""
 
-#: rfc2131.c:756 rfc3315.c:499
+#: rfc2131.c:756 rfc3315.c:500
 #, c-format
 msgid "%u client provides name: %s"
 msgstr ""
@@ -1951,7 +2089,7 @@ msgstr ""
 msgid "PXE BIS not supported"
 msgstr ""
 
-#: rfc2131.c:1054 rfc3315.c:1222
+#: rfc2131.c:1054 rfc3315.c:1223
 #, c-format
 msgid "disabling DHCP static address %s for %s"
 msgstr ""
@@ -1975,108 +2113,108 @@ msgstr ""
 msgid "not using configured address %s because it was previously declined"
 msgstr ""
 
-#: rfc2131.c:1139 rfc2131.c:1339
+#: rfc2131.c:1139 rfc2131.c:1346
 msgid "no unique-id"
 msgstr ""
 
-#: rfc2131.c:1231
+#: rfc2131.c:1238
 msgid "wrong server-ID"
 msgstr ""
 
-#: rfc2131.c:1250
+#: rfc2131.c:1257
 msgid "wrong address"
 msgstr ""
 
-#: rfc2131.c:1268 rfc3315.c:975
+#: rfc2131.c:1275 rfc3315.c:976
 msgid "lease not found"
 msgstr ""
 
-#: rfc2131.c:1303
+#: rfc2131.c:1310
 msgid "address not available"
 msgstr ""
 
-#: rfc2131.c:1314
+#: rfc2131.c:1321
 msgid "static lease available"
 msgstr ""
 
-#: rfc2131.c:1318
+#: rfc2131.c:1325
 msgid "address reserved"
 msgstr ""
 
-#: rfc2131.c:1327
+#: rfc2131.c:1334
 #, c-format
 msgid "abandoning lease to %s of %s"
 msgstr ""
 
-#: rfc2131.c:1866
+#: rfc2131.c:1870
 #, c-format
 msgid "%u bootfile name: %s"
 msgstr ""
 
-#: rfc2131.c:1875
+#: rfc2131.c:1879
 #, c-format
 msgid "%u server name: %s"
 msgstr ""
 
-#: rfc2131.c:1885
+#: rfc2131.c:1889
 #, c-format
 msgid "%u next server: %s"
 msgstr ""
 
-#: rfc2131.c:1889
+#: rfc2131.c:1893
 #, c-format
 msgid "%u broadcast response"
 msgstr ""
 
-#: rfc2131.c:1952
+#: rfc2131.c:1956
 #, c-format
 msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
 msgstr ""
 
-#: rfc2131.c:2262
+#: rfc2131.c:2267
 msgid "PXE menu too large"
 msgstr ""
 
-#: rfc2131.c:2425 rfc3315.c:1511
+#: rfc2131.c:2430 rfc3315.c:1517
 #, c-format
 msgid "%u requested options: %s"
 msgstr ""
 
-#: rfc2131.c:2742
+#: rfc2131.c:2747
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
 msgstr ""
 
-#: rfc2131.c:2805
+#: rfc2131.c:2810
 #, c-format
 msgid "%u reply delay: %d"
 msgstr ""
 
-#: netlink.c:93
+#: netlink.c:86
 #, c-format
 msgid "cannot create netlink socket: %s"
 msgstr ""
 
-#: netlink.c:377
+#: netlink.c:379
 #, c-format
 msgid "netlink returns error: %s"
 msgstr ""
 
-#: dbus.c:434
+#: dbus.c:491
 #, c-format
 msgid "Enabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:439
+#: dbus.c:496
 #, c-format
 msgid "Disabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:713
+#: dbus.c:857
 msgid "setting upstream servers from DBus"
 msgstr ""
 
-#: dbus.c:760
+#: dbus.c:907
 msgid "could not register a DBus message handler"
 msgstr ""
 
@@ -2103,51 +2241,51 @@ msgstr ""
 msgid "lease() function missing in Lua script"
 msgstr ""
 
-#: tftp.c:349
+#: tftp.c:353
 msgid "unable to get free port for TFTP"
 msgstr ""
 
-#: tftp.c:365
+#: tftp.c:369
 #, c-format
 msgid "unsupported request from %s"
 msgstr ""
 
-#: tftp.c:512
+#: tftp.c:520
 #, c-format
-msgid "file %s not found"
+msgid "file %s not found for %s"
 msgstr ""
 
-#: tftp.c:602
+#: tftp.c:609
 #, c-format
 msgid "ignoring packet from %s (TID mismatch)"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "failed sending %s to %s"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "sent %s to %s"
 msgstr ""
 
-#: tftp.c:696
+#: tftp.c:712
 #, c-format
 msgid "error %d %s received from %s"
 msgstr ""
 
-#: log.c:190
+#: log.c:203
 #, c-format
 msgid "overflow: %d log entries lost"
 msgstr ""
 
-#: log.c:268
+#: log.c:281
 #, c-format
 msgid "log failed: %s"
 msgstr ""
 
-#: log.c:477
+#: log.c:490
 msgid "FAILED to start up"
 msgstr ""
 
@@ -2156,17 +2294,17 @@ msgstr ""
 msgid "Conntrack connection mark retrieval failed: %s"
 msgstr ""
 
-#: dhcp6.c:52
+#: dhcp6.c:51
 #, c-format
 msgid "cannot create DHCPv6 socket: %s"
 msgstr ""
 
-#: dhcp6.c:73
+#: dhcp6.c:72
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
 msgstr ""
 
-#: dhcp6.c:85
+#: dhcp6.c:84
 #, c-format
 msgid "failed to bind DHCPv6 server socket: %s"
 msgstr ""
@@ -2181,145 +2319,151 @@ msgstr ""
 msgid "no address range available for DHCPv6 request via %s"
 msgstr ""
 
-#: rfc3315.c:316
+#: rfc3315.c:317
 #, c-format
 msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr ""
 
-#: rfc3315.c:399
+#: rfc3315.c:400
 #, c-format
 msgid "%u vendor class: %u"
 msgstr ""
 
-#: rfc3315.c:447
+#: rfc3315.c:448
 #, c-format
 msgid "%u client MAC address: %s"
 msgstr ""
 
-#: rfc3315.c:762 rfc3315.c:859
+#: rfc3315.c:763 rfc3315.c:860
 msgid "address unavailable"
 msgstr ""
 
-#: rfc3315.c:774 rfc3315.c:903 rfc3315.c:1272
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
 msgid "success"
 msgstr ""
 
-#: rfc3315.c:789 rfc3315.c:798 rfc3315.c:911 rfc3315.c:913 rfc3315.c:1047
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
 msgid "no addresses available"
 msgstr ""
 
-#: rfc3315.c:890
+#: rfc3315.c:891
 msgid "not on link"
 msgstr ""
 
-#: rfc3315.c:979 rfc3315.c:1180 rfc3315.c:1261
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
 msgid "no binding found"
 msgstr ""
 
-#: rfc3315.c:1016
+#: rfc3315.c:1017
 msgid "deprecated"
 msgstr ""
 
-#: rfc3315.c:1023
+#: rfc3315.c:1024
 msgid "address invalid"
 msgstr ""
 
-#: rfc3315.c:1081 rfc3315.c:1083
+#: rfc3315.c:1082 rfc3315.c:1084
 msgid "confirm failed"
 msgstr ""
 
-#: rfc3315.c:1098
+#: rfc3315.c:1099
 msgid "all addresses still on link"
 msgstr ""
 
-#: rfc3315.c:1189
+#: rfc3315.c:1190
 msgid "release received"
 msgstr ""
 
-#: rfc3315.c:2173
-msgid "Cannot multicast to DHCPv6 server without correct interface"
+#: rfc3315.c:2200
+#, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
+msgstr ""
+
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
 msgstr ""
 
-#: dhcp-common.c:154
+#: dhcp-common.c:187
 #, c-format
 msgid "Ignoring duplicate dhcp-option %d"
 msgstr ""
 
-#: dhcp-common.c:231
+#: dhcp-common.c:264
 #, c-format
 msgid "%u tags: %s"
 msgstr ""
 
-#: dhcp-common.c:451
+#: dhcp-common.c:484
 #, c-format
 msgid "%s has more than one address in hostsfile, using %s for DHCP"
 msgstr ""
 
-#: dhcp-common.c:485
+#: dhcp-common.c:518
 #, c-format
 msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr ""
 
-#: dhcp-common.c:549
-#, c-format
-msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr ""
-
-#: dhcp-common.c:672
+#: dhcp-common.c:738
 #, c-format
 msgid "Known DHCP options:\n"
 msgstr ""
 
-#: dhcp-common.c:683
+#: dhcp-common.c:749
 #, c-format
 msgid "Known DHCPv6 options:\n"
 msgstr ""
 
-#: dhcp-common.c:880
+#: dhcp-common.c:946
 msgid ", prefix deprecated"
 msgstr ""
 
-#: dhcp-common.c:883
+#: dhcp-common.c:949
 #, c-format
 msgid ", lease time "
 msgstr ""
 
-#: dhcp-common.c:925
+#: dhcp-common.c:991
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
 msgstr ""
 
-#: dhcp-common.c:927
+#: dhcp-common.c:993
 #, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
 msgstr ""
 
-#: dhcp-common.c:929
+#: dhcp-common.c:995
 #, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
 msgstr ""
 
-#: dhcp-common.c:930
+#: dhcp-common.c:996
 #, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
 msgstr ""
 
-#: dhcp-common.c:943
+#: dhcp-common.c:1009
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
 msgstr ""
 
-#: dhcp-common.c:946
+#: dhcp-common.c:1012
 #, c-format
 msgid "router advertisement on %s%s"
 msgstr ""
 
-#: dhcp-common.c:957
+#: dhcp-common.c:1043
+#, c-format
+msgid "DHCP relay from %s via %s"
+msgstr ""
+
+#: dhcp-common.c:1045
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
 msgstr ""
 
-#: dhcp-common.c:959
+#: dhcp-common.c:1048
 #, c-format
 msgid "DHCP relay from %s to %s"
 msgstr ""
@@ -2329,7 +2473,7 @@ msgstr ""
 msgid "cannot create ICMPv6 socket: %s"
 msgstr ""
 
-#: auth.c:464
+#: auth.c:462
 #, c-format
 msgid "ignoring zone transfer request from %s"
 msgstr ""
@@ -2441,14 +2585,14 @@ msgstr ""
 msgid "system time considered valid, now checking DNSSEC signature timestamps."
 msgstr ""
 
-#: dnssec.c:1014
+#: dnssec.c:1018
 #, c-format
 msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
 msgstr ""
 
 #: blockdata.c:55
 #, c-format
-msgid "pool memory in use %u, max %u, allocated %u"
+msgid "pool memory in use %zu, max %zu, allocated %zu"
 msgstr ""
 
 #: tables.c:61
@@ -2510,38 +2654,57 @@ msgstr ""
 msgid "directory %s for resolv-file is missing, cannot poll"
 msgstr ""
 
-#: inotify.c:131 inotify.c:168
+#: inotify.c:131 inotify.c:200
 #, c-format
 msgid "failed to create inotify for %s: %s"
 msgstr ""
 
-#: inotify.c:153
+#: inotify.c:178 inotify.c:185
 #, c-format
 msgid "bad dynamic directory %s: %s"
 msgstr ""
 
-#: inotify.c:257
+#: inotify.c:186
+msgid "not a directory"
+msgstr ""
+
+#: inotify.c:299
 #, c-format
-msgid "inotify, new or changed file %s"
+msgid "inotify: %s removed"
 msgstr ""
 
-#: dump.c:64
+#: inotify.c:301
+#, c-format
+msgid "inotify: %s new or modified"
+msgstr ""
+
+#: inotify.c:309
+#, c-format
+msgid "inotify: flushed %u names read from %s"
+msgstr ""
+
+#: dump.c:68
 #, c-format
 msgid "cannot create %s: %s"
 msgstr ""
 
-#: dump.c:70
+#: dump.c:74
 #, c-format
 msgid "bad header in %s"
 msgstr ""
 
-#: dump.c:205
+#: dump.c:287
 msgid "failed to write packet dump"
 msgstr ""
 
-#: dump.c:207
+#: dump.c:289
+#, c-format
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr ""
+
+#: dump.c:291
 #, c-format
-msgid "dumping UDP packet %u mask 0x%04x"
+msgid "dumping packet %u mask 0x%04x"
 msgstr ""
 
 #: ubus.c:79
@@ -2574,3 +2737,7 @@ msgstr ""
 #: hash-questions.c:40
 msgid "Failed to create SHA-256 hash object"
 msgstr ""
+
+#: nftset.c:35
+msgid "failed to create nftset context"
+msgstr ""
diff --git a/po/fr.po b/po/fr.po
index a97dc2f..c17c595 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -14,72 +14,77 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 
-#: cache.c:572
+#: cache.c:652
 msgid "Internal error in cache."
 msgstr ""
 
-#: cache.c:1094
+#: cache.c:1179
 #, c-format
 msgid "failed to load names from %s: %s"
 msgstr "Impossible de charger les noms à partir de %s : %s"
 
-#: cache.c:1116 dhcp.c:931
+#: cache.c:1201 dhcp.c:943
 #, c-format
 msgid "bad address at %s line %d"
 msgstr "mauvaise adresse dans %s ligne %d"
 
-#: cache.c:1169 dhcp.c:947
+#: cache.c:1254 dhcp.c:959
 #, c-format
 msgid "bad name at %s line %d"
 msgstr "mauvais nom dans %s ligne %d"
 
-#: cache.c:1180 dhcp.c:1022
-#, c-format
-msgid "read %s - %d addresses"
+#: cache.c:1265
+#, fuzzy, c-format
+msgid "read %s - %d names"
 msgstr "lecture %s - %d adresses"
 
-#: cache.c:1296
+#: cache.c:1381
 msgid "cleared cache"
 msgstr "cache vidé"
 
-#: cache.c:1358
+#: cache.c:1445
 #, c-format
 msgid "No IPv4 address found for %s"
 msgstr "Aucune adresse IPv4 trouvée pour %s"
 
-#: cache.c:1404
+#: cache.c:1491
 #, c-format
 msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
 msgstr "%s est un CNAME, il ne sera pas donné au bail DHCP de %s"
 
-#: cache.c:1428
+#: cache.c:1515
 #, c-format
 msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
 msgstr "ne donne pas de nom %s au bail DHCP de %s parce-que le nom existe dans %s avec l'adresse %s"
 
-#: cache.c:1674
+#: cache.c:1760
 #, c-format
 msgid "time %lu"
 msgstr "horodatage %lu"
 
-#: cache.c:1675
+#: cache.c:1761
 #, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
 msgstr "taille de cache %d, %d/%d insertions dans le cache entrées non-expirées réutilisées"
 
-#: cache.c:1677
+#: cache.c:1763
 #, c-format
 msgid "queries forwarded %u, queries answered locally %u"
 msgstr "requêtes transmises %u, requêtes résolues localement %u"
 
-#: cache.c:1680
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
 #, fuzzy, c-format
 msgid "queries for authoritative zones %u"
 msgstr "Configure la durée de vie (Time To Live) pour les réponses faisant autorité"
 
-#: cache.c:1702
-#, c-format
-msgid "server %s#%d: queries sent %u, retried or failed %u"
+#: cache.c:1796
+#, fuzzy, c-format
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
 msgstr "serveur %s#%d: requêtes envoyées %u, requêtes réessayées ou échouées %u"
 
 #: util.c:51
@@ -87,766 +92,817 @@ msgstr "serveur %s#%d: requ
 msgid "failed to seed the random number generator: %s"
 msgstr "impossible d'initialiser le générateur de nombre aléatoire : %s"
 
-#: util.c:228
+#: util.c:246
 msgid "failed to allocate memory"
 msgstr "impossible d'allouer la mémoire"
 
-#: util.c:285 option.c:665
+#: util.c:305 option.c:696
 msgid "could not get memory"
 msgstr "impossible d'allouer de la mémoire"
 
-#: util.c:306
+#: util.c:326
 #, c-format
 msgid "cannot create pipe: %s"
 msgstr "Ne peut pas créer le tube %s : %s"
 
-#: util.c:314
+#: util.c:334
 #, c-format
 msgid "failed to allocate %d bytes"
 msgstr "impossible d'allouer %d octets"
 
-#: util.c:520
+#: util.c:344
+#, fuzzy, c-format
+msgid "failed to reallocate %d bytes"
+msgstr "impossible d'allouer %d octets"
+
+#: util.c:465
+#, fuzzy, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr "ne peux lier une socket netlink : %s"
+
+#: util.c:579
 #, c-format
 msgid "infinite"
 msgstr "illimité(e)"
 
-#: util.c:808
+#: util.c:867
 #, c-format
 msgid "failed to find kernel version: %s"
 msgstr "impossible de trouver la version de noyau : %s"
 
-#: option.c:372
+#: option.c:393
 msgid "Specify local address(es) to listen on."
 msgstr "Spécifie la ou les adresse(s) locales où le démon doit se mettre à l'écoute."
 
-#: option.c:373
+#: option.c:394
 msgid "Return ipaddr for all hosts in specified domains."
 msgstr "Retourne les adresses IP pour toutes les machines présentes dans les domaines spécifiés"
 
-#: option.c:374
+#: option.c:395
 msgid "Fake reverse lookups for RFC1918 private address ranges."
 msgstr "Traduction inverse truquée pour la plage d'adresse privée RFC1918"
 
-#: option.c:375
+#: option.c:396
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
 msgstr "Traite l'adresse IP comme un domaine inexistant NXDOMAIN (contourne le systeme de redirection de Verisign)"
 
-#: option.c:376
+#: option.c:397
 #, c-format
 msgid "Specify the size of the cache in entries (defaults to %s)."
 msgstr "Spécifie le nombre d'entrées que contiendra le cache (par défaut : %s)."
 
-#: option.c:377
+#: option.c:398
 #, c-format
 msgid "Specify configuration file (defaults to %s)."
 msgstr "Spécifie le nom du fichier de configuration (par défaut : %s)"
 
-#: option.c:378
+#: option.c:399
 msgid "Do NOT fork into the background: run in debug mode."
 msgstr "Ne passe pas en tâche de fond : démarre en mode debug"
 
-#: option.c:379
+#: option.c:400
 msgid "Do NOT forward queries with no domain part."
 msgstr "Ne retransmet pas les requêtes qui n'ont pas de domaine."
 
-#: option.c:380
+#: option.c:401
 msgid "Return self-pointing MX records for local hosts."
 msgstr "Retourne les champs MX pour les machines locales."
 
-#: option.c:381
+#: option.c:402
 msgid "Expand simple names in /etc/hosts with domain-suffix."
 msgstr "Etend les noms uniques des machines dans /etc/hosts avec le suffixe du domaine."
 
-#: option.c:382
+#: option.c:403
 msgid "Don't forward spurious DNS requests from Windows hosts."
 msgstr "Ne retransmet pas les fausses requêtes DNS en provenance des machines Windows."
 
-#: option.c:383
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr ""
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr ""
+
+#: option.c:406
 msgid "Enable DHCP in the range given with lease duration."
 msgstr "Autorise DHCP dans la plage d'adresses donnée sur la durée de validité du bail."
 
-#: option.c:384
+#: option.c:407
 #, c-format
 msgid "Change to this group after startup (defaults to %s)."
 msgstr "On change pour ce groupe après le démarrage (par défaut : %s)."
 
-#: option.c:385
+#: option.c:408
 msgid "Set address or hostname for a specified machine."
 msgstr "On assigne une adresse ou un nom pour une machine spécifiée."
 
-#: option.c:386
+#: option.c:409
 msgid "Read DHCP host specs from file."
 msgstr "Lecture des spécifications d'hôtes DHCP à partir du fichier"
 
-#: option.c:387
+#: option.c:410
 msgid "Read DHCP option specs from file."
 msgstr "Lecture des options DHCP à partir du fichier"
 
-#: option.c:388
+#: option.c:411
 #, fuzzy
 msgid "Read DHCP host specs from a directory."
 msgstr "Lecture des spécifications d'hôtes DHCP à partir du fichier"
 
-#: option.c:389
+#: option.c:412
 #, fuzzy
 msgid "Read DHCP options from a directory."
 msgstr "Lecture des options DHCP à partir du fichier"
 
-#: option.c:390
+#: option.c:413
 msgid "Evaluate conditional tag expression."
 msgstr "Expression d'évaluation conditionnelle d'étiquette"
 
-#: option.c:391
+#: option.c:414
 #, c-format
 msgid "Do NOT load %s file."
 msgstr "Ne charge PAS le fichier %s."
 
-#: option.c:392
+#: option.c:415
 #, c-format
 msgid "Specify a hosts file to be read in addition to %s."
 msgstr "Spécifie un nom de fichier hosts à lire en complément de %s"
 
-#: option.c:393
+#: option.c:416
 #, fuzzy
 msgid "Read hosts files from a directory."
 msgstr "Lecture des spécifications d'hôtes DHCP à partir du fichier"
 
-#: option.c:394
+#: option.c:417
 msgid "Specify interface(s) to listen on."
 msgstr "Spécifie la ou les interface(s) où le démon doit se mettre à l'écoute."
 
-#: option.c:395
+#: option.c:418
 msgid "Specify interface(s) NOT to listen on."
 msgstr "Spécifie la ou les interface(s) que le démon ne doit PAS traiter."
 
 #
-#: option.c:396
+#: option.c:419
 msgid "Map DHCP user class to tag."
 msgstr "Associe les classes d'utilisateurs ('user class') DHCP aux options."
 
-#: option.c:397
+#: option.c:420
 msgid "Map RFC3046 circuit-id to tag."
 msgstr "Associe les identifiants de circuits RFC3046 ('circuit-id') aux options"
 
-#: option.c:398
+#: option.c:421
 msgid "Map RFC3046 remote-id to tag."
 msgstr "Associe les identifiants distants RFC3046 ('remote-id') aux options"
 
-#: option.c:399
+#: option.c:422
 msgid "Map RFC3993 subscriber-id to tag."
 msgstr "Associe les identifiants de souscripteurs RFC3993 ('subscriber-id') aux options"
 
-#: option.c:400
+#: option.c:423
 msgid "Specify vendor class to match for PXE requests."
 msgstr ""
 
 #
-#: option.c:401
+#: option.c:424
 msgid "Don't do DHCP for hosts with tag set."
 msgstr "Ne pas autoriser DHCP pour les machines énumerées dans les options."
 
 #
-#: option.c:402
+#: option.c:425
 msgid "Force broadcast replies for hosts with tag set."
 msgstr "Forcer les réponses par 'broadcast' pour les machines énumerées dans les options."
 
-#: option.c:403
+#: option.c:426
 msgid "Do NOT fork into the background, do NOT run in debug mode."
 msgstr "Ne passe pas en tâche de fond, ne pas s'exécuter en mode debug."
 
-#: option.c:404
+#: option.c:427
 msgid "Assume we are the only DHCP server on the local network."
 msgstr "On considère que l'on est le seul serveur DHCP sur le réseau local."
 
-#: option.c:405
+#: option.c:428
 #, c-format
 msgid "Specify where to store DHCP leases (defaults to %s)."
 msgstr "Spécifie où il faut sauvegarder les baux DHCP (par défaut : %s)."
 
-#: option.c:406
+#: option.c:429
 msgid "Return MX records for local hosts."
 msgstr "Retourne les champs MX pour les machines locales."
 
-#: option.c:407
+#: option.c:430
 msgid "Specify an MX record."
 msgstr "Spécifie un champ MX."
 
-#: option.c:408
+#: option.c:431
 msgid "Specify BOOTP options to DHCP server."
 msgstr "Spécifie les options BOOTP pour le serveur DHCP."
 
-#: option.c:409
+#: option.c:432
 #, c-format
 msgid "Do NOT poll %s file, reload only on SIGHUP."
 msgstr "Ne pas scruter le fichier %s, ne recharger les modifications que sur réception du signal SIGHUP."
 
-#: option.c:410
+#: option.c:433
 msgid "Do NOT cache failed search results."
 msgstr "Ne place pas en cache le résultat des requêtes qui ont échouées."
 
-#: option.c:411
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
+#: option.c:435
 #, c-format
 msgid "Use nameservers strictly in the order given in %s."
 msgstr "Utilise les serveurs de noms dans l'ordre donné dans %s."
 
 #
-#: option.c:412
+#: option.c:436
 msgid "Specify options to be sent to DHCP clients."
 msgstr "Options supplémentaires à associer aux clients DHCP."
 
-#: option.c:413
+#: option.c:437
 msgid "DHCP option sent even if the client does not request it."
 msgstr "Option DHCP envoyée même si le client de la demande pas."
 
-#: option.c:414
+#: option.c:438
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
 msgstr "Spécifie le port où il faut écouter les requêtes DNS (par défaut : 53)."
 
-#: option.c:415
+#: option.c:439
 #, c-format
 msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
 msgstr "Taille maximale des paquets UDP supportés pour EDNS.0 (par défaut : %s)."
 
 #
-#: option.c:416
+#: option.c:440
 msgid "Log DNS queries."
 msgstr "Enregistre les requêtes DNS dans un journal d'activité."
 
 #
-#: option.c:417
+#: option.c:441
 msgid "Force the originating port for upstream DNS queries."
 msgstr "Force le port d'origine pour les requêtes vers les serveurs amonts."
 
-#: option.c:418
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
+#: option.c:443
 msgid "Do NOT read resolv.conf."
 msgstr "Ne pas lire le fichier resolv.conf."
 
-#: option.c:419
+#: option.c:444
 #, c-format
 msgid "Specify path to resolv.conf (defaults to %s)."
 msgstr "Spécifie le chemin pour le fichier resolv.conf (par défaut : %s)."
 
-#: option.c:420
+#: option.c:445
 #, fuzzy
 msgid "Specify path to file with server= options"
 msgstr "Spécifie un chemin pour le fichier PID (par défaut : %s)."
 
-#: option.c:421
+#: option.c:446
 msgid "Specify address(es) of upstream servers with optional domains."
 msgstr "Spécifie la ou les adresses des serveurs amonts avec des domaines optionels."
 
-#: option.c:422
+#: option.c:447
 #, fuzzy
 msgid "Specify address of upstream servers for reverse address queries"
 msgstr "Spécifie la ou les adresses des serveurs amonts avec des domaines optionels."
 
-#: option.c:423
+#: option.c:448
 msgid "Never forward queries to specified domains."
 msgstr "Ne jamais retransmettre les requêtes pour les domaines spécifiés."
 
-#: option.c:424
+#: option.c:449
 msgid "Specify the domain to be assigned in DHCP leases."
 msgstr "Spécifie le domaine qui doit etre assigné aux baux DHCP."
 
-#: option.c:425
+#: option.c:450
 msgid "Specify default target in an MX record."
 msgstr "Spécifie la cible par défaut dans un champ MX."
 
-#: option.c:426
+#: option.c:451
 msgid "Specify time-to-live in seconds for replies from /etc/hosts."
 msgstr "Spécifie le TTL en secondes pour les réponses qui utilisent /etc/hosts."
 
 #
-#: option.c:427
+#: option.c:452
 msgid "Specify time-to-live in seconds for negative caching."
 msgstr "Spécifie le TTL en secondes pour les réponses qui utilisent /etc/hosts."
 
-#: option.c:428
+#: option.c:453
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
 msgstr "Spécifie, en secondes, la valeur maximum de TTL à renvoyer aux clients."
 
 #
-#: option.c:429
+#: option.c:454
 #, fuzzy
 msgid "Specify time-to-live ceiling for cache."
 msgstr "Spécifie le TTL en secondes pour les réponses qui utilisent /etc/hosts."
 
 #
-#: option.c:430
+#: option.c:455
 #, fuzzy
 msgid "Specify time-to-live floor for cache."
 msgstr "Spécifie le TTL en secondes pour les réponses qui utilisent /etc/hosts."
 
-#: option.c:431
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
+#: option.c:457
 #, c-format
 msgid "Change to this user after startup. (defaults to %s)."
 msgstr "Change pour cet utilisateur après le démarrage (par défaut : %s)."
 
 #
-#: option.c:432
+#: option.c:458
 msgid "Map DHCP vendor class to tag."
 msgstr "Associe les classes de fournisseurs ('vendor class') DHCP aux options."
 
-#: option.c:433
+#: option.c:459
 msgid "Display dnsmasq version and copyright information."
 msgstr "Affiche la version de Dnsmasq et les informations liées au copyright."
 
-#: option.c:434
+#: option.c:460
 msgid "Translate IPv4 addresses from upstream servers."
 msgstr "Traduit les adresses IPV4 des serveurs amonts."
 
-#: option.c:435
+#: option.c:461
 msgid "Specify a SRV record."
 msgstr "Spécifie un champ SRV."
 
-#: option.c:436
+#: option.c:462
 #, fuzzy
 msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
 msgstr "Afficher ce message. Utiliser --help dhcp pour obtenir la liste des options DHCP connues."
 
-#: option.c:437
+#: option.c:463
 #, c-format
 msgid "Specify path of PID file (defaults to %s)."
 msgstr "Spécifie un chemin pour le fichier PID (par défaut : %s)."
 
-#: option.c:438
+#: option.c:464
 #, c-format
 msgid "Specify maximum number of DHCP leases (defaults to %s)."
 msgstr "Spécifie le nombre maximum de baux DHCP (par défaut : %s)."
 
-#: option.c:439
+#: option.c:465
 msgid "Answer DNS queries based on the interface a query was sent to."
 msgstr "Repond aux requêtes DNS en se basant sur l'interface ou a été envoyée la requête."
 
-#: option.c:440
+#: option.c:466
 msgid "Specify TXT DNS record."
 msgstr "Spécifie un champ DNS TXT"
 
 #
-#: option.c:441
+#: option.c:467
 msgid "Specify PTR DNS record."
 msgstr "Spécifie un champ DNS PTR"
 
-#: option.c:442
+#: option.c:468
 msgid "Give DNS name to IPv4 address of interface."
 msgstr "Donne le nom DNS pour l'adresse IPv4 de l'interface."
 
-#: option.c:443
+#: option.c:469
 msgid "Bind only to interfaces in use."
 msgstr "Association uniquement aux interfaces réseau actuellement actives."
 
-#: option.c:444
+#: option.c:470
 #, c-format
 msgid "Read DHCP static host information from %s."
 msgstr "Lecture des informations de DHCP statique à partir de %s."
 
-#: option.c:445
+#: option.c:471
 msgid "Enable the DBus interface for setting upstream servers, etc."
 msgstr "Autorise l'interface DBus pour la configuration des serveurs amonts, etc."
 
-#: option.c:446
+#: option.c:472
 msgid "Enable the UBus interface."
 msgstr ""
 
-#: option.c:447
+#: option.c:473
 msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr "Ne pas assurer de fonction DHCP sur cette interface, mais seulement la fonction DNS."
 
-#: option.c:448
+#: option.c:474
 msgid "Enable dynamic address allocation for bootp."
 msgstr "Autorise l'allocation dynamique d'adresse pour bootp."
 
 #
-#: option.c:449
+#: option.c:475
 msgid "Map MAC address (with wildcards) to option set."
 msgstr "Associe l'adresse MAC (avec les jokers) aux options."
 
-#: option.c:450
+#: option.c:476
 msgid "Treat DHCP requests on aliases as arriving from interface."
 msgstr "Traiter les requêtes DHCP sur les alias comme arrivant de l'interface."
 
-#: option.c:451
+#: option.c:477
 msgid "Specify extra networks sharing a broadcast domain for DHCP"
 msgstr ""
 
-#: option.c:452
+#: option.c:478
 msgid "Disable ICMP echo address checking in the DHCP server."
 msgstr "Supprime la vérification d'adresse sur le serveur au moyen de paquets ICMP echo"
 
-#: option.c:453
+#: option.c:479
 msgid "Shell script to run on DHCP lease creation and destruction."
 msgstr "Script shell à exécuter lors de la création ou destruction de bail DHCP."
 
-#: option.c:454
+#: option.c:480
 msgid "Lua script to run on DHCP lease creation and destruction."
 msgstr "Script Lua à exécuter lors de la création ou destruction de bail DHCP."
 
-#: option.c:455
+#: option.c:481
 msgid "Run lease-change scripts as this user."
 msgstr "Lancer le script 'lease-change' avec cet utilisateur."
 
-#: option.c:456
+#: option.c:482
 msgid "Call dhcp-script with changes to local ARP table."
 msgstr ""
 
-#: option.c:457
+#: option.c:483
 msgid "Read configuration from all the files in this directory."
 msgstr "Lecture de la configuration dans tous les fichiers de ce répertoire."
 
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr ""
+
 #
-#: option.c:458
+#: option.c:485
 msgid "Log to this syslog facility or file. (defaults to DAEMON)"
 msgstr "Enregistrer les journaux d'activité dans cette facilité syslog. (défaut : DAEMON)"
 
-#: option.c:459
+#: option.c:486
 msgid "Do not use leasefile."
 msgstr "Ne pas utiliser de fichier de baux."
 
-#: option.c:460
+#: option.c:487
 #, c-format
 msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
 msgstr "Spécifie le nombre maximum de requêtes DHCP concurrentes (par défaut : %s)."
 
-#: option.c:461
+#: option.c:488
 #, c-format
 msgid "Clear DNS cache when reloading %s."
 msgstr "Vider le cache DNS lors du rechargement de %s."
 
-#: option.c:462
+#: option.c:489
 msgid "Ignore hostnames provided by DHCP clients."
 msgstr "Ignorer les noms d'hôtes fournis par les clients DHCP"
 
-#: option.c:463
+#: option.c:490
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
 msgstr "Ne pas réutiliser les champs nom de fichier et serveur dans les options DHCP supplémentaires."
 
-#: option.c:464
+#: option.c:491
 msgid "Enable integrated read-only TFTP server."
 msgstr "Activer le server TFTP intégré (fonctionnant en lecture seulement)"
 
-#: option.c:465
+#: option.c:492
 msgid "Export files by TFTP only from the specified subtree."
 msgstr "N'exporter par TFTP que les fichiers de l'arborescence de fichier spécifiée"
 
-#: option.c:466
+#: option.c:493
 #, fuzzy
 msgid "Add client IP or hardware address to tftp-root."
 msgstr "Ajouter les adresses IP clientes à la racine tftp ('tftp-root')."
 
-#: option.c:467
+#: option.c:494
 msgid "Allow access only to files owned by the user running dnsmasq."
 msgstr "Accès aux seuls fichiers appartenants à l'utilisateur sous lequel tourne dnsmasq"
 
-#: option.c:468
+#: option.c:495
 msgid "Do not terminate the service if TFTP directories are inaccessible."
 msgstr ""
 
-#: option.c:469
+#: option.c:496
 #, fuzzy, c-format
 msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
 msgstr "Spécifie le nombre maximum de transfert TFTP concurrents (défaut : %s)."
 
-#: option.c:470
+#: option.c:497
 #, fuzzy
 msgid "Maximum MTU to use for TFTP transfers."
 msgstr "Spécifie le nombre maximum de transfert TFTP concurrents (défaut : %s)."
 
-#: option.c:471
+#: option.c:498
 msgid "Disable the TFTP blocksize extension."
 msgstr "Désactivation de l'extension TFTP « taille de bloc »"
 
-#: option.c:472
+#: option.c:499
 msgid "Convert TFTP filenames to lowercase"
 msgstr "Convertis les noms de fichiers TFTP en minuscule"
 
-#: option.c:473
+#: option.c:500
 msgid "Ephemeral port range for use by TFTP transfers."
 msgstr "Gamme de ports dans laquelle seront choisis les ports temporaires utilisés dans les transferts TFTP."
 
-#: option.c:474
+#: option.c:501
 msgid "Use only one port for TFTP server."
 msgstr ""
 
-#: option.c:475
+#: option.c:502
 msgid "Extra logging for DHCP."
 msgstr "Traces supplémentaires pour le DHCP."
 
-#: option.c:476
+#: option.c:503
 msgid "Enable async. logging; optionally set queue length."
 msgstr "Active l'écriture de traces en mode asynchrone. Peut prendre en option la valeur de la longueur de la queue."
 
-#: option.c:477
+#: option.c:504
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
 msgstr "Stopper la réassociation DNS ('DNS rebinding'). Filtre les gammes d'adresses IP privées lors de la résolution."
 
-#: option.c:478
+#: option.c:505
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
 msgstr "Autorise la réassociation de 127.0.0/8, pour les serveurs RBL (Realtime Blackhole List)"
 
-#: option.c:479
+#: option.c:506
 msgid "Inhibit DNS-rebind protection on this domain."
 msgstr "Désactive la protection contre les réassociation DNS pour ce domaine"
 
-#: option.c:480
+#: option.c:507
 msgid "Always perform DNS queries to all servers."
 msgstr "Toujours effectuer les requêtes DNS à tous les serveurs."
 
 #
-#: option.c:481
+#: option.c:508
 msgid "Set tag if client includes matching option in request."
 msgstr "Spécifie le label si le client inclus l'option dans la requête."
 
 #
-#: option.c:482
+#: option.c:509
 #, fuzzy
 msgid "Set tag if client provides given name."
 msgstr "Spécifie le label si le client inclus l'option dans la requête."
 
-#: option.c:483
+#: option.c:510
 msgid "Use alternative ports for DHCP."
 msgstr "Utiliser des ports alternatifs pour le DHCP."
 
 #
-#: option.c:484
+#: option.c:511
 msgid "Specify NAPTR DNS record."
 msgstr "Spécifie un champ DNS NAPTR."
 
-#: option.c:485
+#: option.c:512
 msgid "Specify lowest port available for DNS query transmission."
 msgstr "Définie le plus petit port utilisé pour la transmission d'une requête DNS."
 
-#: option.c:486
+#: option.c:513
 #, fuzzy
 msgid "Specify highest port available for DNS query transmission."
 msgstr "Définie le plus petit port utilisé pour la transmission d'une requête DNS."
 
-#: option.c:487
+#: option.c:514
 msgid "Use only fully qualified domain names for DHCP clients."
 msgstr "Utilise seulement les noms de domaine pleinement qualifiés pour les clients DHCP."
 
-#: option.c:488
+#: option.c:515
 msgid "Generate hostnames based on MAC address for nameless clients."
 msgstr "Génère les noms d'hôtes à partir de l'adresse MAC pour les clients sans nom."
 
-#: option.c:489
+#: option.c:516
 msgid "Use these DHCP relays as full proxies."
 msgstr "Utilise ces relais DHCP en temps que proxy complets."
 
-#: option.c:490
+#: option.c:517
 msgid "Relay DHCP requests to a remote server"
 msgstr "Requêtes de relais DHCP à un serveur distant"
 
-#: option.c:491
+#: option.c:518
 msgid "Specify alias name for LOCAL DNS name."
 msgstr "Spécifie un alias pour un nom DNS local."
 
 #
-#: option.c:492
+#: option.c:519
 msgid "Prompt to send to PXE clients."
 msgstr "Invite à envoyer aux clients PXE."
 
-#: option.c:493
+#: option.c:520
 msgid "Boot service for PXE menu."
 msgstr "Service de démarrage pour menu PXE."
 
-#: option.c:494
+#: option.c:521
 msgid "Check configuration syntax."
 msgstr "vérification de la syntaxe de la configuration."
 
-#: option.c:495
+#: option.c:522
 msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr "Ajoute l'adresse MAC du requêteur aux requêtes DNS transmises"
 
-#: option.c:496
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr ""
+
+#: option.c:524
 #, fuzzy
 msgid "Add specified IP subnet to forwarded DNS queries."
 msgstr "Ajoute l'adresse MAC du requêteur aux requêtes DNS transmises"
 
-#: option.c:497
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr ""
+
+#: option.c:526
 #, fuzzy
 msgid "Add client identification to forwarded DNS queries."
 msgstr "Ajoute l'adresse MAC du requêteur aux requêtes DNS transmises"
 
-#: option.c:498
+#: option.c:527
 msgid "Proxy DNSSEC validation results from upstream nameservers."
 msgstr "Copie dans la réponse DNS le résultat de la validation DNSSEC effectuée par les serveurs DNS amonts."
 
-#: option.c:499
+#: option.c:528
 msgid "Attempt to allocate sequential IP addresses to DHCP clients."
 msgstr "Essaie d'allouer des adresses IP séquentielles aux clients DHCP."
 
-#: option.c:500
+#: option.c:529
 #, fuzzy
 msgid "Ignore client identifier option sent by DHCP clients."
 msgstr "Ignorer les noms d'hôtes fournis par les clients DHCP"
 
-#: option.c:501
+#: option.c:530
 msgid "Copy connection-track mark from queries to upstream connections."
 msgstr "Copie les marques de suivi de connexion pour les requêtes amont."
 
-#: option.c:502
+#: option.c:531
 msgid "Allow DHCP clients to do their own DDNS updates."
 msgstr "Autoriser les clients DHCP à faire leurs propres mises à jour DDNS (Dynamic DNS)"
 
-#: option.c:503
+#: option.c:532
 msgid "Send router-advertisements for interfaces doing DHCPv6"
 msgstr "Envoyer des annonces de routeurs pour toutes les interfaces faisant du DHCPv6"
 
-#: option.c:504
+#: option.c:533
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
 msgstr "Spécifie pour le serveur DHCPv6 un identifiant unique DHCP (DUID) basé sur un numéro unique de vendeur (DUID_EN)"
 
-#: option.c:505
+#: option.c:534
 msgid "Specify host (A/AAAA and PTR) records"
 msgstr "Spécifie les enregistrements (A/AAAA et PTR) d'un hôte."
 
-#: option.c:506
+#: option.c:535
 msgid "Specify host record in interface subnet"
 msgstr ""
 
-#: option.c:507
+#: option.c:536
 msgid "Specify certification authority authorization record"
 msgstr ""
 
-#: option.c:508
+#: option.c:537
 msgid "Specify arbitrary DNS resource record"
 msgstr "Définie une resource DNS d'un type spécifique"
 
-#: option.c:509
+#: option.c:538
 msgid "Bind to interfaces in use - check for new interfaces"
 msgstr "Se lie aux interfaces préexistantes - vérifie l'apparition de nouvelles interfaces"
 
-#: option.c:510
+#: option.c:539
 msgid "Export local names to global DNS"
 msgstr "Exporte les noms locaux dans le DNS global"
 
-#: option.c:511
+#: option.c:540
 msgid "Domain to export to global DNS"
 msgstr "Domaine à exporter dans le DNS global"
 
-#: option.c:512
+#: option.c:541
 msgid "Set TTL for authoritative replies"
 msgstr "Configure la durée de vie (Time To Live) pour les réponses faisant autorité"
 
-#: option.c:513
+#: option.c:542
 #, fuzzy
 msgid "Set authoritative zone information"
 msgstr "Configure les informations pour une zone de nom faisant autorité"
 
-#: option.c:514
+#: option.c:543
 msgid "Secondary authoritative nameservers for forward domains"
 msgstr "Serveurs de noms secondaires faisant autorité pour les domaines délégués"
 
-#: option.c:515
+#: option.c:544
 msgid "Peers which are allowed to do zone transfer"
 msgstr "Pairs autorisés à faire des transferts de zone"
 
-#: option.c:516
+#: option.c:545
 msgid "Specify ipsets to which matching domains should be added"
 msgstr "Spécifie les ipsets auxquels les domaines correspondants doivent-être ajoutés"
 
-#: option.c:517
+#: option.c:546
+#, fuzzy
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr "Spécifie les ipsets auxquels les domaines correspondants doivent-être ajoutés"
+
+#: option.c:547
 msgid "Enable filtering of DNS queries with connection-track marks."
 msgstr ""
 
-#: option.c:518
+#: option.c:548
 msgid "Set allowed DNS patterns for a connection-track mark."
 msgstr ""
 
-#: option.c:519
+#: option.c:549
 #, fuzzy
 msgid "Specify a domain and address range for synthesised names"
 msgstr "Spécifie un domaine et une plage d'adresses pour les noms auto-générés"
 
-#: option.c:520
+#: option.c:550
 msgid "Activate DNSSEC validation"
 msgstr ""
 
-#: option.c:521
+#: option.c:551
 msgid "Specify trust anchor key digest."
 msgstr ""
 
-#: option.c:522
+#: option.c:552
 msgid "Disable upstream checking for DNSSEC debugging."
 msgstr ""
 
-#: option.c:523
+#: option.c:553
 msgid "Ensure answers without DNSSEC are in unsigned zones."
 msgstr ""
 
-#: option.c:524
+#: option.c:554
 msgid "Don't check DNSSEC signature timestamps until first cache-reload"
 msgstr ""
 
-#: option.c:525
+#: option.c:555
 msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr ""
 
-#: option.c:526
+#: option.c:556
 msgid "Set MTU, priority, resend-interval and router-lifetime"
 msgstr ""
 
-#: option.c:527
+#: option.c:557
 msgid "Do not log routine DHCP."
 msgstr ""
 
-#: option.c:528
+#: option.c:558
 msgid "Do not log routine DHCPv6."
 msgstr ""
 
-#: option.c:529
+#: option.c:559
 msgid "Do not log RA."
 msgstr ""
 
-#: option.c:530
+#: option.c:560
 msgid "Log debugging information."
 msgstr ""
 
-#: option.c:531
+#: option.c:561
 msgid "Accept queries only from directly-connected networks."
 msgstr ""
 
-#: option.c:532
+#: option.c:562
 msgid "Detect and remove DNS forwarding loops."
 msgstr ""
 
-#: option.c:533
+#: option.c:563
 msgid "Ignore DNS responses containing ipaddr."
 msgstr ""
 
-#: option.c:534
+#: option.c:564
 msgid "Set TTL in DNS responses with DHCP-derived addresses."
 msgstr ""
 
-#: option.c:535
+#: option.c:565
 msgid "Delay DHCP replies for at least number of seconds."
 msgstr ""
 
-#: option.c:536
+#: option.c:566
 msgid "Enables DHCPv4 Rapid Commit option."
 msgstr ""
 
-#: option.c:537
+#: option.c:567
 msgid "Path to debug packet dump file"
 msgstr ""
 
-#: option.c:538
+#: option.c:568
 msgid "Mask which packets to dump"
 msgstr ""
 
-#: option.c:539
+#: option.c:569
 msgid "Call dhcp-script when lease expiry changes."
 msgstr ""
 
-#: option.c:540
+#: option.c:570
 msgid "Send Cisco Umbrella identifiers including remote IP."
 msgstr ""
 
-#: option.c:541
+#: option.c:571
 msgid "Do not log routine TFTP."
 msgstr ""
 
-#: option.c:771
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
+#: option.c:802
 #, c-format
 msgid ""
 "Usage: dnsmasq [options]\n"
@@ -855,397 +911,445 @@ msgstr ""
 "Usage : dnsmasq [options]\n"
 "\n"
 
-#: option.c:773
+#: option.c:804
 #, c-format
 msgid "Use short options only on the command line.\n"
 msgstr "Utilisez les options courtes uniquement sur la ligne de commande.\n"
 
-#: option.c:775
+#: option.c:806
 #, c-format
 msgid "Valid options are:\n"
 msgstr "Les options valides sont :\n"
 
 #
-#: option.c:822 option.c:933
+#: option.c:853 option.c:1055
 msgid "bad address"
 msgstr "mauvaise adresse"
 
-#: option.c:847 option.c:851
+#: option.c:882 option.c:886
 msgid "bad port"
 msgstr "numéro de port incorrect"
 
-#: option.c:864 option.c:893 option.c:927
+#: option.c:899 option.c:1002 option.c:1048
 msgid "interface binding not supported"
 msgstr "association d'interface non supportée"
 
-#: option.c:888 option.c:922
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
 msgid "interface can only be specified once"
 msgstr ""
 
 #
-#: option.c:901 option.c:4362
+#: option.c:1011 option.c:4785
 msgid "bad interface name"
 msgstr "nom d'interface invalide"
 
-#: option.c:1192
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
+msgstr ""
+
+#: option.c:1124
+#, fuzzy
+msgid "bad IPv4 prefix length"
+msgstr "mauvais préfixe"
+
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr "erreur"
+
+#: option.c:1207
+#, fuzzy
+msgid "bad IPv6 prefix length"
+msgstr "mauvais préfixe"
+
+#: option.c:1467
 msgid "inappropriate vendor:"
 msgstr ""
 
-#: option.c:1199
+#: option.c:1474
 msgid "inappropriate encap:"
 msgstr ""
 
-#: option.c:1225
+#: option.c:1500
 msgid "unsupported encapsulation for IPv6 option"
 msgstr "encapsulation d'option non supportée pour IPv6"
 
-#: option.c:1239
+#: option.c:1514
 msgid "bad dhcp-option"
 msgstr "mauvaise valeur de 'dhcp-option'"
 
 #
-#: option.c:1317
+#: option.c:1592
 msgid "bad IP address"
 msgstr "mauvaise adresse IP"
 
 #
-#: option.c:1320 option.c:1459 option.c:3551
+#: option.c:1595 option.c:1734 option.c:3928
 msgid "bad IPv6 address"
 msgstr "mauvaise adresse IPv6"
 
 #
-#: option.c:1413
+#: option.c:1688
 #, fuzzy
 msgid "bad IPv4 address"
 msgstr "mauvaise adresse IPv6"
 
-#: option.c:1486 option.c:1581
+#: option.c:1761 option.c:1856
 msgid "bad domain in dhcp-option"
 msgstr "mauvais domaine dans dhcp-option"
 
-#: option.c:1625
+#: option.c:1900
 msgid "dhcp-option too long"
 msgstr "dhcp-option trop long"
 
-#: option.c:1632
+#: option.c:1907
 msgid "illegal dhcp-match"
 msgstr "valeur illégale pour 'dhcp-match'"
 
-#: option.c:1691
+#: option.c:1966
 msgid "illegal repeated flag"
 msgstr "Une option ne pouvant être spécifié qu'une seule fois à été donnée plusieurs fois"
 
-#: option.c:1699
+#: option.c:1974
 msgid "illegal repeated keyword"
 msgstr "Mot-clef ne pouvant être répété"
 
-#: option.c:1770 option.c:5080
+#: option.c:2056 option.c:5533
 #, c-format
 msgid "cannot access directory %s: %s"
 msgstr "Ne peut pas lire le répertoire %s : %s"
 
-#: option.c:1816 tftp.c:566 dump.c:68
+#: option.c:2102 tftp.c:573 dump.c:72
 #, c-format
 msgid "cannot access %s: %s"
 msgstr "Ne peut pas lire %s : %s"
 
-#: option.c:1931
+#: option.c:2219
 msgid "setting log facility is not possible under Android"
 msgstr "Sous android, impossible de positionner la cible (facility) pour les traces (logs)."
 
-#: option.c:1940
+#: option.c:2228
 msgid "bad log facility"
 msgstr "Mauvaise cible (facility) pour les traces."
 
-#: option.c:1993
+#: option.c:2281
 msgid "bad MX preference"
 msgstr "préference MX incorrecte"
 
-#: option.c:1998
+#: option.c:2289
 msgid "bad MX name"
 msgstr "nom MX incorrect"
 
-#: option.c:2012
+#: option.c:2304
 msgid "bad MX target"
 msgstr "valeur MX cible incorrecte"
 
-#: option.c:2032
+#: option.c:2324
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
 msgstr "recompiler en définissant HAVE_SCRIPT pour permettre l'exécution de scripts shell au changement de bail (lease-change)"
 
-#: option.c:2036
+#: option.c:2328
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
 msgstr "recompiler en définissant HAVE_LUASCRIPT pour permettre l'exécution de scripts LUA au changement de bail (lease-change)"
 
-#: option.c:2291 option.c:2327
+#
+#: option.c:2447
+#, fuzzy
+msgid "invalid auth-zone"
+msgstr "poids invalide"
+
+#: option.c:2589 option.c:2621
 #, fuzzy
 msgid "bad prefix length"
 msgstr "mauvais préfixe"
 
-#: option.c:2303 option.c:2348 option.c:2398
+#: option.c:2601 option.c:2642 option.c:2696
 msgid "bad prefix"
 msgstr "mauvais préfixe"
 
-#: option.c:2418
+#: option.c:2716
 #, fuzzy
 msgid "prefix length too small"
 msgstr "la taille de préfixe doit être au minimum 64"
 
-#: option.c:2697
+#: option.c:3010
 #, fuzzy
 msgid "Bad address in --address"
 msgstr "adresse déjà utilisée"
 
-#: option.c:2751
-#, fuzzy
-msgid "bad IPv4 prefix"
-msgstr "mauvais préfixe"
+#: option.c:3110
+msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+msgstr "recompiler en définissant HAVE_IPSET pour permettre l'utilisation de directives de groupes d'IP (IPset)"
 
-#: option.c:2756 option.c:3569
+#: option.c:3117
 #, fuzzy
-msgid "bad IPv6 prefix"
-msgstr "mauvais préfixe"
-
-#: option.c:2777
-msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
 msgstr "recompiler en définissant HAVE_IPSET pour permettre l'utilisation de directives de groupes d'IP (IPset)"
 
-#: option.c:2843 option.c:2861
+#: option.c:3192 option.c:3210
 #, fuzzy
 msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
 msgstr "recompiler en définissant HAVE_IPSET pour permettre l'utilisation de directives de groupes d'IP (IPset)"
 
 #
-#: option.c:3119
+#: option.c:3496
 msgid "bad port range"
 msgstr "gamme de ports incorrecte"
 
-#: option.c:3145
+#: option.c:3522
 msgid "bad bridge-interface"
 msgstr "interface-pont incorrecte"
 
-#: option.c:3189
+#: option.c:3566
 msgid "bad shared-network"
 msgstr ""
 
-#: option.c:3243
+#: option.c:3620
 msgid "only one tag allowed"
 msgstr "une seule étiquette est autorisée"
 
-#: option.c:3264 option.c:3280 option.c:3406 option.c:3414 option.c:3457
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
 msgid "bad dhcp-range"
 msgstr "plage d'adresses DHCP (dhcp-range) incorrecte"
 
-#: option.c:3298
+#: option.c:3675
 msgid "inconsistent DHCP range"
 msgstr "plage d'adresses DHCP incohérente"
 
-#: option.c:3364
+#: option.c:3741
 msgid "prefix length must be exactly 64 for RA subnets"
 msgstr "la taille du préfixe doit être exactement 64 pour les sous-réseaux d'annonces de routeurs (RA)"
 
-#: option.c:3366
+#: option.c:3743
 msgid "prefix length must be exactly 64 for subnet constructors"
 msgstr "la taille du préfixe doit être exactement 64 pour le constructeur de sous-réseaux"
 
-#: option.c:3369
+#: option.c:3746
 msgid "prefix length must be at least 64"
 msgstr "la taille de préfixe doit être au minimum 64"
 
-#: option.c:3372
+#: option.c:3749
 msgid "inconsistent DHCPv6 range"
 msgstr "plage d'adresses DHCPv6 incohérente"
 
-#: option.c:3391
+#: option.c:3768
 msgid "prefix must be zero with \"constructor:\" argument"
 msgstr "le préfixe doit avoir une taille de 0 lorsque l'argument \"constructor:\" est utilisé"
 
-#: option.c:3516 option.c:3594
+#: option.c:3893 option.c:3971
 msgid "bad hex constant"
 msgstr "mauvaise constante hexadecimale"
 
-#: option.c:3617
+#: option.c:3946
+#, fuzzy
+msgid "bad IPv6 prefix"
+msgstr "mauvais préfixe"
+
+#: option.c:3994
 #, c-format
 msgid "duplicate dhcp-host IP address %s"
 msgstr "adresse IP dhcp-host dupliquée dans %s."
 
 #
-#: option.c:3678
+#: option.c:4056
 msgid "bad DHCP host name"
 msgstr "nom d'hôte DHCP incorrect"
 
-#: option.c:3764
+#: option.c:4142
 msgid "bad tag-if"
 msgstr "mauvaise étiquette tag-if"
 
-#: option.c:4107 option.c:4623
+#: option.c:4490 option.c:5046
 msgid "invalid port number"
 msgstr "numéro de port invalide"
 
 #
-#: option.c:4163
+#: option.c:4546
 msgid "bad dhcp-proxy address"
 msgstr "adresse dhcp-proxy incorrecte"
 
-#: option.c:4204
+#: option.c:4627
 msgid "Bad dhcp-relay"
 msgstr "valeur incorrecte pour le relais DHCP (dhcp-relay)"
 
-#: option.c:4248
+#: option.c:4671
 msgid "bad RA-params"
 msgstr ""
 
-#: option.c:4258
+#: option.c:4681
 msgid "bad DUID"
 msgstr "mauvais identifiant unique DHCP (DUID)"
 
-#: option.c:4292
+#: option.c:4715
 #, fuzzy
 msgid "missing address in alias"
 msgstr "adresse non valide"
 
 #
-#: option.c:4298
+#: option.c:4721
 msgid "invalid alias range"
 msgstr "poids invalide"
 
-#: option.c:4347
+#: option.c:4770
 #, fuzzy
 msgid "missing address in dynamic host"
 msgstr "adresse non valide"
 
-#: option.c:4362
+#: option.c:4785
 #, fuzzy
 msgid "bad dynamic host"
 msgstr "Ne peut pas lire le répertoire %s : %s"
 
-#: option.c:4380 option.c:4396
+#: option.c:4803 option.c:4819
 msgid "bad CNAME"
 msgstr "mauvais CNAME"
 
-#: option.c:4404
+#: option.c:4827
 msgid "duplicate CNAME"
 msgstr "ce CNAME existe déja"
 
 #
-#: option.c:4431
+#: option.c:4854
 msgid "bad PTR record"
 msgstr "mauvais champ PTR"
 
 #
-#: option.c:4466
+#: option.c:4889
 msgid "bad NAPTR record"
 msgstr "mauvais champ NAPTR"
 
 #
-#: option.c:4502
+#: option.c:4925
 msgid "bad RR record"
 msgstr "mauvais enregistrement RR"
 
 #
-#: option.c:4535
+#: option.c:4958
 #, fuzzy
 msgid "bad CAA record"
 msgstr "mauvais enregistrement RR"
 
-#: option.c:4564
+#: option.c:4987
 msgid "bad TXT record"
 msgstr "champ TXT invalide"
 
-#: option.c:4607
+#: option.c:5030
 msgid "bad SRV record"
 msgstr "champ SRV invalide"
 
-#: option.c:4614
+#: option.c:5037
 msgid "bad SRV target"
 msgstr "cible SRV invalide"
 
-#: option.c:4633
+#: option.c:5056
 msgid "invalid priority"
 msgstr "priorité invalide"
 
-#: option.c:4638
+#: option.c:5061
 msgid "invalid weight"
 msgstr "poids invalide"
 
 #
-#: option.c:4661
+#: option.c:5084
 msgid "Bad host-record"
 msgstr "mauvais champ host-record"
 
-#: option.c:4700
+#: option.c:5123
 msgid "Bad name in host-record"
 msgstr "mauvais nom dans le champ host-record"
 
-#: option.c:4742
+#: option.c:5165
 msgid "bad value for dnssec-check-unsigned"
 msgstr ""
 
 #
-#: option.c:4778
+#: option.c:5201
 #, fuzzy
 msgid "bad trust anchor"
 msgstr "gamme de ports incorrecte"
 
-#: option.c:4794
+#: option.c:5217
 msgid "bad HEX in trust anchor"
 msgstr ""
 
-#: option.c:4805
+#: option.c:5228
 #, fuzzy
 msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
 msgstr "option non supportée (vérifier que Dnsmasq a été compilé avec le support DHCP/TFTP/DBus)"
 
-#: option.c:4865
+#: option.c:5290
 msgid "missing \""
 msgstr "il manque \""
 
-#: option.c:4922
+#: option.c:5347
 msgid "bad option"
 msgstr "mauvaise option"
 
-#: option.c:4924
+#: option.c:5349
 msgid "extraneous parameter"
 msgstr "paramètre en trop"
 
-#: option.c:4926
+#: option.c:5351
 msgid "missing parameter"
 msgstr "paramètre manquant"
 
-#: option.c:4928
+#: option.c:5353
 #, fuzzy
 msgid "illegal option"
 msgstr "mauvaise option"
 
-#: option.c:4935
-msgid "error"
-msgstr "erreur"
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
+msgstr ""
 
-#: option.c:4937
+#: option.c:5365
 #, c-format
 msgid " at line %d of %s"
 msgstr "à la ligne %d de %s"
 
-#: option.c:4952 option.c:5229 option.c:5240
+#: option.c:5380 option.c:5683 option.c:5694
 #, c-format
 msgid "read %s"
 msgstr "Lecture de %s"
 
-#: option.c:5015 option.c:5162 tftp.c:775
+#: option.c:5446
+#, fuzzy, c-format
+msgid "cannot execute %s: %s"
+msgstr "Ne peut pas lire %s : %s"
+
+#: option.c:5454 option.c:5615 tftp.c:790
 #, c-format
 msgid "cannot read %s: %s"
 msgstr "Ne peut pas lire %s : %s"
 
-#: option.c:5316
+#: option.c:5473
+#, fuzzy, c-format
+msgid "error executing %s: %s"
+msgstr "impossible d'exécuter à %s : %s"
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr ""
+
+#: option.c:5775
 msgid "junk found in command line"
 msgstr "la ligne de commande contient des éléments indésirables ou incompréhensibles"
 
-#: option.c:5356
+#: option.c:5815
 #, c-format
 msgid "Dnsmasq version %s  %s\n"
 msgstr "Version de Dnsmasq %s  %s\n"
 
-#: option.c:5357
+#: option.c:5816
 #, c-format
 msgid ""
 "Compile time options: %s\n"
@@ -1254,664 +1358,703 @@ msgstr ""
 "Options à la compilation %s\n"
 "\n"
 
-#: option.c:5358
+#: option.c:5817
 #, c-format
 msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
 msgstr "Ce logiciel est fourni sans AUCUNE GARANTIE.\n"
 
-#: option.c:5359
+#: option.c:5818
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
 msgstr "Dnsmasq est un logiciel libre, il vous est permis de le redistribuer\n"
 
-#: option.c:5360
+#: option.c:5819
 #, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
 msgstr "sous les termes de la licence GPL (GNU General Public License), version 2 ou 3.\n"
 
-#: option.c:5377
+#: option.c:5836
 msgid "try --help"
 msgstr "essayez avec --help"
 
-#: option.c:5379
+#: option.c:5838
 msgid "try -w"
 msgstr "essayez avec -w"
 
-#: option.c:5381
+#: option.c:5840
 #, c-format
 msgid "bad command line options: %s"
 msgstr "mauvaises options en ligne de commande : %s."
 
-#: option.c:5450
+#: option.c:5909
 #, c-format
 msgid "CNAME loop involving %s"
 msgstr ""
 
-#: option.c:5491
+#: option.c:5950
 #, c-format
 msgid "cannot get host-name: %s"
 msgstr "ne peut pas obtenir le nom de la machine : %s"
 
-#: option.c:5519
+#: option.c:5978
 msgid "only one resolv.conf file allowed in no-poll mode."
 msgstr "seul un fichier resolv.conf est autorisé dans le mode no-poll"
 
-#: option.c:5529
+#: option.c:5988
 msgid "must have exactly one resolv.conf to read domain from."
 msgstr "un fichier resolv.conf (et un seul) est nécessaire pour y récuperer le nom de domaine."
 
-#: option.c:5532 network.c:1670 dhcp.c:880
+#: option.c:5991 network.c:1727 dhcp.c:892
 #, c-format
 msgid "failed to read %s: %s"
 msgstr "impossible de lire %s : %s"
 
-#: option.c:5549
+#: option.c:6008
 #, c-format
 msgid "no search directive found in %s"
 msgstr "pas de directive de recherche trouvée dans %s"
 
-#: option.c:5570
+#: option.c:6029
 msgid "there must be a default domain when --dhcp-fqdn is set"
 msgstr "un domaine par défaut doit être spécifié lorsque l'option --dhcp-fqdn est utilisée"
 
-#: option.c:5579
+#: option.c:6038
 msgid "syntax check OK"
 msgstr "vérification de syntaxe OK"
 
-#: forward.c:104
+#: forward.c:107
 #, c-format
 msgid "failed to send packet: %s"
 msgstr "impossible d'envoyer le paquet : %s"
 
-#: forward.c:601
+#: forward.c:715
 msgid "discarding DNS reply: subnet option mismatch"
 msgstr ""
 
-#: forward.c:666
+#: forward.c:780
 #, c-format
 msgid "nameserver %s refused to do a recursive query"
 msgstr "le serveur de nom %s a refusé de faire une recherche récursive"
 
-#: forward.c:702
+#: forward.c:826
 #, c-format
 msgid "possible DNS-rebind attack detected: %s"
 msgstr "détection d'une possible attaque de type DNS-rebind: %s"
 
-#: forward.c:1074
+#: forward.c:1239
 #, c-format
 msgid "reducing DNS packet size for nameserver %s to %d"
 msgstr ""
 
-#: forward.c:1381 forward.c:1910
-msgid "Ignoring query from non-local network"
+#: forward.c:1565
+#, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
 msgstr ""
 
-#: forward.c:2198
+#: forward.c:2139
+#, c-format
+msgid "ignoring query from non-local network %s"
+msgstr ""
+
+#: forward.c:2501
 #, fuzzy, c-format
 msgid "failed to bind server socket to %s: %s"
 msgstr "impossible de lier la socket de serveur pour %s : %s"
 
-#: forward.c:2494
+#: forward.c:2867
 #, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
 msgstr "Nombre maximum de requêtes DNS concurrentes atteint (maximum : %d)."
 
-#: forward.c:2496
+#: forward.c:2869
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
 msgstr "Nombre maximum de requêtes DNS concurrentes atteint (maximum : %d)."
 
-#: network.c:670
+#: network.c:700
 #, c-format
 msgid "stopped listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:867
+#: network.c:911
 #, c-format
 msgid "failed to create listening socket for %s: %s"
 msgstr "impossible de créer une socket d'écoute pour %s : %s"
 
-#: network.c:1148
+#: network.c:1192
 #, c-format
 msgid "listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:1175
+#: network.c:1219
 #, fuzzy, c-format
 msgid "listening on %s port %d"
 msgstr "impossible d'envoyer %s à %s"
 
-#: network.c:1208
+#: network.c:1252
 #, c-format
 msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
 msgstr ""
 
-#: network.c:1215
+#: network.c:1259
 msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
 msgstr ""
 
-#: network.c:1224
+#: network.c:1268
 #, fuzzy, c-format
 msgid "warning: using interface %s instead"
 msgstr "attention : l'interface %s n'existe pas actuellement"
 
-#: network.c:1233
+#: network.c:1277
 #, fuzzy, c-format
 msgid "warning: no addresses found for interface %s"
 msgstr "utilise les adresses locales seulement pour %s %s"
 
-#: network.c:1291
+#: network.c:1335
 #, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
 msgstr "impossible de faire rejoindre l'interface %s dans le groupe multicast DHCPv6 %s"
 
-#: network.c:1296
+#: network.c:1340
 msgid "try increasing /proc/sys/net/core/optmem_max"
 msgstr ""
 
-#: network.c:1492
+#: network.c:1545
 #, c-format
 msgid "failed to bind server socket for %s: %s"
 msgstr "impossible de lier la socket de serveur pour %s : %s"
 
-#: network.c:1569
+#: network.c:1622
 #, c-format
 msgid "ignoring nameserver %s - local interface"
 msgstr "ignore le serveur de nom %s - interface locale"
 
-#: network.c:1580
+#: network.c:1633
 #, c-format
 msgid "ignoring nameserver %s - cannot make/bind socket: %s"
 msgstr "ignore le serveur de nom %s - ne peut construire/lier la socket : %m"
 
-#: network.c:1598
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr ""
+
+#: network.c:1654
 msgid "(no DNSSEC)"
 msgstr ""
 
-#: network.c:1601
+#: network.c:1657
 msgid "unqualified"
 msgstr "non-qualifié(e)"
 
-#: network.c:1601
+#: network.c:1657
 msgid "names"
 msgstr "noms"
 
-#: network.c:1603
+#: network.c:1659
 msgid "default"
 msgstr "défaut"
 
-#: network.c:1605
+#: network.c:1661
 msgid "domain"
 msgstr "domaine"
 
-#: network.c:1607
+#: network.c:1663
 #, fuzzy, c-format
 msgid "using nameserver %s#%d for %s %s%s %s"
 msgstr "utilise le serveur de nom %s#%d pour %s %s"
 
-#: network.c:1611
+#: network.c:1667
 #, fuzzy, c-format
 msgid "NOT using nameserver %s#%d - query loop detected"
 msgstr "utilise le serveur de nom %s#%d pour %s %s"
 
-#: network.c:1614
+#: network.c:1670
 #, c-format
 msgid "using nameserver %s#%d(via %s)"
 msgstr "utilise le serveur de nom %s#%d (via %s)"
 
-#: network.c:1616
+#: network.c:1672
 #, c-format
 msgid "using nameserver %s#%d"
 msgstr "utilise le serveur de nom %s#%d"
 
-#: network.c:1630
+#: network.c:1687
 #, fuzzy, c-format
 msgid "using only locally-known addresses for %s"
 msgstr "utilise les adresses locales seulement pour %s %s"
 
-#: network.c:1633
+#: network.c:1690
 #, fuzzy, c-format
 msgid "using standard nameservers for %s"
 msgstr "utilisation des serveurs de nom standards pour %s %s"
 
-#: network.c:1637
+#: network.c:1694
 #, fuzzy, c-format
 msgid "using %d more local addresses"
 msgstr "utilise le serveur de nom %s#%d"
 
-#: network.c:1639
+#: network.c:1696
 #, fuzzy, c-format
 msgid "using %d more nameservers"
 msgstr "utilise le serveur de nom %s#%d"
 
-#: dnsmasq.c:184
+#: dnsmasq.c:192
 msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
 msgstr ""
 
-#: dnsmasq.c:199
+#: dnsmasq.c:207
 msgid "no root trust anchor provided for DNSSEC"
 msgstr ""
 
-#: dnsmasq.c:202
+#: dnsmasq.c:210
 msgid "cannot reduce cache size from default when DNSSEC enabled"
 msgstr ""
 
-#: dnsmasq.c:204
+#: dnsmasq.c:212
 #, fuzzy
 msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
 msgstr "DBus n'est pas disponible : activez HAVE_DBUS dans src/config.h"
 
 #
-#: dnsmasq.c:210
+#: dnsmasq.c:218
 msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
 msgstr "TFTP n'est pas disponible : activez HAVE_TFTP dans src/config.h"
 
-#: dnsmasq.c:217
+#: dnsmasq.c:225
 #, fuzzy
 msgid "cannot use --conntrack AND --query-port"
 msgstr "impossible d'utiliser conjointement --conntrack et --query-port"
 
 #
-#: dnsmasq.c:223
+#: dnsmasq.c:231
 #, fuzzy
 msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
 msgstr "Support de suivi de connexion non disponible : activez HAVE_CONNTRACK dans src/config.h"
 
-#: dnsmasq.c:228
+#: dnsmasq.c:236
 msgid "asynchronous logging is not available under Solaris"
 msgstr "l'écriture de traces en mode asynchrone n'est pas disponible sous Solaris."
 
-#: dnsmasq.c:233
+#: dnsmasq.c:241
 msgid "asynchronous logging is not available under Android"
 msgstr "l'écriture de traces en mode asynchrone n'est pas disponible sous Android."
 
-#: dnsmasq.c:238
+#: dnsmasq.c:246
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
 msgstr "le mode « autorité DNS » n'est pas disponible : activez HAVE_AUTH dans src/config.h"
 
 #
-#: dnsmasq.c:243
+#: dnsmasq.c:251
 #, fuzzy
 msgid "loop detection not available: set HAVE_LOOP in src/config.h"
 msgstr "TFTP n'est pas disponible : activez HAVE_TFTP dans src/config.h"
 
-#: dnsmasq.c:248
+#: dnsmasq.c:256
 #, fuzzy
 msgid "Ubus not available: set HAVE_UBUS in src/config.h"
 msgstr "DBus n'est pas disponible : activez HAVE_DBUS dans src/config.h"
 
-#: dnsmasq.c:259
+#: dnsmasq.c:267
 msgid "max_port cannot be smaller than min_port"
 msgstr ""
 
-#: dnsmasq.c:266
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
 msgid "--auth-server required when an auth zone is defined."
 msgstr ""
 
-#: dnsmasq.c:271
+#: dnsmasq.c:283
 msgid "zone serial must be configured in --auth-soa"
 msgstr "le numéro de série de la zone doit être configuré dans --auth-soa"
 
-#: dnsmasq.c:291
+#: dnsmasq.c:303
 msgid "dhcp-range constructor not available on this platform"
 msgstr "le constructeur de plage dhcp n'est pas disponible sur cette plate-forme"
 
-#: dnsmasq.c:355
+#: dnsmasq.c:377
 msgid "cannot set --bind-interfaces and --bind-dynamic"
 msgstr "--bind-interfaces et --bind-dynamic sont mutuellement exclusives"
 
-#: dnsmasq.c:358
+#: dnsmasq.c:380
 #, c-format
 msgid "failed to find list of interfaces: %s"
 msgstr "impossible de trouver la liste des interfaces : %s"
 
-#: dnsmasq.c:367
+#: dnsmasq.c:389
 #, c-format
 msgid "unknown interface %s"
 msgstr "interface %s inconnue"
 
-#: dnsmasq.c:437
+#: dnsmasq.c:396
+#, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr "impossible de déclarer SO_BINDTODEVICE sur la socket DHCP : %s"
+
+#: dnsmasq.c:440
 #, fuzzy
 msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
 msgstr "DBus n'est pas disponible : activez HAVE_DBUS dans src/config.h"
 
-#: dnsmasq.c:445 dnsmasq.c:1207
+#: dnsmasq.c:448 dnsmasq.c:1232
 #, c-format
 msgid "DBus error: %s"
 msgstr "Erreur DBus : %s"
 
-#: dnsmasq.c:448
+#: dnsmasq.c:451
 msgid "DBus not available: set HAVE_DBUS in src/config.h"
 msgstr "DBus n'est pas disponible : activez HAVE_DBUS dans src/config.h"
 
-#: dnsmasq.c:456 dnsmasq.c:1228
+#: dnsmasq.c:459 dnsmasq.c:1253
 #, fuzzy, c-format
 msgid "UBus error: %s"
 msgstr "Erreur DBus : %s"
 
-#: dnsmasq.c:459
+#: dnsmasq.c:462
 #, fuzzy
 msgid "UBus not available: set HAVE_UBUS in src/config.h"
 msgstr "DBus n'est pas disponible : activez HAVE_DBUS dans src/config.h"
 
-#: dnsmasq.c:489
+#: dnsmasq.c:492
 #, c-format
 msgid "unknown user or group: %s"
 msgstr "utilisateur ou groupe inconnu : %s"
 
-#: dnsmasq.c:565
+#: dnsmasq.c:568
 #, c-format
 msgid "process is missing required capability %s"
 msgstr ""
 
-#: dnsmasq.c:597
+#: dnsmasq.c:600
 #, c-format
 msgid "cannot chdir to filesystem root: %s"
 msgstr "Ne peut effectuer un 'chdir' à la racine du système de fichier : %s"
 
-#: dnsmasq.c:845
+#: dnsmasq.c:852
 #, c-format
 msgid "started, version %s DNS disabled"
 msgstr "démarrage avec le DNS désactivé (version %s)"
 
-#: dnsmasq.c:850
+#: dnsmasq.c:857
 #, c-format
 msgid "started, version %s cachesize %d"
 msgstr "demarré, version %s (taille de cache %d)"
 
-#: dnsmasq.c:852
+#: dnsmasq.c:859
 msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
 msgstr ""
 
-#: dnsmasq.c:855
+#: dnsmasq.c:862
 #, c-format
 msgid "started, version %s cache disabled"
 msgstr "démarrage avec le cache désactivé (version %s)"
 
-#: dnsmasq.c:858
+#: dnsmasq.c:865
 msgid "DNS service limited to local subnets"
 msgstr ""
 
-#: dnsmasq.c:861
+#: dnsmasq.c:868
 #, c-format
 msgid "compile time options: %s"
 msgstr "options à la compilation : %s"
 
-#: dnsmasq.c:870
+#: dnsmasq.c:877
 msgid "DBus support enabled: connected to system bus"
 msgstr "Support DBus autorisé : connecté au bus système"
 
-#: dnsmasq.c:872
+#: dnsmasq.c:879
 msgid "DBus support enabled: bus connection pending"
 msgstr "Support DBus autorisé : connexion au bus en attente"
 
-#: dnsmasq.c:880
+#: dnsmasq.c:887
 #, fuzzy
 msgid "UBus support enabled: connected to system bus"
 msgstr "Support DBus autorisé : connecté au bus système"
 
-#: dnsmasq.c:882
+#: dnsmasq.c:889
 #, fuzzy
 msgid "UBus support enabled: bus connection pending"
 msgstr "Support DBus autorisé : connexion au bus en attente"
 
-#: dnsmasq.c:902
+#: dnsmasq.c:909
 msgid "DNSSEC validation enabled but all unsigned answers are trusted"
 msgstr ""
 
-#: dnsmasq.c:904
+#: dnsmasq.c:911
 msgid "DNSSEC validation enabled"
 msgstr ""
 
-#: dnsmasq.c:908
+#: dnsmasq.c:915
 msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
 msgstr ""
 
-#: dnsmasq.c:911
+#: dnsmasq.c:918
 msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr ""
 
-#: dnsmasq.c:914
+#: dnsmasq.c:921
 #, c-format
 msgid "configured with trust anchor for %s keytag %u"
 msgstr ""
 
-#: dnsmasq.c:920
+#: dnsmasq.c:927
 #, c-format
 msgid "warning: failed to change owner of %s: %s"
 msgstr "Impossible de changer pour l'utilisateur %s : %s"
 
-#: dnsmasq.c:924
+#: dnsmasq.c:932
 msgid "setting --bind-interfaces option because of OS limitations"
 msgstr "active l'option --bind-interfaces à cause de limitations dans le système d'exploitation"
 
-#: dnsmasq.c:936
+#: dnsmasq.c:945
 #, c-format
 msgid "warning: interface %s does not currently exist"
 msgstr "attention : l'interface %s n'existe pas actuellement"
 
-#: dnsmasq.c:941
+#: dnsmasq.c:950
 msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr "attention : l'option « resolv-file » sera ignorée car « no-resolv » a été spécifié"
 
 #
-#: dnsmasq.c:944
+#: dnsmasq.c:953
 msgid "warning: no upstream servers configured"
 msgstr "attention : aucun serveur amont n'est configuré"
 
-#: dnsmasq.c:948
+#: dnsmasq.c:957
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
 msgstr "mode asynchrone d'écriture de traces, la taille maximum de la queue est de %d messages."
 
-#: dnsmasq.c:969
+#: dnsmasq.c:978
 msgid "IPv6 router advertisement enabled"
 msgstr "annonces de routeur IPv6 activées"
 
-#: dnsmasq.c:974
+#: dnsmasq.c:983
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "root is "
 msgstr "root est"
 
 #
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "enabled"
 msgstr "activé"
 
-#: dnsmasq.c:993
+#: dnsmasq.c:1002
 msgid "secure mode"
 msgstr "mode sécurisé"
 
-#: dnsmasq.c:994
+#: dnsmasq.c:1003
 #, fuzzy
 msgid "single port mode"
 msgstr "numéro de port invalide"
 
-#: dnsmasq.c:997
+#: dnsmasq.c:1006
 #, c-format
 msgid "warning: %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1001
+#: dnsmasq.c:1010
 #, fuzzy, c-format
 msgid "warning: TFTP directory %s inaccessible"
 msgstr "répertoire TFTP %s inaccessible : %s"
 
-#: dnsmasq.c:1027
+#: dnsmasq.c:1036
 #, c-format
 msgid "restricting maximum simultaneous TFTP transfers to %d"
 msgstr "le nombre maximum de transferts TFTP simultanés sera restreint à %d"
 
-#: dnsmasq.c:1204
+#: dnsmasq.c:1095
+#, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr ""
+
+#: dnsmasq.c:1229
 msgid "connected to system DBus"
 msgstr "connecté au systeme DBus"
 
-#: dnsmasq.c:1225
+#: dnsmasq.c:1250
 #, fuzzy
 msgid "connected to system UBus"
 msgstr "connecté au systeme DBus"
 
-#: dnsmasq.c:1391
+#: dnsmasq.c:1416
 #, c-format
 msgid "cannot fork into background: %s"
 msgstr "Ne peut se lancer en tâche de fond : %s"
 
-#: dnsmasq.c:1395
+#: dnsmasq.c:1420
 #, c-format
 msgid "failed to create helper: %s"
 msgstr "impossible de créer le 'helper' : %s"
 
-#: dnsmasq.c:1399
+#: dnsmasq.c:1424
 #, c-format
 msgid "setting capabilities failed: %s"
 msgstr "impossible de configurer la capacité %s"
 
-#: dnsmasq.c:1403
+#: dnsmasq.c:1428
 #, c-format
 msgid "failed to change user-id to %s: %s"
 msgstr "Impossible de changer l'identifiant utilisateur pour %s : %s"
 
-#: dnsmasq.c:1407
+#: dnsmasq.c:1432
 #, c-format
 msgid "failed to change group-id to %s: %s"
 msgstr "Impossible de changer l'identifiant de groupe pour %s : %s"
 
-#: dnsmasq.c:1411
+#: dnsmasq.c:1436
 #, c-format
 msgid "failed to open pidfile %s: %s"
 msgstr "impossible de lire le fichier de PID %s : %s"
 
-#: dnsmasq.c:1415
+#: dnsmasq.c:1440
 #, c-format
 msgid "cannot open log %s: %s"
 msgstr "Ne peut ouvrir le fichier de log %s : %s"
 
 #
-#: dnsmasq.c:1419
+#: dnsmasq.c:1444
 #, c-format
 msgid "failed to load Lua script: %s"
 msgstr "impossible de charger le script Lua : %s"
 
-#: dnsmasq.c:1423
+#: dnsmasq.c:1448
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
 msgstr "répertoire TFTP %s inaccessible : %s"
 
-#: dnsmasq.c:1427
+#: dnsmasq.c:1452
 #, fuzzy, c-format
 msgid "cannot create timestamp file %s: %s"
 msgstr "ne peut ouvrir ou créer le fichiers de baux %s : %s"
 
-#: dnsmasq.c:1511
+#: dnsmasq.c:1536
 #, c-format
 msgid "script process killed by signal %d"
 msgstr "Le script a été terminé par le signal %d"
 
-#: dnsmasq.c:1515
+#: dnsmasq.c:1540
 #, c-format
 msgid "script process exited with status %d"
 msgstr "Le script s'est terminé avec le statut %d"
 
-#: dnsmasq.c:1519
+#: dnsmasq.c:1544
 #, c-format
 msgid "failed to execute %s: %s"
 msgstr "impossible d'exécuter à %s : %s"
 
-#: dnsmasq.c:1559
+#: dnsmasq.c:1584
 msgid "now checking DNSSEC signature timestamps"
 msgstr ""
 
-#: dnsmasq.c:1594 dnssec.c:160 dnssec.c:204
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
 #, fuzzy, c-format
 msgid "failed to update mtime on %s: %s"
 msgstr "impossible de lire le fichier de PID %s : %s"
 
-#: dnsmasq.c:1606
+#: dnsmasq.c:1631
 msgid "exiting on receipt of SIGTERM"
 msgstr "sortie sur réception du signal SIGTERM"
 
-#: dnsmasq.c:1634
+#: dnsmasq.c:1659
 #, c-format
 msgid "failed to access %s: %s"
 msgstr "impossible d'accéder à %s : %s"
 
-#: dnsmasq.c:1664
+#: dnsmasq.c:1690
 #, c-format
 msgid "reading %s"
 msgstr "Lecture de %s"
 
-#: dnsmasq.c:1675
+#: dnsmasq.c:1706
 #, c-format
 msgid "no servers found in %s, will retry"
 msgstr "aucun serveur trouvé dans %s, va réessayer"
 
-#: dhcp.c:53
+#: dhcp.c:51
 #, c-format
 msgid "cannot create DHCP socket: %s"
 msgstr "ne peut créer la socket DHCP: %s"
 
-#: dhcp.c:68
+#: dhcp.c:66
 #, c-format
 msgid "failed to set options on DHCP socket: %s"
 msgstr "impossible d'appliquer les options sur la socket DHCP : %s"
 
-#: dhcp.c:89
+#: dhcp.c:87
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
 msgstr "impossible de déclarer SO_REUSE{ADDR|PORT} sur la socket DHCP : %s"
 
-#: dhcp.c:101
+#: dhcp.c:99
 #, c-format
 msgid "failed to bind DHCP server socket: %s"
 msgstr "impossible de lier la socket serveur DHCP : %s"
 
-#: dhcp.c:127
+#: dhcp.c:125
 #, c-format
 msgid "cannot create ICMP raw socket: %s."
 msgstr "ne peut créer de socket en mode raw pour ICMP : %s."
 
-#: dhcp.c:252 dhcp6.c:180
+#: dhcp.c:254 dhcp6.c:186
 #, c-format
 msgid "unknown interface %s in bridge-interface"
 msgstr "interface %s inconnue spécifiée comme interface de pont"
 
-#: dhcp.c:293
+#: dhcp.c:295
 #, c-format
 msgid "DHCP packet received on %s which has no address"
 msgstr "Paquet DHCP reçu sur %s qui n'a pas d'adresse"
 
-#: dhcp.c:428
+#: dhcp.c:429
 #, c-format
 msgid "ARP-cache injection failed: %s"
 msgstr ""
 
-#: dhcp.c:473
+#: dhcp.c:490
 #, c-format
 msgid "Error sending DHCP packet to %s: %s"
 msgstr ""
 
-#: dhcp.c:530
+#: dhcp.c:547
 #, c-format
 msgid "DHCP range %s -- %s is not consistent with netmask %s"
 msgstr "La plage d'adresses DHCP %s -- %s n'est pas cohérente avec le masque de réseau %s"
 
-#: dhcp.c:918
+#: dhcp.c:930
 #, c-format
 msgid "bad line at %s line %d"
 msgstr "mauvaise ligne dans %s ligne %d"
 
-#: dhcp.c:961
+#: dhcp.c:973
 #, c-format
 msgid "ignoring %s line %d, duplicate name or IP address"
 msgstr "ignore %s à la ligne %d : duplication de nom ou d'adresse IP"
 
-#: dhcp.c:1105 rfc3315.c:2182
+#: dhcp.c:1034
+#, c-format
+msgid "read %s - %d addresses"
+msgstr "lecture %s - %d adresses"
+
+#: dhcp.c:1136
+#, fuzzy, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr "Impossible de faire du multicast au server DHCPv6 sans interface valide"
+
+#: dhcp.c:1160
 #, c-format
-msgid "DHCP relay %s -> %s"
+msgid "broadcast via %s"
+msgstr ""
+
+#: dhcp.c:1163 rfc3315.c:2219
+#, fuzzy, c-format
+msgid "DHCP relay at %s -> %s"
 msgstr "Relais DHCP %s -> %s"
 
 #: lease.c:64
@@ -1981,7 +2124,7 @@ msgstr "pas de plage d'adresse disponible pour la requ
 msgid "%u available DHCP subnet: %s/%s"
 msgstr "%u sous-réseaux DHCP disponibles : %s/%s"
 
-#: rfc2131.c:409 rfc3315.c:319
+#: rfc2131.c:409 rfc3315.c:320
 #, c-format
 msgid "%u available DHCP range: %s -- %s"
 msgstr "%u la gamme DHCP disponible est : %s -- %s"
@@ -2000,12 +2143,12 @@ msgstr "%u Classe d'utilisateur : %s"
 msgid "disabled"
 msgstr "désactivé"
 
-#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1532 rfc3315.c:632 rfc3315.c:815
-#: rfc3315.c:1121
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
 msgid "ignored"
 msgstr "ignoré"
 
-#: rfc2131.c:613 rfc2131.c:1333 rfc3315.c:867
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
 msgid "address in use"
 msgstr "adresse déjà utilisée"
 
@@ -2013,7 +2156,7 @@ msgstr "adresse d
 msgid "no address available"
 msgstr "pas d'adresse disponible"
 
-#: rfc2131.c:634 rfc2131.c:1295
+#: rfc2131.c:634 rfc2131.c:1302
 msgid "wrong network"
 msgstr "mauvais réseau"
 
@@ -2021,11 +2164,11 @@ msgstr "mauvais r
 msgid "no address configured"
 msgstr "pas d'adresse configurée"
 
-#: rfc2131.c:655 rfc2131.c:1346
+#: rfc2131.c:655 rfc2131.c:1353
 msgid "no leases left"
 msgstr "plus aucun bail disponible"
 
-#: rfc2131.c:756 rfc3315.c:499
+#: rfc2131.c:756 rfc3315.c:500
 #, c-format
 msgid "%u client provides name: %s"
 msgstr "le client %u fourni le nom : %s"
@@ -2034,7 +2177,7 @@ msgstr "le client %u fourni le nom : %s"
 msgid "PXE BIS not supported"
 msgstr "Service PXE BIS (Boot Integrity Services) non supporté"
 
-#: rfc2131.c:1054 rfc3315.c:1222
+#: rfc2131.c:1054 rfc3315.c:1223
 #, c-format
 msgid "disabling DHCP static address %s for %s"
 msgstr "désactive l'adresse statique DHCP %s pour %s"
@@ -2058,108 +2201,108 @@ msgstr "L'adresse statique %s ne sera pas utilis
 msgid "not using configured address %s because it was previously declined"
 msgstr "L'adresse statique %s ne sera pas utilisée car elle a préalablement été refusée"
 
-#: rfc2131.c:1139 rfc2131.c:1339
+#: rfc2131.c:1139 rfc2131.c:1346
 msgid "no unique-id"
 msgstr "pas d'identifiant unique"
 
-#: rfc2131.c:1231
+#: rfc2131.c:1238
 msgid "wrong server-ID"
 msgstr "mauvais identifiant de serveur"
 
-#: rfc2131.c:1250
+#: rfc2131.c:1257
 msgid "wrong address"
 msgstr "mauvaise adresse"
 
-#: rfc2131.c:1268 rfc3315.c:975
+#: rfc2131.c:1275 rfc3315.c:976
 msgid "lease not found"
 msgstr "bail non trouvé"
 
-#: rfc2131.c:1303
+#: rfc2131.c:1310
 msgid "address not available"
 msgstr "adresse non disponible"
 
-#: rfc2131.c:1314
+#: rfc2131.c:1321
 msgid "static lease available"
 msgstr "bail statique disponible"
 
-#: rfc2131.c:1318
+#: rfc2131.c:1325
 msgid "address reserved"
 msgstr "adresse reservée"
 
-#: rfc2131.c:1327
+#: rfc2131.c:1334
 #, c-format
 msgid "abandoning lease to %s of %s"
 msgstr "abandon du bail de %s pour %s"
 
-#: rfc2131.c:1866
+#: rfc2131.c:1870
 #, c-format
 msgid "%u bootfile name: %s"
 msgstr "%u nom de fichier 'bootfile' : %s"
 
-#: rfc2131.c:1875
+#: rfc2131.c:1879
 #, c-format
 msgid "%u server name: %s"
 msgstr "%u nom du serveur : %s"
 
-#: rfc2131.c:1885
+#: rfc2131.c:1889
 #, c-format
 msgid "%u next server: %s"
 msgstr "%u serveur suivant : %s"
 
-#: rfc2131.c:1889
+#: rfc2131.c:1893
 #, c-format
 msgid "%u broadcast response"
 msgstr "%u réponse broadcast"
 
-#: rfc2131.c:1952
+#: rfc2131.c:1956
 #, c-format
 msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
 msgstr "Impossible d'envoyer l'option DHCP/BOOTP %d : pas assez d'espace dans le paquet"
 
-#: rfc2131.c:2262
+#: rfc2131.c:2267
 msgid "PXE menu too large"
 msgstr "menu PXE trop grand"
 
-#: rfc2131.c:2425 rfc3315.c:1511
+#: rfc2131.c:2430 rfc3315.c:1517
 #, c-format
 msgid "%u requested options: %s"
 msgstr "%u options demandées : %s"
 
-#: rfc2131.c:2742
+#: rfc2131.c:2747
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
 msgstr "ne peux envoyer l'option RFC3925 : trop d'options pour le numéro d'entreprise %d"
 
-#: rfc2131.c:2805
+#: rfc2131.c:2810
 #, c-format
 msgid "%u reply delay: %d"
 msgstr ""
 
-#: netlink.c:93
+#: netlink.c:86
 #, c-format
 msgid "cannot create netlink socket: %s"
 msgstr "ne peux lier une socket netlink : %s"
 
-#: netlink.c:377
+#: netlink.c:379
 #, c-format
 msgid "netlink returns error: %s"
 msgstr "Erreur netlink : %s"
 
-#: dbus.c:434
+#: dbus.c:491
 #, c-format
 msgid "Enabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:439
+#: dbus.c:496
 #, c-format
 msgid "Disabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:713
+#: dbus.c:857
 msgid "setting upstream servers from DBus"
 msgstr "configuration des serveurs amonts à partir de DBus"
 
-#: dbus.c:760
+#: dbus.c:907
 msgid "could not register a DBus message handler"
 msgstr "ne peut enregistrer une routine de traitement des messages DBus"
 
@@ -2186,51 +2329,51 @@ msgstr ""
 msgid "lease() function missing in Lua script"
 msgstr "la fonction lease() est absente du script Lua"
 
-#: tftp.c:349
+#: tftp.c:353
 msgid "unable to get free port for TFTP"
 msgstr "impossible d'obtenir un port libre pour TFTP"
 
-#: tftp.c:365
+#: tftp.c:369
 #, c-format
 msgid "unsupported request from %s"
 msgstr "requête de %s non supportée"
 
-#: tftp.c:512
+#: tftp.c:520
 #, c-format
-msgid "file %s not found"
-msgstr "fichier %s non trouvé"
+msgid "file %s not found for %s"
+msgstr "fichier %s non trouvé pour %s"
 
-#: tftp.c:602
+#: tftp.c:609
 #, c-format
 msgid "ignoring packet from %s (TID mismatch)"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "failed sending %s to %s"
 msgstr "impossible d'envoyer %s à %s"
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "sent %s to %s"
 msgstr "envoyé %s à %s"
 
-#: tftp.c:696
+#: tftp.c:712
 #, c-format
 msgid "error %d %s received from %s"
 msgstr "erreur %d %s reçu de %s"
 
-#: log.c:190
+#: log.c:203
 #, c-format
 msgid "overflow: %d log entries lost"
 msgstr "débordement : %d traces perdues"
 
-#: log.c:268
+#: log.c:281
 #, c-format
 msgid "log failed: %s"
 msgstr "trace perdue : %s"
 
-#: log.c:477
+#: log.c:490
 msgid "FAILED to start up"
 msgstr "IMPOSSIBLE de démarrer"
 
@@ -2239,17 +2382,17 @@ msgstr "IMPOSSIBLE de d
 msgid "Conntrack connection mark retrieval failed: %s"
 msgstr "La récupération de la marque de suivi de connexion a échoué : %s"
 
-#: dhcp6.c:52
+#: dhcp6.c:51
 #, c-format
 msgid "cannot create DHCPv6 socket: %s"
 msgstr "ne peut créer la socket DHCPv6: %s"
 
-#: dhcp6.c:73
+#: dhcp6.c:72
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
 msgstr "impossible de déclarer SO_REUSE{ADDR|PORT} sur la socket DHCPv6 : %s"
 
-#: dhcp6.c:85
+#: dhcp6.c:84
 #, c-format
 msgid "failed to bind DHCPv6 server socket: %s"
 msgstr "impossible de lier la socket serveur DHCPv6 : %s"
@@ -2264,145 +2407,151 @@ msgstr "pas de plage d'adresse disponible pour la requ
 msgid "no address range available for DHCPv6 request via %s"
 msgstr "pas de plage d'adresse disponible pour la requête DHCPv6 via %s"
 
-#: rfc3315.c:316
+#: rfc3315.c:317
 #, c-format
 msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr "%u sous-réseaux DHCPv6 disponibles : %s/%d"
 
-#: rfc3315.c:399
+#: rfc3315.c:400
 #, c-format
 msgid "%u vendor class: %u"
 msgstr "%u Classe de vendeur ('Vendor Class') : %u"
 
-#: rfc3315.c:447
+#: rfc3315.c:448
 #, c-format
 msgid "%u client MAC address: %s"
 msgstr "%u MAC adresse du client : %s"
 
-#: rfc3315.c:762 rfc3315.c:859
+#: rfc3315.c:763 rfc3315.c:860
 msgid "address unavailable"
 msgstr "adresse non disponible"
 
-#: rfc3315.c:774 rfc3315.c:903 rfc3315.c:1272
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
 msgid "success"
 msgstr "réussi"
 
-#: rfc3315.c:789 rfc3315.c:798 rfc3315.c:911 rfc3315.c:913 rfc3315.c:1047
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
 msgid "no addresses available"
 msgstr "pas d'adresse disponible"
 
-#: rfc3315.c:890
+#: rfc3315.c:891
 msgid "not on link"
 msgstr "pas sur ce lien"
 
-#: rfc3315.c:979 rfc3315.c:1180 rfc3315.c:1261
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
 msgid "no binding found"
 msgstr "aucune liaison trouvée"
 
-#: rfc3315.c:1016
+#: rfc3315.c:1017
 msgid "deprecated"
 msgstr "obsolète"
 
-#: rfc3315.c:1023
+#: rfc3315.c:1024
 msgid "address invalid"
 msgstr "adresse non valide"
 
-#: rfc3315.c:1081 rfc3315.c:1083
+#: rfc3315.c:1082 rfc3315.c:1084
 msgid "confirm failed"
 msgstr "confirmation d'échec"
 
-#: rfc3315.c:1098
+#: rfc3315.c:1099
 msgid "all addresses still on link"
 msgstr "toutes les adresses sont toujours sur le lien"
 
-#: rfc3315.c:1189
+#: rfc3315.c:1190
 msgid "release received"
 msgstr "libération reçue"
 
-#: rfc3315.c:2173
-msgid "Cannot multicast to DHCPv6 server without correct interface"
+#: rfc3315.c:2200
+#, fuzzy, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
 msgstr "Impossible de faire du multicast au server DHCPv6 sans interface valide"
 
-#: dhcp-common.c:154
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
+msgstr ""
+
+#: dhcp-common.c:187
 #, c-format
 msgid "Ignoring duplicate dhcp-option %d"
 msgstr "L'option dhcp-option redondante %d sera ignorée"
 
-#: dhcp-common.c:231
+#: dhcp-common.c:264
 #, c-format
 msgid "%u tags: %s"
 msgstr "%u options: %s"
 
-#: dhcp-common.c:451
+#: dhcp-common.c:484
 #, c-format
 msgid "%s has more than one address in hostsfile, using %s for DHCP"
 msgstr "%s a plus d'une adresse dans le fichier d'hôte, utilisation de %s pour le DHCP."
 
-#: dhcp-common.c:485
+#: dhcp-common.c:518
 #, c-format
 msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr "adresse IP %s (%s) dupliquée dans la directive dhcp-config."
 
-#: dhcp-common.c:549
-#, c-format
-msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr "impossible de déclarer SO_BINDTODEVICE sur la socket DHCP : %s"
-
-#: dhcp-common.c:672
+#: dhcp-common.c:738
 #, c-format
 msgid "Known DHCP options:\n"
 msgstr "Options DHCP connues :\n"
 
-#: dhcp-common.c:683
+#: dhcp-common.c:749
 #, c-format
 msgid "Known DHCPv6 options:\n"
 msgstr "Options DHCPv6 connues :\n"
 
-#: dhcp-common.c:880
+#: dhcp-common.c:946
 msgid ", prefix deprecated"
 msgstr ", préfixe obsolète"
 
-#: dhcp-common.c:883
+#: dhcp-common.c:949
 #, c-format
 msgid ", lease time "
 msgstr ", durée de bail "
 
-#: dhcp-common.c:925
+#: dhcp-common.c:991
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
 msgstr "%s sans état (stateless) sur %s%.0s%.0s%s"
 
-#: dhcp-common.c:927
+#: dhcp-common.c:993
 #, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
 msgstr "%s, baux statiques seulement sur %.0s%s%s%.0s"
 
-#: dhcp-common.c:929
+#: dhcp-common.c:995
 #, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
 msgstr "%s, proxy sur le sous-réseau %.0s%s%.0s"
 
-#: dhcp-common.c:930
+#: dhcp-common.c:996
 #, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
 msgstr "%s, plage d'adresses IP %s -- %s%s%.0s"
 
-#: dhcp-common.c:943
+#: dhcp-common.c:1009
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
 msgstr "noms IPv6 dérivés de DHCPv4 sur %s%s"
 
-#: dhcp-common.c:946
+#: dhcp-common.c:1012
 #, c-format
 msgid "router advertisement on %s%s"
 msgstr "annonces de routeurs sur %s%s"
 
-#: dhcp-common.c:957
+#: dhcp-common.c:1043
+#, fuzzy, c-format
+msgid "DHCP relay from %s via %s"
+msgstr "Relais DHCP de %s à %s"
+
+#: dhcp-common.c:1045
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
 msgstr "Relais DHCP de %s à %s via %s"
 
-#: dhcp-common.c:959
+#: dhcp-common.c:1048
 #, c-format
 msgid "DHCP relay from %s to %s"
 msgstr "Relais DHCP de %s à %s"
@@ -2412,7 +2561,7 @@ msgstr "Relais DHCP de %s 
 msgid "cannot create ICMPv6 socket: %s"
 msgstr "ne peut créer la socket ICMPv6: %s"
 
-#: auth.c:464
+#: auth.c:462
 #, c-format
 msgid "ignoring zone transfer request from %s"
 msgstr "la requête de transfert de zone en provenance de %s est ignorée"
@@ -2524,14 +2673,14 @@ msgstr ""
 msgid "system time considered valid, now checking DNSSEC signature timestamps."
 msgstr ""
 
-#: dnssec.c:1014
+#: dnssec.c:1018
 #, c-format
 msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
 msgstr ""
 
 #: blockdata.c:55
 #, c-format
-msgid "pool memory in use %u, max %u, allocated %u"
+msgid "pool memory in use %zu, max %zu, allocated %zu"
 msgstr ""
 
 #: tables.c:61
@@ -2594,39 +2743,59 @@ msgstr ""
 msgid "directory %s for resolv-file is missing, cannot poll"
 msgstr ""
 
-#: inotify.c:131 inotify.c:168
+#: inotify.c:131 inotify.c:200
 #, fuzzy, c-format
 msgid "failed to create inotify for %s: %s"
 msgstr "impossible de créer une socket d'écoute pour %s : %s"
 
-#: inotify.c:153
+#: inotify.c:178 inotify.c:185
 #, fuzzy, c-format
 msgid "bad dynamic directory %s: %s"
 msgstr "Ne peut pas lire le répertoire %s : %s"
 
-#: inotify.c:257
+#: inotify.c:186
+#, fuzzy
+msgid "not a directory"
+msgstr "Ne peut pas lire le répertoire %s : %s"
+
+#: inotify.c:299
 #, c-format
-msgid "inotify, new or changed file %s"
+msgid "inotify: %s removed"
 msgstr ""
 
-#: dump.c:64
+#: inotify.c:301
+#, c-format
+msgid "inotify: %s new or modified"
+msgstr ""
+
+#: inotify.c:309
+#, c-format
+msgid "inotify: flushed %u names read from %s"
+msgstr ""
+
+#: dump.c:68
 #, fuzzy, c-format
 msgid "cannot create %s: %s"
 msgstr "Ne peut pas lire %s : %s"
 
-#: dump.c:70
+#: dump.c:74
 #, fuzzy, c-format
 msgid "bad header in %s"
 msgstr "adresse déjà utilisée"
 
-#: dump.c:205
+#: dump.c:287
 #, fuzzy
 msgid "failed to write packet dump"
 msgstr "impossible d'envoyer le paquet : %s"
 
-#: dump.c:207
+#: dump.c:289
 #, c-format
-msgid "dumping UDP packet %u mask 0x%04x"
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr ""
+
+#: dump.c:291
+#, c-format
+msgid "dumping packet %u mask 0x%04x"
 msgstr ""
 
 #: ubus.c:79
@@ -2660,6 +2829,15 @@ msgstr ""
 msgid "Failed to create SHA-256 hash object"
 msgstr ""
 
+#: nftset.c:35
+#, fuzzy
+msgid "failed to create nftset context"
+msgstr "impossible de créer une socket de contrôle IPset : %s"
+
+#, fuzzy
+#~ msgid "bad IPv4 prefix"
+#~ msgstr "mauvais préfixe"
+
 #, fuzzy
 #~ msgid "Cannot add object to UBus: %s"
 #~ msgstr "Ne peut ouvrir le fichier de log %s : %s"
diff --git a/po/id.po b/po/id.po
index 11aa042..e7b0c78 100644
--- a/po/id.po
+++ b/po/id.po
@@ -15,79 +15,84 @@ msgstr ""
 "Content-Type: text/plain; charset=ASCII\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: cache.c:572
+#: cache.c:652
 msgid "Internal error in cache."
 msgstr ""
 
 # OK
-#: cache.c:1094
+#: cache.c:1179
 #, fuzzy, c-format
 msgid "failed to load names from %s: %s"
 msgstr "gagal memuat nama-nama dari %s: %s"
 
 # OK
-#: cache.c:1116 dhcp.c:931
+#: cache.c:1201 dhcp.c:943
 #, fuzzy, c-format
 msgid "bad address at %s line %d"
 msgstr "kesalahan nama pada %s baris %d"
 
 # OK
-#: cache.c:1169 dhcp.c:947
+#: cache.c:1254 dhcp.c:959
 #, c-format
 msgid "bad name at %s line %d"
 msgstr "kesalahan nama pada %s baris %d"
 
 # OK
-#: cache.c:1180 dhcp.c:1022
-#, c-format
-msgid "read %s - %d addresses"
+#: cache.c:1265
+#, fuzzy, c-format
+msgid "read %s - %d names"
 msgstr "membaca %s - %d alamat"
 
 # OK
-#: cache.c:1296
+#: cache.c:1381
 msgid "cleared cache"
 msgstr "cache telah dihapus"
 
-#: cache.c:1358
+#: cache.c:1445
 #, c-format
 msgid "No IPv4 address found for %s"
 msgstr ""
 
-#: cache.c:1404
+#: cache.c:1491
 #, c-format
 msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
 msgstr ""
 
 # OK
-#: cache.c:1428
+#: cache.c:1515
 #, c-format
 msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
 msgstr "tidak memberikan nama %s kepada lease DHCP %s karena nama telah ada dalam %sdengan alamat %s"
 
-#: cache.c:1674
+#: cache.c:1760
 #, c-format
 msgid "time %lu"
 msgstr ""
 
 # OK
-#: cache.c:1675
+#: cache.c:1761
 #, fuzzy, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
 msgstr "ukuran cache %d, %d/%d penyisipan cache menimpa cache yang belum kadaluwarsa"
 
-#: cache.c:1677
+#: cache.c:1763
 #, c-format
 msgid "queries forwarded %u, queries answered locally %u"
 msgstr ""
 
-#: cache.c:1680
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
 #, c-format
 msgid "queries for authoritative zones %u"
 msgstr ""
 
-#: cache.c:1702
+#: cache.c:1796
 #, c-format
-msgid "server %s#%d: queries sent %u, retried or failed %u"
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
 msgstr ""
 
 # OK
@@ -97,847 +102,899 @@ msgid "failed to seed the random number generator: %s"
 msgstr "gagal mendengarkan di socket: %s"
 
 # OK
-#: util.c:228
+#: util.c:246
 #, fuzzy
 msgid "failed to allocate memory"
 msgstr "gagal memuat %S: %m"
 
 # OK
-#: util.c:285 option.c:665
+#: util.c:305 option.c:696
 msgid "could not get memory"
 msgstr "tidak bisa mendapatkan memory"
 
 # OK
-#: util.c:306
+#: util.c:326
 #, fuzzy, c-format
 msgid "cannot create pipe: %s"
 msgstr "tidak bisa membaca %s: %s"
 
 # OK
-#: util.c:314
+#: util.c:334
 #, fuzzy, c-format
 msgid "failed to allocate %d bytes"
 msgstr "gagal memuat %S: %m"
 
 # OK
-#: util.c:520
+#: util.c:344
+#, fuzzy, c-format
+msgid "failed to reallocate %d bytes"
+msgstr "gagal memuat %S: %m"
+
+# OK
+#: util.c:465
+#, fuzzy, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr "tidak bisa mem-bind netlink socket: %s"
+
+# OK
+#: util.c:579
 #, c-format
 msgid "infinite"
 msgstr "tak terbatas"
 
 # OK
-#: util.c:808
+#: util.c:867
 #, fuzzy, c-format
 msgid "failed to find kernel version: %s"
 msgstr "gagal mem-bind socket server DHCP: %s"
 
 # OK
-#: option.c:372
+#: option.c:393
 msgid "Specify local address(es) to listen on."
 msgstr "Tentukan alamat lokal untuk mendengarkan."
 
 # OK
-#: option.c:373
+#: option.c:394
 msgid "Return ipaddr for all hosts in specified domains."
 msgstr "Menghasilkan ipaddr untuk semua host dalam domain yang dipilih."
 
 # OK
-#: option.c:374
+#: option.c:395
 msgid "Fake reverse lookups for RFC1918 private address ranges."
 msgstr "Fake pencarian balik untuk alamat private sesuai dengan RFC1918."
 
 # OK
-#: option.c:375
+#: option.c:396
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
 msgstr "Perlakukan ipaddr sebagai NXDOMAIN (mengalahkan wildcard Verisign)."
 
 # OK
-#: option.c:376
+#: option.c:397
 #, c-format
 msgid "Specify the size of the cache in entries (defaults to %s)."
 msgstr "Tentukan ukuran cache, dalam jumlah isian (default %s)."
 
 # OK
-#: option.c:377
+#: option.c:398
 #, c-format
 msgid "Specify configuration file (defaults to %s)."
 msgstr "Tentukan file konfigurasi (default %s)."
 
 # OK
-#: option.c:378
+#: option.c:399
 msgid "Do NOT fork into the background: run in debug mode."
 msgstr "JANGAN berjalan di background: berjalan dalam modus debug."
 
 # OK
-#: option.c:379
+#: option.c:400
 msgid "Do NOT forward queries with no domain part."
 msgstr "JANGAN teruskan permintaan tanpa bagian domain."
 
 # OK
-#: option.c:380
+#: option.c:401
 msgid "Return self-pointing MX records for local hosts."
 msgstr "Mengembalikan record MX untuk diri sendiri host-host lokal."
 
 # OK
-#: option.c:381
+#: option.c:402
 msgid "Expand simple names in /etc/hosts with domain-suffix."
 msgstr "Melengkapi nama-nama di /etc/hosts dengan akhiran domain."
 
 # OK
-#: option.c:382
+#: option.c:403
 msgid "Don't forward spurious DNS requests from Windows hosts."
 msgstr "Jangan meneruskan permintaan DNS spurious dari host-host Windows."
 
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr ""
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr ""
+
 # OK
-#: option.c:383
+#: option.c:406
 msgid "Enable DHCP in the range given with lease duration."
 msgstr "Bolehkan DHCP dalam jangkauan yang diberikan dengan durasi lease."
 
 # OK
-#: option.c:384
+#: option.c:407
 #, c-format
 msgid "Change to this group after startup (defaults to %s)."
 msgstr "Ubah ke group ini setelah mulai (default %s)."
 
 # OK
-#: option.c:385
+#: option.c:408
 msgid "Set address or hostname for a specified machine."
 msgstr "Setel alamat atau nama host untuk mesin yang disebutkan."
 
 # OK
-#: option.c:386
+#: option.c:409
 #, fuzzy
 msgid "Read DHCP host specs from file."
 msgstr "nama MX salah"
 
-#: option.c:387
+#: option.c:410
 msgid "Read DHCP option specs from file."
 msgstr ""
 
 # OK
-#: option.c:388
+#: option.c:411
 #, fuzzy
 msgid "Read DHCP host specs from a directory."
 msgstr "nama MX salah"
 
 # OK
-#: option.c:389
+#: option.c:412
 #, fuzzy
 msgid "Read DHCP options from a directory."
 msgstr "nama MX salah"
 
-#: option.c:390
+#: option.c:413
 msgid "Evaluate conditional tag expression."
 msgstr ""
 
 # OK
-#: option.c:391
+#: option.c:414
 #, c-format
 msgid "Do NOT load %s file."
 msgstr "JANGAN muat file %s."
 
 # OK
-#: option.c:392
+#: option.c:415
 #, c-format
 msgid "Specify a hosts file to be read in addition to %s."
 msgstr "Sebutkan sebuah file hosts yang harus dibaca sebagai tambahan untuk %s."
 
 # OK
-#: option.c:393
+#: option.c:416
 #, fuzzy
 msgid "Read hosts files from a directory."
 msgstr "nama MX salah"
 
 # OK
-#: option.c:394
+#: option.c:417
 msgid "Specify interface(s) to listen on."
 msgstr "Sebutkan antarmuka untuk mendengarkan."
 
 # OK
-#: option.c:395
+#: option.c:418
 msgid "Specify interface(s) NOT to listen on."
 msgstr "Sebutkan antarmuka untuk TIDAK mendengarkan."
 
 # OK
-#: option.c:396
+#: option.c:419
 #, fuzzy
 msgid "Map DHCP user class to tag."
 msgstr "Petakan kelas user DHCP ke setelan yang dipilih."
 
-#: option.c:397
+#: option.c:420
 msgid "Map RFC3046 circuit-id to tag."
 msgstr ""
 
-#: option.c:398
+#: option.c:421
 msgid "Map RFC3046 remote-id to tag."
 msgstr ""
 
-#: option.c:399
+#: option.c:422
 msgid "Map RFC3993 subscriber-id to tag."
 msgstr ""
 
-#: option.c:400
+#: option.c:423
 msgid "Specify vendor class to match for PXE requests."
 msgstr ""
 
 # OK
-#: option.c:401
+#: option.c:424
 #, fuzzy
 msgid "Don't do DHCP for hosts with tag set."
 msgstr "Jangan menggunakan DHCP untuk host-host yang dipilih."
 
 # OK
-#: option.c:402
+#: option.c:425
 #, fuzzy
 msgid "Force broadcast replies for hosts with tag set."
 msgstr "Jangan menggunakan DHCP untuk host-host yang dipilih."
 
 # OK
-#: option.c:403
+#: option.c:426
 msgid "Do NOT fork into the background, do NOT run in debug mode."
 msgstr "JANGAN berjalan di background, jangan berjalan dalam modus debug."
 
 # OK
-#: option.c:404
+#: option.c:427
 msgid "Assume we are the only DHCP server on the local network."
 msgstr "Berpikir bahwa kita satu-satunya DHCP server dalam jaringan."
 
 # OK
-#: option.c:405
+#: option.c:428
 #, c-format
 msgid "Specify where to store DHCP leases (defaults to %s)."
 msgstr "Sebutkan lokasi untuk menyimpan lease DHCP (default %s)."
 
 # OK
-#: option.c:406
+#: option.c:429
 msgid "Return MX records for local hosts."
 msgstr "Kembalikan rekord MX untuk host-host lokal."
 
 # OK
-#: option.c:407
+#: option.c:430
 msgid "Specify an MX record."
 msgstr "Sebutkan sebuah rekord MX."
 
 # OK
-#: option.c:408
+#: option.c:431
 msgid "Specify BOOTP options to DHCP server."
 msgstr "Sebutkan pilihan-pilihan BOOTP untuk DHCP server."
 
-#: option.c:409
+#: option.c:432
 #, c-format
 msgid "Do NOT poll %s file, reload only on SIGHUP."
 msgstr "Jangan kumpulkan file %s, muat kembali saat SIGHUP."
 
 # OK
-#: option.c:410
+#: option.c:433
 msgid "Do NOT cache failed search results."
 msgstr "JANGAN menyimpan hasil pencarian yang gagal."
 
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
 # OK
-#: option.c:411
+#: option.c:435
 #, c-format
 msgid "Use nameservers strictly in the order given in %s."
 msgstr "Gunakan secara ketat namaserver yang disebutkan sesuai urutan di %s."
 
 # OK
-#: option.c:412
+#: option.c:436
 #, fuzzy
 msgid "Specify options to be sent to DHCP clients."
 msgstr "Setel pilihan-pilihan tambahan yang akan disetel untuk klien-klien DHCP."
 
-#: option.c:413
+#: option.c:437
 msgid "DHCP option sent even if the client does not request it."
 msgstr ""
 
 # OK
-#: option.c:414
+#: option.c:438
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
 msgstr "Sebutkan port untuk mendengarkan permintaan DNS (default port 53)."
 
 # OK
-#: option.c:415
+#: option.c:439
 #, c-format
 msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
 msgstr "Ukuran maksimum paket UDP yang didukung untuk EDNS.0 (default %s)."
 
 # OK
-#: option.c:416
+#: option.c:440
 #, fuzzy
 msgid "Log DNS queries."
 msgstr "Permintaan log."
 
 # OK
-#: option.c:417
+#: option.c:441
 #, fuzzy
 msgid "Force the originating port for upstream DNS queries."
 msgstr "Paksa port asal untuk permintaan ke atas."
 
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
 # OK
-#: option.c:418
+#: option.c:443
 msgid "Do NOT read resolv.conf."
 msgstr "JANGAN baca resolv.conf."
 
 # OK
-#: option.c:419
+#: option.c:444
 #, c-format
 msgid "Specify path to resolv.conf (defaults to %s)."
 msgstr "Sebutkan path ke resolv.conf (default %s)."
 
 # OK
-#: option.c:420
+#: option.c:445
 #, fuzzy
 msgid "Specify path to file with server= options"
 msgstr "Sebutkan path file PID. (default %s)."
 
 # OK
-#: option.c:421
+#: option.c:446
 msgid "Specify address(es) of upstream servers with optional domains."
 msgstr "Sebutkan alamat-alamat server di atas, boleh dilengkapi dengan nama domain."
 
 # OK
-#: option.c:422
+#: option.c:447
 #, fuzzy
 msgid "Specify address of upstream servers for reverse address queries"
 msgstr "Sebutkan alamat-alamat server di atas, boleh dilengkapi dengan nama domain."
 
 # OK
-#: option.c:423
+#: option.c:448
 msgid "Never forward queries to specified domains."
 msgstr "JANGAN pernah meneruskan permintaan ke domain yang disebutkan."
 
 # OK
-#: option.c:424
+#: option.c:449
 msgid "Specify the domain to be assigned in DHCP leases."
 msgstr "Sebutkan domain yang digunakan dalam lease DHCP."
 
 # OK
-#: option.c:425
+#: option.c:450
 msgid "Specify default target in an MX record."
 msgstr "Sebutkan tujuan default dalam rekord MX."
 
 # OK
-#: option.c:426
+#: option.c:451
 msgid "Specify time-to-live in seconds for replies from /etc/hosts."
 msgstr "Sebutkan time-to-live dalam detik untuk jawaban dari /etc/hosts."
 
 # OK
-#: option.c:427
+#: option.c:452
 #, fuzzy
 msgid "Specify time-to-live in seconds for negative caching."
 msgstr "Sebutkan time-to-live dalam detik untuk jawaban dari /etc/hosts."
 
 # OK
-#: option.c:428
+#: option.c:453
 #, fuzzy
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
 msgstr "Sebutkan time-to-live dalam detik untuk jawaban dari /etc/hosts."
 
 # OK
-#: option.c:429
+#: option.c:454
 #, fuzzy
 msgid "Specify time-to-live ceiling for cache."
 msgstr "Sebutkan time-to-live dalam detik untuk jawaban dari /etc/hosts."
 
 # OK
-#: option.c:430
+#: option.c:455
 #, fuzzy
 msgid "Specify time-to-live floor for cache."
 msgstr "Sebutkan time-to-live dalam detik untuk jawaban dari /etc/hosts."
 
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
 # OK
-#: option.c:431
+#: option.c:457
 #, c-format
 msgid "Change to this user after startup. (defaults to %s)."
 msgstr "Ubah ke user ini setelah mulai. (default %s)."
 
 # OK
-#: option.c:432
+#: option.c:458
 #, fuzzy
 msgid "Map DHCP vendor class to tag."
 msgstr "Memetakan kelas vendor DHCP ke daftar pilihan."
 
 # OK
-#: option.c:433
+#: option.c:459
 msgid "Display dnsmasq version and copyright information."
 msgstr "Menampilkan versi dan informasi hak cipta dnsmasq."
 
 # OK
-#: option.c:434
+#: option.c:460
 msgid "Translate IPv4 addresses from upstream servers."
 msgstr "Terjemahkan alamat-alamat IPv4 dari server-server di atas."
 
 # OK
-#: option.c:435
+#: option.c:461
 msgid "Specify a SRV record."
 msgstr "Sebutkan rekord SRV."
 
-#: option.c:436
+#: option.c:462
 msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
 msgstr ""
 
 # OK
-#: option.c:437
+#: option.c:463
 #, fuzzy, c-format
 msgid "Specify path of PID file (defaults to %s)."
 msgstr "Sebutkan path file PID. (default %s)."
 
 # OK
-#: option.c:438
+#: option.c:464
 #, c-format
 msgid "Specify maximum number of DHCP leases (defaults to %s)."
 msgstr "Sebutkan jumlah maksimum lease DHCP (default %s)."
 
 # OK
-#: option.c:439
+#: option.c:465
 msgid "Answer DNS queries based on the interface a query was sent to."
 msgstr "Jawab permintaan DNS berdasarkan antarmuka dimana permintaan dikirimkan."
 
 # OK
-#: option.c:440
+#: option.c:466
 msgid "Specify TXT DNS record."
 msgstr "Sebutkan rekord TXT DNS."
 
 # OK
-#: option.c:441
+#: option.c:467
 #, fuzzy
 msgid "Specify PTR DNS record."
 msgstr "Sebutkan rekord TXT DNS."
 
-#: option.c:442
+#: option.c:468
 msgid "Give DNS name to IPv4 address of interface."
 msgstr ""
 
 # OK
-#: option.c:443
+#: option.c:469
 msgid "Bind only to interfaces in use."
 msgstr "Hanya kaitkan ke antarmuka yang sedang digunakan saja."
 
 # OK
-#: option.c:444
+#: option.c:470
 #, c-format
 msgid "Read DHCP static host information from %s."
 msgstr "Baca informasi statik host DHCP dari %s."
 
 # OK
-#: option.c:445
+#: option.c:471
 msgid "Enable the DBus interface for setting upstream servers, etc."
 msgstr "Mungkinkan antar muka DBus untuk menyetel server-server di atas, dsb."
 
-#: option.c:446
+#: option.c:472
 msgid "Enable the UBus interface."
 msgstr ""
 
 # OK
-#: option.c:447
+#: option.c:473
 msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr "JANGAN menyediakan DHCP pada antarmuka ini, hanya menyediakan DNS."
 
 # OK
-#: option.c:448
+#: option.c:474
 msgid "Enable dynamic address allocation for bootp."
 msgstr "Mungkinkan alokasi alamat dinamis untuk bootp."
 
 # OK
-#: option.c:449
+#: option.c:475
 #, fuzzy
 msgid "Map MAC address (with wildcards) to option set."
 msgstr "Memetakan kelas vendor DHCP ke daftar pilihan."
 
-#: option.c:450
+#: option.c:476
 msgid "Treat DHCP requests on aliases as arriving from interface."
 msgstr ""
 
-#: option.c:451
+#: option.c:477
 msgid "Specify extra networks sharing a broadcast domain for DHCP"
 msgstr ""
 
-#: option.c:452
+#: option.c:478
 msgid "Disable ICMP echo address checking in the DHCP server."
 msgstr ""
 
-#: option.c:453
+#: option.c:479
 msgid "Shell script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:454
+#: option.c:480
 msgid "Lua script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:455
+#: option.c:481
 msgid "Run lease-change scripts as this user."
 msgstr ""
 
-#: option.c:456
+#: option.c:482
 msgid "Call dhcp-script with changes to local ARP table."
 msgstr ""
 
-#: option.c:457
+#: option.c:483
 msgid "Read configuration from all the files in this directory."
 msgstr ""
 
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr ""
+
 # OK
-#: option.c:458
+#: option.c:485
 #, fuzzy
 msgid "Log to this syslog facility or file. (defaults to DAEMON)"
 msgstr "Ubah ke user ini setelah mulai. (default %s)."
 
-#: option.c:459
+#: option.c:486
 msgid "Do not use leasefile."
 msgstr ""
 
 # OK
-#: option.c:460
+#: option.c:487
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
 msgstr "Sebutkan jumlah maksimum lease DHCP (default %s)."
 
-#: option.c:461
+#: option.c:488
 #, c-format
 msgid "Clear DNS cache when reloading %s."
 msgstr ""
 
-#: option.c:462
+#: option.c:489
 msgid "Ignore hostnames provided by DHCP clients."
 msgstr ""
 
-#: option.c:463
+#: option.c:490
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
 msgstr ""
 
-#: option.c:464
+#: option.c:491
 msgid "Enable integrated read-only TFTP server."
 msgstr ""
 
-#: option.c:465
+#: option.c:492
 msgid "Export files by TFTP only from the specified subtree."
 msgstr ""
 
-#: option.c:466
+#: option.c:493
 msgid "Add client IP or hardware address to tftp-root."
 msgstr ""
 
-#: option.c:467
+#: option.c:494
 msgid "Allow access only to files owned by the user running dnsmasq."
 msgstr ""
 
-#: option.c:468
+#: option.c:495
 msgid "Do not terminate the service if TFTP directories are inaccessible."
 msgstr ""
 
 # OK
-#: option.c:469
+#: option.c:496
 #, fuzzy, c-format
 msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
 msgstr "Sebutkan jumlah maksimum lease DHCP (default %s)."
 
 # OK
-#: option.c:470
+#: option.c:497
 #, fuzzy
 msgid "Maximum MTU to use for TFTP transfers."
 msgstr "Sebutkan jumlah maksimum lease DHCP (default %s)."
 
-#: option.c:471
+#: option.c:498
 msgid "Disable the TFTP blocksize extension."
 msgstr ""
 
-#: option.c:472
+#: option.c:499
 msgid "Convert TFTP filenames to lowercase"
 msgstr ""
 
-#: option.c:473
+#: option.c:500
 msgid "Ephemeral port range for use by TFTP transfers."
 msgstr ""
 
-#: option.c:474
+#: option.c:501
 msgid "Use only one port for TFTP server."
 msgstr ""
 
-#: option.c:475
+#: option.c:502
 msgid "Extra logging for DHCP."
 msgstr ""
 
-#: option.c:476
+#: option.c:503
 msgid "Enable async. logging; optionally set queue length."
 msgstr ""
 
-#: option.c:477
+#: option.c:504
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
 msgstr ""
 
-#: option.c:478
+#: option.c:505
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
 msgstr ""
 
-#: option.c:479
+#: option.c:506
 msgid "Inhibit DNS-rebind protection on this domain."
 msgstr ""
 
-#: option.c:480
+#: option.c:507
 msgid "Always perform DNS queries to all servers."
 msgstr ""
 
-#: option.c:481
+#: option.c:508
 msgid "Set tag if client includes matching option in request."
 msgstr ""
 
-#: option.c:482
+#: option.c:509
 msgid "Set tag if client provides given name."
 msgstr ""
 
-#: option.c:483
+#: option.c:510
 msgid "Use alternative ports for DHCP."
 msgstr ""
 
 # OK
-#: option.c:484
+#: option.c:511
 #, fuzzy
 msgid "Specify NAPTR DNS record."
 msgstr "Sebutkan rekord TXT DNS."
 
-#: option.c:485
+#: option.c:512
 msgid "Specify lowest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:486
+#: option.c:513
 msgid "Specify highest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:487
+#: option.c:514
 msgid "Use only fully qualified domain names for DHCP clients."
 msgstr ""
 
-#: option.c:488
+#: option.c:515
 msgid "Generate hostnames based on MAC address for nameless clients."
 msgstr ""
 
-#: option.c:489
+#: option.c:516
 msgid "Use these DHCP relays as full proxies."
 msgstr ""
 
-#: option.c:490
+#: option.c:517
 msgid "Relay DHCP requests to a remote server"
 msgstr ""
 
-#: option.c:491
+#: option.c:518
 msgid "Specify alias name for LOCAL DNS name."
 msgstr ""
 
 # OK
-#: option.c:492
+#: option.c:519
 #, fuzzy
 msgid "Prompt to send to PXE clients."
 msgstr "Setel pilihan-pilihan tambahan yang akan disetel untuk klien-klien DHCP."
 
-#: option.c:493
+#: option.c:520
 msgid "Boot service for PXE menu."
 msgstr ""
 
-#: option.c:494
+#: option.c:521
 msgid "Check configuration syntax."
 msgstr ""
 
-#: option.c:495
+#: option.c:522
 msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr ""
 
-#: option.c:496
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr ""
+
+#: option.c:524
 msgid "Add specified IP subnet to forwarded DNS queries."
 msgstr ""
 
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr ""
+
 # OK
-#: option.c:497
+#: option.c:526
 #, fuzzy
 msgid "Add client identification to forwarded DNS queries."
 msgstr "Paksa port asal untuk permintaan ke atas."
 
 # OK
-#: option.c:498
+#: option.c:527
 #, fuzzy
 msgid "Proxy DNSSEC validation results from upstream nameservers."
 msgstr "Terjemahkan alamat-alamat IPv4 dari server-server di atas."
 
-#: option.c:499
+#: option.c:528
 msgid "Attempt to allocate sequential IP addresses to DHCP clients."
 msgstr ""
 
 # OK
-#: option.c:500
+#: option.c:529
 #, fuzzy
 msgid "Ignore client identifier option sent by DHCP clients."
 msgstr "Setel pilihan-pilihan tambahan yang akan disetel untuk klien-klien DHCP."
 
-#: option.c:501
+#: option.c:530
 msgid "Copy connection-track mark from queries to upstream connections."
 msgstr ""
 
-#: option.c:502
+#: option.c:531
 msgid "Allow DHCP clients to do their own DDNS updates."
 msgstr ""
 
-#: option.c:503
+#: option.c:532
 msgid "Send router-advertisements for interfaces doing DHCPv6"
 msgstr ""
 
-#: option.c:504
+#: option.c:533
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
 msgstr ""
 
 # OK
-#: option.c:505
+#: option.c:534
 #, fuzzy
 msgid "Specify host (A/AAAA and PTR) records"
 msgstr "Sebutkan sebuah rekord MX."
 
-#: option.c:506
+#: option.c:535
 msgid "Specify host record in interface subnet"
 msgstr ""
 
-#: option.c:507
+#: option.c:536
 msgid "Specify certification authority authorization record"
 msgstr ""
 
 # OK
-#: option.c:508
+#: option.c:537
 #, fuzzy
 msgid "Specify arbitrary DNS resource record"
 msgstr "Sebutkan rekord TXT DNS."
 
 # OK
-#: option.c:509
+#: option.c:538
 #, fuzzy
 msgid "Bind to interfaces in use - check for new interfaces"
 msgstr "antarmuka tidak dikenal %s"
 
-#: option.c:510
+#: option.c:539
 msgid "Export local names to global DNS"
 msgstr ""
 
-#: option.c:511
+#: option.c:540
 msgid "Domain to export to global DNS"
 msgstr ""
 
-#: option.c:512
+#: option.c:541
 msgid "Set TTL for authoritative replies"
 msgstr ""
 
-#: option.c:513
+#: option.c:542
 msgid "Set authoritative zone information"
 msgstr ""
 
-#: option.c:514
+#: option.c:543
 msgid "Secondary authoritative nameservers for forward domains"
 msgstr ""
 
-#: option.c:515
+#: option.c:544
 msgid "Peers which are allowed to do zone transfer"
 msgstr ""
 
-#: option.c:516
+#: option.c:545
 msgid "Specify ipsets to which matching domains should be added"
 msgstr ""
 
-#: option.c:517
+#: option.c:546
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr ""
+
+#: option.c:547
 msgid "Enable filtering of DNS queries with connection-track marks."
 msgstr ""
 
-#: option.c:518
+#: option.c:548
 msgid "Set allowed DNS patterns for a connection-track mark."
 msgstr ""
 
-#: option.c:519
+#: option.c:549
 msgid "Specify a domain and address range for synthesised names"
 msgstr ""
 
-#: option.c:520
+#: option.c:550
 msgid "Activate DNSSEC validation"
 msgstr ""
 
-#: option.c:521
+#: option.c:551
 msgid "Specify trust anchor key digest."
 msgstr ""
 
-#: option.c:522
+#: option.c:552
 msgid "Disable upstream checking for DNSSEC debugging."
 msgstr ""
 
-#: option.c:523
+#: option.c:553
 msgid "Ensure answers without DNSSEC are in unsigned zones."
 msgstr ""
 
-#: option.c:524
+#: option.c:554
 msgid "Don't check DNSSEC signature timestamps until first cache-reload"
 msgstr ""
 
-#: option.c:525
+#: option.c:555
 msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr ""
 
-#: option.c:526
+#: option.c:556
 msgid "Set MTU, priority, resend-interval and router-lifetime"
 msgstr ""
 
-#: option.c:527
+#: option.c:557
 msgid "Do not log routine DHCP."
 msgstr ""
 
-#: option.c:528
+#: option.c:558
 msgid "Do not log routine DHCPv6."
 msgstr ""
 
-#: option.c:529
+#: option.c:559
 msgid "Do not log RA."
 msgstr ""
 
-#: option.c:530
+#: option.c:560
 msgid "Log debugging information."
 msgstr ""
 
-#: option.c:531
+#: option.c:561
 msgid "Accept queries only from directly-connected networks."
 msgstr ""
 
-#: option.c:532
+#: option.c:562
 msgid "Detect and remove DNS forwarding loops."
 msgstr ""
 
-#: option.c:533
+#: option.c:563
 msgid "Ignore DNS responses containing ipaddr."
 msgstr ""
 
-#: option.c:534
+#: option.c:564
 msgid "Set TTL in DNS responses with DHCP-derived addresses."
 msgstr ""
 
-#: option.c:535
+#: option.c:565
 msgid "Delay DHCP replies for at least number of seconds."
 msgstr ""
 
-#: option.c:536
+#: option.c:566
 msgid "Enables DHCPv4 Rapid Commit option."
 msgstr ""
 
-#: option.c:537
+#: option.c:567
 msgid "Path to debug packet dump file"
 msgstr ""
 
-#: option.c:538
+#: option.c:568
 msgid "Mask which packets to dump"
 msgstr ""
 
-#: option.c:539
+#: option.c:569
 msgid "Call dhcp-script when lease expiry changes."
 msgstr ""
 
-#: option.c:540
+#: option.c:570
 msgid "Send Cisco Umbrella identifiers including remote IP."
 msgstr ""
 
-#: option.c:541
+#: option.c:571
 msgid "Do not log routine TFTP."
 msgstr ""
 
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
 # OK
-#: option.c:771
+#: option.c:802
 #, c-format
 msgid ""
 "Usage: dnsmasq [options]\n"
@@ -947,455 +1004,505 @@ msgstr ""
 "\n"
 
 # OK
-#: option.c:773
+#: option.c:804
 #, c-format
 msgid "Use short options only on the command line.\n"
 msgstr "Gunakan pilihan pendek saja pada perintah baris.\n"
 
 # OK
-#: option.c:775
+#: option.c:806
 #, fuzzy, c-format
 msgid "Valid options are:\n"
 msgstr "Pilihan yang boleh adalah:\n"
 
 # OK
-#: option.c:822 option.c:933
+#: option.c:853 option.c:1055
 #, fuzzy
 msgid "bad address"
 msgstr "membaca %s - %d alamat"
 
 # OK
-#: option.c:847 option.c:851
+#: option.c:882 option.c:886
 msgid "bad port"
 msgstr "port salah"
 
-#: option.c:864 option.c:893 option.c:927
+#: option.c:899 option.c:1002 option.c:1048
 msgid "interface binding not supported"
 msgstr ""
 
-#: option.c:888 option.c:922
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
 msgid "interface can only be specified once"
 msgstr ""
 
 # OK
-#: option.c:901 option.c:4362
+#: option.c:1011 option.c:4785
 #, fuzzy
 msgid "bad interface name"
 msgstr "nama MX salah"
 
-#: option.c:1192
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
+msgstr ""
+
+# OK
+#: option.c:1124
+#, fuzzy
+msgid "bad IPv4 prefix length"
+msgstr "port salah"
+
+# OK
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr "kesalahan"
+
+# OK
+#: option.c:1207
+#, fuzzy
+msgid "bad IPv6 prefix length"
+msgstr "port salah"
+
+#: option.c:1467
 msgid "inappropriate vendor:"
 msgstr ""
 
-#: option.c:1199
+#: option.c:1474
 msgid "inappropriate encap:"
 msgstr ""
 
-#: option.c:1225
+#: option.c:1500
 msgid "unsupported encapsulation for IPv6 option"
 msgstr ""
 
 # OK
-#: option.c:1239
+#: option.c:1514
 msgid "bad dhcp-option"
 msgstr "dhcp-option salah"
 
 # OK
-#: option.c:1317
+#: option.c:1592
 #, fuzzy
 msgid "bad IP address"
 msgstr "membaca %s - %d alamat"
 
 # OK
-#: option.c:1320 option.c:1459 option.c:3551
+#: option.c:1595 option.c:1734 option.c:3928
 #, fuzzy
 msgid "bad IPv6 address"
 msgstr "membaca %s - %d alamat"
 
 # OK
-#: option.c:1413
+#: option.c:1688
 #, fuzzy
 msgid "bad IPv4 address"
 msgstr "membaca %s - %d alamat"
 
 # OK
-#: option.c:1486 option.c:1581
+#: option.c:1761 option.c:1856
 msgid "bad domain in dhcp-option"
 msgstr "domain dalam dhcp-option salah"
 
 # OK
-#: option.c:1625
+#: option.c:1900
 msgid "dhcp-option too long"
 msgstr "dhcp-option terlalu panjang"
 
-#: option.c:1632
+#: option.c:1907
 msgid "illegal dhcp-match"
 msgstr ""
 
-#: option.c:1691
+#: option.c:1966
 msgid "illegal repeated flag"
 msgstr ""
 
-#: option.c:1699
+#: option.c:1974
 msgid "illegal repeated keyword"
 msgstr ""
 
 # OK
-#: option.c:1770 option.c:5080
+#: option.c:2056 option.c:5533
 #, fuzzy, c-format
 msgid "cannot access directory %s: %s"
 msgstr "tidak bisa membaca %s: %s"
 
 # OK
-#: option.c:1816 tftp.c:566 dump.c:68
+#: option.c:2102 tftp.c:573 dump.c:72
 #, fuzzy, c-format
 msgid "cannot access %s: %s"
 msgstr "tidak bisa membaca %s: %s"
 
-#: option.c:1931
+#: option.c:2219
 msgid "setting log facility is not possible under Android"
 msgstr ""
 
-#: option.c:1940
+#: option.c:2228
 msgid "bad log facility"
 msgstr ""
 
 # OK
-#: option.c:1993
+#: option.c:2281
 msgid "bad MX preference"
 msgstr "kesukaan MX salah"
 
 # OK
-#: option.c:1998
+#: option.c:2289
 msgid "bad MX name"
 msgstr "nama MX salah"
 
 # OK
-#: option.c:2012
+#: option.c:2304
 msgid "bad MX target"
 msgstr "target MX salah"
 
-#: option.c:2032
+#: option.c:2324
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
 msgstr ""
 
-#: option.c:2036
+#: option.c:2328
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
 msgstr ""
 
 # OK
-#: option.c:2291 option.c:2327
+#: option.c:2447
+#, fuzzy
+msgid "invalid auth-zone"
+msgstr "weight tidak benar"
+
+# OK
+#: option.c:2589 option.c:2621
 #, fuzzy
 msgid "bad prefix length"
 msgstr "port salah"
 
 # OK
-#: option.c:2303 option.c:2348 option.c:2398
+#: option.c:2601 option.c:2642 option.c:2696
 #, fuzzy
 msgid "bad prefix"
 msgstr "port salah"
 
-#: option.c:2418
+#: option.c:2716
 msgid "prefix length too small"
 msgstr ""
 
 # OK
-#: option.c:2697
+#: option.c:3010
 #, fuzzy
 msgid "Bad address in --address"
 msgstr "alamat telah digunakan"
 
-# OK
-#: option.c:2751
-#, fuzzy
-msgid "bad IPv4 prefix"
-msgstr "port salah"
-
-# OK
-#: option.c:2756 option.c:3569
-#, fuzzy
-msgid "bad IPv6 prefix"
-msgstr "port salah"
-
-#: option.c:2777
+#: option.c:3110
 msgid "recompile with HAVE_IPSET defined to enable ipset directives"
 msgstr ""
 
-#: option.c:2843 option.c:2861
+#: option.c:3117
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
+msgstr ""
+
+#: option.c:3192 option.c:3210
 msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
 msgstr ""
 
 # OK
-#: option.c:3119
+#: option.c:3496
 #, fuzzy
 msgid "bad port range"
 msgstr "port salah"
 
-#: option.c:3145
+#: option.c:3522
 msgid "bad bridge-interface"
 msgstr ""
 
-#: option.c:3189
+#: option.c:3566
 msgid "bad shared-network"
 msgstr ""
 
-#: option.c:3243
+#: option.c:3620
 msgid "only one tag allowed"
 msgstr ""
 
 # OK
-#: option.c:3264 option.c:3280 option.c:3406 option.c:3414 option.c:3457
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
 msgid "bad dhcp-range"
 msgstr "dhcp-range salah"
 
 # OK
-#: option.c:3298
+#: option.c:3675
 msgid "inconsistent DHCP range"
 msgstr "jangkauan DHCP tidak konsisten"
 
-#: option.c:3364
+#: option.c:3741
 msgid "prefix length must be exactly 64 for RA subnets"
 msgstr ""
 
-#: option.c:3366
+#: option.c:3743
 msgid "prefix length must be exactly 64 for subnet constructors"
 msgstr ""
 
-#: option.c:3369
+#: option.c:3746
 msgid "prefix length must be at least 64"
 msgstr ""
 
 # OK
-#: option.c:3372
+#: option.c:3749
 #, fuzzy
 msgid "inconsistent DHCPv6 range"
 msgstr "jangkauan DHCP tidak konsisten"
 
-#: option.c:3391
+#: option.c:3768
 msgid "prefix must be zero with \"constructor:\" argument"
 msgstr ""
 
 # OK
-#: option.c:3516 option.c:3594
+#: option.c:3893 option.c:3971
 #, fuzzy
 msgid "bad hex constant"
 msgstr "dhcp-host salah"
 
 # OK
-#: option.c:3617
+#: option.c:3946
+#, fuzzy
+msgid "bad IPv6 prefix"
+msgstr "port salah"
+
+# OK
+#: option.c:3994
 #, fuzzy, c-format
 msgid "duplicate dhcp-host IP address %s"
 msgstr "alamat IP kembar %s dalam direktif dhcp-config"
 
 # OK
-#: option.c:3678
+#: option.c:4056
 #, fuzzy
 msgid "bad DHCP host name"
 msgstr "nama MX salah"
 
 # OK
-#: option.c:3764
+#: option.c:4142
 #, fuzzy
 msgid "bad tag-if"
 msgstr "target MX salah"
 
 # OK
-#: option.c:4107 option.c:4623
+#: option.c:4490 option.c:5046
 msgid "invalid port number"
 msgstr "nomor port tidak benar"
 
 # OK
-#: option.c:4163
+#: option.c:4546
 #, fuzzy
 msgid "bad dhcp-proxy address"
 msgstr "membaca %s - %d alamat"
 
 # OK
-#: option.c:4204
+#: option.c:4627
 #, fuzzy
 msgid "Bad dhcp-relay"
 msgstr "dhcp-range salah"
 
-#: option.c:4248
+#: option.c:4671
 msgid "bad RA-params"
 msgstr ""
 
-#: option.c:4258
+#: option.c:4681
 msgid "bad DUID"
 msgstr ""
 
 # OK
-#: option.c:4292
+#: option.c:4715
 #, fuzzy
 msgid "missing address in alias"
 msgstr "alamat telah digunakan"
 
 # OK
-#: option.c:4298
+#: option.c:4721
 #, fuzzy
 msgid "invalid alias range"
 msgstr "weight tidak benar"
 
 # OK
-#: option.c:4347
+#: option.c:4770
 #, fuzzy
 msgid "missing address in dynamic host"
 msgstr "alamat telah digunakan"
 
 # OK
-#: option.c:4362
+#: option.c:4785
 #, fuzzy
 msgid "bad dynamic host"
 msgstr "tidak bisa membaca %s: %s"
 
-#: option.c:4380 option.c:4396
+#: option.c:4803 option.c:4819
 msgid "bad CNAME"
 msgstr ""
 
-#: option.c:4404
+#: option.c:4827
 msgid "duplicate CNAME"
 msgstr ""
 
 # OK
-#: option.c:4431
+#: option.c:4854
 #, fuzzy
 msgid "bad PTR record"
 msgstr "rekord SRV salah"
 
 # OK
-#: option.c:4466
+#: option.c:4889
 #, fuzzy
 msgid "bad NAPTR record"
 msgstr "rekord SRV salah"
 
 # OK
-#: option.c:4502
+#: option.c:4925
 #, fuzzy
 msgid "bad RR record"
 msgstr "rekord SRV salah"
 
 # OK
-#: option.c:4535
+#: option.c:4958
 #, fuzzy
 msgid "bad CAA record"
 msgstr "rekord SRV salah"
 
 # OK
-#: option.c:4564
+#: option.c:4987
 msgid "bad TXT record"
 msgstr "rekord TXT salah"
 
 # OK
-#: option.c:4607
+#: option.c:5030
 msgid "bad SRV record"
 msgstr "rekord SRV salah"
 
 # OK
-#: option.c:4614
+#: option.c:5037
 msgid "bad SRV target"
 msgstr "target SRV salah"
 
 # OK
-#: option.c:4633
+#: option.c:5056
 msgid "invalid priority"
 msgstr "prioritas tidak benar"
 
 # OK
-#: option.c:4638
+#: option.c:5061
 msgid "invalid weight"
 msgstr "weight tidak benar"
 
 # OK
-#: option.c:4661
+#: option.c:5084
 #, fuzzy
 msgid "Bad host-record"
 msgstr "rekord SRV salah"
 
 # OK
-#: option.c:4700
+#: option.c:5123
 #, fuzzy
 msgid "Bad name in host-record"
 msgstr "kesalahan nama di %s"
 
-#: option.c:4742
+#: option.c:5165
 msgid "bad value for dnssec-check-unsigned"
 msgstr ""
 
 # OK
-#: option.c:4778
+#: option.c:5201
 #, fuzzy
 msgid "bad trust anchor"
 msgstr "port salah"
 
-#: option.c:4794
+#: option.c:5217
 msgid "bad HEX in trust anchor"
 msgstr ""
 
-#: option.c:4805
+#: option.c:5228
 msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
 msgstr ""
 
 # OK
-#: option.c:4865
+#: option.c:5290
 msgid "missing \""
 msgstr "kurang \""
 
 # OK
-#: option.c:4922
+#: option.c:5347
 msgid "bad option"
 msgstr "pilihan salah"
 
 # OK
-#: option.c:4924
+#: option.c:5349
 msgid "extraneous parameter"
 msgstr "parameter berlebihan"
 
 # OK
-#: option.c:4926
+#: option.c:5351
 msgid "missing parameter"
 msgstr "parameter kurang"
 
 # OK
-#: option.c:4928
+#: option.c:5353
 #, fuzzy
 msgid "illegal option"
 msgstr "pilihan salah"
 
-# OK
-#: option.c:4935
-msgid "error"
-msgstr "kesalahan"
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
+msgstr ""
 
 # OK
-#: option.c:4937
+#: option.c:5365
 #, fuzzy, c-format
 msgid " at line %d of %s"
 msgstr "%s pada baris %d dari %%s"
 
 # OK
-#: option.c:4952 option.c:5229 option.c:5240
+#: option.c:5380 option.c:5683 option.c:5694
 #, fuzzy, c-format
 msgid "read %s"
 msgstr "membaca %s"
 
 # OK
-#: option.c:5015 option.c:5162 tftp.c:775
+#: option.c:5446
+#, fuzzy, c-format
+msgid "cannot execute %s: %s"
+msgstr "tidak bisa membaca %s: %s"
+
+# OK
+#: option.c:5454 option.c:5615 tftp.c:790
 #, c-format
 msgid "cannot read %s: %s"
 msgstr "tidak bisa membaca %s: %s"
 
-#: option.c:5316
+# OK
+#: option.c:5473
+#, fuzzy, c-format
+msgid "error executing %s: %s"
+msgstr "gagal mengakses %s: %s"
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr ""
+
+#: option.c:5775
 msgid "junk found in command line"
 msgstr ""
 
 # OK
-#: option.c:5356
+#: option.c:5815
 #, c-format
 msgid "Dnsmasq version %s  %s\n"
 msgstr "Dnsmasq versi %s  %s\n"
 
 # OK
-#: option.c:5357
+#: option.c:5816
 #, fuzzy, c-format
 msgid ""
 "Compile time options: %s\n"
@@ -1405,739 +1512,780 @@ msgstr ""
 "\n"
 
 # OK
-#: option.c:5358
+#: option.c:5817
 #, c-format
 msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
 msgstr "Perangkat lunak ini tersedia TANPA JAMINAN SEDIKITPUN.\n"
 
 # OK
-#: option.c:5359
+#: option.c:5818
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
 msgstr "Dnsdmasq adalah perangkat lunak bebas, dan Anda dipersilahkan untuk membagikannya\n"
 
 # OK
-#: option.c:5360
+#: option.c:5819
 #, fuzzy, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
 msgstr "dengan aturan GNU General Public License, versi 2.\n"
 
-#: option.c:5377
+#: option.c:5836
 msgid "try --help"
 msgstr ""
 
-#: option.c:5379
+#: option.c:5838
 msgid "try -w"
 msgstr ""
 
 # OK
-#: option.c:5381
+#: option.c:5840
 #, fuzzy, c-format
 msgid "bad command line options: %s"
 msgstr "pilihan baris perintah salah: %s."
 
-#: option.c:5450
+#: option.c:5909
 #, c-format
 msgid "CNAME loop involving %s"
 msgstr ""
 
 # OK
-#: option.c:5491
+#: option.c:5950
 #, c-format
 msgid "cannot get host-name: %s"
 msgstr "tidak bisa mendapatkan host-name: %s"
 
 # OK
-#: option.c:5519
+#: option.c:5978
 msgid "only one resolv.conf file allowed in no-poll mode."
 msgstr "hanya satu file resolv.conf yang diperbolehkan dalam modus no-poll."
 
 # OK
-#: option.c:5529
+#: option.c:5988
 msgid "must have exactly one resolv.conf to read domain from."
 msgstr "harus mempunyai tepat satu resolv.conf untuk mendapatkan nama domain."
 
 # OK
-#: option.c:5532 network.c:1670 dhcp.c:880
+#: option.c:5991 network.c:1727 dhcp.c:892
 #, fuzzy, c-format
 msgid "failed to read %s: %s"
 msgstr "gagal membaca %s: %s"
 
 # OK
-#: option.c:5549
+#: option.c:6008
 #, c-format
 msgid "no search directive found in %s"
 msgstr "tidak ditemukan direktif search di %s"
 
-#: option.c:5570
+#: option.c:6029
 msgid "there must be a default domain when --dhcp-fqdn is set"
 msgstr ""
 
-#: option.c:5579
+#: option.c:6038
 msgid "syntax check OK"
 msgstr ""
 
 # OK
-#: forward.c:104
+#: forward.c:107
 #, fuzzy, c-format
 msgid "failed to send packet: %s"
 msgstr "gagal mendengarkan di socket: %s"
 
-#: forward.c:601
+#: forward.c:715
 msgid "discarding DNS reply: subnet option mismatch"
 msgstr ""
 
 # OK
-#: forward.c:666
+#: forward.c:780
 #, c-format
 msgid "nameserver %s refused to do a recursive query"
 msgstr "nameserver %s menolak melakukan resolusi rekursif"
 
-#: forward.c:702
+#: forward.c:826
 #, c-format
 msgid "possible DNS-rebind attack detected: %s"
 msgstr ""
 
-#: forward.c:1074
+#: forward.c:1239
 #, c-format
 msgid "reducing DNS packet size for nameserver %s to %d"
 msgstr ""
 
-#: forward.c:1381 forward.c:1910
-msgid "Ignoring query from non-local network"
+#: forward.c:1565
+#, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
 msgstr ""
 
-#: forward.c:2198
+#: forward.c:2139
+#, c-format
+msgid "ignoring query from non-local network %s"
+msgstr ""
+
+#: forward.c:2501
 #, fuzzy, c-format
 msgid "failed to bind server socket to %s: %s"
 msgstr "gagal mem-bind socket untuk mendengarkan %s: %s"
 
 # OK
-#: forward.c:2494
+#: forward.c:2867
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
 msgstr "Sebutkan jumlah maksimum lease DHCP (default %s)."
 
 # OK
-#: forward.c:2496
+#: forward.c:2869
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
 msgstr "Sebutkan jumlah maksimum lease DHCP (default %s)."
 
-#: network.c:670
+#: network.c:700
 #, c-format
 msgid "stopped listening on %s(#%d): %s port %d"
 msgstr ""
 
 # OK
-#: network.c:867
+#: network.c:911
 #, fuzzy, c-format
 msgid "failed to create listening socket for %s: %s"
 msgstr "gagal membuat socket: %s "
 
-#: network.c:1148
+#: network.c:1192
 #, c-format
 msgid "listening on %s(#%d): %s port %d"
 msgstr ""
 
 # OK
-#: network.c:1175
+#: network.c:1219
 #, fuzzy, c-format
 msgid "listening on %s port %d"
 msgstr "gagal membaca %s: %s"
 
-#: network.c:1208
+#: network.c:1252
 #, c-format
 msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
 msgstr ""
 
-#: network.c:1215
+#: network.c:1259
 msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
 msgstr ""
 
 # OK
-#: network.c:1224
+#: network.c:1268
 #, fuzzy, c-format
 msgid "warning: using interface %s instead"
 msgstr "peringatan: antarmuka %s tidak ada"
 
 # OK
-#: network.c:1233
+#: network.c:1277
 #, fuzzy, c-format
 msgid "warning: no addresses found for interface %s"
 msgstr "menggunakan alamat lokal saja untuk %s %s"
 
 # OK
-#: network.c:1291
+#: network.c:1335
 #, fuzzy, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
 msgstr "gagal mem-bind socket server DHCP: %s"
 
-#: network.c:1296
+#: network.c:1340
 msgid "try increasing /proc/sys/net/core/optmem_max"
 msgstr ""
 
-#: network.c:1492
+#: network.c:1545
 #, fuzzy, c-format
 msgid "failed to bind server socket for %s: %s"
 msgstr "gagal mem-bind socket untuk mendengarkan %s: %s"
 
 # OK
-#: network.c:1569
+#: network.c:1622
 #, c-format
 msgid "ignoring nameserver %s - local interface"
 msgstr "mengabaikan nameserver %s - antarmuka lokal"
 
 # OK
-#: network.c:1580
+#: network.c:1633
 #, fuzzy, c-format
 msgid "ignoring nameserver %s - cannot make/bind socket: %s"
 msgstr "mengabaikan nameserver %s - tak dapat membuat/mem-bind socket: %s"
 
-#: network.c:1598
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr ""
+
+#: network.c:1654
 msgid "(no DNSSEC)"
 msgstr ""
 
 # OK
-#: network.c:1601
+#: network.c:1657
 msgid "unqualified"
 msgstr "tidak memenuhi syarat"
 
-#: network.c:1601
+#: network.c:1657
 msgid "names"
 msgstr ""
 
-#: network.c:1603
+#: network.c:1659
 msgid "default"
 msgstr ""
 
 # OK
-#: network.c:1605
+#: network.c:1661
 msgid "domain"
 msgstr "domain"
 
 # OK
-#: network.c:1607
+#: network.c:1663
 #, fuzzy, c-format
 msgid "using nameserver %s#%d for %s %s%s %s"
 msgstr "menggunakan nameserver %s#%d untuk %s %s"
 
 # OK
-#: network.c:1611
+#: network.c:1667
 #, fuzzy, c-format
 msgid "NOT using nameserver %s#%d - query loop detected"
 msgstr "menggunakan nameserver %s#%d untuk %s %s"
 
 # OK
-#: network.c:1614
+#: network.c:1670
 #, fuzzy, c-format
 msgid "using nameserver %s#%d(via %s)"
 msgstr "menggunakan nameserver %s#%d"
 
 # OK
-#: network.c:1616
+#: network.c:1672
 #, c-format
 msgid "using nameserver %s#%d"
 msgstr "menggunakan nameserver %s#%d"
 
 # OK
-#: network.c:1630
+#: network.c:1687
 #, fuzzy, c-format
 msgid "using only locally-known addresses for %s"
 msgstr "menggunakan alamat lokal saja untuk %s %s"
 
 # OK
-#: network.c:1633
+#: network.c:1690
 #, fuzzy, c-format
 msgid "using standard nameservers for %s"
 msgstr "menggunakan nameserver %s#%d untuk %s %s"
 
 # OK
-#: network.c:1637
+#: network.c:1694
 #, fuzzy, c-format
 msgid "using %d more local addresses"
 msgstr "menggunakan nameserver %s#%d"
 
 # OK
-#: network.c:1639
+#: network.c:1696
 #, fuzzy, c-format
 msgid "using %d more nameservers"
 msgstr "menggunakan nameserver %s#%d"
 
-#: dnsmasq.c:184
+#: dnsmasq.c:192
 msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
 msgstr ""
 
-#: dnsmasq.c:199
+#: dnsmasq.c:207
 msgid "no root trust anchor provided for DNSSEC"
 msgstr ""
 
-#: dnsmasq.c:202
+#: dnsmasq.c:210
 msgid "cannot reduce cache size from default when DNSSEC enabled"
 msgstr ""
 
 # OK
-#: dnsmasq.c:204
+#: dnsmasq.c:212
 #, fuzzy
 msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
 msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
 
 # OK
-#: dnsmasq.c:210
+#: dnsmasq.c:218
 #, fuzzy
 msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
 msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
 
-#: dnsmasq.c:217
+#: dnsmasq.c:225
 msgid "cannot use --conntrack AND --query-port"
 msgstr ""
 
 # OK
-#: dnsmasq.c:223
+#: dnsmasq.c:231
 #, fuzzy
 msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
 msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
 
-#: dnsmasq.c:228
+#: dnsmasq.c:236
 msgid "asynchronous logging is not available under Solaris"
 msgstr ""
 
-#: dnsmasq.c:233
+#: dnsmasq.c:241
 msgid "asynchronous logging is not available under Android"
 msgstr ""
 
 # OK
-#: dnsmasq.c:238
+#: dnsmasq.c:246
 #, fuzzy
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
 msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
 
 # OK
-#: dnsmasq.c:243
+#: dnsmasq.c:251
 #, fuzzy
 msgid "loop detection not available: set HAVE_LOOP in src/config.h"
 msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
 
 # OK
-#: dnsmasq.c:248
+#: dnsmasq.c:256
 #, fuzzy
 msgid "Ubus not available: set HAVE_UBUS in src/config.h"
 msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
 
-#: dnsmasq.c:259
+#: dnsmasq.c:267
 msgid "max_port cannot be smaller than min_port"
 msgstr ""
 
-#: dnsmasq.c:266
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
 msgid "--auth-server required when an auth zone is defined."
 msgstr ""
 
-#: dnsmasq.c:271
+#: dnsmasq.c:283
 msgid "zone serial must be configured in --auth-soa"
 msgstr ""
 
-#: dnsmasq.c:291
+#: dnsmasq.c:303
 msgid "dhcp-range constructor not available on this platform"
 msgstr ""
 
-#: dnsmasq.c:355
+#: dnsmasq.c:377
 msgid "cannot set --bind-interfaces and --bind-dynamic"
 msgstr ""
 
 # OK
-#: dnsmasq.c:358
+#: dnsmasq.c:380
 #, c-format
 msgid "failed to find list of interfaces: %s"
 msgstr "gagal mendapatkan daftar antarmuka: %s"
 
 # OK
-#: dnsmasq.c:367
+#: dnsmasq.c:389
 #, c-format
 msgid "unknown interface %s"
 msgstr "antarmuka tidak dikenal %s"
 
 # OK
-#: dnsmasq.c:437
+#: dnsmasq.c:396
+#, fuzzy, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr "gagal menyetel SO_REUSEADDR pada socket DHCP: %s"
+
+# OK
+#: dnsmasq.c:440
 #, fuzzy
 msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
 msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
 
 # OK
-#: dnsmasq.c:445 dnsmasq.c:1207
+#: dnsmasq.c:448 dnsmasq.c:1232
 #, c-format
 msgid "DBus error: %s"
 msgstr "DBus error: %s"
 
 # OK
-#: dnsmasq.c:448
+#: dnsmasq.c:451
 msgid "DBus not available: set HAVE_DBUS in src/config.h"
 msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
 
 # OK
-#: dnsmasq.c:456 dnsmasq.c:1228
+#: dnsmasq.c:459 dnsmasq.c:1253
 #, fuzzy, c-format
 msgid "UBus error: %s"
 msgstr "DBus error: %s"
 
 # OK
-#: dnsmasq.c:459
+#: dnsmasq.c:462
 #, fuzzy
 msgid "UBus not available: set HAVE_UBUS in src/config.h"
 msgstr "DBus tidak tersedia: setel HAVE_DBUS dalam src/config.h"
 
-#: dnsmasq.c:489
+#: dnsmasq.c:492
 #, c-format
 msgid "unknown user or group: %s"
 msgstr ""
 
-#: dnsmasq.c:565
+#: dnsmasq.c:568
 #, c-format
 msgid "process is missing required capability %s"
 msgstr ""
 
-#: dnsmasq.c:597
+#: dnsmasq.c:600
 #, c-format
 msgid "cannot chdir to filesystem root: %s"
 msgstr ""
 
 # OK
-#: dnsmasq.c:845
+#: dnsmasq.c:852
 #, fuzzy, c-format
 msgid "started, version %s DNS disabled"
 msgstr "dimulai, cache versi %s di disable"
 
 # OK
-#: dnsmasq.c:850
+#: dnsmasq.c:857
 #, c-format
 msgid "started, version %s cachesize %d"
 msgstr "dimulai, versi %s ukuran cache %d"
 
-#: dnsmasq.c:852
+#: dnsmasq.c:859
 msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
 msgstr ""
 
 # OK
-#: dnsmasq.c:855
+#: dnsmasq.c:862
 #, c-format
 msgid "started, version %s cache disabled"
 msgstr "dimulai, cache versi %s di disable"
 
-#: dnsmasq.c:858
+#: dnsmasq.c:865
 msgid "DNS service limited to local subnets"
 msgstr ""
 
 # OK
-#: dnsmasq.c:861
+#: dnsmasq.c:868
 #, c-format
 msgid "compile time options: %s"
 msgstr "pilihan-pilihan saat kompilasi: %s"
 
 # OK
-#: dnsmasq.c:870
+#: dnsmasq.c:877
 msgid "DBus support enabled: connected to system bus"
 msgstr "dukungan DBus dimungkinkan: terkoneksi pada bus sistem"
 
 # OK
-#: dnsmasq.c:872
+#: dnsmasq.c:879
 msgid "DBus support enabled: bus connection pending"
 msgstr "dukungan DBus dimungkinkan: koneksi bus ditunda"
 
 # OK
-#: dnsmasq.c:880
+#: dnsmasq.c:887
 #, fuzzy
 msgid "UBus support enabled: connected to system bus"
 msgstr "dukungan DBus dimungkinkan: terkoneksi pada bus sistem"
 
 # OK
-#: dnsmasq.c:882
+#: dnsmasq.c:889
 #, fuzzy
 msgid "UBus support enabled: bus connection pending"
 msgstr "dukungan DBus dimungkinkan: koneksi bus ditunda"
 
-#: dnsmasq.c:902
+#: dnsmasq.c:909
 msgid "DNSSEC validation enabled but all unsigned answers are trusted"
 msgstr ""
 
-#: dnsmasq.c:904
+#: dnsmasq.c:911
 msgid "DNSSEC validation enabled"
 msgstr ""
 
-#: dnsmasq.c:908
+#: dnsmasq.c:915
 msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
 msgstr ""
 
-#: dnsmasq.c:911
+#: dnsmasq.c:918
 msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr ""
 
-#: dnsmasq.c:914
+#: dnsmasq.c:921
 #, c-format
 msgid "configured with trust anchor for %s keytag %u"
 msgstr ""
 
 # OK
-#: dnsmasq.c:920
+#: dnsmasq.c:927
 #, fuzzy, c-format
 msgid "warning: failed to change owner of %s: %s"
 msgstr "gagal memuat nama-nama dari %s: %s"
 
 # OK
-#: dnsmasq.c:924
+#: dnsmasq.c:932
 msgid "setting --bind-interfaces option because of OS limitations"
 msgstr "setelan opsi --bind-interfaces disebabkan keterbatasan OS"
 
 # OK
-#: dnsmasq.c:936
+#: dnsmasq.c:945
 #, c-format
 msgid "warning: interface %s does not currently exist"
 msgstr "peringatan: antarmuka %s tidak ada"
 
-#: dnsmasq.c:941
+#: dnsmasq.c:950
 msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr ""
 
 # OK
-#: dnsmasq.c:944
+#: dnsmasq.c:953
 #, fuzzy
 msgid "warning: no upstream servers configured"
 msgstr "menyetel server-server di atas dengan DBus"
 
-#: dnsmasq.c:948
+#: dnsmasq.c:957
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
 msgstr ""
 
-#: dnsmasq.c:969
+#: dnsmasq.c:978
 msgid "IPv6 router advertisement enabled"
 msgstr ""
 
-#: dnsmasq.c:974
+#: dnsmasq.c:983
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "root is "
 msgstr ""
 
 # OK
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 #, fuzzy
 msgid "enabled"
 msgstr "di disable"
 
-#: dnsmasq.c:993
+#: dnsmasq.c:1002
 msgid "secure mode"
 msgstr ""
 
 # OK
-#: dnsmasq.c:994
+#: dnsmasq.c:1003
 #, fuzzy
 msgid "single port mode"
 msgstr "nomor port tidak benar"
 
-#: dnsmasq.c:997
+#: dnsmasq.c:1006
 #, c-format
 msgid "warning: %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1001
+#: dnsmasq.c:1010
 #, c-format
 msgid "warning: TFTP directory %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1027
+#: dnsmasq.c:1036
 #, c-format
 msgid "restricting maximum simultaneous TFTP transfers to %d"
 msgstr ""
 
+#: dnsmasq.c:1095
+#, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr ""
+
 # OK
-#: dnsmasq.c:1204
+#: dnsmasq.c:1229
 msgid "connected to system DBus"
 msgstr "terhubung ke sistem DBus"
 
 # OK
-#: dnsmasq.c:1225
+#: dnsmasq.c:1250
 #, fuzzy
 msgid "connected to system UBus"
 msgstr "terhubung ke sistem DBus"
 
-#: dnsmasq.c:1391
+#: dnsmasq.c:1416
 #, c-format
 msgid "cannot fork into background: %s"
 msgstr ""
 
 # OK
-#: dnsmasq.c:1395
+#: dnsmasq.c:1420
 #, fuzzy, c-format
 msgid "failed to create helper: %s"
 msgstr "gagal membaca %s: %s"
 
-#: dnsmasq.c:1399
+#: dnsmasq.c:1424
 #, c-format
 msgid "setting capabilities failed: %s"
 msgstr ""
 
 # OK
-#: dnsmasq.c:1403
+#: dnsmasq.c:1428
 #, fuzzy, c-format
 msgid "failed to change user-id to %s: %s"
 msgstr "gagal memuat nama-nama dari %s: %s"
 
 # OK
-#: dnsmasq.c:1407
+#: dnsmasq.c:1432
 #, fuzzy, c-format
 msgid "failed to change group-id to %s: %s"
 msgstr "gagal memuat nama-nama dari %s: %s"
 
 # OK
-#: dnsmasq.c:1411
+#: dnsmasq.c:1436
 #, fuzzy, c-format
 msgid "failed to open pidfile %s: %s"
 msgstr "gagal membaca %s: %s"
 
 # OK
-#: dnsmasq.c:1415
+#: dnsmasq.c:1440
 #, fuzzy, c-format
 msgid "cannot open log %s: %s"
 msgstr "tidak bisa membuka %s:%s"
 
 # OK
-#: dnsmasq.c:1419
+#: dnsmasq.c:1444
 #, fuzzy, c-format
 msgid "failed to load Lua script: %s"
 msgstr "gagal memuat %S: %s"
 
-#: dnsmasq.c:1423
+#: dnsmasq.c:1448
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
 msgstr ""
 
 # OK
-#: dnsmasq.c:1427
+#: dnsmasq.c:1452
 #, fuzzy, c-format
 msgid "cannot create timestamp file %s: %s"
 msgstr "tidak dapat membuka atau membuat file lease: %s"
 
-#: dnsmasq.c:1511
+#: dnsmasq.c:1536
 #, c-format
 msgid "script process killed by signal %d"
 msgstr ""
 
-#: dnsmasq.c:1515
+#: dnsmasq.c:1540
 #, c-format
 msgid "script process exited with status %d"
 msgstr ""
 
 # OK
-#: dnsmasq.c:1519
+#: dnsmasq.c:1544
 #, fuzzy, c-format
 msgid "failed to execute %s: %s"
 msgstr "gagal mengakses %s: %s"
 
-#: dnsmasq.c:1559
+#: dnsmasq.c:1584
 msgid "now checking DNSSEC signature timestamps"
 msgstr ""
 
 # OK
-#: dnsmasq.c:1594 dnssec.c:160 dnssec.c:204
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
 #, fuzzy, c-format
 msgid "failed to update mtime on %s: %s"
 msgstr "gagal membaca %s: %s"
 
-#: dnsmasq.c:1606
+#: dnsmasq.c:1631
 msgid "exiting on receipt of SIGTERM"
 msgstr "keluar karena menerima SIGTERM"
 
 # OK
-#: dnsmasq.c:1634
+#: dnsmasq.c:1659
 #, fuzzy, c-format
 msgid "failed to access %s: %s"
 msgstr "gagal mengakses %s: %s"
 
 # OK
-#: dnsmasq.c:1664
+#: dnsmasq.c:1690
 #, c-format
 msgid "reading %s"
 msgstr "membaca %s"
 
 # OK
-#: dnsmasq.c:1675
+#: dnsmasq.c:1706
 #, fuzzy, c-format
 msgid "no servers found in %s, will retry"
 msgstr "tidak ditemukan direktif search di %s"
 
 # OK
-#: dhcp.c:53
+#: dhcp.c:51
 #, c-format
 msgid "cannot create DHCP socket: %s"
 msgstr "tidak bisa membuat socket DHCP: %s"
 
 # OK
-#: dhcp.c:68
+#: dhcp.c:66
 #, c-format
 msgid "failed to set options on DHCP socket: %s"
 msgstr "gagal menyetel opsi pada socket DHCP: %s"
 
 # OK
-#: dhcp.c:89
+#: dhcp.c:87
 #, fuzzy, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
 msgstr "gagal menyetel SO_REUSEADDR pada socket DHCP: %s"
 
 # OK
-#: dhcp.c:101
+#: dhcp.c:99
 #, c-format
 msgid "failed to bind DHCP server socket: %s"
 msgstr "gagal mem-bind socket server DHCP: %s"
 
 # OK
-#: dhcp.c:127
+#: dhcp.c:125
 #, c-format
 msgid "cannot create ICMP raw socket: %s."
 msgstr "tidak dapat membuat socket ICMP raw: %s"
 
 # OK
-#: dhcp.c:252 dhcp6.c:180
+#: dhcp.c:254 dhcp6.c:186
 #, fuzzy, c-format
 msgid "unknown interface %s in bridge-interface"
 msgstr "antarmuka tidak dikenal %s"
 
-#: dhcp.c:293
+#: dhcp.c:295
 #, c-format
 msgid "DHCP packet received on %s which has no address"
 msgstr ""
 
-#: dhcp.c:428
+#: dhcp.c:429
 #, c-format
 msgid "ARP-cache injection failed: %s"
 msgstr ""
 
-#: dhcp.c:473
+#: dhcp.c:490
 #, c-format
 msgid "Error sending DHCP packet to %s: %s"
 msgstr ""
 
 # OK
-#: dhcp.c:530
+#: dhcp.c:547
 #, c-format
 msgid "DHCP range %s -- %s is not consistent with netmask %s"
 msgstr "jangkauan DHCP %s -- %s tidak konsisten dengan netmask %s"
 
 # OK
-#: dhcp.c:918
+#: dhcp.c:930
 #, fuzzy, c-format
 msgid "bad line at %s line %d"
 msgstr "kesalahan nama pada %s baris %d"
 
-#: dhcp.c:961
+#: dhcp.c:973
 #, c-format
 msgid "ignoring %s line %d, duplicate name or IP address"
 msgstr ""
 
-#: dhcp.c:1105 rfc3315.c:2182
+# OK
+#: dhcp.c:1034
 #, c-format
-msgid "DHCP relay %s -> %s"
+msgid "read %s - %d addresses"
+msgstr "membaca %s - %d alamat"
+
+#: dhcp.c:1136
+#, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr ""
+
+#: dhcp.c:1160
+#, c-format
+msgid "broadcast via %s"
+msgstr ""
+
+#: dhcp.c:1163 rfc3315.c:2219
+#, c-format
+msgid "DHCP relay at %s -> %s"
 msgstr ""
 
 #: lease.c:64
@@ -2217,7 +2365,7 @@ msgstr "tidak ada alamat yang bisa dipakai untuk permintaan DHCP %s %s"
 msgid "%u available DHCP subnet: %s/%s"
 msgstr "tidak ada alamat yang bisa dipakai untuk permintaan DHCP %s %s"
 
-#: rfc2131.c:409 rfc3315.c:319
+#: rfc2131.c:409 rfc3315.c:320
 #, c-format
 msgid "%u available DHCP range: %s -- %s"
 msgstr ""
@@ -2240,13 +2388,13 @@ msgid "disabled"
 msgstr "di disable"
 
 # OK
-#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1532 rfc3315.c:632 rfc3315.c:815
-#: rfc3315.c:1121
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
 msgid "ignored"
 msgstr "diabaikan"
 
 # OK
-#: rfc2131.c:613 rfc2131.c:1333 rfc3315.c:867
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
 msgid "address in use"
 msgstr "alamat telah digunakan"
 
@@ -2256,7 +2404,7 @@ msgid "no address available"
 msgstr "tak ada alamat yang tersedia"
 
 # OK
-#: rfc2131.c:634 rfc2131.c:1295
+#: rfc2131.c:634 rfc2131.c:1302
 msgid "wrong network"
 msgstr "jaringan yang salah"
 
@@ -2266,11 +2414,11 @@ msgid "no address configured"
 msgstr "tak ada alamat yang disetel"
 
 # OK
-#: rfc2131.c:655 rfc2131.c:1346
+#: rfc2131.c:655 rfc2131.c:1353
 msgid "no leases left"
 msgstr "tak ada lease yang tersisa"
 
-#: rfc2131.c:756 rfc3315.c:499
+#: rfc2131.c:756 rfc3315.c:500
 #, c-format
 msgid "%u client provides name: %s"
 msgstr ""
@@ -2280,7 +2428,7 @@ msgid "PXE BIS not supported"
 msgstr ""
 
 # OK
-#: rfc2131.c:1054 rfc3315.c:1222
+#: rfc2131.c:1054 rfc3315.c:1223
 #, fuzzy, c-format
 msgid "disabling DHCP static address %s for %s"
 msgstr "men-disable alamat statik DHCP %s"
@@ -2305,120 +2453,120 @@ msgstr ""
 msgid "not using configured address %s because it was previously declined"
 msgstr ""
 
-#: rfc2131.c:1139 rfc2131.c:1339
+#: rfc2131.c:1139 rfc2131.c:1346
 msgid "no unique-id"
 msgstr ""
 
-#: rfc2131.c:1231
+#: rfc2131.c:1238
 msgid "wrong server-ID"
 msgstr ""
 
 # OK
-#: rfc2131.c:1250
+#: rfc2131.c:1257
 msgid "wrong address"
 msgstr "alamat salah"
 
 # OK
-#: rfc2131.c:1268 rfc3315.c:975
+#: rfc2131.c:1275 rfc3315.c:976
 msgid "lease not found"
 msgstr "lease tak ditemukan"
 
 # OK
-#: rfc2131.c:1303
+#: rfc2131.c:1310
 msgid "address not available"
 msgstr "alamat tak tersedia"
 
 # OK
-#: rfc2131.c:1314
+#: rfc2131.c:1321
 msgid "static lease available"
 msgstr "lease statik tak tersedia"
 
 # OK
-#: rfc2131.c:1318
+#: rfc2131.c:1325
 msgid "address reserved"
 msgstr "alamat telah dipesan"
 
-#: rfc2131.c:1327
+#: rfc2131.c:1334
 #, c-format
 msgid "abandoning lease to %s of %s"
 msgstr ""
 
-#: rfc2131.c:1866
+#: rfc2131.c:1870
 #, c-format
 msgid "%u bootfile name: %s"
 msgstr ""
 
 # OK
-#: rfc2131.c:1875
+#: rfc2131.c:1879
 #, fuzzy, c-format
 msgid "%u server name: %s"
 msgstr "DBus error: %s"
 
 # OK
-#: rfc2131.c:1885
+#: rfc2131.c:1889
 #, fuzzy, c-format
 msgid "%u next server: %s"
 msgstr "DBus error: %s"
 
-#: rfc2131.c:1889
+#: rfc2131.c:1893
 #, c-format
 msgid "%u broadcast response"
 msgstr ""
 
-#: rfc2131.c:1952
+#: rfc2131.c:1956
 #, c-format
 msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
 msgstr ""
 
-#: rfc2131.c:2262
+#: rfc2131.c:2267
 msgid "PXE menu too large"
 msgstr ""
 
 # OK
-#: rfc2131.c:2425 rfc3315.c:1511
+#: rfc2131.c:2430 rfc3315.c:1517
 #, fuzzy, c-format
 msgid "%u requested options: %s"
 msgstr "pilihan-pilihan saat kompilasi: %s"
 
-#: rfc2131.c:2742
+#: rfc2131.c:2747
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
 msgstr ""
 
-#: rfc2131.c:2805
+#: rfc2131.c:2810
 #, c-format
 msgid "%u reply delay: %d"
 msgstr ""
 
 # OK
-#: netlink.c:93
+#: netlink.c:86
 #, fuzzy, c-format
 msgid "cannot create netlink socket: %s"
 msgstr "tidak bisa mem-bind netlink socket: %s"
 
 # OK
-#: netlink.c:377
+#: netlink.c:379
 #, fuzzy, c-format
 msgid "netlink returns error: %s"
 msgstr "DBus error: %s"
 
-#: dbus.c:434
+#: dbus.c:491
 #, c-format
 msgid "Enabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:439
+#: dbus.c:496
 #, c-format
 msgid "Disabling --%s option from D-Bus"
 msgstr ""
 
 # OK
-#: dbus.c:713
+#: dbus.c:857
 msgid "setting upstream servers from DBus"
 msgstr "menyetel server-server di atas dengan DBus"
 
 # OK
-#: dbus.c:760
+#: dbus.c:907
 msgid "could not register a DBus message handler"
 msgstr "tidak bisa mendaftar sebuah DBus message handler"
 
@@ -2448,54 +2596,54 @@ msgstr ""
 msgid "lease() function missing in Lua script"
 msgstr ""
 
-#: tftp.c:349
+#: tftp.c:353
 msgid "unable to get free port for TFTP"
 msgstr ""
 
-#: tftp.c:365
+#: tftp.c:369
 #, c-format
 msgid "unsupported request from %s"
 msgstr ""
 
 # OK
-#: tftp.c:512
+#: tftp.c:520
 #, fuzzy, c-format
-msgid "file %s not found"
-msgstr "lease tak ditemukan"
+msgid "file %s not found for %s"
+msgstr "file %s tidak ditemukan untuk %s"
 
-#: tftp.c:602
+#: tftp.c:609
 #, c-format
 msgid "ignoring packet from %s (TID mismatch)"
 msgstr ""
 
 # OK
-#: tftp.c:646
+#: tftp.c:662
 #, fuzzy, c-format
 msgid "failed sending %s to %s"
 msgstr "gagal membaca %s: %s"
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "sent %s to %s"
 msgstr ""
 
-#: tftp.c:696
+#: tftp.c:712
 #, c-format
 msgid "error %d %s received from %s"
 msgstr ""
 
-#: log.c:190
+#: log.c:203
 #, c-format
 msgid "overflow: %d log entries lost"
 msgstr ""
 
-#: log.c:268
+#: log.c:281
 #, c-format
 msgid "log failed: %s"
 msgstr ""
 
 # OK
-#: log.c:477
+#: log.c:490
 msgid "FAILED to start up"
 msgstr "GAGAL untuk memulai"
 
@@ -2505,19 +2653,19 @@ msgid "Conntrack connection mark retrieval failed: %s"
 msgstr ""
 
 # OK
-#: dhcp6.c:52
+#: dhcp6.c:51
 #, fuzzy, c-format
 msgid "cannot create DHCPv6 socket: %s"
 msgstr "tidak bisa membuat socket DHCP: %s"
 
 # OK
-#: dhcp6.c:73
+#: dhcp6.c:72
 #, fuzzy, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
 msgstr "gagal menyetel SO_REUSEADDR pada socket DHCP: %s"
 
 # OK
-#: dhcp6.c:85
+#: dhcp6.c:84
 #, fuzzy, c-format
 msgid "failed to bind DHCPv6 server socket: %s"
 msgstr "gagal mem-bind socket server DHCP: %s"
@@ -2535,160 +2683,165 @@ msgid "no address range available for DHCPv6 request via %s"
 msgstr "tidak ada alamat yang bisa dipakai untuk permintaan DHCP %s %s"
 
 # OK
-#: rfc3315.c:316
+#: rfc3315.c:317
 #, fuzzy, c-format
 msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr "tidak ada alamat yang bisa dipakai untuk permintaan DHCP %s %s"
 
 # OK
-#: rfc3315.c:399
+#: rfc3315.c:400
 #, fuzzy, c-format
 msgid "%u vendor class: %u"
 msgstr "DBus error: %s"
 
 # OK
-#: rfc3315.c:447
+#: rfc3315.c:448
 #, fuzzy, c-format
 msgid "%u client MAC address: %s"
 msgstr "tidak ada antarmuka dengan alamat %s"
 
 # OK
-#: rfc3315.c:762 rfc3315.c:859
+#: rfc3315.c:763 rfc3315.c:860
 #, fuzzy
 msgid "address unavailable"
 msgstr "alamat tak tersedia"
 
-#: rfc3315.c:774 rfc3315.c:903 rfc3315.c:1272
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
 msgid "success"
 msgstr ""
 
 # OK
-#: rfc3315.c:789 rfc3315.c:798 rfc3315.c:911 rfc3315.c:913 rfc3315.c:1047
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
 #, fuzzy
 msgid "no addresses available"
 msgstr "tak ada alamat yang tersedia"
 
-#: rfc3315.c:890
+#: rfc3315.c:891
 msgid "not on link"
 msgstr ""
 
-#: rfc3315.c:979 rfc3315.c:1180 rfc3315.c:1261
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
 msgid "no binding found"
 msgstr ""
 
-#: rfc3315.c:1016
+#: rfc3315.c:1017
 msgid "deprecated"
 msgstr ""
 
 # OK
-#: rfc3315.c:1023
+#: rfc3315.c:1024
 #, fuzzy
 msgid "address invalid"
 msgstr "alamat telah digunakan"
 
-#: rfc3315.c:1081 rfc3315.c:1083
+#: rfc3315.c:1082 rfc3315.c:1084
 msgid "confirm failed"
 msgstr ""
 
 # OK
-#: rfc3315.c:1098
+#: rfc3315.c:1099
 #, fuzzy
 msgid "all addresses still on link"
 msgstr "kesalahan nama pada %s baris %d"
 
-#: rfc3315.c:1189
+#: rfc3315.c:1190
 msgid "release received"
 msgstr ""
 
-#: rfc3315.c:2173
-msgid "Cannot multicast to DHCPv6 server without correct interface"
+#: rfc3315.c:2200
+#, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
 msgstr ""
 
-#: dhcp-common.c:154
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
+msgstr ""
+
+#: dhcp-common.c:187
 #, c-format
 msgid "Ignoring duplicate dhcp-option %d"
 msgstr ""
 
-#: dhcp-common.c:231
+#: dhcp-common.c:264
 #, c-format
 msgid "%u tags: %s"
 msgstr ""
 
-#: dhcp-common.c:451
+#: dhcp-common.c:484
 #, c-format
 msgid "%s has more than one address in hostsfile, using %s for DHCP"
 msgstr ""
 
 # OK
-#: dhcp-common.c:485
+#: dhcp-common.c:518
 #, c-format
 msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr "alamat IP kembar %s (%s) dalam direktif dhcp-config"
 
-# OK
-#: dhcp-common.c:549
-#, fuzzy, c-format
-msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr "gagal menyetel SO_REUSEADDR pada socket DHCP: %s"
-
-#: dhcp-common.c:672
+#: dhcp-common.c:738
 #, c-format
 msgid "Known DHCP options:\n"
 msgstr ""
 
-#: dhcp-common.c:683
+#: dhcp-common.c:749
 #, c-format
 msgid "Known DHCPv6 options:\n"
 msgstr ""
 
-#: dhcp-common.c:880
+#: dhcp-common.c:946
 msgid ", prefix deprecated"
 msgstr ""
 
-#: dhcp-common.c:883
+#: dhcp-common.c:949
 #, c-format
 msgid ", lease time "
 msgstr ""
 
-#: dhcp-common.c:925
+#: dhcp-common.c:991
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
 msgstr ""
 
 # OK
-#: dhcp-common.c:927
+#: dhcp-common.c:993
 #, fuzzy, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
 msgstr "DHCP, lease static pada %.0s%s, waktu lease %s"
 
-#: dhcp-common.c:929
+#: dhcp-common.c:995
 #, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
 msgstr ""
 
 # OK
-#: dhcp-common.c:930
+#: dhcp-common.c:996
 #, fuzzy, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
 msgstr "DHCP, jangkaun IP %s -- %s, waktu lease %s"
 
-#: dhcp-common.c:943
+#: dhcp-common.c:1009
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
 msgstr ""
 
 # OK
-#: dhcp-common.c:946
+#: dhcp-common.c:1012
 #, fuzzy, c-format
 msgid "router advertisement on %s%s"
 msgstr "DHCP, lease static pada %.0s%s, waktu lease %s"
 
-#: dhcp-common.c:957
+#: dhcp-common.c:1043
+#, c-format
+msgid "DHCP relay from %s via %s"
+msgstr ""
+
+#: dhcp-common.c:1045
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
 msgstr ""
 
-#: dhcp-common.c:959
+#: dhcp-common.c:1048
 #, c-format
 msgid "DHCP relay from %s to %s"
 msgstr ""
@@ -2699,7 +2852,7 @@ msgstr ""
 msgid "cannot create ICMPv6 socket: %s"
 msgstr "tidak bisa membuat socket DHCP: %s"
 
-#: auth.c:464
+#: auth.c:462
 #, c-format
 msgid "ignoring zone transfer request from %s"
 msgstr ""
@@ -2813,14 +2966,14 @@ msgstr ""
 msgid "system time considered valid, now checking DNSSEC signature timestamps."
 msgstr ""
 
-#: dnssec.c:1014
+#: dnssec.c:1018
 #, c-format
 msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
 msgstr ""
 
 #: blockdata.c:55
 #, c-format
-msgid "pool memory in use %u, max %u, allocated %u"
+msgid "pool memory in use %zu, max %zu, allocated %zu"
 msgstr ""
 
 # OK
@@ -2890,43 +3043,64 @@ msgid "directory %s for resolv-file is missing, cannot poll"
 msgstr ""
 
 # OK
-#: inotify.c:131 inotify.c:168
+#: inotify.c:131 inotify.c:200
 #, fuzzy, c-format
 msgid "failed to create inotify for %s: %s"
 msgstr "gagal membuat socket: %s "
 
 # OK
-#: inotify.c:153
+#: inotify.c:178 inotify.c:185
 #, fuzzy, c-format
 msgid "bad dynamic directory %s: %s"
 msgstr "tidak bisa membaca %s: %s"
 
-#: inotify.c:257
+# OK
+#: inotify.c:186
+#, fuzzy
+msgid "not a directory"
+msgstr "tidak bisa membaca %s: %s"
+
+#: inotify.c:299
+#, c-format
+msgid "inotify: %s removed"
+msgstr ""
+
+#: inotify.c:301
+#, c-format
+msgid "inotify: %s new or modified"
+msgstr ""
+
+#: inotify.c:309
 #, c-format
-msgid "inotify, new or changed file %s"
+msgid "inotify: flushed %u names read from %s"
 msgstr ""
 
 # OK
-#: dump.c:64
+#: dump.c:68
 #, fuzzy, c-format
 msgid "cannot create %s: %s"
 msgstr "tidak bisa membaca %s: %s"
 
 # OK
-#: dump.c:70
+#: dump.c:74
 #, fuzzy, c-format
 msgid "bad header in %s"
 msgstr "alamat telah digunakan"
 
 # OK
-#: dump.c:205
+#: dump.c:287
 #, fuzzy
 msgid "failed to write packet dump"
 msgstr "gagal mendengarkan di socket: %s"
 
-#: dump.c:207
+#: dump.c:289
+#, c-format
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr ""
+
+#: dump.c:291
 #, c-format
-msgid "dumping UDP packet %u mask 0x%04x"
+msgid "dumping packet %u mask 0x%04x"
 msgstr ""
 
 #: ubus.c:79
@@ -2962,6 +3136,17 @@ msgid "Failed to create SHA-256 hash object"
 msgstr ""
 
 # OK
+#: nftset.c:35
+#, fuzzy
+msgid "failed to create nftset context"
+msgstr "gagal membuat socket: %s "
+
+# OK
+#, fuzzy
+#~ msgid "bad IPv4 prefix"
+#~ msgstr "port salah"
+
+# OK
 #, fuzzy
 #~ msgid "Cannot add object to UBus: %s"
 #~ msgstr "tidak bisa membuka %s:%s"
diff --git a/po/it.po b/po/it.po
index 6ed0010..ee2148b 100644
--- a/po/it.po
+++ b/po/it.po
@@ -16,72 +16,77 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: cache.c:572
+#: cache.c:652
 msgid "Internal error in cache."
 msgstr ""
 
-#: cache.c:1094
+#: cache.c:1179
 #, c-format
 msgid "failed to load names from %s: %s"
 msgstr ""
 
-#: cache.c:1116 dhcp.c:931
+#: cache.c:1201 dhcp.c:943
 #, c-format
 msgid "bad address at %s line %d"
 msgstr ""
 
-#: cache.c:1169 dhcp.c:947
+#: cache.c:1254 dhcp.c:959
 #, c-format
 msgid "bad name at %s line %d"
 msgstr ""
 
-#: cache.c:1180 dhcp.c:1022
+#: cache.c:1265
 #, c-format
-msgid "read %s - %d addresses"
+msgid "read %s - %d names"
 msgstr ""
 
-#: cache.c:1296
+#: cache.c:1381
 msgid "cleared cache"
 msgstr ""
 
-#: cache.c:1358
+#: cache.c:1445
 #, c-format
 msgid "No IPv4 address found for %s"
 msgstr ""
 
-#: cache.c:1404
+#: cache.c:1491
 #, c-format
 msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
 msgstr ""
 
-#: cache.c:1428
+#: cache.c:1515
 #, c-format
 msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
 msgstr ""
 
-#: cache.c:1674
+#: cache.c:1760
 #, c-format
 msgid "time %lu"
 msgstr ""
 
-#: cache.c:1675
+#: cache.c:1761
 #, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
 msgstr ""
 
-#: cache.c:1677
+#: cache.c:1763
 #, c-format
 msgid "queries forwarded %u, queries answered locally %u"
 msgstr ""
 
-#: cache.c:1680
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
 #, c-format
 msgid "queries for authoritative zones %u"
 msgstr ""
 
-#: cache.c:1702
+#: cache.c:1796
 #, c-format
-msgid "server %s#%d: queries sent %u, retried or failed %u"
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
 msgstr ""
 
 #: util.c:51
@@ -89,1747 +94,1880 @@ msgstr ""
 msgid "failed to seed the random number generator: %s"
 msgstr ""
 
-#: util.c:228
+#: util.c:246
 msgid "failed to allocate memory"
 msgstr ""
 
-#: util.c:285 option.c:665
+#: util.c:305 option.c:696
 msgid "could not get memory"
 msgstr ""
 
-#: util.c:306
+#: util.c:326
 #, c-format
 msgid "cannot create pipe: %s"
 msgstr ""
 
-#: util.c:314
+#: util.c:334
 #, c-format
 msgid "failed to allocate %d bytes"
 msgstr ""
 
-#: util.c:520
+#: util.c:344
+#, c-format
+msgid "failed to reallocate %d bytes"
+msgstr ""
+
+#: util.c:465
+#, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr ""
+
+#: util.c:579
 #, c-format
 msgid "infinite"
 msgstr ""
 
-#: util.c:808
+#: util.c:867
 #, c-format
 msgid "failed to find kernel version: %s"
 msgstr ""
 
-#: option.c:372
+#: option.c:393
 msgid "Specify local address(es) to listen on."
 msgstr ""
 
-#: option.c:373
+#: option.c:394
 msgid "Return ipaddr for all hosts in specified domains."
 msgstr ""
 
-#: option.c:374
+#: option.c:395
 msgid "Fake reverse lookups for RFC1918 private address ranges."
 msgstr ""
 
-#: option.c:375
+#: option.c:396
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
 msgstr ""
 
-#: option.c:376
+#: option.c:397
 #, c-format
 msgid "Specify the size of the cache in entries (defaults to %s)."
 msgstr ""
 
-#: option.c:377
+#: option.c:398
 #, c-format
 msgid "Specify configuration file (defaults to %s)."
 msgstr ""
 
-#: option.c:378
+#: option.c:399
 msgid "Do NOT fork into the background: run in debug mode."
 msgstr ""
 
-#: option.c:379
+#: option.c:400
 msgid "Do NOT forward queries with no domain part."
 msgstr ""
 
-#: option.c:380
+#: option.c:401
 msgid "Return self-pointing MX records for local hosts."
 msgstr ""
 
-#: option.c:381
+#: option.c:402
 msgid "Expand simple names in /etc/hosts with domain-suffix."
 msgstr ""
 
-#: option.c:382
+#: option.c:403
 msgid "Don't forward spurious DNS requests from Windows hosts."
 msgstr ""
 
-#: option.c:383
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr ""
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr ""
+
+#: option.c:406
 msgid "Enable DHCP in the range given with lease duration."
 msgstr ""
 
-#: option.c:384
+#: option.c:407
 #, c-format
 msgid "Change to this group after startup (defaults to %s)."
 msgstr ""
 
-#: option.c:385
+#: option.c:408
 msgid "Set address or hostname for a specified machine."
 msgstr ""
 
-#: option.c:386
+#: option.c:409
 msgid "Read DHCP host specs from file."
 msgstr ""
 
-#: option.c:387
+#: option.c:410
 msgid "Read DHCP option specs from file."
 msgstr ""
 
-#: option.c:388
+#: option.c:411
 msgid "Read DHCP host specs from a directory."
 msgstr ""
 
-#: option.c:389
+#: option.c:412
 msgid "Read DHCP options from a directory."
 msgstr ""
 
-#: option.c:390
+#: option.c:413
 msgid "Evaluate conditional tag expression."
 msgstr ""
 
-#: option.c:391
+#: option.c:414
 #, c-format
 msgid "Do NOT load %s file."
 msgstr ""
 
-#: option.c:392
+#: option.c:415
 #, c-format
 msgid "Specify a hosts file to be read in addition to %s."
 msgstr ""
 
-#: option.c:393
+#: option.c:416
 msgid "Read hosts files from a directory."
 msgstr ""
 
-#: option.c:394
+#: option.c:417
 msgid "Specify interface(s) to listen on."
 msgstr ""
 
-#: option.c:395
+#: option.c:418
 msgid "Specify interface(s) NOT to listen on."
 msgstr ""
 
-#: option.c:396
+#: option.c:419
 msgid "Map DHCP user class to tag."
 msgstr ""
 
-#: option.c:397
+#: option.c:420
 msgid "Map RFC3046 circuit-id to tag."
 msgstr ""
 
-#: option.c:398
+#: option.c:421
 msgid "Map RFC3046 remote-id to tag."
 msgstr ""
 
-#: option.c:399
+#: option.c:422
 msgid "Map RFC3993 subscriber-id to tag."
 msgstr ""
 
-#: option.c:400
+#: option.c:423
 msgid "Specify vendor class to match for PXE requests."
 msgstr ""
 
-#: option.c:401
+#: option.c:424
 msgid "Don't do DHCP for hosts with tag set."
 msgstr ""
 
-#: option.c:402
+#: option.c:425
 msgid "Force broadcast replies for hosts with tag set."
 msgstr ""
 
-#: option.c:403
+#: option.c:426
 msgid "Do NOT fork into the background, do NOT run in debug mode."
 msgstr ""
 
-#: option.c:404
+#: option.c:427
 msgid "Assume we are the only DHCP server on the local network."
 msgstr ""
 
-#: option.c:405
+#: option.c:428
 #, c-format
 msgid "Specify where to store DHCP leases (defaults to %s)."
 msgstr ""
 
-#: option.c:406
+#: option.c:429
 msgid "Return MX records for local hosts."
 msgstr ""
 
-#: option.c:407
+#: option.c:430
 msgid "Specify an MX record."
 msgstr ""
 
-#: option.c:408
+#: option.c:431
 msgid "Specify BOOTP options to DHCP server."
 msgstr ""
 
-#: option.c:409
+#: option.c:432
 #, c-format
 msgid "Do NOT poll %s file, reload only on SIGHUP."
 msgstr ""
 
-#: option.c:410
+#: option.c:433
 msgid "Do NOT cache failed search results."
 msgstr ""
 
-#: option.c:411
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
+#: option.c:435
 #, c-format
 msgid "Use nameservers strictly in the order given in %s."
 msgstr ""
 
-#: option.c:412
+#: option.c:436
 msgid "Specify options to be sent to DHCP clients."
 msgstr ""
 
-#: option.c:413
+#: option.c:437
 msgid "DHCP option sent even if the client does not request it."
 msgstr ""
 
-#: option.c:414
+#: option.c:438
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
 msgstr ""
 
-#: option.c:415
+#: option.c:439
 #, c-format
 msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
 msgstr ""
 
-#: option.c:416
+#: option.c:440
 msgid "Log DNS queries."
 msgstr ""
 
-#: option.c:417
+#: option.c:441
 msgid "Force the originating port for upstream DNS queries."
 msgstr ""
 
-#: option.c:418
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
+#: option.c:443
 msgid "Do NOT read resolv.conf."
 msgstr ""
 
-#: option.c:419
+#: option.c:444
 #, c-format
 msgid "Specify path to resolv.conf (defaults to %s)."
 msgstr ""
 
-#: option.c:420
+#: option.c:445
 msgid "Specify path to file with server= options"
 msgstr ""
 
-#: option.c:421
+#: option.c:446
 msgid "Specify address(es) of upstream servers with optional domains."
 msgstr ""
 
-#: option.c:422
+#: option.c:447
 msgid "Specify address of upstream servers for reverse address queries"
 msgstr ""
 
-#: option.c:423
+#: option.c:448
 msgid "Never forward queries to specified domains."
 msgstr ""
 
-#: option.c:424
+#: option.c:449
 msgid "Specify the domain to be assigned in DHCP leases."
 msgstr ""
 
-#: option.c:425
+#: option.c:450
 msgid "Specify default target in an MX record."
 msgstr ""
 
-#: option.c:426
+#: option.c:451
 msgid "Specify time-to-live in seconds for replies from /etc/hosts."
 msgstr ""
 
-#: option.c:427
+#: option.c:452
 msgid "Specify time-to-live in seconds for negative caching."
 msgstr ""
 
-#: option.c:428
+#: option.c:453
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
 msgstr ""
 
-#: option.c:429
+#: option.c:454
 msgid "Specify time-to-live ceiling for cache."
 msgstr ""
 
-#: option.c:430
+#: option.c:455
 msgid "Specify time-to-live floor for cache."
 msgstr ""
 
-#: option.c:431
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
+#: option.c:457
 #, c-format
 msgid "Change to this user after startup. (defaults to %s)."
 msgstr ""
 
-#: option.c:432
+#: option.c:458
 msgid "Map DHCP vendor class to tag."
 msgstr ""
 
-#: option.c:433
+#: option.c:459
 msgid "Display dnsmasq version and copyright information."
 msgstr ""
 
-#: option.c:434
+#: option.c:460
 msgid "Translate IPv4 addresses from upstream servers."
 msgstr ""
 
-#: option.c:435
+#: option.c:461
 msgid "Specify a SRV record."
 msgstr ""
 
-#: option.c:436
+#: option.c:462
 msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
 msgstr ""
 
-#: option.c:437
+#: option.c:463
 #, c-format
 msgid "Specify path of PID file (defaults to %s)."
 msgstr ""
 
-#: option.c:438
+#: option.c:464
 #, c-format
 msgid "Specify maximum number of DHCP leases (defaults to %s)."
 msgstr ""
 
-#: option.c:439
+#: option.c:465
 msgid "Answer DNS queries based on the interface a query was sent to."
 msgstr ""
 
-#: option.c:440
+#: option.c:466
 msgid "Specify TXT DNS record."
 msgstr ""
 
-#: option.c:441
+#: option.c:467
 msgid "Specify PTR DNS record."
 msgstr ""
 
-#: option.c:442
+#: option.c:468
 msgid "Give DNS name to IPv4 address of interface."
 msgstr ""
 
-#: option.c:443
+#: option.c:469
 msgid "Bind only to interfaces in use."
 msgstr ""
 
-#: option.c:444
+#: option.c:470
 #, c-format
 msgid "Read DHCP static host information from %s."
 msgstr ""
 
-#: option.c:445
+#: option.c:471
 msgid "Enable the DBus interface for setting upstream servers, etc."
 msgstr ""
 
-#: option.c:446
+#: option.c:472
 msgid "Enable the UBus interface."
 msgstr ""
 
-#: option.c:447
+#: option.c:473
 msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr ""
 
-#: option.c:448
+#: option.c:474
 msgid "Enable dynamic address allocation for bootp."
 msgstr ""
 
-#: option.c:449
+#: option.c:475
 msgid "Map MAC address (with wildcards) to option set."
 msgstr ""
 
-#: option.c:450
+#: option.c:476
 msgid "Treat DHCP requests on aliases as arriving from interface."
 msgstr ""
 
-#: option.c:451
+#: option.c:477
 msgid "Specify extra networks sharing a broadcast domain for DHCP"
 msgstr ""
 
-#: option.c:452
+#: option.c:478
 msgid "Disable ICMP echo address checking in the DHCP server."
 msgstr ""
 
-#: option.c:453
+#: option.c:479
 msgid "Shell script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:454
+#: option.c:480
 msgid "Lua script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:455
+#: option.c:481
 msgid "Run lease-change scripts as this user."
 msgstr ""
 
-#: option.c:456
+#: option.c:482
 msgid "Call dhcp-script with changes to local ARP table."
 msgstr ""
 
-#: option.c:457
+#: option.c:483
 msgid "Read configuration from all the files in this directory."
 msgstr ""
 
-#: option.c:458
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr ""
+
+#: option.c:485
 msgid "Log to this syslog facility or file. (defaults to DAEMON)"
 msgstr ""
 
-#: option.c:459
+#: option.c:486
 msgid "Do not use leasefile."
 msgstr ""
 
-#: option.c:460
+#: option.c:487
 #, c-format
 msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
 msgstr ""
 
-#: option.c:461
+#: option.c:488
 #, c-format
 msgid "Clear DNS cache when reloading %s."
 msgstr ""
 
-#: option.c:462
+#: option.c:489
 msgid "Ignore hostnames provided by DHCP clients."
 msgstr ""
 
-#: option.c:463
+#: option.c:490
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
 msgstr ""
 
-#: option.c:464
+#: option.c:491
 msgid "Enable integrated read-only TFTP server."
 msgstr ""
 
-#: option.c:465
+#: option.c:492
 msgid "Export files by TFTP only from the specified subtree."
 msgstr ""
 
-#: option.c:466
+#: option.c:493
 msgid "Add client IP or hardware address to tftp-root."
 msgstr ""
 
-#: option.c:467
+#: option.c:494
 msgid "Allow access only to files owned by the user running dnsmasq."
 msgstr ""
 
-#: option.c:468
+#: option.c:495
 msgid "Do not terminate the service if TFTP directories are inaccessible."
 msgstr ""
 
-#: option.c:469
+#: option.c:496
 #, c-format
 msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
 msgstr ""
 
-#: option.c:470
+#: option.c:497
 msgid "Maximum MTU to use for TFTP transfers."
 msgstr ""
 
-#: option.c:471
+#: option.c:498
 msgid "Disable the TFTP blocksize extension."
 msgstr ""
 
-#: option.c:472
+#: option.c:499
 msgid "Convert TFTP filenames to lowercase"
 msgstr ""
 
-#: option.c:473
+#: option.c:500
 msgid "Ephemeral port range for use by TFTP transfers."
 msgstr ""
 
-#: option.c:474
+#: option.c:501
 msgid "Use only one port for TFTP server."
 msgstr ""
 
-#: option.c:475
+#: option.c:502
 msgid "Extra logging for DHCP."
 msgstr ""
 
-#: option.c:476
+#: option.c:503
 msgid "Enable async. logging; optionally set queue length."
 msgstr ""
 
-#: option.c:477
+#: option.c:504
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
 msgstr ""
 
-#: option.c:478
+#: option.c:505
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
 msgstr ""
 
-#: option.c:479
+#: option.c:506
 msgid "Inhibit DNS-rebind protection on this domain."
 msgstr ""
 
-#: option.c:480
+#: option.c:507
 msgid "Always perform DNS queries to all servers."
 msgstr ""
 
-#: option.c:481
+#: option.c:508
 msgid "Set tag if client includes matching option in request."
 msgstr ""
 
-#: option.c:482
+#: option.c:509
 msgid "Set tag if client provides given name."
 msgstr ""
 
-#: option.c:483
+#: option.c:510
 msgid "Use alternative ports for DHCP."
 msgstr ""
 
-#: option.c:484
+#: option.c:511
 msgid "Specify NAPTR DNS record."
 msgstr ""
 
-#: option.c:485
+#: option.c:512
 msgid "Specify lowest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:486
+#: option.c:513
 msgid "Specify highest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:487
+#: option.c:514
 msgid "Use only fully qualified domain names for DHCP clients."
 msgstr ""
 
-#: option.c:488
+#: option.c:515
 msgid "Generate hostnames based on MAC address for nameless clients."
 msgstr ""
 
-#: option.c:489
+#: option.c:516
 msgid "Use these DHCP relays as full proxies."
 msgstr ""
 
-#: option.c:490
+#: option.c:517
 msgid "Relay DHCP requests to a remote server"
 msgstr ""
 
-#: option.c:491
+#: option.c:518
 msgid "Specify alias name for LOCAL DNS name."
 msgstr ""
 
-#: option.c:492
+#: option.c:519
 msgid "Prompt to send to PXE clients."
 msgstr ""
 
-#: option.c:493
+#: option.c:520
 msgid "Boot service for PXE menu."
 msgstr ""
 
-#: option.c:494
+#: option.c:521
 msgid "Check configuration syntax."
 msgstr ""
 
-#: option.c:495
+#: option.c:522
 msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr ""
 
-#: option.c:496
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr ""
+
+#: option.c:524
 msgid "Add specified IP subnet to forwarded DNS queries."
 msgstr ""
 
-#: option.c:497
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr ""
+
+#: option.c:526
 msgid "Add client identification to forwarded DNS queries."
 msgstr ""
 
-#: option.c:498
+#: option.c:527
 msgid "Proxy DNSSEC validation results from upstream nameservers."
 msgstr ""
 
-#: option.c:499
+#: option.c:528
 msgid "Attempt to allocate sequential IP addresses to DHCP clients."
 msgstr ""
 
-#: option.c:500
+#: option.c:529
 msgid "Ignore client identifier option sent by DHCP clients."
 msgstr ""
 
-#: option.c:501
+#: option.c:530
 msgid "Copy connection-track mark from queries to upstream connections."
 msgstr ""
 
-#: option.c:502
+#: option.c:531
 msgid "Allow DHCP clients to do their own DDNS updates."
 msgstr ""
 
-#: option.c:503
+#: option.c:532
 msgid "Send router-advertisements for interfaces doing DHCPv6"
 msgstr ""
 
-#: option.c:504
+#: option.c:533
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
 msgstr ""
 
-#: option.c:505
+#: option.c:534
 msgid "Specify host (A/AAAA and PTR) records"
 msgstr ""
 
-#: option.c:506
+#: option.c:535
 msgid "Specify host record in interface subnet"
 msgstr ""
 
-#: option.c:507
+#: option.c:536
 msgid "Specify certification authority authorization record"
 msgstr ""
 
-#: option.c:508
+#: option.c:537
 msgid "Specify arbitrary DNS resource record"
 msgstr ""
 
-#: option.c:509
+#: option.c:538
 msgid "Bind to interfaces in use - check for new interfaces"
 msgstr ""
 
-#: option.c:510
+#: option.c:539
 msgid "Export local names to global DNS"
 msgstr ""
 
-#: option.c:511
+#: option.c:540
 msgid "Domain to export to global DNS"
 msgstr ""
 
-#: option.c:512
+#: option.c:541
 msgid "Set TTL for authoritative replies"
 msgstr ""
 
-#: option.c:513
+#: option.c:542
 msgid "Set authoritative zone information"
 msgstr ""
 
-#: option.c:514
+#: option.c:543
 msgid "Secondary authoritative nameservers for forward domains"
 msgstr ""
 
-#: option.c:515
+#: option.c:544
 msgid "Peers which are allowed to do zone transfer"
 msgstr ""
 
-#: option.c:516
+#: option.c:545
 msgid "Specify ipsets to which matching domains should be added"
 msgstr ""
 
-#: option.c:517
+#: option.c:546
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr ""
+
+#: option.c:547
 msgid "Enable filtering of DNS queries with connection-track marks."
 msgstr ""
 
-#: option.c:518
+#: option.c:548
 msgid "Set allowed DNS patterns for a connection-track mark."
 msgstr ""
 
-#: option.c:519
+#: option.c:549
 msgid "Specify a domain and address range for synthesised names"
 msgstr ""
 
-#: option.c:520
+#: option.c:550
 msgid "Activate DNSSEC validation"
 msgstr ""
 
-#: option.c:521
+#: option.c:551
 msgid "Specify trust anchor key digest."
 msgstr ""
 
-#: option.c:522
+#: option.c:552
 msgid "Disable upstream checking for DNSSEC debugging."
 msgstr ""
 
-#: option.c:523
+#: option.c:553
 msgid "Ensure answers without DNSSEC are in unsigned zones."
 msgstr ""
 
-#: option.c:524
+#: option.c:554
 msgid "Don't check DNSSEC signature timestamps until first cache-reload"
 msgstr ""
 
-#: option.c:525
+#: option.c:555
 msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr ""
 
-#: option.c:526
+#: option.c:556
 msgid "Set MTU, priority, resend-interval and router-lifetime"
 msgstr ""
 
-#: option.c:527
+#: option.c:557
 msgid "Do not log routine DHCP."
 msgstr ""
 
-#: option.c:528
+#: option.c:558
 msgid "Do not log routine DHCPv6."
 msgstr ""
 
-#: option.c:529
+#: option.c:559
 msgid "Do not log RA."
 msgstr ""
 
-#: option.c:530
+#: option.c:560
 msgid "Log debugging information."
 msgstr ""
 
-#: option.c:531
+#: option.c:561
 msgid "Accept queries only from directly-connected networks."
 msgstr ""
 
-#: option.c:532
+#: option.c:562
 msgid "Detect and remove DNS forwarding loops."
 msgstr ""
 
-#: option.c:533
+#: option.c:563
 msgid "Ignore DNS responses containing ipaddr."
 msgstr ""
 
-#: option.c:534
+#: option.c:564
 msgid "Set TTL in DNS responses with DHCP-derived addresses."
 msgstr ""
 
-#: option.c:535
+#: option.c:565
 msgid "Delay DHCP replies for at least number of seconds."
 msgstr ""
 
-#: option.c:536
+#: option.c:566
 msgid "Enables DHCPv4 Rapid Commit option."
 msgstr ""
 
-#: option.c:537
+#: option.c:567
 msgid "Path to debug packet dump file"
 msgstr ""
 
-#: option.c:538
+#: option.c:568
 msgid "Mask which packets to dump"
 msgstr ""
 
-#: option.c:539
+#: option.c:569
 msgid "Call dhcp-script when lease expiry changes."
 msgstr ""
 
-#: option.c:540
+#: option.c:570
 msgid "Send Cisco Umbrella identifiers including remote IP."
 msgstr ""
 
-#: option.c:541
+#: option.c:571
 msgid "Do not log routine TFTP."
 msgstr ""
 
-#: option.c:771
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
+#: option.c:802
 #, c-format
 msgid ""
 "Usage: dnsmasq [options]\n"
 "\n"
 msgstr ""
 
-#: option.c:773
+#: option.c:804
 #, c-format
 msgid "Use short options only on the command line.\n"
 msgstr ""
 
-#: option.c:775
+#: option.c:806
 #, c-format
 msgid "Valid options are:\n"
 msgstr ""
 
-#: option.c:822 option.c:933
+#: option.c:853 option.c:1055
 msgid "bad address"
 msgstr ""
 
-#: option.c:847 option.c:851
+#: option.c:882 option.c:886
 msgid "bad port"
 msgstr ""
 
-#: option.c:864 option.c:893 option.c:927
+#: option.c:899 option.c:1002 option.c:1048
 msgid "interface binding not supported"
 msgstr ""
 
-#: option.c:888 option.c:922
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
 msgid "interface can only be specified once"
 msgstr ""
 
-#: option.c:901 option.c:4362
+#: option.c:1011 option.c:4785
 msgid "bad interface name"
 msgstr ""
 
-#: option.c:1192
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
+msgstr ""
+
+#: option.c:1124
+msgid "bad IPv4 prefix length"
+msgstr ""
+
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr ""
+
+#: option.c:1207
+msgid "bad IPv6 prefix length"
+msgstr ""
+
+#: option.c:1467
 msgid "inappropriate vendor:"
 msgstr ""
 
-#: option.c:1199
+#: option.c:1474
 msgid "inappropriate encap:"
 msgstr ""
 
-#: option.c:1225
+#: option.c:1500
 msgid "unsupported encapsulation for IPv6 option"
 msgstr ""
 
-#: option.c:1239
+#: option.c:1514
 msgid "bad dhcp-option"
 msgstr ""
 
-#: option.c:1317
+#: option.c:1592
 msgid "bad IP address"
 msgstr ""
 
-#: option.c:1320 option.c:1459 option.c:3551
+#: option.c:1595 option.c:1734 option.c:3928
 msgid "bad IPv6 address"
 msgstr ""
 
-#: option.c:1413
+#: option.c:1688
 msgid "bad IPv4 address"
 msgstr ""
 
-#: option.c:1486 option.c:1581
+#: option.c:1761 option.c:1856
 msgid "bad domain in dhcp-option"
 msgstr ""
 
-#: option.c:1625
+#: option.c:1900
 msgid "dhcp-option too long"
 msgstr ""
 
-#: option.c:1632
+#: option.c:1907
 msgid "illegal dhcp-match"
 msgstr ""
 
-#: option.c:1691
+#: option.c:1966
 msgid "illegal repeated flag"
 msgstr ""
 
-#: option.c:1699
+#: option.c:1974
 msgid "illegal repeated keyword"
 msgstr ""
 
-#: option.c:1770 option.c:5080
+#: option.c:2056 option.c:5533
 #, c-format
 msgid "cannot access directory %s: %s"
 msgstr ""
 
-#: option.c:1816 tftp.c:566 dump.c:68
+#: option.c:2102 tftp.c:573 dump.c:72
 #, c-format
 msgid "cannot access %s: %s"
 msgstr ""
 
-#: option.c:1931
+#: option.c:2219
 msgid "setting log facility is not possible under Android"
 msgstr ""
 
-#: option.c:1940
+#: option.c:2228
 msgid "bad log facility"
 msgstr ""
 
-#: option.c:1993
+#: option.c:2281
 msgid "bad MX preference"
 msgstr ""
 
-#: option.c:1998
+#: option.c:2289
 msgid "bad MX name"
 msgstr ""
 
-#: option.c:2012
+#: option.c:2304
 msgid "bad MX target"
 msgstr ""
 
-#: option.c:2032
+#: option.c:2324
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
 msgstr ""
 
-#: option.c:2036
+#: option.c:2328
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
 msgstr ""
 
-#: option.c:2291 option.c:2327
+#: option.c:2447
+msgid "invalid auth-zone"
+msgstr ""
+
+#: option.c:2589 option.c:2621
 msgid "bad prefix length"
 msgstr ""
 
-#: option.c:2303 option.c:2348 option.c:2398
+#: option.c:2601 option.c:2642 option.c:2696
 msgid "bad prefix"
 msgstr ""
 
-#: option.c:2418
+#: option.c:2716
 msgid "prefix length too small"
 msgstr ""
 
-#: option.c:2697
+#: option.c:3010
 msgid "Bad address in --address"
 msgstr ""
 
-#: option.c:2751
-msgid "bad IPv4 prefix"
-msgstr ""
-
-#: option.c:2756 option.c:3569
-msgid "bad IPv6 prefix"
+#: option.c:3110
+msgid "recompile with HAVE_IPSET defined to enable ipset directives"
 msgstr ""
 
-#: option.c:2777
-msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+#: option.c:3117
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
 msgstr ""
 
-#: option.c:2843 option.c:2861
+#: option.c:3192 option.c:3210
 msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
 msgstr ""
 
-#: option.c:3119
+#: option.c:3496
 msgid "bad port range"
 msgstr ""
 
-#: option.c:3145
+#: option.c:3522
 msgid "bad bridge-interface"
 msgstr ""
 
-#: option.c:3189
+#: option.c:3566
 msgid "bad shared-network"
 msgstr ""
 
-#: option.c:3243
+#: option.c:3620
 msgid "only one tag allowed"
 msgstr ""
 
-#: option.c:3264 option.c:3280 option.c:3406 option.c:3414 option.c:3457
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
 msgid "bad dhcp-range"
 msgstr ""
 
-#: option.c:3298
+#: option.c:3675
 msgid "inconsistent DHCP range"
 msgstr ""
 
-#: option.c:3364
+#: option.c:3741
 msgid "prefix length must be exactly 64 for RA subnets"
 msgstr ""
 
-#: option.c:3366
+#: option.c:3743
 msgid "prefix length must be exactly 64 for subnet constructors"
 msgstr ""
 
-#: option.c:3369
+#: option.c:3746
 msgid "prefix length must be at least 64"
 msgstr ""
 
-#: option.c:3372
+#: option.c:3749
 msgid "inconsistent DHCPv6 range"
 msgstr ""
 
-#: option.c:3391
+#: option.c:3768
 msgid "prefix must be zero with \"constructor:\" argument"
 msgstr ""
 
-#: option.c:3516 option.c:3594
+#: option.c:3893 option.c:3971
 msgid "bad hex constant"
 msgstr ""
 
-#: option.c:3617
+#: option.c:3946
+msgid "bad IPv6 prefix"
+msgstr ""
+
+#: option.c:3994
 #, c-format
 msgid "duplicate dhcp-host IP address %s"
 msgstr ""
 
-#: option.c:3678
+#: option.c:4056
 msgid "bad DHCP host name"
 msgstr ""
 
-#: option.c:3764
+#: option.c:4142
 msgid "bad tag-if"
 msgstr ""
 
-#: option.c:4107 option.c:4623
+#: option.c:4490 option.c:5046
 msgid "invalid port number"
 msgstr ""
 
-#: option.c:4163
+#: option.c:4546
 msgid "bad dhcp-proxy address"
 msgstr ""
 
-#: option.c:4204
+#: option.c:4627
 msgid "Bad dhcp-relay"
 msgstr ""
 
-#: option.c:4248
+#: option.c:4671
 msgid "bad RA-params"
 msgstr ""
 
-#: option.c:4258
+#: option.c:4681
 msgid "bad DUID"
 msgstr ""
 
-#: option.c:4292
+#: option.c:4715
 msgid "missing address in alias"
 msgstr ""
 
-#: option.c:4298
+#: option.c:4721
 msgid "invalid alias range"
 msgstr ""
 
-#: option.c:4347
+#: option.c:4770
 msgid "missing address in dynamic host"
 msgstr ""
 
-#: option.c:4362
+#: option.c:4785
 msgid "bad dynamic host"
 msgstr ""
 
-#: option.c:4380 option.c:4396
+#: option.c:4803 option.c:4819
 msgid "bad CNAME"
 msgstr ""
 
-#: option.c:4404
+#: option.c:4827
 msgid "duplicate CNAME"
 msgstr ""
 
-#: option.c:4431
+#: option.c:4854
 msgid "bad PTR record"
 msgstr ""
 
-#: option.c:4466
+#: option.c:4889
 msgid "bad NAPTR record"
 msgstr ""
 
-#: option.c:4502
+#: option.c:4925
 msgid "bad RR record"
 msgstr ""
 
-#: option.c:4535
+#: option.c:4958
 msgid "bad CAA record"
 msgstr ""
 
-#: option.c:4564
+#: option.c:4987
 msgid "bad TXT record"
 msgstr ""
 
-#: option.c:4607
+#: option.c:5030
 msgid "bad SRV record"
 msgstr ""
 
-#: option.c:4614
+#: option.c:5037
 msgid "bad SRV target"
 msgstr ""
 
-#: option.c:4633
+#: option.c:5056
 msgid "invalid priority"
 msgstr ""
 
-#: option.c:4638
+#: option.c:5061
 msgid "invalid weight"
 msgstr ""
 
-#: option.c:4661
+#: option.c:5084
 msgid "Bad host-record"
 msgstr ""
 
-#: option.c:4700
+#: option.c:5123
 msgid "Bad name in host-record"
 msgstr ""
 
-#: option.c:4742
+#: option.c:5165
 msgid "bad value for dnssec-check-unsigned"
 msgstr ""
 
-#: option.c:4778
+#: option.c:5201
 msgid "bad trust anchor"
 msgstr ""
 
-#: option.c:4794
+#: option.c:5217
 msgid "bad HEX in trust anchor"
 msgstr ""
 
-#: option.c:4805
+#: option.c:5228
 msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
 msgstr ""
 
-#: option.c:4865
+#: option.c:5290
 msgid "missing \""
 msgstr ""
 
-#: option.c:4922
+#: option.c:5347
 msgid "bad option"
 msgstr ""
 
-#: option.c:4924
+#: option.c:5349
 msgid "extraneous parameter"
 msgstr ""
 
-#: option.c:4926
+#: option.c:5351
 msgid "missing parameter"
 msgstr ""
 
-#: option.c:4928
+#: option.c:5353
 msgid "illegal option"
 msgstr ""
 
-#: option.c:4935
-msgid "error"
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
 msgstr ""
 
-#: option.c:4937
+#: option.c:5365
 #, c-format
 msgid " at line %d of %s"
 msgstr ""
 
-#: option.c:4952 option.c:5229 option.c:5240
+#: option.c:5380 option.c:5683 option.c:5694
 #, c-format
 msgid "read %s"
 msgstr ""
 
-#: option.c:5015 option.c:5162 tftp.c:775
+#: option.c:5446
+#, c-format
+msgid "cannot execute %s: %s"
+msgstr ""
+
+#: option.c:5454 option.c:5615 tftp.c:790
 #, c-format
 msgid "cannot read %s: %s"
 msgstr ""
 
-#: option.c:5316
+#: option.c:5473
+#, c-format
+msgid "error executing %s: %s"
+msgstr ""
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr ""
+
+#: option.c:5775
 msgid "junk found in command line"
 msgstr ""
 
-#: option.c:5356
+#: option.c:5815
 #, c-format
 msgid "Dnsmasq version %s  %s\n"
 msgstr ""
 
-#: option.c:5357
+#: option.c:5816
 #, c-format
 msgid ""
 "Compile time options: %s\n"
 "\n"
 msgstr ""
 
-#: option.c:5358
+#: option.c:5817
 #, c-format
 msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
 msgstr ""
 
-#: option.c:5359
+#: option.c:5818
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
 msgstr ""
 
-#: option.c:5360
+#: option.c:5819
 #, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
 msgstr ""
 
-#: option.c:5377
+#: option.c:5836
 msgid "try --help"
 msgstr ""
 
-#: option.c:5379
+#: option.c:5838
 msgid "try -w"
 msgstr ""
 
-#: option.c:5381
+#: option.c:5840
 #, c-format
 msgid "bad command line options: %s"
 msgstr ""
 
-#: option.c:5450
+#: option.c:5909
 #, c-format
 msgid "CNAME loop involving %s"
 msgstr ""
 
-#: option.c:5491
+#: option.c:5950
 #, c-format
 msgid "cannot get host-name: %s"
 msgstr ""
 
-#: option.c:5519
+#: option.c:5978
 msgid "only one resolv.conf file allowed in no-poll mode."
 msgstr ""
 
-#: option.c:5529
+#: option.c:5988
 msgid "must have exactly one resolv.conf to read domain from."
 msgstr ""
 
-#: option.c:5532 network.c:1670 dhcp.c:880
+#: option.c:5991 network.c:1727 dhcp.c:892
 #, c-format
 msgid "failed to read %s: %s"
 msgstr ""
 
-#: option.c:5549
+#: option.c:6008
 #, c-format
 msgid "no search directive found in %s"
 msgstr ""
 
-#: option.c:5570
+#: option.c:6029
 msgid "there must be a default domain when --dhcp-fqdn is set"
 msgstr ""
 
-#: option.c:5579
+#: option.c:6038
 msgid "syntax check OK"
 msgstr ""
 
-#: forward.c:104
+#: forward.c:107
 #, c-format
 msgid "failed to send packet: %s"
 msgstr ""
 
-#: forward.c:601
+#: forward.c:715
 msgid "discarding DNS reply: subnet option mismatch"
 msgstr ""
 
-#: forward.c:666
+#: forward.c:780
 #, c-format
 msgid "nameserver %s refused to do a recursive query"
 msgstr ""
 
-#: forward.c:702
+#: forward.c:826
 #, c-format
 msgid "possible DNS-rebind attack detected: %s"
 msgstr ""
 
-#: forward.c:1074
+#: forward.c:1239
 #, c-format
 msgid "reducing DNS packet size for nameserver %s to %d"
 msgstr ""
 
-#: forward.c:1381 forward.c:1910
-msgid "Ignoring query from non-local network"
+#: forward.c:1565
+#, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
+msgstr ""
+
+#: forward.c:2139
+#, c-format
+msgid "ignoring query from non-local network %s"
 msgstr ""
 
-#: forward.c:2198
+#: forward.c:2501
 #, c-format
 msgid "failed to bind server socket to %s: %s"
 msgstr ""
 
-#: forward.c:2494
+#: forward.c:2867
 #, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
 msgstr ""
 
-#: forward.c:2496
+#: forward.c:2869
 #, c-format
 msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
 msgstr ""
 
-#: network.c:670
+#: network.c:700
 #, c-format
 msgid "stopped listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:867
+#: network.c:911
 #, c-format
 msgid "failed to create listening socket for %s: %s"
 msgstr ""
 
-#: network.c:1148
+#: network.c:1192
 #, c-format
 msgid "listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:1175
+#: network.c:1219
 #, c-format
 msgid "listening on %s port %d"
 msgstr ""
 
-#: network.c:1208
+#: network.c:1252
 #, c-format
 msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
 msgstr ""
 
-#: network.c:1215
+#: network.c:1259
 msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
 msgstr ""
 
-#: network.c:1224
+#: network.c:1268
 #, c-format
 msgid "warning: using interface %s instead"
 msgstr ""
 
-#: network.c:1233
+#: network.c:1277
 #, c-format
 msgid "warning: no addresses found for interface %s"
 msgstr ""
 
-#: network.c:1291
+#: network.c:1335
 #, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
 msgstr ""
 
-#: network.c:1296
+#: network.c:1340
 msgid "try increasing /proc/sys/net/core/optmem_max"
 msgstr ""
 
-#: network.c:1492
+#: network.c:1545
 #, c-format
 msgid "failed to bind server socket for %s: %s"
 msgstr ""
 
-#: network.c:1569
+#: network.c:1622
 #, c-format
 msgid "ignoring nameserver %s - local interface"
 msgstr ""
 
-#: network.c:1580
+#: network.c:1633
 #, c-format
 msgid "ignoring nameserver %s - cannot make/bind socket: %s"
 msgstr ""
 
-#: network.c:1598
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr ""
+
+#: network.c:1654
 msgid "(no DNSSEC)"
 msgstr ""
 
-#: network.c:1601
+#: network.c:1657
 msgid "unqualified"
 msgstr ""
 
-#: network.c:1601
+#: network.c:1657
 msgid "names"
 msgstr ""
 
-#: network.c:1603
+#: network.c:1659
 msgid "default"
 msgstr ""
 
-#: network.c:1605
+#: network.c:1661
 msgid "domain"
 msgstr ""
 
-#: network.c:1607
+#: network.c:1663
 #, c-format
 msgid "using nameserver %s#%d for %s %s%s %s"
 msgstr ""
 
-#: network.c:1611
+#: network.c:1667
 #, c-format
 msgid "NOT using nameserver %s#%d - query loop detected"
 msgstr ""
 
-#: network.c:1614
+#: network.c:1670
 #, c-format
 msgid "using nameserver %s#%d(via %s)"
 msgstr ""
 
-#: network.c:1616
+#: network.c:1672
 #, c-format
 msgid "using nameserver %s#%d"
 msgstr ""
 
-#: network.c:1630
+#: network.c:1687
 #, c-format
 msgid "using only locally-known addresses for %s"
 msgstr ""
 
-#: network.c:1633
+#: network.c:1690
 #, c-format
 msgid "using standard nameservers for %s"
 msgstr ""
 
-#: network.c:1637
+#: network.c:1694
 #, c-format
 msgid "using %d more local addresses"
 msgstr ""
 
-#: network.c:1639
+#: network.c:1696
 #, c-format
 msgid "using %d more nameservers"
 msgstr ""
 
-#: dnsmasq.c:184
+#: dnsmasq.c:192
 msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
 msgstr ""
 
-#: dnsmasq.c:199
+#: dnsmasq.c:207
 msgid "no root trust anchor provided for DNSSEC"
 msgstr ""
 
-#: dnsmasq.c:202
+#: dnsmasq.c:210
 msgid "cannot reduce cache size from default when DNSSEC enabled"
 msgstr ""
 
-#: dnsmasq.c:204
+#: dnsmasq.c:212
 msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:210
+#: dnsmasq.c:218
 msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:217
+#: dnsmasq.c:225
 msgid "cannot use --conntrack AND --query-port"
 msgstr ""
 
-#: dnsmasq.c:223
+#: dnsmasq.c:231
 msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:228
+#: dnsmasq.c:236
 msgid "asynchronous logging is not available under Solaris"
 msgstr ""
 
-#: dnsmasq.c:233
+#: dnsmasq.c:241
 msgid "asynchronous logging is not available under Android"
 msgstr ""
 
-#: dnsmasq.c:238
+#: dnsmasq.c:246
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:243
+#: dnsmasq.c:251
 msgid "loop detection not available: set HAVE_LOOP in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:248
+#: dnsmasq.c:256
 msgid "Ubus not available: set HAVE_UBUS in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:259
+#: dnsmasq.c:267
 msgid "max_port cannot be smaller than min_port"
 msgstr ""
 
-#: dnsmasq.c:266
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
 msgid "--auth-server required when an auth zone is defined."
 msgstr ""
 
-#: dnsmasq.c:271
+#: dnsmasq.c:283
 msgid "zone serial must be configured in --auth-soa"
 msgstr ""
 
-#: dnsmasq.c:291
+#: dnsmasq.c:303
 msgid "dhcp-range constructor not available on this platform"
 msgstr ""
 
-#: dnsmasq.c:355
+#: dnsmasq.c:377
 msgid "cannot set --bind-interfaces and --bind-dynamic"
 msgstr ""
 
-#: dnsmasq.c:358
+#: dnsmasq.c:380
 #, c-format
 msgid "failed to find list of interfaces: %s"
 msgstr ""
 
-#: dnsmasq.c:367
+#: dnsmasq.c:389
 #, c-format
 msgid "unknown interface %s"
 msgstr ""
 
-#: dnsmasq.c:437
+#: dnsmasq.c:396
+#, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr ""
+
+#: dnsmasq.c:440
 msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:445 dnsmasq.c:1207
+#: dnsmasq.c:448 dnsmasq.c:1232
 #, c-format
 msgid "DBus error: %s"
 msgstr ""
 
-#: dnsmasq.c:448
+#: dnsmasq.c:451
 msgid "DBus not available: set HAVE_DBUS in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:456 dnsmasq.c:1228
+#: dnsmasq.c:459 dnsmasq.c:1253
 #, c-format
 msgid "UBus error: %s"
 msgstr ""
 
-#: dnsmasq.c:459
+#: dnsmasq.c:462
 msgid "UBus not available: set HAVE_UBUS in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:489
+#: dnsmasq.c:492
 #, c-format
 msgid "unknown user or group: %s"
 msgstr ""
 
-#: dnsmasq.c:565
+#: dnsmasq.c:568
 #, c-format
 msgid "process is missing required capability %s"
 msgstr ""
 
-#: dnsmasq.c:597
+#: dnsmasq.c:600
 #, c-format
 msgid "cannot chdir to filesystem root: %s"
 msgstr ""
 
-#: dnsmasq.c:845
+#: dnsmasq.c:852
 #, c-format
 msgid "started, version %s DNS disabled"
 msgstr ""
 
-#: dnsmasq.c:850
+#: dnsmasq.c:857
 #, c-format
 msgid "started, version %s cachesize %d"
 msgstr ""
 
-#: dnsmasq.c:852
+#: dnsmasq.c:859
 msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
 msgstr ""
 
-#: dnsmasq.c:855
+#: dnsmasq.c:862
 #, c-format
 msgid "started, version %s cache disabled"
 msgstr ""
 
-#: dnsmasq.c:858
+#: dnsmasq.c:865
 msgid "DNS service limited to local subnets"
 msgstr ""
 
-#: dnsmasq.c:861
+#: dnsmasq.c:868
 #, c-format
 msgid "compile time options: %s"
 msgstr ""
 
-#: dnsmasq.c:870
+#: dnsmasq.c:877
 msgid "DBus support enabled: connected to system bus"
 msgstr ""
 
-#: dnsmasq.c:872
+#: dnsmasq.c:879
 msgid "DBus support enabled: bus connection pending"
 msgstr ""
 
-#: dnsmasq.c:880
+#: dnsmasq.c:887
 msgid "UBus support enabled: connected to system bus"
 msgstr ""
 
-#: dnsmasq.c:882
+#: dnsmasq.c:889
 msgid "UBus support enabled: bus connection pending"
 msgstr ""
 
-#: dnsmasq.c:902
+#: dnsmasq.c:909
 msgid "DNSSEC validation enabled but all unsigned answers are trusted"
 msgstr ""
 
-#: dnsmasq.c:904
+#: dnsmasq.c:911
 msgid "DNSSEC validation enabled"
 msgstr ""
 
-#: dnsmasq.c:908
+#: dnsmasq.c:915
 msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
 msgstr ""
 
-#: dnsmasq.c:911
+#: dnsmasq.c:918
 msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr ""
 
-#: dnsmasq.c:914
+#: dnsmasq.c:921
 #, c-format
 msgid "configured with trust anchor for %s keytag %u"
 msgstr ""
 
-#: dnsmasq.c:920
+#: dnsmasq.c:927
 #, c-format
 msgid "warning: failed to change owner of %s: %s"
 msgstr ""
 
-#: dnsmasq.c:924
+#: dnsmasq.c:932
 msgid "setting --bind-interfaces option because of OS limitations"
 msgstr ""
 
-#: dnsmasq.c:936
+#: dnsmasq.c:945
 #, c-format
 msgid "warning: interface %s does not currently exist"
 msgstr ""
 
-#: dnsmasq.c:941
+#: dnsmasq.c:950
 msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr ""
 
-#: dnsmasq.c:944
+#: dnsmasq.c:953
 msgid "warning: no upstream servers configured"
 msgstr ""
 
-#: dnsmasq.c:948
+#: dnsmasq.c:957
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
 msgstr ""
 
-#: dnsmasq.c:969
+#: dnsmasq.c:978
 msgid "IPv6 router advertisement enabled"
 msgstr ""
 
-#: dnsmasq.c:974
+#: dnsmasq.c:983
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "root is "
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "enabled"
 msgstr ""
 
-#: dnsmasq.c:993
+#: dnsmasq.c:1002
 msgid "secure mode"
 msgstr ""
 
-#: dnsmasq.c:994
+#: dnsmasq.c:1003
 msgid "single port mode"
 msgstr ""
 
-#: dnsmasq.c:997
+#: dnsmasq.c:1006
 #, c-format
 msgid "warning: %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1001
+#: dnsmasq.c:1010
 #, c-format
 msgid "warning: TFTP directory %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1027
+#: dnsmasq.c:1036
 #, c-format
 msgid "restricting maximum simultaneous TFTP transfers to %d"
 msgstr ""
 
-#: dnsmasq.c:1204
+#: dnsmasq.c:1095
+#, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr ""
+
+#: dnsmasq.c:1229
 msgid "connected to system DBus"
 msgstr ""
 
-#: dnsmasq.c:1225
+#: dnsmasq.c:1250
 msgid "connected to system UBus"
 msgstr ""
 
-#: dnsmasq.c:1391
+#: dnsmasq.c:1416
 #, c-format
 msgid "cannot fork into background: %s"
 msgstr ""
 
-#: dnsmasq.c:1395
+#: dnsmasq.c:1420
 #, c-format
 msgid "failed to create helper: %s"
 msgstr ""
 
-#: dnsmasq.c:1399
+#: dnsmasq.c:1424
 #, c-format
 msgid "setting capabilities failed: %s"
 msgstr ""
 
-#: dnsmasq.c:1403
+#: dnsmasq.c:1428
 #, c-format
 msgid "failed to change user-id to %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1407
+#: dnsmasq.c:1432
 #, c-format
 msgid "failed to change group-id to %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1411
+#: dnsmasq.c:1436
 #, c-format
 msgid "failed to open pidfile %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1415
+#: dnsmasq.c:1440
 #, c-format
 msgid "cannot open log %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1419
+#: dnsmasq.c:1444
 #, c-format
 msgid "failed to load Lua script: %s"
 msgstr ""
 
-#: dnsmasq.c:1423
+#: dnsmasq.c:1448
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
 msgstr ""
 
-#: dnsmasq.c:1427
+#: dnsmasq.c:1452
 #, c-format
 msgid "cannot create timestamp file %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1511
+#: dnsmasq.c:1536
 #, c-format
 msgid "script process killed by signal %d"
 msgstr ""
 
-#: dnsmasq.c:1515
+#: dnsmasq.c:1540
 #, c-format
 msgid "script process exited with status %d"
 msgstr ""
 
-#: dnsmasq.c:1519
+#: dnsmasq.c:1544
 #, c-format
 msgid "failed to execute %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1559
+#: dnsmasq.c:1584
 msgid "now checking DNSSEC signature timestamps"
 msgstr ""
 
-#: dnsmasq.c:1594 dnssec.c:160 dnssec.c:204
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
 #, c-format
 msgid "failed to update mtime on %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1606
+#: dnsmasq.c:1631
 msgid "exiting on receipt of SIGTERM"
 msgstr ""
 
-#: dnsmasq.c:1634
+#: dnsmasq.c:1659
 #, c-format
 msgid "failed to access %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1664
+#: dnsmasq.c:1690
 #, c-format
 msgid "reading %s"
 msgstr ""
 
-#: dnsmasq.c:1675
+#: dnsmasq.c:1706
 #, c-format
 msgid "no servers found in %s, will retry"
 msgstr ""
 
-#: dhcp.c:53
+#: dhcp.c:51
 #, c-format
 msgid "cannot create DHCP socket: %s"
 msgstr ""
 
-#: dhcp.c:68
+#: dhcp.c:66
 #, c-format
 msgid "failed to set options on DHCP socket: %s"
 msgstr ""
 
-#: dhcp.c:89
+#: dhcp.c:87
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
 msgstr ""
 
-#: dhcp.c:101
+#: dhcp.c:99
 #, c-format
 msgid "failed to bind DHCP server socket: %s"
 msgstr ""
 
-#: dhcp.c:127
+#: dhcp.c:125
 #, c-format
 msgid "cannot create ICMP raw socket: %s."
 msgstr ""
 
-#: dhcp.c:252 dhcp6.c:180
+#: dhcp.c:254 dhcp6.c:186
 #, c-format
 msgid "unknown interface %s in bridge-interface"
 msgstr ""
 
-#: dhcp.c:293
+#: dhcp.c:295
 #, c-format
 msgid "DHCP packet received on %s which has no address"
 msgstr ""
 
-#: dhcp.c:428
+#: dhcp.c:429
 #, c-format
 msgid "ARP-cache injection failed: %s"
 msgstr ""
 
-#: dhcp.c:473
+#: dhcp.c:490
 #, c-format
 msgid "Error sending DHCP packet to %s: %s"
 msgstr ""
 
-#: dhcp.c:530
+#: dhcp.c:547
 #, c-format
 msgid "DHCP range %s -- %s is not consistent with netmask %s"
 msgstr ""
 
-#: dhcp.c:918
+#: dhcp.c:930
 #, c-format
 msgid "bad line at %s line %d"
 msgstr ""
 
-#: dhcp.c:961
+#: dhcp.c:973
 #, c-format
 msgid "ignoring %s line %d, duplicate name or IP address"
 msgstr ""
 
-#: dhcp.c:1105 rfc3315.c:2182
+#: dhcp.c:1034
 #, c-format
-msgid "DHCP relay %s -> %s"
+msgid "read %s - %d addresses"
+msgstr ""
+
+#: dhcp.c:1136
+#, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr ""
+
+#: dhcp.c:1160
+#, c-format
+msgid "broadcast via %s"
+msgstr ""
+
+#: dhcp.c:1163 rfc3315.c:2219
+#, c-format
+msgid "DHCP relay at %s -> %s"
 msgstr ""
 
 #: lease.c:64
@@ -1898,7 +2036,7 @@ msgstr ""
 msgid "%u available DHCP subnet: %s/%s"
 msgstr ""
 
-#: rfc2131.c:409 rfc3315.c:319
+#: rfc2131.c:409 rfc3315.c:320
 #, c-format
 msgid "%u available DHCP range: %s -- %s"
 msgstr ""
@@ -1917,12 +2055,12 @@ msgstr ""
 msgid "disabled"
 msgstr ""
 
-#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1532 rfc3315.c:632 rfc3315.c:815
-#: rfc3315.c:1121
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
 msgid "ignored"
 msgstr ""
 
-#: rfc2131.c:613 rfc2131.c:1333 rfc3315.c:867
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
 msgid "address in use"
 msgstr ""
 
@@ -1930,7 +2068,7 @@ msgstr ""
 msgid "no address available"
 msgstr ""
 
-#: rfc2131.c:634 rfc2131.c:1295
+#: rfc2131.c:634 rfc2131.c:1302
 msgid "wrong network"
 msgstr ""
 
@@ -1938,11 +2076,11 @@ msgstr ""
 msgid "no address configured"
 msgstr ""
 
-#: rfc2131.c:655 rfc2131.c:1346
+#: rfc2131.c:655 rfc2131.c:1353
 msgid "no leases left"
 msgstr ""
 
-#: rfc2131.c:756 rfc3315.c:499
+#: rfc2131.c:756 rfc3315.c:500
 #, c-format
 msgid "%u client provides name: %s"
 msgstr ""
@@ -1951,7 +2089,7 @@ msgstr ""
 msgid "PXE BIS not supported"
 msgstr ""
 
-#: rfc2131.c:1054 rfc3315.c:1222
+#: rfc2131.c:1054 rfc3315.c:1223
 #, c-format
 msgid "disabling DHCP static address %s for %s"
 msgstr ""
@@ -1975,108 +2113,108 @@ msgstr ""
 msgid "not using configured address %s because it was previously declined"
 msgstr ""
 
-#: rfc2131.c:1139 rfc2131.c:1339
+#: rfc2131.c:1139 rfc2131.c:1346
 msgid "no unique-id"
 msgstr ""
 
-#: rfc2131.c:1231
+#: rfc2131.c:1238
 msgid "wrong server-ID"
 msgstr ""
 
-#: rfc2131.c:1250
+#: rfc2131.c:1257
 msgid "wrong address"
 msgstr ""
 
-#: rfc2131.c:1268 rfc3315.c:975
+#: rfc2131.c:1275 rfc3315.c:976
 msgid "lease not found"
 msgstr ""
 
-#: rfc2131.c:1303
+#: rfc2131.c:1310
 msgid "address not available"
 msgstr ""
 
-#: rfc2131.c:1314
+#: rfc2131.c:1321
 msgid "static lease available"
 msgstr ""
 
-#: rfc2131.c:1318
+#: rfc2131.c:1325
 msgid "address reserved"
 msgstr ""
 
-#: rfc2131.c:1327
+#: rfc2131.c:1334
 #, c-format
 msgid "abandoning lease to %s of %s"
 msgstr ""
 
-#: rfc2131.c:1866
+#: rfc2131.c:1870
 #, c-format
 msgid "%u bootfile name: %s"
 msgstr ""
 
-#: rfc2131.c:1875
+#: rfc2131.c:1879
 #, c-format
 msgid "%u server name: %s"
 msgstr ""
 
-#: rfc2131.c:1885
+#: rfc2131.c:1889
 #, c-format
 msgid "%u next server: %s"
 msgstr ""
 
-#: rfc2131.c:1889
+#: rfc2131.c:1893
 #, c-format
 msgid "%u broadcast response"
 msgstr ""
 
-#: rfc2131.c:1952
+#: rfc2131.c:1956
 #, c-format
 msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
 msgstr ""
 
-#: rfc2131.c:2262
+#: rfc2131.c:2267
 msgid "PXE menu too large"
 msgstr ""
 
-#: rfc2131.c:2425 rfc3315.c:1511
+#: rfc2131.c:2430 rfc3315.c:1517
 #, c-format
 msgid "%u requested options: %s"
 msgstr ""
 
-#: rfc2131.c:2742
+#: rfc2131.c:2747
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
 msgstr ""
 
-#: rfc2131.c:2805
+#: rfc2131.c:2810
 #, c-format
 msgid "%u reply delay: %d"
 msgstr ""
 
-#: netlink.c:93
+#: netlink.c:86
 #, c-format
 msgid "cannot create netlink socket: %s"
 msgstr ""
 
-#: netlink.c:377
+#: netlink.c:379
 #, c-format
 msgid "netlink returns error: %s"
 msgstr ""
 
-#: dbus.c:434
+#: dbus.c:491
 #, c-format
 msgid "Enabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:439
+#: dbus.c:496
 #, c-format
 msgid "Disabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:713
+#: dbus.c:857
 msgid "setting upstream servers from DBus"
 msgstr ""
 
-#: dbus.c:760
+#: dbus.c:907
 msgid "could not register a DBus message handler"
 msgstr ""
 
@@ -2103,51 +2241,51 @@ msgstr ""
 msgid "lease() function missing in Lua script"
 msgstr ""
 
-#: tftp.c:349
+#: tftp.c:353
 msgid "unable to get free port for TFTP"
 msgstr ""
 
-#: tftp.c:365
+#: tftp.c:369
 #, c-format
 msgid "unsupported request from %s"
 msgstr ""
 
-#: tftp.c:512
+#: tftp.c:520
 #, c-format
-msgid "file %s not found"
+msgid "file %s not found for %s"
 msgstr ""
 
-#: tftp.c:602
+#: tftp.c:609
 #, c-format
 msgid "ignoring packet from %s (TID mismatch)"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "failed sending %s to %s"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "sent %s to %s"
 msgstr ""
 
-#: tftp.c:696
+#: tftp.c:712
 #, c-format
 msgid "error %d %s received from %s"
 msgstr ""
 
-#: log.c:190
+#: log.c:203
 #, c-format
 msgid "overflow: %d log entries lost"
 msgstr ""
 
-#: log.c:268
+#: log.c:281
 #, c-format
 msgid "log failed: %s"
 msgstr ""
 
-#: log.c:477
+#: log.c:490
 msgid "FAILED to start up"
 msgstr ""
 
@@ -2156,17 +2294,17 @@ msgstr ""
 msgid "Conntrack connection mark retrieval failed: %s"
 msgstr ""
 
-#: dhcp6.c:52
+#: dhcp6.c:51
 #, c-format
 msgid "cannot create DHCPv6 socket: %s"
 msgstr ""
 
-#: dhcp6.c:73
+#: dhcp6.c:72
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
 msgstr ""
 
-#: dhcp6.c:85
+#: dhcp6.c:84
 #, c-format
 msgid "failed to bind DHCPv6 server socket: %s"
 msgstr ""
@@ -2181,145 +2319,151 @@ msgstr ""
 msgid "no address range available for DHCPv6 request via %s"
 msgstr ""
 
-#: rfc3315.c:316
+#: rfc3315.c:317
 #, c-format
 msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr ""
 
-#: rfc3315.c:399
+#: rfc3315.c:400
 #, c-format
 msgid "%u vendor class: %u"
 msgstr ""
 
-#: rfc3315.c:447
+#: rfc3315.c:448
 #, c-format
 msgid "%u client MAC address: %s"
 msgstr ""
 
-#: rfc3315.c:762 rfc3315.c:859
+#: rfc3315.c:763 rfc3315.c:860
 msgid "address unavailable"
 msgstr ""
 
-#: rfc3315.c:774 rfc3315.c:903 rfc3315.c:1272
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
 msgid "success"
 msgstr ""
 
-#: rfc3315.c:789 rfc3315.c:798 rfc3315.c:911 rfc3315.c:913 rfc3315.c:1047
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
 msgid "no addresses available"
 msgstr ""
 
-#: rfc3315.c:890
+#: rfc3315.c:891
 msgid "not on link"
 msgstr ""
 
-#: rfc3315.c:979 rfc3315.c:1180 rfc3315.c:1261
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
 msgid "no binding found"
 msgstr ""
 
-#: rfc3315.c:1016
+#: rfc3315.c:1017
 msgid "deprecated"
 msgstr ""
 
-#: rfc3315.c:1023
+#: rfc3315.c:1024
 msgid "address invalid"
 msgstr ""
 
-#: rfc3315.c:1081 rfc3315.c:1083
+#: rfc3315.c:1082 rfc3315.c:1084
 msgid "confirm failed"
 msgstr ""
 
-#: rfc3315.c:1098
+#: rfc3315.c:1099
 msgid "all addresses still on link"
 msgstr ""
 
-#: rfc3315.c:1189
+#: rfc3315.c:1190
 msgid "release received"
 msgstr ""
 
-#: rfc3315.c:2173
-msgid "Cannot multicast to DHCPv6 server without correct interface"
+#: rfc3315.c:2200
+#, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
+msgstr ""
+
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
 msgstr ""
 
-#: dhcp-common.c:154
+#: dhcp-common.c:187
 #, c-format
 msgid "Ignoring duplicate dhcp-option %d"
 msgstr ""
 
-#: dhcp-common.c:231
+#: dhcp-common.c:264
 #, c-format
 msgid "%u tags: %s"
 msgstr ""
 
-#: dhcp-common.c:451
+#: dhcp-common.c:484
 #, c-format
 msgid "%s has more than one address in hostsfile, using %s for DHCP"
 msgstr ""
 
-#: dhcp-common.c:485
+#: dhcp-common.c:518
 #, c-format
 msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr ""
 
-#: dhcp-common.c:549
-#, c-format
-msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr ""
-
-#: dhcp-common.c:672
+#: dhcp-common.c:738
 #, c-format
 msgid "Known DHCP options:\n"
 msgstr ""
 
-#: dhcp-common.c:683
+#: dhcp-common.c:749
 #, c-format
 msgid "Known DHCPv6 options:\n"
 msgstr ""
 
-#: dhcp-common.c:880
+#: dhcp-common.c:946
 msgid ", prefix deprecated"
 msgstr ""
 
-#: dhcp-common.c:883
+#: dhcp-common.c:949
 #, c-format
 msgid ", lease time "
 msgstr ""
 
-#: dhcp-common.c:925
+#: dhcp-common.c:991
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
 msgstr ""
 
-#: dhcp-common.c:927
+#: dhcp-common.c:993
 #, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
 msgstr ""
 
-#: dhcp-common.c:929
+#: dhcp-common.c:995
 #, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
 msgstr ""
 
-#: dhcp-common.c:930
+#: dhcp-common.c:996
 #, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
 msgstr ""
 
-#: dhcp-common.c:943
+#: dhcp-common.c:1009
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
 msgstr ""
 
-#: dhcp-common.c:946
+#: dhcp-common.c:1012
 #, c-format
 msgid "router advertisement on %s%s"
 msgstr ""
 
-#: dhcp-common.c:957
+#: dhcp-common.c:1043
+#, c-format
+msgid "DHCP relay from %s via %s"
+msgstr ""
+
+#: dhcp-common.c:1045
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
 msgstr ""
 
-#: dhcp-common.c:959
+#: dhcp-common.c:1048
 #, c-format
 msgid "DHCP relay from %s to %s"
 msgstr ""
@@ -2329,7 +2473,7 @@ msgstr ""
 msgid "cannot create ICMPv6 socket: %s"
 msgstr ""
 
-#: auth.c:464
+#: auth.c:462
 #, c-format
 msgid "ignoring zone transfer request from %s"
 msgstr ""
@@ -2441,14 +2585,14 @@ msgstr ""
 msgid "system time considered valid, now checking DNSSEC signature timestamps."
 msgstr ""
 
-#: dnssec.c:1014
+#: dnssec.c:1018
 #, c-format
 msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
 msgstr ""
 
 #: blockdata.c:55
 #, c-format
-msgid "pool memory in use %u, max %u, allocated %u"
+msgid "pool memory in use %zu, max %zu, allocated %zu"
 msgstr ""
 
 #: tables.c:61
@@ -2510,38 +2654,57 @@ msgstr ""
 msgid "directory %s for resolv-file is missing, cannot poll"
 msgstr ""
 
-#: inotify.c:131 inotify.c:168
+#: inotify.c:131 inotify.c:200
 #, c-format
 msgid "failed to create inotify for %s: %s"
 msgstr ""
 
-#: inotify.c:153
+#: inotify.c:178 inotify.c:185
 #, c-format
 msgid "bad dynamic directory %s: %s"
 msgstr ""
 
-#: inotify.c:257
+#: inotify.c:186
+msgid "not a directory"
+msgstr ""
+
+#: inotify.c:299
 #, c-format
-msgid "inotify, new or changed file %s"
+msgid "inotify: %s removed"
 msgstr ""
 
-#: dump.c:64
+#: inotify.c:301
+#, c-format
+msgid "inotify: %s new or modified"
+msgstr ""
+
+#: inotify.c:309
+#, c-format
+msgid "inotify: flushed %u names read from %s"
+msgstr ""
+
+#: dump.c:68
 #, c-format
 msgid "cannot create %s: %s"
 msgstr ""
 
-#: dump.c:70
+#: dump.c:74
 #, c-format
 msgid "bad header in %s"
 msgstr ""
 
-#: dump.c:205
+#: dump.c:287
 msgid "failed to write packet dump"
 msgstr ""
 
-#: dump.c:207
+#: dump.c:289
+#, c-format
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr ""
+
+#: dump.c:291
 #, c-format
-msgid "dumping UDP packet %u mask 0x%04x"
+msgid "dumping packet %u mask 0x%04x"
 msgstr ""
 
 #: ubus.c:79
@@ -2574,3 +2737,7 @@ msgstr ""
 #: hash-questions.c:40
 msgid "Failed to create SHA-256 hash object"
 msgstr ""
+
+#: nftset.c:35
+msgid "failed to create nftset context"
+msgstr ""
diff --git a/po/ka.po b/po/ka.po
new file mode 100644
index 0000000..96e44ef
--- /dev/null
+++ b/po/ka.po
@@ -0,0 +1,2746 @@
+# Georgian translation for dnsmasq
+# This file is distributed under the same license as the dnsmasq package.
+# Temuri Doghonadze <temuri.doghonadze@gmail.com>, 2022.
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: \n"
+"PO-Revision-Date: \n"
+"Last-Translator: Temuri Doghonadze <temuri.doghonadze@gmail.com>\n"
+"Language-Team: \n"
+"Language: ka\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 3.1.1\n"
+
+#: cache.c:652
+msgid "Internal error in cache."
+msgstr "შიდა შეცდომა ქეშში."
+
+#: cache.c:1179
+#, c-format
+msgid "failed to load names from %s: %s"
+msgstr "შეცდომა სახელების %s-დან წაკითხვისას: %s"
+
+#: cache.c:1201 dhcp.c:943
+#, c-format
+msgid "bad address at %s line %d"
+msgstr "ცუდი მისამართი %s ხაზი %d"
+
+#: cache.c:1254 dhcp.c:959
+#, c-format
+msgid "bad name at %s line %d"
+msgstr "ცუდი სახელი %s ხაზზე %d"
+
+#: cache.c:1265
+#, fuzzy, c-format
+msgid "read %s - %d names"
+msgstr "წავიკითხე %s - %d მისამართი"
+
+#: cache.c:1381
+msgid "cleared cache"
+msgstr "ქეში გასუფთავდა"
+
+#: cache.c:1445
+#, c-format
+msgid "No IPv4 address found for %s"
+msgstr "%s-სთვის IPv4 მისამართი ვერ ვიპოვე"
+
+#: cache.c:1491
+#, c-format
+msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
+msgstr "%s CNAME-ა. %s-ის DHCP იჯარა არ გადაეცემა"
+
+#: cache.c:1515
+#, c-format
+msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
+msgstr "სახელი %s DHCP იჯარა %s-ზე მინიჭებული არ იქნება იმიტომ, რომ სახელი %s-ში მისამართით %s უკვე არსებობს"
+
+#: cache.c:1760
+#, c-format
+msgid "time %lu"
+msgstr "დრო %lu"
+
+#: cache.c:1761
+#, c-format
+msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
+msgstr "ქეშის ზომა %d, %d;%d ქეშში ჩამატებებმა ქეშის ვადაგაუსვლელი ჩანაწერები თავიდან გამოიყენეს."
+
+#: cache.c:1763
+#, c-format
+msgid "queries forwarded %u, queries answered locally %u"
+msgstr "მოთხოვნები გადაგზავნილია %u, ლოკალურად ნაპასუხები %u"
+
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
+#, c-format
+msgid "queries for authoritative zones %u"
+msgstr "მოთხოვნები ავტორიტეტული ზონებისთვის %u"
+
+#: cache.c:1796
+#, fuzzy, c-format
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
+msgstr "სერვერი %s#%d: %u გაგზავნილი მოთხოვნა, %u თავიდან ნაცადი ან შეცდომით დასრულებული"
+
+#: util.c:51
+#, c-format
+msgid "failed to seed the random number generator: %s"
+msgstr "შემთხვევითი რიცხვების გენერაციისათვის თესლის გადაცემის შეცდომა: %s"
+
+#: util.c:246
+msgid "failed to allocate memory"
+msgstr "მეხსიერების გამოყოფის შეცდომა"
+
+#: util.c:305 option.c:696
+msgid "could not get memory"
+msgstr "მეხსიერების მიღების შეცდომა"
+
+#: util.c:326
+#, c-format
+msgid "cannot create pipe: %s"
+msgstr "ფაიფის შექმნის შეცდომა: %s"
+
+#: util.c:334
+#, c-format
+msgid "failed to allocate %d bytes"
+msgstr "%d ბაიტის გამოყოფის შეცდომა"
+
+#: util.c:344
+#, c-format
+msgid "failed to reallocate %d bytes"
+msgstr "%d ბაიტის თავიდან გამოყოფის შეცდომა"
+
+#: util.c:465
+#, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr "მონოტონური საათის წაკითხვის შეცდომა: %s"
+
+#: util.c:579
+#, c-format
+msgid "infinite"
+msgstr "უსასრულო"
+
+#: util.c:867
+#, c-format
+msgid "failed to find kernel version: %s"
+msgstr "ბირთვის ვერსიის პოვნის შეცდომა: %s"
+
+#: option.c:393
+msgid "Specify local address(es) to listen on."
+msgstr "მიუთითეთ მოსასმენი ლოკალური მისამართები."
+
+#: option.c:394
+msgid "Return ipaddr for all hosts in specified domains."
+msgstr "მითითებულ დომენებში ყველა ჰოსტისთვის ipaddr-ის დაბრუნება."
+
+#: option.c:395
+msgid "Fake reverse lookups for RFC1918 private address ranges."
+msgstr "ყალბი უკუღმა-ძებნები RFC1918 მისამართების პირადი დიაპაზონებისტვის."
+
+#: option.c:396
+msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
+msgstr "\"ipaddr\"-ის განხილვა, როგორც NXDOMAIN-ის (სჯობნის Verisign ვაილდ-კარდს)."
+
+#: option.c:397
+#, c-format
+msgid "Specify the size of the cache in entries (defaults to %s)."
+msgstr "მიუთითეთ ჩანაწერებში ქეშის ზომა (ნაგულისხმები %s)."
+
+#: option.c:398
+#, c-format
+msgid "Specify configuration file (defaults to %s)."
+msgstr "კონფიგურაციის ფაილის მითითება (ნაგულისხმები %s)."
+
+#: option.c:399
+msgid "Do NOT fork into the background: run in debug mode."
+msgstr "*არ გადახვიდე* ფონში: გამართვის რეჟიმში გაშვება."
+
+#: option.c:400
+msgid "Do NOT forward queries with no domain part."
+msgstr "მოთხოვნები დომენის ნაწილის გარეშე *არ* გადააგზავნო."
+
+#: option.c:401
+msgid "Return self-pointing MX records for local hosts."
+msgstr "ლოკალური ჰოსტებისთვის თავის-თავზე მაჩვენებელი MX ჩანაწერების დაბრუნება."
+
+#: option.c:402
+msgid "Expand simple names in /etc/hosts with domain-suffix."
+msgstr "/etc/hosts-ის მარტივი სახელებისთვის დომენის სუფიქსის მიწერა."
+
+#: option.c:403
+msgid "Don't forward spurious DNS requests from Windows hosts."
+msgstr "Windows-ის ჰოსტებიდან მოსული ყალბი DNS მოთხოვნები არ გადაიგზავნება."
+
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr "DNS-ის პასუხებში IPv4 მისამართები ჩასმული არ იქნება."
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr "DNS-ის პასუხებში IPv6 მისამართები ჩასმული არ იქნება."
+
+#: option.c:406
+msgid "Enable DHCP in the range given with lease duration."
+msgstr "DHCP-ის იჯარის ხანგრძლივობაში მითითებული დიაპაზონით შექმნა."
+
+#: option.c:407
+#, c-format
+msgid "Change to this group after startup (defaults to %s)."
+msgstr "გაშვების შემდეგ ამ ჯგუფზე გადასვლა (ნაგულისხმები %s)"
+
+#: option.c:408
+msgid "Set address or hostname for a specified machine."
+msgstr "მითითებული მანქანისთვის მისამართის ან ჰოსტის სახელის დაყენება."
+
+#: option.c:409
+msgid "Read DHCP host specs from file."
+msgstr "DHCP-ის ჰოსტის სპეციფიკაციის ფაილიდან წაკითხვა."
+
+#: option.c:410
+msgid "Read DHCP option specs from file."
+msgstr "DHCP-ის პარამეტრების სპეციფიკაციის ფაილიდან წაკითხვა."
+
+#: option.c:411
+msgid "Read DHCP host specs from a directory."
+msgstr "DHCP-ის ჰოსტის სპეციფიკაციის საქაღალდიდან წაკითხვა."
+
+#: option.c:412
+msgid "Read DHCP options from a directory."
+msgstr "DHCP-ის პარამეტრების სპეციფიკაციის საქაღალდიდან წაკითხვა."
+
+#: option.c:413
+msgid "Evaluate conditional tag expression."
+msgstr "ჭდის პირობითი გამოსახულების შემოწმება."
+
+#: option.c:414
+#, c-format
+msgid "Do NOT load %s file."
+msgstr "არ ჩატვირთო %s ფაილი."
+
+#: option.c:415
+#, c-format
+msgid "Specify a hosts file to be read in addition to %s."
+msgstr "მიუთითეთ %s-სთან ერთად, დამატებით წასაკითხი hosts ფაილი."
+
+#: option.c:416
+msgid "Read hosts files from a directory."
+msgstr "წავიკითხე hosts ფაილი საქაღალდიდან."
+
+#: option.c:417
+msgid "Specify interface(s) to listen on."
+msgstr "მიუთითეთ მოსასმენი ინტერფეისები."
+
+#: option.c:418
+msgid "Specify interface(s) NOT to listen on."
+msgstr "მიუთითეთ ინტერფეისები, რომელზეც არ მოვუსმენ."
+
+#: option.c:419
+msgid "Map DHCP user class to tag."
+msgstr "DHCP-ის მომხმარებლის კლასის ჭდეზე მიბმა."
+
+#: option.c:420
+msgid "Map RFC3046 circuit-id to tag."
+msgstr "RFC3046 circuit-id-ის ჭდეზე მიბმა."
+
+#: option.c:421
+msgid "Map RFC3046 remote-id to tag."
+msgstr "RFC3046 remote-id-ის ჭდეზე მიბმა."
+
+#: option.c:422
+msgid "Map RFC3993 subscriber-id to tag."
+msgstr "RFC3046 subscriber-id-ის ჭდეზე მიბმა."
+
+#: option.c:423
+msgid "Specify vendor class to match for PXE requests."
+msgstr "მიუთითეთ PXE მოთხოვნებში დასამთხვევი მომწოდებლის კლასი."
+
+#: option.c:424
+msgid "Don't do DHCP for hosts with tag set."
+msgstr "ჭდე-დაყენებული ჰოსტებისთვის DHCP არ იმუშავებს."
+
+#: option.c:425
+msgid "Force broadcast replies for hosts with tag set."
+msgstr "ჭდედაყენებული ჰოსტებისთვის მაუწყებლობის პაკეტების გაგზავნა."
+
+#: option.c:426
+msgid "Do NOT fork into the background, do NOT run in debug mode."
+msgstr "*არ* გადახვიდე ფონში. *არ* გაეშვა გამართვის რეჟიში."
+
+#: option.c:427
+msgid "Assume we are the only DHCP server on the local network."
+msgstr "ჩავთვალოთ, რომ ჩვენ ლოკალურ ქსელში ერთადერთი DHCP სერვერი ვართ."
+
+#: option.c:428
+#, c-format
+msgid "Specify where to store DHCP leases (defaults to %s)."
+msgstr "მიუთითეთ, სად უნდა შევინახოთ DHCP იჯარები (ნაგულისხმებია %s)."
+
+#: option.c:429
+msgid "Return MX records for local hosts."
+msgstr "ლოკალური ჰოსტებისთვის MX ჩანაწერების დაბრუნება."
+
+#: option.c:430
+msgid "Specify an MX record."
+msgstr "მიუთითეთ MX ჩანაწერი."
+
+#: option.c:431
+msgid "Specify BOOTP options to DHCP server."
+msgstr "DHCP სერვერისთვის საჭიროა BOOTP-ის პარამეტრების მითითება."
+
+#: option.c:432
+#, c-format
+msgid "Do NOT poll %s file, reload only on SIGHUP."
+msgstr ""
+
+#: option.c:433
+msgid "Do NOT cache failed search results."
+msgstr "შეცდომით დასრულებული შედეგები *არ* დაიქეშება."
+
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
+#: option.c:435
+#, c-format
+msgid "Use nameservers strictly in the order given in %s."
+msgstr "DNS სერვერების მხოლოდ %s-ში მითითებული მიმდევრობით გამოყენება."
+
+#: option.c:436
+msgid "Specify options to be sent to DHCP clients."
+msgstr "მიუთითეთ DHCP კლიენტებისთვის გასაგზავნი პარამეტრები."
+
+#: option.c:437
+msgid "DHCP option sent even if the client does not request it."
+msgstr "DHCP პარამეტრები იგზავნება მაშინაც კი, როცა კლიენტი მათ არ ითხოვს."
+
+#: option.c:438
+msgid "Specify port to listen for DNS requests on (defaults to 53)."
+msgstr "მიუთითეთ პორტი DNS მოთხოვნების მოსასმენად (ნაგულისხმებია 53)."
+
+#: option.c:439
+#, c-format
+msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
+msgstr "UDP პაკეტის მაქსიმალური მხარდაჭერილი ზომა EDNS.0-სთვის (ნაგულისხმებია %s)."
+
+#: option.c:440
+msgid "Log DNS queries."
+msgstr "DNS მოთხოვნების ჟურნალში ჩაწერა."
+
+#: option.c:441
+msgid "Force the originating port for upstream DNS queries."
+msgstr "აღმავალი DNS მოთხოვნების საწყისი პორტის ძალით დაყენება."
+
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
+#: option.c:443
+msgid "Do NOT read resolv.conf."
+msgstr "არ წაიკითხო resolv.conf."
+
+#: option.c:444
+#, c-format
+msgid "Specify path to resolv.conf (defaults to %s)."
+msgstr "მიუთითეთ ბილიკი resolv.conf-მდე (ნაგულისხმებია %s)."
+
+#: option.c:445
+msgid "Specify path to file with server= options"
+msgstr "პარამეტრისთვის server= ფაილის ბილიკის მითითება აუცილებელია"
+
+#: option.c:446
+msgid "Specify address(es) of upstream servers with optional domains."
+msgstr "არასავალდებული დომენების მქონე აღმავალი სერვერების მისამართების მითითება."
+
+#: option.c:447
+msgid "Specify address of upstream servers for reverse address queries"
+msgstr "რევერსული მისამართების მოთხოვნებისთვის აღმავალი სერვერების მისამართების მითითება"
+
+#: option.c:448
+msgid "Never forward queries to specified domains."
+msgstr "მითითებული დომენების მოთხოვნები არასდროს გადაიგზავნება."
+
+#: option.c:449
+msgid "Specify the domain to be assigned in DHCP leases."
+msgstr "მიუთითეთ DHCP -ის იჯარებში მისანიჭებელი დომენი."
+
+#: option.c:450
+msgid "Specify default target in an MX record."
+msgstr "მიუთითეთ MX ჩანაწერის ნაგულისხმები სამიზნე."
+
+#: option.c:451
+msgid "Specify time-to-live in seconds for replies from /etc/hosts."
+msgstr "მიუთითეთ /etc/hosts-დან პასუხების სიცოცხლის-დრო, წამებში."
+
+#: option.c:452
+msgid "Specify time-to-live in seconds for negative caching."
+msgstr "მიუთითეთ უარყოფითი ქეშის სიცოცხლის-დრო, წამებში."
+
+#: option.c:453
+msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
+msgstr "კლიენტებისთვის გასაგზავნი სიცოცხლის-დროის მითითება წამებში, მაქსიმალური TTL-ისთვის."
+
+#: option.c:454
+msgid "Specify time-to-live ceiling for cache."
+msgstr "ქეშის სიცოცხლის-დროის მაქსიმუმის მითითება."
+
+#: option.c:455
+msgid "Specify time-to-live floor for cache."
+msgstr "ქეშის სიცოცხლის-დროის მინიმუმის მითითება."
+
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
+#: option.c:457
+#, c-format
+msgid "Change to this user after startup. (defaults to %s)."
+msgstr "გაშვების შემდეგ ამ მომხმარებელზე გადასვლა (ნაგულისხმები %s)"
+
+#: option.c:458
+msgid "Map DHCP vendor class to tag."
+msgstr "DHCP-ის მომწოდებლის კლასის ჭდეზე მიბმა."
+
+#: option.c:459
+msgid "Display dnsmasq version and copyright information."
+msgstr "Dnsmasq-ის ვერსიის და ლიცენზირების ინფორმაციის გამოტანა."
+
+#: option.c:460
+msgid "Translate IPv4 addresses from upstream servers."
+msgstr "აღმავალი სერვერებიდან IPv4 მისამართების თარგმნა."
+
+#: option.c:461
+msgid "Specify a SRV record."
+msgstr "მიუთითეთ SRV ჩანაწერი."
+
+#: option.c:462
+msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
+msgstr "ამ შეტყობინების გამოტანა. ცნობილი DHCP პარამეტრების სანახავად გამოიყენეთ --help dhcp ან --help dhcp6 ."
+
+#: option.c:463
+#, c-format
+msgid "Specify path of PID file (defaults to %s)."
+msgstr "მიუთითეთ ბილიკი PID ფაილამდე (ნაგულისხმებია %s)."
+
+#: option.c:464
+#, c-format
+msgid "Specify maximum number of DHCP leases (defaults to %s)."
+msgstr "DHCP იჯარების მაქსიმალური რაოდენობის მითითება (ნაგულისხმებია %s)."
+
+#: option.c:465
+msgid "Answer DNS queries based on the interface a query was sent to."
+msgstr "DNS სერვერების პასუხი იმის მიხედვით, რომელი ინტერფეისიდან მოვიდა მოთხოვნა."
+
+#: option.c:466
+msgid "Specify TXT DNS record."
+msgstr "მიუთითეთ TXT DNS ჩანაწერი."
+
+#: option.c:467
+msgid "Specify PTR DNS record."
+msgstr "მიუთითეთ PTR DNS ჩანაწერი."
+
+#: option.c:468
+msgid "Give DNS name to IPv4 address of interface."
+msgstr "საჭიროა ინტერფეისის IPv4 მისამართისთვის DNS სახელის მინიჭება."
+
+#: option.c:469
+msgid "Bind only to interfaces in use."
+msgstr "მხოლოდ ჩართულ ინტერფეისებზე მიბმა."
+
+#: option.c:470
+#, c-format
+msgid "Read DHCP static host information from %s."
+msgstr "DHCP სტატიკური ჰოსტის ინფორმაციის %s-დან წაკითხვა."
+
+#: option.c:471
+msgid "Enable the DBus interface for setting upstream servers, etc."
+msgstr "აღმავალი სერვერების დასაყენებლად და სხვა ფუნქციონალისთვის DBus-ის ინტერფეისი ჩართეთ."
+
+#: option.c:472
+msgid "Enable the UBus interface."
+msgstr "UBus ინტერფეისის ჩართვა."
+
+#: option.c:473
+msgid "Do not provide DHCP on this interface, only provide DNS."
+msgstr "ამ ინტერფეისზე DHCP მიწოდებული არ იქნება. მხოლოდ DNS."
+
+#: option.c:474
+msgid "Enable dynamic address allocation for bootp."
+msgstr "\"bootp\"-სთვის დინამიკური მისამართების გამოყოფის ჩაართვა."
+
+#: option.c:475
+msgid "Map MAC address (with wildcards) to option set."
+msgstr "MAC მისამართის (ზოგადობის ნიშნებით) პარამეტრების ნაკრებისთვის მიბმა."
+
+#: option.c:476
+msgid "Treat DHCP requests on aliases as arriving from interface."
+msgstr "მეტსახელებიდან მოსული DHCP მოთხოვნების ისე დამუშავება, თითქოს ისინი ინტერფეისიდან მოვიდნენ."
+
+#: option.c:477
+msgid "Specify extra networks sharing a broadcast domain for DHCP"
+msgstr "DHCP-სთვის სამაუწყებლო დომენის გამზიარებელი დამატებითი ქსელების მითითება"
+
+#: option.c:478
+msgid "Disable ICMP echo address checking in the DHCP server."
+msgstr "DHCP სერვერში ICMP echo მისამართის შემოწმების გამორთვა."
+
+#: option.c:479
+msgid "Shell script to run on DHCP lease creation and destruction."
+msgstr "DHCP იჯარის შესაქმნელად ან წასაშლელად გასაშვები გარსის სკრიპტი."
+
+#: option.c:480
+msgid "Lua script to run on DHCP lease creation and destruction."
+msgstr "DHCP იჯარის შესაქმნელად ან წასაშლელად გასაშვები Lua სკრიპტი."
+
+#: option.c:481
+msgid "Run lease-change scripts as this user."
+msgstr "\"lease-change\" სკრიპტები ამ მომხმარებლით გაეშვება."
+
+#: option.c:482
+msgid "Call dhcp-script with changes to local ARP table."
+msgstr "\"dhcp-script\"-ის ლოკალურ ARP ცხრილში ცვლილებებით გამოძახება."
+
+#: option.c:483
+msgid "Read configuration from all the files in this directory."
+msgstr "კონფიგურაციის ამ საქაღალდეში მყოფი ყველა ფაილიდან წაკითხვა."
+
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr "ფაილის შესრულება და კონფიგურაციის stdin-დან წაკითხვა."
+
+#: option.c:485
+msgid "Log to this syslog facility or file. (defaults to DAEMON)"
+msgstr "ჟურნალის syslog-ში ან ფაილში ჩაწერა (ნაგულისხმებია DAEMON)"
+
+#: option.c:486
+msgid "Do not use leasefile."
+msgstr "იჯარების ფაილი გამოყენებული არ იქნება."
+
+#: option.c:487
+#, c-format
+msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
+msgstr "ერთდროული DNS მოთხოვნების მაქსიმალური რაოდენობა (ნაგულისხმებია %s)"
+
+#: option.c:488
+#, c-format
+msgid "Clear DNS cache when reloading %s."
+msgstr "%s-ის გადატვირთვისას DNS ქეშის გასუფთავება."
+
+#: option.c:489
+msgid "Ignore hostnames provided by DHCP clients."
+msgstr "DHCP კლიენტების მიერ მოწოდებული ჰოსტი სახელების იგორირება."
+
+#: option.c:490
+msgid "Do NOT reuse filename and server fields for extra DHCP options."
+msgstr "ფაილის სახელისა და სერვერის ველები DHCP პარამეტრებისთვის თავიდან გამოყენებული *არ* იქნება."
+
+#: option.c:491
+msgid "Enable integrated read-only TFTP server."
+msgstr "ჩაშენებული მხოლოდ-წაკითხვადი TFTP სერვერის ჩართვა."
+
+#: option.c:492
+msgid "Export files by TFTP only from the specified subtree."
+msgstr "TFTP-ით ფაილების მხოლოდ მითითებული ქვეხიდან გატანა."
+
+#: option.c:493
+msgid "Add client IP or hardware address to tftp-root."
+msgstr "\"tftp-root\" -ს კლიენტის ან აპარატურული მისამართი დაამატეთ."
+
+#: option.c:494
+msgid "Allow access only to files owned by the user running dnsmasq."
+msgstr "წვდომის მხოლოდ იმ ფაილებზე მინიჭება, რომლებიც იმ მომხმარებელს მიეკუთვნებიან, რომლითაც dnsmasq-ია გაშვებული."
+
+#: option.c:495
+msgid "Do not terminate the service if TFTP directories are inaccessible."
+msgstr "სერვისი იმ შემთხვევაშიც კი არ შეჩერდება, თუ TFTP-ის საქაღალდეები მიუწვდომელია."
+
+#: option.c:496
+#, c-format
+msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
+msgstr "ერთდროული TFTP გადაცემების მაქსიმალური რაოდენობა (ნაგულისხმებია %s)."
+
+#: option.c:497
+msgid "Maximum MTU to use for TFTP transfers."
+msgstr "TFTP გადაცემისთვის გამოყენებული მაქსიმალური MTU."
+
+#: option.c:498
+msgid "Disable the TFTP blocksize extension."
+msgstr "TFTP-ის blocksize გაფართოების გამორთვა."
+
+#: option.c:499
+msgid "Convert TFTP filenames to lowercase"
+msgstr "TFTP ფაილების სახელების დაბალ რეგისტრში გადაყვანა"
+
+#: option.c:500
+msgid "Ephemeral port range for use by TFTP transfers."
+msgstr "TFTP გადაცემების მიერ გამოყენებული ეფემერული პორტის დიაპაზონი."
+
+#: option.c:501
+msgid "Use only one port for TFTP server."
+msgstr "TFTP სერვერისთვის მხოლოდ ერთი პორტის გამოყენება."
+
+#: option.c:502
+msgid "Extra logging for DHCP."
+msgstr "ჟურნალის დამატებითი ჩანაწერები DHCP-სთვის."
+
+#: option.c:503
+msgid "Enable async. logging; optionally set queue length."
+msgstr "ასინქრონული ჟურნალის გამოყენება. შეგიძლიათ ასევე დააყენოთ რიგის სიგრძეც."
+
+#: option.c:504
+msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
+msgstr "DNS-ის თავიდან მიბმის შეწყვეტა. ამოხნისას პირადი IP დიაპაზონების გაფილტვრა."
+
+#: option.c:505
+msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
+msgstr "127.0.0.0/8-ის თავიდან მიბმის დაშვება, RBL სერვერებისთვის."
+
+#: option.c:506
+msgid "Inhibit DNS-rebind protection on this domain."
+msgstr "ამ დომენზე DNS-ის თავიდან მიბმის დაცვის მემკვიდრეობით მიღება."
+
+#: option.c:507
+msgid "Always perform DNS queries to all servers."
+msgstr "DNS მოთხოვნების ყველა სერვერისთვის ყოველთვის ჩატარება."
+
+#: option.c:508
+msgid "Set tag if client includes matching option in request."
+msgstr "ჭდის დაყენება, თუ კლიენტი მოთხოვნაში შესაბამის პარამეტრს შეიცავს."
+
+#: option.c:509
+msgid "Set tag if client provides given name."
+msgstr "თუ კლიენტი მოგვაწოდებს მითითებულ სახელს, ჭდის დაყენება."
+
+#: option.c:510
+msgid "Use alternative ports for DHCP."
+msgstr "DHCP-სთვის ალტერნატიული პორტების გამოყენება."
+
+#: option.c:511
+msgid "Specify NAPTR DNS record."
+msgstr "მიუთითეთ NAPTR DNS ჩანაწერი."
+
+#: option.c:512
+msgid "Specify lowest port available for DNS query transmission."
+msgstr "DNS მოთხოვნის გადაცემისთვის ხელმისაწვდომი პორტის უმცირესი ნომრის მითითება."
+
+#: option.c:513
+msgid "Specify highest port available for DNS query transmission."
+msgstr "DNS მოთხოვნის გადაცემისთვის ხელმისაწვდომი პორტის უდიდესი ნომრის მითითება."
+
+#: option.c:514
+msgid "Use only fully qualified domain names for DHCP clients."
+msgstr "DHCP კლიენტებისთვის მხოლოდ სრული დომენური სახელების გამოყენება."
+
+#: option.c:515
+msgid "Generate hostnames based on MAC address for nameless clients."
+msgstr "უსახელო კლიენტებისთვის MAC მისამართზე დაფუძნებული ჰოსტის სახელების გენერაცია."
+
+#: option.c:516
+msgid "Use these DHCP relays as full proxies."
+msgstr "ამ DHCP გადამგზავნების სრული პროქსის სახით გამოყენება."
+
+#: option.c:517
+msgid "Relay DHCP requests to a remote server"
+msgstr "DHCP მოთხოვნების სხვა სერვერზე გადაგზავნა"
+
+#: option.c:518
+msgid "Specify alias name for LOCAL DNS name."
+msgstr "მიუთითეთ მეტსახელი LOCAL DNS სახელისთვის."
+
+#: option.c:519
+msgid "Prompt to send to PXE clients."
+msgstr "PXE კლიენტებისთვის გასაგზავნი ტექსტი."
+
+#: option.c:520
+msgid "Boot service for PXE menu."
+msgstr "ჩატვირთვის სერვისი PXE მენიუსთვის."
+
+#: option.c:521
+msgid "Check configuration syntax."
+msgstr "შეამოწმეთ კონფიგურაციის სინტაქსი."
+
+#: option.c:522
+msgid "Add requestor's MAC address to forwarded DNS queries."
+msgstr "გადაგზავნილი DNS მოთხოვნებისთვის მომთხოვნის MAC მისამართის დამატება."
+
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr "მოთხოვნებიდან MAC ინფორმაციის მოცილება."
+
+#: option.c:524
+msgid "Add specified IP subnet to forwarded DNS queries."
+msgstr "გადაგზავნილი DNS მოთხოვნებისთვის მითითებული IP ქვექსელის დამატება."
+
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr "მოთხოვნებიდან ECS ინფორამციის მოცილება."
+
+#: option.c:526
+msgid "Add client identification to forwarded DNS queries."
+msgstr "გადაგზავნილი DNS მოთხოვნებისთვის კლიენტის იდენტიფიკატორის დამატება."
+
+#: option.c:527
+msgid "Proxy DNSSEC validation results from upstream nameservers."
+msgstr "აღმავალი DNS სერვერებიდან DNSSEC გადამოწმების შედეგების გადმოგზავნა."
+
+#: option.c:528
+msgid "Attempt to allocate sequential IP addresses to DHCP clients."
+msgstr "DHCP კლიენტებისთვის IP მისამართების მიმდევრობით გამოყოფის მცდელობა."
+
+#: option.c:529
+msgid "Ignore client identifier option sent by DHCP clients."
+msgstr "DHCP კლიენტების მიერ გამოგზავნილი კლიენტის იდენტიფიკატორის იგნორირება."
+
+#: option.c:530
+msgid "Copy connection-track mark from queries to upstream connections."
+msgstr "აღმავალი შეერთებებისთვის მოთხოვნებიდან Connection-mark ნიშნის კოპირება."
+
+#: option.c:531
+msgid "Allow DHCP clients to do their own DDNS updates."
+msgstr "DHCP კლიენტებისთვის საკუთარი DDNS განახლებების გაკეთების ნების დართვა."
+
+#: option.c:532
+msgid "Send router-advertisements for interfaces doing DHCPv6"
+msgstr "ინტერფეისიდან, რომელზეც DHCPv6-ია მიბმული, router-advertisements პაკეტის გაგზავნა"
+
+#: option.c:533
+msgid "Specify DUID_EN-type DHCPv6 server DUID"
+msgstr "მიუთითეთ DUID_EN-ტიპის DHCPv6 სერვერის DUID"
+
+#: option.c:534
+msgid "Specify host (A/AAAA and PTR) records"
+msgstr "მიუთითეთ ჰოსტის (A/AAAA და PTR) ჩანაწერები"
+
+#: option.c:535
+msgid "Specify host record in interface subnet"
+msgstr "ინტერფეისის ქვექსელში ჰოსტის ჩანაწერის მითითება აუცილებელია"
+
+#: option.c:536
+msgid "Specify certification authority authorization record"
+msgstr "სერტიფიკატის ორგანის ავტორიზაციის ჩანაწერის მითითება"
+
+#: option.c:537
+msgid "Specify arbitrary DNS resource record"
+msgstr "DNS-ის ტექსტური ჩანაწერის მითითება"
+
+#: option.c:538
+msgid "Bind to interfaces in use - check for new interfaces"
+msgstr "გამოყენებულ ინტერფეისზე მიბმა - ახალი ინტერფეისებს შემოწმება"
+
+#: option.c:539
+msgid "Export local names to global DNS"
+msgstr "ლოკალური სახელების გლობალურ DNS-ში გატანა"
+
+#: option.c:540
+msgid "Domain to export to global DNS"
+msgstr "გლობალურ DNS-ში გასატანი დომენი"
+
+#: option.c:541
+msgid "Set TTL for authoritative replies"
+msgstr "ავტორიტეტული პასუხებისთვის TTL-ის დაყენება"
+
+#: option.c:542
+msgid "Set authoritative zone information"
+msgstr "ავტორიტეტული ზონის ინფორმაციის დაყენება"
+
+#: option.c:543
+msgid "Secondary authoritative nameservers for forward domains"
+msgstr "მეორადი ავტორიტეტული DNS სერვერები დომენების გადასაგზავნად"
+
+#: option.c:544
+msgid "Peers which are allowed to do zone transfer"
+msgstr "პარტნიორები, რომლებსაც უფლება აქვთ, ზონის გადაცემა შეასრულონ"
+
+#: option.c:545
+msgid "Specify ipsets to which matching domains should be added"
+msgstr "მიუთითეთ ipset-ები, რომელშიც შესაბამისი დომენები უნდა დაემატოს"
+
+#: option.c:546
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr "მიუთითეთ nfstables-ის სეტი, რომელშიც შესაბამისი დომენები დაემატება"
+
+#: option.c:547
+msgid "Enable filtering of DNS queries with connection-track marks."
+msgstr "Connection-track ნიშნების მქონე DNS მოთხოვნების ფილტრაციის ჩართვა."
+
+#: option.c:548
+msgid "Set allowed DNS patterns for a connection-track mark."
+msgstr "Connection track ნიშნებისთვის DNS-ის ნებადართული შაბლონების დაყენება."
+
+#: option.c:549
+msgid "Specify a domain and address range for synthesised names"
+msgstr "აწყობილი სახელებისთვის დომენის და მისამართების დიაპაზონის მითითება"
+
+#: option.c:550
+msgid "Activate DNSSEC validation"
+msgstr "DNSSEC გადამოწმების აქტივაცია"
+
+#: option.c:551
+msgid "Specify trust anchor key digest."
+msgstr ""
+
+#: option.c:552
+msgid "Disable upstream checking for DNSSEC debugging."
+msgstr "DNSSEC-ის გასამართად აღმავლის შემოწმების გამორთვა."
+
+#: option.c:553
+msgid "Ensure answers without DNSSEC are in unsigned zones."
+msgstr "დარწმუნდით, რომ DNSSEC-ის გარეშე პასუხები ხელმოუწერელ ზონებშია."
+
+#: option.c:554
+msgid "Don't check DNSSEC signature timestamps until first cache-reload"
+msgstr "პირველ cache-reload-მდე DNSSEC-ის ხელმოწერის დროის შტამპები არ შემოწმდება"
+
+#: option.c:555
+msgid "Timestamp file to verify system clock for DNSSEC"
+msgstr "DNSSEC-ისთვის სისტემის საათის შესამოწმებელი დროის შტამპის ფაილი"
+
+#: option.c:556
+msgid "Set MTU, priority, resend-interval and router-lifetime"
+msgstr "დააყენეთ MTU, პრიორიტეტი, resend-interval და router-lifetime"
+
+#: option.c:557
+msgid "Do not log routine DHCP."
+msgstr "DHCP-ის ფუნქციები ჟურნალში არ ჩაიწერება."
+
+#: option.c:558
+msgid "Do not log routine DHCPv6."
+msgstr "DHCPv6-ის ფუნქციები ჟურნალში არ ჩაიწერება."
+
+#: option.c:559
+msgid "Do not log RA."
+msgstr "RA ჟურნალში არ ჩაიწერება."
+
+#: option.c:560
+msgid "Log debugging information."
+msgstr "გამართვის ინფორმაციის ჟურნალში ჩაწერა."
+
+#: option.c:561
+msgid "Accept queries only from directly-connected networks."
+msgstr "მოთხოვნების მხოლოდ პირდაპირ-დაერთებული ქსელებიდან მიღება."
+
+#: option.c:562
+msgid "Detect and remove DNS forwarding loops."
+msgstr "DNS-ის გადაგზავნის მარყუჟების აღმოჩენა და მოცილება."
+
+#: option.c:563
+msgid "Ignore DNS responses containing ipaddr."
+msgstr "IP მისამართის შემცველი DNS პასუხების იგნორი."
+
+#: option.c:564
+msgid "Set TTL in DNS responses with DHCP-derived addresses."
+msgstr "DHCP-ით დაცემულ მისამართებთან ერთად DNS პასუხებში TTL-ის დაყენება."
+
+#: option.c:565
+msgid "Delay DHCP replies for at least number of seconds."
+msgstr "DHCP პასუხების გადაგზავნის მითითებული წამების რაოდენობით დაყოვნება."
+
+#: option.c:566
+msgid "Enables DHCPv4 Rapid Commit option."
+msgstr "DHCPv4-ის Rapid Commit პარამეტრის ჩართვა."
+
+#: option.c:567
+msgid "Path to debug packet dump file"
+msgstr "ბილიკი გამართვის პაკეტის ჩასაწერ ფაილამდე"
+
+#: option.c:568
+msgid "Mask which packets to dump"
+msgstr "ჩასაწერი პაკეტების შენიღბვა"
+
+#: option.c:569
+msgid "Call dhcp-script when lease expiry changes."
+msgstr "იჯარის ვადის ცვლილებსას dhcp-script -ის გამოძახება."
+
+#: option.c:570
+msgid "Send Cisco Umbrella identifiers including remote IP."
+msgstr "Cisco Umbrella იდენტიფიკატორების, დაშორებული IP-ის ჩათვლით, გაგზავნა."
+
+#: option.c:571
+msgid "Do not log routine TFTP."
+msgstr "\"TFTP\" რუტინები ჟურნალში არ ჩაიწერება."
+
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
+#: option.c:802
+#, c-format
+msgid ""
+"Usage: dnsmasq [options]\n"
+"\n"
+msgstr ""
+"გამოყენება: dnsmasq [პარამეტრები]\n"
+"\n"
+
+#: option.c:804
+#, c-format
+msgid "Use short options only on the command line.\n"
+msgstr "მოკლე პარამეტრების მხოლოდ ბრძანებების სტრიქონში გამოყენება.\n"
+
+#: option.c:806
+#, c-format
+msgid "Valid options are:\n"
+msgstr "სწორი პარამეტრებია:\n"
+
+#: option.c:853 option.c:1055
+msgid "bad address"
+msgstr "ცუდი მისამართი"
+
+#: option.c:882 option.c:886
+msgid "bad port"
+msgstr "არასწორი პორტი"
+
+#: option.c:899 option.c:1002 option.c:1048
+msgid "interface binding not supported"
+msgstr "ინტერფეისზე მიბმა მხარდაუჭერელია"
+
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
+msgid "interface can only be specified once"
+msgstr "ინტერფეისი მხოლოდ ერთხელ შეგიძლიათ მიუთითოთ"
+
+#: option.c:1011 option.c:4785
+msgid "bad interface name"
+msgstr "ინტერფეისის არასწორი სახელი"
+
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
+msgstr ""
+
+#: option.c:1124
+msgid "bad IPv4 prefix length"
+msgstr "არასწორი IPv4 პრეფიქსის სიგრძე"
+
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr "შეცდომა"
+
+#: option.c:1207
+msgid "bad IPv6 prefix length"
+msgstr "არასწორი IPv6 პრეფიქსის სიგრძე"
+
+#: option.c:1467
+msgid "inappropriate vendor:"
+msgstr "შეუფერებელი მომწოდებელი:"
+
+#: option.c:1474
+msgid "inappropriate encap:"
+msgstr "შეუფერებელი ენკაფსულაცია:"
+
+#: option.c:1500
+msgid "unsupported encapsulation for IPv6 option"
+msgstr "მხარდაუჭერელი ენკაფსულაცია IPv6 პარამეტრისთვის"
+
+#: option.c:1514
+msgid "bad dhcp-option"
+msgstr "არასწორი dhcp-option"
+
+#: option.c:1592
+msgid "bad IP address"
+msgstr "არასწორი IP მისამართი"
+
+#: option.c:1595 option.c:1734 option.c:3928
+msgid "bad IPv6 address"
+msgstr "არასწორი IPv6 მისამართი"
+
+#: option.c:1688
+msgid "bad IPv4 address"
+msgstr "არასწორი IPv4 მისამართ"
+
+#: option.c:1761 option.c:1856
+msgid "bad domain in dhcp-option"
+msgstr "dhcp-option-ში მითითებული დომენი არასწორია"
+
+#: option.c:1900
+msgid "dhcp-option too long"
+msgstr "dhcp-option ძალიან გრძელია"
+
+#: option.c:1907
+msgid "illegal dhcp-match"
+msgstr "არასწორი dhcp-match"
+
+#: option.c:1966
+msgid "illegal repeated flag"
+msgstr "არასწორი გამეორებული ალამი"
+
+#: option.c:1974
+msgid "illegal repeated keyword"
+msgstr "არასწორი გამეორებული საკვანზო სიტყვა"
+
+#: option.c:2056 option.c:5533
+#, c-format
+msgid "cannot access directory %s: %s"
+msgstr "%s საქაღალდესთან წვდომის შეცდომა: %s"
+
+#: option.c:2102 tftp.c:573 dump.c:72
+#, c-format
+msgid "cannot access %s: %s"
+msgstr "%s-სთან წვდომის შეცდომა: %s"
+
+#: option.c:2219
+msgid "setting log facility is not possible under Android"
+msgstr "ჟურნალის დონეების მითითება Android_ის ქვეშ შეუძლებელია"
+
+#: option.c:2228
+msgid "bad log facility"
+msgstr "ჟურნალის არასწორი სამიზნე"
+
+#: option.c:2281
+msgid "bad MX preference"
+msgstr "არასწორი MX პრიორიტეტი"
+
+#: option.c:2289
+msgid "bad MX name"
+msgstr "არასწორი MX სახელი"
+
+#: option.c:2304
+msgid "bad MX target"
+msgstr "არასწორი MX სამიზნე"
+
+#: option.c:2324
+msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
+msgstr "lease-change სკრიპტების ჩასართავად კონფიგურაციაში ჩართეთ HAVE_SCRIPT და ააგეთ პროგრამა თავიდან"
+
+#: option.c:2328
+msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
+msgstr "lua სკრიპტების ჩასართავად კონფიგურაციაში ჩართეთ HAVE_LUASCRIPT და ააგეთ პროგრამა თავიდან"
+
+#: option.c:2447
+msgid "invalid auth-zone"
+msgstr "auth-zone არასწორია"
+
+#: option.c:2589 option.c:2621
+msgid "bad prefix length"
+msgstr "არასწორი პრეფიქსის სიგრძე"
+
+#: option.c:2601 option.c:2642 option.c:2696
+msgid "bad prefix"
+msgstr "არასწორი პრეფიქსი"
+
+#: option.c:2716
+msgid "prefix length too small"
+msgstr "პრეფიქსის სიგრძე ძალიან პატარაა"
+
+#: option.c:3010
+msgid "Bad address in --address"
+msgstr "არასწორი მისამართი --address -ში"
+
+#: option.c:3110
+msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+msgstr "ipset-ის დირექტივების ჩასართავად კონფიგურაციაში ჩართეთ HAVE_IPSET და ააგეთ პროგრამა თავიდან"
+
+#: option.c:3117
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
+msgstr "nftset-ის დირექტივების ჩასართავად კონფიგურაციაში ჩართეთ HAVE_NFTSET და ააგეთ პროგრამა თავიდან"
+
+#: option.c:3192 option.c:3210
+msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
+msgstr "connmark-allowlist-ის დირექტივების ჩასართავად კონფიგურაციაში ჩართეთ HAVE_CONNTRACK და ააგეთ პროგრამა თავიდან"
+
+#: option.c:3496
+msgid "bad port range"
+msgstr "არასწორი პორტის დიაპაზონი"
+
+#: option.c:3522
+msgid "bad bridge-interface"
+msgstr "არასწორი bridge-interface"
+
+#: option.c:3566
+msgid "bad shared-network"
+msgstr "არასწორი shared-network"
+
+#: option.c:3620
+msgid "only one tag allowed"
+msgstr "დაშვებულია მხოლოდ ერთი ჭდე"
+
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
+msgid "bad dhcp-range"
+msgstr "არასწორი dhcp-range"
+
+#: option.c:3675
+msgid "inconsistent DHCP range"
+msgstr "არამდგრადი DHCP დიაპაზონი"
+
+#: option.c:3741
+msgid "prefix length must be exactly 64 for RA subnets"
+msgstr "\"RA\" ქვექსელებისთვის პრეფიქსის სიგრძე ზუსტად 64-ის ტოლი უნდა იყოს"
+
+#: option.c:3743
+msgid "prefix length must be exactly 64 for subnet constructors"
+msgstr "ქვექსელის კონსტრუქტორებისთვის პრეფიქსის სიგრძე ზუსტად 64-ის ტოლი უნდა იყოს"
+
+#: option.c:3746
+msgid "prefix length must be at least 64"
+msgstr "პრეფიქსის სიგრძე მინიმუმ 64-ის ტოლი უნდა იყოს"
+
+#: option.c:3749
+msgid "inconsistent DHCPv6 range"
+msgstr "არამდგრადი DHCPv6 დიაპაზონი"
+
+#: option.c:3768
+msgid "prefix must be zero with \"constructor:\" argument"
+msgstr "პრეფიქსი \"constructor:\" არგუმენტთან ერთად ნულის ტოლი უნდა იყოს"
+
+#: option.c:3893 option.c:3971
+msgid "bad hex constant"
+msgstr "არასწორი თექვს, კონსტანტა"
+
+#: option.c:3946
+msgid "bad IPv6 prefix"
+msgstr "არასწორი IPv6 პრეფიქსი"
+
+#: option.c:3994
+#, c-format
+msgid "duplicate dhcp-host IP address %s"
+msgstr "dhcp-host-ის IP მისამართი %s ორჯერაა მითითებული"
+
+#: option.c:4056
+msgid "bad DHCP host name"
+msgstr "არასწორი DHCP ჰოსტის სახელი"
+
+#: option.c:4142
+msgid "bad tag-if"
+msgstr "არასწორი tag-if"
+
+#: option.c:4490 option.c:5046
+msgid "invalid port number"
+msgstr "პორტის არასწორი ნომერი"
+
+#: option.c:4546
+msgid "bad dhcp-proxy address"
+msgstr "არასწორი dhcp-proxy მისამართი"
+
+#: option.c:4627
+msgid "Bad dhcp-relay"
+msgstr "არასწორი dhcp-relay"
+
+#: option.c:4671
+msgid "bad RA-params"
+msgstr "არასწორი RA-params"
+
+#: option.c:4681
+msgid "bad DUID"
+msgstr "არასწორი DUID"
+
+#: option.c:4715
+msgid "missing address in alias"
+msgstr "მეტსახელში მისამართი მითითებული არაა"
+
+#: option.c:4721
+msgid "invalid alias range"
+msgstr "მეტსახელების არასწორი დიაპაზონი"
+
+#: option.c:4770
+msgid "missing address in dynamic host"
+msgstr "დინამიკურ ჰოსტში მისამართი მითითებული არაა"
+
+#: option.c:4785
+msgid "bad dynamic host"
+msgstr "ცუდი დინამიკური ჰოსტი"
+
+#: option.c:4803 option.c:4819
+msgid "bad CNAME"
+msgstr "არასწორი CNAME"
+
+#: option.c:4827
+msgid "duplicate CNAME"
+msgstr "დუბლირებული CNAME"
+
+#: option.c:4854
+msgid "bad PTR record"
+msgstr "ცუდი PTR ჩანაწერი"
+
+#: option.c:4889
+msgid "bad NAPTR record"
+msgstr "არასწორი NAPTR ჩანაწერი"
+
+#: option.c:4925
+msgid "bad RR record"
+msgstr "ცუდი RR ჩანაწერი"
+
+#: option.c:4958
+msgid "bad CAA record"
+msgstr "ცუდი CAA ჩანაწერი"
+
+#: option.c:4987
+msgid "bad TXT record"
+msgstr "ცუდი TXT ჩანაწერი"
+
+#: option.c:5030
+msgid "bad SRV record"
+msgstr "ცუდი SRV ჩანაწერი"
+
+#: option.c:5037
+msgid "bad SRV target"
+msgstr "ცუდი SRV სამიზნე"
+
+#: option.c:5056
+msgid "invalid priority"
+msgstr "არასწორი პრიორიტეტი"
+
+#: option.c:5061
+msgid "invalid weight"
+msgstr "არასწორი წონა"
+
+#: option.c:5084
+msgid "Bad host-record"
+msgstr "არასწორი host-record"
+
+#: option.c:5123
+msgid "Bad name in host-record"
+msgstr "არასწორი სახელი host-record -ში"
+
+#: option.c:5165
+msgid "bad value for dnssec-check-unsigned"
+msgstr "dnssec-check-unsigned-ის არასწორი მნიშვნელობა"
+
+#: option.c:5201
+msgid "bad trust anchor"
+msgstr ""
+
+#: option.c:5217
+msgid "bad HEX in trust anchor"
+msgstr ""
+
+#: option.c:5228
+msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
+msgstr "მხარდაუჭერელი პარამეტრი (შეამოწმეთ, dnsmasq აგებულია, თუ არა DHCP/TFTP/DNSSEC/DBus-ის მხარდაჭერით)"
+
+#: option.c:5290
+msgid "missing \""
+msgstr "აკლია \""
+
+#: option.c:5347
+msgid "bad option"
+msgstr "არასწორი პარამეტრი"
+
+#: option.c:5349
+msgid "extraneous parameter"
+msgstr "დამატებითი პარამეტრი"
+
+#: option.c:5351
+msgid "missing parameter"
+msgstr "ნაკლული პარამეტრი"
+
+#: option.c:5353
+msgid "illegal option"
+msgstr "დაუშვებელი პარამეტრი"
+
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
+msgstr " %s-ის გამოტანილში"
+
+#: option.c:5365
+#, c-format
+msgid " at line %d of %s"
+msgstr " %2$s-ის %1$d -ე ხაზზე"
+
+#: option.c:5380 option.c:5683 option.c:5694
+#, c-format
+msgid "read %s"
+msgstr "%s წავიკითხე"
+
+#: option.c:5446
+#, c-format
+msgid "cannot execute %s: %s"
+msgstr "%s-ის შესრულების შეცდომა: %s"
+
+#: option.c:5454 option.c:5615 tftp.c:790
+#, c-format
+msgid "cannot read %s: %s"
+msgstr "%s -ის წაკითხვის შეცდომა: %s"
+
+#: option.c:5473
+#, c-format
+msgid "error executing %s: %s"
+msgstr "შესრულების შეცდომა %s: %s"
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr "%s არანულოვან შეცდომის კოდს აბრუნებს"
+
+#: option.c:5775
+msgid "junk found in command line"
+msgstr "ბრძანების სტრიქონში ნაპოვნია ნაგავი"
+
+#: option.c:5815
+#, c-format
+msgid "Dnsmasq version %s  %s\n"
+msgstr "Dnsmasq -ის ვერსია %s  %s\n"
+
+#: option.c:5816
+#, c-format
+msgid ""
+"Compile time options: %s\n"
+"\n"
+msgstr ""
+"აგების პარამეტრები: %s\n"
+"\n"
+
+#: option.c:5817
+#, c-format
+msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
+msgstr "ეს პროგრამა ყველანაირი გარანტიის გარეშეა.\n"
+
+#: option.c:5818
+#, c-format
+msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
+msgstr "Dnsmasq უფასო პროგრამაა და თავისუფლად შეგიძლიათ, გაავრცელოთ ის\n"
+
+#: option.c:5819
+#, c-format
+msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
+msgstr "ვრცელდება GNU საჯარო ლიცენზიით, ვერსია 2 ან 3.\n"
+
+#: option.c:5836
+msgid "try --help"
+msgstr "სცადეთ --help"
+
+#: option.c:5838
+msgid "try -w"
+msgstr "სცადეთ -w"
+
+#: option.c:5840
+#, c-format
+msgid "bad command line options: %s"
+msgstr "ბრძანების სტრიქონის არასწორი პარამეტრები: %s"
+
+#: option.c:5909
+#, c-format
+msgid "CNAME loop involving %s"
+msgstr "CNAME-ის მარყუჟი %s -ის მონაწილეობით"
+
+#: option.c:5950
+#, c-format
+msgid "cannot get host-name: %s"
+msgstr "host-name -ის მიღების შეცდომა: %s"
+
+#: option.c:5978
+msgid "only one resolv.conf file allowed in no-poll mode."
+msgstr "no-poll რეჟიმში მხოლოდ ერთი resolv.conf-ის მითითებაა შესაძლებელი."
+
+#: option.c:5988
+msgid "must have exactly one resolv.conf to read domain from."
+msgstr "დომენის წასაკითხად საჭიროა ზუსტად ერთი resolv.conf-ის ქონა."
+
+#: option.c:5991 network.c:1727 dhcp.c:892
+#, c-format
+msgid "failed to read %s: %s"
+msgstr "%s-ის წაკითხვის შეცდომა: %s"
+
+#: option.c:6008
+#, c-format
+msgid "no search directive found in %s"
+msgstr "%s-ში ძებნის დირექტივა ნაპოვნი არა"
+
+#: option.c:6029
+msgid "there must be a default domain when --dhcp-fqdn is set"
+msgstr "როცა --dhcp-fqdn დაყენებულია, ნაგულისხმები დომენის არსებობა აუცილებელია"
+
+#: option.c:6038
+msgid "syntax check OK"
+msgstr "სინტაქსის გადამოწმება წარმატებით დასრულდა"
+
+#: forward.c:107
+#, c-format
+msgid "failed to send packet: %s"
+msgstr "პაკეტის გაგზავნის შეცდომა: %s"
+
+#: forward.c:715
+msgid "discarding DNS reply: subnet option mismatch"
+msgstr "\"DNS\" პასუხის გაუქმება: ქვექსელის პარამეტრი არ ემთხვევა"
+
+#: forward.c:780
+#, c-format
+msgid "nameserver %s refused to do a recursive query"
+msgstr "სერვერი %s რეკურსიული მოთხოვნის შესრულებაზე უარს აცხადებს"
+
+#: forward.c:826
+#, c-format
+msgid "possible DNS-rebind attack detected: %s"
+msgstr "აღმოჩენილია შესაძლო DNS-rebind შეტევა: %s"
+
+#: forward.c:1239
+#, c-format
+msgid "reducing DNS packet size for nameserver %s to %d"
+msgstr "სერვერისთვის %s DNS პაკეტის ზომის %d-მდე შემცირება"
+
+#: forward.c:1565
+#, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
+msgstr "არა-ლოკალური ქსელიდან (%s) მოსული მოთხოვნის იგნორირება (ჟურნალში იწერება მხოლოდ ერთხელ)"
+
+#: forward.c:2139
+#, c-format
+msgid "ignoring query from non-local network %s"
+msgstr "არალოკალური ქსელიდან (%s) მოსული მოთხოვნის იგნორირება"
+
+#: forward.c:2501
+#, c-format
+msgid "failed to bind server socket to %s: %s"
+msgstr "სერვერის სოკეტის %s-ზე მიბმის შეცდომა: %s"
+
+#: forward.c:2867
+#, c-format
+msgid "Maximum number of concurrent DNS queries reached (max: %d)"
+msgstr "მიღწეულია ერთდრული DNS მოთხოვნების ლიმიტი (მაქს: %d)"
+
+#: forward.c:2869
+#, c-format
+msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
+msgstr "მიღწეულია %s-მდე ერთდროული DNS მოთხოვნების ლიმიტი (მაქს: %d)"
+
+#: network.c:700
+#, c-format
+msgid "stopped listening on %s(#%d): %s port %d"
+msgstr "მოსმენა შეწყდა: %s(#%d): %s პორტი %d"
+
+#: network.c:911
+#, c-format
+msgid "failed to create listening socket for %s: %s"
+msgstr "%s-სთვის მოსასმენი სოკეტის შექმნის შეცდომა: %s"
+
+#: network.c:1192
+#, c-format
+msgid "listening on %s(#%d): %s port %d"
+msgstr "ვუსმენ %s(#%d)-ზე: %s პორტი %d"
+
+#: network.c:1219
+#, c-format
+msgid "listening on %s port %d"
+msgstr "ვუსმენ %s -ზე, პორტი %d"
+
+#: network.c:1252
+#, c-format
+msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
+msgstr "ხმამაღალი გაფრთხილება: %s-ზე მოსმენამ მოთხოვნების %s-ის გარდა სხვა ინტერფეისებიდანაც მიღებაც შეიძლება გამოიწვიოს"
+
+#: network.c:1259
+msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
+msgstr "ხმამაღალი გაფრთხილება: ამ ინტერფეისებიდან DNS-ით გაძლიერებული შეტევების თავიდან ასაცილებლად --bind-dynamic -ის მაგიერ --bind-interfaces გამოიყენეთ"
+
+#: network.c:1268
+#, c-format
+msgid "warning: using interface %s instead"
+msgstr "გაფრთხილება: სამაგიეროდ გამოიყენება ინტერფეისი %s"
+
+#: network.c:1277
+#, c-format
+msgid "warning: no addresses found for interface %s"
+msgstr "გაფრთხილება: ინტერფეისისთვის (%s) მისამართის პოვნა შეუძლებელია"
+
+#: network.c:1335
+#, c-format
+msgid "interface %s failed to join DHCPv6 multicast group: %s"
+msgstr "ინტერფეისის (%s) შეცდომა DHCPv6-ის მულტიკასტის ჯგუფში გაწევრებისას: %s"
+
+#: network.c:1340
+msgid "try increasing /proc/sys/net/core/optmem_max"
+msgstr "სცადეთ გაზარდოთ /proc/sys/net/core/optmem_max"
+
+#: network.c:1545
+#, c-format
+msgid "failed to bind server socket for %s: %s"
+msgstr "%s-სთვის სერვერის სოკეტის მიბმის შეცდომა: %s"
+
+#: network.c:1622
+#, c-format
+msgid "ignoring nameserver %s - local interface"
+msgstr "\"DNS\" სერვერის (%s) იგნორი - ლოკალური ინტერფეისი"
+
+#: network.c:1633
+#, c-format
+msgid "ignoring nameserver %s - cannot make/bind socket: %s"
+msgstr "\"DNS\" სერვერის (%s) იგნორი - სოკეტის შექმნის/მიბმის შეცდომა: %s"
+
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr "აღწერილი მეტი სერვერია, მაგრამ ჟურნალში არ იწერება"
+
+#: network.c:1654
+msgid "(no DNSSEC)"
+msgstr "(DNSSEC-ის გარეშე)"
+
+#: network.c:1657
+msgid "unqualified"
+msgstr "არაკვალიფიციური"
+
+#: network.c:1657
+msgid "names"
+msgstr "სახელები"
+
+#: network.c:1659
+msgid "default"
+msgstr "ნაგულისხმები"
+
+#: network.c:1661
+msgid "domain"
+msgstr "დომენი"
+
+#: network.c:1663
+#, c-format
+msgid "using nameserver %s#%d for %s %s%s %s"
+msgstr "გამოიყენება DNS სერვერი %s#%d -ი %s %s%s %s -სთვის"
+
+#: network.c:1667
+#, c-format
+msgid "NOT using nameserver %s#%d - query loop detected"
+msgstr "DNS სერვერი გამოყენებული *არ* იქნება %s#%d - აღმოჩენილია მოთხოვნის მარყუჟი"
+
+#: network.c:1670
+#, c-format
+msgid "using nameserver %s#%d(via %s)"
+msgstr "გამოიყენება DNS სერვერ %s#%d(%s-ის გავლით)"
+
+#: network.c:1672
+#, c-format
+msgid "using nameserver %s#%d"
+msgstr "გამოიყენება DNS სერვერი %s#%d"
+
+#: network.c:1687
+#, c-format
+msgid "using only locally-known addresses for %s"
+msgstr "%s-სთვის მხოლოდ ლოკალურად-ცნობილი მისამართების დაყენება"
+
+#: network.c:1690
+#, c-format
+msgid "using standard nameservers for %s"
+msgstr "%s-სთვის სტანდარტული DNS სერვერები გამოიყენება"
+
+#: network.c:1694
+#, c-format
+msgid "using %d more local addresses"
+msgstr "გამოიყენება კიდევ %d ლოკალური მისამართი"
+
+#: network.c:1696
+#, c-format
+msgid "using %d more nameservers"
+msgstr "გამოიყენება კიდევ %d DNS სერვერი"
+
+#: dnsmasq.c:192
+msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
+msgstr "dhcp-hostsdir, dhcp-optsdir და hostsdir ამ პლატფორმაზე მხარდაჭერილი არაა"
+
+#: dnsmasq.c:207
+msgid "no root trust anchor provided for DNSSEC"
+msgstr ""
+
+#: dnsmasq.c:210
+msgid "cannot reduce cache size from default when DNSSEC enabled"
+msgstr "ნაგულისხმები ქეშის ზომის შეცვლა მაშინ, როცა DNSSEC ჩართულია, შეუძლებელია"
+
+#: dnsmasq.c:212
+msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
+msgstr "DNSSEC მიუწვდომელია: დააყენეთ HAVE_DNSSEC src/config.h -ში"
+
+#: dnsmasq.c:218
+msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
+msgstr "TFTP სერვერი მიუწვდომელია: დააყენეთ HAVE_TFTP src/config.h -ში"
+
+#: dnsmasq.c:225
+msgid "cannot use --conntrack AND --query-port"
+msgstr "--conntrack -ისა და --query-port -ის ერთად გამოყენება შეუძლებელია"
+
+#: dnsmasq.c:231
+msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
+msgstr "conntrack-ის მხარდაჭერა მიუწვდომელია: დააყენეთ HAVE_CONNTRACK ფაილში src/config.h"
+
+#: dnsmasq.c:236
+msgid "asynchronous logging is not available under Solaris"
+msgstr "solaris-ში ასინქრონული ჟურნალი ხელმიუწვდომელია"
+
+#: dnsmasq.c:241
+msgid "asynchronous logging is not available under Android"
+msgstr "android-ში ასინქრონული ჟურნალი ხელმიუწვდომელია"
+
+#: dnsmasq.c:246
+msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
+msgstr "ავტორიტეტული DNS მიუწვდომელია: დააყენეთ HAVE_AUTH src/confg.h-ში"
+
+#: dnsmasq.c:251
+msgid "loop detection not available: set HAVE_LOOP in src/config.h"
+msgstr "მარყუჟის აღმოჩენა ხელმიუწვდომელია: დააყენეთ HAVE_LOOP src/config.h -ში"
+
+#: dnsmasq.c:256
+msgid "Ubus not available: set HAVE_UBUS in src/config.h"
+msgstr "Ubus-ის მხარდაჭერა მიუწვდომელია: დააყენეთ HAVE_UBUS ფაილში src/config.h"
+
+#: dnsmasq.c:267
+msgid "max_port cannot be smaller than min_port"
+msgstr "max_port-ის მნიშვნელობა min_port-ზე მცირე ვერ იქნება"
+
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
+msgid "--auth-server required when an auth zone is defined."
+msgstr "--auth-server აუცილებელია, როცა ავთენტიკაციის ზონა აღწერილია."
+
+#: dnsmasq.c:283
+msgid "zone serial must be configured in --auth-soa"
+msgstr "ზონის სერიული აუცილებლად უნდა მიუთითოთ --auth-soa -ში"
+
+#: dnsmasq.c:303
+msgid "dhcp-range constructor not available on this platform"
+msgstr "dhcp-range -ის კონსტრუქტორი ამ პლატფორმაზე ხელმიუწვდომელია"
+
+#: dnsmasq.c:377
+msgid "cannot set --bind-interfaces and --bind-dynamic"
+msgstr "--bind-interfaces -ისა და --bind-dyanamic -ის ერთად გამოყენება შეუძლებელია"
+
+#: dnsmasq.c:380
+#, c-format
+msgid "failed to find list of interfaces: %s"
+msgstr "ინტერფეისების სიის პოვნა შეუძლებელია: %s"
+
+#: dnsmasq.c:389
+#, c-format
+msgid "unknown interface %s"
+msgstr "უცნობი ინტერფეისი %s"
+
+#: dnsmasq.c:396
+#, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr "შეცდომა DHCP სოკეტზე SO_BINDTODEVICE-ის დაყენებისას: %s"
+
+#: dnsmasq.c:440
+msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
+msgstr "პაკეტების ჩაწერა ხელმიუწვდომელია. დააყენეთ HAVE_DUMP src/config.h-ში"
+
+#: dnsmasq.c:448 dnsmasq.c:1232
+#, c-format
+msgid "DBus error: %s"
+msgstr "DBus-ის შეცდომა: %s"
+
+#: dnsmasq.c:451
+msgid "DBus not available: set HAVE_DBUS in src/config.h"
+msgstr "DBUS ხელმიუწვდომელია: დააყენეთ HAVE_DBUS src/config.h-ში"
+
+#: dnsmasq.c:459 dnsmasq.c:1253
+#, c-format
+msgid "UBus error: %s"
+msgstr "UBus -ის შეცდომა: %s"
+
+#: dnsmasq.c:462
+msgid "UBus not available: set HAVE_UBUS in src/config.h"
+msgstr "UBUS ხელმიუწვდომელია: დააყენეთ HAVE_UBUS src/config.h-ში"
+
+#: dnsmasq.c:492
+#, c-format
+msgid "unknown user or group: %s"
+msgstr "უცნობი მომხმარებელი ან ჯგუფი: %s"
+
+#: dnsmasq.c:568
+#, c-format
+msgid "process is missing required capability %s"
+msgstr "პროცესს აუცილებელი შესაძლებლობა აკლია: %s"
+
+#: dnsmasq.c:600
+#, c-format
+msgid "cannot chdir to filesystem root: %s"
+msgstr "ფაილური სისტემის საწყის საქაღალდეში chdir-ის შეცდომა: %s"
+
+#: dnsmasq.c:852
+#, c-format
+msgid "started, version %s DNS disabled"
+msgstr "გაეშვა, ვერსია %s DNS გამორთულია"
+
+#: dnsmasq.c:857
+#, c-format
+msgid "started, version %s cachesize %d"
+msgstr "გაეშვა, ვერსია %s ქეშის ზომაა %d"
+
+#: dnsmasq.c:859
+msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
+msgstr "თუ ქეშის ზომა 10000-ზე დიდია, მას წარმადობის პრობლემები შეუძლია გამოიწვიოს, სარგებლობა კი ნაკლებად."
+
+#: dnsmasq.c:862
+#, c-format
+msgid "started, version %s cache disabled"
+msgstr "გაეშვა, ვერსია %s ქეში გამორთულია"
+
+#: dnsmasq.c:865
+msgid "DNS service limited to local subnets"
+msgstr "DNS სერვისი შეზღუდულია ლოკალურ ქვექსელებამდე"
+
+#: dnsmasq.c:868
+#, c-format
+msgid "compile time options: %s"
+msgstr "აგების პარამეტრები: %s"
+
+#: dnsmasq.c:877
+msgid "DBus support enabled: connected to system bus"
+msgstr "DBUS-ის მხარდაჭერა ჩართულია: სისტემურ მატარებელზე დაერთება წარმატებულია"
+
+#: dnsmasq.c:879
+msgid "DBus support enabled: bus connection pending"
+msgstr "DBUS-ის მხარდაჭერა ჩართულია: სისტემურ მატარებელზე დაერთების მოლოდინი"
+
+#: dnsmasq.c:887
+msgid "UBus support enabled: connected to system bus"
+msgstr "UBUS-ის მხარდაჭერა ჩართულია: სისტემურ მატარებელზე დაერთება წარმატებულია"
+
+#: dnsmasq.c:889
+msgid "UBus support enabled: bus connection pending"
+msgstr "UBUS-ის მხარდაჭერა ჩართულია: სისტემურ მატარებელზე დაერთების მოლოდინი"
+
+#: dnsmasq.c:909
+msgid "DNSSEC validation enabled but all unsigned answers are trusted"
+msgstr "DNSSEC გადამოწმება ჩართულია, მაგრამ ყველა ხელმოუწერელი პასუხი, როგორც სანდოა გამოცხადებული"
+
+#: dnsmasq.c:911
+msgid "DNSSEC validation enabled"
+msgstr "DNSSEC -ის გადამოწმება ჩართულია"
+
+#: dnsmasq.c:915
+msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
+msgstr "DNSSEC-ის ხელმოწერის დროის შტამპები SIGINT-ის მიღებამდე არ მოწმდება"
+
+#: dnsmasq.c:918
+msgid "DNSSEC signature timestamps not checked until system time valid"
+msgstr "DNSSEC-ის ხელმოწერის დროის შტამპები არ მოწმდება, სანამ სისტემური დრო სწორი არაა"
+
+#: dnsmasq.c:921
+#, c-format
+msgid "configured with trust anchor for %s keytag %u"
+msgstr ""
+
+#: dnsmasq.c:927
+#, c-format
+msgid "warning: failed to change owner of %s: %s"
+msgstr "გაფრთხილება: %s-ის მფლობელის შეცვლის შეცდომა: %s"
+
+#: dnsmasq.c:932
+msgid "setting --bind-interfaces option because of OS limitations"
+msgstr "--bind-interfaces პარამეტრი აირთო OS-ის შეზღუდვების გამო"
+
+#: dnsmasq.c:945
+#, c-format
+msgid "warning: interface %s does not currently exist"
+msgstr "გაფრთხილება: ინტერფეისი %s ამჟამად არ არსებობს"
+
+#: dnsmasq.c:950
+msgid "warning: ignoring resolv-file flag because no-resolv is set"
+msgstr "გაფრთხილება: იმის გამო, რომ no-resolv დაყენებულია, resolv-file ალამი იგნორირებული იქნება"
+
+#: dnsmasq.c:953
+msgid "warning: no upstream servers configured"
+msgstr "გაფრთხილება: აღმავალი სერვერები მორგებული არაა"
+
+#: dnsmasq.c:957
+#, c-format
+msgid "asynchronous logging enabled, queue limit is %d messages"
+msgstr "ასინქრონული ჟურნალი ჩართულია. რიგის ზღვარი %d შეტყობინებაა"
+
+#: dnsmasq.c:978
+msgid "IPv6 router advertisement enabled"
+msgstr "IPv6 რაუტერის გამოცხადება ჩარტულია"
+
+#: dnsmasq.c:983
+#, c-format
+msgid "DHCP, sockets bound exclusively to interface %s"
+msgstr "DHCP და სოკეტები ექსკლუზიურადაა მიბმული ინტერფეისზე %s"
+
+#: dnsmasq.c:1000
+msgid "root is "
+msgstr "საწყისი საქაღალდეა "
+
+#: dnsmasq.c:1000
+msgid "enabled"
+msgstr "ჩართულია"
+
+#: dnsmasq.c:1002
+msgid "secure mode"
+msgstr "დაცული რეჟიმი"
+
+#: dnsmasq.c:1003
+msgid "single port mode"
+msgstr "ერთი პორტის რეჟიმი"
+
+#: dnsmasq.c:1006
+#, c-format
+msgid "warning: %s inaccessible"
+msgstr "გაფრთხილება: %s მიუწვდომელია"
+
+#: dnsmasq.c:1010
+#, c-format
+msgid "warning: TFTP directory %s inaccessible"
+msgstr "გაფრთხილება: TFTP საქაღალდე %s მუწვდომელია"
+
+#: dnsmasq.c:1036
+#, c-format
+msgid "restricting maximum simultaneous TFTP transfers to %d"
+msgstr "მაქსიმალურად ერთდროული TFTP მიმოცვლების %d-მდე შეზღუდვა"
+
+#: dnsmasq.c:1095
+#, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr "შეცდომა DHCP სოკეტის %s-ზე მიბმისას"
+
+#: dnsmasq.c:1229
+msgid "connected to system DBus"
+msgstr "სისტემურ DBus-თან დაკავშირება ვერ მოხერხდა"
+
+#: dnsmasq.c:1250
+msgid "connected to system UBus"
+msgstr "სისტემურ UBus-თან დაკავშირება ვერ მოხერხდა"
+
+#: dnsmasq.c:1416
+#, c-format
+msgid "cannot fork into background: %s"
+msgstr "ფონში გაშვების პრობლემა: %s"
+
+#: dnsmasq.c:1420
+#, c-format
+msgid "failed to create helper: %s"
+msgstr "დამხმარე პროცესის შექმნის შეცდომა: %s"
+
+#: dnsmasq.c:1424
+#, c-format
+msgid "setting capabilities failed: %s"
+msgstr "შესაძლებლობების დაყენების შეცდომა: %s"
+
+#: dnsmasq.c:1428
+#, c-format
+msgid "failed to change user-id to %s: %s"
+msgstr "user-id-ის %s-ზე შეცვლის შეცდომა: %s"
+
+#: dnsmasq.c:1432
+#, c-format
+msgid "failed to change group-id to %s: %s"
+msgstr "group-id-ის %s-ზე შეცვლის შეცდომა: %s"
+
+#: dnsmasq.c:1436
+#, c-format
+msgid "failed to open pidfile %s: %s"
+msgstr "pid-ის ფაილის, %s-ის გახსნის შეცდომა: %s"
+
+#: dnsmasq.c:1440
+#, c-format
+msgid "cannot open log %s: %s"
+msgstr "ჟურნალის (%s) გახსნის შეცდომა: %s"
+
+#: dnsmasq.c:1444
+#, c-format
+msgid "failed to load Lua script: %s"
+msgstr "lua-ის სკრიპტის ჩატვირთვის შეცდომა: %s"
+
+#: dnsmasq.c:1448
+#, c-format
+msgid "TFTP directory %s inaccessible: %s"
+msgstr "TFTP საქაღალდე %s მიუწვდომელია: %s"
+
+#: dnsmasq.c:1452
+#, c-format
+msgid "cannot create timestamp file %s: %s"
+msgstr "დროის შტამპის ფაილის (%s) შექმნის შეცდომა: %s"
+
+#: dnsmasq.c:1536
+#, c-format
+msgid "script process killed by signal %d"
+msgstr "სკრიპტის პროცესი მოკვდა სიგნალით %d"
+
+#: dnsmasq.c:1540
+#, c-format
+msgid "script process exited with status %d"
+msgstr "სკრიპტის პროცესმა მუშაობა დაასრულა სტატუსით %d"
+
+#: dnsmasq.c:1544
+#, c-format
+msgid "failed to execute %s: %s"
+msgstr "%s-ის შესრულების შეცდომა: %s"
+
+#: dnsmasq.c:1584
+msgid "now checking DNSSEC signature timestamps"
+msgstr "ახლა DNSSEC-ის ხელმოწერის დროის შტამპები შემოწმდება"
+
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
+#, c-format
+msgid "failed to update mtime on %s: %s"
+msgstr "%s-ზე mtime-ის განახლების შეცდომა: %s"
+
+#: dnsmasq.c:1631
+msgid "exiting on receipt of SIGTERM"
+msgstr "მუშაობის დასრულება SIGTERM-ის გამო"
+
+#: dnsmasq.c:1659
+#, c-format
+msgid "failed to access %s: %s"
+msgstr "\"%s\"-სთან წვდომის შეცდომა: %s"
+
+#: dnsmasq.c:1690
+#, c-format
+msgid "reading %s"
+msgstr "%s-ის წაკითხვა"
+
+#: dnsmasq.c:1706
+#, c-format
+msgid "no servers found in %s, will retry"
+msgstr "%s-ში სერვერები ვერ ვიპოვე. კიდევ ვცდი"
+
+#: dhcp.c:51
+#, c-format
+msgid "cannot create DHCP socket: %s"
+msgstr "შეცდომა DHCP სოკეტის შექმნისას: %s"
+
+#: dhcp.c:66
+#, c-format
+msgid "failed to set options on DHCP socket: %s"
+msgstr "შეცდომა DHCP სოკეტის პარამეტრების დაყენებისას: %s"
+
+#: dhcp.c:87
+#, c-format
+msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
+msgstr "შეცდომა SO_REUSE{ADDR|PORT}-ის DHCP სოკეტზე დაყენებისას: %s"
+
+#: dhcp.c:99
+#, c-format
+msgid "failed to bind DHCP server socket: %s"
+msgstr "შეცდომა DHCP სერვერის სოკეტზე მიბმისას: %s"
+
+#: dhcp.c:125
+#, c-format
+msgid "cannot create ICMP raw socket: %s."
+msgstr "\"ICMP\" დაუმუშავებელი სოკეტის შექმნის შეცდომა: %s."
+
+#: dhcp.c:254 dhcp6.c:186
+#, c-format
+msgid "unknown interface %s in bridge-interface"
+msgstr "bride-interface-ის უცნობი ინტერფეისი: %s"
+
+#: dhcp.c:295
+#, c-format
+msgid "DHCP packet received on %s which has no address"
+msgstr "DHCP პაკეტი მიღებულია %s-დან, რომელსაც მისამართი არ გააჩნია"
+
+#: dhcp.c:429
+#, c-format
+msgid "ARP-cache injection failed: %s"
+msgstr "ARP-ქეშში ჩაწერის შეცდომა: %s"
+
+#: dhcp.c:490
+#, c-format
+msgid "Error sending DHCP packet to %s: %s"
+msgstr "%s-სთვის DHCP პაკეტის გაგზავნის შეცდომა: %s"
+
+#: dhcp.c:547
+#, c-format
+msgid "DHCP range %s -- %s is not consistent with netmask %s"
+msgstr "DHCP დიაპაზონი %s -- %s ქსელის ნიღაბს %s არ შეესაბამება"
+
+#: dhcp.c:930
+#, c-format
+msgid "bad line at %s line %d"
+msgstr "არასწორი ხაზი მისამართზე %s ხაზი %d"
+
+#: dhcp.c:973
+#, c-format
+msgid "ignoring %s line %d, duplicate name or IP address"
+msgstr "%s-ის ხაზი %d დაიგნორდება. სახელი ან IP მისამართი დუბლირებულია"
+
+#: dhcp.c:1034
+#, c-format
+msgid "read %s - %d addresses"
+msgstr "წავიკითხე %s - %d მისამართი"
+
+#: dhcp.c:1136
+#, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr "DHCP გადაგზავნის მაუწყებლობა ინტერფეისით %s შეუძლებელია"
+
+#: dhcp.c:1160
+#, c-format
+msgid "broadcast via %s"
+msgstr "მაუწყებლობა %s-ის გავლით"
+
+#: dhcp.c:1163 rfc3315.c:2219
+#, c-format
+msgid "DHCP relay at %s -> %s"
+msgstr "DHCP გადაგზავნა %s -> %s"
+
+#: lease.c:64
+#, c-format
+msgid "ignoring invalid line in lease database: %s %s %s %s ..."
+msgstr "იჯარების ბაზის არასწორი ხაზი იგნორირებულია: %s %s %s %s ..."
+
+#: lease.c:101
+#, c-format
+msgid "ignoring invalid line in lease database, bad address: %s"
+msgstr "იჯარების ბაზის არასწორი ხაზი. არასწორი მისამართი: %s"
+
+#: lease.c:108
+msgid "too many stored leases"
+msgstr "მეტისმეტად ბევრი დამახსოვრებული იჯარა"
+
+#: lease.c:176
+#, c-format
+msgid "cannot open or create lease file %s: %s"
+msgstr "იჯარების ფაილის (%s) გახსნის ან შექმნის შეცდომა: %s"
+
+#: lease.c:185
+msgid "failed to parse lease database cleanly"
+msgstr "იჯარების ბაზის სუფთად დამუშავების შეცდომა"
+
+#: lease.c:188
+#, c-format
+msgid "failed to read lease file %s: %s"
+msgstr "იჯარის ფაილის (%s) წაკითხვის შეცდომა: %s"
+
+#: lease.c:204
+#, c-format
+msgid "cannot run lease-init script %s: %s"
+msgstr "lease-init სკრიპტის (%s) გაშვების შეცდომა: %s"
+
+#: lease.c:210
+#, c-format
+msgid "lease-init script returned exit code %s"
+msgstr "lease-init-ის სკრიპტის დაბრუნებული გამოსვლის კოდია: %s"
+
+#: lease.c:381
+#, c-format
+msgid "failed to write %s: %s (retry in %u s)"
+msgstr "%s-ში ჩაწერის შეცდომა: %s (თავიდან ვცდი %u წამში)"
+
+#: lease.c:955
+#, c-format
+msgid "Ignoring domain %s for DHCP host name %s"
+msgstr "დომენის (%s) იგნორირება DHCP ჰოსტის სახელისთვის %s"
+
+#: rfc2131.c:378
+msgid "with subnet selector"
+msgstr "ქვექსელის გადამრთველით"
+
+#: rfc2131.c:383
+msgid "via"
+msgstr "გავლით"
+
+#: rfc2131.c:389
+#, c-format
+msgid "no address range available for DHCP request %s %s"
+msgstr "მისამართების დიაპაზონი მიუწვდომელია DHCP მოთხოვნისთვის %s %s"
+
+#: rfc2131.c:403
+#, c-format
+msgid "%u available DHCP subnet: %s/%s"
+msgstr "%u ხელმისაწვდომი DHCP ქვექსელი: %s/%s"
+
+#: rfc2131.c:409 rfc3315.c:320
+#, c-format
+msgid "%u available DHCP range: %s -- %s"
+msgstr "%u ხელმისაწვდომი DHCP დიაპაზონი: %s -- %s"
+
+#: rfc2131.c:521
+#, c-format
+msgid "%u vendor class: %s"
+msgstr "%u მომწოდებლის კლასი: %s"
+
+#: rfc2131.c:523
+#, c-format
+msgid "%u user class: %s"
+msgstr "%u მომხმარებლის კლასი: %s"
+
+#: rfc2131.c:557
+msgid "disabled"
+msgstr "გამორთულია"
+
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
+msgid "ignored"
+msgstr "იგნორირებულია"
+
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
+msgid "address in use"
+msgstr "მისამართი გამოიყენება"
+
+#: rfc2131.c:627 rfc2131.c:1141
+msgid "no address available"
+msgstr "მისამართი მიუწვდომელია"
+
+#: rfc2131.c:634 rfc2131.c:1302
+msgid "wrong network"
+msgstr "არასწორი ქსელი"
+
+#: rfc2131.c:649
+msgid "no address configured"
+msgstr "მორგებული მისამართის გარეშე"
+
+#: rfc2131.c:655 rfc2131.c:1353
+msgid "no leases left"
+msgstr "იჯარები აღარ დარჩა"
+
+#: rfc2131.c:756 rfc3315.c:500
+#, c-format
+msgid "%u client provides name: %s"
+msgstr "%u კლიენტის მომწოდებლის სახელი: %s"
+
+#: rfc2131.c:885
+msgid "PXE BIS not supported"
+msgstr "PXE BIS მხარდაუჭერელია"
+
+#: rfc2131.c:1054 rfc3315.c:1223
+#, c-format
+msgid "disabling DHCP static address %s for %s"
+msgstr "\"DHCP\" სტატიკური მისამართის (%s) გათიშვა %s-სთვის"
+
+#: rfc2131.c:1075
+msgid "unknown lease"
+msgstr "უცნობი იჯარა"
+
+#: rfc2131.c:1110
+#, c-format
+msgid "not using configured address %s because it is leased to %s"
+msgstr "მითითებული მისამართი (%s) არ გამოიყენება. ის უკვეა იჯარით გაცემული %s-ზე"
+
+#: rfc2131.c:1120
+#, c-format
+msgid "not using configured address %s because it is in use by the server or relay"
+msgstr "მითითებული მისამართი %s გამოყენებული არ იქნება, რადგან ის სერვერის ან გადამგზავნის მიერ უკვე გამოიყენება"
+
+#: rfc2131.c:1123
+#, c-format
+msgid "not using configured address %s because it was previously declined"
+msgstr "მითითებული მისამართი %s გამოყენებული არ იქნება, რადგან ის წარსულში უკვე უარყოფილი იყო"
+
+#: rfc2131.c:1139 rfc2131.c:1346
+msgid "no unique-id"
+msgstr "unique-id -ის გარეშე"
+
+#: rfc2131.c:1238
+msgid "wrong server-ID"
+msgstr "არასწორი server-ID"
+
+#: rfc2131.c:1257
+msgid "wrong address"
+msgstr "არასწორი მისამართი"
+
+#: rfc2131.c:1275 rfc3315.c:976
+msgid "lease not found"
+msgstr "იჯარა ვერ ვიპოვე"
+
+#: rfc2131.c:1310
+msgid "address not available"
+msgstr "მისამართი მიუწვდომელია"
+
+#: rfc2131.c:1321
+msgid "static lease available"
+msgstr "ხელმისაწვდომია სტატიკური იჯარა"
+
+#: rfc2131.c:1325
+msgid "address reserved"
+msgstr "მისამართი დარეზერვებულია"
+
+#: rfc2131.c:1334
+#, c-format
+msgid "abandoning lease to %s of %s"
+msgstr "%2$s-ის იჯარის მოცილება: %1$s"
+
+#: rfc2131.c:1870
+#, c-format
+msgid "%u bootfile name: %s"
+msgstr "%u ჩასატვირთი ფაილის სახელი: %s"
+
+#: rfc2131.c:1879
+#, c-format
+msgid "%u server name: %s"
+msgstr "%u სერვერის სახელი: %s"
+
+#: rfc2131.c:1889
+#, c-format
+msgid "%u next server: %s"
+msgstr "%u შემდეგი სერვერი: %s"
+
+#: rfc2131.c:1893
+#, c-format
+msgid "%u broadcast response"
+msgstr "%u სამაუწყებლო პასუხი"
+
+#: rfc2131.c:1956
+#, c-format
+msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
+msgstr "შეცდომა DHCP/BOOTP პარამეტრის %d გაგზავნისას: პაკეტში ადგილი აღარაა"
+
+#: rfc2131.c:2267
+msgid "PXE menu too large"
+msgstr "PXE მენიუ ძალიან დიდია"
+
+#: rfc2131.c:2430 rfc3315.c:1517
+#, c-format
+msgid "%u requested options: %s"
+msgstr "%u მოთხოვნილ პარამეტრები: %s"
+
+#: rfc2131.c:2747
+#, c-format
+msgid "cannot send RFC3925 option: too many options for enterprise number %d"
+msgstr "შეცდომა RFC3825 პარამეტრის გაგზავნისას: საწარმოო რიცხვისთვის %d მეტისმეტად ბევრი პარამეტრი"
+
+#: rfc2131.c:2810
+#, c-format
+msgid "%u reply delay: %d"
+msgstr "%u პასუხის დაყოვნება: %d"
+
+#: netlink.c:86
+#, c-format
+msgid "cannot create netlink socket: %s"
+msgstr "netlink სოკეტის შექმნის შეცდომა: %s"
+
+#: netlink.c:379
+#, c-format
+msgid "netlink returns error: %s"
+msgstr "netlink -ის დაბრუნებული შეცდომა: %s"
+
+#: dbus.c:491
+#, c-format
+msgid "Enabling --%s option from D-Bus"
+msgstr "ჩართვა --%s პარამეტრი D-Bus -დან"
+
+#: dbus.c:496
+#, c-format
+msgid "Disabling --%s option from D-Bus"
+msgstr "გამორთვა --%s პარამეტრი D-Bus -დან"
+
+#: dbus.c:857
+msgid "setting upstream servers from DBus"
+msgstr "აღმავალი სერვერების DBus-დან დაყენება"
+
+#: dbus.c:907
+msgid "could not register a DBus message handler"
+msgstr "\"DBus\"-ის შეტყობინების დამმუშავებლის რეგისტრაციის შეცდომა"
+
+#: bpf.c:261
+#, c-format
+msgid "cannot create DHCP BPF socket: %s"
+msgstr "\"DHCP BPF სოკეტის\" შექმნის შეცდომა: %s"
+
+#: bpf.c:289
+#, c-format
+msgid "DHCP request for unsupported hardware type (%d) received on %s"
+msgstr "%2$s-ზე მიღებულია DHCP მოთხოვნა მხარდაუჭერელი აპარატურის ტიპისთვის (%1$d)"
+
+#: bpf.c:374
+#, c-format
+msgid "cannot create PF_ROUTE socket: %s"
+msgstr "შეცდომა PF_ROUTE სოკეტის შექმნისას: %s"
+
+#: bpf.c:395
+msgid "Unknown protocol version from route socket"
+msgstr "უცნობი პროტოკოლი რაუტის სოკეტიდან"
+
+#: helper.c:150
+msgid "lease() function missing in Lua script"
+msgstr "lua-ის სკრიპტს lease() ფუნქცია აკლია"
+
+#: tftp.c:353
+msgid "unable to get free port for TFTP"
+msgstr "შეცდომა TFTP-სთვის თავისუფალი პორტის მიღებისას"
+
+#: tftp.c:369
+#, c-format
+msgid "unsupported request from %s"
+msgstr "მხარდაუჭერელი მოთხოვნა %s-დან"
+
+#: tftp.c:520
+#, c-format
+msgid "file %s not found for %s"
+msgstr "ფაილი %s ვერ ვიპოვე %s_სთვის"
+
+#: tftp.c:609
+#, c-format
+msgid "ignoring packet from %s (TID mismatch)"
+msgstr "%s-დან მოსული პაკეტის იგნორირება (TID არ ემთხვევა)"
+
+#: tftp.c:662
+#, c-format
+msgid "failed sending %s to %s"
+msgstr "%s-ის %s-სთვის გაგზავნის შეცდომა"
+
+#: tftp.c:662
+#, c-format
+msgid "sent %s to %s"
+msgstr "%s გაგზავნილია %s-სთან"
+
+#: tftp.c:712
+#, c-format
+msgid "error %d %s received from %s"
+msgstr "შეცდომა %d %s მიღებულია %s -გან"
+
+#: log.c:203
+#, c-format
+msgid "overflow: %d log entries lost"
+msgstr "გადავსება: დაკარგულია %d ჟურნალის ჩანაწერი"
+
+#: log.c:281
+#, c-format
+msgid "log failed: %s"
+msgstr "ჟურნალის შეცდომა: %s"
+
+#: log.c:490
+msgid "FAILED to start up"
+msgstr "გაშვების შეცდომა"
+
+#: conntrack.c:63
+#, c-format
+msgid "Conntrack connection mark retrieval failed: %s"
+msgstr "Conntrack-ის შეერთების ნიშნის მიღების შეცდომა: %s"
+
+#: dhcp6.c:51
+#, c-format
+msgid "cannot create DHCPv6 socket: %s"
+msgstr "შეცდომა DHCPv6 სოკეტის შექმნისას: %s"
+
+#: dhcp6.c:72
+#, c-format
+msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
+msgstr "შეცდომა SO_REUSE{ADDR|PORT}-ის DHCPv6 სოკეტზე დაყენებისას: %s"
+
+#: dhcp6.c:84
+#, c-format
+msgid "failed to bind DHCPv6 server socket: %s"
+msgstr "შეცდომა DHCPv6 სერვერის სოკეტზე მიბმისას: %s"
+
+#: rfc3315.c:173
+#, c-format
+msgid "no address range available for DHCPv6 request from relay at %s"
+msgstr "გადამგზავნელიდან (%s) DHCPv6 მოთხოვნისთვის მისამართის დიაპაზონი ხელმისაწვდომი არაა"
+
+#: rfc3315.c:182
+#, c-format
+msgid "no address range available for DHCPv6 request via %s"
+msgstr "%s-ის გავლით DHCPv6 მოთხოვნისთვის მისამართის დიაპაზონი ხელმისაწვდომი არაა"
+
+#: rfc3315.c:317
+#, c-format
+msgid "%u available DHCPv6 subnet: %s/%d"
+msgstr "%u ხელმისაწვდომი DHCPv6 ქვექსელი: %s/%d"
+
+#: rfc3315.c:400
+#, c-format
+msgid "%u vendor class: %u"
+msgstr "%u მომწოდებლის კლასი: %u"
+
+#: rfc3315.c:448
+#, c-format
+msgid "%u client MAC address: %s"
+msgstr "%u კლიენტის MAC მისამართი: %s"
+
+#: rfc3315.c:763 rfc3315.c:860
+msgid "address unavailable"
+msgstr "მისამართი ხელმიუწვდომელია"
+
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
+msgid "success"
+msgstr "წარმატება"
+
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
+msgid "no addresses available"
+msgstr "მისამართები მიუწვდომელია"
+
+#: rfc3315.c:891
+msgid "not on link"
+msgstr "შეერთებული არაა"
+
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
+msgid "no binding found"
+msgstr "მიბმა ვერ ვპოვე"
+
+#: rfc3315.c:1017
+msgid "deprecated"
+msgstr "მოძველებული"
+
+#: rfc3315.c:1024
+msgid "address invalid"
+msgstr "მისამართი არასწორია"
+
+#: rfc3315.c:1082 rfc3315.c:1084
+msgid "confirm failed"
+msgstr "დადასტურების შეცდომა"
+
+#: rfc3315.c:1099
+msgid "all addresses still on link"
+msgstr "ყველა მისამართი ჯერ კიდევ მიერთებულია"
+
+#: rfc3315.c:1190
+msgid "release received"
+msgstr "გათავისუფლება მიღებულია"
+
+#: rfc3315.c:2200
+#, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
+msgstr "DHCP გადაგზავნის მაუწყებლობა შეუძლებელია ინტერფეისის გავლით: %s"
+
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
+msgstr "მულტიკასტი %s-ის გავლით"
+
+#: dhcp-common.c:187
+#, c-format
+msgid "Ignoring duplicate dhcp-option %d"
+msgstr "ორჯერ აღწერილი dhcp-option %d იგნორირებულია"
+
+#: dhcp-common.c:264
+#, c-format
+msgid "%u tags: %s"
+msgstr "%u ჭდე: %s"
+
+#: dhcp-common.c:484
+#, c-format
+msgid "%s has more than one address in hostsfile, using %s for DHCP"
+msgstr "%s -ს hosts ფაილში ერთზე მეტი მისამართი აქვს მითითებული. DHCP-სთვის გამოყენებული იქნება %s"
+
+#: dhcp-common.c:518
+#, c-format
+msgid "duplicate IP address %s (%s) in dhcp-config directive"
+msgstr "დუბლირებული IP მისამართი %s (%s) dhcp-config-დირექტივაში"
+
+#: dhcp-common.c:738
+#, c-format
+msgid "Known DHCP options:\n"
+msgstr "ცნობილი DHCP პარამეტრები:\n"
+
+#: dhcp-common.c:749
+#, c-format
+msgid "Known DHCPv6 options:\n"
+msgstr "ცნობილი DHCPv6 პარამეტრები:\n"
+
+#: dhcp-common.c:946
+msgid ", prefix deprecated"
+msgstr ", პრეფიქსი მოძველებულია"
+
+#: dhcp-common.c:949
+#, c-format
+msgid ", lease time "
+msgstr ", იჯარის დრო "
+
+#: dhcp-common.c:991
+#, c-format
+msgid "%s stateless on %s%.0s%.0s%s"
+msgstr ""
+
+#: dhcp-common.c:993
+#, c-format
+msgid "%s, static leases only on %.0s%s%s%.0s"
+msgstr "%s, სტატიკური იჯარები მხოლოდ %.0s%s%s%.0s"
+
+#: dhcp-common.c:995
+#, c-format
+msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
+msgstr "%s, პროქსი ქვექსელზე %.0s%s%.0s%.0s"
+
+#: dhcp-common.c:996
+#, c-format
+msgid "%s, IP range %s -- %s%s%.0s"
+msgstr "%s, IP დიაპაზონი %s -- %s%s%.0s"
+
+#: dhcp-common.c:1009
+#, c-format
+msgid "DHCPv4-derived IPv6 names on %s%s"
+msgstr "DHCPv4-დან მიღებული IPv6 სახელები %s%s -ზე"
+
+#: dhcp-common.c:1012
+#, c-format
+msgid "router advertisement on %s%s"
+msgstr "რაუტერის გამოცხადება %s%s-ზე"
+
+#: dhcp-common.c:1043
+#, c-format
+msgid "DHCP relay from %s via %s"
+msgstr "DHCP გადაგზავნა %s-დან %s-ის გავლით"
+
+#: dhcp-common.c:1045
+#, c-format
+msgid "DHCP relay from %s to %s via %s"
+msgstr "DHCP გადაგზავნა %s-დან %s-მდე %s-ის ჩათვლით"
+
+#: dhcp-common.c:1048
+#, c-format
+msgid "DHCP relay from %s to %s"
+msgstr "DHCP გადაგზავნა %s -დან %s -მდე"
+
+#: radv.c:110
+#, c-format
+msgid "cannot create ICMPv6 socket: %s"
+msgstr "შეცდომა ICMPv6 სოკეტის შექმნისას: %s"
+
+#: auth.c:462
+#, c-format
+msgid "ignoring zone transfer request from %s"
+msgstr "%s-დან ზონის გადაცემის მოთხოვნის იგნორირება"
+
+#: ipset.c:99
+#, c-format
+msgid "failed to create IPset control socket: %s"
+msgstr "ipset-ის საკონტროლო სოკეტის შექმნის შეცდომა: %s"
+
+#: ipset.c:211
+#, c-format
+msgid "failed to update ipset %s: %s"
+msgstr "ipset-ის (%s) განახლების შეცდომა: %s"
+
+#: pattern.c:29
+#, c-format
+msgid "[pattern.c:%d] Assertion failure: %s"
+msgstr "[pattern.c:%d] მტკიცების შეცდომა: %s"
+
+#: pattern.c:142
+#, c-format
+msgid "Invalid DNS name: Invalid character %c."
+msgstr "არასწორი DNS სახელი: არასწორი სიმბოლო %c."
+
+#: pattern.c:151
+msgid "Invalid DNS name: Empty label."
+msgstr "არასწორი DNS სახელი: ჭდე ცარიელია."
+
+#: pattern.c:156
+msgid "Invalid DNS name: Label starts with hyphen."
+msgstr "არასწორი DNS სახელი: ჭდე გამოტოვებით იწყება."
+
+#: pattern.c:170
+msgid "Invalid DNS name: Label ends with hyphen."
+msgstr "არასწორი DNS სახელი: ჭდე გამოტოვებით მთავრდება."
+
+#: pattern.c:176
+#, c-format
+msgid "Invalid DNS name: Label is too long (%zu)."
+msgstr "არასწორი DNS სახელი: ჭდე ძალიან გრძელია (%zu)"
+
+#: pattern.c:184
+#, c-format
+msgid "Invalid DNS name: Not enough labels (%zu)."
+msgstr "არასწორი DNS სახელი: ჭდეების არასაკმარისი რაოდენობა (%zu)"
+
+#: pattern.c:189
+msgid "Invalid DNS name: Final label is fully numeric."
+msgstr "არასწორი DNS სახელი: საბოლოო ჭდე სრულად რიცხვითია."
+
+#: pattern.c:199
+msgid "Invalid DNS name: \"local\" pseudo-TLD."
+msgstr "არასწორი DNS სახელი: ფსევდო-TLD \"local\"."
+
+#: pattern.c:204
+#, c-format
+msgid "DNS name has invalid length (%zu)."
+msgstr "DNS სახელის არასწორი სიგრძე (%zu)."
+
+#: pattern.c:258
+#, c-format
+msgid "Invalid DNS name pattern: Invalid character %c."
+msgstr "DNS სახელის არასწორი შაბლონი: არასწორი სიმბოლო %c."
+
+#: pattern.c:267
+msgid "Invalid DNS name pattern: Empty label."
+msgstr "DNS სახელის არასწორი შაბლონი: ჭდე ცარიელია."
+
+#: pattern.c:272
+msgid "Invalid DNS name pattern: Label starts with hyphen."
+msgstr "DNS სახელის არასწორი შაბლონი: ჭდე გამოტოვებით იწყება."
+
+#: pattern.c:285
+msgid "Invalid DNS name pattern: Wildcard character used more than twice per label."
+msgstr "DNS სახელის არასწორი შაბლონი: შაბლონის სახელში ვაილდკარდი ერთზე მეტჯერ გამოიყენება."
+
+#: pattern.c:295
+msgid "Invalid DNS name pattern: Label ends with hyphen."
+msgstr "DNS სახელის არასწორი შაბლონი: ჭდე გამოტოვებით მთავრდება."
+
+#: pattern.c:301
+#, c-format
+msgid "Invalid DNS name pattern: Label is too long (%zu)."
+msgstr "DNS სახელის არასწორი შაბლონი: ჭდე ძალიან გრძელია (%zu)."
+
+#: pattern.c:309
+#, c-format
+msgid "Invalid DNS name pattern: Not enough labels (%zu)."
+msgstr "DNS სახელის არასწორი შაბლონი: ჭდეების არასაკმარისი რაოდენობა (%zu)."
+
+#: pattern.c:314
+msgid "Invalid DNS name pattern: Wildcard within final two labels."
+msgstr "DNS სახელის არასწორი შაბლონი: ვაილდკარდი ბოლო ორ ჭდეში."
+
+#: pattern.c:319
+msgid "Invalid DNS name pattern: Final label is fully numeric."
+msgstr "DNS სახელის არასწორი შაბლონი: საბოლოო ჭდე სრულად რიცხვითია."
+
+#: pattern.c:329
+msgid "Invalid DNS name pattern: \"local\" pseudo-TLD."
+msgstr "DNS სახელის არასწორი შაბლონი: ფსევდო-TLD \"local\"."
+
+#: pattern.c:334
+#, c-format
+msgid "DNS name pattern has invalid length after removing wildcards (%zu)."
+msgstr "DNS სახელის შაბლონის არასწორი სიგრძე * და ?-ის მოცილების შემდეგ (%zu)"
+
+#: dnssec.c:206
+msgid "system time considered valid, now checking DNSSEC signature timestamps."
+msgstr "სისტემური დრო ჩათვლილია, როგორც სწორი. ახლა DNSSEC ხელმოწერის დროის შტამპები შემოწმებული იქნება."
+
+#: dnssec.c:1018
+#, c-format
+msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
+msgstr ""
+
+#: blockdata.c:55
+#, c-format
+msgid "pool memory in use %zu, max %zu, allocated %zu"
+msgstr "პულისთვის გამოყოფილი მეხსიერება %zu, მაქს %zu, გამოყოფილი %zu"
+
+#: tables.c:61
+#, c-format
+msgid "failed to access pf devices: %s"
+msgstr "pf მოწყობილობებთან წვდომის შეცდომა: %s"
+
+#: tables.c:74
+#, c-format
+msgid "warning: no opened pf devices %s"
+msgstr "გაფრთხილება: ღია pf მოწყობილობის გარეშე: %s"
+
+#: tables.c:82
+#, c-format
+msgid "error: cannot use table name %s"
+msgstr "შეცდომა: ცხრილის ამ სახელს ვერ გამოიყენებთ: %s"
+
+#: tables.c:90
+#, c-format
+msgid "error: cannot strlcpy table name %s"
+msgstr "შეცდომა: ცხრილის სახელის strlcpy()-ის შეცდომა: %s"
+
+#: tables.c:101
+#, c-format
+msgid "IPset: error: %s"
+msgstr "IPset: შეცდომა: %s"
+
+#: tables.c:108
+msgid "info: table created"
+msgstr "ინფორმაცია: ცხრილი შეიქმნა"
+
+#: tables.c:133
+#, c-format
+msgid "warning: DIOCR%sADDRS: %s"
+msgstr "გაფრთხილება: DIOCR%sADDRS: %s"
+
+#: tables.c:137
+#, c-format
+msgid "%d addresses %s"
+msgstr "%d მისამართი %s"
+
+#: inotify.c:62
+#, c-format
+msgid "cannot access path %s: %s"
+msgstr "ბილიკთან წვდომის შეცდომა %s: %s"
+
+#: inotify.c:95
+#, c-format
+msgid "failed to create inotify: %s"
+msgstr "inotify-ის შექმნის შეცდომა: %s"
+
+#: inotify.c:111
+#, c-format
+msgid "too many symlinks following %s"
+msgstr "მეტისმეტად ბევრი სიმბმული მისდევს %s-ს"
+
+#: inotify.c:127
+#, c-format
+msgid "directory %s for resolv-file is missing, cannot poll"
+msgstr "საქაღალდე %s resolv-file-სთვის არ არსებობს.პოლინგი შეუძლებელია"
+
+#: inotify.c:131 inotify.c:200
+#, c-format
+msgid "failed to create inotify for %s: %s"
+msgstr "%s -თვის inotify-ის შექმნის შეცდომა: %s"
+
+#: inotify.c:178 inotify.c:185
+#, c-format
+msgid "bad dynamic directory %s: %s"
+msgstr "%s არასწორი დინამიკური საქაღალდეა: %s"
+
+#: inotify.c:186
+msgid "not a directory"
+msgstr "არ წარმოადგეს საქაღალდეს"
+
+#: inotify.c:299
+#, c-format
+msgid "inotify: %s removed"
+msgstr ""
+
+#: inotify.c:301
+#, fuzzy, c-format
+msgid "inotify: %s new or modified"
+msgstr "inotify, ახალი ან შეცვლილი ფაილი %s"
+
+#: inotify.c:309
+#, c-format
+msgid "inotify: flushed %u names read from %s"
+msgstr ""
+
+#: dump.c:68
+#, c-format
+msgid "cannot create %s: %s"
+msgstr "%s-ის შექმნის შეცდომა: %s"
+
+#: dump.c:74
+#, c-format
+msgid "bad header in %s"
+msgstr "არასწორი თავსართი %s-ში"
+
+#: dump.c:287
+msgid "failed to write packet dump"
+msgstr "პაკეტების ჩაწერის შეცდომა"
+
+#: dump.c:289
+#, c-format
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr "%u პაკეტის ჩაწერა %u ნიღაბი 0x%04x"
+
+#: dump.c:291
+#, c-format
+msgid "dumping packet %u mask 0x%04x"
+msgstr "იწერება პაკეტი %u ნიღბით 0x%04x"
+
+#: ubus.c:79
+#, c-format
+msgid "UBus subscription callback: %s subscriber(s)"
+msgstr "Ubus-ის გამოწერის უკუგამოძახება: %s გამომწერი"
+
+#: ubus.c:99
+#, c-format
+msgid "Cannot reconnect to UBus: %s"
+msgstr "UBus -თან თავიდან მიერთების შეცდომა: %s"
+
+#: ubus.c:135
+msgid "Cannot set UBus listeners: no connection"
+msgstr "UBus-ის მომსმენების დაყენების შეცდომა: შეერთების გარეშე"
+
+#: ubus.c:155
+msgid "Cannot poll UBus listeners: no connection"
+msgstr "Ubus-ის მომსმენებიდან პოლინგის შეცდომა: შეერთების გარეშე"
+
+#: ubus.c:168
+msgid "Disconnecting from UBus"
+msgstr "UBus– დან გათიშვა"
+
+#: ubus.c:179 ubus.c:326
+#, c-format
+msgid "UBus command failed: %d (%s)"
+msgstr "UBus -ის ბრძანების შეცდომა: %d (%s)"
+
+#: hash-questions.c:40
+msgid "Failed to create SHA-256 hash object"
+msgstr "SHA-256 ჰეშის ობიექტის შექმნის შეცდომა"
+
+#: nftset.c:35
+msgid "failed to create nftset context"
+msgstr "nftset-ის კონტექსტის შექნის შეცდომა"
diff --git a/po/no.po b/po/no.po
index 33e80b8..3f07536 100644
--- a/po/no.po
+++ b/po/no.po
@@ -18,72 +18,77 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: cache.c:572
+#: cache.c:652
 msgid "Internal error in cache."
 msgstr ""
 
-#: cache.c:1094
+#: cache.c:1179
 #, fuzzy, c-format
 msgid "failed to load names from %s: %s"
 msgstr "feilet å laste navn fra %s: %s"
 
-#: cache.c:1116 dhcp.c:931
+#: cache.c:1201 dhcp.c:943
 #, c-format
 msgid "bad address at %s line %d"
 msgstr "dårlig adresse ved %s linje %d"
 
-#: cache.c:1169 dhcp.c:947
+#: cache.c:1254 dhcp.c:959
 #, c-format
 msgid "bad name at %s line %d"
 msgstr "dårlig navn ved %s linje %d"
 
-#: cache.c:1180 dhcp.c:1022
-#, c-format
-msgid "read %s - %d addresses"
+#: cache.c:1265
+#, fuzzy, c-format
+msgid "read %s - %d names"
 msgstr "les %s - %d adresser"
 
-#: cache.c:1296
+#: cache.c:1381
 msgid "cleared cache"
 msgstr "mellomlager tømt"
 
-#: cache.c:1358
+#: cache.c:1445
 #, c-format
 msgid "No IPv4 address found for %s"
 msgstr ""
 
-#: cache.c:1404
+#: cache.c:1491
 #, c-format
 msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
 msgstr ""
 
-#: cache.c:1428
+#: cache.c:1515
 #, c-format
 msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
 msgstr "gir ikke navnet %s til DHCP leien for %s fordi navnet eksisterer i %s med adressen %s"
 
-#: cache.c:1674
+#: cache.c:1760
 #, c-format
 msgid "time %lu"
 msgstr ""
 
-#: cache.c:1675
+#: cache.c:1761
 #, fuzzy, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
 msgstr "mellomlager størrelse %d, %d/%d mellomlager innsettinger re-bruker mellomlager plasser som ikke er utløpt"
 
-#: cache.c:1677
+#: cache.c:1763
 #, c-format
 msgid "queries forwarded %u, queries answered locally %u"
 msgstr ""
 
-#: cache.c:1680
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
 #, c-format
 msgid "queries for authoritative zones %u"
 msgstr ""
 
-#: cache.c:1702
+#: cache.c:1796
 #, c-format
-msgid "server %s#%d: queries sent %u, retried or failed %u"
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
 msgstr ""
 
 #: util.c:51
@@ -91,762 +96,812 @@ msgstr ""
 msgid "failed to seed the random number generator: %s"
 msgstr "feilet å lytte på socket: %s"
 
-#: util.c:228
+#: util.c:246
 #, fuzzy
 msgid "failed to allocate memory"
 msgstr "feilet å laste %d bytes"
 
-#: util.c:285 option.c:665
+#: util.c:305 option.c:696
 msgid "could not get memory"
 msgstr "kunne ikke få minne"
 
-#: util.c:306
+#: util.c:326
 #, fuzzy, c-format
 msgid "cannot create pipe: %s"
 msgstr "kan ikke lese %s: %s"
 
-#: util.c:314
+#: util.c:334
 #, fuzzy, c-format
 msgid "failed to allocate %d bytes"
 msgstr "feilet å laste %d bytes"
 
-#: util.c:520
+#: util.c:344
+#, fuzzy, c-format
+msgid "failed to reallocate %d bytes"
+msgstr "feilet å laste %d bytes"
+
+#: util.c:465
+#, fuzzy, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr "kan ikke binde netlink socket: %s"
+
+#: util.c:579
 #, c-format
 msgid "infinite"
 msgstr "uendelig"
 
-#: util.c:808
+#: util.c:867
 #, fuzzy, c-format
 msgid "failed to find kernel version: %s"
 msgstr "feilet å binde DHCP tjener socket: %s"
 
-#: option.c:372
+#: option.c:393
 msgid "Specify local address(es) to listen on."
 msgstr "Spesifiser lokal(e) adresse(r) å lytte på."
 
-#: option.c:373
+#: option.c:394
 msgid "Return ipaddr for all hosts in specified domains."
 msgstr "Returner ipaddr for alle verter i det spesifiserte domenet."
 
-#: option.c:374
+#: option.c:395
 msgid "Fake reverse lookups for RFC1918 private address ranges."
 msgstr "Forfalsk revers oppslag for RFC1918 private adresse områder."
 
-#: option.c:375
+#: option.c:396
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
 msgstr "Behandle ipaddr som NXDOMAIN (omgår Verisign wildcard)."
 
-#: option.c:376
+#: option.c:397
 #, c-format
 msgid "Specify the size of the cache in entries (defaults to %s)."
 msgstr "Spesifiser størrelsen på mellomlager plassene (standard er %s)."
 
-#: option.c:377
+#: option.c:398
 #, c-format
 msgid "Specify configuration file (defaults to %s)."
 msgstr "Spesifiser konfigurasjonsfil (standard er %s)."
 
-#: option.c:378
+#: option.c:399
 msgid "Do NOT fork into the background: run in debug mode."
 msgstr "IKKE legg (fork) som bakgrunnsprosess: kjør i debug modus."
 
-#: option.c:379
+#: option.c:400
 msgid "Do NOT forward queries with no domain part."
 msgstr "IKKE videresend oppslag som mangler domene del."
 
-#: option.c:380
+#: option.c:401
 msgid "Return self-pointing MX records for local hosts."
 msgstr "Returner selv-pekende MX post for lokale verter."
 
-#: option.c:381
+#: option.c:402
 msgid "Expand simple names in /etc/hosts with domain-suffix."
 msgstr "Utvid enkle navn i /etc/hosts med domene-suffiks."
 
-#: option.c:382
+#: option.c:403
 msgid "Don't forward spurious DNS requests from Windows hosts."
 msgstr "Ikke videresend falske/uekte DNS forespørsler fra Windows verter."
 
-#: option.c:383
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr ""
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr ""
+
+#: option.c:406
 msgid "Enable DHCP in the range given with lease duration."
 msgstr "Aktiver DHCP i det gitte området med leie varighet"
 
-#: option.c:384
+#: option.c:407
 #, c-format
 msgid "Change to this group after startup (defaults to %s)."
 msgstr "Skift til denne gruppen etter oppstart (standard er %s)."
 
-#: option.c:385
+#: option.c:408
 msgid "Set address or hostname for a specified machine."
 msgstr "Sett adresse eller vertsnavn for en spesifikk maskin."
 
-#: option.c:386
+#: option.c:409
 #, fuzzy
 msgid "Read DHCP host specs from file."
 msgstr "dårlig MX navn"
 
-#: option.c:387
+#: option.c:410
 msgid "Read DHCP option specs from file."
 msgstr ""
 
-#: option.c:388
+#: option.c:411
 #, fuzzy
 msgid "Read DHCP host specs from a directory."
 msgstr "dårlig MX navn"
 
-#: option.c:389
+#: option.c:412
 #, fuzzy
 msgid "Read DHCP options from a directory."
 msgstr "dårlig MX navn"
 
-#: option.c:390
+#: option.c:413
 msgid "Evaluate conditional tag expression."
 msgstr ""
 
-#: option.c:391
+#: option.c:414
 #, c-format
 msgid "Do NOT load %s file."
 msgstr "IKKE last %s filen."
 
-#: option.c:392
+#: option.c:415
 #, c-format
 msgid "Specify a hosts file to be read in addition to %s."
 msgstr "Spesifiser en verts (hosts) fil som skal leses i tilleg til %s."
 
-#: option.c:393
+#: option.c:416
 #, fuzzy
 msgid "Read hosts files from a directory."
 msgstr "dårlig MX navn"
 
-#: option.c:394
+#: option.c:417
 msgid "Specify interface(s) to listen on."
 msgstr "Spesifiser nettverkskort det skal lyttes på."
 
-#: option.c:395
+#: option.c:418
 msgid "Specify interface(s) NOT to listen on."
 msgstr "Spesifiser nettverkskort det IKKE skal lyttes på."
 
-#: option.c:396
+#: option.c:419
 #, fuzzy
 msgid "Map DHCP user class to tag."
 msgstr "Map DHCP bruker klasse til opsjon sett."
 
-#: option.c:397
+#: option.c:420
 msgid "Map RFC3046 circuit-id to tag."
 msgstr ""
 
-#: option.c:398
+#: option.c:421
 msgid "Map RFC3046 remote-id to tag."
 msgstr ""
 
-#: option.c:399
+#: option.c:422
 msgid "Map RFC3993 subscriber-id to tag."
 msgstr ""
 
-#: option.c:400
+#: option.c:423
 msgid "Specify vendor class to match for PXE requests."
 msgstr ""
 
-#: option.c:401
+#: option.c:424
 #, fuzzy
 msgid "Don't do DHCP for hosts with tag set."
 msgstr "Ikke utfør DHCP for klienter i opsjon sett."
 
-#: option.c:402
+#: option.c:425
 #, fuzzy
 msgid "Force broadcast replies for hosts with tag set."
 msgstr "Ikke utfør DHCP for klienter i opsjon sett."
 
-#: option.c:403
+#: option.c:426
 msgid "Do NOT fork into the background, do NOT run in debug mode."
 msgstr "IKKE last (fork) som bakgrunnsprosess, IKKE kjør i debug modus."
 
-#: option.c:404
+#: option.c:427
 msgid "Assume we are the only DHCP server on the local network."
 msgstr "Anta at vi er den eneste DHCP tjeneren på det lokale nettverket."
 
-#: option.c:405
+#: option.c:428
 #, c-format
 msgid "Specify where to store DHCP leases (defaults to %s)."
 msgstr "Spesifiser hvor DHCP leiene skal lagres (standard er %s)."
 
-#: option.c:406
+#: option.c:429
 msgid "Return MX records for local hosts."
 msgstr "Returner MX records for lokale verter."
 
-#: option.c:407
+#: option.c:430
 msgid "Specify an MX record."
 msgstr "Spesifiser en MX post."
 
-#: option.c:408
+#: option.c:431
 msgid "Specify BOOTP options to DHCP server."
 msgstr "Spesifiser BOOTP opsjoner til DHCP tjener."
 
-#: option.c:409
+#: option.c:432
 #, c-format
 msgid "Do NOT poll %s file, reload only on SIGHUP."
 msgstr "IKKE spør (poll) %s fil, les på nytt kun ved SIGHUP"
 
-#: option.c:410
+#: option.c:433
 msgid "Do NOT cache failed search results."
 msgstr "IKKE mellomlagre søkeresultater som feiler."
 
-#: option.c:411
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
+#: option.c:435
 #, c-format
 msgid "Use nameservers strictly in the order given in %s."
 msgstr "Bruk navnetjenere kun som bestemt i rekkefølgen gitt i %s."
 
-#: option.c:412
+#: option.c:436
 #, fuzzy
 msgid "Specify options to be sent to DHCP clients."
 msgstr "Sett ekstra opsjoner som skal fordeles til DHCP klientene."
 
-#: option.c:413
+#: option.c:437
 msgid "DHCP option sent even if the client does not request it."
 msgstr ""
 
-#: option.c:414
+#: option.c:438
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
 msgstr "Spesifiser lytteport for DNS oppslag (standard er 53)."
 
-#: option.c:415
+#: option.c:439
 #, c-format
 msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
 msgstr "Maksimal støttet UDP pakkestørrelse for EDNS.0 (standard er %s)."
 
-#: option.c:416
+#: option.c:440
 #, fuzzy
 msgid "Log DNS queries."
 msgstr "Logg oppslag."
 
-#: option.c:417
+#: option.c:441
 #, fuzzy
 msgid "Force the originating port for upstream DNS queries."
 msgstr "Tving bruk av opprinnelig port for oppstrøms oppslag."
 
-#: option.c:418
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
+#: option.c:443
 msgid "Do NOT read resolv.conf."
 msgstr "IKKE les resolv.conf."
 
-#: option.c:419
+#: option.c:444
 #, c-format
 msgid "Specify path to resolv.conf (defaults to %s)."
 msgstr "Spesifiser stien til resolv.conf (standard er %s)."
 
-#: option.c:420
+#: option.c:445
 #, fuzzy
 msgid "Specify path to file with server= options"
 msgstr "Spesifiser stien til PID fil. (standard er %s)."
 
-#: option.c:421
+#: option.c:446
 msgid "Specify address(es) of upstream servers with optional domains."
 msgstr "Spesifiser adressen(e) til oppstrøms tjenere med valgfrie domener."
 
-#: option.c:422
+#: option.c:447
 #, fuzzy
 msgid "Specify address of upstream servers for reverse address queries"
 msgstr "Spesifiser adressen(e) til oppstrøms tjenere med valgfrie domener."
 
-#: option.c:423
+#: option.c:448
 msgid "Never forward queries to specified domains."
 msgstr "Aldri videresend oppslag til spesifiserte domener."
 
-#: option.c:424
+#: option.c:449
 msgid "Specify the domain to be assigned in DHCP leases."
 msgstr "Spesifiser domenet som skal tildeles i DHCP leien."
 
-#: option.c:425
+#: option.c:450
 msgid "Specify default target in an MX record."
 msgstr "Spesifiser default mål i en MX post."
 
-#: option.c:426
+#: option.c:451
 msgid "Specify time-to-live in seconds for replies from /etc/hosts."
 msgstr "Spesifiser time-to-live i sekunder for svar fra /etc/hosts."
 
-#: option.c:427
+#: option.c:452
 #, fuzzy
 msgid "Specify time-to-live in seconds for negative caching."
 msgstr "Spesifiser time-to-live i sekunder for svar fra /etc/hosts."
 
-#: option.c:428
+#: option.c:453
 #, fuzzy
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
 msgstr "Spesifiser time-to-live i sekunder for svar fra /etc/hosts."
 
-#: option.c:429
+#: option.c:454
 #, fuzzy
 msgid "Specify time-to-live ceiling for cache."
 msgstr "Spesifiser time-to-live i sekunder for svar fra /etc/hosts."
 
-#: option.c:430
+#: option.c:455
 #, fuzzy
 msgid "Specify time-to-live floor for cache."
 msgstr "Spesifiser time-to-live i sekunder for svar fra /etc/hosts."
 
-#: option.c:431
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
+#: option.c:457
 #, c-format
 msgid "Change to this user after startup. (defaults to %s)."
 msgstr "Skift til denne bruker etter oppstart (standard er %s)."
 
-#: option.c:432
+#: option.c:458
 #, fuzzy
 msgid "Map DHCP vendor class to tag."
 msgstr "Map DHCP produsent klasse til opsjon sett."
 
-#: option.c:433
+#: option.c:459
 msgid "Display dnsmasq version and copyright information."
 msgstr "Vis dnsmasq versjon og copyright informasjon."
 
-#: option.c:434
+#: option.c:460
 msgid "Translate IPv4 addresses from upstream servers."
 msgstr "Oversett IPv4 adresser fra oppstrøms tjenere."
 
-#: option.c:435
+#: option.c:461
 msgid "Specify a SRV record."
 msgstr "Spesifiser en SRV post."
 
-#: option.c:436
+#: option.c:462
 msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
 msgstr ""
 
-#: option.c:437
+#: option.c:463
 #, fuzzy, c-format
 msgid "Specify path of PID file (defaults to %s)."
 msgstr "Spesifiser stien til PID fil. (standard er %s)."
 
-#: option.c:438
+#: option.c:464
 #, c-format
 msgid "Specify maximum number of DHCP leases (defaults to %s)."
 msgstr "Spesifiser maksimum antall DHCP leier (standard er %s)"
 
-#: option.c:439
+#: option.c:465
 msgid "Answer DNS queries based on the interface a query was sent to."
 msgstr "Svar DNS oppslag basert på nettverkskortet oppslaget ble sendt til."
 
-#: option.c:440
+#: option.c:466
 msgid "Specify TXT DNS record."
 msgstr "Spesifiser TXT DNS post."
 
-#: option.c:441
+#: option.c:467
 #, fuzzy
 msgid "Specify PTR DNS record."
 msgstr "Spesifiser TXT DNS post."
 
-#: option.c:442
+#: option.c:468
 msgid "Give DNS name to IPv4 address of interface."
 msgstr ""
 
-#: option.c:443
+#: option.c:469
 msgid "Bind only to interfaces in use."
 msgstr "Bind kun til nettverkskort som er i bruk."
 
-#: option.c:444
+#: option.c:470
 #, c-format
 msgid "Read DHCP static host information from %s."
 msgstr "Les DHCP statisk vert informasjon fra %s."
 
-#: option.c:445
+#: option.c:471
 msgid "Enable the DBus interface for setting upstream servers, etc."
 msgstr "Aktiver DBus interface for å sette oppstrøms tjenere, osv."
 
-#: option.c:446
+#: option.c:472
 msgid "Enable the UBus interface."
 msgstr ""
 
-#: option.c:447
+#: option.c:473
 msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr "Ikke lever DHCP på dette nettverkskortet, kun lever DNS."
 
-#: option.c:448
+#: option.c:474
 msgid "Enable dynamic address allocation for bootp."
 msgstr "Aktiver dynamisk adresse allokering for bootp."
 
-#: option.c:449
+#: option.c:475
 #, fuzzy
 msgid "Map MAC address (with wildcards) to option set."
 msgstr "Map DHCP produsent klasse til opsjon sett."
 
-#: option.c:450
+#: option.c:476
 msgid "Treat DHCP requests on aliases as arriving from interface."
 msgstr ""
 
-#: option.c:451
+#: option.c:477
 msgid "Specify extra networks sharing a broadcast domain for DHCP"
 msgstr ""
 
-#: option.c:452
+#: option.c:478
 msgid "Disable ICMP echo address checking in the DHCP server."
 msgstr ""
 
-#: option.c:453
+#: option.c:479
 msgid "Shell script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:454
+#: option.c:480
 msgid "Lua script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:455
+#: option.c:481
 msgid "Run lease-change scripts as this user."
 msgstr ""
 
-#: option.c:456
+#: option.c:482
 msgid "Call dhcp-script with changes to local ARP table."
 msgstr ""
 
-#: option.c:457
+#: option.c:483
 msgid "Read configuration from all the files in this directory."
 msgstr ""
 
-#: option.c:458
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr ""
+
+#: option.c:485
 #, fuzzy
 msgid "Log to this syslog facility or file. (defaults to DAEMON)"
 msgstr "Skift til denne bruker etter oppstart (standard er %s)."
 
-#: option.c:459
+#: option.c:486
 msgid "Do not use leasefile."
 msgstr ""
 
-#: option.c:460
+#: option.c:487
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
 msgstr "Spesifiser maksimum antall DHCP leier (standard er %s)"
 
-#: option.c:461
+#: option.c:488
 #, c-format
 msgid "Clear DNS cache when reloading %s."
 msgstr ""
 
-#: option.c:462
+#: option.c:489
 msgid "Ignore hostnames provided by DHCP clients."
 msgstr ""
 
-#: option.c:463
+#: option.c:490
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
 msgstr ""
 
-#: option.c:464
+#: option.c:491
 msgid "Enable integrated read-only TFTP server."
 msgstr ""
 
-#: option.c:465
+#: option.c:492
 msgid "Export files by TFTP only from the specified subtree."
 msgstr ""
 
-#: option.c:466
+#: option.c:493
 msgid "Add client IP or hardware address to tftp-root."
 msgstr ""
 
-#: option.c:467
+#: option.c:494
 msgid "Allow access only to files owned by the user running dnsmasq."
 msgstr ""
 
-#: option.c:468
+#: option.c:495
 msgid "Do not terminate the service if TFTP directories are inaccessible."
 msgstr ""
 
-#: option.c:469
+#: option.c:496
 #, fuzzy, c-format
 msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
 msgstr "Spesifiser maksimum antall DHCP leier (standard er %s)"
 
-#: option.c:470
+#: option.c:497
 #, fuzzy
 msgid "Maximum MTU to use for TFTP transfers."
 msgstr "Spesifiser maksimum antall DHCP leier (standard er %s)"
 
-#: option.c:471
+#: option.c:498
 msgid "Disable the TFTP blocksize extension."
 msgstr ""
 
-#: option.c:472
+#: option.c:499
 msgid "Convert TFTP filenames to lowercase"
 msgstr ""
 
-#: option.c:473
+#: option.c:500
 msgid "Ephemeral port range for use by TFTP transfers."
 msgstr ""
 
-#: option.c:474
+#: option.c:501
 msgid "Use only one port for TFTP server."
 msgstr ""
 
-#: option.c:475
+#: option.c:502
 msgid "Extra logging for DHCP."
 msgstr ""
 
-#: option.c:476
+#: option.c:503
 msgid "Enable async. logging; optionally set queue length."
 msgstr ""
 
-#: option.c:477
+#: option.c:504
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
 msgstr ""
 
-#: option.c:478
+#: option.c:505
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
 msgstr ""
 
-#: option.c:479
+#: option.c:506
 msgid "Inhibit DNS-rebind protection on this domain."
 msgstr ""
 
-#: option.c:480
+#: option.c:507
 msgid "Always perform DNS queries to all servers."
 msgstr ""
 
-#: option.c:481
+#: option.c:508
 msgid "Set tag if client includes matching option in request."
 msgstr ""
 
-#: option.c:482
+#: option.c:509
 msgid "Set tag if client provides given name."
 msgstr ""
 
-#: option.c:483
+#: option.c:510
 msgid "Use alternative ports for DHCP."
 msgstr ""
 
-#: option.c:484
+#: option.c:511
 #, fuzzy
 msgid "Specify NAPTR DNS record."
 msgstr "Spesifiser TXT DNS post."
 
-#: option.c:485
+#: option.c:512
 msgid "Specify lowest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:486
+#: option.c:513
 msgid "Specify highest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:487
+#: option.c:514
 msgid "Use only fully qualified domain names for DHCP clients."
 msgstr ""
 
-#: option.c:488
+#: option.c:515
 msgid "Generate hostnames based on MAC address for nameless clients."
 msgstr ""
 
-#: option.c:489
+#: option.c:516
 msgid "Use these DHCP relays as full proxies."
 msgstr ""
 
-#: option.c:490
+#: option.c:517
 msgid "Relay DHCP requests to a remote server"
 msgstr ""
 
-#: option.c:491
+#: option.c:518
 msgid "Specify alias name for LOCAL DNS name."
 msgstr ""
 
-#: option.c:492
+#: option.c:519
 #, fuzzy
 msgid "Prompt to send to PXE clients."
 msgstr "Sett ekstra opsjoner som skal fordeles til DHCP klientene."
 
-#: option.c:493
+#: option.c:520
 msgid "Boot service for PXE menu."
 msgstr ""
 
-#: option.c:494
+#: option.c:521
 msgid "Check configuration syntax."
 msgstr ""
 
-#: option.c:495
+#: option.c:522
 msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr ""
 
-#: option.c:496
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr ""
+
+#: option.c:524
 msgid "Add specified IP subnet to forwarded DNS queries."
 msgstr ""
 
-#: option.c:497
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr ""
+
+#: option.c:526
 #, fuzzy
 msgid "Add client identification to forwarded DNS queries."
 msgstr "Tving bruk av opprinnelig port for oppstrøms oppslag."
 
-#: option.c:498
+#: option.c:527
 #, fuzzy
 msgid "Proxy DNSSEC validation results from upstream nameservers."
 msgstr "Oversett IPv4 adresser fra oppstrøms tjenere."
 
-#: option.c:499
+#: option.c:528
 msgid "Attempt to allocate sequential IP addresses to DHCP clients."
 msgstr ""
 
-#: option.c:500
+#: option.c:529
 #, fuzzy
 msgid "Ignore client identifier option sent by DHCP clients."
 msgstr "Sett ekstra opsjoner som skal fordeles til DHCP klientene."
 
-#: option.c:501
+#: option.c:530
 msgid "Copy connection-track mark from queries to upstream connections."
 msgstr ""
 
-#: option.c:502
+#: option.c:531
 msgid "Allow DHCP clients to do their own DDNS updates."
 msgstr ""
 
-#: option.c:503
+#: option.c:532
 msgid "Send router-advertisements for interfaces doing DHCPv6"
 msgstr ""
 
-#: option.c:504
+#: option.c:533
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
 msgstr ""
 
-#: option.c:505
+#: option.c:534
 #, fuzzy
 msgid "Specify host (A/AAAA and PTR) records"
 msgstr "Spesifiser en MX post."
 
-#: option.c:506
+#: option.c:535
 msgid "Specify host record in interface subnet"
 msgstr ""
 
-#: option.c:507
+#: option.c:536
 msgid "Specify certification authority authorization record"
 msgstr ""
 
-#: option.c:508
+#: option.c:537
 #, fuzzy
 msgid "Specify arbitrary DNS resource record"
 msgstr "Spesifiser TXT DNS post."
 
-#: option.c:509
+#: option.c:538
 #, fuzzy
 msgid "Bind to interfaces in use - check for new interfaces"
 msgstr "ukjent tilknytning (interface) %s"
 
-#: option.c:510
+#: option.c:539
 msgid "Export local names to global DNS"
 msgstr ""
 
-#: option.c:511
+#: option.c:540
 msgid "Domain to export to global DNS"
 msgstr ""
 
-#: option.c:512
+#: option.c:541
 msgid "Set TTL for authoritative replies"
 msgstr ""
 
-#: option.c:513
+#: option.c:542
 msgid "Set authoritative zone information"
 msgstr ""
 
-#: option.c:514
+#: option.c:543
 msgid "Secondary authoritative nameservers for forward domains"
 msgstr ""
 
-#: option.c:515
+#: option.c:544
 msgid "Peers which are allowed to do zone transfer"
 msgstr ""
 
-#: option.c:516
+#: option.c:545
 msgid "Specify ipsets to which matching domains should be added"
 msgstr ""
 
-#: option.c:517
+#: option.c:546
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr ""
+
+#: option.c:547
 msgid "Enable filtering of DNS queries with connection-track marks."
 msgstr ""
 
-#: option.c:518
+#: option.c:548
 msgid "Set allowed DNS patterns for a connection-track mark."
 msgstr ""
 
-#: option.c:519
+#: option.c:549
 msgid "Specify a domain and address range for synthesised names"
 msgstr ""
 
-#: option.c:520
+#: option.c:550
 msgid "Activate DNSSEC validation"
 msgstr ""
 
-#: option.c:521
+#: option.c:551
 msgid "Specify trust anchor key digest."
 msgstr ""
 
-#: option.c:522
+#: option.c:552
 msgid "Disable upstream checking for DNSSEC debugging."
 msgstr ""
 
-#: option.c:523
+#: option.c:553
 msgid "Ensure answers without DNSSEC are in unsigned zones."
 msgstr ""
 
-#: option.c:524
+#: option.c:554
 msgid "Don't check DNSSEC signature timestamps until first cache-reload"
 msgstr ""
 
-#: option.c:525
+#: option.c:555
 msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr ""
 
-#: option.c:526
+#: option.c:556
 msgid "Set MTU, priority, resend-interval and router-lifetime"
 msgstr ""
 
-#: option.c:527
+#: option.c:557
 msgid "Do not log routine DHCP."
 msgstr ""
 
-#: option.c:528
+#: option.c:558
 msgid "Do not log routine DHCPv6."
 msgstr ""
 
-#: option.c:529
+#: option.c:559
 msgid "Do not log RA."
 msgstr ""
 
-#: option.c:530
+#: option.c:560
 msgid "Log debugging information."
 msgstr ""
 
-#: option.c:531
+#: option.c:561
 msgid "Accept queries only from directly-connected networks."
 msgstr ""
 
-#: option.c:532
+#: option.c:562
 msgid "Detect and remove DNS forwarding loops."
 msgstr ""
 
-#: option.c:533
+#: option.c:563
 msgid "Ignore DNS responses containing ipaddr."
 msgstr ""
 
-#: option.c:534
+#: option.c:564
 msgid "Set TTL in DNS responses with DHCP-derived addresses."
 msgstr ""
 
-#: option.c:535
+#: option.c:565
 msgid "Delay DHCP replies for at least number of seconds."
 msgstr ""
 
-#: option.c:536
+#: option.c:566
 msgid "Enables DHCPv4 Rapid Commit option."
 msgstr ""
 
-#: option.c:537
+#: option.c:567
 msgid "Path to debug packet dump file"
 msgstr ""
 
-#: option.c:538
+#: option.c:568
 msgid "Mask which packets to dump"
 msgstr ""
 
-#: option.c:539
+#: option.c:569
 msgid "Call dhcp-script when lease expiry changes."
 msgstr ""
 
-#: option.c:540
+#: option.c:570
 msgid "Send Cisco Umbrella identifiers including remote IP."
 msgstr ""
 
-#: option.c:541
+#: option.c:571
 msgid "Do not log routine TFTP."
 msgstr ""
 
-#: option.c:771
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
+#: option.c:802
 #, c-format
 msgid ""
 "Usage: dnsmasq [options]\n"
@@ -855,397 +910,443 @@ msgstr ""
 "Bruk: dnsmasq [opsjoner]\n"
 "\n"
 
-#: option.c:773
+#: option.c:804
 #, c-format
 msgid "Use short options only on the command line.\n"
 msgstr "Bruk korte opsjoner kun på kommandolinjen.\n"
 
-#: option.c:775
+#: option.c:806
 #, fuzzy, c-format
 msgid "Valid options are:\n"
 msgstr "Gyldige opsjoner er :\n"
 
-#: option.c:822 option.c:933
+#: option.c:853 option.c:1055
 #, fuzzy
 msgid "bad address"
 msgstr "les %s - %d adresser"
 
-#: option.c:847 option.c:851
+#: option.c:882 option.c:886
 msgid "bad port"
 msgstr "dårlig port"
 
-#: option.c:864 option.c:893 option.c:927
+#: option.c:899 option.c:1002 option.c:1048
 msgid "interface binding not supported"
 msgstr ""
 
-#: option.c:888 option.c:922
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
 msgid "interface can only be specified once"
 msgstr ""
 
-#: option.c:901 option.c:4362
+#: option.c:1011 option.c:4785
 #, fuzzy
 msgid "bad interface name"
 msgstr "dårlig MX navn"
 
-#: option.c:1192
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
+msgstr ""
+
+#: option.c:1124
+#, fuzzy
+msgid "bad IPv4 prefix length"
+msgstr "dårlig port"
+
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr "feil"
+
+#: option.c:1207
+#, fuzzy
+msgid "bad IPv6 prefix length"
+msgstr "dårlig port"
+
+#: option.c:1467
 msgid "inappropriate vendor:"
 msgstr ""
 
-#: option.c:1199
+#: option.c:1474
 msgid "inappropriate encap:"
 msgstr ""
 
-#: option.c:1225
+#: option.c:1500
 msgid "unsupported encapsulation for IPv6 option"
 msgstr ""
 
-#: option.c:1239
+#: option.c:1514
 msgid "bad dhcp-option"
 msgstr "dårlig dhcp-opsjon"
 
-#: option.c:1317
+#: option.c:1592
 #, fuzzy
 msgid "bad IP address"
 msgstr "les %s - %d adresser"
 
-#: option.c:1320 option.c:1459 option.c:3551
+#: option.c:1595 option.c:1734 option.c:3928
 #, fuzzy
 msgid "bad IPv6 address"
 msgstr "les %s - %d adresser"
 
-#: option.c:1413
+#: option.c:1688
 #, fuzzy
 msgid "bad IPv4 address"
 msgstr "les %s - %d adresser"
 
-#: option.c:1486 option.c:1581
+#: option.c:1761 option.c:1856
 msgid "bad domain in dhcp-option"
 msgstr "dårlig domene i dhcp-opsjon"
 
-#: option.c:1625
+#: option.c:1900
 msgid "dhcp-option too long"
 msgstr "dhcp-opsjon for lang"
 
-#: option.c:1632
+#: option.c:1907
 msgid "illegal dhcp-match"
 msgstr ""
 
-#: option.c:1691
+#: option.c:1966
 msgid "illegal repeated flag"
 msgstr ""
 
-#: option.c:1699
+#: option.c:1974
 msgid "illegal repeated keyword"
 msgstr ""
 
-#: option.c:1770 option.c:5080
+#: option.c:2056 option.c:5533
 #, fuzzy, c-format
 msgid "cannot access directory %s: %s"
 msgstr "kan ikke lese %s: %s"
 
-#: option.c:1816 tftp.c:566 dump.c:68
+#: option.c:2102 tftp.c:573 dump.c:72
 #, fuzzy, c-format
 msgid "cannot access %s: %s"
 msgstr "kan ikke lese %s: %s"
 
-#: option.c:1931
+#: option.c:2219
 msgid "setting log facility is not possible under Android"
 msgstr ""
 
-#: option.c:1940
+#: option.c:2228
 msgid "bad log facility"
 msgstr ""
 
-#: option.c:1993
+#: option.c:2281
 msgid "bad MX preference"
 msgstr "dårlig MX preferanse"
 
-#: option.c:1998
+#: option.c:2289
 msgid "bad MX name"
 msgstr "dårlig MX navn"
 
-#: option.c:2012
+#: option.c:2304
 msgid "bad MX target"
 msgstr "dårlig MX mål"
 
-#: option.c:2032
+#: option.c:2324
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
 msgstr ""
 
-#: option.c:2036
+#: option.c:2328
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
 msgstr ""
 
-#: option.c:2291 option.c:2327
+#: option.c:2447
+#, fuzzy
+msgid "invalid auth-zone"
+msgstr "ugyldig vekt"
+
+#: option.c:2589 option.c:2621
 #, fuzzy
 msgid "bad prefix length"
 msgstr "dårlig port"
 
-#: option.c:2303 option.c:2348 option.c:2398
+#: option.c:2601 option.c:2642 option.c:2696
 #, fuzzy
 msgid "bad prefix"
 msgstr "dårlig port"
 
-#: option.c:2418
+#: option.c:2716
 msgid "prefix length too small"
 msgstr ""
 
-#: option.c:2697
+#: option.c:3010
 #, fuzzy
 msgid "Bad address in --address"
 msgstr "adresse i bruk"
 
-#: option.c:2751
-#, fuzzy
-msgid "bad IPv4 prefix"
-msgstr "dårlig port"
-
-#: option.c:2756 option.c:3569
-#, fuzzy
-msgid "bad IPv6 prefix"
-msgstr "dårlig port"
-
-#: option.c:2777
+#: option.c:3110
 msgid "recompile with HAVE_IPSET defined to enable ipset directives"
 msgstr ""
 
-#: option.c:2843 option.c:2861
+#: option.c:3117
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
+msgstr ""
+
+#: option.c:3192 option.c:3210
 msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
 msgstr ""
 
-#: option.c:3119
+#: option.c:3496
 #, fuzzy
 msgid "bad port range"
 msgstr "dårlig port"
 
-#: option.c:3145
+#: option.c:3522
 msgid "bad bridge-interface"
 msgstr ""
 
-#: option.c:3189
+#: option.c:3566
 msgid "bad shared-network"
 msgstr ""
 
-#: option.c:3243
+#: option.c:3620
 msgid "only one tag allowed"
 msgstr ""
 
-#: option.c:3264 option.c:3280 option.c:3406 option.c:3414 option.c:3457
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
 msgid "bad dhcp-range"
 msgstr "dårlig dhcp-område"
 
-#: option.c:3298
+#: option.c:3675
 msgid "inconsistent DHCP range"
 msgstr "ikke konsistent DHCP område"
 
-#: option.c:3364
+#: option.c:3741
 msgid "prefix length must be exactly 64 for RA subnets"
 msgstr ""
 
-#: option.c:3366
+#: option.c:3743
 msgid "prefix length must be exactly 64 for subnet constructors"
 msgstr ""
 
-#: option.c:3369
+#: option.c:3746
 msgid "prefix length must be at least 64"
 msgstr ""
 
-#: option.c:3372
+#: option.c:3749
 #, fuzzy
 msgid "inconsistent DHCPv6 range"
 msgstr "ikke konsistent DHCP område"
 
-#: option.c:3391
+#: option.c:3768
 msgid "prefix must be zero with \"constructor:\" argument"
 msgstr ""
 
-#: option.c:3516 option.c:3594
+#: option.c:3893 option.c:3971
 #, fuzzy
 msgid "bad hex constant"
 msgstr "dårlig dhcp-vert"
 
-#: option.c:3617
+#: option.c:3946
+#, fuzzy
+msgid "bad IPv6 prefix"
+msgstr "dårlig port"
+
+#: option.c:3994
 #, fuzzy, c-format
 msgid "duplicate dhcp-host IP address %s"
 msgstr "dubliserte IP adresser i %s dhcp-config direktiv."
 
-#: option.c:3678
+#: option.c:4056
 #, fuzzy
 msgid "bad DHCP host name"
 msgstr "dårlig MX navn"
 
-#: option.c:3764
+#: option.c:4142
 #, fuzzy
 msgid "bad tag-if"
 msgstr "dårlig MX mål"
 
-#: option.c:4107 option.c:4623
+#: option.c:4490 option.c:5046
 msgid "invalid port number"
 msgstr "ugyldig portnummer"
 
-#: option.c:4163
+#: option.c:4546
 #, fuzzy
 msgid "bad dhcp-proxy address"
 msgstr "les %s - %d adresser"
 
-#: option.c:4204
+#: option.c:4627
 #, fuzzy
 msgid "Bad dhcp-relay"
 msgstr "dårlig dhcp-område"
 
-#: option.c:4248
+#: option.c:4671
 msgid "bad RA-params"
 msgstr ""
 
-#: option.c:4258
+#: option.c:4681
 msgid "bad DUID"
 msgstr ""
 
-#: option.c:4292
+#: option.c:4715
 #, fuzzy
 msgid "missing address in alias"
 msgstr "adresse i bruk"
 
-#: option.c:4298
+#: option.c:4721
 #, fuzzy
 msgid "invalid alias range"
 msgstr "ugyldig vekt"
 
-#: option.c:4347
+#: option.c:4770
 #, fuzzy
 msgid "missing address in dynamic host"
 msgstr "adresse i bruk"
 
-#: option.c:4362
+#: option.c:4785
 #, fuzzy
 msgid "bad dynamic host"
 msgstr "kan ikke lese %s: %s"
 
-#: option.c:4380 option.c:4396
+#: option.c:4803 option.c:4819
 msgid "bad CNAME"
 msgstr ""
 
-#: option.c:4404
+#: option.c:4827
 msgid "duplicate CNAME"
 msgstr ""
 
-#: option.c:4431
+#: option.c:4854
 #, fuzzy
 msgid "bad PTR record"
 msgstr "dårlig SRV post"
 
-#: option.c:4466
+#: option.c:4889
 #, fuzzy
 msgid "bad NAPTR record"
 msgstr "dårlig SRV post"
 
-#: option.c:4502
+#: option.c:4925
 #, fuzzy
 msgid "bad RR record"
 msgstr "dårlig SRV post"
 
-#: option.c:4535
+#: option.c:4958
 #, fuzzy
 msgid "bad CAA record"
 msgstr "dårlig SRV post"
 
-#: option.c:4564
+#: option.c:4987
 msgid "bad TXT record"
 msgstr "dårlig TXT post"
 
-#: option.c:4607
+#: option.c:5030
 msgid "bad SRV record"
 msgstr "dårlig SRV post"
 
-#: option.c:4614
+#: option.c:5037
 msgid "bad SRV target"
 msgstr "dårlig SRV mål"
 
-#: option.c:4633
+#: option.c:5056
 msgid "invalid priority"
 msgstr "ugyldig prioritet"
 
-#: option.c:4638
+#: option.c:5061
 msgid "invalid weight"
 msgstr "ugyldig vekt"
 
-#: option.c:4661
+#: option.c:5084
 #, fuzzy
 msgid "Bad host-record"
 msgstr "dårlig SRV post"
 
-#: option.c:4700
+#: option.c:5123
 #, fuzzy
 msgid "Bad name in host-record"
 msgstr "dårlig navn i %s"
 
-#: option.c:4742
+#: option.c:5165
 msgid "bad value for dnssec-check-unsigned"
 msgstr ""
 
-#: option.c:4778
+#: option.c:5201
 #, fuzzy
 msgid "bad trust anchor"
 msgstr "dårlig port"
 
-#: option.c:4794
+#: option.c:5217
 msgid "bad HEX in trust anchor"
 msgstr ""
 
-#: option.c:4805
+#: option.c:5228
 msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
 msgstr ""
 
-#: option.c:4865
+#: option.c:5290
 msgid "missing \""
 msgstr "mangler \""
 
-#: option.c:4922
+#: option.c:5347
 msgid "bad option"
 msgstr "dårlig opsjon"
 
-#: option.c:4924
+#: option.c:5349
 msgid "extraneous parameter"
 msgstr "overflødig parameter"
 
-#: option.c:4926
+#: option.c:5351
 msgid "missing parameter"
 msgstr "mangler parameter"
 
-#: option.c:4928
+#: option.c:5353
 #, fuzzy
 msgid "illegal option"
 msgstr "dårlig opsjon"
 
-#: option.c:4935
-msgid "error"
-msgstr "feil"
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
+msgstr ""
 
-#: option.c:4937
+#: option.c:5365
 #, fuzzy, c-format
 msgid " at line %d of %s"
 msgstr "%s på linje %d av %%s"
 
-#: option.c:4952 option.c:5229 option.c:5240
+#: option.c:5380 option.c:5683 option.c:5694
 #, fuzzy, c-format
 msgid "read %s"
 msgstr "leser %s"
 
-#: option.c:5015 option.c:5162 tftp.c:775
+#: option.c:5446
+#, fuzzy, c-format
+msgid "cannot execute %s: %s"
+msgstr "kan ikke lese %s: %s"
+
+#: option.c:5454 option.c:5615 tftp.c:790
 #, c-format
 msgid "cannot read %s: %s"
 msgstr "kan ikke lese %s: %s"
 
-#: option.c:5316
+#: option.c:5473
+#, fuzzy, c-format
+msgid "error executing %s: %s"
+msgstr "feilet å få tilgang til %s: %s"
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr ""
+
+#: option.c:5775
 msgid "junk found in command line"
 msgstr ""
 
-#: option.c:5356
+#: option.c:5815
 #, c-format
 msgid "Dnsmasq version %s  %s\n"
 msgstr "Dnsmasq versjon %s %s\n"
 
-#: option.c:5357
+#: option.c:5816
 #, fuzzy, c-format
 msgid ""
 "Compile time options: %s\n"
@@ -1254,661 +1355,700 @@ msgstr ""
 "Kompileringsopsjoner %s\n"
 "\n"
 
-#: option.c:5358
+#: option.c:5817
 #, c-format
 msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
 msgstr "Denne programvaren kommer med ABSOLUTT INGEN GARANTI.\n"
 
-#: option.c:5359
+#: option.c:5818
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
 msgstr "DNsmasq er fri programvare, du er velkommen til å redistribuere den\n"
 
-#: option.c:5360
+#: option.c:5819
 #, fuzzy, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
 msgstr "under vilkårene gitt i GNU General Public License, versjon 2.\n"
 
-#: option.c:5377
+#: option.c:5836
 msgid "try --help"
 msgstr ""
 
-#: option.c:5379
+#: option.c:5838
 msgid "try -w"
 msgstr ""
 
-#: option.c:5381
+#: option.c:5840
 #, fuzzy, c-format
 msgid "bad command line options: %s"
 msgstr "dårlige kommandlinje opsjoner: %s."
 
-#: option.c:5450
+#: option.c:5909
 #, c-format
 msgid "CNAME loop involving %s"
 msgstr ""
 
-#: option.c:5491
+#: option.c:5950
 #, c-format
 msgid "cannot get host-name: %s"
 msgstr "klarer ikke å få vertsnavn: %s"
 
-#: option.c:5519
+#: option.c:5978
 msgid "only one resolv.conf file allowed in no-poll mode."
 msgstr "kun en resolv.conf fil tillat i no-poll modus."
 
-#: option.c:5529
+#: option.c:5988
 msgid "must have exactly one resolv.conf to read domain from."
 msgstr "må ha nøyaktig en resolv.conf å lese domene fra."
 
-#: option.c:5532 network.c:1670 dhcp.c:880
+#: option.c:5991 network.c:1727 dhcp.c:892
 #, fuzzy, c-format
 msgid "failed to read %s: %s"
 msgstr "feilet å lese %s: %s"
 
-#: option.c:5549
+#: option.c:6008
 #, c-format
 msgid "no search directive found in %s"
 msgstr "intet søke direktiv funnet i %s"
 
-#: option.c:5570
+#: option.c:6029
 msgid "there must be a default domain when --dhcp-fqdn is set"
 msgstr ""
 
-#: option.c:5579
+#: option.c:6038
 msgid "syntax check OK"
 msgstr ""
 
-#: forward.c:104
+#: forward.c:107
 #, fuzzy, c-format
 msgid "failed to send packet: %s"
 msgstr "feilet å lytte på socket: %s"
 
-#: forward.c:601
+#: forward.c:715
 msgid "discarding DNS reply: subnet option mismatch"
 msgstr ""
 
-#: forward.c:666
+#: forward.c:780
 #, c-format
 msgid "nameserver %s refused to do a recursive query"
 msgstr "navnetjener %s nektet å gjøre et rekursivt oppslag"
 
-#: forward.c:702
+#: forward.c:826
 #, c-format
 msgid "possible DNS-rebind attack detected: %s"
 msgstr ""
 
-#: forward.c:1074
+#: forward.c:1239
 #, c-format
 msgid "reducing DNS packet size for nameserver %s to %d"
 msgstr ""
 
-#: forward.c:1381 forward.c:1910
-msgid "Ignoring query from non-local network"
+#: forward.c:1565
+#, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
+msgstr ""
+
+#: forward.c:2139
+#, c-format
+msgid "ignoring query from non-local network %s"
 msgstr ""
 
-#: forward.c:2198
+#: forward.c:2501
 #, fuzzy, c-format
 msgid "failed to bind server socket to %s: %s"
 msgstr "feilet å binde lytte socket for %s: %s"
 
-#: forward.c:2494
+#: forward.c:2867
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
 msgstr "Spesifiser maksimum antall DHCP leier (standard er %s)"
 
-#: forward.c:2496
+#: forward.c:2869
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
 msgstr "Spesifiser maksimum antall DHCP leier (standard er %s)"
 
-#: network.c:670
+#: network.c:700
 #, c-format
 msgid "stopped listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:867
+#: network.c:911
 #, fuzzy, c-format
 msgid "failed to create listening socket for %s: %s"
 msgstr "feilet å lage lytte socket: %s"
 
-#: network.c:1148
+#: network.c:1192
 #, c-format
 msgid "listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:1175
+#: network.c:1219
 #, fuzzy, c-format
 msgid "listening on %s port %d"
 msgstr "feilet å lese %s: %s"
 
-#: network.c:1208
+#: network.c:1252
 #, c-format
 msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
 msgstr ""
 
-#: network.c:1215
+#: network.c:1259
 msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
 msgstr ""
 
-#: network.c:1224
+#: network.c:1268
 #, fuzzy, c-format
 msgid "warning: using interface %s instead"
 msgstr "advarsel: nettverkskort %s eksisterer ikke for tiden"
 
-#: network.c:1233
+#: network.c:1277
 #, fuzzy, c-format
 msgid "warning: no addresses found for interface %s"
 msgstr "benytter lokale adresser kun for %s %s"
 
-#: network.c:1291
+#: network.c:1335
 #, fuzzy, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
 msgstr "feilet å binde DHCP tjener socket: %s"
 
-#: network.c:1296
+#: network.c:1340
 msgid "try increasing /proc/sys/net/core/optmem_max"
 msgstr ""
 
-#: network.c:1492
+#: network.c:1545
 #, fuzzy, c-format
 msgid "failed to bind server socket for %s: %s"
 msgstr "feilet å binde lytte socket for %s: %s"
 
-#: network.c:1569
+#: network.c:1622
 #, c-format
 msgid "ignoring nameserver %s - local interface"
 msgstr "ignorerer navnetjener %s - lokal tilknytning"
 
-#: network.c:1580
+#: network.c:1633
 #, fuzzy, c-format
 msgid "ignoring nameserver %s - cannot make/bind socket: %s"
 msgstr "ignorerer navnetjener %s - kan ikke lage/dinde socket: %s"
 
-#: network.c:1598
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr ""
+
+#: network.c:1654
 msgid "(no DNSSEC)"
 msgstr ""
 
-#: network.c:1601
+#: network.c:1657
 msgid "unqualified"
 msgstr "ikke kvalifisert"
 
-#: network.c:1601
+#: network.c:1657
 msgid "names"
 msgstr ""
 
-#: network.c:1603
+#: network.c:1659
 msgid "default"
 msgstr ""
 
-#: network.c:1605
+#: network.c:1661
 msgid "domain"
 msgstr "domene"
 
-#: network.c:1607
+#: network.c:1663
 #, fuzzy, c-format
 msgid "using nameserver %s#%d for %s %s%s %s"
 msgstr "benytter navnetjener %s#%d for %s %s"
 
-#: network.c:1611
+#: network.c:1667
 #, fuzzy, c-format
 msgid "NOT using nameserver %s#%d - query loop detected"
 msgstr "benytter navnetjener %s#%d for %s %s"
 
-#: network.c:1614
+#: network.c:1670
 #, fuzzy, c-format
 msgid "using nameserver %s#%d(via %s)"
 msgstr "benytter navnetjener %s#%d"
 
-#: network.c:1616
+#: network.c:1672
 #, c-format
 msgid "using nameserver %s#%d"
 msgstr "benytter navnetjener %s#%d"
 
-#: network.c:1630
+#: network.c:1687
 #, fuzzy, c-format
 msgid "using only locally-known addresses for %s"
 msgstr "benytter lokale adresser kun for %s %s"
 
-#: network.c:1633
+#: network.c:1690
 #, fuzzy, c-format
 msgid "using standard nameservers for %s"
 msgstr "benytter navnetjener %s#%d for %s %s"
 
-#: network.c:1637
+#: network.c:1694
 #, fuzzy, c-format
 msgid "using %d more local addresses"
 msgstr "benytter navnetjener %s#%d"
 
-#: network.c:1639
+#: network.c:1696
 #, fuzzy, c-format
 msgid "using %d more nameservers"
 msgstr "benytter navnetjener %s#%d"
 
-#: dnsmasq.c:184
+#: dnsmasq.c:192
 msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
 msgstr ""
 
-#: dnsmasq.c:199
+#: dnsmasq.c:207
 msgid "no root trust anchor provided for DNSSEC"
 msgstr ""
 
-#: dnsmasq.c:202
+#: dnsmasq.c:210
 msgid "cannot reduce cache size from default when DNSSEC enabled"
 msgstr ""
 
-#: dnsmasq.c:204
+#: dnsmasq.c:212
 #, fuzzy
 msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
 msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
 
-#: dnsmasq.c:210
+#: dnsmasq.c:218
 #, fuzzy
 msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
 msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
 
-#: dnsmasq.c:217
+#: dnsmasq.c:225
 msgid "cannot use --conntrack AND --query-port"
 msgstr ""
 
-#: dnsmasq.c:223
+#: dnsmasq.c:231
 #, fuzzy
 msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
 msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
 
-#: dnsmasq.c:228
+#: dnsmasq.c:236
 msgid "asynchronous logging is not available under Solaris"
 msgstr ""
 
-#: dnsmasq.c:233
+#: dnsmasq.c:241
 msgid "asynchronous logging is not available under Android"
 msgstr ""
 
-#: dnsmasq.c:238
+#: dnsmasq.c:246
 #, fuzzy
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
 msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
 
-#: dnsmasq.c:243
+#: dnsmasq.c:251
 #, fuzzy
 msgid "loop detection not available: set HAVE_LOOP in src/config.h"
 msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
 
-#: dnsmasq.c:248
+#: dnsmasq.c:256
 #, fuzzy
 msgid "Ubus not available: set HAVE_UBUS in src/config.h"
 msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
 
-#: dnsmasq.c:259
+#: dnsmasq.c:267
 msgid "max_port cannot be smaller than min_port"
 msgstr ""
 
-#: dnsmasq.c:266
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
 msgid "--auth-server required when an auth zone is defined."
 msgstr ""
 
-#: dnsmasq.c:271
+#: dnsmasq.c:283
 msgid "zone serial must be configured in --auth-soa"
 msgstr ""
 
-#: dnsmasq.c:291
+#: dnsmasq.c:303
 msgid "dhcp-range constructor not available on this platform"
 msgstr ""
 
-#: dnsmasq.c:355
+#: dnsmasq.c:377
 msgid "cannot set --bind-interfaces and --bind-dynamic"
 msgstr ""
 
-#: dnsmasq.c:358
+#: dnsmasq.c:380
 #, c-format
 msgid "failed to find list of interfaces: %s"
 msgstr "feilet å finne liste av tilknytninger (interfaces): %s"
 
-#: dnsmasq.c:367
+#: dnsmasq.c:389
 #, c-format
 msgid "unknown interface %s"
 msgstr "ukjent tilknytning (interface) %s"
 
-#: dnsmasq.c:437
+#: dnsmasq.c:396
+#, fuzzy, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr "feilet å sette SO_REUSEADDR på DHCP socket: %s"
+
+#: dnsmasq.c:440
 #, fuzzy
 msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
 msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
 
-#: dnsmasq.c:445 dnsmasq.c:1207
+#: dnsmasq.c:448 dnsmasq.c:1232
 #, c-format
 msgid "DBus error: %s"
 msgstr "DBus feil: %s"
 
-#: dnsmasq.c:448
+#: dnsmasq.c:451
 msgid "DBus not available: set HAVE_DBUS in src/config.h"
 msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
 
-#: dnsmasq.c:456 dnsmasq.c:1228
+#: dnsmasq.c:459 dnsmasq.c:1253
 #, fuzzy, c-format
 msgid "UBus error: %s"
 msgstr "DBus feil: %s"
 
-#: dnsmasq.c:459
+#: dnsmasq.c:462
 #, fuzzy
 msgid "UBus not available: set HAVE_UBUS in src/config.h"
 msgstr "DBus ikke tilgjengelig: sett HAVE_DBUS i src/config.h"
 
-#: dnsmasq.c:489
+#: dnsmasq.c:492
 #, c-format
 msgid "unknown user or group: %s"
 msgstr ""
 
-#: dnsmasq.c:565
+#: dnsmasq.c:568
 #, c-format
 msgid "process is missing required capability %s"
 msgstr ""
 
-#: dnsmasq.c:597
+#: dnsmasq.c:600
 #, c-format
 msgid "cannot chdir to filesystem root: %s"
 msgstr ""
 
-#: dnsmasq.c:845
+#: dnsmasq.c:852
 #, fuzzy, c-format
 msgid "started, version %s DNS disabled"
 msgstr "startet, versjon %s mellomlager deaktivert"
 
-#: dnsmasq.c:850
+#: dnsmasq.c:857
 #, c-format
 msgid "started, version %s cachesize %d"
 msgstr "startet, versjon %s mellomlager størrelse %d"
 
-#: dnsmasq.c:852
+#: dnsmasq.c:859
 msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
 msgstr ""
 
-#: dnsmasq.c:855
+#: dnsmasq.c:862
 #, c-format
 msgid "started, version %s cache disabled"
 msgstr "startet, versjon %s mellomlager deaktivert"
 
-#: dnsmasq.c:858
+#: dnsmasq.c:865
 msgid "DNS service limited to local subnets"
 msgstr ""
 
-#: dnsmasq.c:861
+#: dnsmasq.c:868
 #, c-format
 msgid "compile time options: %s"
 msgstr "kompilerings opsjoner: %s"
 
-#: dnsmasq.c:870
+#: dnsmasq.c:877
 msgid "DBus support enabled: connected to system bus"
 msgstr "DBus støtte aktivert: koblet til system buss"
 
-#: dnsmasq.c:872
+#: dnsmasq.c:879
 msgid "DBus support enabled: bus connection pending"
 msgstr "DBus støtte aktivert: avventer buss tilkobling"
 
-#: dnsmasq.c:880
+#: dnsmasq.c:887
 #, fuzzy
 msgid "UBus support enabled: connected to system bus"
 msgstr "DBus støtte aktivert: koblet til system buss"
 
-#: dnsmasq.c:882
+#: dnsmasq.c:889
 #, fuzzy
 msgid "UBus support enabled: bus connection pending"
 msgstr "DBus støtte aktivert: avventer buss tilkobling"
 
-#: dnsmasq.c:902
+#: dnsmasq.c:909
 msgid "DNSSEC validation enabled but all unsigned answers are trusted"
 msgstr ""
 
-#: dnsmasq.c:904
+#: dnsmasq.c:911
 msgid "DNSSEC validation enabled"
 msgstr ""
 
-#: dnsmasq.c:908
+#: dnsmasq.c:915
 msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
 msgstr ""
 
-#: dnsmasq.c:911
+#: dnsmasq.c:918
 msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr ""
 
-#: dnsmasq.c:914
+#: dnsmasq.c:921
 #, c-format
 msgid "configured with trust anchor for %s keytag %u"
 msgstr ""
 
-#: dnsmasq.c:920
+#: dnsmasq.c:927
 #, fuzzy, c-format
 msgid "warning: failed to change owner of %s: %s"
 msgstr "feilet å laste navn fra %s: %s"
 
-#: dnsmasq.c:924
+#: dnsmasq.c:932
 msgid "setting --bind-interfaces option because of OS limitations"
 msgstr "setter --bind-interfaces opsjon på grunn av OS begrensninger"
 
-#: dnsmasq.c:936
+#: dnsmasq.c:945
 #, c-format
 msgid "warning: interface %s does not currently exist"
 msgstr "advarsel: nettverkskort %s eksisterer ikke for tiden"
 
-#: dnsmasq.c:941
+#: dnsmasq.c:950
 msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr ""
 
-#: dnsmasq.c:944
+#: dnsmasq.c:953
 #, fuzzy
 msgid "warning: no upstream servers configured"
 msgstr "setter oppstrøms tjener fra DBus"
 
-#: dnsmasq.c:948
+#: dnsmasq.c:957
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
 msgstr ""
 
-#: dnsmasq.c:969
+#: dnsmasq.c:978
 msgid "IPv6 router advertisement enabled"
 msgstr ""
 
-#: dnsmasq.c:974
+#: dnsmasq.c:983
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "root is "
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 #, fuzzy
 msgid "enabled"
 msgstr "deaktivert"
 
-#: dnsmasq.c:993
+#: dnsmasq.c:1002
 msgid "secure mode"
 msgstr ""
 
-#: dnsmasq.c:994
+#: dnsmasq.c:1003
 #, fuzzy
 msgid "single port mode"
 msgstr "ugyldig portnummer"
 
-#: dnsmasq.c:997
+#: dnsmasq.c:1006
 #, c-format
 msgid "warning: %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1001
+#: dnsmasq.c:1010
 #, c-format
 msgid "warning: TFTP directory %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1027
+#: dnsmasq.c:1036
 #, c-format
 msgid "restricting maximum simultaneous TFTP transfers to %d"
 msgstr ""
 
-#: dnsmasq.c:1204
+#: dnsmasq.c:1095
+#, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr ""
+
+#: dnsmasq.c:1229
 msgid "connected to system DBus"
 msgstr "tilkoblet til system DBus"
 
-#: dnsmasq.c:1225
+#: dnsmasq.c:1250
 #, fuzzy
 msgid "connected to system UBus"
 msgstr "tilkoblet til system DBus"
 
-#: dnsmasq.c:1391
+#: dnsmasq.c:1416
 #, c-format
 msgid "cannot fork into background: %s"
 msgstr ""
 
-#: dnsmasq.c:1395
+#: dnsmasq.c:1420
 #, fuzzy, c-format
 msgid "failed to create helper: %s"
 msgstr "feilet å lese %s: %s"
 
-#: dnsmasq.c:1399
+#: dnsmasq.c:1424
 #, c-format
 msgid "setting capabilities failed: %s"
 msgstr ""
 
-#: dnsmasq.c:1403
+#: dnsmasq.c:1428
 #, fuzzy, c-format
 msgid "failed to change user-id to %s: %s"
 msgstr "feilet å laste navn fra %s: %s"
 
-#: dnsmasq.c:1407
+#: dnsmasq.c:1432
 #, fuzzy, c-format
 msgid "failed to change group-id to %s: %s"
 msgstr "feilet å laste navn fra %s: %s"
 
-#: dnsmasq.c:1411
+#: dnsmasq.c:1436
 #, fuzzy, c-format
 msgid "failed to open pidfile %s: %s"
 msgstr "feilet å lese %s: %s"
 
-#: dnsmasq.c:1415
+#: dnsmasq.c:1440
 #, fuzzy, c-format
 msgid "cannot open log %s: %s"
 msgstr "kan ikke åpne %s:%s"
 
-#: dnsmasq.c:1419
+#: dnsmasq.c:1444
 #, fuzzy, c-format
 msgid "failed to load Lua script: %s"
 msgstr "feilet å laste %s: %s"
 
-#: dnsmasq.c:1423
+#: dnsmasq.c:1448
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
 msgstr ""
 
-#: dnsmasq.c:1427
+#: dnsmasq.c:1452
 #, fuzzy, c-format
 msgid "cannot create timestamp file %s: %s"
 msgstr "kan ikke åpne eller lage leie fil: %s"
 
-#: dnsmasq.c:1511
+#: dnsmasq.c:1536
 #, c-format
 msgid "script process killed by signal %d"
 msgstr ""
 
-#: dnsmasq.c:1515
+#: dnsmasq.c:1540
 #, c-format
 msgid "script process exited with status %d"
 msgstr ""
 
-#: dnsmasq.c:1519
+#: dnsmasq.c:1544
 #, fuzzy, c-format
 msgid "failed to execute %s: %s"
 msgstr "feilet å få tilgang til %s: %s"
 
-#: dnsmasq.c:1559
+#: dnsmasq.c:1584
 msgid "now checking DNSSEC signature timestamps"
 msgstr ""
 
-#: dnsmasq.c:1594 dnssec.c:160 dnssec.c:204
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
 #, fuzzy, c-format
 msgid "failed to update mtime on %s: %s"
 msgstr "feilet å lese %s: %s"
 
-#: dnsmasq.c:1606
+#: dnsmasq.c:1631
 msgid "exiting on receipt of SIGTERM"
 msgstr "avslutter etter mottak av SIGTERM"
 
-#: dnsmasq.c:1634
+#: dnsmasq.c:1659
 #, fuzzy, c-format
 msgid "failed to access %s: %s"
 msgstr "feilet å få tilgang til %s: %s"
 
-#: dnsmasq.c:1664
+#: dnsmasq.c:1690
 #, c-format
 msgid "reading %s"
 msgstr "leser %s"
 
-#: dnsmasq.c:1675
+#: dnsmasq.c:1706
 #, fuzzy, c-format
 msgid "no servers found in %s, will retry"
 msgstr "intet søke direktiv funnet i %s"
 
-#: dhcp.c:53
+#: dhcp.c:51
 #, c-format
 msgid "cannot create DHCP socket: %s"
 msgstr "kan ikke lage DHCP socket: %s"
 
-#: dhcp.c:68
+#: dhcp.c:66
 #, c-format
 msgid "failed to set options on DHCP socket: %s"
 msgstr "feilet å sette opsjoner på DHCP socket: %s"
 
-#: dhcp.c:89
+#: dhcp.c:87
 #, fuzzy, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
 msgstr "feilet å sette SO_REUSEADDR på DHCP socket: %s"
 
-#: dhcp.c:101
+#: dhcp.c:99
 #, c-format
 msgid "failed to bind DHCP server socket: %s"
 msgstr "feilet å binde DHCP tjener socket: %s"
 
-#: dhcp.c:127
+#: dhcp.c:125
 #, c-format
 msgid "cannot create ICMP raw socket: %s."
 msgstr "kan ikke lage ICMP raw socket: %s"
 
-#: dhcp.c:252 dhcp6.c:180
+#: dhcp.c:254 dhcp6.c:186
 #, fuzzy, c-format
 msgid "unknown interface %s in bridge-interface"
 msgstr "ukjent tilknytning (interface) %s"
 
-#: dhcp.c:293
+#: dhcp.c:295
 #, c-format
 msgid "DHCP packet received on %s which has no address"
 msgstr ""
 
-#: dhcp.c:428
+#: dhcp.c:429
 #, c-format
 msgid "ARP-cache injection failed: %s"
 msgstr ""
 
-#: dhcp.c:473
+#: dhcp.c:490
 #, c-format
 msgid "Error sending DHCP packet to %s: %s"
 msgstr ""
 
-#: dhcp.c:530
+#: dhcp.c:547
 #, c-format
 msgid "DHCP range %s -- %s is not consistent with netmask %s"
 msgstr "DHCP område %s -- %s er ikke konsistent med nettmaske %s"
 
-#: dhcp.c:918
+#: dhcp.c:930
 #, c-format
 msgid "bad line at %s line %d"
 msgstr "dårlig linje ved %s linje %d"
 
-#: dhcp.c:961
+#: dhcp.c:973
 #, c-format
 msgid "ignoring %s line %d, duplicate name or IP address"
 msgstr ""
 
-#: dhcp.c:1105 rfc3315.c:2182
+#: dhcp.c:1034
+#, c-format
+msgid "read %s - %d addresses"
+msgstr "les %s - %d adresser"
+
+#: dhcp.c:1136
+#, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr ""
+
+#: dhcp.c:1160
+#, c-format
+msgid "broadcast via %s"
+msgstr ""
+
+#: dhcp.c:1163 rfc3315.c:2219
 #, c-format
-msgid "DHCP relay %s -> %s"
+msgid "DHCP relay at %s -> %s"
 msgstr ""
 
 #: lease.c:64
@@ -1978,7 +2118,7 @@ msgstr "ingen adresse omr
 msgid "%u available DHCP subnet: %s/%s"
 msgstr "ingen adresse område tilgjengelig for DHCP krav %s %s"
 
-#: rfc2131.c:409 rfc3315.c:319
+#: rfc2131.c:409 rfc3315.c:320
 #, c-format
 msgid "%u available DHCP range: %s -- %s"
 msgstr ""
@@ -1997,12 +2137,12 @@ msgstr "DBus feil: %s"
 msgid "disabled"
 msgstr "deaktivert"
 
-#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1532 rfc3315.c:632 rfc3315.c:815
-#: rfc3315.c:1121
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
 msgid "ignored"
 msgstr "oversett"
 
-#: rfc2131.c:613 rfc2131.c:1333 rfc3315.c:867
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
 msgid "address in use"
 msgstr "adresse i bruk"
 
@@ -2010,7 +2150,7 @@ msgstr "adresse i bruk"
 msgid "no address available"
 msgstr "ingen adresse tilgjengelig"
 
-#: rfc2131.c:634 rfc2131.c:1295
+#: rfc2131.c:634 rfc2131.c:1302
 msgid "wrong network"
 msgstr "galt nettverk"
 
@@ -2018,11 +2158,11 @@ msgstr "galt nettverk"
 msgid "no address configured"
 msgstr "ingen adresse konfigurert"
 
-#: rfc2131.c:655 rfc2131.c:1346
+#: rfc2131.c:655 rfc2131.c:1353
 msgid "no leases left"
 msgstr "ingen leier igjen"
 
-#: rfc2131.c:756 rfc3315.c:499
+#: rfc2131.c:756 rfc3315.c:500
 #, c-format
 msgid "%u client provides name: %s"
 msgstr ""
@@ -2031,7 +2171,7 @@ msgstr ""
 msgid "PXE BIS not supported"
 msgstr ""
 
-#: rfc2131.c:1054 rfc3315.c:1222
+#: rfc2131.c:1054 rfc3315.c:1223
 #, fuzzy, c-format
 msgid "disabling DHCP static address %s for %s"
 msgstr "deaktiverer DHCP statisk adresse %s"
@@ -2055,108 +2195,108 @@ msgstr ""
 msgid "not using configured address %s because it was previously declined"
 msgstr ""
 
-#: rfc2131.c:1139 rfc2131.c:1339
+#: rfc2131.c:1139 rfc2131.c:1346
 msgid "no unique-id"
 msgstr ""
 
-#: rfc2131.c:1231
+#: rfc2131.c:1238
 msgid "wrong server-ID"
 msgstr ""
 
-#: rfc2131.c:1250
+#: rfc2131.c:1257
 msgid "wrong address"
 msgstr "gal adresse"
 
-#: rfc2131.c:1268 rfc3315.c:975
+#: rfc2131.c:1275 rfc3315.c:976
 msgid "lease not found"
 msgstr "leie ikke funnet"
 
-#: rfc2131.c:1303
+#: rfc2131.c:1310
 msgid "address not available"
 msgstr "adresse ikke tilgjengelig"
 
-#: rfc2131.c:1314
+#: rfc2131.c:1321
 msgid "static lease available"
 msgstr "statisk leie tilgjengelig"
 
-#: rfc2131.c:1318
+#: rfc2131.c:1325
 msgid "address reserved"
 msgstr "adresse reservert"
 
-#: rfc2131.c:1327
+#: rfc2131.c:1334
 #, c-format
 msgid "abandoning lease to %s of %s"
 msgstr ""
 
-#: rfc2131.c:1866
+#: rfc2131.c:1870
 #, c-format
 msgid "%u bootfile name: %s"
 msgstr ""
 
-#: rfc2131.c:1875
+#: rfc2131.c:1879
 #, fuzzy, c-format
 msgid "%u server name: %s"
 msgstr "DBus feil: %s"
 
-#: rfc2131.c:1885
+#: rfc2131.c:1889
 #, fuzzy, c-format
 msgid "%u next server: %s"
 msgstr "DBus feil: %s"
 
-#: rfc2131.c:1889
+#: rfc2131.c:1893
 #, c-format
 msgid "%u broadcast response"
 msgstr ""
 
-#: rfc2131.c:1952
+#: rfc2131.c:1956
 #, fuzzy, c-format
 msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
 msgstr "kan ikke sende DHCP opsjon %d: ikke mer plass i pakken"
 
-#: rfc2131.c:2262
+#: rfc2131.c:2267
 msgid "PXE menu too large"
 msgstr ""
 
-#: rfc2131.c:2425 rfc3315.c:1511
+#: rfc2131.c:2430 rfc3315.c:1517
 #, fuzzy, c-format
 msgid "%u requested options: %s"
 msgstr "kompilerings opsjoner: %s"
 
-#: rfc2131.c:2742
+#: rfc2131.c:2747
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
 msgstr ""
 
-#: rfc2131.c:2805
+#: rfc2131.c:2810
 #, c-format
 msgid "%u reply delay: %d"
 msgstr ""
 
-#: netlink.c:93
+#: netlink.c:86
 #, fuzzy, c-format
 msgid "cannot create netlink socket: %s"
 msgstr "kan ikke binde netlink socket: %s"
 
-#: netlink.c:377
+#: netlink.c:379
 #, fuzzy, c-format
 msgid "netlink returns error: %s"
 msgstr "DBus feil: %s"
 
-#: dbus.c:434
+#: dbus.c:491
 #, c-format
 msgid "Enabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:439
+#: dbus.c:496
 #, c-format
 msgid "Disabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:713
+#: dbus.c:857
 msgid "setting upstream servers from DBus"
 msgstr "setter oppstrøms tjener fra DBus"
 
-#: dbus.c:760
+#: dbus.c:907
 msgid "could not register a DBus message handler"
 msgstr "kunne ikke registrere en DBus meldingshåndterer"
 
@@ -2183,51 +2323,51 @@ msgstr ""
 msgid "lease() function missing in Lua script"
 msgstr ""
 
-#: tftp.c:349
+#: tftp.c:353
 msgid "unable to get free port for TFTP"
 msgstr ""
 
-#: tftp.c:365
+#: tftp.c:369
 #, c-format
 msgid "unsupported request from %s"
 msgstr ""
 
-#: tftp.c:512
+#: tftp.c:520
 #, fuzzy, c-format
-msgid "file %s not found"
-msgstr "leie ikke funnet"
+msgid "file %s not found for %s"
+msgstr "fil %s ikke funnet for %s"
 
-#: tftp.c:602
+#: tftp.c:609
 #, c-format
 msgid "ignoring packet from %s (TID mismatch)"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, fuzzy, c-format
 msgid "failed sending %s to %s"
 msgstr "feilet å lese %s: %s"
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "sent %s to %s"
 msgstr ""
 
-#: tftp.c:696
+#: tftp.c:712
 #, c-format
 msgid "error %d %s received from %s"
 msgstr ""
 
-#: log.c:190
+#: log.c:203
 #, c-format
 msgid "overflow: %d log entries lost"
 msgstr ""
 
-#: log.c:268
+#: log.c:281
 #, c-format
 msgid "log failed: %s"
 msgstr ""
 
-#: log.c:477
+#: log.c:490
 msgid "FAILED to start up"
 msgstr "FEILET å starte opp"
 
@@ -2236,17 +2376,17 @@ msgstr "FEILET 
 msgid "Conntrack connection mark retrieval failed: %s"
 msgstr ""
 
-#: dhcp6.c:52
+#: dhcp6.c:51
 #, fuzzy, c-format
 msgid "cannot create DHCPv6 socket: %s"
 msgstr "kan ikke lage DHCP socket: %s"
 
-#: dhcp6.c:73
+#: dhcp6.c:72
 #, fuzzy, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
 msgstr "feilet å sette SO_REUSEADDR på DHCP socket: %s"
 
-#: dhcp6.c:85
+#: dhcp6.c:84
 #, fuzzy, c-format
 msgid "failed to bind DHCPv6 server socket: %s"
 msgstr "feilet å binde DHCP tjener socket: %s"
@@ -2261,149 +2401,155 @@ msgstr "ingen adresse omr
 msgid "no address range available for DHCPv6 request via %s"
 msgstr "ingen adresse område tilgjengelig for DHCP krav %s %s"
 
-#: rfc3315.c:316
+#: rfc3315.c:317
 #, fuzzy, c-format
 msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr "ingen adresse område tilgjengelig for DHCP krav %s %s"
 
-#: rfc3315.c:399
+#: rfc3315.c:400
 #, fuzzy, c-format
 msgid "%u vendor class: %u"
 msgstr "DBus feil: %s"
 
-#: rfc3315.c:447
+#: rfc3315.c:448
 #, fuzzy, c-format
 msgid "%u client MAC address: %s"
 msgstr "ingen tilknytning (interface) med adresse %s"
 
-#: rfc3315.c:762 rfc3315.c:859
+#: rfc3315.c:763 rfc3315.c:860
 #, fuzzy
 msgid "address unavailable"
 msgstr "adresse ikke tilgjengelig"
 
-#: rfc3315.c:774 rfc3315.c:903 rfc3315.c:1272
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
 msgid "success"
 msgstr ""
 
-#: rfc3315.c:789 rfc3315.c:798 rfc3315.c:911 rfc3315.c:913 rfc3315.c:1047
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
 #, fuzzy
 msgid "no addresses available"
 msgstr "ingen adresse tilgjengelig"
 
-#: rfc3315.c:890
+#: rfc3315.c:891
 msgid "not on link"
 msgstr ""
 
-#: rfc3315.c:979 rfc3315.c:1180 rfc3315.c:1261
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
 msgid "no binding found"
 msgstr ""
 
-#: rfc3315.c:1016
+#: rfc3315.c:1017
 msgid "deprecated"
 msgstr ""
 
-#: rfc3315.c:1023
+#: rfc3315.c:1024
 #, fuzzy
 msgid "address invalid"
 msgstr "adresse i bruk"
 
-#: rfc3315.c:1081 rfc3315.c:1083
+#: rfc3315.c:1082 rfc3315.c:1084
 msgid "confirm failed"
 msgstr ""
 
-#: rfc3315.c:1098
+#: rfc3315.c:1099
 #, fuzzy
 msgid "all addresses still on link"
 msgstr "dårlig adresse ved %s linje %d"
 
-#: rfc3315.c:1189
+#: rfc3315.c:1190
 msgid "release received"
 msgstr ""
 
-#: rfc3315.c:2173
-msgid "Cannot multicast to DHCPv6 server without correct interface"
+#: rfc3315.c:2200
+#, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
 msgstr ""
 
-#: dhcp-common.c:154
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
+msgstr ""
+
+#: dhcp-common.c:187
 #, c-format
 msgid "Ignoring duplicate dhcp-option %d"
 msgstr ""
 
-#: dhcp-common.c:231
+#: dhcp-common.c:264
 #, c-format
 msgid "%u tags: %s"
 msgstr ""
 
-#: dhcp-common.c:451
+#: dhcp-common.c:484
 #, c-format
 msgid "%s has more than one address in hostsfile, using %s for DHCP"
 msgstr ""
 
-#: dhcp-common.c:485
+#: dhcp-common.c:518
 #, c-format
 msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr "dubliserte IP adresser i %s (%s) i dhcp-config direktiv"
 
-#: dhcp-common.c:549
-#, fuzzy, c-format
-msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr "feilet å sette SO_REUSEADDR på DHCP socket: %s"
-
-#: dhcp-common.c:672
+#: dhcp-common.c:738
 #, c-format
 msgid "Known DHCP options:\n"
 msgstr ""
 
-#: dhcp-common.c:683
+#: dhcp-common.c:749
 #, c-format
 msgid "Known DHCPv6 options:\n"
 msgstr ""
 
-#: dhcp-common.c:880
+#: dhcp-common.c:946
 msgid ", prefix deprecated"
 msgstr ""
 
-#: dhcp-common.c:883
+#: dhcp-common.c:949
 #, c-format
 msgid ", lease time "
 msgstr ""
 
-#: dhcp-common.c:925
+#: dhcp-common.c:991
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
 msgstr ""
 
-#: dhcp-common.c:927
+#: dhcp-common.c:993
 #, fuzzy, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
 msgstr "DHCP, statisk leie kun på %.0s%s, leie tid %s"
 
-#: dhcp-common.c:929
+#: dhcp-common.c:995
 #, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
 msgstr ""
 
-#: dhcp-common.c:930
+#: dhcp-common.c:996
 #, fuzzy, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
 msgstr "DHCP, IP område %s -- %s, leie tid %s"
 
-#: dhcp-common.c:943
+#: dhcp-common.c:1009
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
 msgstr ""
 
-#: dhcp-common.c:946
+#: dhcp-common.c:1012
 #, fuzzy, c-format
 msgid "router advertisement on %s%s"
 msgstr "DHCP, statisk leie kun på %.0s%s, leie tid %s"
 
-#: dhcp-common.c:957
+#: dhcp-common.c:1043
+#, c-format
+msgid "DHCP relay from %s via %s"
+msgstr ""
+
+#: dhcp-common.c:1045
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
 msgstr ""
 
-#: dhcp-common.c:959
+#: dhcp-common.c:1048
 #, c-format
 msgid "DHCP relay from %s to %s"
 msgstr ""
@@ -2413,7 +2559,7 @@ msgstr ""
 msgid "cannot create ICMPv6 socket: %s"
 msgstr "kan ikke lage DHCP socket: %s"
 
-#: auth.c:464
+#: auth.c:462
 #, c-format
 msgid "ignoring zone transfer request from %s"
 msgstr ""
@@ -2525,14 +2671,14 @@ msgstr ""
 msgid "system time considered valid, now checking DNSSEC signature timestamps."
 msgstr ""
 
-#: dnssec.c:1014
+#: dnssec.c:1018
 #, c-format
 msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
 msgstr ""
 
 #: blockdata.c:55
 #, c-format
-msgid "pool memory in use %u, max %u, allocated %u"
+msgid "pool memory in use %zu, max %zu, allocated %zu"
 msgstr ""
 
 #: tables.c:61
@@ -2594,39 +2740,59 @@ msgstr ""
 msgid "directory %s for resolv-file is missing, cannot poll"
 msgstr ""
 
-#: inotify.c:131 inotify.c:168
+#: inotify.c:131 inotify.c:200
 #, fuzzy, c-format
 msgid "failed to create inotify for %s: %s"
 msgstr "feilet å lage lytte socket: %s"
 
-#: inotify.c:153
+#: inotify.c:178 inotify.c:185
 #, fuzzy, c-format
 msgid "bad dynamic directory %s: %s"
 msgstr "kan ikke lese %s: %s"
 
-#: inotify.c:257
+#: inotify.c:186
+#, fuzzy
+msgid "not a directory"
+msgstr "kan ikke lese %s: %s"
+
+#: inotify.c:299
 #, c-format
-msgid "inotify, new or changed file %s"
+msgid "inotify: %s removed"
 msgstr ""
 
-#: dump.c:64
+#: inotify.c:301
+#, c-format
+msgid "inotify: %s new or modified"
+msgstr ""
+
+#: inotify.c:309
+#, c-format
+msgid "inotify: flushed %u names read from %s"
+msgstr ""
+
+#: dump.c:68
 #, fuzzy, c-format
 msgid "cannot create %s: %s"
 msgstr "kan ikke lese %s: %s"
 
-#: dump.c:70
+#: dump.c:74
 #, fuzzy, c-format
 msgid "bad header in %s"
 msgstr "adresse i bruk"
 
-#: dump.c:205
+#: dump.c:287
 #, fuzzy
 msgid "failed to write packet dump"
 msgstr "feilet å lytte på socket: %s"
 
-#: dump.c:207
+#: dump.c:289
 #, c-format
-msgid "dumping UDP packet %u mask 0x%04x"
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr ""
+
+#: dump.c:291
+#, c-format
+msgid "dumping packet %u mask 0x%04x"
 msgstr ""
 
 #: ubus.c:79
@@ -2660,6 +2826,15 @@ msgstr ""
 msgid "Failed to create SHA-256 hash object"
 msgstr ""
 
+#: nftset.c:35
+#, fuzzy
+msgid "failed to create nftset context"
+msgstr "feilet å lage lytte socket: %s"
+
+#, fuzzy
+#~ msgid "bad IPv4 prefix"
+#~ msgstr "dårlig port"
+
 #, fuzzy
 #~ msgid "Cannot add object to UBus: %s"
 #~ msgstr "kan ikke åpne %s:%s"
diff --git a/po/pl.po b/po/pl.po
index 29b9165..096ab58 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -21,72 +21,77 @@ msgstr ""
 "X-Generator: Poedit 1.8.7\n"
 "X-Language: pl_PL\n"
 
-#: cache.c:572
+#: cache.c:652
 msgid "Internal error in cache."
 msgstr "Wewnętrzny błąd w pamięci podręcznej."
 
-#: cache.c:1094
+#: cache.c:1179
 #, c-format
 msgid "failed to load names from %s: %s"
 msgstr "nie potrafię wczytać nazw z %s: %s"
 
-#: cache.c:1116 dhcp.c:931
+#: cache.c:1201 dhcp.c:943
 #, c-format
 msgid "bad address at %s line %d"
 msgstr "błędny adres w pliku %s, w linii %d"
 
-#: cache.c:1169 dhcp.c:947
+#: cache.c:1254 dhcp.c:959
 #, c-format
 msgid "bad name at %s line %d"
 msgstr "błędna nazwa w pliku %s, w linii %d"
 
-#: cache.c:1180 dhcp.c:1022
-#, c-format
-msgid "read %s - %d addresses"
+#: cache.c:1265
+#, fuzzy, c-format
+msgid "read %s - %d names"
 msgstr "wczytałem %s - %d adresów"
 
-#: cache.c:1296
+#: cache.c:1381
 msgid "cleared cache"
 msgstr "wyczyszczono pamięć podręczną"
 
-#: cache.c:1358
+#: cache.c:1445
 #, c-format
 msgid "No IPv4 address found for %s"
 msgstr "Nie znalazłem adresu IPv4 komputera %s"
 
-#: cache.c:1404
+#: cache.c:1491
 #, c-format
 msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
 msgstr "%s to nazwa CNAME, nie przypisuję jej dzierżawie DHCP %s"
 
-#: cache.c:1428
+#: cache.c:1515
 #, c-format
 msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
 msgstr "nazwa %s nie została nadana dzierżawie DHCP %s, ponieważ nazwa istnieje w %s i ma już adres %s"
 
-#: cache.c:1674
+#: cache.c:1760
 #, c-format
 msgid "time %lu"
 msgstr "czas %lu"
 
-#: cache.c:1675
+#: cache.c:1761
 #, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
 msgstr "wielkość pamięci podręcznej: %d; %d z %d miejsc aktualnych wpisów użyto ponownie."
 
-#: cache.c:1677
+#: cache.c:1763
 #, c-format
 msgid "queries forwarded %u, queries answered locally %u"
 msgstr "%u zapytań przesłanych dalej, %u odpowiedzi udzielonych samodzielnie"
 
-#: cache.c:1680
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
 #, c-format
 msgid "queries for authoritative zones %u"
 msgstr "zapytań do stref autorytatywnych %u"
 
-#: cache.c:1702
-#, c-format
-msgid "server %s#%d: queries sent %u, retried or failed %u"
+#: cache.c:1796
+#, fuzzy, c-format
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
 msgstr "serwer %s#%d: %u zapytań wysłanych, %u ponowionych lub nieudanych"
 
 #: util.c:51
@@ -94,739 +99,790 @@ msgstr "serwer %s#%d: %u zapytań wysłanych, %u ponowionych lub nieudanych"
 msgid "failed to seed the random number generator: %s"
 msgstr "brak możliwości użycia generatora liczb losowych: %s"
 
-#: util.c:228
+#: util.c:246
 msgid "failed to allocate memory"
 msgstr "nie udało się przydzielić pamięci"
 
-#: util.c:285 option.c:665
+#: util.c:305 option.c:696
 msgid "could not get memory"
 msgstr "nie można dostać pamięci"
 
-#: util.c:306
+#: util.c:326
 #, c-format
 msgid "cannot create pipe: %s"
 msgstr "błąd podczas próby utworzenia potoku: %s"
 
-#: util.c:314
+#: util.c:334
 #, c-format
 msgid "failed to allocate %d bytes"
 msgstr "niemożliwość przydzielenia %d bajtów pamięci"
 
-#: util.c:520
+#: util.c:344
+#, fuzzy, c-format
+msgid "failed to reallocate %d bytes"
+msgstr "niemożliwość przydzielenia %d bajtów pamięci"
+
+#: util.c:465
+#, fuzzy, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr "nie potrafię utworzyć połączenia netlink %s"
+
+#: util.c:579
 #, c-format
 msgid "infinite"
 msgstr "nieskończona"
 
-#: util.c:808
+#: util.c:867
 #, c-format
 msgid "failed to find kernel version: %s"
 msgstr "niezgodna wersja jądra: %s"
 
-#: option.c:372
+#: option.c:393
 msgid "Specify local address(es) to listen on."
 msgstr "Wskazanie adresów, na których należy nasłuchiwać."
 
-#: option.c:373
+#: option.c:394
 msgid "Return ipaddr for all hosts in specified domains."
 msgstr "Zwracanie adresu IP dla wszystkich hostów we wskazanych domenach."
 
-#: option.c:374
+#: option.c:395
 msgid "Fake reverse lookups for RFC1918 private address ranges."
 msgstr "Wyłączenie przekazywania zapytań odwrotnych dla prywatnych zakresów IP."
 
-#: option.c:375
+#: option.c:396
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
 msgstr "Traktowanie adresu IP jako NXDOMAIN (unieważnia ,,Verisign wildcard'')."
 
-#: option.c:376
+#: option.c:397
 #, c-format
 msgid "Specify the size of the cache in entries (defaults to %s)."
 msgstr "Wskazanie wielkości pamięci podręcznej (domyślnie: %s miejsc)."
 
-#: option.c:377
+#: option.c:398
 #, c-format
 msgid "Specify configuration file (defaults to %s)."
 msgstr "Wskazanie pliku konfiguracyjnego (domyślnie: %s)."
 
-#: option.c:378
+#: option.c:399
 msgid "Do NOT fork into the background: run in debug mode."
 msgstr "NIE twórz procesu potomnego w tle: działanie w trybie debugowania."
 
-#: option.c:379
+#: option.c:400
 msgid "Do NOT forward queries with no domain part."
 msgstr "Wyłączenie przekazywania zapytań bez podanej części domenowej."
 
-#: option.c:380
+#: option.c:401
 msgid "Return self-pointing MX records for local hosts."
 msgstr "Zwracanie samowskazującego rekordu MX dla lokalnych hostów."
 
-#: option.c:381
+#: option.c:402
 msgid "Expand simple names in /etc/hosts with domain-suffix."
 msgstr "Rozwijanie prostych nazw z /etc/hosts przyrostkiem domenowym."
 
-#: option.c:382
+#: option.c:403
 msgid "Don't forward spurious DNS requests from Windows hosts."
 msgstr "Wyłączenie przekazywania pozornych zapytań DNS z komputerów działających pod Windows."
 
-#: option.c:383
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr ""
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr ""
+
+#: option.c:406
 msgid "Enable DHCP in the range given with lease duration."
 msgstr "Włączenie serwera DHCP dla wskazanego zakresu adresów."
 
-#: option.c:384
+#: option.c:407
 #, c-format
 msgid "Change to this group after startup (defaults to %s)."
 msgstr "Po uruchomieniu zmiana grupy procesu na podaną (domyślnie: %s)."
 
-#: option.c:385
+#: option.c:408
 msgid "Set address or hostname for a specified machine."
 msgstr "Ustawienie adresu lub nazwy dla wskazanego komputera."
 
-#: option.c:386
+#: option.c:409
 msgid "Read DHCP host specs from file."
 msgstr "Wskazanie pliku z wartościami 'dhcp-host='."
 
-#: option.c:387
+#: option.c:410
 msgid "Read DHCP option specs from file."
 msgstr "Wskazanie pliku z wartościami 'dhcp-option='."
 
-#: option.c:388
+#: option.c:411
 msgid "Read DHCP host specs from a directory."
 msgstr "Odczyt specyfikacji hostów dla DHCP z katalogu."
 
-#: option.c:389
+#: option.c:412
 msgid "Read DHCP options from a directory."
 msgstr "Odczyt opcji DHCP z katalogu."
 
-#: option.c:390
+#: option.c:413
 msgid "Evaluate conditional tag expression."
 msgstr "Warunkowe ustawianie znaczników."
 
-#: option.c:391
+#: option.c:414
 #, c-format
 msgid "Do NOT load %s file."
 msgstr "NIE wczytywanie pliku %s."
 
-#: option.c:392
+#: option.c:415
 #, c-format
 msgid "Specify a hosts file to be read in addition to %s."
 msgstr "Wskazanie dodatkowego pliku 'hosts' oprócz %s."
 
-#: option.c:393
+#: option.c:416
 msgid "Read hosts files from a directory."
 msgstr "Odczyt pliku hostów z katalogu."
 
-#: option.c:394
+#: option.c:417
 msgid "Specify interface(s) to listen on."
 msgstr "Interfejsy, na których nasłuchiwać."
 
-#: option.c:395
+#: option.c:418
 msgid "Specify interface(s) NOT to listen on."
 msgstr "Interfejsy, na których NIE nasłuchiwać."
 
-#: option.c:396
+#: option.c:419
 msgid "Map DHCP user class to tag."
 msgstr "Przyporządkowanie znacznika w zależności od klasy użytkownika DHCP."
 
-#: option.c:397
+#: option.c:420
 msgid "Map RFC3046 circuit-id to tag."
 msgstr "Przyporządkowanie znacznika w zależności od numeru obwodu (w rozumieniu RFC3046)."
 
-#: option.c:398
+#: option.c:421
 msgid "Map RFC3046 remote-id to tag."
 msgstr "Przyporządkowanie znacznika w zależności od numeru agenta (w rozumieniu RFC3046)."
 
-#: option.c:399
+#: option.c:422
 msgid "Map RFC3993 subscriber-id to tag."
 msgstr "Przyporządkowanie znacznika w zależności od numeru subskrybenta (w rozumieniu RFC3993)."
 
-#: option.c:400
+#: option.c:423
 msgid "Specify vendor class to match for PXE requests."
 msgstr ""
 
-#: option.c:401
+#: option.c:424
 msgid "Don't do DHCP for hosts with tag set."
 msgstr "Wyłączenie DHCP dla hostów z określonym znacznikiem."
 
-#: option.c:402
+#: option.c:425
 msgid "Force broadcast replies for hosts with tag set."
 msgstr "Wymuszenie odpowiedzi w trybie rozgłoszeniowym dla hostów z określonym znacznikiem."
 
-#: option.c:403
+#: option.c:426
 msgid "Do NOT fork into the background, do NOT run in debug mode."
 msgstr "NIE twórz procesu potomnego w tle i NIE włączaj trybu debugowania."
 
-#: option.c:404
+#: option.c:427
 msgid "Assume we are the only DHCP server on the local network."
 msgstr "Zakładanie, że jesteśmy jedynym serwerem DHCP w sieci lokalnej."
 
-#: option.c:405
+#: option.c:428
 #, c-format
 msgid "Specify where to store DHCP leases (defaults to %s)."
 msgstr "Ścieżka przechowywania pliku dzierżaw DHCP (domyślnie: %s)."
 
-#: option.c:406
+#: option.c:429
 msgid "Return MX records for local hosts."
 msgstr "Włączenie zwracania rekordu MX dla hostów lokalnych."
 
-#: option.c:407
+#: option.c:430
 msgid "Specify an MX record."
 msgstr "Specyfikacja rekordu MX."
 
-#: option.c:408
+#: option.c:431
 msgid "Specify BOOTP options to DHCP server."
 msgstr "Określenie opcji BOOTP serwera DHCP."
 
-#: option.c:409
+#: option.c:432
 #, c-format
 msgid "Do NOT poll %s file, reload only on SIGHUP."
 msgstr "Wyłączenie obserwowania pliku %s; ponowne odczytywanie tylko po odebraniu sygnału SIGHUP."
 
-#: option.c:410
+#: option.c:433
 msgid "Do NOT cache failed search results."
 msgstr "Wyłączenie przechowywania w pamięci podręcznej wyników nieudanych wyszukiwań."
 
-#: option.c:411
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
+#: option.c:435
 #, c-format
 msgid "Use nameservers strictly in the order given in %s."
 msgstr "Odpytywanie serwerów nazw w kolejności ich wystąpienia w %s."
 
-#: option.c:412
+#: option.c:436
 msgid "Specify options to be sent to DHCP clients."
 msgstr "Specyfikacja opcji wysyłanej do klientów DHCP."
 
-#: option.c:413
+#: option.c:437
 msgid "DHCP option sent even if the client does not request it."
 msgstr "Opcja DHCP wysyłana nawet jeżeli klient o nią nie prosi."
 
-#: option.c:414
+#: option.c:438
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
 msgstr "Wskazanie portu do nasłuchiwania zapytań DNS (domyślnie: 53)."
 
-#: option.c:415
+#: option.c:439
 #, c-format
 msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
 msgstr "Maksymalna obsługiwana wielkość pakietu EDNS.0 (domyślnie: %s)."
 
-#: option.c:416
+#: option.c:440
 msgid "Log DNS queries."
 msgstr "Włączenie spisywania zapytań DNS do logu."
 
-#: option.c:417
+#: option.c:441
 msgid "Force the originating port for upstream DNS queries."
 msgstr "Wymuszenie użycia wskazanego portu UDP do odpytywania nadrzędnych serwerów DNS i odbierania od nich odpowiedzi."
 
-#: option.c:418
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
+#: option.c:443
 msgid "Do NOT read resolv.conf."
 msgstr "Wyłączenie czytania pliku resolv.conf."
 
-#: option.c:419
+#: option.c:444
 #, c-format
 msgid "Specify path to resolv.conf (defaults to %s)."
 msgstr "Wskazanie położenia pliku resolv.conf (domyślnie: %s)."
 
-#: option.c:420
+#: option.c:445
 msgid "Specify path to file with server= options"
 msgstr "Wskazanie położenia pliku z opcjami server="
 
-#: option.c:421
+#: option.c:446
 msgid "Specify address(es) of upstream servers with optional domains."
 msgstr "Wskazywanie adresów serwerów nazw, opcjonalnie z przypisaniem do domeny."
 
-#: option.c:422
+#: option.c:447
 msgid "Specify address of upstream servers for reverse address queries"
 msgstr "Wskazanie serwerów nazw do odwrotnej translacji adresów."
 
-#: option.c:423
+#: option.c:448
 msgid "Never forward queries to specified domains."
 msgstr "Wyłączenie przekazywania zapytań do wskazanych domen."
 
-#: option.c:424
+#: option.c:449
 msgid "Specify the domain to be assigned in DHCP leases."
 msgstr "Wskazanie domeny dla serwera DHCP."
 
-#: option.c:425
+#: option.c:450
 msgid "Specify default target in an MX record."
 msgstr "Określenie domyślnego celu w rekordzie MX."
 
-#: option.c:426
+#: option.c:451
 msgid "Specify time-to-live in seconds for replies from /etc/hosts."
 msgstr "Określenie (w sekundach) czasu ważności odpowiedzi udzielonych na podstawie /etc/hosts (domyślnie 0)."
 
-#: option.c:427
+#: option.c:452
 msgid "Specify time-to-live in seconds for negative caching."
 msgstr "Określenie (w sekundach) czasu ważności negatywnych odpowiedzi."
 
-#: option.c:428
+#: option.c:453
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
 msgstr "Ograniczenie maksymalnego czasu ważności odpowiedzi (TTL) podawanego klientom [w sekundach]."
 
-#: option.c:429
+#: option.c:454
 msgid "Specify time-to-live ceiling for cache."
 msgstr "Określenie górnej granicy czasu ważności dla wpisów w pamięci podręcznej."
 
-#: option.c:430
+#: option.c:455
 msgid "Specify time-to-live floor for cache."
 msgstr "Określenie dolnej granicy czasu ważności dla wpisów w pamięci podręcznej."
 
-#: option.c:431
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
+#: option.c:457
 #, c-format
 msgid "Change to this user after startup. (defaults to %s)."
 msgstr "Zmiana użytkownika procesu na wskazanego (po uruchomieniu, domyślnie: %s)."
 
-#: option.c:432
+#: option.c:458
 msgid "Map DHCP vendor class to tag."
 msgstr "Przyporządkowanie znacznika w zależności od typu klienta DHCP."
 
-#: option.c:433
+#: option.c:459
 msgid "Display dnsmasq version and copyright information."
 msgstr "Wydrukowanie informacji o programie i ochronie praw autorskich."
 
-#: option.c:434
+#: option.c:460
 msgid "Translate IPv4 addresses from upstream servers."
 msgstr "Tłumaczenie adresów IPv4 z serwerów nadrzędnych."
 
-#: option.c:435
+#: option.c:461
 msgid "Specify a SRV record."
 msgstr "Określenie rekordu SRV."
 
-#: option.c:436
+#: option.c:462
 msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
 msgstr "Wyświetla ten komunikat. Chcąc przejrzeć listę dostępnych opcji DHCP użyj '--help dhcp' lub '--help dhcp6' ."
 
-#: option.c:437
+#: option.c:463
 #, c-format
 msgid "Specify path of PID file (defaults to %s)."
 msgstr "Określenie ścieżki do pliku PID (domyślnie: %s)."
 
-#: option.c:438
+#: option.c:464
 #, c-format
 msgid "Specify maximum number of DHCP leases (defaults to %s)."
 msgstr "Maksymalna liczba dzierżaw DHCP (domyślnie: %s)."
 
-#: option.c:439
+#: option.c:465
 msgid "Answer DNS queries based on the interface a query was sent to."
 msgstr "Uzależnienie odpowiedzi DNS od interfejsu, na którym odebrano zapytanie (wygodne dla serwerów kilku podsieci z różnymi adresami w /etc/hosts)."
 
-#: option.c:440
+#: option.c:466
 msgid "Specify TXT DNS record."
 msgstr "Specyfikacja rekordu DNS TXT."
 
-#: option.c:441
+#: option.c:467
 msgid "Specify PTR DNS record."
 msgstr "Specyfikacja rekordu DNS PTR."
 
-#: option.c:442
+#: option.c:468
 msgid "Give DNS name to IPv4 address of interface."
 msgstr "Zwraca nazwę domenową powiązaną z adresem interfejsu sieciowego."
 
-#: option.c:443
+#: option.c:469
 msgid "Bind only to interfaces in use."
 msgstr "Nasłuchiwanie tylko na wykorzystywanych interfejsach (umożliwia uruchomienie osobnych serwerów dla różnych kart)."
 
-#: option.c:444
+#: option.c:470
 #, c-format
 msgid "Read DHCP static host information from %s."
 msgstr "Wczytanie przyporządkowań adresów z %s."
 
-#: option.c:445
+#: option.c:471
 msgid "Enable the DBus interface for setting upstream servers, etc."
 msgstr "Włączenie używania interfejsu DBus do informowania o zmianach konfiguracji."
 
-#: option.c:446
+#: option.c:472
 msgid "Enable the UBus interface."
 msgstr ""
 
-#: option.c:447
+#: option.c:473
 msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr "Uruchomienie na wskazanym interfejsie tylko DNS-a, bez usług DHCP i TFTP."
 
-#: option.c:448
+#: option.c:474
 msgid "Enable dynamic address allocation for bootp."
 msgstr "Włączenie dynamicznego przydzielania adresów dla klientów BOOTP."
 
-#: option.c:449
+#: option.c:475
 msgid "Map MAC address (with wildcards) to option set."
 msgstr "Przyporządkowanie znacznika w zależności od adresu MAC (można używać uogólnień: *)."
 
-#: option.c:450
+#: option.c:476
 msgid "Treat DHCP requests on aliases as arriving from interface."
 msgstr "Traktowanie żądań DHCP odebranych na interfejsach alias, ..., jako odebranych na iface."
 
-#: option.c:451
+#: option.c:477
 msgid "Specify extra networks sharing a broadcast domain for DHCP"
 msgstr ""
 
-#: option.c:452
+#: option.c:478
 msgid "Disable ICMP echo address checking in the DHCP server."
 msgstr "Pominięcie sprawdzania za pomocą ICMP niezajętości adresu przed jego wydzierżawieniem."
 
-#: option.c:453
+#: option.c:479
 msgid "Shell script to run on DHCP lease creation and destruction."
 msgstr "Skrypt powłoki uruchamiany po przyznaniu lub zwolnieniu adresu."
 
-#: option.c:454
+#: option.c:480
 msgid "Lua script to run on DHCP lease creation and destruction."
 msgstr "Skrypt Lua uruchamiany po przyznaniu lub zwolnieniu adresu."
 
-#: option.c:455
+#: option.c:481
 msgid "Run lease-change scripts as this user."
 msgstr "Wskazanie użytkownika z którego uprawnieniami będą uruchamiane skrypty."
 
-#: option.c:456
+#: option.c:482
 msgid "Call dhcp-script with changes to local ARP table."
 msgstr "Wywoływanie dhcp-script w reakcji na zmiany w tablicy ARP."
 
-#: option.c:457
+#: option.c:483
 msgid "Read configuration from all the files in this directory."
 msgstr "Wczytanie wszystkich plików ze wskazanego katalogu jako konfiguracyjnych."
 
-#: option.c:458
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr ""
+
+#: option.c:485
 msgid "Log to this syslog facility or file. (defaults to DAEMON)"
 msgstr "Wskazanie kanału syslog-a do którego mają trafiać komunikaty (domyślnie: DAEMON)"
 
-#: option.c:459
+#: option.c:486
 msgid "Do not use leasefile."
 msgstr "Nieużywanie bazy dzierżaw."
 
-#: option.c:460
+#: option.c:487
 #, c-format
 msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
 msgstr "Maksymalna liczba jednocześnie obsługiwanych zapytań DNS (domyślnie: %s)"
 
-#: option.c:461
+#: option.c:488
 #, c-format
 msgid "Clear DNS cache when reloading %s."
 msgstr "Czyszczenie pamięci podręcznej serwera nazw w przypadku ponownego odczytu %s."
 
-#: option.c:462
+#: option.c:489
 msgid "Ignore hostnames provided by DHCP clients."
 msgstr "Nie zwracanie uwagi na nazwę podawaną przez klienta w przypadku dopasowania wszystkich wymienionych znaczników."
 
-#: option.c:463
+#: option.c:490
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
 msgstr "Wyłączenie oszczędzania miejsca w pakiecie DHCP przez przesuwanie pól servername i filename do opcji DHCP. Wymusza prostszy tryb budowy pakietu rozwiązując problemy z nieprzystosowanymi klientami DHCP."
 
-#: option.c:464
+#: option.c:491
 msgid "Enable integrated read-only TFTP server."
 msgstr "Włączenie wbudowanego serwera TFTP (tylko do wysyłania)."
 
-#: option.c:465
+#: option.c:492
 msgid "Export files by TFTP only from the specified subtree."
 msgstr "Ograniczenie działania serwera TFTP do wskazanego katalogu i podkatalogów. Nazwy z .. są odrzucane, / odnosi się do wskazanego katalogu."
 
-#: option.c:466
+#: option.c:493
 #, fuzzy
 msgid "Add client IP or hardware address to tftp-root."
 msgstr "Doklejanie adresu IP klienta do głównego katalogu TFTP. Jeżeli wynikowy katalog nie istnieje, nadal wykorzystuje się tftp-root."
 
-#: option.c:467
+#: option.c:494
 msgid "Allow access only to files owned by the user running dnsmasq."
 msgstr "Ograniczenie dostępu do plików przez TFTP do tych, których właścicielem jest użytkownik uruchamiający dnsmasq-a."
 
-#: option.c:468
+#: option.c:495
 msgid "Do not terminate the service if TFTP directories are inaccessible."
 msgstr "Nieprzerywanie działania serwisu mimo braku dostępu do katalogów TFTP."
 
-#: option.c:469
+#: option.c:496
 #, fuzzy, c-format
 msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
 msgstr "Maksymalna liczba jednocześnie obsługiwanych połączeń TFTP (domyślnie %s)."
 
-#: option.c:470
+#: option.c:497
 msgid "Maximum MTU to use for TFTP transfers."
 msgstr "Ograniczenie MTU w komunikacji TFTP."
 
-#: option.c:471
+#: option.c:498
 msgid "Disable the TFTP blocksize extension."
 msgstr "Wyłączenie możliwości negocjowania wielkości bloku dla przesyłów przez TFTP."
 
-#: option.c:472
+#: option.c:499
 msgid "Convert TFTP filenames to lowercase"
 msgstr "Konwertowanie nazw plików żądanych przez TFTP do małych liter"
 
-#: option.c:473
+#: option.c:500
 msgid "Ephemeral port range for use by TFTP transfers."
 msgstr "Wskazanie zakresu portów do użytku TFTP."
 
-#: option.c:474
+#: option.c:501
 msgid "Use only one port for TFTP server."
 msgstr ""
 
-#: option.c:475
+#: option.c:502
 msgid "Extra logging for DHCP."
 msgstr "Włączenie spisywania w logu operacji DHCP."
 
-#: option.c:476
+#: option.c:503
 msgid "Enable async. logging; optionally set queue length."
 msgstr "Włączenie asynchronicznego zapisywania do logu z ewentualnym wskazaniem długości kolejki."
 
-#: option.c:477
+#: option.c:504
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
 msgstr "Odfiltrowywanie adresów wskazujących na komputery w sieciach wewnętrznych spośród odpowiedzi od zewnętrznych serwerów DNS."
 
-#: option.c:478
+#: option.c:505
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
 msgstr "Zezwolenie na przekazywanie odpowiedzi w klasie 127.0.0.0/8. Dla serwerów RBL."
 
-#: option.c:479
+#: option.c:506
 msgid "Inhibit DNS-rebind protection on this domain."
 msgstr "Dezaktywacja zabezpieczenia przed atakami DNS-rebind dla wskazanych domen."
 
-#: option.c:480
+#: option.c:507
 msgid "Always perform DNS queries to all servers."
 msgstr "Jednoczesne odpytywanie wszystkich serwerów nadrzędnych; klientowi przekazywana jest pierwsza odpowiedź."
 
-#: option.c:481
+#: option.c:508
 msgid "Set tag if client includes matching option in request."
 msgstr "Ustawienie znacznika jeżeli w żądaniu DHCP pojawi się wskazana opcja, ewentualnie o konkretnej wartości."
 
-#: option.c:482
+#: option.c:509
 #, fuzzy
 msgid "Set tag if client provides given name."
 msgstr "Ustawienie znacznika jeżeli w żądaniu DHCP pojawi się wskazana opcja, ewentualnie o konkretnej wartości."
 
-#: option.c:483
+#: option.c:510
 msgid "Use alternative ports for DHCP."
 msgstr "Użycie alternatywnych portów dla usługi DHCP."
 
-#: option.c:484
+#: option.c:511
 msgid "Specify NAPTR DNS record."
 msgstr "Specyfikacja rekordu DNS NAPTR."
 
-#: option.c:485
+#: option.c:512
 msgid "Specify lowest port available for DNS query transmission."
 msgstr "Ustawienie dolnej granicy numerów portów do przesyłania zapytań DNS."
 
-#: option.c:486
+#: option.c:513
 msgid "Specify highest port available for DNS query transmission."
 msgstr "Ograniczenie najwyższego numeru portu dla transmisji zapytań DNS."
 
-#: option.c:487
+#: option.c:514
 msgid "Use only fully qualified domain names for DHCP clients."
 msgstr "Przechowywanie w serwerze DNS dnsmasq-a tylko w pełni kwalifikowanych nazw zgłaszanych przez klientów DHCP."
 
-#: option.c:488
+#: option.c:515
 msgid "Generate hostnames based on MAC address for nameless clients."
 msgstr "Generowanie nazw na podstawie MAC-adresów dla klientów bez nazwy."
 
-#: option.c:489
+#: option.c:516
 msgid "Use these DHCP relays as full proxies."
 msgstr "Traktowanie wskazanych serwerów pośredniczących DHCP jako działających w trybie \"pełnomocnika\" (full-proxy)."
 
-#: option.c:490
+#: option.c:517
 msgid "Relay DHCP requests to a remote server"
 msgstr "Przekazywanie żądań DHCP do zdalnego serwera"
 
-#: option.c:491
+#: option.c:518
 msgid "Specify alias name for LOCAL DNS name."
 msgstr "Wskazanie synonimu nazwy komputera lokalnego - znanego z /etc/hosts albo z DHCP."
 
-#: option.c:492
+#: option.c:519
 msgid "Prompt to send to PXE clients."
 msgstr "Zgłoszenie wysyłane klientom PXE."
 
-#: option.c:493
+#: option.c:520
 msgid "Boot service for PXE menu."
 msgstr "Składnik menu PXE (--> man)."
 
-#: option.c:494
+#: option.c:521
 msgid "Check configuration syntax."
 msgstr "Sprawdzenie składni."
 
-#: option.c:495
+#: option.c:522
 msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr "Przekazywanie MAC-adresu komputera pytającego w ruchu wychodzącym DNS."
 
-#: option.c:496
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr ""
+
+#: option.c:524
 msgid "Add specified IP subnet to forwarded DNS queries."
 msgstr "Zamieszczanie wskazanego adresu podsieci w przekazywanych zapytaniach DNS."
 
-#: option.c:497
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr ""
+
+#: option.c:526
 msgid "Add client identification to forwarded DNS queries."
 msgstr "Zamieszczanie identyfikacji pytającego w przekazywanych zapytaniach DNS."
 
-#: option.c:498
+#: option.c:527
 msgid "Proxy DNSSEC validation results from upstream nameservers."
 msgstr "Przekazywanie wyników weryfikacji DNSSEC z serwerów nadrzędnych."
 
-#: option.c:499
+#: option.c:528
 msgid "Attempt to allocate sequential IP addresses to DHCP clients."
 msgstr "Zmiana sposobu przydzielania adresów IP na sekwencyjny."
 
-#: option.c:500
+#: option.c:529
 #, fuzzy
 msgid "Ignore client identifier option sent by DHCP clients."
 msgstr "Nie zwracanie uwagi na nazwę podawaną przez klienta w przypadku dopasowania wszystkich wymienionych znaczników."
 
-#: option.c:501
+#: option.c:530
 msgid "Copy connection-track mark from queries to upstream connections."
 msgstr "Zachowanie znacznika połączenia z odebranego zapytania DNS w ruchu zewnętrznym."
 
-#: option.c:502
+#: option.c:531
 msgid "Allow DHCP clients to do their own DDNS updates."
 msgstr "Zezwolenie klientom DHCP na uaktualnianie DDNS-ów."
 
-#: option.c:503
+#: option.c:532
 msgid "Send router-advertisements for interfaces doing DHCPv6"
 msgstr "Załączenie anonsowania (RA) na interfejsach serwujących DHCPv6"
 
-#: option.c:504
+#: option.c:533
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
 msgstr "Określenie DHCPv6 DUID"
 
-#: option.c:505
+#: option.c:534
 msgid "Specify host (A/AAAA and PTR) records"
 msgstr "Określenie rekordów A/AAAA i PTR"
 
-#: option.c:506
+#: option.c:535
 msgid "Specify host record in interface subnet"
 msgstr ""
 
-#: option.c:507
+#: option.c:536
 msgid "Specify certification authority authorization record"
 msgstr ""
 
-#: option.c:508
+#: option.c:537
 msgid "Specify arbitrary DNS resource record"
 msgstr "Określenie rekordu TXT"
 
-#: option.c:509
+#: option.c:538
 msgid "Bind to interfaces in use - check for new interfaces"
 msgstr "Dynamiczne podpinanie do interfejsów sieciowych"
 
-#: option.c:510
+#: option.c:539
 msgid "Export local names to global DNS"
 msgstr "Eksportowanie lokalnych nazw hostów do globalnego DNS-a"
 
-#: option.c:511
+#: option.c:540
 msgid "Domain to export to global DNS"
 msgstr "Domena pod którą będą eksportowane lokalne nazwy"
 
-#: option.c:512
+#: option.c:541
 msgid "Set TTL for authoritative replies"
 msgstr "Określenie TTL dla odpowiedzi autorytatywnych"
 
-#: option.c:513
+#: option.c:542
 #, fuzzy
 msgid "Set authoritative zone information"
 msgstr "Określenie danych strefy autorytatywnej (SOA)"
 
-#: option.c:514
+#: option.c:543
 msgid "Secondary authoritative nameservers for forward domains"
 msgstr "Pomocnicze serwery autorytatywne dla forwardowanych domen"
 
-#: option.c:515
+#: option.c:544
 msgid "Peers which are allowed to do zone transfer"
 msgstr "Wskazanie serwerów uprawnionych do transferu stref"
 
-#: option.c:516
+#: option.c:545
 msgid "Specify ipsets to which matching domains should be added"
 msgstr "Wyszczególnienie ipset-ów, do których będą dopisywane adresy IP leżące we wskazanych domenach"
 
-#: option.c:517
+#: option.c:546
+#, fuzzy
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr "Wyszczególnienie ipset-ów, do których będą dopisywane adresy IP leżące we wskazanych domenach"
+
+#: option.c:547
 msgid "Enable filtering of DNS queries with connection-track marks."
 msgstr ""
 
-#: option.c:518
+#: option.c:548
 msgid "Set allowed DNS patterns for a connection-track mark."
 msgstr ""
 
-#: option.c:519
+#: option.c:549
 msgid "Specify a domain and address range for synthesised names"
 msgstr "Wskazanie domeny i zakresu adresów dla generowanych nazw"
 
-#: option.c:520
+#: option.c:550
 msgid "Activate DNSSEC validation"
 msgstr "Uaktywnienie walidacji DNSSEC"
 
-#: option.c:521
+#: option.c:551
 msgid "Specify trust anchor key digest."
 msgstr "Wskazanie punktu zaufania dla uwierzytelniania DNSSEC."
 
-#: option.c:522
+#: option.c:552
 msgid "Disable upstream checking for DNSSEC debugging."
 msgstr "Akceptowanie nieuwiarygodnionych odpowiedzi DNSSEC (ustawienie bitu CD w zapytaniach)."
 
-#: option.c:523
+#: option.c:553
 msgid "Ensure answers without DNSSEC are in unsigned zones."
 msgstr "Upewnianie się, że odpowiedzi bez DNSSEC pochodzą ze stref niepodpisanych."
 
-#: option.c:524
+#: option.c:554
 msgid "Don't check DNSSEC signature timestamps until first cache-reload"
 msgstr "Wyłączenie sprawdzania sygnatur czasowych DNSSEC do pierwszego przeładowania pamięci podręcznej."
 
-#: option.c:525
+#: option.c:555
 msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr "Plik znacznika czasu do weryfikacji zegara systemowego dla potrzeb DNSSEC."
 
-#: option.c:526
+#: option.c:556
 #, fuzzy
 msgid "Set MTU, priority, resend-interval and router-lifetime"
 msgstr "Ustawianie priorytetu, okresu rozsyłania oraz czasu życia rutera (RA)."
 
-#: option.c:527
+#: option.c:557
 msgid "Do not log routine DHCP."
 msgstr "Wyłączenie logowania zwyczajnego DHCP."
 
-#: option.c:528
+#: option.c:558
 msgid "Do not log routine DHCPv6."
 msgstr "Wyłączenie logowania zwyczajnego DHCPv6."
 
-#: option.c:529
+#: option.c:559
 msgid "Do not log RA."
 msgstr "Wyłączenie logowania RA."
 
-#: option.c:530
+#: option.c:560
 msgid "Log debugging information."
 msgstr ""
 
-#: option.c:531
+#: option.c:561
 msgid "Accept queries only from directly-connected networks."
 msgstr "Akceptowanie zapytań wyłącznie z sieci podpiętych bezpośrednio."
 
-#: option.c:532
+#: option.c:562
 msgid "Detect and remove DNS forwarding loops."
 msgstr "Wykrywanie i usuwanie pętli zapytań DNS."
 
-#: option.c:533
+#: option.c:563
 msgid "Ignore DNS responses containing ipaddr."
 msgstr "Ignorowanie odpowiedzi DNS zawierających ipaddr."
 
-#: option.c:534
+#: option.c:564
 msgid "Set TTL in DNS responses with DHCP-derived addresses."
 msgstr "Ustawienie TTL w odpowiedziach DNS dla adresów przydzielonych przez DHCP."
 
-#: option.c:535
+#: option.c:565
 msgid "Delay DHCP replies for at least number of seconds."
 msgstr ""
 
-#: option.c:536
+#: option.c:566
 msgid "Enables DHCPv4 Rapid Commit option."
 msgstr ""
 
-#: option.c:537
+#: option.c:567
 msgid "Path to debug packet dump file"
 msgstr ""
 
-#: option.c:538
+#: option.c:568
 msgid "Mask which packets to dump"
 msgstr ""
 
-#: option.c:539
+#: option.c:569
 #, fuzzy
 msgid "Call dhcp-script when lease expiry changes."
 msgstr "Wywoływanie dhcp-script w reakcji na zmiany w tablicy ARP."
 
-#: option.c:540
+#: option.c:570
 msgid "Send Cisco Umbrella identifiers including remote IP."
 msgstr ""
 
-#: option.c:541
+#: option.c:571
 #, fuzzy
 msgid "Do not log routine TFTP."
 msgstr "Wyłączenie logowania zwyczajnego DHCP."
 
-#: option.c:771
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
+#: option.c:802
 #, c-format
 msgid ""
 "Usage: dnsmasq [options]\n"
@@ -835,378 +891,425 @@ msgstr ""
 "Użycie: dnsmasq [opcje]\n"
 "\n"
 
-#: option.c:773
+#: option.c:804
 #, c-format
 msgid "Use short options only on the command line.\n"
 msgstr "W tym systemie w linii poleceń można używać wyłącznie jednoliterowych opcji.\n"
 
-#: option.c:775
+#: option.c:806
 #, c-format
 msgid "Valid options are:\n"
 msgstr "Dostępne opcje:\n"
 
-#: option.c:822 option.c:933
+#: option.c:853 option.c:1055
 msgid "bad address"
 msgstr "zły adres"
 
-#: option.c:847 option.c:851
+#: option.c:882 option.c:886
 msgid "bad port"
 msgstr "nieprawidłowy numer portu"
 
-#: option.c:864 option.c:893 option.c:927
+#: option.c:899 option.c:1002 option.c:1048
 msgid "interface binding not supported"
 msgstr "nie ma możliwości dowiązywania do interfejsu"
 
-#: option.c:888 option.c:922
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
 msgid "interface can only be specified once"
 msgstr ""
 
-#: option.c:901 option.c:4362
+#: option.c:1011 option.c:4785
 msgid "bad interface name"
 msgstr "nieprawidłowa nazwa interfejsu"
 
-#: option.c:1192
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
+msgstr ""
+
+#: option.c:1124
+#, fuzzy
+msgid "bad IPv4 prefix length"
+msgstr "zła maska"
+
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr "błąd"
+
+#: option.c:1207
+#, fuzzy
+msgid "bad IPv6 prefix length"
+msgstr "zła maska"
+
+#: option.c:1467
 msgid "inappropriate vendor:"
 msgstr ""
 
-#: option.c:1199
+#: option.c:1474
 msgid "inappropriate encap:"
 msgstr ""
 
-#: option.c:1225
+#: option.c:1500
 msgid "unsupported encapsulation for IPv6 option"
 msgstr "nieobsługiwany rodzaj enkapsulacji opcji IPv6"
 
-#: option.c:1239
+#: option.c:1514
 msgid "bad dhcp-option"
 msgstr "błąd w dhcp-option"
 
-#: option.c:1317
+#: option.c:1592
 msgid "bad IP address"
 msgstr "zły adres IP"
 
-#: option.c:1320 option.c:1459 option.c:3551
+#: option.c:1595 option.c:1734 option.c:3928
 msgid "bad IPv6 address"
 msgstr "zły adres IPv6"
 
-#: option.c:1413
+#: option.c:1688
 msgid "bad IPv4 address"
 msgstr "nieprawidłowy adres IPv4"
 
-#: option.c:1486 option.c:1581
+#: option.c:1761 option.c:1856
 msgid "bad domain in dhcp-option"
 msgstr "nieprawidłowa nazwa domeny w dhcp-option"
 
-#: option.c:1625
+#: option.c:1900
 msgid "dhcp-option too long"
 msgstr "zbyt długa dhcp-option (>255 znaków)"
 
-#: option.c:1632
+#: option.c:1907
 msgid "illegal dhcp-match"
 msgstr "niedopuszczalne dhcp-match"
 
-#: option.c:1691
+#: option.c:1966
 msgid "illegal repeated flag"
 msgstr "wielokrotne użycie opcji niedozwolone (pojawiła się wcześniej w linii poleceń)"
 
-#: option.c:1699
+#: option.c:1974
 msgid "illegal repeated keyword"
 msgstr "wielokrotne użycie opcji niedozwolone (pojawiła się wsześniej w pliku konfiguracyjnym)"
 
-#: option.c:1770 option.c:5080
+#: option.c:2056 option.c:5533
 #, c-format
 msgid "cannot access directory %s: %s"
 msgstr "brak dostępu do katalogu %s: %s"
 
-#: option.c:1816 tftp.c:566 dump.c:68
+#: option.c:2102 tftp.c:573 dump.c:72
 #, c-format
 msgid "cannot access %s: %s"
 msgstr "brak dostępu do %s: %s"
 
-#: option.c:1931
+#: option.c:2219
 msgid "setting log facility is not possible under Android"
 msgstr "zmiana log-facility w systemie Android nie jest możliwa"
 
-#: option.c:1940
+#: option.c:2228
 msgid "bad log facility"
 msgstr "nierozpoznany znacznik logów"
 
-#: option.c:1993
+#: option.c:2281
 msgid "bad MX preference"
 msgstr "nieprawidłowa wartość preferencji MX"
 
-#: option.c:1998
+#: option.c:2289
 msgid "bad MX name"
 msgstr "nieprawidłowa nazwa MX"
 
-#: option.c:2012
+#: option.c:2304
 msgid "bad MX target"
 msgstr "nieprawidłowa wartość celu MX"
 
-#: option.c:2032
+#: option.c:2324
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
 msgstr "żeby mieć możliwość używania skryptów wywoływanych przy zmianie dzierżawy, przekompiluj dnsmasq-a z włączoną flagą HAVE_SCRIPT"
 
-#: option.c:2036
+#: option.c:2328
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
 msgstr "używanie skryptów Lua, wymaga skompilowania dnsmasq-a z flagą HAVE_LUASCRIPT"
 
-#: option.c:2291 option.c:2327
+#: option.c:2447
+#, fuzzy
+msgid "invalid auth-zone"
+msgstr "nieprawidłowy zakres adresów w --alias"
+
+#: option.c:2589 option.c:2621
 #, fuzzy
 msgid "bad prefix length"
 msgstr "zła maska"
 
-#: option.c:2303 option.c:2348 option.c:2398
+#: option.c:2601 option.c:2642 option.c:2696
 msgid "bad prefix"
 msgstr "zła maska"
 
-#: option.c:2418
+#: option.c:2716
 #, fuzzy
 msgid "prefix length too small"
 msgstr "długość prefiksu musi wynosić co najmniej 64"
 
-#: option.c:2697
+#: option.c:3010
 #, fuzzy
 msgid "Bad address in --address"
 msgstr "adres jest w użyciu"
 
-#: option.c:2751
-#, fuzzy
-msgid "bad IPv4 prefix"
-msgstr "zła maska"
+#: option.c:3110
+msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+msgstr "chcąc korzystać z ipsets przekompiluj dnsmasq-a z HAVE_IPSET"
 
-#: option.c:2756 option.c:3569
+#: option.c:3117
 #, fuzzy
-msgid "bad IPv6 prefix"
-msgstr "zła maska"
-
-#: option.c:2777
-msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
 msgstr "chcąc korzystać z ipsets przekompiluj dnsmasq-a z HAVE_IPSET"
 
-#: option.c:2843 option.c:2861
+#: option.c:3192 option.c:3210
 #, fuzzy
 msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
 msgstr "chcąc korzystać z ipsets przekompiluj dnsmasq-a z HAVE_IPSET"
 
-#: option.c:3119
+#: option.c:3496
 msgid "bad port range"
 msgstr "nieprawidłowy zakres numerów portów"
 
-#: option.c:3145
+#: option.c:3522
 msgid "bad bridge-interface"
 msgstr "nieprawidłowa nazwa urządzenia w bridge-interface"
 
-#: option.c:3189
+#: option.c:3566
 msgid "bad shared-network"
 msgstr ""
 
-#: option.c:3243
+#: option.c:3620
 msgid "only one tag allowed"
 msgstr "można wskazać tylko jeden znacznik sieci"
 
-#: option.c:3264 option.c:3280 option.c:3406 option.c:3414 option.c:3457
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
 msgid "bad dhcp-range"
 msgstr "nieprawidłowy zakres dhcp-range"
 
-#: option.c:3298
+#: option.c:3675
 msgid "inconsistent DHCP range"
 msgstr "niespójny zakres adresów DHCP"
 
-#: option.c:3364
+#: option.c:3741
 msgid "prefix length must be exactly 64 for RA subnets"
 msgstr "długość prefiksu musi wynosić dokładnie 64 dla podsieci RA"
 
-#: option.c:3366
+#: option.c:3743
 msgid "prefix length must be exactly 64 for subnet constructors"
 msgstr "długość prefiksu musi wynosić dokładnie 64 dla konstruktorów podsieci"
 
-#: option.c:3369
+#: option.c:3746
 msgid "prefix length must be at least 64"
 msgstr "długość prefiksu musi wynosić co najmniej 64"
 
-#: option.c:3372
+#: option.c:3749
 msgid "inconsistent DHCPv6 range"
 msgstr "niespójny zakres adresów DHCPv6"
 
-#: option.c:3391
+#: option.c:3768
 msgid "prefix must be zero with \"constructor:\" argument"
 msgstr "prefiks musi wynosić zero z argumentem \"constructor:\""
 
-#: option.c:3516 option.c:3594
+#: option.c:3893 option.c:3971
 msgid "bad hex constant"
 msgstr "zapis niezgodny z formatem szesnastkowym"
 
-#: option.c:3617
+#: option.c:3946
+#, fuzzy
+msgid "bad IPv6 prefix"
+msgstr "zła maska"
+
+#: option.c:3994
 #, c-format
 msgid "duplicate dhcp-host IP address %s"
 msgstr "powtórzony adres IP %s w specyfikacji dhcp-host"
 
-#: option.c:3678
+#: option.c:4056
 msgid "bad DHCP host name"
 msgstr "niedopuszczalna nazwa komputera w dhcp-host"
 
-#: option.c:3764
+#: option.c:4142
 msgid "bad tag-if"
 msgstr "nieprawidłowa składnia 'tag-if'"
 
-#: option.c:4107 option.c:4623
+#: option.c:4490 option.c:5046
 msgid "invalid port number"
 msgstr "nieprawidłowy numer portu"
 
-#: option.c:4163
+#: option.c:4546
 msgid "bad dhcp-proxy address"
 msgstr "zły adres dhcp-proxy"
 
-#: option.c:4204
+#: option.c:4627
 msgid "Bad dhcp-relay"
 msgstr "zły dhcp-relay"
 
-#: option.c:4248
+#: option.c:4671
 msgid "bad RA-params"
 msgstr "nieprawidłowe argumenty RA"
 
-#: option.c:4258
+#: option.c:4681
 msgid "bad DUID"
 msgstr "zły DUID"
 
-#: option.c:4292
+#: option.c:4715
 #, fuzzy
 msgid "missing address in alias"
 msgstr "niepoprawny adres"
 
-#: option.c:4298
+#: option.c:4721
 msgid "invalid alias range"
 msgstr "nieprawidłowy zakres adresów w --alias"
 
-#: option.c:4347
+#: option.c:4770
 #, fuzzy
 msgid "missing address in dynamic host"
 msgstr "niepoprawny adres"
 
-#: option.c:4362
+#: option.c:4785
 #, fuzzy
 msgid "bad dynamic host"
 msgstr "zły katalog dynamiczny %s: %s"
 
-#: option.c:4380 option.c:4396
+#: option.c:4803 option.c:4819
 msgid "bad CNAME"
 msgstr "zła CNAME"
 
-#: option.c:4404
+#: option.c:4827
 msgid "duplicate CNAME"
 msgstr "powtórzona CNAME"
 
-#: option.c:4431
+#: option.c:4854
 msgid "bad PTR record"
 msgstr "nieprawidłowy zapis rekordu PTR"
 
-#: option.c:4466
+#: option.c:4889
 msgid "bad NAPTR record"
 msgstr "nieprawidłowy zapis rekordu NAPTR"
 
-#: option.c:4502
+#: option.c:4925
 msgid "bad RR record"
 msgstr "nieprawidłowy zapis rekordu RR"
 
-#: option.c:4535
+#: option.c:4958
 #, fuzzy
 msgid "bad CAA record"
 msgstr "nieprawidłowy zapis rekordu RR"
 
-#: option.c:4564
+#: option.c:4987
 msgid "bad TXT record"
 msgstr "nieprawidłowy zapis rekordu TXT"
 
-#: option.c:4607
+#: option.c:5030
 msgid "bad SRV record"
 msgstr "nieprawidłowy zapis rekordu SRV"
 
-#: option.c:4614
+#: option.c:5037
 msgid "bad SRV target"
 msgstr "nieprawidłowa wartość celu SRV"
 
-#: option.c:4633
+#: option.c:5056
 msgid "invalid priority"
 msgstr "nieprawidłowy priorytet"
 
-#: option.c:4638
+#: option.c:5061
 msgid "invalid weight"
 msgstr "nieprawidłowa waga"
 
-#: option.c:4661
+#: option.c:5084
 msgid "Bad host-record"
 msgstr "nieprawidłowy zapis host-record"
 
-#: option.c:4700
+#: option.c:5123
 msgid "Bad name in host-record"
 msgstr "niedopuszczalna nazwa w host-record"
 
-#: option.c:4742
+#: option.c:5165
 msgid "bad value for dnssec-check-unsigned"
 msgstr ""
 
-#: option.c:4778
+#: option.c:5201
 msgid "bad trust anchor"
 msgstr "nieprawidłowa specyfikacja punktu zaufania"
 
-#: option.c:4794
+#: option.c:5217
 msgid "bad HEX in trust anchor"
 msgstr "zły zapis szesnastkowy"
 
-#: option.c:4805
+#: option.c:5228
 msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
 msgstr "nieobsługiwana opcja (sprawdź, czy obsługa DHCP/TFTP/DNSSEC/DBus została wkompilowana)"
 
-#: option.c:4865
+#: option.c:5290
 msgid "missing \""
 msgstr "brakuje \""
 
-#: option.c:4922
+#: option.c:5347
 msgid "bad option"
 msgstr "nieprawidłowa opcja"
 
-#: option.c:4924
+#: option.c:5349
 msgid "extraneous parameter"
 msgstr "nadwyżkowy parametr"
 
-#: option.c:4926
+#: option.c:5351
 msgid "missing parameter"
 msgstr "brak parametru"
 
-#: option.c:4928
+#: option.c:5353
 msgid "illegal option"
 msgstr "niedopuszczalna opcja"
 
-#: option.c:4935
-msgid "error"
-msgstr "błąd"
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
+msgstr ""
 
-#: option.c:4937
+#: option.c:5365
 #, c-format
 msgid " at line %d of %s"
 msgstr " w linii %d pliku %s"
 
-#: option.c:4952 option.c:5229 option.c:5240
+#: option.c:5380 option.c:5683 option.c:5694
 #, c-format
 msgid "read %s"
 msgstr "przeczytałem %s"
 
-#: option.c:5015 option.c:5162 tftp.c:775
+#: option.c:5446
+#, fuzzy, c-format
+msgid "cannot execute %s: %s"
+msgstr "błąd odczytu z pliku %s: %s"
+
+#: option.c:5454 option.c:5615 tftp.c:790
 #, c-format
 msgid "cannot read %s: %s"
 msgstr "błąd odczytu z pliku %s: %s"
 
-#: option.c:5316
+#: option.c:5473
+#, fuzzy, c-format
+msgid "error executing %s: %s"
+msgstr "nie udało się uruchomić %s: %s"
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr ""
+
+#: option.c:5775
 msgid "junk found in command line"
 msgstr "jakieś śmieci w linii poleceń"
 
-#: option.c:5356
+#: option.c:5815
 #, c-format
 msgid "Dnsmasq version %s  %s\n"
 msgstr "Dnsmasq, wersja %s  %s\n"
 
-#: option.c:5357
+#: option.c:5816
 #, c-format
 msgid ""
 "Compile time options: %s\n"
@@ -1215,655 +1318,694 @@ msgstr ""
 "Wkompilowane opcje %s\n"
 "\n"
 
-#: option.c:5358
+#: option.c:5817
 #, c-format
 msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
 msgstr "Autor nie daje ŻADNYCH GWARANCJI egzekwowalnych prawnie.\n"
 
-#: option.c:5359
+#: option.c:5818
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
 msgstr "Dnsmasq jest wolnym oprogramowaniem, możesz go rozprowadzać\n"
 
-#: option.c:5360
+#: option.c:5819
 #, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
 msgstr "na warunkach określonych w GNU General Public Licence, w wersji 2 lub 3.\n"
 
-#: option.c:5377
+#: option.c:5836
 msgid "try --help"
 msgstr "spróbuj: --help"
 
-#: option.c:5379
+#: option.c:5838
 msgid "try -w"
 msgstr "spróbuj: -w"
 
-#: option.c:5381
+#: option.c:5840
 #, c-format
 msgid "bad command line options: %s"
 msgstr "nieprawidłowa opcja w linii poleceń %s"
 
-#: option.c:5450
+#: option.c:5909
 #, c-format
 msgid "CNAME loop involving %s"
 msgstr ""
 
-#: option.c:5491
+#: option.c:5950
 #, c-format
 msgid "cannot get host-name: %s"
 msgstr "nie można pobrać nazwy hosta: %s"
 
-#: option.c:5519
+#: option.c:5978
 msgid "only one resolv.conf file allowed in no-poll mode."
 msgstr "w trybie no-poll można wskazać najwyżej jeden plik resolv.conf."
 
-#: option.c:5529
+#: option.c:5988
 msgid "must have exactly one resolv.conf to read domain from."
 msgstr "musisz mieć dokładnie jeden plik resolv.conf do odczytu domen."
 
-#: option.c:5532 network.c:1670 dhcp.c:880
+#: option.c:5991 network.c:1727 dhcp.c:892
 #, c-format
 msgid "failed to read %s: %s"
 msgstr "nie udało się odczytać %s: %s"
 
-#: option.c:5549
+#: option.c:6008
 #, c-format
 msgid "no search directive found in %s"
 msgstr "brak wytycznych wyszukiwania w %s"
 
-#: option.c:5570
+#: option.c:6029
 msgid "there must be a default domain when --dhcp-fqdn is set"
 msgstr "w przypadku używania --dhcp-fqdn trzeba wskazać domyślną domenę"
 
-#: option.c:5579
+#: option.c:6038
 msgid "syntax check OK"
 msgstr "składnia sprawdzona, jest prawidłowa"
 
-#: forward.c:104
+#: forward.c:107
 #, c-format
 msgid "failed to send packet: %s"
 msgstr "wysyłanie pakietu nie powiodło się: %s"
 
-#: forward.c:601
+#: forward.c:715
 msgid "discarding DNS reply: subnet option mismatch"
 msgstr "odrzucam odpowiedź DNS: nie zgadza się specyfikacja podsieci"
 
-#: forward.c:666
+#: forward.c:780
 #, c-format
 msgid "nameserver %s refused to do a recursive query"
 msgstr "serwer nazw %s odmawia wykonania zapytania rekurencyjnego"
 
-#: forward.c:702
+#: forward.c:826
 #, c-format
 msgid "possible DNS-rebind attack detected: %s"
 msgstr "prawdopodobnie wykryto atak DNS-rebind: %s"
 
-#: forward.c:1074
+#: forward.c:1239
 #, c-format
 msgid "reducing DNS packet size for nameserver %s to %d"
 msgstr ""
 
-#: forward.c:1381 forward.c:1910
-msgid "Ignoring query from non-local network"
+#: forward.c:1565
+#, fuzzy, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
 msgstr "Ignorowanie zapytań z sieci pozalokalnych."
 
-#: forward.c:2198
+#: forward.c:2139
+#, fuzzy, c-format
+msgid "ignoring query from non-local network %s"
+msgstr "Ignorowanie zapytań z sieci pozalokalnych."
+
+#: forward.c:2501
 #, fuzzy, c-format
 msgid "failed to bind server socket to %s: %s"
 msgstr "błąd przy przyznawaniu nazwy gniazdu serwera %s: %s"
 
-#: forward.c:2494
+#: forward.c:2867
 #, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
 msgstr "Osiągnięto graniczną ilość jednocześnie obsługiwanych zapytań DNS (maks: %d)"
 
-#: forward.c:2496
+#: forward.c:2869
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
 msgstr "Osiągnięto graniczną ilość jednocześnie obsługiwanych zapytań DNS (maks: %d)"
 
-#: network.c:670
+#: network.c:700
 #, c-format
 msgid "stopped listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:867
+#: network.c:911
 #, c-format
 msgid "failed to create listening socket for %s: %s"
 msgstr "nie udało się otworzyć gniazda %s: %s"
 
-#: network.c:1148
+#: network.c:1192
 #, c-format
 msgid "listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:1175
+#: network.c:1219
 #, fuzzy, c-format
 msgid "listening on %s port %d"
 msgstr "błąd wysyłania pliku %s do komputera %s"
 
-#: network.c:1208
+#: network.c:1252
 #, c-format
 msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
 msgstr "UWAGA: nasłuchiwanie na %s może przyjmować żądania przychodzące przez interfejsy inne niż %s"
 
-#: network.c:1215
+#: network.c:1259
 msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
 msgstr "UWAGA: zastosowanie --bind-dynamic zamiast --bind-interfaces daje ochronę przed atakami wzmocnienia DNS"
 
-#: network.c:1224
+#: network.c:1268
 #, fuzzy, c-format
 msgid "warning: using interface %s instead"
 msgstr "uwaga: %s niedostępny"
 
-#: network.c:1233
+#: network.c:1277
 #, c-format
 msgid "warning: no addresses found for interface %s"
 msgstr "uwaga: nie znaleziono adresu interfejsu %s"
 
-#: network.c:1291
+#: network.c:1335
 #, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
 msgstr "interfejs %s nie pozwolił się przyłączyć do grupy rozgłoszeniowej DHCPv6: %s"
 
-#: network.c:1296
+#: network.c:1340
 msgid "try increasing /proc/sys/net/core/optmem_max"
 msgstr "spróbuj podwyższyć /proc/sys/net/core/optmem_max"
 
-#: network.c:1492
+#: network.c:1545
 #, c-format
 msgid "failed to bind server socket for %s: %s"
 msgstr "błąd przy przyznawaniu nazwy gniazdu serwera %s: %s"
 
-#: network.c:1569
+#: network.c:1622
 #, c-format
 msgid "ignoring nameserver %s - local interface"
 msgstr "ignorowanie serwera nazw %s - interfejs lokalny"
 
-#: network.c:1580
+#: network.c:1633
 #, c-format
 msgid "ignoring nameserver %s - cannot make/bind socket: %s"
 msgstr "ignorowanie serwera nazw %s - nie można utworzyć/dowiązać gniazda: %s"
 
-#: network.c:1598
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr ""
+
+#: network.c:1654
 msgid "(no DNSSEC)"
 msgstr "(brak obsługi DNSSEC)"
 
-#: network.c:1601
+#: network.c:1657
 msgid "unqualified"
 msgstr "niekwalifikowane(-a)"
 
-#: network.c:1601
+#: network.c:1657
 msgid "names"
 msgstr "nazwy"
 
-#: network.c:1603
+#: network.c:1659
 msgid "default"
 msgstr "domyślne"
 
-#: network.c:1605
+#: network.c:1661
 msgid "domain"
 msgstr "domeny"
 
-#: network.c:1607
+#: network.c:1663
 #, fuzzy, c-format
 msgid "using nameserver %s#%d for %s %s%s %s"
 msgstr "używam serwera nazw %s#%d dla %s %s %s"
 
-#: network.c:1611
+#: network.c:1667
 #, c-format
 msgid "NOT using nameserver %s#%d - query loop detected"
 msgstr "NIE używam serwera nazw %s#%d - wykryto pętlę zapytań"
 
-#: network.c:1614
+#: network.c:1670
 #, c-format
 msgid "using nameserver %s#%d(via %s)"
 msgstr "używam serwera nazw %s#%d (przez %s)"
 
-#: network.c:1616
+#: network.c:1672
 #, c-format
 msgid "using nameserver %s#%d"
 msgstr "używam serwera nazw %s#%d"
 
-#: network.c:1630
+#: network.c:1687
 #, fuzzy, c-format
 msgid "using only locally-known addresses for %s"
 msgstr "używam adresów lokalnych tylko dla %s %s"
 
-#: network.c:1633
+#: network.c:1690
 #, fuzzy, c-format
 msgid "using standard nameservers for %s"
 msgstr "używam standardowych serwerów nazw dla %s %s"
 
-#: network.c:1637
+#: network.c:1694
 #, fuzzy, c-format
 msgid "using %d more local addresses"
 msgstr "używam o %d serwerów nazw więcej"
 
-#: network.c:1639
+#: network.c:1696
 #, c-format
 msgid "using %d more nameservers"
 msgstr "używam o %d serwerów nazw więcej"
 
-#: dnsmasq.c:184
+#: dnsmasq.c:192
 msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
 msgstr "dhcp-hostsdir, dhcp-optsdir i hostsdir nie znajdują zastosowania na tej platformie"
 
-#: dnsmasq.c:199
+#: dnsmasq.c:207
 msgid "no root trust anchor provided for DNSSEC"
 msgstr "nie wskazano punktów zaufania dla DNSSEC"
 
-#: dnsmasq.c:202
+#: dnsmasq.c:210
 msgid "cannot reduce cache size from default when DNSSEC enabled"
 msgstr "brak możliwości zmniejszenia pamięci podręcznej poniżej wielkości domyślnej w przypadku używania DNSSEC"
 
-#: dnsmasq.c:204
+#: dnsmasq.c:212
 msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
 msgstr "obsługa DNSSEC niedostępna - ustaw HAVE_DNSSEC w src/config.h"
 
-#: dnsmasq.c:210
+#: dnsmasq.c:218
 msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
 msgstr "Serwer TFTP nie został wkompilowany -- ustaw HAVE_TFTP w src/config.h"
 
-#: dnsmasq.c:217
+#: dnsmasq.c:225
 msgid "cannot use --conntrack AND --query-port"
 msgstr "--conntrack i --query-port wzajemnie się wykluczają"
 
-#: dnsmasq.c:223
+#: dnsmasq.c:231
 msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
 msgstr "wsparcie przekazywania znaczników połączeń (conntrack) nie zostało wkompilowane - ustaw HAVE_CONNTRACK w src/config.h"
 
-#: dnsmasq.c:228
+#: dnsmasq.c:236
 msgid "asynchronous logging is not available under Solaris"
 msgstr "zapis do logów w trybie asynchronicznym nie jest dostępny w Solarisie"
 
-#: dnsmasq.c:233
+#: dnsmasq.c:241
 msgid "asynchronous logging is not available under Android"
 msgstr "zapis do logów w trybie asynchronicznym nie jest dostępny w Androidzie"
 
-#: dnsmasq.c:238
+#: dnsmasq.c:246
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
 msgstr "tryb autorytatywny DNS-a niedostępny - ustaw HAVE_AUTH w src/config.h"
 
-#: dnsmasq.c:243
+#: dnsmasq.c:251
 msgid "loop detection not available: set HAVE_LOOP in src/config.h"
 msgstr "wykrywanie pętli zapytań nie zostało wkompilowane - ustaw HAVE_LOOP w src/config.h"
 
-#: dnsmasq.c:248
+#: dnsmasq.c:256
 #, fuzzy
 msgid "Ubus not available: set HAVE_UBUS in src/config.h"
 msgstr "Obsługa DBus nie została wkompilowana -- ustaw HAVE_DBUS w src/config.h"
 
-#: dnsmasq.c:259
+#: dnsmasq.c:267
 msgid "max_port cannot be smaller than min_port"
 msgstr "max_port nie może być niższy niż min_port"
 
-#: dnsmasq.c:266
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
 msgid "--auth-server required when an auth zone is defined."
 msgstr ""
 
-#: dnsmasq.c:271
+#: dnsmasq.c:283
 msgid "zone serial must be configured in --auth-soa"
 msgstr "za pomocą --auth-soa musi zostać ustawiony numer seryjny strefy"
 
-#: dnsmasq.c:291
+#: dnsmasq.c:303
 msgid "dhcp-range constructor not available on this platform"
 msgstr "konstrukcja dhcp-range nie jest dostępna w tym systemie"
 
-#: dnsmasq.c:355
+#: dnsmasq.c:377
 msgid "cannot set --bind-interfaces and --bind-dynamic"
 msgstr "--bind-interfaces i --bind-dynamic wzajemnie się wykluczają"
 
-#: dnsmasq.c:358
+#: dnsmasq.c:380
 #, c-format
 msgid "failed to find list of interfaces: %s"
 msgstr "błąd podczas tworzenia listy interfejsów sieciowych: %s"
 
-#: dnsmasq.c:367
+#: dnsmasq.c:389
 #, c-format
 msgid "unknown interface %s"
 msgstr "nieznany interfejs %s"
 
-#: dnsmasq.c:437
+#: dnsmasq.c:396
+#, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr "nie udało się ustawić SO_BINDTODEVICE gniazda DHCP: %s"
+
+#: dnsmasq.c:440
 #, fuzzy
 msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
 msgstr "Obsługa DBus nie została wkompilowana -- ustaw HAVE_DBUS w src/config.h"
 
-#: dnsmasq.c:445 dnsmasq.c:1207
+#: dnsmasq.c:448 dnsmasq.c:1232
 #, c-format
 msgid "DBus error: %s"
 msgstr "błąd DBus: %s"
 
-#: dnsmasq.c:448
+#: dnsmasq.c:451
 msgid "DBus not available: set HAVE_DBUS in src/config.h"
 msgstr "Obsługa DBus nie została wkompilowana -- ustaw HAVE_DBUS w src/config.h"
 
-#: dnsmasq.c:456 dnsmasq.c:1228
+#: dnsmasq.c:459 dnsmasq.c:1253
 #, fuzzy, c-format
 msgid "UBus error: %s"
 msgstr "błąd DBus: %s"
 
-#: dnsmasq.c:459
+#: dnsmasq.c:462
 #, fuzzy
 msgid "UBus not available: set HAVE_UBUS in src/config.h"
 msgstr "Obsługa DBus nie została wkompilowana -- ustaw HAVE_DBUS w src/config.h"
 
-#: dnsmasq.c:489
+#: dnsmasq.c:492
 #, c-format
 msgid "unknown user or group: %s"
 msgstr "nieznany użytkownik lub grupa: %s"
 
-#: dnsmasq.c:565
+#: dnsmasq.c:568
 #, c-format
 msgid "process is missing required capability %s"
 msgstr ""
 
-#: dnsmasq.c:597
+#: dnsmasq.c:600
 #, c-format
 msgid "cannot chdir to filesystem root: %s"
 msgstr "nie potrafię wejść do głównego katalogu: %s"
 
-#: dnsmasq.c:845
+#: dnsmasq.c:852
 #, c-format
 msgid "started, version %s DNS disabled"
 msgstr "uruchomiony, wersja %s, DNS wyłączony"
 
-#: dnsmasq.c:850
+#: dnsmasq.c:857
 #, c-format
 msgid "started, version %s cachesize %d"
 msgstr "uruchomiony, wersja %s, %d miejsc w pamięci podręcznej"
 
-#: dnsmasq.c:852
+#: dnsmasq.c:859
 msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
 msgstr ""
 
-#: dnsmasq.c:855
+#: dnsmasq.c:862
 #, c-format
 msgid "started, version %s cache disabled"
 msgstr "uruchomiony, wersja %s, pamięć podręczna wyłączona"
 
-#: dnsmasq.c:858
+#: dnsmasq.c:865
 msgid "DNS service limited to local subnets"
 msgstr "usługa DNS ograniczona do lokalnych podsieci"
 
-#: dnsmasq.c:861
+#: dnsmasq.c:868
 #, c-format
 msgid "compile time options: %s"
 msgstr "opcje kompilacji: %s"
 
-#: dnsmasq.c:870
+#: dnsmasq.c:877
 msgid "DBus support enabled: connected to system bus"
 msgstr "obsługa DBus włączona, podłączono do serwera DBus"
 
-#: dnsmasq.c:872
+#: dnsmasq.c:879
 msgid "DBus support enabled: bus connection pending"
 msgstr "obsługa DBus włączona, trwa podłączanie do serwera DBus"
 
-#: dnsmasq.c:880
+#: dnsmasq.c:887
 #, fuzzy
 msgid "UBus support enabled: connected to system bus"
 msgstr "obsługa DBus włączona, podłączono do serwera DBus"
 
-#: dnsmasq.c:882
+#: dnsmasq.c:889
 #, fuzzy
 msgid "UBus support enabled: bus connection pending"
 msgstr "obsługa DBus włączona, trwa podłączanie do serwera DBus"
 
-#: dnsmasq.c:902
+#: dnsmasq.c:909
 msgid "DNSSEC validation enabled but all unsigned answers are trusted"
 msgstr ""
 
-#: dnsmasq.c:904
+#: dnsmasq.c:911
 msgid "DNSSEC validation enabled"
 msgstr "walidacja DNSSEC włączona"
 
-#: dnsmasq.c:908
+#: dnsmasq.c:915
 #, fuzzy
 msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
 msgstr "sprawdzanie sygnatur czasowych DNSSEC wyłączone do czasu przeładowania pamięci podręcznej"
 
-#: dnsmasq.c:911
+#: dnsmasq.c:918
 msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr "sprawdzanie sygnatur czasowych DNSSEC wyłączone do czasu zsynchronizowania się zegara systemowego"
 
-#: dnsmasq.c:914
+#: dnsmasq.c:921
 #, c-format
 msgid "configured with trust anchor for %s keytag %u"
 msgstr ""
 
-#: dnsmasq.c:920
+#: dnsmasq.c:927
 #, c-format
 msgid "warning: failed to change owner of %s: %s"
 msgstr "uwaga: nie udało się zmienić użytkownika pliku %s: %s"
 
-#: dnsmasq.c:924
+#: dnsmasq.c:932
 msgid "setting --bind-interfaces option because of OS limitations"
 msgstr "ustawiam --bind-interfaces z powodu ograniczeń systemu operacyjnego"
 
-#: dnsmasq.c:936
+#: dnsmasq.c:945
 #, c-format
 msgid "warning: interface %s does not currently exist"
 msgstr "uwaga: interfejs %s nie jest włączony"
 
-#: dnsmasq.c:941
+#: dnsmasq.c:950
 msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr "uwaga: ignoruję opcję resolv-file, ponieważ wybrano tryb no-resolv"
 
-#: dnsmasq.c:944
+#: dnsmasq.c:953
 msgid "warning: no upstream servers configured"
 msgstr "uwaga: nie wskazano nadrzędnych serwerów DNS"
 
-#: dnsmasq.c:948
+#: dnsmasq.c:957
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
 msgstr "włączono asynchroniczny tryb zapisu do logów z kolejką na %d komunikatów"
 
-#: dnsmasq.c:969
+#: dnsmasq.c:978
 msgid "IPv6 router advertisement enabled"
 msgstr "anonsowanie rutera IPv6 włączone"
 
-#: dnsmasq.c:974
+#: dnsmasq.c:983
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
 msgstr "DHCP, gniazda dowiązane na wyłączność interfejsowi %s"
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "root is "
 msgstr "z głównym katalogiem w "
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "enabled"
 msgstr "włączony"
 
-#: dnsmasq.c:993
+#: dnsmasq.c:1002
 msgid "secure mode"
 msgstr "w trybie bezpiecznym"
 
-#: dnsmasq.c:994
+#: dnsmasq.c:1003
 #, fuzzy
 msgid "single port mode"
 msgstr "nieprawidłowy numer portu"
 
-#: dnsmasq.c:997
+#: dnsmasq.c:1006
 #, c-format
 msgid "warning: %s inaccessible"
 msgstr "uwaga: %s niedostępny"
 
-#: dnsmasq.c:1001
+#: dnsmasq.c:1010
 #, c-format
 msgid "warning: TFTP directory %s inaccessible"
 msgstr "uwaga: katalog TFTP %s nie jest dostępny"
 
-#: dnsmasq.c:1027
+#: dnsmasq.c:1036
 #, c-format
 msgid "restricting maximum simultaneous TFTP transfers to %d"
 msgstr "ograniczam ilość jednoczesnych przesłań TFTP do %d"
 
-#: dnsmasq.c:1204
+#: dnsmasq.c:1095
+#, fuzzy, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr "Błąd wysyłania pakietu DHCP do %s: %s"
+
+#: dnsmasq.c:1229
 msgid "connected to system DBus"
 msgstr "podłączono do DBus-a"
 
-#: dnsmasq.c:1225
+#: dnsmasq.c:1250
 #, fuzzy
 msgid "connected to system UBus"
 msgstr "podłączono do DBus-a"
 
-#: dnsmasq.c:1391
+#: dnsmasq.c:1416
 #, c-format
 msgid "cannot fork into background: %s"
 msgstr "nie potrafię przełączyć się do pracy w tle: %s"
 
-#: dnsmasq.c:1395
+#: dnsmasq.c:1420
 #, c-format
 msgid "failed to create helper: %s"
 msgstr "nie udało się utworzyć procesu pomocniczego: %s"
 
-#: dnsmasq.c:1399
+#: dnsmasq.c:1424
 #, c-format
 msgid "setting capabilities failed: %s"
 msgstr "nie powiodło się ustawianie ograniczeń (capabilities): %s"
 
-#: dnsmasq.c:1403
+#: dnsmasq.c:1428
 #, c-format
 msgid "failed to change user-id to %s: %s"
 msgstr "nie udało się zmienić użytkownika procesu na %s: %s"
 
-#: dnsmasq.c:1407
+#: dnsmasq.c:1432
 #, c-format
 msgid "failed to change group-id to %s: %s"
 msgstr "nie udało się zmienić grupy procesu na %s: %s"
 
-#: dnsmasq.c:1411
+#: dnsmasq.c:1436
 #, c-format
 msgid "failed to open pidfile %s: %s"
 msgstr "nie udało się otworzyć pliku z PID-em %s: %s"
 
-#: dnsmasq.c:1415
+#: dnsmasq.c:1440
 #, c-format
 msgid "cannot open log %s: %s"
 msgstr "nie udało się otworzyć logu %s: %s"
 
-#: dnsmasq.c:1419
+#: dnsmasq.c:1444
 #, c-format
 msgid "failed to load Lua script: %s"
 msgstr "nie udało się wczytać skryptu Lua: %s"
 
-#: dnsmasq.c:1423
+#: dnsmasq.c:1448
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
 msgstr "katalog TFTP %s nie jest dostępny: %s"
 
-#: dnsmasq.c:1427
+#: dnsmasq.c:1452
 #, c-format
 msgid "cannot create timestamp file %s: %s"
 msgstr "nie potrafię utworzyć pliku znacznika czasu %s: %s"
 
-#: dnsmasq.c:1511
+#: dnsmasq.c:1536
 #, c-format
 msgid "script process killed by signal %d"
 msgstr "skrypt został zabity sygnałem %d"
 
-#: dnsmasq.c:1515
+#: dnsmasq.c:1540
 #, c-format
 msgid "script process exited with status %d"
 msgstr "skrypt zakończył się z kodem powrotu %d"
 
-#: dnsmasq.c:1519
+#: dnsmasq.c:1544
 #, c-format
 msgid "failed to execute %s: %s"
 msgstr "nie udało się uruchomić %s: %s"
 
-#: dnsmasq.c:1559
+#: dnsmasq.c:1584
 msgid "now checking DNSSEC signature timestamps"
 msgstr "trwa sprawdzanie sygnatur czasowych podpisów DNSSEC"
 
-#: dnsmasq.c:1594 dnssec.c:160 dnssec.c:204
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
 #, c-format
 msgid "failed to update mtime on %s: %s"
 msgstr "nie udało się uaktualnić znacznika czasu pliku %s: %s"
 
-#: dnsmasq.c:1606
+#: dnsmasq.c:1631
 msgid "exiting on receipt of SIGTERM"
 msgstr "zakończyłem działanie z powodu odebrania SIGTERM"
 
-#: dnsmasq.c:1634
+#: dnsmasq.c:1659
 #, c-format
 msgid "failed to access %s: %s"
 msgstr "brak dostępu do %s: %s"
 
-#: dnsmasq.c:1664
+#: dnsmasq.c:1690
 #, c-format
 msgid "reading %s"
 msgstr "czytanie %s"
 
-#: dnsmasq.c:1675
+#: dnsmasq.c:1706
 #, c-format
 msgid "no servers found in %s, will retry"
 msgstr "w %s nie znalazłem serwerów, spróbuję ponownie później"
 
-#: dhcp.c:53
+#: dhcp.c:51
 #, c-format
 msgid "cannot create DHCP socket: %s"
 msgstr "nie udało się utworzyć gniazda dla DHCP: %s"
 
-#: dhcp.c:68
+#: dhcp.c:66
 #, c-format
 msgid "failed to set options on DHCP socket: %s"
 msgstr "błąd podczas ustawiania opcji gniazda DHCP: %s"
 
-#: dhcp.c:89
+#: dhcp.c:87
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
 msgstr "nie udało się ustawić SO_REUSE{ADDR|PORT} gniazda DHCP: %s"
 
-#: dhcp.c:101
+#: dhcp.c:99
 #, c-format
 msgid "failed to bind DHCP server socket: %s"
 msgstr "błąd przy przyznawaniu nazwy gniazdu serwera DHCP: %s"
 
-#: dhcp.c:127
+#: dhcp.c:125
 #, c-format
 msgid "cannot create ICMP raw socket: %s."
 msgstr "nie udało się utworzyć surowego gniazda ICMP: %s."
 
-#: dhcp.c:252 dhcp6.c:180
+#: dhcp.c:254 dhcp6.c:186
 #, c-format
 msgid "unknown interface %s in bridge-interface"
 msgstr "nieznany interfejs %s w bridge-u"
 
-#: dhcp.c:293
+#: dhcp.c:295
 #, c-format
 msgid "DHCP packet received on %s which has no address"
 msgstr "żądanie DHCP odebrano na interfejsie %s, który nie ma adresu"
 
-#: dhcp.c:428
+#: dhcp.c:429
 #, c-format
 msgid "ARP-cache injection failed: %s"
 msgstr "uzupełnienie pamięci podręcznej ARP nie powiodło się: %s"
 
-#: dhcp.c:473
+#: dhcp.c:490
 #, c-format
 msgid "Error sending DHCP packet to %s: %s"
 msgstr "Błąd wysyłania pakietu DHCP do %s: %s"
 
-#: dhcp.c:530
+#: dhcp.c:547
 #, c-format
 msgid "DHCP range %s -- %s is not consistent with netmask %s"
 msgstr "zakres adresów DHCP %s -- %s jest niespójny z maską sieci %s"
 
-#: dhcp.c:918
+#: dhcp.c:930
 #, c-format
 msgid "bad line at %s line %d"
 msgstr "zła zawartość pliku %s, w linii %d"
 
-#: dhcp.c:961
+#: dhcp.c:973
 #, c-format
 msgid "ignoring %s line %d, duplicate name or IP address"
 msgstr "w %s pomijam linię %d -- powtórzona nazwa lub adres IP"
 
-#: dhcp.c:1105 rfc3315.c:2182
+#: dhcp.c:1034
+#, c-format
+msgid "read %s - %d addresses"
+msgstr "wczytałem %s - %d adresów"
+
+#: dhcp.c:1136
+#, fuzzy, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr "Nie mogę rozesłać do serwerów DHCPv6 nie mając prawidłowego interfejsu"
+
+#: dhcp.c:1160
 #, c-format
-msgid "DHCP relay %s -> %s"
+msgid "broadcast via %s"
+msgstr ""
+
+#: dhcp.c:1163 rfc3315.c:2219
+#, fuzzy, c-format
+msgid "DHCP relay at %s -> %s"
 msgstr "przekazywanie DHCP %s -> %s"
 
 #: lease.c:64
@@ -1933,7 +2075,7 @@ msgstr "nie zdefiniowano zakresu adresów odpowiedniego dla żądania %s %s"
 msgid "%u available DHCP subnet: %s/%s"
 msgstr "%u dostępna podsieć DHCP: %s/%s"
 
-#: rfc2131.c:409 rfc3315.c:319
+#: rfc2131.c:409 rfc3315.c:320
 #, c-format
 msgid "%u available DHCP range: %s -- %s"
 msgstr "%u dostępny zakres adresów DHCP: %s -- %s"
@@ -1952,12 +2094,12 @@ msgstr "%u klasa użytkownika: %s"
 msgid "disabled"
 msgstr "wyłączony(a)"
 
-#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1532 rfc3315.c:632 rfc3315.c:815
-#: rfc3315.c:1121
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
 msgid "ignored"
 msgstr "ignoruję"
 
-#: rfc2131.c:613 rfc2131.c:1333 rfc3315.c:867
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
 msgid "address in use"
 msgstr "adres jest w użyciu"
 
@@ -1965,7 +2107,7 @@ msgstr "adres jest w użyciu"
 msgid "no address available"
 msgstr "brak dostępnego adresu"
 
-#: rfc2131.c:634 rfc2131.c:1295
+#: rfc2131.c:634 rfc2131.c:1302
 msgid "wrong network"
 msgstr "nieprawidłowa sieć"
 
@@ -1973,11 +2115,11 @@ msgstr "nieprawidłowa sieć"
 msgid "no address configured"
 msgstr "brak skonfigurowanego adresu"
 
-#: rfc2131.c:655 rfc2131.c:1346
+#: rfc2131.c:655 rfc2131.c:1353
 msgid "no leases left"
 msgstr "brak wolnych dzierżaw"
 
-#: rfc2131.c:756 rfc3315.c:499
+#: rfc2131.c:756 rfc3315.c:500
 #, c-format
 msgid "%u client provides name: %s"
 msgstr "klient %u przedstawia się jako %s"
@@ -1986,7 +2128,7 @@ msgstr "klient %u przedstawia się jako %s"
 msgid "PXE BIS not supported"
 msgstr "PXE BIS nie jest obsługiwane"
 
-#: rfc2131.c:1054 rfc3315.c:1222
+#: rfc2131.c:1054 rfc3315.c:1223
 #, c-format
 msgid "disabling DHCP static address %s for %s"
 msgstr "wyłączam statyczne przypisanie adresu %s dla %s"
@@ -2010,108 +2152,108 @@ msgstr "nie proponuję zakładanego w konfiguracji adresu %s, bo używa go któr
 msgid "not using configured address %s because it was previously declined"
 msgstr "nie proponuję zakładanego w konfiguracji adresu %s, bo już poprzednio został odrzucony"
 
-#: rfc2131.c:1139 rfc2131.c:1339
+#: rfc2131.c:1139 rfc2131.c:1346
 msgid "no unique-id"
 msgstr "brak unikalnego id"
 
-#: rfc2131.c:1231
+#: rfc2131.c:1238
 msgid "wrong server-ID"
 msgstr "nieprawidłowy identyfikator serwera (server-ID)"
 
-#: rfc2131.c:1250
+#: rfc2131.c:1257
 msgid "wrong address"
 msgstr "błędny adres"
 
-#: rfc2131.c:1268 rfc3315.c:975
+#: rfc2131.c:1275 rfc3315.c:976
 msgid "lease not found"
 msgstr "dzierżawa nieznaleziona"
 
-#: rfc2131.c:1303
+#: rfc2131.c:1310
 msgid "address not available"
 msgstr "adres niedostępny"
 
-#: rfc2131.c:1314
+#: rfc2131.c:1321
 msgid "static lease available"
 msgstr "dostępna statyczna dzierżawa"
 
-#: rfc2131.c:1318
+#: rfc2131.c:1325
 msgid "address reserved"
 msgstr "adres zarezerwowany"
 
-#: rfc2131.c:1327
+#: rfc2131.c:1334
 #, c-format
 msgid "abandoning lease to %s of %s"
 msgstr "porzucam przypisanie do %s nazwy %s"
 
-#: rfc2131.c:1866
+#: rfc2131.c:1870
 #, c-format
 msgid "%u bootfile name: %s"
 msgstr "%u nazwa pliku bootowania: %s"
 
-#: rfc2131.c:1875
+#: rfc2131.c:1879
 #, c-format
 msgid "%u server name: %s"
 msgstr "%u nazwa serwera: %s"
 
-#: rfc2131.c:1885
+#: rfc2131.c:1889
 #, c-format
 msgid "%u next server: %s"
 msgstr "%u następny serwer: %s"
 
-#: rfc2131.c:1889
+#: rfc2131.c:1893
 #, c-format
 msgid "%u broadcast response"
 msgstr "%u odpowiedź rozgłoszeniowa"
 
-#: rfc2131.c:1952
+#: rfc2131.c:1956
 #, c-format
 msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
 msgstr "nie mam możliwości wysłania opcji %d DHCP/BOOTP: niedostateczna ilość miejsca w pakiecie"
 
-#: rfc2131.c:2262
+#: rfc2131.c:2267
 msgid "PXE menu too large"
 msgstr "menu PXE zbyt duże"
 
-#: rfc2131.c:2425 rfc3315.c:1511
+#: rfc2131.c:2430 rfc3315.c:1517
 #, c-format
 msgid "%u requested options: %s"
 msgstr "%u zażądano: %s"
 
-#: rfc2131.c:2742
+#: rfc2131.c:2747
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
 msgstr "nie mogę wysłać opcji RFC3925: za długi łańcuch opcji przy numerze %d"
 
-#: rfc2131.c:2805
+#: rfc2131.c:2810
 #, c-format
 msgid "%u reply delay: %d"
 msgstr ""
 
-#: netlink.c:93
+#: netlink.c:86
 #, c-format
 msgid "cannot create netlink socket: %s"
 msgstr "nie potrafię utworzyć połączenia netlink %s"
 
-#: netlink.c:377
+#: netlink.c:379
 #, c-format
 msgid "netlink returns error: %s"
 msgstr "wystąpił błąd w połączeniu netlink %s"
 
-#: dbus.c:434
+#: dbus.c:491
 #, c-format
 msgid "Enabling --%s option from D-Bus"
 msgstr "opcja --%s została właśnie aktywowana za pomocą D-Bus"
 
-#: dbus.c:439
+#: dbus.c:496
 #, c-format
 msgid "Disabling --%s option from D-Bus"
 msgstr "opcja --%s została właśnie dezaktywowana za pomocą D-Bus"
 
-#: dbus.c:713
+#: dbus.c:857
 msgid "setting upstream servers from DBus"
 msgstr "ustawiam adresy serwerów nadrzędnych na podstawie informacji odebranych z DBus"
 
-#: dbus.c:760
+#: dbus.c:907
 msgid "could not register a DBus message handler"
 msgstr "nie można zarejestrować uchwytu DBus"
 
@@ -2138,51 +2280,51 @@ msgstr "Nieznana wersja protokołu."
 msgid "lease() function missing in Lua script"
 msgstr "w skrypcie Lua brak funkcji lease()"
 
-#: tftp.c:349
+#: tftp.c:353
 msgid "unable to get free port for TFTP"
 msgstr "brak wolnego portu dla usługi TFTP"
 
-#: tftp.c:365
+#: tftp.c:369
 #, c-format
 msgid "unsupported request from %s"
 msgstr "nieobsługiwane żądanie od komputera %s"
 
-#: tftp.c:512
+#: tftp.c:520
 #, c-format
-msgid "file %s not found"
-msgstr "plik %s nie został znaleziony"
+msgid "file %s not found for %s"
+msgstr "plik %s nie został znaleziony dla %s"
 
-#: tftp.c:602
+#: tftp.c:609
 #, c-format
 msgid "ignoring packet from %s (TID mismatch)"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "failed sending %s to %s"
 msgstr "błąd wysyłania pliku %s do komputera %s"
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "sent %s to %s"
 msgstr "plik %s przesłano do %s"
 
-#: tftp.c:696
+#: tftp.c:712
 #, c-format
 msgid "error %d %s received from %s"
 msgstr "błąd %d %s odebrano od %s"
 
-#: log.c:190
+#: log.c:203
 #, c-format
 msgid "overflow: %d log entries lost"
 msgstr "przepełnienie: stracono %d wpisów do logów"
 
-#: log.c:268
+#: log.c:281
 #, c-format
 msgid "log failed: %s"
 msgstr "nie udało się zapisać komunikatów do %s"
 
-#: log.c:477
+#: log.c:490
 msgid "FAILED to start up"
 msgstr "BŁĄD: nie udało się uruchomić dnsmasq-a"
 
@@ -2191,17 +2333,17 @@ msgstr "BŁĄD: nie udało się uruchomić dnsmasq-a"
 msgid "Conntrack connection mark retrieval failed: %s"
 msgstr "Nie udało się odcztać znacznika połączenia (conntrack): %s"
 
-#: dhcp6.c:52
+#: dhcp6.c:51
 #, c-format
 msgid "cannot create DHCPv6 socket: %s"
 msgstr "nie udało się utworzyć gniazda dla DHCPv6: %s"
 
-#: dhcp6.c:73
+#: dhcp6.c:72
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
 msgstr "nie udało się ustawić SO_REUSE{ADDR|PORT} gniazda DHCPv6: %s"
 
-#: dhcp6.c:85
+#: dhcp6.c:84
 #, c-format
 msgid "failed to bind DHCPv6 server socket: %s"
 msgstr "dowiązywanie gniazda serwera DHCPv6 zakończone niepowodzeniem: %s"
@@ -2216,145 +2358,151 @@ msgstr "nie zdefiniowano zakresu adresów odpowiedniego dla żądania DHCPv6 prz
 msgid "no address range available for DHCPv6 request via %s"
 msgstr "nie zdefiniowano zakresu adresów odpowiedniego dla żądania DHCPv6 od %s"
 
-#: rfc3315.c:316
+#: rfc3315.c:317
 #, c-format
 msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr "%u dostępna podsieć DHCPv6: %s/%d"
 
-#: rfc3315.c:399
+#: rfc3315.c:400
 #, c-format
 msgid "%u vendor class: %u"
 msgstr "%u klasa dostawcy: %u"
 
-#: rfc3315.c:447
+#: rfc3315.c:448
 #, c-format
 msgid "%u client MAC address: %s"
 msgstr "adres MAC klienta %u: %s"
 
-#: rfc3315.c:762 rfc3315.c:859
+#: rfc3315.c:763 rfc3315.c:860
 msgid "address unavailable"
 msgstr "adres niedostępny"
 
-#: rfc3315.c:774 rfc3315.c:903 rfc3315.c:1272
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
 msgid "success"
 msgstr "udane"
 
-#: rfc3315.c:789 rfc3315.c:798 rfc3315.c:911 rfc3315.c:913 rfc3315.c:1047
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
 msgid "no addresses available"
 msgstr "brak wolnych adresów"
 
-#: rfc3315.c:890
+#: rfc3315.c:891
 msgid "not on link"
 msgstr "poza zasięgiem"
 
-#: rfc3315.c:979 rfc3315.c:1180 rfc3315.c:1261
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
 msgid "no binding found"
 msgstr "brak powiązania"
 
-#: rfc3315.c:1016
+#: rfc3315.c:1017
 msgid "deprecated"
 msgstr "przestarzały"
 
-#: rfc3315.c:1023
+#: rfc3315.c:1024
 msgid "address invalid"
 msgstr "niepoprawny adres"
 
-#: rfc3315.c:1081 rfc3315.c:1083
+#: rfc3315.c:1082 rfc3315.c:1084
 msgid "confirm failed"
 msgstr "brak potwierdzenia"
 
-#: rfc3315.c:1098
+#: rfc3315.c:1099
 msgid "all addresses still on link"
 msgstr "wszystkie adresy ciągle w użyciu"
 
-#: rfc3315.c:1189
+#: rfc3315.c:1190
 msgid "release received"
 msgstr "adres został zwolniony"
 
-#: rfc3315.c:2173
-msgid "Cannot multicast to DHCPv6 server without correct interface"
+#: rfc3315.c:2200
+#, fuzzy, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
 msgstr "Nie mogę rozesłać do serwerów DHCPv6 nie mając prawidłowego interfejsu"
 
-#: dhcp-common.c:154
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
+msgstr ""
+
+#: dhcp-common.c:187
 #, c-format
 msgid "Ignoring duplicate dhcp-option %d"
 msgstr "Pomijam powtórzoną dhcp-option %d"
 
-#: dhcp-common.c:231
+#: dhcp-common.c:264
 #, c-format
 msgid "%u tags: %s"
 msgstr "%u cechy: %s"
 
-#: dhcp-common.c:451
+#: dhcp-common.c:484
 #, c-format
 msgid "%s has more than one address in hostsfile, using %s for DHCP"
 msgstr "do komputera o nazwie %s pasuje więcej niż jeden adres, w odpowiedzi DHCP wysyłam %s"
 
-#: dhcp-common.c:485
+#: dhcp-common.c:518
 #, c-format
 msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr "powtórzenie adresu IP %s (%s) w opcji dhcp-config"
 
-#: dhcp-common.c:549
-#, c-format
-msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr "nie udało się ustawić SO_BINDTODEVICE gniazda DHCP: %s"
-
-#: dhcp-common.c:672
+#: dhcp-common.c:738
 #, c-format
 msgid "Known DHCP options:\n"
 msgstr "Znane opcje DHCP:\n"
 
-#: dhcp-common.c:683
+#: dhcp-common.c:749
 #, c-format
 msgid "Known DHCPv6 options:\n"
 msgstr "Rozpoznawane opcje DHCPv6:\n"
 
-#: dhcp-common.c:880
+#: dhcp-common.c:946
 msgid ", prefix deprecated"
 msgstr ", przestarzały prefiks"
 
-#: dhcp-common.c:883
+#: dhcp-common.c:949
 #, c-format
 msgid ", lease time "
 msgstr ", czas dzierżawy "
 
-#: dhcp-common.c:925
+#: dhcp-common.c:991
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
 msgstr "%s bezstanowy na %s%.0s%.0s%s"
 
-#: dhcp-common.c:927
+#: dhcp-common.c:993
 #, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
 msgstr "%s, wyłącznie statyczne dzierżawy na %.0s%s%s%.0s"
 
-#: dhcp-common.c:929
+#: dhcp-common.c:995
 #, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
 msgstr "%s, wykryto pośrednika na podsieci %.0s%s%.0s%.0s"
 
-#: dhcp-common.c:930
+#: dhcp-common.c:996
 #, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
 msgstr "%s, zakres IP %s -- %s%s%.0s"
 
-#: dhcp-common.c:943
+#: dhcp-common.c:1009
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
 msgstr "pochodzące z DHCPv4 nazwy IPv6 na %s%s"
 
-#: dhcp-common.c:946
+#: dhcp-common.c:1012
 #, c-format
 msgid "router advertisement on %s%s"
 msgstr "anonsowanie rutera na %s%s"
 
-#: dhcp-common.c:957
+#: dhcp-common.c:1043
+#, fuzzy, c-format
+msgid "DHCP relay from %s via %s"
+msgstr "przekazywanie DHCP z %s do %s"
+
+#: dhcp-common.c:1045
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
 msgstr "przekazywanie DHCP z %s do %s za pomocą %s"
 
-#: dhcp-common.c:959
+#: dhcp-common.c:1048
 #, c-format
 msgid "DHCP relay from %s to %s"
 msgstr "przekazywanie DHCP z %s do %s"
@@ -2364,7 +2512,7 @@ msgstr "przekazywanie DHCP z %s do %s"
 msgid "cannot create ICMPv6 socket: %s"
 msgstr "nie udało się utworzyć gniazda dla ICMPv6: %s"
 
-#: auth.c:464
+#: auth.c:462
 #, c-format
 msgid "ignoring zone transfer request from %s"
 msgstr "ignoruję żądanie transferu strefy od %s"
@@ -2477,14 +2625,14 @@ msgstr ""
 msgid "system time considered valid, now checking DNSSEC signature timestamps."
 msgstr "trwa sprawdzanie sygnatur czasowych podpisów DNSSEC"
 
-#: dnssec.c:1014
+#: dnssec.c:1018
 #, c-format
 msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
 msgstr ""
 
 #: blockdata.c:55
 #, fuzzy, c-format
-msgid "pool memory in use %u, max %u, allocated %u"
+msgid "pool memory in use %zu, max %zu, allocated %zu"
 msgstr "DNSSEC: zużycie pamięci %u, maks. %u, przydzielona %u"
 
 #: tables.c:61
@@ -2546,39 +2694,59 @@ msgstr "zbyt wiele odniesień począwszy od %s"
 msgid "directory %s for resolv-file is missing, cannot poll"
 msgstr "katalog %s z resolv-file nie istnieje - nie ma czego odpytywać"
 
-#: inotify.c:131 inotify.c:168
+#: inotify.c:131 inotify.c:200
 #, c-format
 msgid "failed to create inotify for %s: %s"
 msgstr "nie udało się utworzyć powiadamiania dla %s: %s"
 
-#: inotify.c:153
+#: inotify.c:178 inotify.c:185
 #, c-format
 msgid "bad dynamic directory %s: %s"
 msgstr "zły katalog dynamiczny %s: %s"
 
-#: inotify.c:257
+#: inotify.c:186
+#, fuzzy
+msgid "not a directory"
+msgstr "brak dostępu do katalogu %s: %s"
+
+#: inotify.c:299
 #, c-format
-msgid "inotify, new or changed file %s"
+msgid "inotify: %s removed"
+msgstr ""
+
+#: inotify.c:301
+#, fuzzy, c-format
+msgid "inotify: %s new or modified"
 msgstr "inotify: pojawił się lub uległ zmianie plik %s"
 
-#: dump.c:64
+#: inotify.c:309
+#, c-format
+msgid "inotify: flushed %u names read from %s"
+msgstr ""
+
+#: dump.c:68
 #, fuzzy, c-format
 msgid "cannot create %s: %s"
 msgstr "błąd odczytu z pliku %s: %s"
 
-#: dump.c:70
+#: dump.c:74
 #, fuzzy, c-format
 msgid "bad header in %s"
 msgstr "adres jest w użyciu"
 
-#: dump.c:205
+#: dump.c:287
 #, fuzzy
 msgid "failed to write packet dump"
 msgstr "wysyłanie pakietu nie powiodło się: %s"
 
-#: dump.c:207
+#: dump.c:289
 #, c-format
-msgid "dumping UDP packet %u mask 0x%04x"
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr ""
+
+#: dump.c:291
+#, c-format
+msgid "dumping packet %u mask 0x%04x"
 msgstr ""
 
 #: ubus.c:79
@@ -2612,6 +2780,15 @@ msgstr ""
 msgid "Failed to create SHA-256 hash object"
 msgstr ""
 
+#: nftset.c:35
+#, fuzzy
+msgid "failed to create nftset context"
+msgstr "nie powiodło się otwieranie gniazda sterującego IPset: %s"
+
+#, fuzzy
+#~ msgid "bad IPv4 prefix"
+#~ msgstr "zła maska"
+
 #, fuzzy
 #~ msgid "Cannot add object to UBus: %s"
 #~ msgstr "nie udało się otworzyć logu %s: %s"
diff --git a/po/pt_BR.po b/po/pt_BR.po
index a07a9ce..bf8111f 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -16,72 +16,77 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 
-#: cache.c:572
+#: cache.c:652
 msgid "Internal error in cache."
 msgstr ""
 
-#: cache.c:1094
+#: cache.c:1179
 #, c-format
 msgid "failed to load names from %s: %s"
 msgstr ""
 
-#: cache.c:1116 dhcp.c:931
+#: cache.c:1201 dhcp.c:943
 #, c-format
 msgid "bad address at %s line %d"
 msgstr ""
 
-#: cache.c:1169 dhcp.c:947
+#: cache.c:1254 dhcp.c:959
 #, c-format
 msgid "bad name at %s line %d"
 msgstr ""
 
-#: cache.c:1180 dhcp.c:1022
+#: cache.c:1265
 #, c-format
-msgid "read %s - %d addresses"
+msgid "read %s - %d names"
 msgstr ""
 
-#: cache.c:1296
+#: cache.c:1381
 msgid "cleared cache"
 msgstr ""
 
-#: cache.c:1358
+#: cache.c:1445
 #, c-format
 msgid "No IPv4 address found for %s"
 msgstr ""
 
-#: cache.c:1404
+#: cache.c:1491
 #, c-format
 msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
 msgstr ""
 
-#: cache.c:1428
+#: cache.c:1515
 #, c-format
 msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
 msgstr ""
 
-#: cache.c:1674
+#: cache.c:1760
 #, c-format
 msgid "time %lu"
 msgstr ""
 
-#: cache.c:1675
+#: cache.c:1761
 #, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
 msgstr ""
 
-#: cache.c:1677
+#: cache.c:1763
 #, c-format
 msgid "queries forwarded %u, queries answered locally %u"
 msgstr ""
 
-#: cache.c:1680
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
 #, c-format
 msgid "queries for authoritative zones %u"
 msgstr ""
 
-#: cache.c:1702
+#: cache.c:1796
 #, c-format
-msgid "server %s#%d: queries sent %u, retried or failed %u"
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
 msgstr ""
 
 #: util.c:51
@@ -89,1747 +94,1880 @@ msgstr ""
 msgid "failed to seed the random number generator: %s"
 msgstr ""
 
-#: util.c:228
+#: util.c:246
 msgid "failed to allocate memory"
 msgstr ""
 
-#: util.c:285 option.c:665
+#: util.c:305 option.c:696
 msgid "could not get memory"
 msgstr ""
 
-#: util.c:306
+#: util.c:326
 #, c-format
 msgid "cannot create pipe: %s"
 msgstr ""
 
-#: util.c:314
+#: util.c:334
 #, c-format
 msgid "failed to allocate %d bytes"
 msgstr ""
 
-#: util.c:520
+#: util.c:344
+#, c-format
+msgid "failed to reallocate %d bytes"
+msgstr ""
+
+#: util.c:465
+#, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr ""
+
+#: util.c:579
 #, c-format
 msgid "infinite"
 msgstr ""
 
-#: util.c:808
+#: util.c:867
 #, c-format
 msgid "failed to find kernel version: %s"
 msgstr ""
 
-#: option.c:372
+#: option.c:393
 msgid "Specify local address(es) to listen on."
 msgstr ""
 
-#: option.c:373
+#: option.c:394
 msgid "Return ipaddr for all hosts in specified domains."
 msgstr ""
 
-#: option.c:374
+#: option.c:395
 msgid "Fake reverse lookups for RFC1918 private address ranges."
 msgstr ""
 
-#: option.c:375
+#: option.c:396
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
 msgstr ""
 
-#: option.c:376
+#: option.c:397
 #, c-format
 msgid "Specify the size of the cache in entries (defaults to %s)."
 msgstr ""
 
-#: option.c:377
+#: option.c:398
 #, c-format
 msgid "Specify configuration file (defaults to %s)."
 msgstr ""
 
-#: option.c:378
+#: option.c:399
 msgid "Do NOT fork into the background: run in debug mode."
 msgstr ""
 
-#: option.c:379
+#: option.c:400
 msgid "Do NOT forward queries with no domain part."
 msgstr ""
 
-#: option.c:380
+#: option.c:401
 msgid "Return self-pointing MX records for local hosts."
 msgstr ""
 
-#: option.c:381
+#: option.c:402
 msgid "Expand simple names in /etc/hosts with domain-suffix."
 msgstr ""
 
-#: option.c:382
+#: option.c:403
 msgid "Don't forward spurious DNS requests from Windows hosts."
 msgstr ""
 
-#: option.c:383
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr ""
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr ""
+
+#: option.c:406
 msgid "Enable DHCP in the range given with lease duration."
 msgstr ""
 
-#: option.c:384
+#: option.c:407
 #, c-format
 msgid "Change to this group after startup (defaults to %s)."
 msgstr ""
 
-#: option.c:385
+#: option.c:408
 msgid "Set address or hostname for a specified machine."
 msgstr ""
 
-#: option.c:386
+#: option.c:409
 msgid "Read DHCP host specs from file."
 msgstr ""
 
-#: option.c:387
+#: option.c:410
 msgid "Read DHCP option specs from file."
 msgstr ""
 
-#: option.c:388
+#: option.c:411
 msgid "Read DHCP host specs from a directory."
 msgstr ""
 
-#: option.c:389
+#: option.c:412
 msgid "Read DHCP options from a directory."
 msgstr ""
 
-#: option.c:390
+#: option.c:413
 msgid "Evaluate conditional tag expression."
 msgstr ""
 
-#: option.c:391
+#: option.c:414
 #, c-format
 msgid "Do NOT load %s file."
 msgstr ""
 
-#: option.c:392
+#: option.c:415
 #, c-format
 msgid "Specify a hosts file to be read in addition to %s."
 msgstr ""
 
-#: option.c:393
+#: option.c:416
 msgid "Read hosts files from a directory."
 msgstr ""
 
-#: option.c:394
+#: option.c:417
 msgid "Specify interface(s) to listen on."
 msgstr ""
 
-#: option.c:395
+#: option.c:418
 msgid "Specify interface(s) NOT to listen on."
 msgstr ""
 
-#: option.c:396
+#: option.c:419
 msgid "Map DHCP user class to tag."
 msgstr ""
 
-#: option.c:397
+#: option.c:420
 msgid "Map RFC3046 circuit-id to tag."
 msgstr ""
 
-#: option.c:398
+#: option.c:421
 msgid "Map RFC3046 remote-id to tag."
 msgstr ""
 
-#: option.c:399
+#: option.c:422
 msgid "Map RFC3993 subscriber-id to tag."
 msgstr ""
 
-#: option.c:400
+#: option.c:423
 msgid "Specify vendor class to match for PXE requests."
 msgstr ""
 
-#: option.c:401
+#: option.c:424
 msgid "Don't do DHCP for hosts with tag set."
 msgstr ""
 
-#: option.c:402
+#: option.c:425
 msgid "Force broadcast replies for hosts with tag set."
 msgstr ""
 
-#: option.c:403
+#: option.c:426
 msgid "Do NOT fork into the background, do NOT run in debug mode."
 msgstr ""
 
-#: option.c:404
+#: option.c:427
 msgid "Assume we are the only DHCP server on the local network."
 msgstr ""
 
-#: option.c:405
+#: option.c:428
 #, c-format
 msgid "Specify where to store DHCP leases (defaults to %s)."
 msgstr ""
 
-#: option.c:406
+#: option.c:429
 msgid "Return MX records for local hosts."
 msgstr ""
 
-#: option.c:407
+#: option.c:430
 msgid "Specify an MX record."
 msgstr ""
 
-#: option.c:408
+#: option.c:431
 msgid "Specify BOOTP options to DHCP server."
 msgstr ""
 
-#: option.c:409
+#: option.c:432
 #, c-format
 msgid "Do NOT poll %s file, reload only on SIGHUP."
 msgstr ""
 
-#: option.c:410
+#: option.c:433
 msgid "Do NOT cache failed search results."
 msgstr ""
 
-#: option.c:411
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
+#: option.c:435
 #, c-format
 msgid "Use nameservers strictly in the order given in %s."
 msgstr ""
 
-#: option.c:412
+#: option.c:436
 msgid "Specify options to be sent to DHCP clients."
 msgstr ""
 
-#: option.c:413
+#: option.c:437
 msgid "DHCP option sent even if the client does not request it."
 msgstr ""
 
-#: option.c:414
+#: option.c:438
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
 msgstr ""
 
-#: option.c:415
+#: option.c:439
 #, c-format
 msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
 msgstr ""
 
-#: option.c:416
+#: option.c:440
 msgid "Log DNS queries."
 msgstr ""
 
-#: option.c:417
+#: option.c:441
 msgid "Force the originating port for upstream DNS queries."
 msgstr ""
 
-#: option.c:418
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
+#: option.c:443
 msgid "Do NOT read resolv.conf."
 msgstr ""
 
-#: option.c:419
+#: option.c:444
 #, c-format
 msgid "Specify path to resolv.conf (defaults to %s)."
 msgstr ""
 
-#: option.c:420
+#: option.c:445
 msgid "Specify path to file with server= options"
 msgstr ""
 
-#: option.c:421
+#: option.c:446
 msgid "Specify address(es) of upstream servers with optional domains."
 msgstr ""
 
-#: option.c:422
+#: option.c:447
 msgid "Specify address of upstream servers for reverse address queries"
 msgstr ""
 
-#: option.c:423
+#: option.c:448
 msgid "Never forward queries to specified domains."
 msgstr ""
 
-#: option.c:424
+#: option.c:449
 msgid "Specify the domain to be assigned in DHCP leases."
 msgstr ""
 
-#: option.c:425
+#: option.c:450
 msgid "Specify default target in an MX record."
 msgstr ""
 
-#: option.c:426
+#: option.c:451
 msgid "Specify time-to-live in seconds for replies from /etc/hosts."
 msgstr ""
 
-#: option.c:427
+#: option.c:452
 msgid "Specify time-to-live in seconds for negative caching."
 msgstr ""
 
-#: option.c:428
+#: option.c:453
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
 msgstr ""
 
-#: option.c:429
+#: option.c:454
 msgid "Specify time-to-live ceiling for cache."
 msgstr ""
 
-#: option.c:430
+#: option.c:455
 msgid "Specify time-to-live floor for cache."
 msgstr ""
 
-#: option.c:431
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
+#: option.c:457
 #, c-format
 msgid "Change to this user after startup. (defaults to %s)."
 msgstr ""
 
-#: option.c:432
+#: option.c:458
 msgid "Map DHCP vendor class to tag."
 msgstr ""
 
-#: option.c:433
+#: option.c:459
 msgid "Display dnsmasq version and copyright information."
 msgstr ""
 
-#: option.c:434
+#: option.c:460
 msgid "Translate IPv4 addresses from upstream servers."
 msgstr ""
 
-#: option.c:435
+#: option.c:461
 msgid "Specify a SRV record."
 msgstr ""
 
-#: option.c:436
+#: option.c:462
 msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
 msgstr ""
 
-#: option.c:437
+#: option.c:463
 #, c-format
 msgid "Specify path of PID file (defaults to %s)."
 msgstr ""
 
-#: option.c:438
+#: option.c:464
 #, c-format
 msgid "Specify maximum number of DHCP leases (defaults to %s)."
 msgstr ""
 
-#: option.c:439
+#: option.c:465
 msgid "Answer DNS queries based on the interface a query was sent to."
 msgstr ""
 
-#: option.c:440
+#: option.c:466
 msgid "Specify TXT DNS record."
 msgstr ""
 
-#: option.c:441
+#: option.c:467
 msgid "Specify PTR DNS record."
 msgstr ""
 
-#: option.c:442
+#: option.c:468
 msgid "Give DNS name to IPv4 address of interface."
 msgstr ""
 
-#: option.c:443
+#: option.c:469
 msgid "Bind only to interfaces in use."
 msgstr ""
 
-#: option.c:444
+#: option.c:470
 #, c-format
 msgid "Read DHCP static host information from %s."
 msgstr ""
 
-#: option.c:445
+#: option.c:471
 msgid "Enable the DBus interface for setting upstream servers, etc."
 msgstr ""
 
-#: option.c:446
+#: option.c:472
 msgid "Enable the UBus interface."
 msgstr ""
 
-#: option.c:447
+#: option.c:473
 msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr ""
 
-#: option.c:448
+#: option.c:474
 msgid "Enable dynamic address allocation for bootp."
 msgstr ""
 
-#: option.c:449
+#: option.c:475
 msgid "Map MAC address (with wildcards) to option set."
 msgstr ""
 
-#: option.c:450
+#: option.c:476
 msgid "Treat DHCP requests on aliases as arriving from interface."
 msgstr ""
 
-#: option.c:451
+#: option.c:477
 msgid "Specify extra networks sharing a broadcast domain for DHCP"
 msgstr ""
 
-#: option.c:452
+#: option.c:478
 msgid "Disable ICMP echo address checking in the DHCP server."
 msgstr ""
 
-#: option.c:453
+#: option.c:479
 msgid "Shell script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:454
+#: option.c:480
 msgid "Lua script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:455
+#: option.c:481
 msgid "Run lease-change scripts as this user."
 msgstr ""
 
-#: option.c:456
+#: option.c:482
 msgid "Call dhcp-script with changes to local ARP table."
 msgstr ""
 
-#: option.c:457
+#: option.c:483
 msgid "Read configuration from all the files in this directory."
 msgstr ""
 
-#: option.c:458
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr ""
+
+#: option.c:485
 msgid "Log to this syslog facility or file. (defaults to DAEMON)"
 msgstr ""
 
-#: option.c:459
+#: option.c:486
 msgid "Do not use leasefile."
 msgstr ""
 
-#: option.c:460
+#: option.c:487
 #, c-format
 msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
 msgstr ""
 
-#: option.c:461
+#: option.c:488
 #, c-format
 msgid "Clear DNS cache when reloading %s."
 msgstr ""
 
-#: option.c:462
+#: option.c:489
 msgid "Ignore hostnames provided by DHCP clients."
 msgstr ""
 
-#: option.c:463
+#: option.c:490
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
 msgstr ""
 
-#: option.c:464
+#: option.c:491
 msgid "Enable integrated read-only TFTP server."
 msgstr ""
 
-#: option.c:465
+#: option.c:492
 msgid "Export files by TFTP only from the specified subtree."
 msgstr ""
 
-#: option.c:466
+#: option.c:493
 msgid "Add client IP or hardware address to tftp-root."
 msgstr ""
 
-#: option.c:467
+#: option.c:494
 msgid "Allow access only to files owned by the user running dnsmasq."
 msgstr ""
 
-#: option.c:468
+#: option.c:495
 msgid "Do not terminate the service if TFTP directories are inaccessible."
 msgstr ""
 
-#: option.c:469
+#: option.c:496
 #, c-format
 msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
 msgstr ""
 
-#: option.c:470
+#: option.c:497
 msgid "Maximum MTU to use for TFTP transfers."
 msgstr ""
 
-#: option.c:471
+#: option.c:498
 msgid "Disable the TFTP blocksize extension."
 msgstr ""
 
-#: option.c:472
+#: option.c:499
 msgid "Convert TFTP filenames to lowercase"
 msgstr ""
 
-#: option.c:473
+#: option.c:500
 msgid "Ephemeral port range for use by TFTP transfers."
 msgstr ""
 
-#: option.c:474
+#: option.c:501
 msgid "Use only one port for TFTP server."
 msgstr ""
 
-#: option.c:475
+#: option.c:502
 msgid "Extra logging for DHCP."
 msgstr ""
 
-#: option.c:476
+#: option.c:503
 msgid "Enable async. logging; optionally set queue length."
 msgstr ""
 
-#: option.c:477
+#: option.c:504
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
 msgstr ""
 
-#: option.c:478
+#: option.c:505
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
 msgstr ""
 
-#: option.c:479
+#: option.c:506
 msgid "Inhibit DNS-rebind protection on this domain."
 msgstr ""
 
-#: option.c:480
+#: option.c:507
 msgid "Always perform DNS queries to all servers."
 msgstr ""
 
-#: option.c:481
+#: option.c:508
 msgid "Set tag if client includes matching option in request."
 msgstr ""
 
-#: option.c:482
+#: option.c:509
 msgid "Set tag if client provides given name."
 msgstr ""
 
-#: option.c:483
+#: option.c:510
 msgid "Use alternative ports for DHCP."
 msgstr ""
 
-#: option.c:484
+#: option.c:511
 msgid "Specify NAPTR DNS record."
 msgstr ""
 
-#: option.c:485
+#: option.c:512
 msgid "Specify lowest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:486
+#: option.c:513
 msgid "Specify highest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:487
+#: option.c:514
 msgid "Use only fully qualified domain names for DHCP clients."
 msgstr ""
 
-#: option.c:488
+#: option.c:515
 msgid "Generate hostnames based on MAC address for nameless clients."
 msgstr ""
 
-#: option.c:489
+#: option.c:516
 msgid "Use these DHCP relays as full proxies."
 msgstr ""
 
-#: option.c:490
+#: option.c:517
 msgid "Relay DHCP requests to a remote server"
 msgstr ""
 
-#: option.c:491
+#: option.c:518
 msgid "Specify alias name for LOCAL DNS name."
 msgstr ""
 
-#: option.c:492
+#: option.c:519
 msgid "Prompt to send to PXE clients."
 msgstr ""
 
-#: option.c:493
+#: option.c:520
 msgid "Boot service for PXE menu."
 msgstr ""
 
-#: option.c:494
+#: option.c:521
 msgid "Check configuration syntax."
 msgstr ""
 
-#: option.c:495
+#: option.c:522
 msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr ""
 
-#: option.c:496
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr ""
+
+#: option.c:524
 msgid "Add specified IP subnet to forwarded DNS queries."
 msgstr ""
 
-#: option.c:497
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr ""
+
+#: option.c:526
 msgid "Add client identification to forwarded DNS queries."
 msgstr ""
 
-#: option.c:498
+#: option.c:527
 msgid "Proxy DNSSEC validation results from upstream nameservers."
 msgstr ""
 
-#: option.c:499
+#: option.c:528
 msgid "Attempt to allocate sequential IP addresses to DHCP clients."
 msgstr ""
 
-#: option.c:500
+#: option.c:529
 msgid "Ignore client identifier option sent by DHCP clients."
 msgstr ""
 
-#: option.c:501
+#: option.c:530
 msgid "Copy connection-track mark from queries to upstream connections."
 msgstr ""
 
-#: option.c:502
+#: option.c:531
 msgid "Allow DHCP clients to do their own DDNS updates."
 msgstr ""
 
-#: option.c:503
+#: option.c:532
 msgid "Send router-advertisements for interfaces doing DHCPv6"
 msgstr ""
 
-#: option.c:504
+#: option.c:533
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
 msgstr ""
 
-#: option.c:505
+#: option.c:534
 msgid "Specify host (A/AAAA and PTR) records"
 msgstr ""
 
-#: option.c:506
+#: option.c:535
 msgid "Specify host record in interface subnet"
 msgstr ""
 
-#: option.c:507
+#: option.c:536
 msgid "Specify certification authority authorization record"
 msgstr ""
 
-#: option.c:508
+#: option.c:537
 msgid "Specify arbitrary DNS resource record"
 msgstr ""
 
-#: option.c:509
+#: option.c:538
 msgid "Bind to interfaces in use - check for new interfaces"
 msgstr ""
 
-#: option.c:510
+#: option.c:539
 msgid "Export local names to global DNS"
 msgstr ""
 
-#: option.c:511
+#: option.c:540
 msgid "Domain to export to global DNS"
 msgstr ""
 
-#: option.c:512
+#: option.c:541
 msgid "Set TTL for authoritative replies"
 msgstr ""
 
-#: option.c:513
+#: option.c:542
 msgid "Set authoritative zone information"
 msgstr ""
 
-#: option.c:514
+#: option.c:543
 msgid "Secondary authoritative nameservers for forward domains"
 msgstr ""
 
-#: option.c:515
+#: option.c:544
 msgid "Peers which are allowed to do zone transfer"
 msgstr ""
 
-#: option.c:516
+#: option.c:545
 msgid "Specify ipsets to which matching domains should be added"
 msgstr ""
 
-#: option.c:517
+#: option.c:546
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr ""
+
+#: option.c:547
 msgid "Enable filtering of DNS queries with connection-track marks."
 msgstr ""
 
-#: option.c:518
+#: option.c:548
 msgid "Set allowed DNS patterns for a connection-track mark."
 msgstr ""
 
-#: option.c:519
+#: option.c:549
 msgid "Specify a domain and address range for synthesised names"
 msgstr ""
 
-#: option.c:520
+#: option.c:550
 msgid "Activate DNSSEC validation"
 msgstr ""
 
-#: option.c:521
+#: option.c:551
 msgid "Specify trust anchor key digest."
 msgstr ""
 
-#: option.c:522
+#: option.c:552
 msgid "Disable upstream checking for DNSSEC debugging."
 msgstr ""
 
-#: option.c:523
+#: option.c:553
 msgid "Ensure answers without DNSSEC are in unsigned zones."
 msgstr ""
 
-#: option.c:524
+#: option.c:554
 msgid "Don't check DNSSEC signature timestamps until first cache-reload"
 msgstr ""
 
-#: option.c:525
+#: option.c:555
 msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr ""
 
-#: option.c:526
+#: option.c:556
 msgid "Set MTU, priority, resend-interval and router-lifetime"
 msgstr ""
 
-#: option.c:527
+#: option.c:557
 msgid "Do not log routine DHCP."
 msgstr ""
 
-#: option.c:528
+#: option.c:558
 msgid "Do not log routine DHCPv6."
 msgstr ""
 
-#: option.c:529
+#: option.c:559
 msgid "Do not log RA."
 msgstr ""
 
-#: option.c:530
+#: option.c:560
 msgid "Log debugging information."
 msgstr ""
 
-#: option.c:531
+#: option.c:561
 msgid "Accept queries only from directly-connected networks."
 msgstr ""
 
-#: option.c:532
+#: option.c:562
 msgid "Detect and remove DNS forwarding loops."
 msgstr ""
 
-#: option.c:533
+#: option.c:563
 msgid "Ignore DNS responses containing ipaddr."
 msgstr ""
 
-#: option.c:534
+#: option.c:564
 msgid "Set TTL in DNS responses with DHCP-derived addresses."
 msgstr ""
 
-#: option.c:535
+#: option.c:565
 msgid "Delay DHCP replies for at least number of seconds."
 msgstr ""
 
-#: option.c:536
+#: option.c:566
 msgid "Enables DHCPv4 Rapid Commit option."
 msgstr ""
 
-#: option.c:537
+#: option.c:567
 msgid "Path to debug packet dump file"
 msgstr ""
 
-#: option.c:538
+#: option.c:568
 msgid "Mask which packets to dump"
 msgstr ""
 
-#: option.c:539
+#: option.c:569
 msgid "Call dhcp-script when lease expiry changes."
 msgstr ""
 
-#: option.c:540
+#: option.c:570
 msgid "Send Cisco Umbrella identifiers including remote IP."
 msgstr ""
 
-#: option.c:541
+#: option.c:571
 msgid "Do not log routine TFTP."
 msgstr ""
 
-#: option.c:771
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
+#: option.c:802
 #, c-format
 msgid ""
 "Usage: dnsmasq [options]\n"
 "\n"
 msgstr ""
 
-#: option.c:773
+#: option.c:804
 #, c-format
 msgid "Use short options only on the command line.\n"
 msgstr ""
 
-#: option.c:775
+#: option.c:806
 #, c-format
 msgid "Valid options are:\n"
 msgstr ""
 
-#: option.c:822 option.c:933
+#: option.c:853 option.c:1055
 msgid "bad address"
 msgstr ""
 
-#: option.c:847 option.c:851
+#: option.c:882 option.c:886
 msgid "bad port"
 msgstr ""
 
-#: option.c:864 option.c:893 option.c:927
+#: option.c:899 option.c:1002 option.c:1048
 msgid "interface binding not supported"
 msgstr ""
 
-#: option.c:888 option.c:922
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
 msgid "interface can only be specified once"
 msgstr ""
 
-#: option.c:901 option.c:4362
+#: option.c:1011 option.c:4785
 msgid "bad interface name"
 msgstr ""
 
-#: option.c:1192
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
+msgstr ""
+
+#: option.c:1124
+msgid "bad IPv4 prefix length"
+msgstr ""
+
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr ""
+
+#: option.c:1207
+msgid "bad IPv6 prefix length"
+msgstr ""
+
+#: option.c:1467
 msgid "inappropriate vendor:"
 msgstr ""
 
-#: option.c:1199
+#: option.c:1474
 msgid "inappropriate encap:"
 msgstr ""
 
-#: option.c:1225
+#: option.c:1500
 msgid "unsupported encapsulation for IPv6 option"
 msgstr ""
 
-#: option.c:1239
+#: option.c:1514
 msgid "bad dhcp-option"
 msgstr ""
 
-#: option.c:1317
+#: option.c:1592
 msgid "bad IP address"
 msgstr ""
 
-#: option.c:1320 option.c:1459 option.c:3551
+#: option.c:1595 option.c:1734 option.c:3928
 msgid "bad IPv6 address"
 msgstr ""
 
-#: option.c:1413
+#: option.c:1688
 msgid "bad IPv4 address"
 msgstr ""
 
-#: option.c:1486 option.c:1581
+#: option.c:1761 option.c:1856
 msgid "bad domain in dhcp-option"
 msgstr ""
 
-#: option.c:1625
+#: option.c:1900
 msgid "dhcp-option too long"
 msgstr ""
 
-#: option.c:1632
+#: option.c:1907
 msgid "illegal dhcp-match"
 msgstr ""
 
-#: option.c:1691
+#: option.c:1966
 msgid "illegal repeated flag"
 msgstr ""
 
-#: option.c:1699
+#: option.c:1974
 msgid "illegal repeated keyword"
 msgstr ""
 
-#: option.c:1770 option.c:5080
+#: option.c:2056 option.c:5533
 #, c-format
 msgid "cannot access directory %s: %s"
 msgstr ""
 
-#: option.c:1816 tftp.c:566 dump.c:68
+#: option.c:2102 tftp.c:573 dump.c:72
 #, c-format
 msgid "cannot access %s: %s"
 msgstr ""
 
-#: option.c:1931
+#: option.c:2219
 msgid "setting log facility is not possible under Android"
 msgstr ""
 
-#: option.c:1940
+#: option.c:2228
 msgid "bad log facility"
 msgstr ""
 
-#: option.c:1993
+#: option.c:2281
 msgid "bad MX preference"
 msgstr ""
 
-#: option.c:1998
+#: option.c:2289
 msgid "bad MX name"
 msgstr ""
 
-#: option.c:2012
+#: option.c:2304
 msgid "bad MX target"
 msgstr ""
 
-#: option.c:2032
+#: option.c:2324
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
 msgstr ""
 
-#: option.c:2036
+#: option.c:2328
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
 msgstr ""
 
-#: option.c:2291 option.c:2327
+#: option.c:2447
+msgid "invalid auth-zone"
+msgstr ""
+
+#: option.c:2589 option.c:2621
 msgid "bad prefix length"
 msgstr ""
 
-#: option.c:2303 option.c:2348 option.c:2398
+#: option.c:2601 option.c:2642 option.c:2696
 msgid "bad prefix"
 msgstr ""
 
-#: option.c:2418
+#: option.c:2716
 msgid "prefix length too small"
 msgstr ""
 
-#: option.c:2697
+#: option.c:3010
 msgid "Bad address in --address"
 msgstr ""
 
-#: option.c:2751
-msgid "bad IPv4 prefix"
-msgstr ""
-
-#: option.c:2756 option.c:3569
-msgid "bad IPv6 prefix"
+#: option.c:3110
+msgid "recompile with HAVE_IPSET defined to enable ipset directives"
 msgstr ""
 
-#: option.c:2777
-msgid "recompile with HAVE_IPSET defined to enable ipset directives"
+#: option.c:3117
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
 msgstr ""
 
-#: option.c:2843 option.c:2861
+#: option.c:3192 option.c:3210
 msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
 msgstr ""
 
-#: option.c:3119
+#: option.c:3496
 msgid "bad port range"
 msgstr ""
 
-#: option.c:3145
+#: option.c:3522
 msgid "bad bridge-interface"
 msgstr ""
 
-#: option.c:3189
+#: option.c:3566
 msgid "bad shared-network"
 msgstr ""
 
-#: option.c:3243
+#: option.c:3620
 msgid "only one tag allowed"
 msgstr ""
 
-#: option.c:3264 option.c:3280 option.c:3406 option.c:3414 option.c:3457
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
 msgid "bad dhcp-range"
 msgstr ""
 
-#: option.c:3298
+#: option.c:3675
 msgid "inconsistent DHCP range"
 msgstr ""
 
-#: option.c:3364
+#: option.c:3741
 msgid "prefix length must be exactly 64 for RA subnets"
 msgstr ""
 
-#: option.c:3366
+#: option.c:3743
 msgid "prefix length must be exactly 64 for subnet constructors"
 msgstr ""
 
-#: option.c:3369
+#: option.c:3746
 msgid "prefix length must be at least 64"
 msgstr ""
 
-#: option.c:3372
+#: option.c:3749
 msgid "inconsistent DHCPv6 range"
 msgstr ""
 
-#: option.c:3391
+#: option.c:3768
 msgid "prefix must be zero with \"constructor:\" argument"
 msgstr ""
 
-#: option.c:3516 option.c:3594
+#: option.c:3893 option.c:3971
 msgid "bad hex constant"
 msgstr ""
 
-#: option.c:3617
+#: option.c:3946
+msgid "bad IPv6 prefix"
+msgstr ""
+
+#: option.c:3994
 #, c-format
 msgid "duplicate dhcp-host IP address %s"
 msgstr ""
 
-#: option.c:3678
+#: option.c:4056
 msgid "bad DHCP host name"
 msgstr ""
 
-#: option.c:3764
+#: option.c:4142
 msgid "bad tag-if"
 msgstr ""
 
-#: option.c:4107 option.c:4623
+#: option.c:4490 option.c:5046
 msgid "invalid port number"
 msgstr ""
 
-#: option.c:4163
+#: option.c:4546
 msgid "bad dhcp-proxy address"
 msgstr ""
 
-#: option.c:4204
+#: option.c:4627
 msgid "Bad dhcp-relay"
 msgstr ""
 
-#: option.c:4248
+#: option.c:4671
 msgid "bad RA-params"
 msgstr ""
 
-#: option.c:4258
+#: option.c:4681
 msgid "bad DUID"
 msgstr ""
 
-#: option.c:4292
+#: option.c:4715
 msgid "missing address in alias"
 msgstr ""
 
-#: option.c:4298
+#: option.c:4721
 msgid "invalid alias range"
 msgstr ""
 
-#: option.c:4347
+#: option.c:4770
 msgid "missing address in dynamic host"
 msgstr ""
 
-#: option.c:4362
+#: option.c:4785
 msgid "bad dynamic host"
 msgstr ""
 
-#: option.c:4380 option.c:4396
+#: option.c:4803 option.c:4819
 msgid "bad CNAME"
 msgstr ""
 
-#: option.c:4404
+#: option.c:4827
 msgid "duplicate CNAME"
 msgstr ""
 
-#: option.c:4431
+#: option.c:4854
 msgid "bad PTR record"
 msgstr ""
 
-#: option.c:4466
+#: option.c:4889
 msgid "bad NAPTR record"
 msgstr ""
 
-#: option.c:4502
+#: option.c:4925
 msgid "bad RR record"
 msgstr ""
 
-#: option.c:4535
+#: option.c:4958
 msgid "bad CAA record"
 msgstr ""
 
-#: option.c:4564
+#: option.c:4987
 msgid "bad TXT record"
 msgstr ""
 
-#: option.c:4607
+#: option.c:5030
 msgid "bad SRV record"
 msgstr ""
 
-#: option.c:4614
+#: option.c:5037
 msgid "bad SRV target"
 msgstr ""
 
-#: option.c:4633
+#: option.c:5056
 msgid "invalid priority"
 msgstr ""
 
-#: option.c:4638
+#: option.c:5061
 msgid "invalid weight"
 msgstr ""
 
-#: option.c:4661
+#: option.c:5084
 msgid "Bad host-record"
 msgstr ""
 
-#: option.c:4700
+#: option.c:5123
 msgid "Bad name in host-record"
 msgstr ""
 
-#: option.c:4742
+#: option.c:5165
 msgid "bad value for dnssec-check-unsigned"
 msgstr ""
 
-#: option.c:4778
+#: option.c:5201
 msgid "bad trust anchor"
 msgstr ""
 
-#: option.c:4794
+#: option.c:5217
 msgid "bad HEX in trust anchor"
 msgstr ""
 
-#: option.c:4805
+#: option.c:5228
 msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
 msgstr ""
 
-#: option.c:4865
+#: option.c:5290
 msgid "missing \""
 msgstr ""
 
-#: option.c:4922
+#: option.c:5347
 msgid "bad option"
 msgstr ""
 
-#: option.c:4924
+#: option.c:5349
 msgid "extraneous parameter"
 msgstr ""
 
-#: option.c:4926
+#: option.c:5351
 msgid "missing parameter"
 msgstr ""
 
-#: option.c:4928
+#: option.c:5353
 msgid "illegal option"
 msgstr ""
 
-#: option.c:4935
-msgid "error"
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
 msgstr ""
 
-#: option.c:4937
+#: option.c:5365
 #, c-format
 msgid " at line %d of %s"
 msgstr ""
 
-#: option.c:4952 option.c:5229 option.c:5240
+#: option.c:5380 option.c:5683 option.c:5694
 #, c-format
 msgid "read %s"
 msgstr ""
 
-#: option.c:5015 option.c:5162 tftp.c:775
+#: option.c:5446
+#, c-format
+msgid "cannot execute %s: %s"
+msgstr ""
+
+#: option.c:5454 option.c:5615 tftp.c:790
 #, c-format
 msgid "cannot read %s: %s"
 msgstr ""
 
-#: option.c:5316
+#: option.c:5473
+#, c-format
+msgid "error executing %s: %s"
+msgstr ""
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr ""
+
+#: option.c:5775
 msgid "junk found in command line"
 msgstr ""
 
-#: option.c:5356
+#: option.c:5815
 #, c-format
 msgid "Dnsmasq version %s  %s\n"
 msgstr ""
 
-#: option.c:5357
+#: option.c:5816
 #, c-format
 msgid ""
 "Compile time options: %s\n"
 "\n"
 msgstr ""
 
-#: option.c:5358
+#: option.c:5817
 #, c-format
 msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
 msgstr ""
 
-#: option.c:5359
+#: option.c:5818
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
 msgstr ""
 
-#: option.c:5360
+#: option.c:5819
 #, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
 msgstr ""
 
-#: option.c:5377
+#: option.c:5836
 msgid "try --help"
 msgstr ""
 
-#: option.c:5379
+#: option.c:5838
 msgid "try -w"
 msgstr ""
 
-#: option.c:5381
+#: option.c:5840
 #, c-format
 msgid "bad command line options: %s"
 msgstr ""
 
-#: option.c:5450
+#: option.c:5909
 #, c-format
 msgid "CNAME loop involving %s"
 msgstr ""
 
-#: option.c:5491
+#: option.c:5950
 #, c-format
 msgid "cannot get host-name: %s"
 msgstr ""
 
-#: option.c:5519
+#: option.c:5978
 msgid "only one resolv.conf file allowed in no-poll mode."
 msgstr ""
 
-#: option.c:5529
+#: option.c:5988
 msgid "must have exactly one resolv.conf to read domain from."
 msgstr ""
 
-#: option.c:5532 network.c:1670 dhcp.c:880
+#: option.c:5991 network.c:1727 dhcp.c:892
 #, c-format
 msgid "failed to read %s: %s"
 msgstr ""
 
-#: option.c:5549
+#: option.c:6008
 #, c-format
 msgid "no search directive found in %s"
 msgstr ""
 
-#: option.c:5570
+#: option.c:6029
 msgid "there must be a default domain when --dhcp-fqdn is set"
 msgstr ""
 
-#: option.c:5579
+#: option.c:6038
 msgid "syntax check OK"
 msgstr ""
 
-#: forward.c:104
+#: forward.c:107
 #, c-format
 msgid "failed to send packet: %s"
 msgstr ""
 
-#: forward.c:601
+#: forward.c:715
 msgid "discarding DNS reply: subnet option mismatch"
 msgstr ""
 
-#: forward.c:666
+#: forward.c:780
 #, c-format
 msgid "nameserver %s refused to do a recursive query"
 msgstr ""
 
-#: forward.c:702
+#: forward.c:826
 #, c-format
 msgid "possible DNS-rebind attack detected: %s"
 msgstr ""
 
-#: forward.c:1074
+#: forward.c:1239
 #, c-format
 msgid "reducing DNS packet size for nameserver %s to %d"
 msgstr ""
 
-#: forward.c:1381 forward.c:1910
-msgid "Ignoring query from non-local network"
+#: forward.c:1565
+#, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
+msgstr ""
+
+#: forward.c:2139
+#, c-format
+msgid "ignoring query from non-local network %s"
 msgstr ""
 
-#: forward.c:2198
+#: forward.c:2501
 #, c-format
 msgid "failed to bind server socket to %s: %s"
 msgstr ""
 
-#: forward.c:2494
+#: forward.c:2867
 #, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
 msgstr ""
 
-#: forward.c:2496
+#: forward.c:2869
 #, c-format
 msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
 msgstr ""
 
-#: network.c:670
+#: network.c:700
 #, c-format
 msgid "stopped listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:867
+#: network.c:911
 #, c-format
 msgid "failed to create listening socket for %s: %s"
 msgstr ""
 
-#: network.c:1148
+#: network.c:1192
 #, c-format
 msgid "listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:1175
+#: network.c:1219
 #, c-format
 msgid "listening on %s port %d"
 msgstr ""
 
-#: network.c:1208
+#: network.c:1252
 #, c-format
 msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
 msgstr ""
 
-#: network.c:1215
+#: network.c:1259
 msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
 msgstr ""
 
-#: network.c:1224
+#: network.c:1268
 #, c-format
 msgid "warning: using interface %s instead"
 msgstr ""
 
-#: network.c:1233
+#: network.c:1277
 #, c-format
 msgid "warning: no addresses found for interface %s"
 msgstr ""
 
-#: network.c:1291
+#: network.c:1335
 #, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
 msgstr ""
 
-#: network.c:1296
+#: network.c:1340
 msgid "try increasing /proc/sys/net/core/optmem_max"
 msgstr ""
 
-#: network.c:1492
+#: network.c:1545
 #, c-format
 msgid "failed to bind server socket for %s: %s"
 msgstr ""
 
-#: network.c:1569
+#: network.c:1622
 #, c-format
 msgid "ignoring nameserver %s - local interface"
 msgstr ""
 
-#: network.c:1580
+#: network.c:1633
 #, c-format
 msgid "ignoring nameserver %s - cannot make/bind socket: %s"
 msgstr ""
 
-#: network.c:1598
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr ""
+
+#: network.c:1654
 msgid "(no DNSSEC)"
 msgstr ""
 
-#: network.c:1601
+#: network.c:1657
 msgid "unqualified"
 msgstr ""
 
-#: network.c:1601
+#: network.c:1657
 msgid "names"
 msgstr ""
 
-#: network.c:1603
+#: network.c:1659
 msgid "default"
 msgstr ""
 
-#: network.c:1605
+#: network.c:1661
 msgid "domain"
 msgstr ""
 
-#: network.c:1607
+#: network.c:1663
 #, c-format
 msgid "using nameserver %s#%d for %s %s%s %s"
 msgstr ""
 
-#: network.c:1611
+#: network.c:1667
 #, c-format
 msgid "NOT using nameserver %s#%d - query loop detected"
 msgstr ""
 
-#: network.c:1614
+#: network.c:1670
 #, c-format
 msgid "using nameserver %s#%d(via %s)"
 msgstr ""
 
-#: network.c:1616
+#: network.c:1672
 #, c-format
 msgid "using nameserver %s#%d"
 msgstr ""
 
-#: network.c:1630
+#: network.c:1687
 #, c-format
 msgid "using only locally-known addresses for %s"
 msgstr ""
 
-#: network.c:1633
+#: network.c:1690
 #, c-format
 msgid "using standard nameservers for %s"
 msgstr ""
 
-#: network.c:1637
+#: network.c:1694
 #, c-format
 msgid "using %d more local addresses"
 msgstr ""
 
-#: network.c:1639
+#: network.c:1696
 #, c-format
 msgid "using %d more nameservers"
 msgstr ""
 
-#: dnsmasq.c:184
+#: dnsmasq.c:192
 msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
 msgstr ""
 
-#: dnsmasq.c:199
+#: dnsmasq.c:207
 msgid "no root trust anchor provided for DNSSEC"
 msgstr ""
 
-#: dnsmasq.c:202
+#: dnsmasq.c:210
 msgid "cannot reduce cache size from default when DNSSEC enabled"
 msgstr ""
 
-#: dnsmasq.c:204
+#: dnsmasq.c:212
 msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:210
+#: dnsmasq.c:218
 msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:217
+#: dnsmasq.c:225
 msgid "cannot use --conntrack AND --query-port"
 msgstr ""
 
-#: dnsmasq.c:223
+#: dnsmasq.c:231
 msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:228
+#: dnsmasq.c:236
 msgid "asynchronous logging is not available under Solaris"
 msgstr ""
 
-#: dnsmasq.c:233
+#: dnsmasq.c:241
 msgid "asynchronous logging is not available under Android"
 msgstr ""
 
-#: dnsmasq.c:238
+#: dnsmasq.c:246
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:243
+#: dnsmasq.c:251
 msgid "loop detection not available: set HAVE_LOOP in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:248
+#: dnsmasq.c:256
 msgid "Ubus not available: set HAVE_UBUS in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:259
+#: dnsmasq.c:267
 msgid "max_port cannot be smaller than min_port"
 msgstr ""
 
-#: dnsmasq.c:266
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
 msgid "--auth-server required when an auth zone is defined."
 msgstr ""
 
-#: dnsmasq.c:271
+#: dnsmasq.c:283
 msgid "zone serial must be configured in --auth-soa"
 msgstr ""
 
-#: dnsmasq.c:291
+#: dnsmasq.c:303
 msgid "dhcp-range constructor not available on this platform"
 msgstr ""
 
-#: dnsmasq.c:355
+#: dnsmasq.c:377
 msgid "cannot set --bind-interfaces and --bind-dynamic"
 msgstr ""
 
-#: dnsmasq.c:358
+#: dnsmasq.c:380
 #, c-format
 msgid "failed to find list of interfaces: %s"
 msgstr ""
 
-#: dnsmasq.c:367
+#: dnsmasq.c:389
 #, c-format
 msgid "unknown interface %s"
 msgstr ""
 
-#: dnsmasq.c:437
+#: dnsmasq.c:396
+#, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr ""
+
+#: dnsmasq.c:440
 msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:445 dnsmasq.c:1207
+#: dnsmasq.c:448 dnsmasq.c:1232
 #, c-format
 msgid "DBus error: %s"
 msgstr ""
 
-#: dnsmasq.c:448
+#: dnsmasq.c:451
 msgid "DBus not available: set HAVE_DBUS in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:456 dnsmasq.c:1228
+#: dnsmasq.c:459 dnsmasq.c:1253
 #, c-format
 msgid "UBus error: %s"
 msgstr ""
 
-#: dnsmasq.c:459
+#: dnsmasq.c:462
 msgid "UBus not available: set HAVE_UBUS in src/config.h"
 msgstr ""
 
-#: dnsmasq.c:489
+#: dnsmasq.c:492
 #, c-format
 msgid "unknown user or group: %s"
 msgstr ""
 
-#: dnsmasq.c:565
+#: dnsmasq.c:568
 #, c-format
 msgid "process is missing required capability %s"
 msgstr ""
 
-#: dnsmasq.c:597
+#: dnsmasq.c:600
 #, c-format
 msgid "cannot chdir to filesystem root: %s"
 msgstr ""
 
-#: dnsmasq.c:845
+#: dnsmasq.c:852
 #, c-format
 msgid "started, version %s DNS disabled"
 msgstr ""
 
-#: dnsmasq.c:850
+#: dnsmasq.c:857
 #, c-format
 msgid "started, version %s cachesize %d"
 msgstr ""
 
-#: dnsmasq.c:852
+#: dnsmasq.c:859
 msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
 msgstr ""
 
-#: dnsmasq.c:855
+#: dnsmasq.c:862
 #, c-format
 msgid "started, version %s cache disabled"
 msgstr ""
 
-#: dnsmasq.c:858
+#: dnsmasq.c:865
 msgid "DNS service limited to local subnets"
 msgstr ""
 
-#: dnsmasq.c:861
+#: dnsmasq.c:868
 #, c-format
 msgid "compile time options: %s"
 msgstr ""
 
-#: dnsmasq.c:870
+#: dnsmasq.c:877
 msgid "DBus support enabled: connected to system bus"
 msgstr ""
 
-#: dnsmasq.c:872
+#: dnsmasq.c:879
 msgid "DBus support enabled: bus connection pending"
 msgstr ""
 
-#: dnsmasq.c:880
+#: dnsmasq.c:887
 msgid "UBus support enabled: connected to system bus"
 msgstr ""
 
-#: dnsmasq.c:882
+#: dnsmasq.c:889
 msgid "UBus support enabled: bus connection pending"
 msgstr ""
 
-#: dnsmasq.c:902
+#: dnsmasq.c:909
 msgid "DNSSEC validation enabled but all unsigned answers are trusted"
 msgstr ""
 
-#: dnsmasq.c:904
+#: dnsmasq.c:911
 msgid "DNSSEC validation enabled"
 msgstr ""
 
-#: dnsmasq.c:908
+#: dnsmasq.c:915
 msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
 msgstr ""
 
-#: dnsmasq.c:911
+#: dnsmasq.c:918
 msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr ""
 
-#: dnsmasq.c:914
+#: dnsmasq.c:921
 #, c-format
 msgid "configured with trust anchor for %s keytag %u"
 msgstr ""
 
-#: dnsmasq.c:920
+#: dnsmasq.c:927
 #, c-format
 msgid "warning: failed to change owner of %s: %s"
 msgstr ""
 
-#: dnsmasq.c:924
+#: dnsmasq.c:932
 msgid "setting --bind-interfaces option because of OS limitations"
 msgstr ""
 
-#: dnsmasq.c:936
+#: dnsmasq.c:945
 #, c-format
 msgid "warning: interface %s does not currently exist"
 msgstr ""
 
-#: dnsmasq.c:941
+#: dnsmasq.c:950
 msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr ""
 
-#: dnsmasq.c:944
+#: dnsmasq.c:953
 msgid "warning: no upstream servers configured"
 msgstr ""
 
-#: dnsmasq.c:948
+#: dnsmasq.c:957
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
 msgstr ""
 
-#: dnsmasq.c:969
+#: dnsmasq.c:978
 msgid "IPv6 router advertisement enabled"
 msgstr ""
 
-#: dnsmasq.c:974
+#: dnsmasq.c:983
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "root is "
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "enabled"
 msgstr ""
 
-#: dnsmasq.c:993
+#: dnsmasq.c:1002
 msgid "secure mode"
 msgstr ""
 
-#: dnsmasq.c:994
+#: dnsmasq.c:1003
 msgid "single port mode"
 msgstr ""
 
-#: dnsmasq.c:997
+#: dnsmasq.c:1006
 #, c-format
 msgid "warning: %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1001
+#: dnsmasq.c:1010
 #, c-format
 msgid "warning: TFTP directory %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1027
+#: dnsmasq.c:1036
 #, c-format
 msgid "restricting maximum simultaneous TFTP transfers to %d"
 msgstr ""
 
-#: dnsmasq.c:1204
+#: dnsmasq.c:1095
+#, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr ""
+
+#: dnsmasq.c:1229
 msgid "connected to system DBus"
 msgstr ""
 
-#: dnsmasq.c:1225
+#: dnsmasq.c:1250
 msgid "connected to system UBus"
 msgstr ""
 
-#: dnsmasq.c:1391
+#: dnsmasq.c:1416
 #, c-format
 msgid "cannot fork into background: %s"
 msgstr ""
 
-#: dnsmasq.c:1395
+#: dnsmasq.c:1420
 #, c-format
 msgid "failed to create helper: %s"
 msgstr ""
 
-#: dnsmasq.c:1399
+#: dnsmasq.c:1424
 #, c-format
 msgid "setting capabilities failed: %s"
 msgstr ""
 
-#: dnsmasq.c:1403
+#: dnsmasq.c:1428
 #, c-format
 msgid "failed to change user-id to %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1407
+#: dnsmasq.c:1432
 #, c-format
 msgid "failed to change group-id to %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1411
+#: dnsmasq.c:1436
 #, c-format
 msgid "failed to open pidfile %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1415
+#: dnsmasq.c:1440
 #, c-format
 msgid "cannot open log %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1419
+#: dnsmasq.c:1444
 #, c-format
 msgid "failed to load Lua script: %s"
 msgstr ""
 
-#: dnsmasq.c:1423
+#: dnsmasq.c:1448
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
 msgstr ""
 
-#: dnsmasq.c:1427
+#: dnsmasq.c:1452
 #, c-format
 msgid "cannot create timestamp file %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1511
+#: dnsmasq.c:1536
 #, c-format
 msgid "script process killed by signal %d"
 msgstr ""
 
-#: dnsmasq.c:1515
+#: dnsmasq.c:1540
 #, c-format
 msgid "script process exited with status %d"
 msgstr ""
 
-#: dnsmasq.c:1519
+#: dnsmasq.c:1544
 #, c-format
 msgid "failed to execute %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1559
+#: dnsmasq.c:1584
 msgid "now checking DNSSEC signature timestamps"
 msgstr ""
 
-#: dnsmasq.c:1594 dnssec.c:160 dnssec.c:204
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
 #, c-format
 msgid "failed to update mtime on %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1606
+#: dnsmasq.c:1631
 msgid "exiting on receipt of SIGTERM"
 msgstr ""
 
-#: dnsmasq.c:1634
+#: dnsmasq.c:1659
 #, c-format
 msgid "failed to access %s: %s"
 msgstr ""
 
-#: dnsmasq.c:1664
+#: dnsmasq.c:1690
 #, c-format
 msgid "reading %s"
 msgstr ""
 
-#: dnsmasq.c:1675
+#: dnsmasq.c:1706
 #, c-format
 msgid "no servers found in %s, will retry"
 msgstr ""
 
-#: dhcp.c:53
+#: dhcp.c:51
 #, c-format
 msgid "cannot create DHCP socket: %s"
 msgstr ""
 
-#: dhcp.c:68
+#: dhcp.c:66
 #, c-format
 msgid "failed to set options on DHCP socket: %s"
 msgstr ""
 
-#: dhcp.c:89
+#: dhcp.c:87
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
 msgstr ""
 
-#: dhcp.c:101
+#: dhcp.c:99
 #, c-format
 msgid "failed to bind DHCP server socket: %s"
 msgstr ""
 
-#: dhcp.c:127
+#: dhcp.c:125
 #, c-format
 msgid "cannot create ICMP raw socket: %s."
 msgstr ""
 
-#: dhcp.c:252 dhcp6.c:180
+#: dhcp.c:254 dhcp6.c:186
 #, c-format
 msgid "unknown interface %s in bridge-interface"
 msgstr ""
 
-#: dhcp.c:293
+#: dhcp.c:295
 #, c-format
 msgid "DHCP packet received on %s which has no address"
 msgstr ""
 
-#: dhcp.c:428
+#: dhcp.c:429
 #, c-format
 msgid "ARP-cache injection failed: %s"
 msgstr ""
 
-#: dhcp.c:473
+#: dhcp.c:490
 #, c-format
 msgid "Error sending DHCP packet to %s: %s"
 msgstr ""
 
-#: dhcp.c:530
+#: dhcp.c:547
 #, c-format
 msgid "DHCP range %s -- %s is not consistent with netmask %s"
 msgstr ""
 
-#: dhcp.c:918
+#: dhcp.c:930
 #, c-format
 msgid "bad line at %s line %d"
 msgstr ""
 
-#: dhcp.c:961
+#: dhcp.c:973
 #, c-format
 msgid "ignoring %s line %d, duplicate name or IP address"
 msgstr ""
 
-#: dhcp.c:1105 rfc3315.c:2182
+#: dhcp.c:1034
 #, c-format
-msgid "DHCP relay %s -> %s"
+msgid "read %s - %d addresses"
+msgstr ""
+
+#: dhcp.c:1136
+#, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr ""
+
+#: dhcp.c:1160
+#, c-format
+msgid "broadcast via %s"
+msgstr ""
+
+#: dhcp.c:1163 rfc3315.c:2219
+#, c-format
+msgid "DHCP relay at %s -> %s"
 msgstr ""
 
 #: lease.c:64
@@ -1898,7 +2036,7 @@ msgstr ""
 msgid "%u available DHCP subnet: %s/%s"
 msgstr ""
 
-#: rfc2131.c:409 rfc3315.c:319
+#: rfc2131.c:409 rfc3315.c:320
 #, c-format
 msgid "%u available DHCP range: %s -- %s"
 msgstr ""
@@ -1917,12 +2055,12 @@ msgstr ""
 msgid "disabled"
 msgstr ""
 
-#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1532 rfc3315.c:632 rfc3315.c:815
-#: rfc3315.c:1121
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
 msgid "ignored"
 msgstr ""
 
-#: rfc2131.c:613 rfc2131.c:1333 rfc3315.c:867
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
 msgid "address in use"
 msgstr ""
 
@@ -1930,7 +2068,7 @@ msgstr ""
 msgid "no address available"
 msgstr ""
 
-#: rfc2131.c:634 rfc2131.c:1295
+#: rfc2131.c:634 rfc2131.c:1302
 msgid "wrong network"
 msgstr ""
 
@@ -1938,11 +2076,11 @@ msgstr ""
 msgid "no address configured"
 msgstr ""
 
-#: rfc2131.c:655 rfc2131.c:1346
+#: rfc2131.c:655 rfc2131.c:1353
 msgid "no leases left"
 msgstr ""
 
-#: rfc2131.c:756 rfc3315.c:499
+#: rfc2131.c:756 rfc3315.c:500
 #, c-format
 msgid "%u client provides name: %s"
 msgstr ""
@@ -1951,7 +2089,7 @@ msgstr ""
 msgid "PXE BIS not supported"
 msgstr ""
 
-#: rfc2131.c:1054 rfc3315.c:1222
+#: rfc2131.c:1054 rfc3315.c:1223
 #, c-format
 msgid "disabling DHCP static address %s for %s"
 msgstr ""
@@ -1975,108 +2113,108 @@ msgstr ""
 msgid "not using configured address %s because it was previously declined"
 msgstr ""
 
-#: rfc2131.c:1139 rfc2131.c:1339
+#: rfc2131.c:1139 rfc2131.c:1346
 msgid "no unique-id"
 msgstr ""
 
-#: rfc2131.c:1231
+#: rfc2131.c:1238
 msgid "wrong server-ID"
 msgstr ""
 
-#: rfc2131.c:1250
+#: rfc2131.c:1257
 msgid "wrong address"
 msgstr ""
 
-#: rfc2131.c:1268 rfc3315.c:975
+#: rfc2131.c:1275 rfc3315.c:976
 msgid "lease not found"
 msgstr ""
 
-#: rfc2131.c:1303
+#: rfc2131.c:1310
 msgid "address not available"
 msgstr ""
 
-#: rfc2131.c:1314
+#: rfc2131.c:1321
 msgid "static lease available"
 msgstr ""
 
-#: rfc2131.c:1318
+#: rfc2131.c:1325
 msgid "address reserved"
 msgstr ""
 
-#: rfc2131.c:1327
+#: rfc2131.c:1334
 #, c-format
 msgid "abandoning lease to %s of %s"
 msgstr ""
 
-#: rfc2131.c:1866
+#: rfc2131.c:1870
 #, c-format
 msgid "%u bootfile name: %s"
 msgstr ""
 
-#: rfc2131.c:1875
+#: rfc2131.c:1879
 #, c-format
 msgid "%u server name: %s"
 msgstr ""
 
-#: rfc2131.c:1885
+#: rfc2131.c:1889
 #, c-format
 msgid "%u next server: %s"
 msgstr ""
 
-#: rfc2131.c:1889
+#: rfc2131.c:1893
 #, c-format
 msgid "%u broadcast response"
 msgstr ""
 
-#: rfc2131.c:1952
+#: rfc2131.c:1956
 #, c-format
 msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
 msgstr ""
 
-#: rfc2131.c:2262
+#: rfc2131.c:2267
 msgid "PXE menu too large"
 msgstr ""
 
-#: rfc2131.c:2425 rfc3315.c:1511
+#: rfc2131.c:2430 rfc3315.c:1517
 #, c-format
 msgid "%u requested options: %s"
 msgstr ""
 
-#: rfc2131.c:2742
+#: rfc2131.c:2747
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
 msgstr ""
 
-#: rfc2131.c:2805
+#: rfc2131.c:2810
 #, c-format
 msgid "%u reply delay: %d"
 msgstr ""
 
-#: netlink.c:93
+#: netlink.c:86
 #, c-format
 msgid "cannot create netlink socket: %s"
 msgstr ""
 
-#: netlink.c:377
+#: netlink.c:379
 #, c-format
 msgid "netlink returns error: %s"
 msgstr ""
 
-#: dbus.c:434
+#: dbus.c:491
 #, c-format
 msgid "Enabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:439
+#: dbus.c:496
 #, c-format
 msgid "Disabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:713
+#: dbus.c:857
 msgid "setting upstream servers from DBus"
 msgstr ""
 
-#: dbus.c:760
+#: dbus.c:907
 msgid "could not register a DBus message handler"
 msgstr ""
 
@@ -2103,51 +2241,51 @@ msgstr ""
 msgid "lease() function missing in Lua script"
 msgstr ""
 
-#: tftp.c:349
+#: tftp.c:353
 msgid "unable to get free port for TFTP"
 msgstr ""
 
-#: tftp.c:365
+#: tftp.c:369
 #, c-format
 msgid "unsupported request from %s"
 msgstr ""
 
-#: tftp.c:512
+#: tftp.c:520
 #, c-format
-msgid "file %s not found"
+msgid "file %s not found for %s"
 msgstr ""
 
-#: tftp.c:602
+#: tftp.c:609
 #, c-format
 msgid "ignoring packet from %s (TID mismatch)"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "failed sending %s to %s"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "sent %s to %s"
 msgstr ""
 
-#: tftp.c:696
+#: tftp.c:712
 #, c-format
 msgid "error %d %s received from %s"
 msgstr ""
 
-#: log.c:190
+#: log.c:203
 #, c-format
 msgid "overflow: %d log entries lost"
 msgstr ""
 
-#: log.c:268
+#: log.c:281
 #, c-format
 msgid "log failed: %s"
 msgstr ""
 
-#: log.c:477
+#: log.c:490
 msgid "FAILED to start up"
 msgstr ""
 
@@ -2156,17 +2294,17 @@ msgstr ""
 msgid "Conntrack connection mark retrieval failed: %s"
 msgstr ""
 
-#: dhcp6.c:52
+#: dhcp6.c:51
 #, c-format
 msgid "cannot create DHCPv6 socket: %s"
 msgstr ""
 
-#: dhcp6.c:73
+#: dhcp6.c:72
 #, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
 msgstr ""
 
-#: dhcp6.c:85
+#: dhcp6.c:84
 #, c-format
 msgid "failed to bind DHCPv6 server socket: %s"
 msgstr ""
@@ -2181,145 +2319,151 @@ msgstr ""
 msgid "no address range available for DHCPv6 request via %s"
 msgstr ""
 
-#: rfc3315.c:316
+#: rfc3315.c:317
 #, c-format
 msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr ""
 
-#: rfc3315.c:399
+#: rfc3315.c:400
 #, c-format
 msgid "%u vendor class: %u"
 msgstr ""
 
-#: rfc3315.c:447
+#: rfc3315.c:448
 #, c-format
 msgid "%u client MAC address: %s"
 msgstr ""
 
-#: rfc3315.c:762 rfc3315.c:859
+#: rfc3315.c:763 rfc3315.c:860
 msgid "address unavailable"
 msgstr ""
 
-#: rfc3315.c:774 rfc3315.c:903 rfc3315.c:1272
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
 msgid "success"
 msgstr ""
 
-#: rfc3315.c:789 rfc3315.c:798 rfc3315.c:911 rfc3315.c:913 rfc3315.c:1047
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
 msgid "no addresses available"
 msgstr ""
 
-#: rfc3315.c:890
+#: rfc3315.c:891
 msgid "not on link"
 msgstr ""
 
-#: rfc3315.c:979 rfc3315.c:1180 rfc3315.c:1261
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
 msgid "no binding found"
 msgstr ""
 
-#: rfc3315.c:1016
+#: rfc3315.c:1017
 msgid "deprecated"
 msgstr ""
 
-#: rfc3315.c:1023
+#: rfc3315.c:1024
 msgid "address invalid"
 msgstr ""
 
-#: rfc3315.c:1081 rfc3315.c:1083
+#: rfc3315.c:1082 rfc3315.c:1084
 msgid "confirm failed"
 msgstr ""
 
-#: rfc3315.c:1098
+#: rfc3315.c:1099
 msgid "all addresses still on link"
 msgstr ""
 
-#: rfc3315.c:1189
+#: rfc3315.c:1190
 msgid "release received"
 msgstr ""
 
-#: rfc3315.c:2173
-msgid "Cannot multicast to DHCPv6 server without correct interface"
+#: rfc3315.c:2200
+#, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
+msgstr ""
+
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
 msgstr ""
 
-#: dhcp-common.c:154
+#: dhcp-common.c:187
 #, c-format
 msgid "Ignoring duplicate dhcp-option %d"
 msgstr ""
 
-#: dhcp-common.c:231
+#: dhcp-common.c:264
 #, c-format
 msgid "%u tags: %s"
 msgstr ""
 
-#: dhcp-common.c:451
+#: dhcp-common.c:484
 #, c-format
 msgid "%s has more than one address in hostsfile, using %s for DHCP"
 msgstr ""
 
-#: dhcp-common.c:485
+#: dhcp-common.c:518
 #, c-format
 msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr ""
 
-#: dhcp-common.c:549
-#, c-format
-msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr ""
-
-#: dhcp-common.c:672
+#: dhcp-common.c:738
 #, c-format
 msgid "Known DHCP options:\n"
 msgstr ""
 
-#: dhcp-common.c:683
+#: dhcp-common.c:749
 #, c-format
 msgid "Known DHCPv6 options:\n"
 msgstr ""
 
-#: dhcp-common.c:880
+#: dhcp-common.c:946
 msgid ", prefix deprecated"
 msgstr ""
 
-#: dhcp-common.c:883
+#: dhcp-common.c:949
 #, c-format
 msgid ", lease time "
 msgstr ""
 
-#: dhcp-common.c:925
+#: dhcp-common.c:991
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
 msgstr ""
 
-#: dhcp-common.c:927
+#: dhcp-common.c:993
 #, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
 msgstr ""
 
-#: dhcp-common.c:929
+#: dhcp-common.c:995
 #, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
 msgstr ""
 
-#: dhcp-common.c:930
+#: dhcp-common.c:996
 #, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
 msgstr ""
 
-#: dhcp-common.c:943
+#: dhcp-common.c:1009
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
 msgstr ""
 
-#: dhcp-common.c:946
+#: dhcp-common.c:1012
 #, c-format
 msgid "router advertisement on %s%s"
 msgstr ""
 
-#: dhcp-common.c:957
+#: dhcp-common.c:1043
+#, c-format
+msgid "DHCP relay from %s via %s"
+msgstr ""
+
+#: dhcp-common.c:1045
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
 msgstr ""
 
-#: dhcp-common.c:959
+#: dhcp-common.c:1048
 #, c-format
 msgid "DHCP relay from %s to %s"
 msgstr ""
@@ -2329,7 +2473,7 @@ msgstr ""
 msgid "cannot create ICMPv6 socket: %s"
 msgstr ""
 
-#: auth.c:464
+#: auth.c:462
 #, c-format
 msgid "ignoring zone transfer request from %s"
 msgstr ""
@@ -2441,14 +2585,14 @@ msgstr ""
 msgid "system time considered valid, now checking DNSSEC signature timestamps."
 msgstr ""
 
-#: dnssec.c:1014
+#: dnssec.c:1018
 #, c-format
 msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
 msgstr ""
 
 #: blockdata.c:55
 #, c-format
-msgid "pool memory in use %u, max %u, allocated %u"
+msgid "pool memory in use %zu, max %zu, allocated %zu"
 msgstr ""
 
 #: tables.c:61
@@ -2510,38 +2654,57 @@ msgstr ""
 msgid "directory %s for resolv-file is missing, cannot poll"
 msgstr ""
 
-#: inotify.c:131 inotify.c:168
+#: inotify.c:131 inotify.c:200
 #, c-format
 msgid "failed to create inotify for %s: %s"
 msgstr ""
 
-#: inotify.c:153
+#: inotify.c:178 inotify.c:185
 #, c-format
 msgid "bad dynamic directory %s: %s"
 msgstr ""
 
-#: inotify.c:257
+#: inotify.c:186
+msgid "not a directory"
+msgstr ""
+
+#: inotify.c:299
 #, c-format
-msgid "inotify, new or changed file %s"
+msgid "inotify: %s removed"
 msgstr ""
 
-#: dump.c:64
+#: inotify.c:301
+#, c-format
+msgid "inotify: %s new or modified"
+msgstr ""
+
+#: inotify.c:309
+#, c-format
+msgid "inotify: flushed %u names read from %s"
+msgstr ""
+
+#: dump.c:68
 #, c-format
 msgid "cannot create %s: %s"
 msgstr ""
 
-#: dump.c:70
+#: dump.c:74
 #, c-format
 msgid "bad header in %s"
 msgstr ""
 
-#: dump.c:205
+#: dump.c:287
 msgid "failed to write packet dump"
 msgstr ""
 
-#: dump.c:207
+#: dump.c:289
+#, c-format
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr ""
+
+#: dump.c:291
 #, c-format
-msgid "dumping UDP packet %u mask 0x%04x"
+msgid "dumping packet %u mask 0x%04x"
 msgstr ""
 
 #: ubus.c:79
@@ -2574,3 +2737,7 @@ msgstr ""
 #: hash-questions.c:40
 msgid "Failed to create SHA-256 hash object"
 msgstr ""
+
+#: nftset.c:35
+msgid "failed to create nftset context"
+msgstr ""
diff --git a/po/ro.po b/po/ro.po
index 295e629..7a63c5b 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -15,73 +15,78 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: cache.c:572
+#: cache.c:652
 msgid "Internal error in cache."
 msgstr ""
 
 # for compatibility purposes the letters â, ă, ş, ţ and î can be written as their look-alike correspondent.
-#: cache.c:1094
+#: cache.c:1179
 #, fuzzy, c-format
 msgid "failed to load names from %s: %s"
 msgstr "încărcarea numelor din %s: %s a eşuat"
 
-#: cache.c:1116 dhcp.c:931
+#: cache.c:1201 dhcp.c:943
 #, c-format
 msgid "bad address at %s line %d"
 msgstr "adresă greşită în %s, linia %d"
 
-#: cache.c:1169 dhcp.c:947
+#: cache.c:1254 dhcp.c:959
 #, c-format
 msgid "bad name at %s line %d"
 msgstr "nume greşit în %s linia %d"
 
-#: cache.c:1180 dhcp.c:1022
-#, c-format
-msgid "read %s - %d addresses"
+#: cache.c:1265
+#, fuzzy, c-format
+msgid "read %s - %d names"
 msgstr "citesc %s - %d adrese"
 
-#: cache.c:1296
+#: cache.c:1381
 msgid "cleared cache"
 msgstr "memoria temporară a fost ştearsă"
 
-#: cache.c:1358
+#: cache.c:1445
 #, c-format
 msgid "No IPv4 address found for %s"
 msgstr ""
 
-#: cache.c:1404
+#: cache.c:1491
 #, c-format
 msgid "%s is a CNAME, not giving it to the DHCP lease of %s"
 msgstr ""
 
-#: cache.c:1428
+#: cache.c:1515
 #, c-format
 msgid "not giving name %s to the DHCP lease of %s because the name exists in %s with address %s"
 msgstr "nu pot da numele %s împrumutului de adresă DHCP a lui %s deoarece numeleexistă în %s cu adresa %s"
 
-#: cache.c:1674
+#: cache.c:1760
 #, c-format
 msgid "time %lu"
 msgstr ""
 
-#: cache.c:1675
+#: cache.c:1761
 #, fuzzy, c-format
 msgid "cache size %d, %d/%d cache insertions re-used unexpired cache entries."
 msgstr "cantitate de memorie temporară %d, %d/%d stocări temporare aureutilizat locaţii neexpirate."
 
-#: cache.c:1677
+#: cache.c:1763
 #, c-format
 msgid "queries forwarded %u, queries answered locally %u"
 msgstr ""
 
-#: cache.c:1680
+#: cache.c:1766
+#, c-format
+msgid "queries answered from stale cache %u"
+msgstr ""
+
+#: cache.c:1768
 #, c-format
 msgid "queries for authoritative zones %u"
 msgstr ""
 
-#: cache.c:1702
+#: cache.c:1796
 #, c-format
-msgid "server %s#%d: queries sent %u, retried or failed %u"
+msgid "server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"
 msgstr ""
 
 #: util.c:51
@@ -89,762 +94,812 @@ msgstr ""
 msgid "failed to seed the random number generator: %s"
 msgstr "ascultarea pe socket a eşuat: %s"
 
-#: util.c:228
+#: util.c:246
 #, fuzzy
 msgid "failed to allocate memory"
 msgstr "nu pot încărca %d bytes"
 
-#: util.c:285 option.c:665
+#: util.c:305 option.c:696
 msgid "could not get memory"
 msgstr "nu am putut aloca memorie"
 
-#: util.c:306
+#: util.c:326
 #, fuzzy, c-format
 msgid "cannot create pipe: %s"
 msgstr "nu pot citi %s: %s"
 
-#: util.c:314
+#: util.c:334
 #, fuzzy, c-format
 msgid "failed to allocate %d bytes"
 msgstr "nu pot încărca %d bytes"
 
-#: util.c:520
+#: util.c:344
+#, fuzzy, c-format
+msgid "failed to reallocate %d bytes"
+msgstr "nu pot încărca %d bytes"
+
+#: util.c:465
+#, fuzzy, c-format
+msgid "cannot read monotonic clock: %s"
+msgstr "nu pot să activez socket-ul netlink: %s"
+
+#: util.c:579
 #, c-format
 msgid "infinite"
 msgstr "infinit"
 
-#: util.c:808
+#: util.c:867
 #, fuzzy, c-format
 msgid "failed to find kernel version: %s"
 msgstr "activarea socket-ului server-ului DHCP a eşuat: %s"
 
-#: option.c:372
+#: option.c:393
 msgid "Specify local address(es) to listen on."
 msgstr "Specificaţi adresele locale deservite."
 
-#: option.c:373
+#: option.c:394
 msgid "Return ipaddr for all hosts in specified domains."
 msgstr "Afişează adresele IP ale maşinilor în domeniul dat."
 
-#: option.c:374
+#: option.c:395
 msgid "Fake reverse lookups for RFC1918 private address ranges."
 msgstr "Simulează căutări după adresă pentru domenii de adresă private (RFC1918)."
 
-#: option.c:375
+#: option.c:396
 msgid "Treat ipaddr as NXDOMAIN (defeats Verisign wildcard)."
 msgstr "Interpretează adresa IP ca NXDOMAIN (împotriva manipulărilor Verisign)"
 
-#: option.c:376
+#: option.c:397
 #, c-format
 msgid "Specify the size of the cache in entries (defaults to %s)."
 msgstr "Specifică mărimea înregistrărilor temporare (implicit e %s)."
 
-#: option.c:377
+#: option.c:398
 #, c-format
 msgid "Specify configuration file (defaults to %s)."
 msgstr "Specifică fişier de configurare (implicit e %s)."
 
-#: option.c:378
+#: option.c:399
 msgid "Do NOT fork into the background: run in debug mode."
 msgstr "NU porneşte în fundal: rulează în modul depanare."
 
-#: option.c:379
+#: option.c:400
 msgid "Do NOT forward queries with no domain part."
 msgstr "NU înainta cererile ce nu conţin domeniu DNS."
 
-#: option.c:380
+#: option.c:401
 msgid "Return self-pointing MX records for local hosts."
 msgstr "Răspunde cu înregistrări MX spre el însuşi pentru maşini locale."
 
-#: option.c:381
+#: option.c:402
 msgid "Expand simple names in /etc/hosts with domain-suffix."
 msgstr "Adaugă numelor simple din /etc/hosts numele domeniului ca sufix."
 
-#: option.c:382
+#: option.c:403
 msgid "Don't forward spurious DNS requests from Windows hosts."
 msgstr "Nu inainta cereri DNS defecte provenite de la maşini Windows."
 
-#: option.c:383
+#: option.c:404
+msgid "Don't include IPv4 addresses in DNS answers."
+msgstr ""
+
+#: option.c:405
+msgid "Don't include IPv6 addresses in DNS answers."
+msgstr ""
+
+#: option.c:406
 msgid "Enable DHCP in the range given with lease duration."
 msgstr "Activează DHCP în domeniul dat cu durată limitată de împrumut."
 
-#: option.c:384
+#: option.c:407
 #, c-format
 msgid "Change to this group after startup (defaults to %s)."
 msgstr "Rulează sub acest grup după pornire (implicit e %s)."
 
-#: option.c:385
+#: option.c:408
 msgid "Set address or hostname for a specified machine."
 msgstr "Schimbă adresa sau numele maşinii specificate."
 
-#: option.c:386
+#: option.c:409
 #, fuzzy
 msgid "Read DHCP host specs from file."
 msgstr "nume MX invalid"
 
-#: option.c:387
+#: option.c:410
 msgid "Read DHCP option specs from file."
 msgstr ""
 
-#: option.c:388
+#: option.c:411
 #, fuzzy
 msgid "Read DHCP host specs from a directory."
 msgstr "nume MX invalid"
 
-#: option.c:389
+#: option.c:412
 #, fuzzy
 msgid "Read DHCP options from a directory."
 msgstr "nume MX invalid"
 
-#: option.c:390
+#: option.c:413
 msgid "Evaluate conditional tag expression."
 msgstr ""
 
-#: option.c:391
+#: option.c:414
 #, c-format
 msgid "Do NOT load %s file."
 msgstr "Nu încarcă fişierul %s."
 
-#: option.c:392
+#: option.c:415
 #, c-format
 msgid "Specify a hosts file to be read in addition to %s."
 msgstr "Specifică spre citire un fişier hosts adiţional la %s."
 
-#: option.c:393
+#: option.c:416
 #, fuzzy
 msgid "Read hosts files from a directory."
 msgstr "nume MX invalid"
 
-#: option.c:394
+#: option.c:417
 msgid "Specify interface(s) to listen on."
 msgstr "Specifică interfeţele deservite."
 
-#: option.c:395
+#: option.c:418
 msgid "Specify interface(s) NOT to listen on."
 msgstr "Specifică interfeţele NE-deservite."
 
-#: option.c:396
+#: option.c:419
 #, fuzzy
 msgid "Map DHCP user class to tag."
 msgstr "Leagă clasa de utilizator DHCP cu grup de opţiuni."
 
-#: option.c:397
+#: option.c:420
 msgid "Map RFC3046 circuit-id to tag."
 msgstr ""
 
-#: option.c:398
+#: option.c:421
 msgid "Map RFC3046 remote-id to tag."
 msgstr ""
 
-#: option.c:399
+#: option.c:422
 msgid "Map RFC3993 subscriber-id to tag."
 msgstr ""
 
-#: option.c:400
+#: option.c:423
 msgid "Specify vendor class to match for PXE requests."
 msgstr ""
 
-#: option.c:401
+#: option.c:424
 #, fuzzy
 msgid "Don't do DHCP for hosts with tag set."
 msgstr "Nu furniza DHCP maşinilor din grupul de opţiuni."
 
-#: option.c:402
+#: option.c:425
 #, fuzzy
 msgid "Force broadcast replies for hosts with tag set."
 msgstr "Nu furniza DHCP maşinilor din grupul de opţiuni."
 
-#: option.c:403
+#: option.c:426
 msgid "Do NOT fork into the background, do NOT run in debug mode."
 msgstr "NU porneşte în fundal, NU rulează în modul depanare."
 
-#: option.c:404
+#: option.c:427
 msgid "Assume we are the only DHCP server on the local network."
 msgstr "Presupune că suntem singurul server DHCP din reţeaua locală."
 
-#: option.c:405
+#: option.c:428
 #, c-format
 msgid "Specify where to store DHCP leases (defaults to %s)."
 msgstr "Specifică fişierul de stocare a împrumuturilor DHCP (implicit e %s)."
 
-#: option.c:406
+#: option.c:429
 msgid "Return MX records for local hosts."
 msgstr "Răspunde cu întregistrări MX pentru maşini locale."
 
-#: option.c:407
+#: option.c:430
 msgid "Specify an MX record."
 msgstr "Specifică o înregistrare MX."
 
-#: option.c:408
+#: option.c:431
 msgid "Specify BOOTP options to DHCP server."
 msgstr "Specifică opţiuni BOOTP serverului DHCP."
 
-#: option.c:409
+#: option.c:432
 #, c-format
 msgid "Do NOT poll %s file, reload only on SIGHUP."
 msgstr "Nu încărca fişierul %s, citeşte-l doar la SIGHUP."
 
-#: option.c:410
+#: option.c:433
 msgid "Do NOT cache failed search results."
 msgstr "NU memora rezultatele de căutare DNS eşuatată."
 
-#: option.c:411
+#: option.c:434
+msgid "Use expired cache data for faster reply."
+msgstr ""
+
+#: option.c:435
 #, c-format
 msgid "Use nameservers strictly in the order given in %s."
 msgstr "Foloseşte servere DNS strict în ordinea dată în %s."
 
-#: option.c:412
+#: option.c:436
 #, fuzzy
 msgid "Specify options to be sent to DHCP clients."
 msgstr "Configurează opţiuni în plusce trebuie trimise clienţilor DHCP."
 
-#: option.c:413
+#: option.c:437
 msgid "DHCP option sent even if the client does not request it."
 msgstr ""
 
-#: option.c:414
+#: option.c:438
 msgid "Specify port to listen for DNS requests on (defaults to 53)."
 msgstr "Specifică numărul portului pentru cereri DNS (implicit e 53)."
 
-#: option.c:415
+#: option.c:439
 #, c-format
 msgid "Maximum supported UDP packet size for EDNS.0 (defaults to %s)."
 msgstr "Marimea maximă a pachetului UDP pentru EDNS.0 (implicit e %s)."
 
-#: option.c:416
+#: option.c:440
 #, fuzzy
 msgid "Log DNS queries."
 msgstr "Înregistrează tranzacţiile."
 
-#: option.c:417
+#: option.c:441
 #, fuzzy
 msgid "Force the originating port for upstream DNS queries."
 msgstr "Forţează acest port pentru datele ce pleacă."
 
-#: option.c:418
+#: option.c:442
+msgid "Set maximum number of random originating ports for a query."
+msgstr ""
+
+#: option.c:443
 msgid "Do NOT read resolv.conf."
 msgstr "NU citi fişierul resolv.conf"
 
-#: option.c:419
+#: option.c:444
 #, c-format
 msgid "Specify path to resolv.conf (defaults to %s)."
 msgstr "Specifică calea către resolv.conf (implicit e %s)."
 
-#: option.c:420
+#: option.c:445
 #, fuzzy
 msgid "Specify path to file with server= options"
 msgstr "Specifică o cale pentru fişierul PID. (implicit %s)."
 
-#: option.c:421
+#: option.c:446
 msgid "Specify address(es) of upstream servers with optional domains."
 msgstr "Specifică adresele server(elor) superioare cu domenii opţionale."
 
-#: option.c:422
+#: option.c:447
 #, fuzzy
 msgid "Specify address of upstream servers for reverse address queries"
 msgstr "Specifică adresele server(elor) superioare cu domenii opţionale."
 
-#: option.c:423
+#: option.c:448
 msgid "Never forward queries to specified domains."
 msgstr "Nu înaintează cererile spre domeniile specificate."
 
-#: option.c:424
+#: option.c:449
 msgid "Specify the domain to be assigned in DHCP leases."
 msgstr "Specifică domeniul de transmis prin DHCP."
 
-#: option.c:425
+#: option.c:450
 msgid "Specify default target in an MX record."
 msgstr "Specifică o ţintă într-o înregistrare MX."
 
-#: option.c:426
+#: option.c:451
 msgid "Specify time-to-live in seconds for replies from /etc/hosts."
 msgstr "Specifică TTL în secunde pentru răspunsurile din /etc/hosts."
 
-#: option.c:427
+#: option.c:452
 #, fuzzy
 msgid "Specify time-to-live in seconds for negative caching."
 msgstr "Specifică TTL în secunde pentru răspunsurile din /etc/hosts."
 
-#: option.c:428
+#: option.c:453
 #, fuzzy
 msgid "Specify time-to-live in seconds for maximum TTL to send to clients."
 msgstr "Specifică TTL în secunde pentru răspunsurile din /etc/hosts."
 
-#: option.c:429
+#: option.c:454
 #, fuzzy
 msgid "Specify time-to-live ceiling for cache."
 msgstr "Specifică TTL în secunde pentru răspunsurile din /etc/hosts."
 
-#: option.c:430
+#: option.c:455
 #, fuzzy
 msgid "Specify time-to-live floor for cache."
 msgstr "Specifică TTL în secunde pentru răspunsurile din /etc/hosts."
 
-#: option.c:431
+#: option.c:456
+msgid "Retry DNS queries after this many milliseconds."
+msgstr ""
+
+#: option.c:457
 #, c-format
 msgid "Change to this user after startup. (defaults to %s)."
 msgstr "Rulează sub acest utilizator după pornire. (implicit e %s)."
 
-#: option.c:432
+#: option.c:458
 #, fuzzy
 msgid "Map DHCP vendor class to tag."
 msgstr "Trimite opţiuni DHCP în funcţie de marca plăcii de reţea."
 
-#: option.c:433
+#: option.c:459
 msgid "Display dnsmasq version and copyright information."
 msgstr "Afişează versiunea dnsmasq şi drepturile de autor."
 
-#: option.c:434
+#: option.c:460
 msgid "Translate IPv4 addresses from upstream servers."
 msgstr "Traduce adresele IPv4 de la serverele DNS superioare."
 
-#: option.c:435
+#: option.c:461
 msgid "Specify a SRV record."
 msgstr "Specifică o înregistrare SRV."
 
-#: option.c:436
+#: option.c:462
 msgid "Display this message. Use --help dhcp or --help dhcp6 for known DHCP options."
 msgstr ""
 
-#: option.c:437
+#: option.c:463
 #, fuzzy, c-format
 msgid "Specify path of PID file (defaults to %s)."
 msgstr "Specifică o cale pentru fişierul PID. (implicit %s)."
 
-#: option.c:438
+#: option.c:464
 #, c-format
 msgid "Specify maximum number of DHCP leases (defaults to %s)."
 msgstr "Specifică numărul maxim de împrumuturi DHCP (implicit %s)."
 
-#: option.c:439
+#: option.c:465
 msgid "Answer DNS queries based on the interface a query was sent to."
 msgstr "Răspunde cererilor DNS în funcţie de interfaţa pe care a venit cererea."
 
-#: option.c:440
+#: option.c:466
 msgid "Specify TXT DNS record."
 msgstr "Specifică o înregistrare TXT."
 
-#: option.c:441
+#: option.c:467
 #, fuzzy
 msgid "Specify PTR DNS record."
 msgstr "Specifică o înregistrare TXT."
 
-#: option.c:442
+#: option.c:468
 msgid "Give DNS name to IPv4 address of interface."
 msgstr ""
 
-#: option.c:443
+#: option.c:469
 msgid "Bind only to interfaces in use."
 msgstr "Ascultă doar pe interfeţele active."
 
-#: option.c:444
+#: option.c:470
 #, c-format
 msgid "Read DHCP static host information from %s."
 msgstr "Citeşte informaţii DHCP statice despre maşină din %s."
 
-#: option.c:445
+#: option.c:471
 msgid "Enable the DBus interface for setting upstream servers, etc."
 msgstr "Activeaza interfaţa DBus pentru configurarea serverelor superioare."
 
-#: option.c:446
+#: option.c:472
 msgid "Enable the UBus interface."
 msgstr ""
 
-#: option.c:447
+#: option.c:473
 msgid "Do not provide DHCP on this interface, only provide DNS."
 msgstr "Nu activează DHCP ci doar DNS pe această interfaţă."
 
-#: option.c:448
+#: option.c:474
 msgid "Enable dynamic address allocation for bootp."
 msgstr "Activează alocarea dinamică a adreselor pentru BOOTP."
 
-#: option.c:449
+#: option.c:475
 #, fuzzy
 msgid "Map MAC address (with wildcards) to option set."
 msgstr "Trimite opţiuni DHCP în funcţie de marca plăcii de reţea."
 
-#: option.c:450
+#: option.c:476
 msgid "Treat DHCP requests on aliases as arriving from interface."
 msgstr ""
 
-#: option.c:451
+#: option.c:477
 msgid "Specify extra networks sharing a broadcast domain for DHCP"
 msgstr ""
 
-#: option.c:452
+#: option.c:478
 msgid "Disable ICMP echo address checking in the DHCP server."
 msgstr ""
 
-#: option.c:453
+#: option.c:479
 msgid "Shell script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:454
+#: option.c:480
 msgid "Lua script to run on DHCP lease creation and destruction."
 msgstr ""
 
-#: option.c:455
+#: option.c:481
 msgid "Run lease-change scripts as this user."
 msgstr ""
 
-#: option.c:456
+#: option.c:482
 msgid "Call dhcp-script with changes to local ARP table."
 msgstr ""
 
-#: option.c:457
+#: option.c:483
 msgid "Read configuration from all the files in this directory."
 msgstr ""
 
-#: option.c:458
+#: option.c:484
+msgid "Execute file and read configuration from stdin."
+msgstr ""
+
+#: option.c:485
 #, fuzzy
 msgid "Log to this syslog facility or file. (defaults to DAEMON)"
 msgstr "Rulează sub acest utilizator după pornire. (implicit e %s)."
 
-#: option.c:459
+#: option.c:486
 msgid "Do not use leasefile."
 msgstr ""
 
-#: option.c:460
+#: option.c:487
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries. (defaults to %s)"
 msgstr "Specifică numărul maxim de împrumuturi DHCP (implicit %s)."
 
-#: option.c:461
+#: option.c:488
 #, c-format
 msgid "Clear DNS cache when reloading %s."
 msgstr ""
 
-#: option.c:462
+#: option.c:489
 msgid "Ignore hostnames provided by DHCP clients."
 msgstr ""
 
-#: option.c:463
+#: option.c:490
 msgid "Do NOT reuse filename and server fields for extra DHCP options."
 msgstr ""
 
-#: option.c:464
+#: option.c:491
 msgid "Enable integrated read-only TFTP server."
 msgstr ""
 
-#: option.c:465
+#: option.c:492
 msgid "Export files by TFTP only from the specified subtree."
 msgstr ""
 
-#: option.c:466
+#: option.c:493
 msgid "Add client IP or hardware address to tftp-root."
 msgstr ""
 
-#: option.c:467
+#: option.c:494
 msgid "Allow access only to files owned by the user running dnsmasq."
 msgstr ""
 
-#: option.c:468
+#: option.c:495
 msgid "Do not terminate the service if TFTP directories are inaccessible."
 msgstr ""
 
-#: option.c:469
+#: option.c:496
 #, fuzzy, c-format
 msgid "Maximum number of concurrent TFTP transfers (defaults to %s)."
 msgstr "Specifică numărul maxim de împrumuturi DHCP (implicit %s)."
 
-#: option.c:470
+#: option.c:497
 #, fuzzy
 msgid "Maximum MTU to use for TFTP transfers."
 msgstr "Specifică numărul maxim de împrumuturi DHCP (implicit %s)."
 
-#: option.c:471
+#: option.c:498
 msgid "Disable the TFTP blocksize extension."
 msgstr ""
 
-#: option.c:472
+#: option.c:499
 msgid "Convert TFTP filenames to lowercase"
 msgstr ""
 
-#: option.c:473
+#: option.c:500
 msgid "Ephemeral port range for use by TFTP transfers."
 msgstr ""
 
-#: option.c:474
+#: option.c:501
 msgid "Use only one port for TFTP server."
 msgstr ""
 
-#: option.c:475
+#: option.c:502
 msgid "Extra logging for DHCP."
 msgstr ""
 
-#: option.c:476
+#: option.c:503
 msgid "Enable async. logging; optionally set queue length."
 msgstr ""
 
-#: option.c:477
+#: option.c:504
 msgid "Stop DNS rebinding. Filter private IP ranges when resolving."
 msgstr ""
 
-#: option.c:478
+#: option.c:505
 msgid "Allow rebinding of 127.0.0.0/8, for RBL servers."
 msgstr ""
 
-#: option.c:479
+#: option.c:506
 msgid "Inhibit DNS-rebind protection on this domain."
 msgstr ""
 
-#: option.c:480
+#: option.c:507
 msgid "Always perform DNS queries to all servers."
 msgstr ""
 
-#: option.c:481
+#: option.c:508
 msgid "Set tag if client includes matching option in request."
 msgstr ""
 
-#: option.c:482
+#: option.c:509
 msgid "Set tag if client provides given name."
 msgstr ""
 
-#: option.c:483
+#: option.c:510
 msgid "Use alternative ports for DHCP."
 msgstr ""
 
-#: option.c:484
+#: option.c:511
 #, fuzzy
 msgid "Specify NAPTR DNS record."
 msgstr "Specifică o înregistrare TXT."
 
-#: option.c:485
+#: option.c:512
 msgid "Specify lowest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:486
+#: option.c:513
 msgid "Specify highest port available for DNS query transmission."
 msgstr ""
 
-#: option.c:487
+#: option.c:514
 msgid "Use only fully qualified domain names for DHCP clients."
 msgstr ""
 
-#: option.c:488
+#: option.c:515
 msgid "Generate hostnames based on MAC address for nameless clients."
 msgstr ""
 
-#: option.c:489
+#: option.c:516
 msgid "Use these DHCP relays as full proxies."
 msgstr ""
 
-#: option.c:490
+#: option.c:517
 msgid "Relay DHCP requests to a remote server"
 msgstr ""
 
-#: option.c:491
+#: option.c:518
 msgid "Specify alias name for LOCAL DNS name."
 msgstr ""
 
-#: option.c:492
+#: option.c:519
 #, fuzzy
 msgid "Prompt to send to PXE clients."
 msgstr "Configurează opţiuni în plusce trebuie trimise clienţilor DHCP."
 
-#: option.c:493
+#: option.c:520
 msgid "Boot service for PXE menu."
 msgstr ""
 
-#: option.c:494
+#: option.c:521
 msgid "Check configuration syntax."
 msgstr ""
 
-#: option.c:495
+#: option.c:522
 msgid "Add requestor's MAC address to forwarded DNS queries."
 msgstr ""
 
-#: option.c:496
+#: option.c:523
+msgid "Strip MAC information from queries."
+msgstr ""
+
+#: option.c:524
 msgid "Add specified IP subnet to forwarded DNS queries."
 msgstr ""
 
-#: option.c:497
+#: option.c:525
+msgid "Strip ECS information from queries."
+msgstr ""
+
+#: option.c:526
 #, fuzzy
 msgid "Add client identification to forwarded DNS queries."
 msgstr "Forţează acest port pentru datele ce pleacă."
 
-#: option.c:498
+#: option.c:527
 #, fuzzy
 msgid "Proxy DNSSEC validation results from upstream nameservers."
 msgstr "Traduce adresele IPv4 de la serverele DNS superioare."
 
-#: option.c:499
+#: option.c:528
 msgid "Attempt to allocate sequential IP addresses to DHCP clients."
 msgstr ""
 
-#: option.c:500
+#: option.c:529
 #, fuzzy
 msgid "Ignore client identifier option sent by DHCP clients."
 msgstr "Configurează opţiuni în plusce trebuie trimise clienţilor DHCP."
 
-#: option.c:501
+#: option.c:530
 msgid "Copy connection-track mark from queries to upstream connections."
 msgstr ""
 
-#: option.c:502
+#: option.c:531
 msgid "Allow DHCP clients to do their own DDNS updates."
 msgstr ""
 
-#: option.c:503
+#: option.c:532
 msgid "Send router-advertisements for interfaces doing DHCPv6"
 msgstr ""
 
-#: option.c:504
+#: option.c:533
 msgid "Specify DUID_EN-type DHCPv6 server DUID"
 msgstr ""
 
-#: option.c:505
+#: option.c:534
 #, fuzzy
 msgid "Specify host (A/AAAA and PTR) records"
 msgstr "Specifică o înregistrare MX."
 
-#: option.c:506
+#: option.c:535
 msgid "Specify host record in interface subnet"
 msgstr ""
 
-#: option.c:507
+#: option.c:536
 msgid "Specify certification authority authorization record"
 msgstr ""
 
-#: option.c:508
+#: option.c:537
 #, fuzzy
 msgid "Specify arbitrary DNS resource record"
 msgstr "Specifică o înregistrare TXT."
 
-#: option.c:509
+#: option.c:538
 #, fuzzy
 msgid "Bind to interfaces in use - check for new interfaces"
 msgstr "interfaţă necunoscută %s"
 
-#: option.c:510
+#: option.c:539
 msgid "Export local names to global DNS"
 msgstr ""
 
-#: option.c:511
+#: option.c:540
 msgid "Domain to export to global DNS"
 msgstr ""
 
-#: option.c:512
+#: option.c:541
 msgid "Set TTL for authoritative replies"
 msgstr ""
 
-#: option.c:513
+#: option.c:542
 msgid "Set authoritative zone information"
 msgstr ""
 
-#: option.c:514
+#: option.c:543
 msgid "Secondary authoritative nameservers for forward domains"
 msgstr ""
 
-#: option.c:515
+#: option.c:544
 msgid "Peers which are allowed to do zone transfer"
 msgstr ""
 
-#: option.c:516
+#: option.c:545
 msgid "Specify ipsets to which matching domains should be added"
 msgstr ""
 
-#: option.c:517
+#: option.c:546
+msgid "Specify nftables sets to which matching domains should be added"
+msgstr ""
+
+#: option.c:547
 msgid "Enable filtering of DNS queries with connection-track marks."
 msgstr ""
 
-#: option.c:518
+#: option.c:548
 msgid "Set allowed DNS patterns for a connection-track mark."
 msgstr ""
 
-#: option.c:519
+#: option.c:549
 msgid "Specify a domain and address range for synthesised names"
 msgstr ""
 
-#: option.c:520
+#: option.c:550
 msgid "Activate DNSSEC validation"
 msgstr ""
 
-#: option.c:521
+#: option.c:551
 msgid "Specify trust anchor key digest."
 msgstr ""
 
-#: option.c:522
+#: option.c:552
 msgid "Disable upstream checking for DNSSEC debugging."
 msgstr ""
 
-#: option.c:523
+#: option.c:553
 msgid "Ensure answers without DNSSEC are in unsigned zones."
 msgstr ""
 
-#: option.c:524
+#: option.c:554
 msgid "Don't check DNSSEC signature timestamps until first cache-reload"
 msgstr ""
 
-#: option.c:525
+#: option.c:555
 msgid "Timestamp file to verify system clock for DNSSEC"
 msgstr ""
 
-#: option.c:526
+#: option.c:556
 msgid "Set MTU, priority, resend-interval and router-lifetime"
 msgstr ""
 
-#: option.c:527
+#: option.c:557
 msgid "Do not log routine DHCP."
 msgstr ""
 
-#: option.c:528
+#: option.c:558
 msgid "Do not log routine DHCPv6."
 msgstr ""
 
-#: option.c:529
+#: option.c:559
 msgid "Do not log RA."
 msgstr ""
 
-#: option.c:530
+#: option.c:560
 msgid "Log debugging information."
 msgstr ""
 
-#: option.c:531
+#: option.c:561
 msgid "Accept queries only from directly-connected networks."
 msgstr ""
 
-#: option.c:532
+#: option.c:562
 msgid "Detect and remove DNS forwarding loops."
 msgstr ""
 
-#: option.c:533
+#: option.c:563
 msgid "Ignore DNS responses containing ipaddr."
 msgstr ""
 
-#: option.c:534
+#: option.c:564
 msgid "Set TTL in DNS responses with DHCP-derived addresses."
 msgstr ""
 
-#: option.c:535
+#: option.c:565
 msgid "Delay DHCP replies for at least number of seconds."
 msgstr ""
 
-#: option.c:536
+#: option.c:566
 msgid "Enables DHCPv4 Rapid Commit option."
 msgstr ""
 
-#: option.c:537
+#: option.c:567
 msgid "Path to debug packet dump file"
 msgstr ""
 
-#: option.c:538
+#: option.c:568
 msgid "Mask which packets to dump"
 msgstr ""
 
-#: option.c:539
+#: option.c:569
 msgid "Call dhcp-script when lease expiry changes."
 msgstr ""
 
-#: option.c:540
+#: option.c:570
 msgid "Send Cisco Umbrella identifiers including remote IP."
 msgstr ""
 
-#: option.c:541
+#: option.c:571
 msgid "Do not log routine TFTP."
 msgstr ""
 
-#: option.c:771
+#: option.c:572
+msgid "Suppress round-robin ordering of DNS records."
+msgstr ""
+
+#: option.c:802
 #, c-format
 msgid ""
 "Usage: dnsmasq [options]\n"
@@ -853,397 +908,443 @@ msgstr ""
 "Utilizare: dnsmasq [opţiuni]\n"
 "\n"
 
-#: option.c:773
+#: option.c:804
 #, c-format
 msgid "Use short options only on the command line.\n"
 msgstr "Folosiţi opţiunile prescurtate doar în linie de comandă.\n"
 
-#: option.c:775
+#: option.c:806
 #, fuzzy, c-format
 msgid "Valid options are:\n"
 msgstr "Opţiunile valide sunt:\n"
 
-#: option.c:822 option.c:933
+#: option.c:853 option.c:1055
 #, fuzzy
 msgid "bad address"
 msgstr "citesc %s - %d adrese"
 
-#: option.c:847 option.c:851
+#: option.c:882 option.c:886
 msgid "bad port"
 msgstr "port invalid"
 
-#: option.c:864 option.c:893 option.c:927
+#: option.c:899 option.c:1002 option.c:1048
 msgid "interface binding not supported"
 msgstr ""
 
-#: option.c:888 option.c:922
+#: option.c:955
+msgid "Cannot resolve server name"
+msgstr ""
+
+#: option.c:991
+msgid "cannot use IPv4 server address with IPv6 source address"
+msgstr ""
+
+#: option.c:997 option.c:1043
 msgid "interface can only be specified once"
 msgstr ""
 
-#: option.c:901 option.c:4362
+#: option.c:1011 option.c:4785
 #, fuzzy
 msgid "bad interface name"
 msgstr "nume MX invalid"
 
-#: option.c:1192
+#: option.c:1037
+msgid "cannot use IPv6 server address with IPv4 source address"
+msgstr ""
+
+#: option.c:1124
+#, fuzzy
+msgid "bad IPv4 prefix length"
+msgstr "port invalid"
+
+#: option.c:1155 option.c:1165 option.c:1240 option.c:1250 option.c:5360
+msgid "error"
+msgstr "eroare"
+
+#: option.c:1207
+#, fuzzy
+msgid "bad IPv6 prefix length"
+msgstr "port invalid"
+
+#: option.c:1467
 msgid "inappropriate vendor:"
 msgstr ""
 
-#: option.c:1199
+#: option.c:1474
 msgid "inappropriate encap:"
 msgstr ""
 
-#: option.c:1225
+#: option.c:1500
 msgid "unsupported encapsulation for IPv6 option"
 msgstr ""
 
-#: option.c:1239
+#: option.c:1514
 msgid "bad dhcp-option"
 msgstr "dhcp-option invalid"
 
-#: option.c:1317
+#: option.c:1592
 #, fuzzy
 msgid "bad IP address"
 msgstr "citesc %s - %d adrese"
 
-#: option.c:1320 option.c:1459 option.c:3551
+#: option.c:1595 option.c:1734 option.c:3928
 #, fuzzy
 msgid "bad IPv6 address"
 msgstr "citesc %s - %d adrese"
 
-#: option.c:1413
+#: option.c:1688
 #, fuzzy
 msgid "bad IPv4 address"
 msgstr "citesc %s - %d adrese"
 
-#: option.c:1486 option.c:1581
+#: option.c:1761 option.c:1856
 msgid "bad domain in dhcp-option"
 msgstr "domeniu DNS invalid în declaraţia dhcp-option"
 
-#: option.c:1625
+#: option.c:1900
 msgid "dhcp-option too long"
 msgstr "declararea dhcp-option este prea lungă"
 
-#: option.c:1632
+#: option.c:1907
 msgid "illegal dhcp-match"
 msgstr ""
 
-#: option.c:1691
+#: option.c:1966
 msgid "illegal repeated flag"
 msgstr ""
 
-#: option.c:1699
+#: option.c:1974
 msgid "illegal repeated keyword"
 msgstr ""
 
-#: option.c:1770 option.c:5080
+#: option.c:2056 option.c:5533
 #, fuzzy, c-format
 msgid "cannot access directory %s: %s"
 msgstr "nu pot citi %s: %s"
 
-#: option.c:1816 tftp.c:566 dump.c:68
+#: option.c:2102 tftp.c:573 dump.c:72
 #, fuzzy, c-format
 msgid "cannot access %s: %s"
 msgstr "nu pot citi %s: %s"
 
-#: option.c:1931
+#: option.c:2219
 msgid "setting log facility is not possible under Android"
 msgstr ""
 
-#: option.c:1940
+#: option.c:2228
 msgid "bad log facility"
 msgstr ""
 
-#: option.c:1993
+#: option.c:2281
 msgid "bad MX preference"
 msgstr "preferinţă MX invalidă"
 
-#: option.c:1998
+#: option.c:2289
 msgid "bad MX name"
 msgstr "nume MX invalid"
 
-#: option.c:2012
+#: option.c:2304
 msgid "bad MX target"
 msgstr "ţintă MX invalidă"
 
-#: option.c:2032
+#: option.c:2324
 msgid "recompile with HAVE_SCRIPT defined to enable lease-change scripts"
 msgstr ""
 
-#: option.c:2036
+#: option.c:2328
 msgid "recompile with HAVE_LUASCRIPT defined to enable Lua scripts"
 msgstr ""
 
-#: option.c:2291 option.c:2327
+#: option.c:2447
+#, fuzzy
+msgid "invalid auth-zone"
+msgstr "pondere invalidă"
+
+#: option.c:2589 option.c:2621
 #, fuzzy
 msgid "bad prefix length"
 msgstr "port invalid"
 
-#: option.c:2303 option.c:2348 option.c:2398
+#: option.c:2601 option.c:2642 option.c:2696
 #, fuzzy
 msgid "bad prefix"
 msgstr "port invalid"
 
-#: option.c:2418
+#: option.c:2716
 msgid "prefix length too small"
 msgstr ""
 
-#: option.c:2697
+#: option.c:3010
 #, fuzzy
 msgid "Bad address in --address"
 msgstr "adresa este folosită"
 
-#: option.c:2751
-#, fuzzy
-msgid "bad IPv4 prefix"
-msgstr "port invalid"
-
-#: option.c:2756 option.c:3569
-#, fuzzy
-msgid "bad IPv6 prefix"
-msgstr "port invalid"
-
-#: option.c:2777
+#: option.c:3110
 msgid "recompile with HAVE_IPSET defined to enable ipset directives"
 msgstr ""
 
-#: option.c:2843 option.c:2861
+#: option.c:3117
+msgid "recompile with HAVE_NFTSET defined to enable nftset directives"
+msgstr ""
+
+#: option.c:3192 option.c:3210
 msgid "recompile with HAVE_CONNTRACK defined to enable connmark-allowlist directives"
 msgstr ""
 
-#: option.c:3119
+#: option.c:3496
 #, fuzzy
 msgid "bad port range"
 msgstr "port invalid"
 
-#: option.c:3145
+#: option.c:3522
 msgid "bad bridge-interface"
 msgstr ""
 
-#: option.c:3189
+#: option.c:3566
 msgid "bad shared-network"
 msgstr ""
 
-#: option.c:3243
+#: option.c:3620
 msgid "only one tag allowed"
 msgstr ""
 
-#: option.c:3264 option.c:3280 option.c:3406 option.c:3414 option.c:3457
+#: option.c:3641 option.c:3657 option.c:3783 option.c:3791 option.c:3834
 msgid "bad dhcp-range"
 msgstr "dhcp-range invalid"
 
-#: option.c:3298
+#: option.c:3675
 msgid "inconsistent DHCP range"
 msgstr "domeniu DHCP inconsistent"
 
-#: option.c:3364
+#: option.c:3741
 msgid "prefix length must be exactly 64 for RA subnets"
 msgstr ""
 
-#: option.c:3366
+#: option.c:3743
 msgid "prefix length must be exactly 64 for subnet constructors"
 msgstr ""
 
-#: option.c:3369
+#: option.c:3746
 msgid "prefix length must be at least 64"
 msgstr ""
 
-#: option.c:3372
+#: option.c:3749
 #, fuzzy
 msgid "inconsistent DHCPv6 range"
 msgstr "domeniu DHCP inconsistent"
 
-#: option.c:3391
+#: option.c:3768
 msgid "prefix must be zero with \"constructor:\" argument"
 msgstr ""
 
-#: option.c:3516 option.c:3594
+#: option.c:3893 option.c:3971
 #, fuzzy
 msgid "bad hex constant"
 msgstr "dhcp-host invalid"
 
-#: option.c:3617
+#: option.c:3946
+#, fuzzy
+msgid "bad IPv6 prefix"
+msgstr "port invalid"
+
+#: option.c:3994
 #, fuzzy, c-format
 msgid "duplicate dhcp-host IP address %s"
 msgstr "adresă IP duplicat %s în declaraţia dhcp-config."
 
-#: option.c:3678
+#: option.c:4056
 #, fuzzy
 msgid "bad DHCP host name"
 msgstr "nume MX invalid"
 
-#: option.c:3764
+#: option.c:4142
 #, fuzzy
 msgid "bad tag-if"
 msgstr "ţintă MX invalidă"
 
-#: option.c:4107 option.c:4623
+#: option.c:4490 option.c:5046
 msgid "invalid port number"
 msgstr "număr de port invalid"
 
-#: option.c:4163
+#: option.c:4546
 #, fuzzy
 msgid "bad dhcp-proxy address"
 msgstr "citesc %s - %d adrese"
 
-#: option.c:4204
+#: option.c:4627
 #, fuzzy
 msgid "Bad dhcp-relay"
 msgstr "dhcp-range invalid"
 
-#: option.c:4248
+#: option.c:4671
 msgid "bad RA-params"
 msgstr ""
 
-#: option.c:4258
+#: option.c:4681
 msgid "bad DUID"
 msgstr ""
 
-#: option.c:4292
+#: option.c:4715
 #, fuzzy
 msgid "missing address in alias"
 msgstr "adresa este folosită"
 
-#: option.c:4298
+#: option.c:4721
 #, fuzzy
 msgid "invalid alias range"
 msgstr "pondere invalidă"
 
-#: option.c:4347
+#: option.c:4770
 #, fuzzy
 msgid "missing address in dynamic host"
 msgstr "adresa este folosită"
 
-#: option.c:4362
+#: option.c:4785
 #, fuzzy
 msgid "bad dynamic host"
 msgstr "nu pot citi %s: %s"
 
-#: option.c:4380 option.c:4396
+#: option.c:4803 option.c:4819
 msgid "bad CNAME"
 msgstr ""
 
-#: option.c:4404
+#: option.c:4827
 msgid "duplicate CNAME"
 msgstr ""
 
-#: option.c:4431
+#: option.c:4854
 #, fuzzy
 msgid "bad PTR record"
 msgstr "înregistrare SRV invalidă"
 
-#: option.c:4466
+#: option.c:4889
 #, fuzzy
 msgid "bad NAPTR record"
 msgstr "înregistrare SRV invalidă"
 
-#: option.c:4502
+#: option.c:4925
 #, fuzzy
 msgid "bad RR record"
 msgstr "înregistrare SRV invalidă"
 
-#: option.c:4535
+#: option.c:4958
 #, fuzzy
 msgid "bad CAA record"
 msgstr "înregistrare SRV invalidă"
 
-#: option.c:4564
+#: option.c:4987
 msgid "bad TXT record"
 msgstr "înregistrare TXT invalidă"
 
-#: option.c:4607
+#: option.c:5030
 msgid "bad SRV record"
 msgstr "înregistrare SRV invalidă"
 
-#: option.c:4614
+#: option.c:5037
 msgid "bad SRV target"
 msgstr "ţintă SRV invalidă"
 
-#: option.c:4633
+#: option.c:5056
 msgid "invalid priority"
 msgstr "prioritate invalidă"
 
-#: option.c:4638
+#: option.c:5061
 msgid "invalid weight"
 msgstr "pondere invalidă"
 
-#: option.c:4661
+#: option.c:5084
 #, fuzzy
 msgid "Bad host-record"
 msgstr "înregistrare SRV invalidă"
 
-#: option.c:4700
+#: option.c:5123
 #, fuzzy
 msgid "Bad name in host-record"
 msgstr "nume invalid în %s"
 
-#: option.c:4742
+#: option.c:5165
 msgid "bad value for dnssec-check-unsigned"
 msgstr ""
 
-#: option.c:4778
+#: option.c:5201
 #, fuzzy
 msgid "bad trust anchor"
 msgstr "port invalid"
 
-#: option.c:4794
+#: option.c:5217
 msgid "bad HEX in trust anchor"
 msgstr ""
 
-#: option.c:4805
+#: option.c:5228
 msgid "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)"
 msgstr ""
 
-#: option.c:4865
+#: option.c:5290
 msgid "missing \""
 msgstr "lipseşte \""
 
-#: option.c:4922
+#: option.c:5347
 msgid "bad option"
 msgstr "opţiune invalidă"
 
-#: option.c:4924
+#: option.c:5349
 msgid "extraneous parameter"
 msgstr "parametru nerecunoscut"
 
-#: option.c:4926
+#: option.c:5351
 msgid "missing parameter"
 msgstr "parametru lipsa"
 
-#: option.c:4928
+#: option.c:5353
 #, fuzzy
 msgid "illegal option"
 msgstr "opţiune invalidă"
 
-#: option.c:4935
-msgid "error"
-msgstr "eroare"
+#: option.c:5363
+#, c-format
+msgid " in output from %s"
+msgstr ""
 
-#: option.c:4937
+#: option.c:5365
 #, fuzzy, c-format
 msgid " at line %d of %s"
 msgstr "%s la linia %d din %%s"
 
-#: option.c:4952 option.c:5229 option.c:5240
+#: option.c:5380 option.c:5683 option.c:5694
 #, fuzzy, c-format
 msgid "read %s"
 msgstr "citesc %s"
 
-#: option.c:5015 option.c:5162 tftp.c:775
+#: option.c:5446
+#, fuzzy, c-format
+msgid "cannot execute %s: %s"
+msgstr "nu pot citi %s: %s"
+
+#: option.c:5454 option.c:5615 tftp.c:790
 #, c-format
 msgid "cannot read %s: %s"
 msgstr "nu pot citi %s: %s"
 
-#: option.c:5316
+#: option.c:5473
+#, fuzzy, c-format
+msgid "error executing %s: %s"
+msgstr "accesarea serverului %s a eşuat: %s"
+
+#: option.c:5476
+#, c-format
+msgid "%s returns non-zero error code"
+msgstr ""
+
+#: option.c:5775
 msgid "junk found in command line"
 msgstr ""
 
-#: option.c:5356
+#: option.c:5815
 #, c-format
 msgid "Dnsmasq version %s  %s\n"
 msgstr "dnsmasq versiunea %s  %s\n"
 
-#: option.c:5357
+#: option.c:5816
 #, fuzzy, c-format
 msgid ""
 "Compile time options: %s\n"
@@ -1252,664 +1353,703 @@ msgstr ""
 "Opţiuni cu care a fost compilat %s\n"
 "\n"
 
-#: option.c:5358
+#: option.c:5817
 #, c-format
 msgid "This software comes with ABSOLUTELY NO WARRANTY.\n"
 msgstr "Acest program vine FĂRĂ NICI O GARANŢIE.\n"
 
-#: option.c:5359
+#: option.c:5818
 #, c-format
 msgid "Dnsmasq is free software, and you are welcome to redistribute it\n"
 msgstr "Dnsmasq este un program gratuit, sunteţi invitaţi să-l redistribuiţi\n"
 
-#: option.c:5360
+#: option.c:5819
 #, fuzzy, c-format
 msgid "under the terms of the GNU General Public License, version 2 or 3.\n"
 msgstr "în termenii Licenţei publice generale GNU, versiunea 2.\n"
 
-#: option.c:5377
+#: option.c:5836
 msgid "try --help"
 msgstr ""
 
-#: option.c:5379
+#: option.c:5838
 msgid "try -w"
 msgstr ""
 
-#: option.c:5381
+#: option.c:5840
 #, fuzzy, c-format
 msgid "bad command line options: %s"
 msgstr "opţiuni în linie de comandă invalide: %s."
 
-#: option.c:5450
+#: option.c:5909
 #, c-format
 msgid "CNAME loop involving %s"
 msgstr ""
 
-#: option.c:5491
+#: option.c:5950
 #, c-format
 msgid "cannot get host-name: %s"
 msgstr "nu pot citi numele maşinii: %s"
 
-#: option.c:5519
+#: option.c:5978
 msgid "only one resolv.conf file allowed in no-poll mode."
 msgstr "se permite un singur fişier resolv.conf în modul no-poll"
 
-#: option.c:5529
+#: option.c:5988
 msgid "must have exactly one resolv.conf to read domain from."
 msgstr "am nevoie de un singur resolv.conf din care să citesc numele domeniului."
 
-#: option.c:5532 network.c:1670 dhcp.c:880
+#: option.c:5991 network.c:1727 dhcp.c:892
 #, fuzzy, c-format
 msgid "failed to read %s: %s"
 msgstr "nu pot citi %s: %s"
 
-#: option.c:5549
+#: option.c:6008
 #, c-format
 msgid "no search directive found in %s"
 msgstr "nu s-a găsit nici un criteriu de căutare în %s"
 
-#: option.c:5570
+#: option.c:6029
 msgid "there must be a default domain when --dhcp-fqdn is set"
 msgstr ""
 
-#: option.c:5579
+#: option.c:6038
 msgid "syntax check OK"
 msgstr ""
 
-#: forward.c:104
+#: forward.c:107
 #, fuzzy, c-format
 msgid "failed to send packet: %s"
 msgstr "ascultarea pe socket a eşuat: %s"
 
-#: forward.c:601
+#: forward.c:715
 msgid "discarding DNS reply: subnet option mismatch"
 msgstr ""
 
-#: forward.c:666
+#: forward.c:780
 #, c-format
 msgid "nameserver %s refused to do a recursive query"
 msgstr "serverul DNS %s refuză interogările recursive"
 
-#: forward.c:702
+#: forward.c:826
 #, c-format
 msgid "possible DNS-rebind attack detected: %s"
 msgstr ""
 
-#: forward.c:1074
+#: forward.c:1239
 #, c-format
 msgid "reducing DNS packet size for nameserver %s to %d"
 msgstr ""
 
-#: forward.c:1381 forward.c:1910
-msgid "Ignoring query from non-local network"
+#: forward.c:1565
+#, c-format
+msgid "ignoring query from non-local network %s (logged only once)"
+msgstr ""
+
+#: forward.c:2139
+#, c-format
+msgid "ignoring query from non-local network %s"
 msgstr ""
 
-#: forward.c:2198
+#: forward.c:2501
 #, fuzzy, c-format
 msgid "failed to bind server socket to %s: %s"
 msgstr "activarea socket-ului de ascultare pentru %s a eşuat: %s"
 
-#: forward.c:2494
+#: forward.c:2867
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries reached (max: %d)"
 msgstr "Specifică numărul maxim de împrumuturi DHCP (implicit %s)."
 
-#: forward.c:2496
+#: forward.c:2869
 #, fuzzy, c-format
 msgid "Maximum number of concurrent DNS queries to %s reached (max: %d)"
 msgstr "Specifică numărul maxim de împrumuturi DHCP (implicit %s)."
 
-#: network.c:670
+#: network.c:700
 #, c-format
 msgid "stopped listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:867
+#: network.c:911
 #, fuzzy, c-format
 msgid "failed to create listening socket for %s: %s"
 msgstr "creearea socket-ului de ascultare a eşuat: %s"
 
-#: network.c:1148
+#: network.c:1192
 #, c-format
 msgid "listening on %s(#%d): %s port %d"
 msgstr ""
 
-#: network.c:1175
+#: network.c:1219
 #, fuzzy, c-format
 msgid "listening on %s port %d"
 msgstr "nu pot citi %s: %s"
 
-#: network.c:1208
+#: network.c:1252
 #, c-format
 msgid "LOUD WARNING: listening on %s may accept requests via interfaces other than %s"
 msgstr ""
 
-#: network.c:1215
+#: network.c:1259
 msgid "LOUD WARNING: use --bind-dynamic rather than --bind-interfaces to avoid DNS amplification attacks via these interface(s)"
 msgstr ""
 
-#: network.c:1224
+#: network.c:1268
 #, fuzzy, c-format
 msgid "warning: using interface %s instead"
 msgstr "atenţie: interfaţa %s nu există momentan"
 
-#: network.c:1233
+#: network.c:1277
 #, fuzzy, c-format
 msgid "warning: no addresses found for interface %s"
 msgstr "folosim adresele locale doar pentru %S %s"
 
-#: network.c:1291
+#: network.c:1335
 #, fuzzy, c-format
 msgid "interface %s failed to join DHCPv6 multicast group: %s"
 msgstr "activarea socket-ului server-ului DHCP a eşuat: %s"
 
-#: network.c:1296
+#: network.c:1340
 msgid "try increasing /proc/sys/net/core/optmem_max"
 msgstr ""
 
-#: network.c:1492
+#: network.c:1545
 #, fuzzy, c-format
 msgid "failed to bind server socket for %s: %s"
 msgstr "activarea socket-ului de ascultare pentru %s a eşuat: %s"
 
-#: network.c:1569
+#: network.c:1622
 #, c-format
 msgid "ignoring nameserver %s - local interface"
 msgstr "ignorăm serverul DNS %s - interfaţă locală"
 
-#: network.c:1580
+#: network.c:1633
 #, fuzzy, c-format
 msgid "ignoring nameserver %s - cannot make/bind socket: %s"
 msgstr "ignorăm serverul DNS %s - nu pot creea/activa socket-ul: %s"
 
-#: network.c:1598
+#: network.c:1643
+msgid "more servers are defined but not logged"
+msgstr ""
+
+#: network.c:1654
 msgid "(no DNSSEC)"
 msgstr ""
 
-#: network.c:1601
+#: network.c:1657
 msgid "unqualified"
 msgstr "invalid"
 
-#: network.c:1601
+#: network.c:1657
 msgid "names"
 msgstr ""
 
-#: network.c:1603
+#: network.c:1659
 msgid "default"
 msgstr ""
 
-#: network.c:1605
+#: network.c:1661
 msgid "domain"
 msgstr "domeniu"
 
-#: network.c:1607
+#: network.c:1663
 #, fuzzy, c-format
 msgid "using nameserver %s#%d for %s %s%s %s"
 msgstr "folosim serverul DNS %s#%d pentru %s %s"
 
-#: network.c:1611
+#: network.c:1667
 #, fuzzy, c-format
 msgid "NOT using nameserver %s#%d - query loop detected"
 msgstr "folosim serverul DNS %s#%d pentru %s %s"
 
-#: network.c:1614
+#: network.c:1670
 #, fuzzy, c-format
 msgid "using nameserver %s#%d(via %s)"
 msgstr "folosim serverul DNS %s#%d"
 
-#: network.c:1616
+#: network.c:1672
 #, c-format
 msgid "using nameserver %s#%d"
 msgstr "folosim serverul DNS %s#%d"
 
-#: network.c:1630
+#: network.c:1687
 #, fuzzy, c-format
 msgid "using only locally-known addresses for %s"
 msgstr "folosim adresele locale doar pentru %S %s"
 
-#: network.c:1633
+#: network.c:1690
 #, fuzzy, c-format
 msgid "using standard nameservers for %s"
 msgstr "folosim serverul DNS %s#%d pentru %s %s"
 
-#: network.c:1637
+#: network.c:1694
 #, fuzzy, c-format
 msgid "using %d more local addresses"
 msgstr "folosim serverul DNS %s#%d"
 
-#: network.c:1639
+#: network.c:1696
 #, fuzzy, c-format
 msgid "using %d more nameservers"
 msgstr "folosim serverul DNS %s#%d"
 
-#: dnsmasq.c:184
+#: dnsmasq.c:192
 msgid "dhcp-hostsdir, dhcp-optsdir and hostsdir are not supported on this platform"
 msgstr ""
 
-#: dnsmasq.c:199
+#: dnsmasq.c:207
 msgid "no root trust anchor provided for DNSSEC"
 msgstr ""
 
-#: dnsmasq.c:202
+#: dnsmasq.c:210
 msgid "cannot reduce cache size from default when DNSSEC enabled"
 msgstr ""
 
-#: dnsmasq.c:204
+#: dnsmasq.c:212
 #, fuzzy
 msgid "DNSSEC not available: set HAVE_DNSSEC in src/config.h"
 msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
 
-#: dnsmasq.c:210
+#: dnsmasq.c:218
 #, fuzzy
 msgid "TFTP server not available: set HAVE_TFTP in src/config.h"
 msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
 
-#: dnsmasq.c:217
+#: dnsmasq.c:225
 msgid "cannot use --conntrack AND --query-port"
 msgstr ""
 
-#: dnsmasq.c:223
+#: dnsmasq.c:231
 #, fuzzy
 msgid "conntrack support not available: set HAVE_CONNTRACK in src/config.h"
 msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
 
-#: dnsmasq.c:228
+#: dnsmasq.c:236
 msgid "asynchronous logging is not available under Solaris"
 msgstr ""
 
-#: dnsmasq.c:233
+#: dnsmasq.c:241
 msgid "asynchronous logging is not available under Android"
 msgstr ""
 
-#: dnsmasq.c:238
+#: dnsmasq.c:246
 #, fuzzy
 msgid "authoritative DNS not available: set HAVE_AUTH in src/config.h"
 msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
 
-#: dnsmasq.c:243
+#: dnsmasq.c:251
 #, fuzzy
 msgid "loop detection not available: set HAVE_LOOP in src/config.h"
 msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
 
-#: dnsmasq.c:248
+#: dnsmasq.c:256
 #, fuzzy
 msgid "Ubus not available: set HAVE_UBUS in src/config.h"
 msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
 
-#: dnsmasq.c:259
+#: dnsmasq.c:267
 msgid "max_port cannot be smaller than min_port"
 msgstr ""
 
-#: dnsmasq.c:266
+#: dnsmasq.c:271
+msgid "port_limit must not be larger than available port range"
+msgstr ""
+
+#: dnsmasq.c:278
 msgid "--auth-server required when an auth zone is defined."
 msgstr ""
 
-#: dnsmasq.c:271
+#: dnsmasq.c:283
 msgid "zone serial must be configured in --auth-soa"
 msgstr ""
 
-#: dnsmasq.c:291
+#: dnsmasq.c:303
 msgid "dhcp-range constructor not available on this platform"
 msgstr ""
 
-#: dnsmasq.c:355
+#: dnsmasq.c:377
 msgid "cannot set --bind-interfaces and --bind-dynamic"
 msgstr ""
 
-#: dnsmasq.c:358
+#: dnsmasq.c:380
 #, c-format
 msgid "failed to find list of interfaces: %s"
 msgstr "enumerarea interfeţelor a eşuat: %s"
 
-#: dnsmasq.c:367
+#: dnsmasq.c:389
 #, c-format
 msgid "unknown interface %s"
 msgstr "interfaţă necunoscută %s"
 
-#: dnsmasq.c:437
+#: dnsmasq.c:396
+#, fuzzy, c-format
+msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
+msgstr "configurarea SO_REUSEADDR pe socket-ul DHCP a eşuat: %s"
+
+#: dnsmasq.c:440
 #, fuzzy
 msgid "Packet dumps not available: set HAVE_DUMP in src/config.h"
 msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
 
-#: dnsmasq.c:445 dnsmasq.c:1207
+#: dnsmasq.c:448 dnsmasq.c:1232
 #, c-format
 msgid "DBus error: %s"
 msgstr "eroare DBus: %s"
 
-#: dnsmasq.c:448
+#: dnsmasq.c:451
 msgid "DBus not available: set HAVE_DBUS in src/config.h"
 msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
 
-#: dnsmasq.c:456 dnsmasq.c:1228
+#: dnsmasq.c:459 dnsmasq.c:1253
 #, fuzzy, c-format
 msgid "UBus error: %s"
 msgstr "eroare DBus: %s"
 
-#: dnsmasq.c:459
+#: dnsmasq.c:462
 #, fuzzy
 msgid "UBus not available: set HAVE_UBUS in src/config.h"
 msgstr "DBus nu este disponibil: puneţi HAVE_DBUS in src/config.h"
 
-#: dnsmasq.c:489
+#: dnsmasq.c:492
 #, c-format
 msgid "unknown user or group: %s"
 msgstr ""
 
-#: dnsmasq.c:565
+#: dnsmasq.c:568
 #, c-format
 msgid "process is missing required capability %s"
 msgstr ""
 
-#: dnsmasq.c:597
+#: dnsmasq.c:600
 #, c-format
 msgid "cannot chdir to filesystem root: %s"
 msgstr ""
 
-#: dnsmasq.c:845
+#: dnsmasq.c:852
 #, fuzzy, c-format
 msgid "started, version %s DNS disabled"
 msgstr "am pornit, versiunea %s memorie temporară dezactivată"
 
-#: dnsmasq.c:850
+#: dnsmasq.c:857
 #, c-format
 msgid "started, version %s cachesize %d"
 msgstr "am ponit, versiunea %s memorie temporară %d"
 
-#: dnsmasq.c:852
+#: dnsmasq.c:859
 msgid "cache size greater than 10000 may cause performance issues, and is unlikely to be useful."
 msgstr ""
 
-#: dnsmasq.c:855
+#: dnsmasq.c:862
 #, c-format
 msgid "started, version %s cache disabled"
 msgstr "am pornit, versiunea %s memorie temporară dezactivată"
 
-#: dnsmasq.c:858
+#: dnsmasq.c:865
 msgid "DNS service limited to local subnets"
 msgstr ""
 
-#: dnsmasq.c:861
+#: dnsmasq.c:868
 #, c-format
 msgid "compile time options: %s"
 msgstr "compilat cu opţiunile: %s"
 
-#: dnsmasq.c:870
+#: dnsmasq.c:877
 msgid "DBus support enabled: connected to system bus"
 msgstr "suportul DBus activ: sunt conectat la magistrala sistem"
 
-#: dnsmasq.c:872
+#: dnsmasq.c:879
 msgid "DBus support enabled: bus connection pending"
 msgstr "suportul DBus activ: aştept conexiunea la magistrală"
 
-#: dnsmasq.c:880
+#: dnsmasq.c:887
 #, fuzzy
 msgid "UBus support enabled: connected to system bus"
 msgstr "suportul DBus activ: sunt conectat la magistrala sistem"
 
-#: dnsmasq.c:882
+#: dnsmasq.c:889
 #, fuzzy
 msgid "UBus support enabled: bus connection pending"
 msgstr "suportul DBus activ: aştept conexiunea la magistrală"
 
-#: dnsmasq.c:902
+#: dnsmasq.c:909
 msgid "DNSSEC validation enabled but all unsigned answers are trusted"
 msgstr ""
 
-#: dnsmasq.c:904
+#: dnsmasq.c:911
 msgid "DNSSEC validation enabled"
 msgstr ""
 
-#: dnsmasq.c:908
+#: dnsmasq.c:915
 msgid "DNSSEC signature timestamps not checked until receipt of SIGINT"
 msgstr ""
 
-#: dnsmasq.c:911
+#: dnsmasq.c:918
 msgid "DNSSEC signature timestamps not checked until system time valid"
 msgstr ""
 
-#: dnsmasq.c:914
+#: dnsmasq.c:921
 #, c-format
 msgid "configured with trust anchor for %s keytag %u"
 msgstr ""
 
 # for compatibility purposes the letters â, ă, ş, ţ and î can be written as their look-alike correspondent.
-#: dnsmasq.c:920
+#: dnsmasq.c:927
 #, fuzzy, c-format
 msgid "warning: failed to change owner of %s: %s"
 msgstr "încărcarea numelor din %s: %s a eşuat"
 
-#: dnsmasq.c:924
+#: dnsmasq.c:932
 msgid "setting --bind-interfaces option because of OS limitations"
 msgstr "specific opţiunea --bind-interfaces din cauza limitărilor SO"
 
-#: dnsmasq.c:936
+#: dnsmasq.c:945
 #, c-format
 msgid "warning: interface %s does not currently exist"
 msgstr "atenţie: interfaţa %s nu există momentan"
 
-#: dnsmasq.c:941
+#: dnsmasq.c:950
 msgid "warning: ignoring resolv-file flag because no-resolv is set"
 msgstr ""
 
-#: dnsmasq.c:944
+#: dnsmasq.c:953
 #, fuzzy
 msgid "warning: no upstream servers configured"
 msgstr "configurăm serverele superioare prin Dbus"
 
-#: dnsmasq.c:948
+#: dnsmasq.c:957
 #, c-format
 msgid "asynchronous logging enabled, queue limit is %d messages"
 msgstr ""
 
-#: dnsmasq.c:969
+#: dnsmasq.c:978
 msgid "IPv6 router advertisement enabled"
 msgstr ""
 
-#: dnsmasq.c:974
+#: dnsmasq.c:983
 #, c-format
 msgid "DHCP, sockets bound exclusively to interface %s"
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 msgid "root is "
 msgstr ""
 
-#: dnsmasq.c:991
+#: dnsmasq.c:1000
 #, fuzzy
 msgid "enabled"
 msgstr "dezactivat"
 
-#: dnsmasq.c:993
+#: dnsmasq.c:1002
 msgid "secure mode"
 msgstr ""
 
-#: dnsmasq.c:994
+#: dnsmasq.c:1003
 #, fuzzy
 msgid "single port mode"
 msgstr "număr de port invalid"
 
-#: dnsmasq.c:997
+#: dnsmasq.c:1006
 #, c-format
 msgid "warning: %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1001
+#: dnsmasq.c:1010
 #, c-format
 msgid "warning: TFTP directory %s inaccessible"
 msgstr ""
 
-#: dnsmasq.c:1027
+#: dnsmasq.c:1036
 #, c-format
 msgid "restricting maximum simultaneous TFTP transfers to %d"
 msgstr ""
 
-#: dnsmasq.c:1204
+#: dnsmasq.c:1095
+#, c-format
+msgid "error binding DHCP socket to device %s"
+msgstr ""
+
+#: dnsmasq.c:1229
 msgid "connected to system DBus"
 msgstr "magistrala sistem Dbus conectată"
 
-#: dnsmasq.c:1225
+#: dnsmasq.c:1250
 #, fuzzy
 msgid "connected to system UBus"
 msgstr "magistrala sistem Dbus conectată"
 
-#: dnsmasq.c:1391
+#: dnsmasq.c:1416
 #, c-format
 msgid "cannot fork into background: %s"
 msgstr ""
 
-#: dnsmasq.c:1395
+#: dnsmasq.c:1420
 #, fuzzy, c-format
 msgid "failed to create helper: %s"
 msgstr "nu pot citi %s: %s"
 
-#: dnsmasq.c:1399
+#: dnsmasq.c:1424
 #, c-format
 msgid "setting capabilities failed: %s"
 msgstr ""
 
 # for compatibility purposes the letters â, ă, ş, ţ and î can be written as their look-alike correspondent.
-#: dnsmasq.c:1403
+#: dnsmasq.c:1428
 #, fuzzy, c-format
 msgid "failed to change user-id to %s: %s"
 msgstr "încărcarea numelor din %s: %s a eşuat"
 
 # for compatibility purposes the letters â, ă, ş, ţ and î can be written as their look-alike correspondent.
-#: dnsmasq.c:1407
+#: dnsmasq.c:1432
 #, fuzzy, c-format
 msgid "failed to change group-id to %s: %s"
 msgstr "încărcarea numelor din %s: %s a eşuat"
 
-#: dnsmasq.c:1411
+#: dnsmasq.c:1436
 #, fuzzy, c-format
 msgid "failed to open pidfile %s: %s"
 msgstr "nu pot citi %s: %s"
 
-#: dnsmasq.c:1415
+#: dnsmasq.c:1440
 #, fuzzy, c-format
 msgid "cannot open log %s: %s"
 msgstr "nu pot deschide %s:%s"
 
-#: dnsmasq.c:1419
+#: dnsmasq.c:1444
 #, fuzzy, c-format
 msgid "failed to load Lua script: %s"
 msgstr "nu pot încărca %s: %s"
 
-#: dnsmasq.c:1423
+#: dnsmasq.c:1448
 #, c-format
 msgid "TFTP directory %s inaccessible: %s"
 msgstr ""
 
-#: dnsmasq.c:1427
+#: dnsmasq.c:1452
 #, fuzzy, c-format
 msgid "cannot create timestamp file %s: %s"
 msgstr "nu pot creea sau deschide fişierul cu împrumuturi: %s"
 
-#: dnsmasq.c:1511
+#: dnsmasq.c:1536
 #, c-format
 msgid "script process killed by signal %d"
 msgstr ""
 
-#: dnsmasq.c:1515
+#: dnsmasq.c:1540
 #, c-format
 msgid "script process exited with status %d"
 msgstr ""
 
-#: dnsmasq.c:1519
+#: dnsmasq.c:1544
 #, fuzzy, c-format
 msgid "failed to execute %s: %s"
 msgstr "accesarea serverului %s a eşuat: %s"
 
-#: dnsmasq.c:1559
+#: dnsmasq.c:1584
 msgid "now checking DNSSEC signature timestamps"
 msgstr ""
 
-#: dnsmasq.c:1594 dnssec.c:160 dnssec.c:204
+#: dnsmasq.c:1619 dnssec.c:160 dnssec.c:204
 #, fuzzy, c-format
 msgid "failed to update mtime on %s: %s"
 msgstr "nu pot citi %s: %s"
 
-#: dnsmasq.c:1606
+#: dnsmasq.c:1631
 msgid "exiting on receipt of SIGTERM"
 msgstr "am primit SIGTERM, am terminat"
 
-#: dnsmasq.c:1634
+#: dnsmasq.c:1659
 #, fuzzy, c-format
 msgid "failed to access %s: %s"
 msgstr "accesarea serverului %s a eşuat: %s"
 
-#: dnsmasq.c:1664
+#: dnsmasq.c:1690
 #, c-format
 msgid "reading %s"
 msgstr "citesc %s"
 
-#: dnsmasq.c:1675
+#: dnsmasq.c:1706
 #, fuzzy, c-format
 msgid "no servers found in %s, will retry"
 msgstr "nu s-a găsit nici un criteriu de căutare în %s"
 
-#: dhcp.c:53
+#: dhcp.c:51
 #, c-format
 msgid "cannot create DHCP socket: %s"
 msgstr "nu pot creea socket DHCP: %s"
 
-#: dhcp.c:68
+#: dhcp.c:66
 #, c-format
 msgid "failed to set options on DHCP socket: %s"
 msgstr "configurarea opţiunilor socketului DHCP a eşuat: %s"
 
-#: dhcp.c:89
+#: dhcp.c:87
 #, fuzzy, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCP socket: %s"
 msgstr "configurarea SO_REUSEADDR pe socket-ul DHCP a eşuat: %s"
 
-#: dhcp.c:101
+#: dhcp.c:99
 #, c-format
 msgid "failed to bind DHCP server socket: %s"
 msgstr "activarea socket-ului server-ului DHCP a eşuat: %s"
 
-#: dhcp.c:127
+#: dhcp.c:125
 #, c-format
 msgid "cannot create ICMP raw socket: %s."
 msgstr "nu pot creea socket ICMP raw: %s."
 
-#: dhcp.c:252 dhcp6.c:180
+#: dhcp.c:254 dhcp6.c:186
 #, fuzzy, c-format
 msgid "unknown interface %s in bridge-interface"
 msgstr "interfaţă necunoscută %s"
 
-#: dhcp.c:293
+#: dhcp.c:295
 #, c-format
 msgid "DHCP packet received on %s which has no address"
 msgstr ""
 
-#: dhcp.c:428
+#: dhcp.c:429
 #, c-format
 msgid "ARP-cache injection failed: %s"
 msgstr ""
 
-#: dhcp.c:473
+#: dhcp.c:490
 #, c-format
 msgid "Error sending DHCP packet to %s: %s"
 msgstr ""
 
-#: dhcp.c:530
+#: dhcp.c:547
 #, c-format
 msgid "DHCP range %s -- %s is not consistent with netmask %s"
 msgstr "domeniu DHCP %s -- %s nu este consistent cu masca de reţea %s"
 
-#: dhcp.c:918
+#: dhcp.c:930
 #, c-format
 msgid "bad line at %s line %d"
 msgstr "linie invalidă în %s rândul %d"
 
-#: dhcp.c:961
+#: dhcp.c:973
 #, c-format
 msgid "ignoring %s line %d, duplicate name or IP address"
 msgstr ""
 
-#: dhcp.c:1105 rfc3315.c:2182
+#: dhcp.c:1034
+#, c-format
+msgid "read %s - %d addresses"
+msgstr "citesc %s - %d adrese"
+
+#: dhcp.c:1136
+#, c-format
+msgid "Cannot broadcast DHCP relay via interface %s"
+msgstr ""
+
+#: dhcp.c:1160
+#, c-format
+msgid "broadcast via %s"
+msgstr ""
+
+#: dhcp.c:1163 rfc3315.c:2219
 #, c-format
-msgid "DHCP relay %s -> %s"
+msgid "DHCP relay at %s -> %s"
 msgstr ""
 
 #: lease.c:64
@@ -1979,7 +2119,7 @@ msgstr "nici un domeniu de adrese disponibil pentru cererea DHCP %s %s"
 msgid "%u available DHCP subnet: %s/%s"
 msgstr "nici un domeniu de adrese disponibil pentru cererea DHCP %s %s"
 
-#: rfc2131.c:409 rfc3315.c:319
+#: rfc2131.c:409 rfc3315.c:320
 #, c-format
 msgid "%u available DHCP range: %s -- %s"
 msgstr ""
@@ -1998,12 +2138,12 @@ msgstr "eroare DBus: %s"
 msgid "disabled"
 msgstr "dezactivat"
 
-#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1532 rfc3315.c:632 rfc3315.c:815
-#: rfc3315.c:1121
+#: rfc2131.c:598 rfc2131.c:1087 rfc2131.c:1536 rfc3315.c:633 rfc3315.c:816
+#: rfc3315.c:1122
 msgid "ignored"
 msgstr "ignorat"
 
-#: rfc2131.c:613 rfc2131.c:1333 rfc3315.c:867
+#: rfc2131.c:613 rfc2131.c:1340 rfc3315.c:868
 msgid "address in use"
 msgstr "adresa este folosită"
 
@@ -2011,7 +2151,7 @@ msgstr "adresa este folosită"
 msgid "no address available"
 msgstr "nici o adresă disponibilă"
 
-#: rfc2131.c:634 rfc2131.c:1295
+#: rfc2131.c:634 rfc2131.c:1302
 msgid "wrong network"
 msgstr "reţea greşită"
 
@@ -2019,11 +2159,11 @@ msgstr "reţea greşită"
 msgid "no address configured"
 msgstr "adresă lipsă"
 
-#: rfc2131.c:655 rfc2131.c:1346
+#: rfc2131.c:655 rfc2131.c:1353
 msgid "no leases left"
 msgstr "nu mai am de unde să împrumut"
 
-#: rfc2131.c:756 rfc3315.c:499
+#: rfc2131.c:756 rfc3315.c:500
 #, c-format
 msgid "%u client provides name: %s"
 msgstr ""
@@ -2032,7 +2172,7 @@ msgstr ""
 msgid "PXE BIS not supported"
 msgstr ""
 
-#: rfc2131.c:1054 rfc3315.c:1222
+#: rfc2131.c:1054 rfc3315.c:1223
 #, fuzzy, c-format
 msgid "disabling DHCP static address %s for %s"
 msgstr "dezactivăm adresele DHCP statice %s"
@@ -2056,108 +2196,108 @@ msgstr ""
 msgid "not using configured address %s because it was previously declined"
 msgstr ""
 
-#: rfc2131.c:1139 rfc2131.c:1339
+#: rfc2131.c:1139 rfc2131.c:1346
 msgid "no unique-id"
 msgstr ""
 
-#: rfc2131.c:1231
+#: rfc2131.c:1238
 msgid "wrong server-ID"
 msgstr ""
 
-#: rfc2131.c:1250
+#: rfc2131.c:1257
 msgid "wrong address"
 msgstr "adresă greşită"
 
-#: rfc2131.c:1268 rfc3315.c:975
+#: rfc2131.c:1275 rfc3315.c:976
 msgid "lease not found"
 msgstr "împrumutul nu a fost găsit"
 
-#: rfc2131.c:1303
+#: rfc2131.c:1310
 msgid "address not available"
 msgstr "adresă indisponibilă"
 
-#: rfc2131.c:1314
+#: rfc2131.c:1321
 msgid "static lease available"
 msgstr "împrumut static este disponibil"
 
-#: rfc2131.c:1318
+#: rfc2131.c:1325
 msgid "address reserved"
 msgstr "adresă rezervată"
 
-#: rfc2131.c:1327
+#: rfc2131.c:1334
 #, c-format
 msgid "abandoning lease to %s of %s"
 msgstr ""
 
-#: rfc2131.c:1866
+#: rfc2131.c:1870
 #, c-format
 msgid "%u bootfile name: %s"
 msgstr ""
 
-#: rfc2131.c:1875
+#: rfc2131.c:1879
 #, fuzzy, c-format
 msgid "%u server name: %s"
 msgstr "eroare DBus: %s"
 
-#: rfc2131.c:1885
+#: rfc2131.c:1889
 #, fuzzy, c-format
 msgid "%u next server: %s"
 msgstr "eroare DBus: %s"
 
-#: rfc2131.c:1889
+#: rfc2131.c:1893
 #, c-format
 msgid "%u broadcast response"
 msgstr ""
 
-#: rfc2131.c:1952
+#: rfc2131.c:1956
 #, fuzzy, c-format
 msgid "cannot send DHCP/BOOTP option %d: no space left in packet"
 msgstr "nu pot trimite opţiunea DHCP %d: nu mai este loc în pachet"
 
-#: rfc2131.c:2262
+#: rfc2131.c:2267
 msgid "PXE menu too large"
 msgstr ""
 
-#: rfc2131.c:2425 rfc3315.c:1511
+#: rfc2131.c:2430 rfc3315.c:1517
 #, fuzzy, c-format
 msgid "%u requested options: %s"
 msgstr "compilat cu opţiunile: %s"
 
-#: rfc2131.c:2742
+#: rfc2131.c:2747
 #, c-format
 msgid "cannot send RFC3925 option: too many options for enterprise number %d"
 msgstr ""
 
-#: rfc2131.c:2805
+#: rfc2131.c:2810
 #, c-format
 msgid "%u reply delay: %d"
 msgstr ""
 
-#: netlink.c:93
+#: netlink.c:86
 #, fuzzy, c-format
 msgid "cannot create netlink socket: %s"
 msgstr "nu pot să activez socket-ul netlink: %s"
 
-#: netlink.c:377
+#: netlink.c:379
 #, fuzzy, c-format
 msgid "netlink returns error: %s"
 msgstr "eroare DBus: %s"
 
-#: dbus.c:434
+#: dbus.c:491
 #, c-format
 msgid "Enabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:439
+#: dbus.c:496
 #, c-format
 msgid "Disabling --%s option from D-Bus"
 msgstr ""
 
-#: dbus.c:713
+#: dbus.c:857
 msgid "setting upstream servers from DBus"
 msgstr "configurăm serverele superioare prin Dbus"
 
-#: dbus.c:760
+#: dbus.c:907
 msgid "could not register a DBus message handler"
 msgstr "nu pot activa o interfaţă de mesaje DBus"
 
@@ -2184,51 +2324,51 @@ msgstr ""
 msgid "lease() function missing in Lua script"
 msgstr ""
 
-#: tftp.c:349
+#: tftp.c:353
 msgid "unable to get free port for TFTP"
 msgstr ""
 
-#: tftp.c:365
+#: tftp.c:369
 #, c-format
 msgid "unsupported request from %s"
 msgstr ""
 
-#: tftp.c:512
+#: tftp.c:520
 #, fuzzy, c-format
-msgid "file %s not found"
-msgstr "împrumutul nu a fost găsit"
+msgid "file %s not found for %s"
+msgstr "fișier %s nu a fost găsit pentru %s"
 
-#: tftp.c:602
+#: tftp.c:609
 #, c-format
 msgid "ignoring packet from %s (TID mismatch)"
 msgstr ""
 
-#: tftp.c:646
+#: tftp.c:662
 #, fuzzy, c-format
 msgid "failed sending %s to %s"
 msgstr "nu pot citi %s: %s"
 
-#: tftp.c:646
+#: tftp.c:662
 #, c-format
 msgid "sent %s to %s"
 msgstr ""
 
-#: tftp.c:696
+#: tftp.c:712
 #, c-format
 msgid "error %d %s received from %s"
 msgstr ""
 
-#: log.c:190
+#: log.c:203
 #, c-format
 msgid "overflow: %d log entries lost"
 msgstr ""
 
-#: log.c:268
+#: log.c:281
 #, c-format
 msgid "log failed: %s"
 msgstr ""
 
-#: log.c:477
+#: log.c:490
 msgid "FAILED to start up"
 msgstr "pornirea A EŞUAT"
 
@@ -2237,17 +2377,17 @@ msgstr "pornirea A EŞUAT"
 msgid "Conntrack connection mark retrieval failed: %s"
 msgstr ""
 
-#: dhcp6.c:52
+#: dhcp6.c:51
 #, fuzzy, c-format
 msgid "cannot create DHCPv6 socket: %s"
 msgstr "nu pot creea socket DHCP: %s"
 
-#: dhcp6.c:73
+#: dhcp6.c:72
 #, fuzzy, c-format
 msgid "failed to set SO_REUSE{ADDR|PORT} on DHCPv6 socket: %s"
 msgstr "configurarea SO_REUSEADDR pe socket-ul DHCP a eşuat: %s"
 
-#: dhcp6.c:85
+#: dhcp6.c:84
 #, fuzzy, c-format
 msgid "failed to bind DHCPv6 server socket: %s"
 msgstr "activarea socket-ului server-ului DHCP a eşuat: %s"
@@ -2262,149 +2402,155 @@ msgstr "nici un domeniu de adrese disponibil pentru cererea DHCP %s %s"
 msgid "no address range available for DHCPv6 request via %s"
 msgstr "nici un domeniu de adrese disponibil pentru cererea DHCP %s %s"
 
-#: rfc3315.c:316
+#: rfc3315.c:317
 #, fuzzy, c-format
 msgid "%u available DHCPv6 subnet: %s/%d"
 msgstr "nici un domeniu de adrese disponibil pentru cererea DHCP %s %s"
 
-#: rfc3315.c:399
+#: rfc3315.c:400
 #, fuzzy, c-format
 msgid "%u vendor class: %u"
 msgstr "eroare DBus: %s"
 
-#: rfc3315.c:447
+#: rfc3315.c:448
 #, fuzzy, c-format
 msgid "%u client MAC address: %s"
 msgstr "nu exista interfaţă pentru adresa %s"
 
-#: rfc3315.c:762 rfc3315.c:859
+#: rfc3315.c:763 rfc3315.c:860
 #, fuzzy
 msgid "address unavailable"
 msgstr "adresă indisponibilă"
 
-#: rfc3315.c:774 rfc3315.c:903 rfc3315.c:1272
+#: rfc3315.c:775 rfc3315.c:904 rfc3315.c:1273
 msgid "success"
 msgstr ""
 
-#: rfc3315.c:789 rfc3315.c:798 rfc3315.c:911 rfc3315.c:913 rfc3315.c:1047
+#: rfc3315.c:790 rfc3315.c:799 rfc3315.c:912 rfc3315.c:914 rfc3315.c:1048
 #, fuzzy
 msgid "no addresses available"
 msgstr "nici o adresă disponibilă"
 
-#: rfc3315.c:890
+#: rfc3315.c:891
 msgid "not on link"
 msgstr ""
 
-#: rfc3315.c:979 rfc3315.c:1180 rfc3315.c:1261
+#: rfc3315.c:980 rfc3315.c:1181 rfc3315.c:1262
 msgid "no binding found"
 msgstr ""
 
-#: rfc3315.c:1016
+#: rfc3315.c:1017
 msgid "deprecated"
 msgstr ""
 
-#: rfc3315.c:1023
+#: rfc3315.c:1024
 #, fuzzy
 msgid "address invalid"
 msgstr "adresa este folosită"
 
-#: rfc3315.c:1081 rfc3315.c:1083
+#: rfc3315.c:1082 rfc3315.c:1084
 msgid "confirm failed"
 msgstr ""
 
-#: rfc3315.c:1098
+#: rfc3315.c:1099
 #, fuzzy
 msgid "all addresses still on link"
 msgstr "adresă greşită în %s, linia %d"
 
-#: rfc3315.c:1189
+#: rfc3315.c:1190
 msgid "release received"
 msgstr ""
 
-#: rfc3315.c:2173
-msgid "Cannot multicast to DHCPv6 server without correct interface"
+#: rfc3315.c:2200
+#, c-format
+msgid "Cannot multicast DHCP relay via interface %s"
 msgstr ""
 
-#: dhcp-common.c:154
+#: rfc3315.c:2216
+#, c-format
+msgid "multicast via %s"
+msgstr ""
+
+#: dhcp-common.c:187
 #, c-format
 msgid "Ignoring duplicate dhcp-option %d"
 msgstr ""
 
-#: dhcp-common.c:231
+#: dhcp-common.c:264
 #, c-format
 msgid "%u tags: %s"
 msgstr ""
 
-#: dhcp-common.c:451
+#: dhcp-common.c:484
 #, c-format
 msgid "%s has more than one address in hostsfile, using %s for DHCP"
 msgstr ""
 
-#: dhcp-common.c:485
+#: dhcp-common.c:518
 #, c-format
 msgid "duplicate IP address %s (%s) in dhcp-config directive"
 msgstr "adresă IP duplicat %s (%s) în declaraţia dhcp-config."
 
-#: dhcp-common.c:549
-#, fuzzy, c-format
-msgid "failed to set SO_BINDTODEVICE on DHCP socket: %s"
-msgstr "configurarea SO_REUSEADDR pe socket-ul DHCP a eşuat: %s"
-
-#: dhcp-common.c:672
+#: dhcp-common.c:738
 #, c-format
 msgid "Known DHCP options:\n"
 msgstr ""
 
-#: dhcp-common.c:683
+#: dhcp-common.c:749
 #, c-format
 msgid "Known DHCPv6 options:\n"
 msgstr ""
 
-#: dhcp-common.c:880
+#: dhcp-common.c:946
 msgid ", prefix deprecated"
 msgstr ""
 
-#: dhcp-common.c:883
+#: dhcp-common.c:949
 #, c-format
 msgid ", lease time "
 msgstr ""
 
-#: dhcp-common.c:925
+#: dhcp-common.c:991
 #, c-format
 msgid "%s stateless on %s%.0s%.0s%s"
 msgstr ""
 
-#: dhcp-common.c:927
+#: dhcp-common.c:993
 #, fuzzy, c-format
 msgid "%s, static leases only on %.0s%s%s%.0s"
 msgstr "DHCP, împrumuturi statice doar către  %.0s%s, timpul reînoirii %s"
 
-#: dhcp-common.c:929
+#: dhcp-common.c:995
 #, c-format
 msgid "%s, proxy on subnet %.0s%s%.0s%.0s"
 msgstr ""
 
-#: dhcp-common.c:930
+#: dhcp-common.c:996
 #, fuzzy, c-format
 msgid "%s, IP range %s -- %s%s%.0s"
 msgstr "DHCP, domeniu IP %s -- %s, timpul reînoirii %s"
 
-#: dhcp-common.c:943
+#: dhcp-common.c:1009
 #, c-format
 msgid "DHCPv4-derived IPv6 names on %s%s"
 msgstr ""
 
-#: dhcp-common.c:946
+#: dhcp-common.c:1012
 #, fuzzy, c-format
 msgid "router advertisement on %s%s"
 msgstr "DHCP, împrumuturi statice doar către  %.0s%s, timpul reînoirii %s"
 
-#: dhcp-common.c:957
+#: dhcp-common.c:1043
+#, c-format
+msgid "DHCP relay from %s via %s"
+msgstr ""
+
+#: dhcp-common.c:1045
 #, c-format
 msgid "DHCP relay from %s to %s via %s"
 msgstr ""
 
-#: dhcp-common.c:959
+#: dhcp-common.c:1048
 #, c-format
 msgid "DHCP relay from %s to %s"
 msgstr ""
@@ -2414,7 +2560,7 @@ msgstr ""
 msgid "cannot create ICMPv6 socket: %s"
 msgstr "nu pot creea socket DHCP: %s"
 
-#: auth.c:464
+#: auth.c:462
 #, c-format
 msgid "ignoring zone transfer request from %s"
 msgstr ""
@@ -2526,14 +2672,14 @@ msgstr ""
 msgid "system time considered valid, now checking DNSSEC signature timestamps."
 msgstr ""
 
-#: dnssec.c:1014
+#: dnssec.c:1018
 #, c-format
 msgid "Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"
 msgstr ""
 
 #: blockdata.c:55
 #, c-format
-msgid "pool memory in use %u, max %u, allocated %u"
+msgid "pool memory in use %zu, max %zu, allocated %zu"
 msgstr ""
 
 #: tables.c:61
@@ -2595,39 +2741,59 @@ msgstr ""
 msgid "directory %s for resolv-file is missing, cannot poll"
 msgstr ""
 
-#: inotify.c:131 inotify.c:168
+#: inotify.c:131 inotify.c:200
 #, fuzzy, c-format
 msgid "failed to create inotify for %s: %s"
 msgstr "creearea socket-ului de ascultare a eşuat: %s"
 
-#: inotify.c:153
+#: inotify.c:178 inotify.c:185
 #, fuzzy, c-format
 msgid "bad dynamic directory %s: %s"
 msgstr "nu pot citi %s: %s"
 
-#: inotify.c:257
+#: inotify.c:186
+#, fuzzy
+msgid "not a directory"
+msgstr "nu pot citi %s: %s"
+
+#: inotify.c:299
 #, c-format
-msgid "inotify, new or changed file %s"
+msgid "inotify: %s removed"
 msgstr ""
 
-#: dump.c:64
+#: inotify.c:301
+#, c-format
+msgid "inotify: %s new or modified"
+msgstr ""
+
+#: inotify.c:309
+#, c-format
+msgid "inotify: flushed %u names read from %s"
+msgstr ""
+
+#: dump.c:68
 #, fuzzy, c-format
 msgid "cannot create %s: %s"
 msgstr "nu pot citi %s: %s"
 
-#: dump.c:70
+#: dump.c:74
 #, fuzzy, c-format
 msgid "bad header in %s"
 msgstr "adresa este folosită"
 
-#: dump.c:205
+#: dump.c:287
 #, fuzzy
 msgid "failed to write packet dump"
 msgstr "ascultarea pe socket a eşuat: %s"
 
-#: dump.c:207
+#: dump.c:289
 #, c-format
-msgid "dumping UDP packet %u mask 0x%04x"
+msgid "%u dumping packet %u mask 0x%04x"
+msgstr ""
+
+#: dump.c:291
+#, c-format
+msgid "dumping packet %u mask 0x%04x"
 msgstr ""
 
 #: ubus.c:79
@@ -2661,6 +2827,15 @@ msgstr ""
 msgid "Failed to create SHA-256 hash object"
 msgstr ""
 
+#: nftset.c:35
+#, fuzzy
+msgid "failed to create nftset context"
+msgstr "creearea socket-ului de ascultare a eşuat: %s"
+
+#, fuzzy
+#~ msgid "bad IPv4 prefix"
+#~ msgstr "port invalid"
+
 #, fuzzy
 #~ msgid "Cannot add object to UBus: %s"
 #~ msgstr "nu pot deschide %s:%s"
diff --git a/src/arp.c b/src/arp.c
index 1e4aad2..eda165f 100644
--- a/src/arp.c
+++ b/src/arp.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/src/auth.c b/src/auth.c
index 172a4b2..7088d67 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -210,7 +210,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	      if (local_query || in_zone(zone, intr->name, NULL))
 		{	
 		  found = 1;
-		  log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
+		  log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL, 0);
 		  if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					  daemon->auth_ttl, NULL,
 					  T_PTR, C_IN, "d", intr->name))
@@ -234,7 +234,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 		      strcat(name, ".");
 		      strcat(name, zone->domain);
 		    }
-		  log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid));
+		  log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid), 0);
 		  found = 1;
 		  if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					  daemon->auth_ttl, NULL,
@@ -243,7 +243,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 		}
 	      else if (crecp->flags & (F_DHCP | F_HOSTS) && (local_query || in_zone(zone, name, NULL)))
 		{
-		  log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid));
+		  log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid), 0);
 		  found = 1;
 		  if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					  daemon->auth_ttl, NULL,
@@ -257,7 +257,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 
 	  if (!found && is_rev_synth(flag, &addr, name) && (local_query || in_zone(zone, name, NULL)))
 	    {
-	      log_query(F_CONFIG | F_REVERSE | flag, name, &addr, NULL); 
+	      log_query(F_CONFIG | F_REVERSE | flag, name, &addr, NULL, 0);
 	      found = 1;
 	      
 	      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
@@ -269,7 +269,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	  if (found)
 	    nxdomain = 0;
 	  else
-	    log_query(flag | F_NEG | F_NXDOMAIN | F_REVERSE | (auth ? F_AUTH : 0), NULL, &addr, NULL);
+	    log_query(flag | F_NEG | F_NXDOMAIN | F_REVERSE | (auth ? F_AUTH : 0), NULL, &addr, NULL, 0);
 
 	  continue;
 	}
@@ -300,7 +300,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	    if (rc == 2 && qtype == T_MX)
 	      {
 		found = 1;
-		log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>"); 
+		log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>", 0);
 		if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
 					NULL, T_MX, C_IN, "sd", rec->weight, rec->target))
 		  anscount++;
@@ -315,7 +315,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	    if (rc == 2 && qtype == T_SRV)
 	      {
 		found = 1;
-		log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>"); 
+		log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>", 0);
 		if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
 					NULL, T_SRV, C_IN, "sssd", 
 					rec->priority, rec->weight, rec->srvport, rec->target))
@@ -349,7 +349,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	    if (rc == 2 && txt->class == qtype)
 	      {
 		found = 1;
-		log_query(F_CONFIG | F_RRNAME, name, NULL, querystr(NULL, txt->class)); 
+		log_query(F_CONFIG | F_RRNAME, name, NULL, NULL, txt->class);
 		if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
 					NULL, txt->class, C_IN, "t", txt->len, txt->txt))
 		  anscount++;
@@ -363,7 +363,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	    if (rc == 2 && qtype == T_TXT)
 	      {
 		found = 1;
-		log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>"); 
+		log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>", 0);
 		if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
 					NULL, T_TXT, C_IN, "t", txt->len, txt->txt))
 		  anscount++;
@@ -377,7 +377,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	     if (rc == 2 && qtype == T_NAPTR)
 	       {
 		 found = 1;
-		 log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>");
+		 log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>", 0);
 		 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl, 
 					 NULL, T_NAPTR, C_IN, "sszzzd", 
 					 na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
@@ -407,7 +407,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 		       continue;
 
 		     found = 1;
-		     log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
+		     log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL, 0);
 		     if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					     daemon->auth_ttl, NULL, qtype, C_IN, 
 					     qtype == T_A ? "4" : "6", &addrlist->addr))
@@ -417,10 +417,9 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 
        if (!found && is_name_synthetic(flag, name, &addr) )
 	 {
-	   found = 1;
 	   nxdomain = 0;
 	   
-	   log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL);
+	   log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL, 0);
 	   if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 				   daemon->auth_ttl, NULL, qtype, C_IN, qtype == T_A ? "4" : "6", &addr))
 	     anscount++;
@@ -433,8 +432,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	  if (qtype == T_SOA)
 	    {
 	      auth = soa = 1; /* inhibits auth section */
-	      found = 1;
-	      log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<SOA>");
+	      log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<SOA>", 0);
 	    }
       	  else if (qtype == T_AXFR)
 	    {
@@ -469,16 +467,14 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	      soa = 1; /* inhibits auth section */
 	      ns = 1; /* ensure we include NS records! */
 	      axfr = 1;
-	      found = 1;
 	      axfroffset = nameoffset;
-	      log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<AXFR>");
+	      log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<AXFR>", 0);
 	    }
       	  else if (qtype == T_NS)
 	    {
 	      auth = 1;
 	      ns = 1; /* inhibits auth section */
-	      found = 1;
-	      log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<NS>"); 
+	      log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<NS>", 0);
 	    }
 	}
       
@@ -496,9 +492,8 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 			(local_query || filter_zone(zone, flag, &(crecp->addr))))
 		      {
 			*cut = '.'; /* restore domain part */
-			log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid));
+			log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid), 0);
 			*cut  = 0; /* remove domain part */
-			found = 1;
 			if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 						daemon->auth_ttl, NULL, qtype, C_IN, 
 						qtype == T_A ? "4" : "6", &crecp->addr))
@@ -518,8 +513,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 		 nxdomain = 0;
 		 if ((crecp->flags & flag) && (local_query || filter_zone(zone, flag, &(crecp->addr))))
 		   {
-		     log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid));
-		     found = 1;
+		     log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid), 0);
 		     if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					     daemon->auth_ttl, NULL, qtype, C_IN, 
 					     qtype == T_A ? "4" : "6", &crecp->addr))
@@ -566,7 +560,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	  
 	  if (candidate)
 	    {
-	      log_query(F_CONFIG | F_CNAME, name, NULL, NULL);
+	      log_query(F_CONFIG | F_CNAME, name, NULL, NULL, 0);
 	      strcpy(name, candidate->target);
 	      if (!strchr(name, '.'))
 		{
@@ -584,7 +578,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	  else if (cache_find_non_terminal(name, now))
 	    nxdomain = 0;
 
-	  log_query(flag | F_NEG | (nxdomain ? F_NXDOMAIN : 0) | F_FORWARD | F_AUTH, name, NULL, NULL);
+	  log_query(flag | F_NEG | (nxdomain ? F_NXDOMAIN : 0) | F_FORWARD | F_AUTH, name, NULL, NULL, 0);
 	}
       
     }
@@ -614,7 +608,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	      if (subnet->prefixlen >= 16 )
 		p += sprintf(p, "%u.", a & 0xff);
 	      a = a >> 8;
-	      p += sprintf(p, "%u.in-addr.arpa", a & 0xff);
+	      sprintf(p, "%u.in-addr.arpa", a & 0xff);
 	      
 	    }
 	  else
@@ -627,7 +621,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 		  int dig = ((unsigned char *)&subnet->addr.addr6)[i>>3];
 		  p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
 		}
-	      p += sprintf(p, "ip6.arpa");
+	      sprintf(p, "ip6.arpa");
 	      
 	    }
 	}
@@ -892,7 +886,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
       header->nscount = htons(0);
       addr.log.rcode = REFUSED;
       addr.log.ede = EDE_NOT_AUTH;
-      log_query(F_UPSTREAM | F_RCODE, "error", &addr, NULL);
+      log_query(F_UPSTREAM | F_RCODE, "error", &addr, NULL, 0);
       return resize_packet(header,  ansp - (unsigned char *)header, NULL, 0);
     }
   
diff --git a/src/blockdata.c b/src/blockdata.c
index f7740b5..4c26155 100644
--- a/src/blockdata.c
+++ b/src/blockdata.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -52,7 +52,7 @@ void blockdata_init(void)
 
 void blockdata_report(void)
 {
-  my_syslog(LOG_INFO, _("pool memory in use %u, max %u, allocated %u"), 
+  my_syslog(LOG_INFO, _("pool memory in use %zu, max %zu, allocated %zu"), 
 	    blockdata_count * sizeof(struct blockdata),  
 	    blockdata_hwm * sizeof(struct blockdata),  
 	    blockdata_alloced * sizeof(struct blockdata));
diff --git a/src/bpf.c b/src/bpf.c
index 15c42fc..4dd97c0 100644
--- a/src/bpf.c
+++ b/src/bpf.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/src/cache.c b/src/cache.c
index 8add610..8f73233 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -30,50 +30,100 @@ static struct crec *really_insert(char *name, union all_addr *addr, unsigned sho
 				  time_t now,  unsigned long ttl, unsigned int flags);
 
 /* type->string mapping: this is also used by the name-hash function as a mixing table. */
+/* taken from https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml */
 static const struct {
   unsigned int type;
   const char * const name;
 } typestr[] = {
-  { 1,   "A" },
-  { 2,   "NS" },
-  { 5,   "CNAME" },
-  { 6,   "SOA" },
-  { 10,  "NULL" },
-  { 11,  "WKS" },
-  { 12,  "PTR" },
-  { 13,  "HINFO" },	
-  { 15,  "MX" },
-  { 16,  "TXT" },
-  { 22,  "NSAP" },
-  { 23,  "NSAP_PTR" },
-  { 24,  "SIG" },
-  { 25,  "KEY" },
-  { 28,  "AAAA" },
-  { 29,  "LOC" },
-  { 33,  "SRV" },
-  { 35,  "NAPTR" },
-  { 36,  "KX" },
-  { 37,  "CERT" },
-  { 38,  "A6" },
-  { 39,  "DNAME" },
-  { 41,  "OPT" },
-  { 43,  "DS" },
-  { 46,  "RRSIG" },
-  { 47,  "NSEC" },
-  { 48,  "DNSKEY" },
-  { 50,  "NSEC3" },
-  { 51,  "NSEC3PARAM" },
-  { 52,  "TLSA" },
-  { 53,  "SMIMEA" },
-  { 55,  "HIP" },
-  { 249, "TKEY" },
-  { 250, "TSIG" },
-  { 251, "IXFR" },
-  { 252, "AXFR" },
-  { 253, "MAILB" },
-  { 254, "MAILA" },
-  { 255, "ANY" },
-  { 257, "CAA" }
+  { 1,   "A" }, /* a host address [RFC1035] */
+  { 2,   "NS" }, /* an authoritative name server [RFC1035] */
+  { 3,   "MD" }, /* a mail destination (OBSOLETE - use MX) [RFC1035] */
+  { 4,   "MF" }, /* a mail forwarder (OBSOLETE - use MX) [RFC1035] */
+  { 5,   "CNAME" }, /* the canonical name for an alias [RFC1035] */
+  { 6,   "SOA" }, /* marks the start of a zone of authority [RFC1035] */
+  { 7,   "MB" }, /* a mailbox domain name (EXPERIMENTAL) [RFC1035] */
+  { 8,   "MG" }, /* a mail group member (EXPERIMENTAL) [RFC1035] */
+  { 9,   "MR" }, /* a mail rename domain name (EXPERIMENTAL) [RFC1035] */
+  { 10,  "NULL" }, /* a null RR (EXPERIMENTAL) [RFC1035] */
+  { 11,  "WKS" }, /* a well known service description [RFC1035] */
+  { 12,  "PTR" }, /* a domain name pointer [RFC1035] */
+  { 13,  "HINFO" }, /* host information [RFC1035] */
+  { 14,  "MINFO" }, /* mailbox or mail list information [RFC1035] */
+  { 15,  "MX" }, /* mail exchange [RFC1035] */
+  { 16,  "TXT" }, /* text strings [RFC1035] */
+  { 17,  "RP" }, /* for Responsible Person [RFC1183] */
+  { 18,  "AFSDB" }, /* for AFS Data Base location [RFC1183][RFC5864] */
+  { 19,  "X25" }, /* for X.25 PSDN address [RFC1183] */
+  { 20,  "ISDN" }, /* for ISDN address [RFC1183] */
+  { 21,  "RT" }, /* for Route Through [RFC1183] */
+  { 22,  "NSAP" }, /* for NSAP address, NSAP style A record [RFC1706] */
+  { 23,  "NSAP_PTR" }, /* for domain name pointer, NSAP style [RFC1348][RFC1637][RFC1706] */
+  { 24,  "SIG" }, /* for security signature [RFC2535][RFC2536][RFC2537][RFC2931][RFC3008][RFC3110][RFC3755][RFC4034] */
+  { 25,  "KEY" }, /* for security key [RFC2535][RFC2536][RFC2537][RFC2539][RFC3008][RFC3110][RFC3755][RFC4034] */
+  { 26,  "PX" }, /* X.400 mail mapping information [RFC2163] */
+  { 27,  "GPOS" }, /* Geographical Position [RFC1712] */
+  { 28,  "AAAA" }, /* IP6 Address [RFC3596] */
+  { 29,  "LOC" }, /* Location Information [RFC1876] */
+  { 30,  "NXT" }, /* Next Domain (OBSOLETE) [RFC2535][RFC3755] */
+  { 31,  "EID" }, /* Endpoint Identifier [Michael_Patton][http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt] 1995-06*/
+  { 32,  "NIMLOC" }, /* Nimrod Locator [1][Michael_Patton][http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt] 1995-06*/
+  { 33,  "SRV" }, /* Server Selection [1][RFC2782] */
+  { 34,  "ATMA" }, /* ATM Address [ ATM Forum Technical Committee, "ATM Name System, V2.0", Doc ID: AF-DANS-0152.000, July 2000. Available from and held in escrow by IANA.] */
+  { 35,  "NAPTR" }, /* Naming Authority Pointer [RFC2168][RFC2915][RFC3403] */
+  { 36,  "KX" }, /* Key Exchanger [RFC2230] */
+  { 37,  "CERT" }, /* CERT [RFC4398] */
+  { 38,  "A6" }, /* A6 (OBSOLETE - use AAAA) [RFC2874][RFC3226][RFC6563] */
+  { 39,  "DNAME" }, /* DNAME [RFC6672] */
+  { 40,  "SINK" }, /* SINK [Donald_E_Eastlake][http://tools.ietf.org/html/draft-eastlake-kitchen-sink] 1997-11*/
+  { 41,  "OPT" }, /* OPT [RFC3225][RFC6891] */
+  { 42,  "APL" }, /* APL [RFC3123] */
+  { 43,  "DS" }, /* Delegation Signer [RFC3658][RFC4034] */
+  { 44,  "SSHFP" }, /* SSH Key Fingerprint [RFC4255] */
+  { 45,  "IPSECKEY" }, /* IPSECKEY [RFC4025] */
+  { 46,  "RRSIG" }, /* RRSIG [RFC3755][RFC4034] */
+  { 47,  "NSEC" }, /* NSEC [RFC3755][RFC4034][RFC9077] */
+  { 48,  "DNSKEY" }, /* DNSKEY [RFC3755][RFC4034] */
+  { 49,  "DHCID" }, /* DHCID [RFC4701] */
+  { 50,  "NSEC3" }, /* NSEC3 [RFC5155][RFC9077] */
+  { 51,  "NSEC3PARAM" }, /* NSEC3PARAM [RFC5155] */
+  { 52,  "TLSA" }, /* TLSA [RFC6698] */
+  { 53,  "SMIMEA" }, /* S/MIME cert association [RFC8162] SMIMEA/smimea-completed-template 2015-12-01*/
+  { 55,  "HIP" }, /* Host Identity Protocol [RFC8005] */
+  { 56,  "NINFO" }, /* NINFO [Jim_Reid] NINFO/ninfo-completed-template 2008-01-21*/
+  { 57,  "RKEY" }, /* RKEY [Jim_Reid] RKEY/rkey-completed-template 2008-01-21*/
+  { 58,  "TALINK" }, /* Trust Anchor LINK [Wouter_Wijngaards] TALINK/talink-completed-template 2010-02-17*/
+  { 59,  "CDS" }, /* Child DS [RFC7344] CDS/cds-completed-template 2011-06-06*/
+  { 60,  "CDNSKEY" }, /* DNSKEY(s) the Child wants reflected in DS [RFC7344] 2014-06-16*/
+  { 61,  "OPENPGPKEY" }, /* OpenPGP Key [RFC7929] OPENPGPKEY/openpgpkey-completed-template 2014-08-12*/
+  { 62,  "CSYNC" }, /* Child-To-Parent Synchronization [RFC7477] 2015-01-27*/
+  { 63,  "ZONEMD" }, /* Message Digest Over Zone Data [RFC8976] ZONEMD/zonemd-completed-template 2018-12-12*/
+  { 64,  "SVCB" }, /* Service Binding [draft-ietf-dnsop-svcb-https-00] SVCB/svcb-completed-template 2020-06-30*/
+  { 65,  "HTTPS" }, /* HTTPS Binding [draft-ietf-dnsop-svcb-https-00] HTTPS/https-completed-template 2020-06-30*/
+  { 99,  "SPF" }, /* [RFC7208] */
+  { 100, "UINFO" }, /* [IANA-Reserved] */
+  { 101, "UID" }, /* [IANA-Reserved] */
+  { 102, "GID" }, /* [IANA-Reserved] */
+  { 103, "UNSPEC" }, /* [IANA-Reserved] */
+  { 104, "NID" }, /* [RFC6742] ILNP/nid-completed-template */
+  { 105, "L32" }, /* [RFC6742] ILNP/l32-completed-template */
+  { 106, "L64" }, /* [RFC6742] ILNP/l64-completed-template */
+  { 107, "LP" }, /* [RFC6742] ILNP/lp-completed-template */
+  { 108, "EUI48" }, /* an EUI-48 address [RFC7043] EUI48/eui48-completed-template 2013-03-27*/
+  { 109, "EUI64" }, /* an EUI-64 address [RFC7043] EUI64/eui64-completed-template 2013-03-27*/
+  { 249, "TKEY" }, /* Transaction Key [RFC2930] */
+  { 250, "TSIG" }, /* Transaction Signature [RFC8945] */
+  { 251, "IXFR" }, /* incremental transfer [RFC1995] */
+  { 252, "AXFR" }, /* transfer of an entire zone [RFC1035][RFC5936] */
+  { 253, "MAILB" }, /* mailbox-related RRs (MB, MG or MR) [RFC1035] */
+  { 254, "MAILA" }, /* mail agent RRs (OBSOLETE - see MX) [RFC1035] */
+  { 255, "ANY" }, /* A request for some or all records the server has available [RFC1035][RFC6895][RFC8482] */
+  { 256, "URI" }, /* URI [RFC7553] URI/uri-completed-template 2011-02-22*/
+  { 257, "CAA" }, /* Certification Authority Restriction [RFC8659] CAA/caa-completed-template 2011-04-07*/
+  { 258, "AVC" }, /* Application Visibility and Control [Wolfgang_Riedel] AVC/avc-completed-template 2016-02-26*/
+  { 259, "DOA" }, /* Digital Object Architecture [draft-durand-doa-over-dns] DOA/doa-completed-template 2017-08-30*/
+  { 260, "AMTRELAY" }, /* Automatic Multicast Tunneling Relay [RFC8777] AMTRELAY/amtrelay-completed-template 2019-02-06*/
+  { 32768,  "TA" }, /* DNSSEC Trust Authorities [Sam_Weiler][http://cameo.library.cmu.edu/][ Deploying DNSSEC Without a Signed Root. Technical Report 1999-19, Information Networking Institute, Carnegie Mellon University, April 2004.] 2005-12-13*/
+  { 32769,  "DLV" }, /* DNSSEC Lookaside Validation (OBSOLETE) [RFC8749][RFC4431] */
 };
 
 static void cache_free(struct crec *crecp);
@@ -139,7 +189,7 @@ static void rehash(int size)
   else if (new_size <= hash_size || !(new = whine_malloc(new_size * sizeof(struct crec *))))
     return;
 
-  for(i = 0; i < new_size; i++)
+  for (i = 0; i < new_size; i++)
     new[i] = NULL;
 
   old = hash_table;
@@ -183,7 +233,8 @@ static void cache_hash(struct crec *crecp)
      immortal entries are at the end of the hash-chain.
      This allows reverse searches and garbage collection to be optimised */
 
-  struct crec **up = hash_bucket(cache_get_name(crecp));
+  char *name = cache_get_name(crecp);
+  struct crec **up = hash_bucket(name);
 
   if (!(crecp->flags & F_REVERSE))
     {
@@ -194,6 +245,11 @@ static void cache_hash(struct crec *crecp)
 	while (*up && !((*up)->flags & F_IMMORTAL))
 	  up = &((*up)->hash_next);
     }
+
+  /* Preserve order when inserting the same name multiple times. */
+  while (*up && hostname_isequal(cache_get_name(*up), name))
+    up = &((*up)->hash_next);
+  
   crecp->hash_next = *up;
   *up = crecp;
 }
@@ -324,6 +380,19 @@ static int is_outdated_cname_pointer(struct crec *crecp)
 
 static int is_expired(time_t now, struct crec *crecp)
 {
+  /* Don't dump expired entries if they are within the accepted timeout range.
+     The cache becomes approx. LRU. Never use expired DS or DNSKEY entries.
+     Possible values for daemon->cache_max_expiry:
+      -1  == serve cached content regardless how long ago it expired
+       0  == the option is disabled, expired content isn't served
+      <n> == serve cached content only if it expire less than <n> seconds
+             ago (where n is a positive integer) */
+  if (daemon->cache_max_expiry != 0 &&
+      (daemon->cache_max_expiry == -1 ||
+       difftime(now, crecp->ttd) < daemon->cache_max_expiry) &&
+      !(crecp->flags & (F_DS | F_DNSKEY)))
+    return 0;
+
   if (crecp->flags & F_IMMORTAL)
     return 0;
 
@@ -333,6 +402,27 @@ static int is_expired(time_t now, struct crec *crecp)
   return 1;
 }
 
+/* Remove entries with a given UID from the cache */
+unsigned int cache_remove_uid(const unsigned int uid)
+{
+  int i;
+  unsigned int removed = 0;
+  struct crec *crecp, **up;
+
+  for (i = 0; i < hash_size; i++)
+    for (crecp = hash_table[i], up = &hash_table[i]; crecp; crecp = crecp->hash_next)
+      if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) && crecp->uid == uid)
+	{
+	  *up = crecp->hash_next;
+	  free(crecp);
+	  removed++;
+	}
+      else
+	up = &crecp->hash_next;
+  
+  return removed;
+}
+
 static struct crec *cache_scan_free(char *name, union all_addr *addr, unsigned short class, time_t now,
 				    unsigned int flags, struct crec **target_crec, unsigned int *target_uid)
 {
@@ -363,7 +453,7 @@ static struct crec *cache_scan_free(char *name, union all_addr *addr, unsigned s
 	  if ((crecp->flags & F_FORWARD) && hostname_isequal(cache_get_name(crecp), name))
 	    {
 	      /* Don't delete DNSSEC in favour of a CNAME, they can co-exist */
-	      if ((flags & crecp->flags & (F_IPV4 | F_IPV6 | F_SRV)) || 
+	      if ((flags & crecp->flags & (F_IPV4 | F_IPV6 | F_SRV | F_NXDOMAIN)) || 
 		  (((crecp->flags | flags) & F_CNAME) && !(crecp->flags & (F_DNSKEY | F_DS))))
 		{
 		  if (crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG))
@@ -433,7 +523,7 @@ static struct crec *cache_scan_free(char *name, union all_addr *addr, unsigned s
 	  else if (!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) &&
 		   (flags & crecp->flags & F_REVERSE) && 
 		   (flags & crecp->flags & (F_IPV4 | F_IPV6)) &&
-		   memcmp(&crecp->addr, addr, addrlen) == 0)
+		   addr && memcmp(&crecp->addr, addr, addrlen) == 0)
 	    {
 	      *up = crecp->hash_next;
 	      cache_unlink(crecp);
@@ -503,7 +593,7 @@ static struct crec *really_insert(char *name, union all_addr *addr, unsigned sho
 {
   struct crec *new, *target_crec = NULL;
   union bigname *big_name = NULL;
-  int freed_all = flags & F_REVERSE;
+  int freed_all = (flags & F_REVERSE);
   int free_avail = 0;
   unsigned int target_uid;
   
@@ -578,8 +668,12 @@ static struct crec *really_insert(char *name, union all_addr *addr, unsigned sho
 	{
 	  /* For DNSSEC records, uid holds class. */
 	  free_avail = 1; /* Must be free space now. */
+	  
+	  /* condition valid when stale-caching */
+	  if (difftime(now, new->ttd) < 0)
+	    daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED]++;
+	  
 	  cache_scan_free(cache_get_name(new), &new->addr, new->uid, now, new->flags, NULL, NULL);
-	  daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED]++;
 	}
       else
 	{
@@ -642,7 +736,7 @@ static struct crec *really_insert(char *name, union all_addr *addr, unsigned sho
   new->ttd = now + (time_t)ttl;
   new->next = new_chain;
   new_chain = new;
-
+  
   return new;
 }
 
@@ -820,7 +914,7 @@ int cache_find_non_terminal(char *name, time_t now)
 struct crec *cache_find_by_name(struct crec *crecp, char *name, time_t now, unsigned int prot)
 {
   struct crec *ans;
-  int no_rr = prot & F_NO_RR;
+  int no_rr = (prot & F_NO_RR) || option_bool(OPT_NORR);
 
   prot &= ~F_NO_RR;
   
@@ -968,16 +1062,17 @@ struct crec *cache_find_by_addr(struct crec *crecp, union all_addr *addr,
 static void add_hosts_entry(struct crec *cache, union all_addr *addr, int addrlen, 
 			    unsigned int index, struct crec **rhash, int hashsz)
 {
-  struct crec *lookup = cache_find_by_name(NULL, cache_get_name(cache), 0, cache->flags & (F_IPV4 | F_IPV6));
   int i;
   unsigned int j; 
+  struct crec *lookup = NULL;
 
   /* Remove duplicates in hosts files. */
-  if (lookup && (lookup->flags & F_HOSTS) && memcmp(&lookup->addr, addr, addrlen) == 0)
-    {
-      free(cache);
-      return;
-    }
+  while ((lookup = cache_find_by_name(lookup, cache_get_name(cache), 0, cache->flags & (F_IPV4 | F_IPV6))))
+    if ((lookup->flags & F_HOSTS) && memcmp(&lookup->addr, addr, addrlen) == 0)
+      {
+	free(cache);
+	return;
+      }
     
   /* Ensure there is only one address -> name mapping (first one trumps) 
      We do this by steam here, The entries are kept in hash chains, linked
@@ -1082,7 +1177,7 @@ int read_hostsfile(char *filename, unsigned int index, int cache_size, struct cr
 {  
   FILE *f = fopen(filename, "r");
   char *token = daemon->namebuff, *domain_suffix = NULL;
-  int addr_count = 0, name_count = cache_size, lineno = 1;
+  int names_done = 0, name_count = cache_size, lineno = 1;
   unsigned int flags = 0;
   union all_addr addr;
   int atnl, addrlen = 0;
@@ -1118,8 +1213,6 @@ int read_hostsfile(char *filename, unsigned int index, int cache_size, struct cr
 	  continue;
 	}
       
-      addr_count++;
-      
       /* rehash every 1000 names. */
       if (rhash && ((name_count - cache_size) > 1000))
 	{
@@ -1151,6 +1244,7 @@ int read_hostsfile(char *filename, unsigned int index, int cache_size, struct cr
 		  cache->ttd = daemon->local_ttl;
 		  add_hosts_entry(cache, &addr, addrlen, index, rhash, hashsz);
 		  name_count++;
+		  names_done++;
 		}
 	      if ((cache = whine_malloc(SIZEOF_BARE_CREC + strlen(canon) + 1)))
 		{
@@ -1159,6 +1253,7 @@ int read_hostsfile(char *filename, unsigned int index, int cache_size, struct cr
 		  cache->ttd = daemon->local_ttl;
 		  add_hosts_entry(cache, &addr, addrlen, index, rhash, hashsz);
 		  name_count++;
+		  names_done++;
 		}
 	      free(canon);
 	      
@@ -1175,7 +1270,7 @@ int read_hostsfile(char *filename, unsigned int index, int cache_size, struct cr
   if (rhash)
     rehash(name_count); 
   
-  my_syslog(LOG_INFO, _("read %s - %d addresses"), filename, addr_count);
+  my_syslog(LOG_INFO, _("read %s - %d names"), filename, names_done);
   
   return name_count;
 }
@@ -1349,10 +1444,12 @@ struct in_addr a_record_from_hosts(char *name, time_t now)
   struct crec *crecp = NULL;
   struct in_addr ret;
   
-  while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4)))
-    if (crecp->flags & F_HOSTS)
-      return crecp->addr.addr4;
-
+  /* If no DNS service, cache not initialised. */
+  if (daemon->port != 0)
+    while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4)))
+      if (crecp->flags & F_HOSTS)
+	return crecp->addr.addr4;
+  
   my_syslog(MS_DHCP | LOG_WARNING, _("No IPv4 address found for %s"), name);
   
   ret.s_addr = 0;
@@ -1547,7 +1644,8 @@ static void make_non_terminals(struct crec *source)
       if (crecp)
 	{
 	  crecp->flags = (source->flags | F_NAMEP) & ~(F_IPV4 | F_IPV6 | F_CNAME | F_SRV | F_DNSKEY | F_DS | F_REVERSE);
-	  crecp->ttd = source->ttd;
+	  if (!(crecp->flags & F_IMMORTAL))
+	    crecp->ttd = source->ttd;
 	  crecp->name.namep = name;
 	  
 	  cache_hash(crecp);
@@ -1623,10 +1721,8 @@ int cache_make_stat(struct txt_record *t)
 	      {
 		/* expand buffer if necessary */
 		newlen = bytes_needed + 1 + bufflen - bytes_avail;
-		if (!(new = whine_malloc(newlen)))
+		if (!(new = whine_realloc(buff, newlen)))
 		  return 0;
-		memcpy(new, buff, bufflen);
-		free(buff);
 		p = new + (p - buff);
 		lenp = p - 1;
 		buff = new;
@@ -1674,6 +1770,8 @@ void dump_cache(time_t now)
 	    daemon->cachesize, daemon->metrics[METRIC_DNS_CACHE_LIVE_FREED], daemon->metrics[METRIC_DNS_CACHE_INSERTED]);
   my_syslog(LOG_INFO, _("queries forwarded %u, queries answered locally %u"), 
 	    daemon->metrics[METRIC_DNS_QUERIES_FORWARDED], daemon->metrics[METRIC_DNS_LOCAL_ANSWERED]);
+  if (daemon->cache_max_expiry != 0)
+    my_syslog(LOG_INFO, _("queries answered from stale cache %u"), daemon->metrics[METRIC_DNS_STALE_ANSWERED]);
 #ifdef HAVE_AUTH
   my_syslog(LOG_INFO, _("queries for authoritative zones %u"), daemon->metrics[METRIC_DNS_AUTH_ANSWERED]);
 #endif
@@ -1688,23 +1786,31 @@ void dump_cache(time_t now)
     if (!(serv->flags & SERV_MARK))
       {
 	int port;
-	unsigned int queries = 0, failed_queries = 0;
+	unsigned int queries = 0, failed_queries = 0, nxdomain_replies = 0, retrys = 0;
+	unsigned int sigma_latency = 0, count_latency = 0;
+
 	for (serv1 = serv; serv1; serv1 = serv1->next)
 	  if (!(serv1->flags & SERV_MARK) && sockaddr_isequal(&serv->addr, &serv1->addr))
 	    {
 	      serv1->flags |= SERV_MARK;
 	      queries += serv1->queries;
 	      failed_queries += serv1->failed_queries;
+	      nxdomain_replies += serv1->nxdomain_replies;
+	      retrys += serv1->retrys;
+	      sigma_latency += serv1->query_latency;
+	      count_latency++;
 	    }
 	port = prettyprint_addr(&serv->addr, daemon->addrbuff);
-	my_syslog(LOG_INFO, _("server %s#%d: queries sent %u, retried or failed %u"), daemon->addrbuff, port, queries, failed_queries);
+	my_syslog(LOG_INFO, _("server %s#%d: queries sent %u, retried %u, failed %u, nxdomain replies %u, avg. latency %ums"),
+		  daemon->addrbuff, port, queries, retrys, failed_queries, nxdomain_replies, sigma_latency/count_latency);
       }
 
   if (option_bool(OPT_DEBUG) || option_bool(OPT_LOG))
     {
       struct crec *cache ;
       int i;
-      my_syslog(LOG_INFO, "Host                                     Address                        Flags      Expires");
+      my_syslog(LOG_INFO, "Host                           Address                                  Flags      Expires                  Source");
+      my_syslog(LOG_INFO, "------------------------------ ---------------------------------------- ---------- ------------------------ ------------");
     
       for (i=0; i<hash_size; i++)
 	for (cache = hash_table[i]; cache; cache = cache->hash_next)
@@ -1762,7 +1868,10 @@ void dump_cache(time_t now)
 	    else if (cache->flags & F_DNSKEY)
 	      t = "K";
 #endif
-	    p += sprintf(p, "%-40.40s %s%s%s%s%s%s%s%s%s  ", a, t,
+	    else /* non-terminal */
+	      t = "!";
+
+	    p += sprintf(p, "%-40.40s %s%s%s%s%s%s%s%s%s%s ", a, t,
 			 cache->flags & F_FORWARD ? "F" : " ",
 			 cache->flags & F_REVERSE ? "R" : " ",
 			 cache->flags & F_IMMORTAL ? "I" : " ",
@@ -1770,14 +1879,16 @@ void dump_cache(time_t now)
 			 cache->flags & F_NEG ? "N" : " ",
 			 cache->flags & F_NXDOMAIN ? "X" : " ",
 			 cache->flags & F_HOSTS ? "H" : " ",
+			 cache->flags & F_CONFIG ? "C" : " ",
 			 cache->flags & F_DNSSECOK ? "V" : " ");
 #ifdef HAVE_BROKEN_RTC
-	    p += sprintf(p, "%lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now));
+	    p += sprintf(p, "%-24lu", cache->flags & F_IMMORTAL ? 0: (unsigned long)(cache->ttd - now));
 #else
-	    p += sprintf(p, "%s", cache->flags & F_IMMORTAL ? "\n" : ctime(&(cache->ttd)));
-	    /* ctime includes trailing \n - eat it */
-	    *(p-1) = 0;
+	    p += sprintf(p, "%-24.24s", cache->flags & F_IMMORTAL ? "" : ctime(&(cache->ttd)));
 #endif
+	    if(cache->flags & (F_HOSTS | F_CONFIG) && cache->uid > 0)
+		p += sprintf(p, " %s", record_source(cache->uid));
+
 	    my_syslog(LOG_INFO, "%s", daemon->namebuff);
 	  }
     }
@@ -1786,7 +1897,10 @@ void dump_cache(time_t now)
 char *record_source(unsigned int index)
 {
   struct hostsfile *ah;
-
+#ifdef HAVE_INOTIFY
+  struct dyndir *dd;
+#endif
+  
   if (index == SRC_CONFIG)
     return "config";
   else if (index == SRC_HOSTS)
@@ -1797,15 +1911,17 @@ char *record_source(unsigned int index)
       return ah->fname;
 
 #ifdef HAVE_INOTIFY
-  for (ah = daemon->dynamic_dirs; ah; ah = ah->next)
-     if (ah->index == index)
-       return ah->fname;
+  /* Dynamic directories contain multiple files */
+  for (dd = daemon->dynamic_dirs; dd; dd = dd->next)
+    for (ah = dd->files; ah; ah = ah->next)
+      if (ah->index == index)
+	return ah->fname;
 #endif
 
   return "<unknown>";
 }
 
-char *querystr(char *desc, unsigned short type)
+static char *querystr(char *desc, unsigned short type)
 {
   unsigned int i;
   int len = 10; /* strlen("type=xxxxx") */
@@ -1893,15 +2009,20 @@ static char *edestr(int ede)
     }
 }
 
-void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg)
+void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg, unsigned short type)
 {
   char *source, *dest = arg;
   char *verb = "is";
   char *extra = "";
+  char portstring[7]; /* space for #<portnum> */
   
   if (!option_bool(OPT_LOG))
     return;
-  
+
+  /* build query type string if requested */
+  if (!(flags & (F_SERVER | F_IPSET)) && type > 0)
+    arg = querystr(arg, type);
+
 #ifdef HAVE_DNSSEC
   if ((flags & F_DNSSECOK) && option_bool(OPT_EXTRALOG))
     extra = " (DNSSEC signed)";
@@ -1935,8 +2056,15 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg)
 	    }
 	}
       else if (flags & (F_IPV4 | F_IPV6))
-	inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6,
-		  addr, daemon->addrbuff, ADDRSTRLEN);
+	{
+	  inet_ntop(flags & F_IPV4 ? AF_INET : AF_INET6,
+		    addr, daemon->addrbuff, ADDRSTRLEN);
+	  if ((flags & F_SERVER) && type != NAMESERVER_PORT)
+	    {
+	      extra = portstring;
+	      sprintf(portstring, "#%u", type);
+	    }
+	}
       else
 	dest = arg;
     }
@@ -1988,7 +2116,12 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg)
     }
   else if (flags & F_AUTH)
     source = "auth";
-  else if (flags & F_SERVER)
+   else if (flags & F_DNSSEC)
+    {
+      source = arg;
+      verb = "to";
+    }
+   else if (flags & F_SERVER)
     {
       source = "forwarded";
       verb = "to";
@@ -1998,22 +2131,19 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg)
       source = arg;
       verb = "from";
     }
-  else if (flags & F_DNSSEC)
-    {
-      source = arg;
-      verb = "to";
-    }
   else if (flags & F_IPSET)
     {
-      source = "ipset add";
+      source = type ? "ipset add" : "nftset add";
       dest = name;
       name = arg;
       verb = daemon->addrbuff;
     }
+  else if (flags & F_STALE)
+    source = "cached-stale";
   else
     source = "cached";
   
-  if (strlen(name) == 0)
+  if (name && !name[0])
     name = ".";
 
   if (option_bool(OPT_EXTRALOG))
diff --git a/src/config.h b/src/config.h
index 30e23d8..1e7b30f 100644
--- a/src/config.h
+++ b/src/config.h
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,10 +20,11 @@
 #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
 #define TCP_BACKLOG 32  /* kernel backlog limit for TCP connections */
 #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
-#define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */
+#define SAFE_PKTSZ 1232 /* "go anywhere" UDP packet size, see https://dnsflagday.net/2020/ */
 #define KEYBLOCK_LEN 40 /* choose to minimise fragmentation when storing DNSSEC keys */
 #define DNSSEC_WORK 50 /* Max number of queries to validate one question */
 #define TIMEOUT 10     /* drop UDP queries after TIMEOUT seconds */
+#define SMALL_PORT_RANGE 30 /* If DNS port range is smaller than this, use different allocation. */
 #define FORWARD_TEST 50 /* try all servers every 50 queries */
 #define FORWARD_TIME 20 /* or 20 seconds */
 #define UDP_TEST_TIME 60 /* How often to reset our idea of max packet size. */
@@ -58,6 +59,8 @@
 #define SOA_EXPIRY 1209600 /* SOA expiry default */
 #define LOOP_TEST_DOMAIN "test" /* domain for loop testing, "test" is reserved by RFC 2606 and won't therefore clash */
 #define LOOP_TEST_TYPE T_TXT
+#define DEFAULT_FAST_RETRY 1000 /* ms, default delay before fast retry */
+#define STALE_CACHE_EXPIRY 86400 /* 1 day in secs, default maximum expiry time for stale cache data */
  
 /* compile-time options: uncomment below to enable or do eg.
    make COPTS=-DHAVE_BROKEN_RTC
@@ -115,6 +118,10 @@ HAVE_IPSET
     define this to include the ability to selectively add resolved ip addresses
     to given ipsets.
 
+HAVE_NFTSET
+    define this to include the ability to selectively add resolved ip addresses
+    to given nftables sets.
+
 HAVE_AUTH
    define this to include the facility to act as an authoritative DNS
    server for one or more zones.
@@ -192,7 +199,7 @@ RESOLVFILE
 /* #define HAVE_CONNTRACK */
 /* #define HAVE_CRYPTOHASH */
 /* #define HAVE_DNSSEC */
-
+/* #define HAVE_NFTSET */
 
 /* Default locations for important system files. */
 
@@ -420,6 +427,10 @@ static char *compile_opts =
 "no-"
 #endif
 "ipset "
+#ifndef HAVE_NFTSET
+"no-"
+#endif
+"nftset "
 #ifndef HAVE_AUTH
 "no-"
 #endif
diff --git a/src/conntrack.c b/src/conntrack.c
index 745a2a3..fe48f2b 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/src/crypto.c b/src/crypto.c
index 4009569..2678683 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -309,14 +309,14 @@ static int dnsmasq_gostdsa_verify(struct blockdata *key_data, unsigned int key_l
       mpz_init(y);
     }
     
-  mpz_import(x, 32 , 1, 1, 0, 0, p);
-  mpz_import(y, 32 , 1, 1, 0, 0, p + 32);
+  mpz_import(x, 32, -1, 1, 0, 0, p);
+  mpz_import(y, 32, -1, 1, 0, 0, p + 32);
 
   if (!ecc_point_set(gost_key, x, y))
-    return 0;
+    return 0; 
   
-  mpz_import(sig_struct->r, 32, 1, 1, 0, 0, sig);
-  mpz_import(sig_struct->s, 32, 1, 1, 0, 0, sig + 32);
+  mpz_import(sig_struct->s, 32, 1, 1, 0, 0, sig);
+  mpz_import(sig_struct->r, 32, 1, 1, 0, 0, sig + 32);
   
   return nettle_gostdsa_verify(gost_key, digest_len, digest, sig_struct);
 }
@@ -390,7 +390,12 @@ static int (*verify_func(int algo))(struct blockdata *key_data, unsigned int key
       return dnsmasq_ecdsa_verify;
       
 #if MIN_VERSION(3, 1)
-    case 15: case 16:
+    case 15:
+      return dnsmasq_eddsa_verify;
+#endif
+
+#if MIN_VERSION(3, 6)
+    case 16:
       return dnsmasq_eddsa_verify;
 #endif
     }
@@ -425,7 +430,9 @@ char *ds_digest_name(int digest)
     {
     case 1: return "sha1";
     case 2: return "sha256";
-    case 3: return "gosthash94";
+#if MIN_VERSION(3, 6)
+    case 3: return "gosthash94cp";
+#endif
     case 4: return "sha384";
     default: return NULL;
     }
@@ -444,11 +451,17 @@ char *algo_digest_name(int algo)
     case 7: return "sha1";        /* RSASHA1-NSEC3-SHA1 */
     case 8: return "sha256";      /* RSA/SHA-256 */
     case 10: return "sha512";     /* RSA/SHA-512 */
-    case 12: return "gosthash94"; /* ECC-GOST */
+#if MIN_VERSION(3, 6)
+    case 12: return "gosthash94cp"; /* ECC-GOST */ 
+#endif
     case 13: return "sha256";     /* ECDSAP256SHA256 */
     case 14: return "sha384";     /* ECDSAP384SHA384 */ 	
+#if MIN_VERSION(3, 1)
     case 15: return "null_hash";  /* ED25519 */
+#  if MIN_VERSION(3, 6)
     case 16: return "null_hash";  /* ED448 */
+#  endif
+#endif
     default: return NULL;
     }
 }
diff --git a/src/dbus.c b/src/dbus.c
index cbdce9c..fd5d1ca 100644
--- a/src/dbus.c
+++ b/src/dbus.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -52,6 +52,9 @@ const char* introspection_xml_template =
 "    <method name=\"SetFilterWin2KOption\">\n"
 "      <arg name=\"filterwin2k\" direction=\"in\" type=\"b\"/>\n"
 "    </method>\n"
+"    <method name=\"SetLocaliseQueriesOption\">\n"
+"      <arg name=\"localise-queries\" direction=\"in\" type=\"b\"/>\n"
+"    </method>\n"
 "    <method name=\"SetBogusPrivOption\">\n"
 "      <arg name=\"boguspriv\" direction=\"in\" type=\"b\"/>\n"
 "    </method>\n"
@@ -88,6 +91,11 @@ const char* introspection_xml_template =
 "    <method name=\"GetMetrics\">\n"
 "      <arg name=\"metrics\" direction=\"out\" type=\"a{su}\"/>\n"
 "    </method>\n"
+"    <method name=\"GetServerMetrics\">\n"
+"      <arg name=\"metrics\" direction=\"out\" type=\"a{ss}\"/>\n"
+"    </method>\n"
+"    <method name=\"ClearMetrics\">\n"
+"    </method>\n"
 "  </interface>\n"
 "</node>\n";
 
@@ -114,7 +122,7 @@ static dbus_bool_t add_watch(DBusWatch *watch, void *data)
   w->next = daemon->watches;
   daemon->watches = w;
 
-  w = data; /* no warning */
+  (void)data; /* no warning */
   return TRUE;
 }
 
@@ -134,16 +142,20 @@ static void remove_watch(DBusWatch *watch, void *data)
 	up = &(w->next);
     }
 
-  w = data; /* no warning */
+  (void)data; /* no warning */
 }
 
-static void dbus_read_servers(DBusMessage *message)
+static DBusMessage* dbus_read_servers(DBusMessage *message)
 {
   DBusMessageIter iter;
   union  mysockaddr addr, source_addr;
   char *domain;
   
-  dbus_message_iter_init(message, &iter);
+  if (!dbus_message_iter_init(message, &iter))
+    {
+      return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS,
+                                    "Failed to initialize dbus message iter");
+    }
 
   mark_servers(SERV_FROM_DBUS);
   
@@ -222,6 +234,7 @@ static void dbus_read_servers(DBusMessage *message)
    
   /* unlink and free anything still marked. */
   cleanup_servers();
+  return NULL;
 }
 
 #ifdef HAVE_LOOP
@@ -279,6 +292,11 @@ static DBusMessage* dbus_read_servers_ex(DBusMessage *message, int strings)
       u16 flags = 0;
       char interface[IF_NAMESIZE];
       char *str_addr, *str_domain = NULL;
+      struct server_details sdetails = { 0 };
+      sdetails.addr = &addr;
+      sdetails.source_addr = &source_addr;
+      sdetails.interface = interface;
+      sdetails.flags = &flags;
 
       if (strings)
 	{
@@ -361,20 +379,6 @@ static DBusMessage* dbus_read_servers_ex(DBusMessage *message, int strings)
 	  strcpy(str_addr, str);
 	}
 
-      /* parse the IP address */
-      if ((addr_err = parse_server(str_addr, &addr, &source_addr, (char *) &interface, &flags)))
-	{
-          error = dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS,
-                                                "Invalid IP address '%s': %s",
-                                                str, addr_err);
-          break;
-        }
-      
-      /* 0.0.0.0 for server address == NULL, for Dbus */
-      if (addr.in.sin_family == AF_INET &&
-          addr.in.sin_addr.s_addr == 0)
-        flags |= SERV_LITERAL_ADDRESS;
-      
       if (strings)
 	{
 	  char *p;
@@ -388,7 +392,31 @@ static DBusMessage* dbus_read_servers_ex(DBusMessage *message, int strings)
 	    else 
 	      p = NULL;
 	    
-	    add_update_server(flags | SERV_FROM_DBUS, &addr, &source_addr, interface, str_domain, NULL);
+	     if (strings && strlen(str_addr) == 0)
+	       add_update_server(SERV_LITERAL_ADDRESS | SERV_FROM_DBUS, &addr, &source_addr, interface, str_domain, NULL);
+	     else
+	       {
+		 if ((addr_err = parse_server(str_addr, &sdetails)))
+		   {
+		     error = dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS,
+							   "Invalid IP address '%s': %s",
+							   str, addr_err);
+		     break;
+		   }
+		 
+		 while (parse_server_next(&sdetails))
+		   {
+		     if ((addr_err = parse_server_addr(&sdetails)))
+		       {
+			 error = dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS,
+							       "Invalid IP address '%s': %s",
+							       str, addr_err);
+			 break;
+		       }
+		     
+		     add_update_server(flags | SERV_FROM_DBUS, &addr, &source_addr, interface, str_domain, NULL);
+		   }
+	       }
 	  } while ((str_domain = p));
 	}
       else
@@ -402,11 +430,40 @@ static DBusMessage* dbus_read_servers_ex(DBusMessage *message, int strings)
 	    if (dbus_message_iter_get_arg_type(&string_iter) == DBUS_TYPE_STRING)
 	      dbus_message_iter_get_basic(&string_iter, &str);
 	    dbus_message_iter_next (&string_iter);
+
+	    if ((addr_err = parse_server(str_addr, &sdetails)))
+	      {
+		error = dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS,
+						      "Invalid IP address '%s': %s",
+						      str, addr_err);
+		break;
+	      }
 	    
-	    add_update_server(flags | SERV_FROM_DBUS, &addr, &source_addr, interface, str, NULL);
+	    while (parse_server_next(&sdetails))
+	      {
+		if ((addr_err = parse_server_addr(&sdetails)))
+		  {
+		    error = dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS,
+							  "Invalid IP address '%s': %s",
+							  str, addr_err);
+		    break;
+		  }
+		
+		/* 0.0.0.0 for server address == NULL, for Dbus */
+		if (addr.in.sin_family == AF_INET &&
+		    addr.in.sin_addr.s_addr == 0)
+		  flags |= SERV_LITERAL_ADDRESS;
+		else
+		  flags &= ~SERV_LITERAL_ADDRESS;
+		
+		add_update_server(flags | SERV_FROM_DBUS, &addr, &source_addr, interface, str, NULL);
+	      }
 	  } while (dbus_message_iter_get_arg_type(&string_iter) == DBUS_TYPE_STRING);
 	}
-	 
+      
+      if (sdetails.orig_hostinfo)
+	freeaddrinfo(sdetails.orig_hostinfo);
+      
       /* jump to next element in outer array */
       dbus_message_iter_next(&array_iter);
     }
@@ -545,6 +602,10 @@ static DBusMessage *dbus_add_lease(DBusMessage* message)
 					 "Invalid IP address '%s'", ipaddr);
    
   hw_len = parse_hex((char*)hwaddr, dhcp_chaddr, DHCP_CHADDR_MAX, NULL, &hw_type);
+  if (hw_len < 0)
+    return dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS,
+					 "Invalid HW address '%s'", hwaddr);
+
   if (hw_type == 0 && hw_len != 0)
     hw_type = ARPHRD_ETHER;
   
@@ -632,6 +693,77 @@ static DBusMessage *dbus_get_metrics(DBusMessage* message)
   return reply;
 }
 
+static void add_dict_entry(DBusMessageIter *container, const char *key, const char *val)
+{
+  DBusMessageIter dict;
+
+  dbus_message_iter_open_container(container, DBUS_TYPE_DICT_ENTRY, NULL, &dict);
+  dbus_message_iter_append_basic(&dict, DBUS_TYPE_STRING, &key);
+  dbus_message_iter_append_basic(&dict, DBUS_TYPE_STRING, &val);
+  dbus_message_iter_close_container(container, &dict);
+}
+
+static void add_dict_int(DBusMessageIter *container, const char *key, const unsigned int val)
+{
+  snprintf(daemon->namebuff, MAXDNAME, "%u", val);
+  
+  add_dict_entry(container, key, daemon->namebuff);
+}
+
+static DBusMessage *dbus_get_server_metrics(DBusMessage* message)
+{
+  DBusMessage *reply = dbus_message_new_method_return(message);
+  DBusMessageIter server_array, dict_array, server_iter;
+  struct server *serv;
+  
+  dbus_message_iter_init_append(reply, &server_iter);
+  dbus_message_iter_open_container(&server_iter, DBUS_TYPE_ARRAY, "a{ss}", &server_array);
+
+  /* sum counts from different records for same server */
+  for (serv = daemon->servers; serv; serv = serv->next)
+    serv->flags &= ~SERV_MARK;
+  
+  for (serv = daemon->servers; serv; serv = serv->next)
+    if (!(serv->flags & SERV_MARK))
+      {
+	unsigned int port;
+	unsigned int queries = 0, failed_queries = 0, nxdomain_replies = 0, retrys = 0;
+	unsigned int sigma_latency = 0, count_latency = 0;
+	
+	struct server *serv1;
+
+	for (serv1 = serv; serv1; serv1 = serv1->next)
+	  if (!(serv1->flags & SERV_MARK) && sockaddr_isequal(&serv->addr, &serv1->addr))
+	    {
+	      serv1->flags |= SERV_MARK;
+	      queries += serv1->queries;
+	      failed_queries += serv1->failed_queries;
+	      nxdomain_replies += serv1->nxdomain_replies;
+	      retrys += serv1->retrys;
+	      sigma_latency += serv1->query_latency;
+	      count_latency++;
+	    }
+	
+	dbus_message_iter_open_container(&server_array, DBUS_TYPE_ARRAY, "{ss}", &dict_array);
+	
+	port = prettyprint_addr(&serv->addr, daemon->namebuff);
+	add_dict_entry(&dict_array, "address", daemon->namebuff);
+	
+	add_dict_int(&dict_array, "port", port);
+	add_dict_int(&dict_array, "queries", serv->queries);
+	add_dict_int(&dict_array, "failed_queries", serv->failed_queries);
+	add_dict_int(&dict_array, "nxdomain", serv->nxdomain_replies);
+	add_dict_int(&dict_array, "retries", serv->retrys);
+	add_dict_int(&dict_array, "latency", sigma_latency/count_latency);
+	
+	dbus_message_iter_close_container(&server_array, &dict_array);
+      }
+  
+  dbus_message_iter_close_container(&server_iter, &server_array);
+  
+  return reply;
+}
+
 DBusHandlerResult message_handler(DBusConnection *connection, 
 				  DBusMessage *message, 
 				  void *user_data)
@@ -668,7 +800,7 @@ DBusHandlerResult message_handler(DBusConnection *connection,
 #endif
   else if (strcmp(method, "SetServers") == 0)
     {
-      dbus_read_servers(message);
+      reply = dbus_read_servers(message);
       new_servers = 1;
     }
   else if (strcmp(method, "SetServersEx") == 0)
@@ -685,6 +817,10 @@ DBusHandlerResult message_handler(DBusConnection *connection,
     {
       reply = dbus_set_bool(message, OPT_FILTER, "filterwin2k");
     }
+  else if (strcmp(method, "SetLocaliseQueriesOption") == 0)
+    {
+      reply = dbus_set_bool(message, OPT_LOCALISE, "localise-queries");
+    }
   else if (strcmp(method, "SetBogusPrivOption") == 0)
     {
       reply = dbus_set_bool(message, OPT_BOGUSPRIV, "bogus-priv");
@@ -703,6 +839,14 @@ DBusHandlerResult message_handler(DBusConnection *connection,
     {
       reply = dbus_get_metrics(message);
     }
+  else if (strcmp(method, "GetServerMetrics") == 0)
+    {
+      reply = dbus_get_server_metrics(message);
+    }
+  else if (strcmp(method, "ClearMetrics") == 0)
+    {
+      clear_metrics();
+    }
   else if (strcmp(method, "ClearCache") == 0)
     clear_cache = 1;
   else
@@ -719,7 +863,7 @@ DBusHandlerResult message_handler(DBusConnection *connection,
   if (clear_cache)
     clear_cache_and_reload(dnsmasq_time());
   
-  method = user_data; /* no warning */
+  (void)user_data; /* no warning */
 
   /* If no reply or no error, return nothing */
   if (!reply)
@@ -745,8 +889,11 @@ char *dbus_init(void)
 
   dbus_error_init (&dbus_error);
   if (!(connection = dbus_bus_get (DBUS_BUS_SYSTEM, &dbus_error)))
-    return NULL;
-    
+    {
+      dbus_error_free(&dbus_error);
+      return NULL;
+    }
+  
   dbus_connection_set_exit_on_disconnect(connection, FALSE);
   dbus_connection_set_watch_functions(connection, add_watch, remove_watch, 
 				      NULL, NULL, NULL);
diff --git a/src/dhcp-common.c b/src/dhcp-common.c
index 1f91ca0..84081ce 100644
--- a/src/dhcp-common.c
+++ b/src/dhcp-common.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -88,7 +88,7 @@ int match_netid_wild(struct dhcp_netid *check, struct dhcp_netid *pool)
   for (; check; check = check->next)
     {
       const int check_len = strlen(check->net);
-      const int is_wc = (check->net[check_len - 1] == '*');
+      const int is_wc = (check_len > 0 && check->net[check_len - 1] == '*');
       
       /* '#' for not is for backwards compat. */
       if (check->net[0] != '!' && check->net[0] != '#')
@@ -566,12 +566,16 @@ char *whichdevice(void)
       }
 
   if (found)
-    return found->name;
-
+    {
+      char *ret = safe_malloc(strlen(found->name)+1);
+      strcpy(ret, found->name);
+      return ret;
+    }
+  
   return NULL;
 }
  
-void  bindtodevice(char *device, int fd)
+static int bindtodevice(char *device, int fd)
 {
   size_t len = strlen(device)+1;
   if (len > IFNAMSIZ)
@@ -579,7 +583,33 @@ void  bindtodevice(char *device, int fd)
   /* only allowed by root. */
   if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, device, len) == -1 &&
       errno != EPERM)
-    die(_("failed to set SO_BINDTODEVICE on DHCP socket: %s"), NULL, EC_BADNET);
+    return 2;
+  
+  return 1;
+}
+
+int bind_dhcp_devices(char *bound_device)
+{
+  int ret = 0;
+
+  if (bound_device)
+    {
+      if (daemon->dhcp)
+	{
+	  if (!daemon->relay4)
+	    ret |= bindtodevice(bound_device, daemon->dhcpfd);
+	  
+	  if (daemon->enable_pxe && daemon->pxefd != -1)
+	    ret |= bindtodevice(bound_device, daemon->pxefd);
+	}
+      
+#if defined(HAVE_DHCP6)
+      if (daemon->doing_dhcp6 && !daemon->relay6)
+	ret |= bindtodevice(bound_device, daemon->dhcp6fd);
+#endif
+    }
+  
+  return ret;
 }
 #endif
 
@@ -655,6 +685,7 @@ static const struct opttab_t {
   { "client-machine-id", 97, 0 },
   { "posix-timezone", 100, OT_NAME }, /* RFC 4833, Sec. 2 */
   { "tzdb-timezone", 101, OT_NAME }, /* RFC 4833, Sec. 2 */
+  { "ipv6-only", 108, 4 | OT_DEC },  /* RFC 8925 */ 
   { "subnet-select", 118, OT_INTERNAL },
   { "domain-search", 119, OT_RFC1035_NAME },
   { "sip-server", 120, 0 },
@@ -691,6 +722,8 @@ static const struct opttab_t opttab6[] = {
   { "sntp-server", 31,  OT_ADDR_LIST },
   { "information-refresh-time", 32, OT_TIME },
   { "FQDN", 39, OT_INTERNAL | OT_RFC1035_NAME },
+  { "posix-timezone", 41, OT_NAME }, /* RFC 4833, Sec. 3 */
+  { "tzdb-timezone", 42, OT_NAME }, /* RFC 4833, Sec. 3 */
   { "ntp-server", 56, 0 /* OT_ADDR_LIST | OT_RFC1035_NAME */ },
   { "bootfile-url", 59, OT_NAME },
   { "bootfile-param", 60, OT_CSTRING },
@@ -985,11 +1018,34 @@ void log_context(int family, struct dhcp_context *context)
 
 void log_relay(int family, struct dhcp_relay *relay)
 {
+  int broadcast = relay->server.addr4.s_addr == 0;
   inet_ntop(family, &relay->local, daemon->addrbuff, ADDRSTRLEN);
-  inet_ntop(family, &relay->server, daemon->namebuff, ADDRSTRLEN); 
+  inet_ntop(family, &relay->server, daemon->namebuff, ADDRSTRLEN);
+
+  if (family == AF_INET && relay->port != DHCP_SERVER_PORT)
+    sprintf(daemon->namebuff + strlen(daemon->namebuff), "#%u", relay->port);
 
+#ifdef HAVE_DHCP6
+  struct in6_addr multicast;
+
+  inet_pton(AF_INET6, ALL_SERVERS, &multicast);
+
+  if (family == AF_INET6)
+    {
+      broadcast = IN6_ARE_ADDR_EQUAL(&relay->server.addr6, &multicast);
+      if (relay->port != DHCPV6_SERVER_PORT)
+	sprintf(daemon->namebuff + strlen(daemon->namebuff), "#%u", relay->port);
+    }
+#endif
+  
+  
   if (relay->interface)
-    my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay from %s to %s via %s"), daemon->addrbuff, daemon->namebuff, relay->interface);
+    {
+      if (broadcast)
+	my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay from %s via %s"), daemon->addrbuff, relay->interface);
+      else
+	my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay from %s to %s via %s"), daemon->addrbuff, daemon->namebuff, relay->interface);
+    }
   else
     my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay from %s to %s"), daemon->addrbuff, daemon->namebuff);
 }
diff --git a/src/dhcp-protocol.h b/src/dhcp-protocol.h
index 6ff3ffa..e281143 100644
--- a/src/dhcp-protocol.h
+++ b/src/dhcp-protocol.h
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -64,6 +64,7 @@
 #define OPTION_SIP_SERVER        120
 #define OPTION_VENDOR_IDENT      124
 #define OPTION_VENDOR_IDENT_OPT  125
+#define OPTION_MUD_URL_V4        161
 #define OPTION_END               255
 
 #define SUBOPT_CIRCUIT_ID        1
diff --git a/src/dhcp.c b/src/dhcp.c
index e500bc2..42d819f 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -20,8 +20,6 @@
 
 struct iface_param {
   struct dhcp_context *current;
-  struct dhcp_relay *relay;
-  struct in_addr relay_local;
   int ind;
 };
 
@@ -34,7 +32,7 @@ static int complete_context(struct in_addr local, int if_index, char *label,
 			    struct in_addr netmask, struct in_addr broadcast, void *vparam);
 static int check_listen_addrs(struct in_addr local, int if_index, char *label,
 			      struct in_addr netmask, struct in_addr broadcast, void *vparam);
-static int relay_upstream4(struct dhcp_relay *relay, struct dhcp_packet *mess, size_t sz, int iface_index);
+static int relay_upstream4(int iface_index, struct dhcp_packet *mess, size_t sz);
 static struct dhcp_relay *relay_reply4(struct dhcp_packet *mess, char *arrival_interface);
 
 static int make_fd(int port)
@@ -177,11 +175,15 @@ void dhcp_packet(time_t now, int pxe_fd)
   if ((sz = recv_dhcp_packet(fd, &msg)) == -1 || 
       (sz < (ssize_t)(sizeof(*mess) - sizeof(mess->options)))) 
     return;
-    
-  #if defined (HAVE_LINUX_NETWORK)
+  
+#ifdef HAVE_DUMPFILE
+  dump_packet_udp(DUMP_DHCP, (void *)daemon->dhcp_packet.iov_base, sz, (union mysockaddr *)&dest, NULL, fd);
+#endif
+  
+#if defined (HAVE_LINUX_NETWORK)
   if (ioctl(fd, SIOCGSTAMP, &tv) == 0)
     recvtime = tv.tv_sec;
-
+  
   if (msg.msg_controllen >= sizeof(struct cmsghdr))
     for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
       if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
@@ -302,12 +304,7 @@ void dhcp_packet(time_t now, int pxe_fd)
       for (context = daemon->dhcp; context; context = context->next)
 	context->current = context;
       
-      for (relay = daemon->relay4; relay; relay = relay->next)
-	relay->current = relay;
-      
       parm.current = NULL;
-      parm.relay = NULL;
-      parm.relay_local.s_addr = 0;
       parm.ind = iface_index;
       
       if (!iface_check(AF_INET, (union all_addr *)&iface_addr, ifr.ifr_name, NULL))
@@ -329,15 +326,19 @@ void dhcp_packet(time_t now, int pxe_fd)
 	     there is more than one address on the interface in the same subnet */
 	  complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm);
 	}    
+            
+      if (relay_upstream4(iface_index, mess, (size_t)sz))
+	return;
       
       if (!iface_enumerate(AF_INET, &parm, complete_context))
 	return;
 
-      /* We're relaying this request */
-      if  (parm.relay_local.s_addr != 0 &&
-	   relay_upstream4(parm.relay, mess, (size_t)sz, iface_index))
+      /* Check for a relay again after iface_enumerate/complete_context has had
+	 chance to fill in relay->iface_index fields. This handles first time through
+	 and any changes in interface config. */
+       if (relay_upstream4(iface_index, mess, (size_t)sz))
 	return;
-
+       
       /* May have configured relay, but not DHCP server */
       if (!daemon->dhcp)
 	return;
@@ -455,6 +456,17 @@ void dhcp_packet(time_t now, int pxe_fd)
 #elif defined(HAVE_BSD_NETWORK)
   else 
     {
+#ifdef HAVE_DUMPFILE
+      if (ntohs(mess->flags) & 0x8000)
+        dest.sin_addr.s_addr = INADDR_BROADCAST;
+      else
+        dest.sin_addr = mess->yiaddr;
+      dest.sin_port = htons(daemon->dhcp_client_port);
+      
+      dump_packet_udp(DUMP_DHCP, (void *)iov.iov_base, iov.iov_len, NULL,
+		      (union mysockaddr *)&dest, fd);
+#endif
+      
       send_via_bpf(mess, iov.iov_len, iface_addr, &ifr);
       return;
     }
@@ -463,6 +475,11 @@ void dhcp_packet(time_t now, int pxe_fd)
 #ifdef HAVE_SOLARIS_NETWORK
   setsockopt(fd, IPPROTO_IP, IP_BOUND_IF, &iface_index, sizeof(iface_index));
 #endif
+
+#ifdef HAVE_DUMPFILE
+  dump_packet_udp(DUMP_DHCP, (void *)iov.iov_base, iov.iov_len, NULL,
+		  (union mysockaddr *)&dest, fd);
+#endif
   
   while(retry_send(sendmsg(fd, &msg, 0)));
 
@@ -613,14 +630,9 @@ static int complete_context(struct in_addr local, int if_index, char *label,
     }
 
   for (relay = daemon->relay4; relay; relay = relay->next)
-    if (if_index == param->ind && relay->local.addr4.s_addr == local.s_addr && relay->current == relay &&
-	(param->relay_local.s_addr == 0 || param->relay_local.s_addr == local.s_addr))
-      {
-	relay->current = param->relay;
-	param->relay = relay;
-	param->relay_local = local;	
-      }
-
+    if (relay->local.addr4.s_addr == local.s_addr)
+      relay->iface_index = if_index;
+  
   return 1;
 }
 	  
@@ -1061,53 +1073,96 @@ char *host_from_dns(struct in_addr addr)
   return NULL;
 }
 
-static int  relay_upstream4(struct dhcp_relay *relay, struct dhcp_packet *mess, size_t sz, int iface_index)
+static int relay_upstream4(int iface_index, struct dhcp_packet *mess, size_t sz)
 {
-  /* ->local is same value for all relays on ->current chain */
-  union all_addr from;
-  
+  struct in_addr giaddr = mess->giaddr;
+  u8 hops = mess->hops;
+  struct dhcp_relay *relay;
+
   if (mess->op != BOOTREQUEST)
     return 0;
 
-  /* source address == relay address */
-  from.addr4 = relay->local.addr4;
+  for (relay = daemon->relay4; relay; relay = relay->next)
+    if (relay->iface_index != 0 && relay->iface_index == iface_index)
+      break;
+
+  /* No relay config. */
+  if (!relay)
+    return 0;
   
-  /* already gatewayed ? */
-  if (mess->giaddr.s_addr)
-    {
-      /* if so check if by us, to stomp on loops. */
-      if (mess->giaddr.s_addr == relay->local.addr4.s_addr)
-	return 1;
-    }
-  else
-    {
-      /* plug in our address */
-      mess->giaddr.s_addr = relay->local.addr4.s_addr;
-    }
+  for (; relay; relay = relay->next)
+    if (relay->iface_index != 0 && relay->iface_index == iface_index)
+      {
+	union mysockaddr to;
+	union all_addr from;
 
-  if ((mess->hops++) > 20)
-    return 1;
+	mess->hops = hops;
+	mess->giaddr = giaddr;
+	
+	if ((mess->hops++) > 20)
+	  continue;
+	
+	/* source address == relay address */
+	from.addr4 = relay->local.addr4;
 
-  for (; relay; relay = relay->current)
-    {
-      union mysockaddr to;
-      
-      to.sa.sa_family = AF_INET;
-      to.in.sin_addr = relay->server.addr4;
-      to.in.sin_port = htons(daemon->dhcp_server_port);
-      
-      send_from(daemon->dhcpfd, 0, (char *)mess, sz, &to, &from, 0);
-      
-      if (option_bool(OPT_LOG_OPTS))
+	/* already gatewayed ? */
+	if (giaddr.s_addr)
+	  {
+	    /* if so check if by us, to stomp on loops. */
+	    if (giaddr.s_addr == relay->local.addr4.s_addr)
+	      continue;
+	  }
+	else
+	  {
+	    /* plug in our address */
+	    mess->giaddr.s_addr = relay->local.addr4.s_addr;
+	  }
+	
+	to.sa.sa_family = AF_INET;
+	to.in.sin_addr = relay->server.addr4;
+	to.in.sin_port = htons(relay->port);
+	
+	/* Broadcasting to server. */
+	if (relay->server.addr4.s_addr == 0)
+	  {
+	    struct ifreq ifr;
+	    
+	    if (relay->interface)
+	      safe_strncpy(ifr.ifr_name, relay->interface, IF_NAMESIZE);
+	    
+	    if (!relay->interface || strchr(relay->interface, '*') ||
+		ioctl(daemon->dhcpfd, SIOCGIFBRDADDR, &ifr) == -1)
+	      {
+		my_syslog(MS_DHCP | LOG_ERR, _("Cannot broadcast DHCP relay via interface %s"), relay->interface);
+		continue;
+	      }
+	    
+	    to.in.sin_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+	  }
+	
+#ifdef HAVE_DUMPFILE
 	{
-	  inet_ntop(AF_INET, &relay->local, daemon->addrbuff, ADDRSTRLEN);
-	  inet_ntop(AF_INET, &relay->server.addr4, daemon->dhcp_buff2, DHCP_BUFF_SZ);
-	  my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay %s -> %s"), daemon->addrbuff, daemon->dhcp_buff2);
+	  union mysockaddr fromsock;
+	  fromsock.in.sin_port = htons(daemon->dhcp_server_port);
+	  fromsock.in.sin_addr = from.addr4;
+	  fromsock.sa.sa_family = AF_INET;
+
+	  dump_packet_udp(DUMP_DHCP, (void *)mess, sz, &fromsock, &to, -1);
 	}
-      
-      /* Save this for replies */
-      relay->iface_index = iface_index;
-    }
+#endif
+	
+	 send_from(daemon->dhcpfd, 0, (char *)mess, sz, &to, &from, 0);
+	 
+	 if (option_bool(OPT_LOG_OPTS))
+	   {
+	     inet_ntop(AF_INET, &relay->local, daemon->addrbuff, ADDRSTRLEN);
+	     if (relay->server.addr4.s_addr == 0)
+	       snprintf(daemon->dhcp_buff2, DHCP_BUFF_SZ, _("broadcast via %s"), relay->interface);
+	     else
+	       inet_ntop(AF_INET, &relay->server.addr4, daemon->dhcp_buff2, DHCP_BUFF_SZ);
+	     my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay at %s -> %s"), daemon->addrbuff, daemon->dhcp_buff2);
+	   }
+      }
   
   return 1;
 }
diff --git a/src/dhcp6-protocol.h b/src/dhcp6-protocol.h
index ebe8dfd..ce16603 100644
--- a/src/dhcp6-protocol.h
+++ b/src/dhcp6-protocol.h
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -55,12 +55,15 @@
 #define OPTION6_RECONF_ACCEPT   20
 #define OPTION6_DNS_SERVER      23
 #define OPTION6_DOMAIN_SEARCH   24
+#define OPTION6_IA_PD           25
+#define OPTION6_IAPREFIX        26
 #define OPTION6_REFRESH_TIME    32
 #define OPTION6_REMOTE_ID       37
 #define OPTION6_SUBSCRIBER_ID   38
 #define OPTION6_FQDN            39
 #define OPTION6_NTP_SERVER      56
 #define OPTION6_CLIENT_MAC      79
+#define OPTION6_MUD_URL         112
 
 #define NTP_SUBOPTION_SRV_ADDR  1
 #define NTP_SUBOPTION_MC_ADDR   2
diff --git a/src/dhcp6.c b/src/dhcp6.c
index 2be877f..1c8c679 100644
--- a/src/dhcp6.c
+++ b/src/dhcp6.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,8 +22,7 @@
 
 struct iface_param {
   struct dhcp_context *current;
-  struct dhcp_relay *relay;
-  struct in6_addr fallback, relay_local, ll_addr, ula_addr;
+  struct in6_addr fallback, ll_addr, ula_addr;
   int ind, addr_match;
 };
 
@@ -90,7 +89,6 @@ void dhcp6_init(void)
 void dhcp6_packet(time_t now)
 {
   struct dhcp_context *context;
-  struct dhcp_relay *relay;
   struct iface_param parm;
   struct cmsghdr *cmptr;
   struct msghdr msg;
@@ -105,7 +103,8 @@ void dhcp6_packet(time_t now)
   struct iname *tmp;
   unsigned short port;
   struct in6_addr dst_addr;
-
+  struct in6_addr all_servers;
+  
   memset(&dst_addr, 0, sizeof(dst_addr));
 
   msg.msg_control = control_u.control6;
@@ -119,6 +118,11 @@ void dhcp6_packet(time_t now)
   if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1)
     return;
   
+#ifdef HAVE_DUMPFILE
+  dump_packet_udp(DUMP_DHCPV6, (void *)daemon->dhcp_packet.iov_base, sz,
+		  (union mysockaddr *)&from, NULL, daemon->dhcp6fd);
+#endif
+  
   for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
     if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
       {
@@ -135,9 +139,13 @@ void dhcp6_packet(time_t now)
   if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name))
     return;
 
-  if ((port = relay_reply6(&from, sz, ifr.ifr_name)) != 0)
+  if (relay_reply6(&from, sz, ifr.ifr_name))
     {
-      from.sin6_port = htons(port);
+#ifdef HAVE_DUMPFILE
+      dump_packet_udp(DUMP_DHCPV6, (void *)daemon->outpacket.iov_base, save_counter(-1), NULL,
+		      (union mysockaddr *)&from, daemon->dhcp6fd);
+#endif
+      
       while (retry_send(sendto(daemon->dhcp6fd, daemon->outpacket.iov_base, 
 			       save_counter(-1), 0, (struct sockaddr *)&from, 
 			       sizeof(from))));
@@ -145,7 +153,7 @@ void dhcp6_packet(time_t now)
   else
     {
       struct dhcp_bridge *bridge, *alias;
-
+      
       for (tmp = daemon->if_except; tmp; tmp = tmp->next)
 	if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
 	  return;
@@ -155,14 +163,12 @@ void dhcp6_packet(time_t now)
 	  return;
       
       parm.current = NULL;
-      parm.relay = NULL;
-      memset(&parm.relay_local, 0, IN6ADDRSZ);
       parm.ind = if_index;
       parm.addr_match = 0;
       memset(&parm.fallback, 0, IN6ADDRSZ);
       memset(&parm.ll_addr, 0, IN6ADDRSZ);
       memset(&parm.ula_addr, 0, IN6ADDRSZ);
-
+      
       /* If the interface on which the DHCPv6 request was received is
          an alias of some other interface (as specified by the
          --bridge-interface option), change parm.ind so that we look
@@ -200,13 +206,25 @@ void dhcp6_packet(time_t now)
 	    context->current = context;
 	    memset(&context->local6, 0, IN6ADDRSZ);
 	  }
-
-      for (relay = daemon->relay6; relay; relay = relay->next)
-	relay->current = relay;
+      
+      /* Ignore requests sent to the ALL_SERVERS multicast address for relay when
+	 we're listening there for DHCPv6 server reasons. */
+      inet_pton(AF_INET6, ALL_SERVERS, &all_servers);
+      
+      if (!IN6_ARE_ADDR_EQUAL(&dst_addr, &all_servers) &&
+	  relay_upstream6(if_index, (size_t)sz, &from.sin6_addr, from.sin6_scope_id, now))
+	return;
       
       if (!iface_enumerate(AF_INET6, &parm, complete_context6))
 	return;
-
+      
+      /* Check for a relay again after iface_enumerate/complete_context has had
+	 chance to fill in relay->iface_index fields. This handles first time through
+	 and any changes in interface config. */
+      if (!IN6_ARE_ADDR_EQUAL(&dst_addr, &all_servers) &&
+	  relay_upstream6(if_index, (size_t)sz, &from.sin6_addr, from.sin6_scope_id, now))
+	return;
+      
       if (daemon->if_names || daemon->if_addrs)
 	{
 	  
@@ -218,23 +236,10 @@ void dhcp6_packet(time_t now)
 	    return;
 	}
       
-      if (parm.relay)
-	{
-	  /* Ignore requests sent to the ALL_SERVERS multicast address for relay when
-	     we're listening there for DHCPv6 server reasons. */
-	  struct in6_addr all_servers;
-	  
-	  inet_pton(AF_INET6, ALL_SERVERS, &all_servers);
-	  
-	  if (!IN6_ARE_ADDR_EQUAL(&dst_addr, &all_servers))
-	    relay_upstream6(parm.relay, sz, &from.sin6_addr, from.sin6_scope_id, now);
-	  return;
-	}
-      
       /* May have configured relay, but not DHCP server */
       if (!daemon->doing_dhcp6)
 	return;
-
+      
       lease_prune(NULL, now); /* lose any expired leases */
       
       port = dhcp6_reply(parm.current, if_index, ifr.ifr_name, &parm.fallback, 
@@ -247,11 +252,16 @@ void dhcp6_packet(time_t now)
       if (port != 0)
 	{
 	  from.sin6_port = htons(port);
-	  while (retry_send(sendto(daemon->dhcp6fd, daemon->outpacket.iov_base, 
-				   save_counter(-1), 0, (struct sockaddr *)&from, 
-				   sizeof(from))));
+	  
+#ifdef HAVE_DUMPFILE
+	  dump_packet_udp(DUMP_DHCPV6, (void *)daemon->outpacket.iov_base, save_counter(-1),
+			  NULL, (union mysockaddr *)&from, daemon->dhcp6fd);
+#endif 
+	  
+	  while (retry_send(sendto(daemon->dhcp6fd, daemon->outpacket.iov_base,
+				   save_counter(-1), 0, (struct sockaddr *)&from, sizeof(from))));
 	}
-
+      
       /* These need to be called _after_ we send DHCPv6 packet, since lease_update_file()
 	 may trigger sending an RA packet, which overwrites our buffer. */
       lease_update_file(now);
@@ -292,7 +302,7 @@ void get_client_mac(struct in6_addr *client, int iface, unsigned char *mac, unsi
       if ((maclen = find_mac(&addr, mac, 0, now)) != 0)
 	break;
 	  
-      sendto(daemon->icmp6fd, &neigh, sizeof(neigh), 0, &addr.sa, sizeof(addr));
+      while(retry_send(sendto(daemon->icmp6fd, &neigh, sizeof(neigh), 0, &addr.sa, sizeof(addr))));
       
       ts.tv_sec = 0;
       ts.tv_nsec = 100000000; /* 100ms */
@@ -312,6 +322,7 @@ static int complete_context6(struct in6_addr *local,  int prefix,
   struct dhcp_relay *relay;
   struct iface_param *param = vparam;
   struct iname *tmp;
+  int match = !daemon->if_addrs;
  
   (void)scope; /* warning */
   
@@ -333,7 +344,7 @@ static int complete_context6(struct in6_addr *local,  int prefix,
   for (tmp = daemon->if_addrs; tmp; tmp = tmp->next)
     if (tmp->addr.sa.sa_family == AF_INET6 &&
 	IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, local))
-      param->addr_match = 1;
+      match = param->addr_match = 1;
   
   /* Determine a globally address on the arrival interface, even
      if we have no matching dhcp-context, because we're only
@@ -405,16 +416,12 @@ static int complete_context6(struct in6_addr *local,  int prefix,
 	      }
 	  }      
       }
-
-  for (relay = daemon->relay6; relay; relay = relay->next)
-    if (IN6_ARE_ADDR_EQUAL(local, &relay->local.addr6) && relay->current == relay &&
-	(IN6_IS_ADDR_UNSPECIFIED(&param->relay_local) || IN6_ARE_ADDR_EQUAL(local, &param->relay_local)))
-      {
-	relay->current = param->relay;
-	param->relay = relay;
-	param->relay_local = *local;
-      }
-     
+  
+  if (match)
+    for (relay = daemon->relay6; relay; relay = relay->next)
+      if (IN6_ARE_ADDR_EQUAL(local, &relay->local.addr6))
+	relay->iface_index = if_index;
+  
   return 1;
 }
 
diff --git a/src/dns-protocol.h b/src/dns-protocol.h
index 496a4bb..8558c33 100644
--- a/src/dns-protocol.h
+++ b/src/dns-protocol.h
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 602daed..bd3dcf5 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -17,8 +17,13 @@
 /* Declare static char *compiler_opts  in config.h */
 #define DNSMASQ_COMPILE_OPTS
 
+/* dnsmasq.h has to be included first as it sources config.h */
 #include "dnsmasq.h"
 
+#if defined(HAVE_IDN) || defined(HAVE_LIBIDN2) || defined(LOCALEDIR)
+#include <locale.h>
+#endif
+
 struct daemon *daemon;
 
 static volatile pid_t pid = 0;
@@ -34,7 +39,6 @@ static void poll_resolv(int force, int do_reload, time_t now);
 
 int main (int argc, char **argv)
 {
-  int bind_fallback = 0;
   time_t now;
   struct sigaction sigact;
   struct iname *if_tmp;
@@ -59,6 +63,8 @@ int main (int argc, char **argv)
   int did_bind = 0;
   struct server *serv;
   char *netlink_warn;
+#else
+  int bind_fallback = 0;
 #endif 
 #if defined(HAVE_DHCP) || defined(HAVE_DHCP6)
   struct dhcp_context *context;
@@ -68,8 +74,10 @@ int main (int argc, char **argv)
   int tftp_prefix_missing = 0;
 #endif
 
-#ifdef LOCALEDIR
+#if defined(HAVE_IDN) || defined(HAVE_LIBIDN2) || defined(LOCALEDIR)
   setlocale(LC_ALL, "");
+#endif
+#ifdef LOCALEDIR
   bindtextdomain("dnsmasq", LOCALEDIR); 
   textdomain("dnsmasq");
 #endif
@@ -257,6 +265,10 @@ int main (int argc, char **argv)
    
   if (daemon->max_port < daemon->min_port)
     die(_("max_port cannot be smaller than min_port"), NULL, EC_BADCONF);
+
+  if (daemon->max_port != 0 &&
+      daemon->max_port - daemon->min_port + 1 < daemon->randport_limit)
+    die(_("port_limit must not be larger than available port range"), NULL, EC_BADCONF);
   
   now = dnsmasq_time();
 
@@ -345,6 +357,16 @@ int main (int argc, char **argv)
     }
 #endif
 
+#ifdef HAVE_NFTSET
+  if (daemon->nftsets)
+    {
+      nftset_init();
+#  ifdef HAVE_LINUX_NETWORK
+      need_cap_net_admin = 1;
+#  endif
+    }
+#endif
+
 #if  defined(HAVE_LINUX_NETWORK)
   netlink_warn = netlink_init();
 #elif defined(HAVE_BSD_NETWORK)
@@ -369,28 +391,9 @@ int main (int argc, char **argv)
 #if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP)
       /* after enumerate_interfaces()  */
       bound_device = whichdevice();
-      
-      if (daemon->dhcp)
-	{
-	  if (!daemon->relay4 && bound_device)
-	    {
-	      bindtodevice(bound_device, daemon->dhcpfd);
-	      did_bind = 1;
-	    }
-	  if (daemon->enable_pxe && bound_device)
-	    {
-	      bindtodevice(bound_device, daemon->pxefd);
-	      did_bind = 1;
-	    }
-	}
-#endif
 
-#if defined(HAVE_LINUX_NETWORK) && defined(HAVE_DHCP6)
-      if (daemon->doing_dhcp6 && !daemon->relay6 && bound_device)
-	{
-	  bindtodevice(bound_device, daemon->dhcp6fd);
-	  did_bind = 1;
-	}
+      if ((did_bind = bind_dhcp_devices(bound_device)) & 2)
+	die(_("failed to set SO_BINDTODEVICE on DHCP socket: %s"), NULL, EC_BADNET);	
 #endif
     }
   else 
@@ -716,7 +719,11 @@ int main (int argc, char **argv)
    /* if we are to run scripts, we need to fork a helper before dropping root. */
   daemon->helperfd = -1;
 #ifdef HAVE_SCRIPT 
-  if ((daemon->dhcp || daemon->dhcp6 || option_bool(OPT_TFTP) || option_bool(OPT_SCRIPT_ARP)) && 
+  if ((daemon->dhcp ||
+       daemon->dhcp6 ||
+       daemon->relay6 ||
+       option_bool(OPT_TFTP) ||
+       option_bool(OPT_SCRIPT_ARP)) && 
       (daemon->lease_change_command || daemon->luascript))
       daemon->helperfd = create_helper(pipewrite, err_pipe[1], script_uid, script_gid, max_fd);
 #endif
@@ -920,8 +927,10 @@ int main (int argc, char **argv)
     my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"), 
 	      daemon->log_file, strerror(log_err));
   
+#ifndef HAVE_LINUX_NETWORK
   if (bind_fallback)
     my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations"));
+#endif
 
   if (option_bool(OPT_NOWILD))
     warn_bound_listeners();
@@ -1050,19 +1059,20 @@ int main (int argc, char **argv)
   
   while (1)
     {
-      int timeout = -1;
+      int timeout = fast_retry(now);
       
       poll_reset();
       
       /* Whilst polling for the dbus, or doing a tftp transfer, wake every quarter second */
-      if (daemon->tftp_trans ||
-	  (option_bool(OPT_DBUS) && !daemon->dbus))
+      if ((daemon->tftp_trans || (option_bool(OPT_DBUS) && !daemon->dbus)) &&
+	  (timeout == -1 || timeout > 250))
 	timeout = 250;
-
+      
       /* Wake every second whilst waiting for DAD to complete */
-      else if (is_dad_listeners())
+      else if (is_dad_listeners() &&
+	       (timeout == -1 || timeout > 1000))
 	timeout = 1000;
-
+      
       set_dns_listeners();
 
 #ifdef HAVE_DBUS
@@ -1076,6 +1086,17 @@ int main (int argc, char **argv)
 #endif
       
 #ifdef HAVE_DHCP
+#  if defined(HAVE_LINUX_NETWORK)
+      if (bind_dhcp_devices(bound_device) & 2)
+	{
+	  static int warned = 0;
+	  if (!warned)
+	    {
+	      my_syslog(LOG_ERR, _("error binding DHCP socket to device %s"), bound_device);
+	      warned = 1;
+	    }
+	}
+# endif
       if (daemon->dhcp || daemon->relay4)
 	{
 	  poll_listen(daemon->dhcpfd, POLLIN);
@@ -1119,6 +1140,10 @@ int main (int argc, char **argv)
       while (helper_buf_empty() && do_tftp_script_run());
 #    endif
 
+#    ifdef HAVE_DHCP6
+      while (helper_buf_empty() && do_snoop_script_run());
+#    endif
+      
       if (!helper_buf_empty())
 	poll_listen(daemon->helperfd, POLLOUT);
 #else
@@ -1575,7 +1600,7 @@ static void async_event(int pipe, time_t now)
 	  {
 	    /* block in writes until all done */
 	    if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1)
-	      fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK); 
+	      while(retry_send(fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK)));
 	    do {
 	      helper_write();
 	    } while (!helper_buf_empty() || do_script_run(now));
@@ -1645,9 +1670,10 @@ static void poll_resolv(int force, int do_reload, time_t now)
     else
       {
 	res->logged = 0;
-	if (force || (statbuf.st_mtime != res->mtime))
+	if (force || (statbuf.st_mtime != res->mtime || statbuf.st_ino != res->ino))
           {
             res->mtime = statbuf.st_mtime;
+	    res->ino = statbuf.st_ino;
 	    if (difftime(statbuf.st_mtime, last_change) > 0.0)
 	      {
 		last_change = statbuf.st_mtime;
@@ -1669,6 +1695,11 @@ static void poll_resolv(int force, int do_reload, time_t now)
 	}
       else 
 	{
+	  /* If we're delaying things, we don't call check_servers(), but 
+	     reload_servers() may have deleted some servers, rendering the server_array
+	     invalid, so just rebuild that here. Once reload_servers() succeeds,
+	     we call check_servers() above, which calls build_server_array itself. */
+	  build_server_array();
 	  latest->mtime = 0;
 	  if (!warned)
 	    {
@@ -1984,13 +2015,10 @@ static void check_dns_listeners(time_t now)
 		 attribute from the listening socket. 
 		 Reset that here. */
 	      if ((flags = fcntl(confd, F_GETFL, 0)) != -1)
-		fcntl(confd, F_SETFL, flags & ~O_NONBLOCK);
+		while(retry_send(fcntl(confd, F_SETFL, flags & ~O_NONBLOCK)));
 	      
 	      buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns);
 	       
-	      shutdown(confd, SHUT_RDWR);
-	      close(confd);
-	      
 	      if (buff)
 		free(buff);
 	      
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index 8674823..aaa6d62 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
  
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -14,7 +14,7 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#define COPYRIGHT "Copyright (c) 2000-2021 Simon Kelley"
+#define COPYRIGHT "Copyright (c) 2000-2022 Simon Kelley"
 
 /* We do defines that influence behavior of stdio.h, so complain
    if included too early. */
@@ -133,6 +133,7 @@ typedef unsigned long long u64;
 #include <sys/uio.h>
 #include <syslog.h>
 #include <dirent.h>
+#include <netdb.h>
 #ifndef HAVE_LINUX_NETWORK
 #  include <net/if_dl.h>
 #endif
@@ -275,7 +276,12 @@ struct event_desc {
 #define OPT_UMBRELLA_DEVID 64
 #define OPT_CMARK_ALST_EN  65
 #define OPT_QUIET_TFTP     66
-#define OPT_LAST           67
+#define OPT_FILTER_A       67
+#define OPT_FILTER_AAAA    68
+#define OPT_STRIP_ECS      69
+#define OPT_STRIP_MAC      70
+#define OPT_NORR           71
+#define OPT_LAST           72
 
 #define OPTION_BITS (sizeof(unsigned int)*8)
 #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
@@ -506,6 +512,7 @@ struct crec {
 #define F_DOMAINSRV (1u<<28)
 #define F_RCODE     (1u<<29)
 #define F_SRV       (1u<<30)
+#define F_STALE     (1u<<31)
 
 #define UID_NONE      0
 /* Values of uid in crecs with F_CONFIG bit set. */
@@ -530,23 +537,23 @@ union mysockaddr {
 
 
 /* The actual values here matter, since we sort on them to get records in the order
-   IPv6 addr, IPv4 addr, all zero return, no-data return, send upstream. */
-#define SERV_LITERAL_ADDRESS   1  /* addr is the answer, or NoDATA is the answer, depending on the next three flags */
-#define SERV_ALL_ZEROS         2  /* return all zeros for A and AAAA */
-#define SERV_4ADDR             4  /* addr is IPv4 */
-#define SERV_6ADDR             8  /* addr is IPv6 */
-#define SERV_HAS_SOURCE       16  /* source address defined */
-#define SERV_FOR_NODOTS       32  /* server for names with no domain part only */
-#define SERV_WARNED_RECURSIVE 64  /* avoid warning spam */
-#define SERV_FROM_DBUS       128  /* 1 if source is DBus */
-#define SERV_MARK            256  /* for mark-and-delete and log code */
-#define SERV_WILDCARD        512  /* domain has leading '*' */ 
-#define SERV_USE_RESOLV     1024  /* forward this domain in the normal way */
-#define SERV_FROM_RESOLV    2048  /* 1 for servers from resolv, 0 for command line. */
-#define SERV_FROM_FILE      4096  /* read from --servers-file */
-#define SERV_LOOP           8192  /* server causes forwarding loop */
-#define SERV_DO_DNSSEC     16384  /* Validate DNSSEC when using this server */
-#define SERV_GOT_TCP       32768  /* Got some data from the TCP connection */
+   IPv6 addr, IPv4 addr, all zero return, resolvconf servers, upstream server, no-data return  */
+#define SERV_LITERAL_ADDRESS    1  /* addr is the answer, or NoDATA is the answer, depending on the next four flags */
+#define SERV_USE_RESOLV         2  /* forward this domain in the normal way */
+#define SERV_ALL_ZEROS          4  /* return all zeros for A and AAAA */
+#define SERV_4ADDR              8  /* addr is IPv4 */
+#define SERV_6ADDR             16  /* addr is IPv6 */
+#define SERV_HAS_SOURCE        32  /* source address defined */
+#define SERV_FOR_NODOTS        64  /* server for names with no domain part only */
+#define SERV_WARNED_RECURSIVE 128  /* avoid warning spam */
+#define SERV_FROM_DBUS        256  /* 1 if source is DBus */
+#define SERV_MARK             512  /* for mark-and-delete and log code */
+#define SERV_WILDCARD        1024  /* domain has leading '*' */ 
+#define SERV_FROM_RESOLV     2048  /* 1 for servers from resolv, 0 for command line. */
+#define SERV_FROM_FILE       4096  /* read from --servers-file */
+#define SERV_LOOP            8192  /* server causes forwarding loop */
+#define SERV_DO_DNSSEC      16384  /* Validate DNSSEC when using this server */
+#define SERV_GOT_TCP        32768  /* Got some data from the TCP connection */
 
 struct serverfd {
   int fd;
@@ -580,7 +587,8 @@ struct server {
   struct serverfd *sfd; 
   int tcpfd, edns_pktsz;
   time_t pktsz_reduced;
-  unsigned int queries, failed_queries;
+  unsigned int queries, failed_queries, nxdomain_replies, retrys;
+  unsigned int query_latency, mma_latency;
   time_t forwardtime;
   int forwardcount;
 #ifdef HAVE_LOOP
@@ -609,6 +617,11 @@ struct serv_local {
   struct server *next;
 };
 
+struct rebind_domain {
+  char *domain;
+  struct rebind_domain *next;
+};
+
 struct ipsets {
   char **sets;
   char *domain;
@@ -656,6 +669,7 @@ struct resolvc {
   struct resolvc *next;
   int is_default, logged;
   time_t mtime;
+  ino_t ino;
   char *name;
 #ifdef HAVE_INOTIFY
   int wd; /* inotify watch descriptor */
@@ -674,21 +688,32 @@ struct hostsfile {
   struct hostsfile *next;
   int flags;
   char *fname;
+  unsigned int index; /* matches to cache entries for logging */
+};
+
+struct dyndir {
+  struct dyndir *next;
+  struct hostsfile *files;
+  int flags;
+  char *dname;
 #ifdef HAVE_INOTIFY
   int wd; /* inotify watch descriptor */
 #endif
-  unsigned int index; /* matches to cache entries for logging */
 };
 
 /* packet-dump flags */
-#define DUMP_QUERY     0x0001
-#define DUMP_REPLY     0x0002
-#define DUMP_UP_QUERY  0x0004
-#define DUMP_UP_REPLY  0x0008
-#define DUMP_SEC_QUERY 0x0010
-#define DUMP_SEC_REPLY 0x0020
-#define DUMP_BOGUS     0x0040
-#define DUMP_SEC_BOGUS 0x0080
+#define DUMP_QUERY         0x0001
+#define DUMP_REPLY         0x0002
+#define DUMP_UP_QUERY      0x0004 
+#define DUMP_UP_REPLY      0x0008
+#define DUMP_SEC_QUERY     0x0010
+#define DUMP_SEC_REPLY     0x0020
+#define DUMP_BOGUS         0x0040 
+#define DUMP_SEC_BOGUS     0x0080
+#define DUMP_DHCP          0x1000
+#define DUMP_DHCPV6        0x2000
+#define DUMP_RA            0x4000
+#define DUMP_TFTP          0x8000
 
 /* DNSSEC status values. */
 #define STAT_SECURE             0x10000
@@ -715,7 +740,7 @@ struct hostsfile {
 
 #define FREC_NOREBIND           1
 #define FREC_CHECKING_DISABLED  2
-#define FREC_HAS_SUBNET         4
+#define FREC_NO_CACHE           4
 #define FREC_DNSKEY_QUERY       8
 #define FREC_DS_QUERY          16
 #define FREC_AD_QUESTION       32
@@ -724,7 +749,6 @@ struct hostsfile {
 #define FREC_TEST_PKTSZ       256
 #define FREC_HAS_EXTRADATA    512
 #define FREC_HAS_PHEADER     1024
-#define FREC_NO_CACHE        2048
 
 #define HASH_SIZE 32 /* SHA-256 digest size */
 
@@ -742,11 +766,13 @@ struct frec {
   unsigned short new_id;
   int forwardall, flags;
   time_t time;
+  u32 forward_timestamp;
+  int forward_delay;
   unsigned char *hash[HASH_SIZE];
-#ifdef HAVE_DNSSEC 
-  int class, work_counter;
   struct blockdata *stash; /* Saved reply, whilst we validate */
   size_t stash_len;
+#ifdef HAVE_DNSSEC 
+  int class, work_counter;
   struct frec *dependent; /* Query awaiting internally-generated DNSKEY or DS query */
   struct frec *next_dependent; /* list of above. */
   struct frec *blocking_query; /* Query which is blocking us. */
@@ -771,6 +797,7 @@ struct frec {
 #define ACTION_TFTP          5
 #define ACTION_ARP           6
 #define ACTION_ARP_DEL       7
+#define ACTION_RELAY_SNOOP   8
 
 #define LEASE_NEW            1  /* newly created */
 #define LEASE_CHANGED        2  /* modified */
@@ -962,6 +989,8 @@ struct dhcp_bridge {
 
 struct cond_domain {
   char *domain, *prefix; /* prefix is text-prefix on domain name */
+  char *interface;       /* These two set when domain comes from interface. */
+  struct addrlist *al;
   struct in_addr start, end;
   struct in6_addr start6, end6;
   int is6, indexed, prefixlen;
@@ -1069,7 +1098,15 @@ struct dhcp_relay {
   union all_addr local, server;
   char *interface; /* Allowable interface for replies from server, and dest for IPv6 multicast */
   int iface_index; /* working - interface in which requests arrived, for return */
-  struct dhcp_relay *current, *next;
+  int port;        /* Port of relay we forward to. */
+#ifdef HAVE_SCRIPT
+  struct snoop_record {
+    struct in6_addr client, prefix;
+    int prefix_len;
+    struct snoop_record *next;
+  } *snoop_records;
+#endif
+  struct dhcp_relay *next;
 };
 
 extern struct daemon {
@@ -1105,15 +1142,17 @@ extern struct daemon {
   char *lease_change_command;
   struct iname *if_names, *if_addrs, *if_except, *dhcp_except, *auth_peers, *tftp_interfaces;
   struct bogus_addr *bogus_addr, *ignore_addr;
-  struct server *servers, *local_domains, **serverarray, *no_rebind;
+  struct server *servers, *servers_tail, *local_domains, **serverarray;
+  struct rebind_domain *no_rebind;
   int server_has_wildcard;
   int serverarraysz, serverarrayhwm;
-  struct ipsets *ipsets;
+  struct ipsets *ipsets, *nftsets;
   u32 allowlist_mask;
   struct allowlist *allowlists;
   int log_fac; /* log facility */
   char *log_file; /* optional log file */
   int max_logs;  /* queue limit */
+  int randport_limit; /* Maximum number of source ports for query. */
   int cachesize, ftabsize;
   int port, query_port, min_port, max_port;
   unsigned long local_ttl, neg_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl;
@@ -1121,6 +1160,7 @@ extern struct daemon {
   u32 umbrella_org;
   u32 umbrella_asset;
   u8 umbrella_device[8];
+  int host_index;
   struct hostsfile *addn_hosts;
   struct dhcp_context *dhcp, *dhcp6;
   struct ra_interface *ra_interfaces;
@@ -1141,7 +1181,8 @@ extern struct daemon {
   int doing_ra, doing_dhcp6;
   struct dhcp_netid_list *dhcp_ignore, *dhcp_ignore_names, *dhcp_gen_names; 
   struct dhcp_netid_list *force_broadcast, *bootp_dynamic;
-  struct hostsfile *dhcp_hosts_file, *dhcp_opts_file, *dynamic_dirs;
+  struct hostsfile *dhcp_hosts_file, *dhcp_opts_file;
+  struct dyndir *dynamic_dirs;
   int dhcp_max, tftp_max, tftp_mtu;
   int dhcp_server_port, dhcp_client_port;
   int start_tftp_port, end_tftp_port; 
@@ -1158,6 +1199,8 @@ extern struct daemon {
   int dump_mask;
   unsigned long soa_sn, soa_refresh, soa_retry, soa_expiry;
   u32 metrics[__METRIC_MAX];
+  int fast_retry_time, fast_retry_timeout;
+  int cache_max_expiry;
 #ifdef HAVE_DNSSEC
   struct ds_config *ds;
   char *timestamp_file;
@@ -1167,9 +1210,12 @@ extern struct daemon {
   char *packet; /* packet buffer */
   int packet_buff_sz; /* size of above */
   char *namebuff; /* MAXDNAME size buffer */
+#if (defined(HAVE_CONNTRACK) && defined(HAVE_UBUS)) || defined(HAVE_DNSSEC)
+  /* CONNTRACK UBUS code uses this buffer, as well as DNSSEC code. */
+  char *workspacename;
+#endif
 #ifdef HAVE_DNSSEC
   char *keyname; /* MAXDNAME size buffer */
-  char *workspacename; /* ditto */
   unsigned long *rr_status; /* ceiling in TTL from DNSSEC or zero for insecure */
   int rr_status_sz;
   int dnssec_no_time_check;
@@ -1216,13 +1262,18 @@ extern struct daemon {
   unsigned char *duid;
   struct iovec outpacket;
   int dhcp6fd, icmp6fd;
+#  ifdef HAVE_SCRIPT
+  struct snoop_record *free_snoops;
+#  endif
 #endif
+  
   /* DBus stuff */
   /* void * here to avoid depending on dbus headers outside dbus.c */
   void *dbus;
 #ifdef HAVE_DBUS
   struct watch *watches;
 #endif
+
   /* UBus stuff */
 #ifdef HAVE_UBUS
   /* void * here to avoid depending on ubus headers outside ubus.c */
@@ -1242,12 +1293,19 @@ extern struct daemon {
 #endif
 } *daemon;
 
+struct server_details {
+  union mysockaddr *addr, *source_addr;
+  struct addrinfo *hostinfo, *orig_hostinfo;
+  char *interface, *source, *scope_id, *interface_opt;
+  int serv_port, source_port, addr_type, scope_index, valid;
+  u16 *flags;
+};
+
 /* cache.c */
 void cache_init(void);
 void next_uid(struct crec *crecp);
-void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg); 
+void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg, unsigned short type); 
 char *record_source(unsigned int index);
-char *querystr(char *desc, unsigned short type);
 int cache_find_non_terminal(char *name, time_t now);
 struct crec *cache_find_by_addr(struct crec *crecp,
 				union all_addr *addr, time_t now, 
@@ -1256,6 +1314,7 @@ struct crec *cache_find_by_name(struct crec *crecp,
 				char *name, time_t now, unsigned int prot);
 void cache_end_insert(void);
 void cache_start_insert(void);
+unsigned int cache_remove_uid(const unsigned int uid);
 int cache_recv_insert(time_t now, int fd);
 struct crec *cache_insert(char *name, union all_addr *addr, unsigned short class, 
 			  time_t now, unsigned long ttl, unsigned int flags);
@@ -1298,14 +1357,15 @@ unsigned int extract_request(struct dns_header *header, size_t qlen,
 			       char *name, unsigned short *typep);
 void setup_reply(struct dns_header *header, unsigned int flags, int ede);
 int extract_addresses(struct dns_header *header, size_t qlen, char *name,
-		      time_t now, char **ipsets, int is_sign, int check_rebind,
-		      int no_cache_dnssec, int secure, int *doctored);
+		      time_t now, struct ipsets *ipsets, struct ipsets *nftsets, int is_sign,
+                      int check_rebind, int no_cache_dnssec, int secure, int *doctored);
 #if defined(HAVE_CONNTRACK) && defined(HAVE_UBUS)
 void report_addresses(struct dns_header *header, size_t len, u32 mark);
 #endif
 size_t answer_request(struct dns_header *header, char *limit, size_t qlen,  
 		      struct in_addr local_addr, struct in_addr local_netmask, 
-		      time_t now, int ad_reqd, int do_bit, int have_pseudoheader);
+		      time_t now, int ad_reqd, int do_bit, int have_pseudoheader,
+		      int *stale);
 int check_for_bogus_wildcard(struct dns_header *header, size_t qlen, char *name, 
 			     time_t now);
 int check_for_ignored_address(struct dns_header *header, size_t qlen);
@@ -1364,11 +1424,15 @@ void *safe_malloc(size_t size);
 void safe_strncpy(char *dest, const char *src, size_t size);
 void safe_pipe(int *fd, int read_noblock);
 void *whine_malloc(size_t size);
+void *whine_realloc(void *ptr, size_t size);
 int sa_len(union mysockaddr *addr);
 int sockaddr_isequal(const union mysockaddr *s1, const union mysockaddr *s2);
+int sockaddr_isnull(const union mysockaddr *s);
+int hostname_order(const char *a, const char *b);
 int hostname_isequal(const char *a, const char *b);
 int hostname_issubdomain(char *a, char *b);
 time_t dnsmasq_time(void);
+u32 dnsmasq_milliseconds(void);
 int netmask_length(struct in_addr mask);
 int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask);
 int is_same_net_prefix(struct in_addr a, struct in_addr b, int prefix);
@@ -1412,8 +1476,9 @@ void read_servers_file(void);
 void set_option_bool(unsigned int opt);
 void reset_option_bool(unsigned int opt);
 struct hostsfile *expand_filelist(struct hostsfile *list);
-char *parse_server(char *arg, union mysockaddr *addr, 
-		   union mysockaddr *source_addr, char *interface, u16 *flags);
+char *parse_server(char *arg, struct server_details *sdetails);
+char *parse_server_addr(struct server_details *sdetails);
+int parse_server_next(struct server_details *sdetails);
 int option_read_dynfile(char *file, int flags);
 
 /* forward.c */
@@ -1428,6 +1493,7 @@ int send_from(int fd, int nowild, char *packet, size_t len,
 void resend_query(void);
 int allocate_rfd(struct randfd_list **fdlp, struct server *serv);
 void free_rfds(struct randfd_list **fdlp);
+int fast_retry(time_t now);
 
 /* network.c */
 int indextoname(int fd, int index, char *name);
@@ -1583,6 +1649,12 @@ void ipset_init(void);
 int add_to_ipset(const char *setname, const union all_addr *ipaddr, int flags, int remove);
 #endif
 
+/* nftset.c */
+#ifdef HAVE_NFTSET
+void nftset_init(void);
+int add_to_nftset(const char *setpath, const union all_addr *ipaddr, int flags, int remove);
+#endif
+
 /* pattern.c */
 #ifdef HAVE_CONNTRACK
 int is_valid_dns_name(const char *value);
@@ -1602,6 +1674,9 @@ void queue_tftp(off_t file_len, char *filename, union mysockaddr *peer);
 void queue_arp(int action, unsigned char *mac, int maclen,
 	       int family, union all_addr *addr);
 int helper_buf_empty(void);
+#ifdef HAVE_DHCP6
+void queue_relay_snoop(struct in6_addr *client, int if_index, struct in6_addr *prefix, int prefix_len);
+#endif
 #endif
 
 /* tftp.c */
@@ -1644,10 +1719,13 @@ void get_client_mac(struct in6_addr *client, int iface, unsigned char *mac,
 unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *iface_name,  
 			   struct in6_addr *fallback, struct in6_addr *ll_addr, struct in6_addr *ula_addr,
 			   size_t sz, struct in6_addr *client_addr, time_t now);
-void relay_upstream6(struct dhcp_relay *relay, ssize_t sz, struct in6_addr *peer_address, 
+int relay_upstream6(int iface_index, ssize_t sz, struct in6_addr *peer_address, 
 		     u32 scope_id, time_t now);
 
-unsigned short relay_reply6( struct sockaddr_in6 *peer, ssize_t sz, char *arrival_interface);
+int relay_reply6( struct sockaddr_in6 *peer, ssize_t sz, char *arrival_interface);
+#  ifdef HAVE_SCRIPT
+int do_snoop_script_run(void);
+#  endif
 #endif
 
 /* dhcp-common.c */
@@ -1674,7 +1752,7 @@ struct dhcp_config *find_config(struct dhcp_config *configs,
 int config_has_mac(struct dhcp_config *config, unsigned char *hwaddr, int len, int type);
 #ifdef HAVE_LINUX_NETWORK
 char *whichdevice(void);
-void bindtodevice(char *device, int fd);
+int bind_dhcp_devices(char *bound_device);
 #endif
 #  ifdef HAVE_DHCP6
 void display_opts6(void);
@@ -1735,7 +1813,11 @@ int do_poll(int timeout);
 size_t rrfilter(struct dns_header *header, size_t plen, int mode);
 u16 *rrfilter_desc(int type);
 int expand_workspace(unsigned char ***wkspc, int *szp, int new);
-
+/* modes. */
+#define RRFILTER_EDNS0   0
+#define RRFILTER_DNSSEC  1
+#define RRFILTER_A       2
+#define RRFILTER_AAAA    3
 /* edns0.c */
 unsigned char *find_pseudoheader(struct dns_header *header, size_t plen,
 				   size_t *len, unsigned char **p, int *is_sign, int *is_last);
@@ -1743,7 +1825,7 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
 			unsigned short udp_sz, int optno, unsigned char *opt, size_t optlen, int set_do, int replace);
 size_t add_do_bit(struct dns_header *header, size_t plen, unsigned char *limit);
 size_t add_edns0_config(struct dns_header *header, size_t plen, unsigned char *limit, 
-			union mysockaddr *source, time_t now, int *check_subnet, int *cacheable);
+			union mysockaddr *source, time_t now, int *cacheable);
 int check_source(struct dns_header *header, size_t plen, unsigned char *pseudoheader, union mysockaddr *peer);
 
 /* arp.c */
@@ -1753,7 +1835,10 @@ int do_arp_script_run(void);
 /* dump.c */
 #ifdef HAVE_DUMPFILE
 void dump_init(void);
-void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, union mysockaddr *dst);
+void dump_packet_udp(int mask, void *packet, size_t len, union mysockaddr *src,
+		     union mysockaddr *dst, int fd);
+void dump_packet_icmp(int mask, void *packet, size_t len, union mysockaddr *src,
+		      union mysockaddr *dst);
 #endif
 
 /* domain-match.c */
diff --git a/src/dnssec.c b/src/dnssec.c
index 153cac4..219ba9a 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -724,7 +724,8 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
       
       /* namebuff used for workspace above, restore to leave unchanged on exit */
       p = (unsigned char*)(rrset[0]);
-      extract_name(header, plen, &p, name, 1, 0);
+      if (!extract_name(header, plen, &p, name, 1, 0))
+	return STAT_BOGUS;
 
       if (key)
 	{
@@ -954,9 +955,9 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
 			  a.log.keytag = keytag;
 			  a.log.algo = algo;
 			  if (algo_digest_name(algo))
-			    log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu");
+			    log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu", 0);
 			  else
-			    log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)");
+			    log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)", 0);
 			}
 		    }
 		}
@@ -973,15 +974,18 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
       return STAT_OK;
     }
 
-  log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
+  log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY", 0);
   return STAT_BOGUS | failflags;
 }
 
 /* The DNS packet is expected to contain the answer to a DS query
-   Put all DSs in the answer which are valid into the cache.
+   Put all DSs in the answer which are valid and have hash and signature algos
+   we support into the cache.
    Also handles replies which prove that there's no DS at this location, 
    either because the zone is unsigned or this isn't a zone cut. These are
    cached too.
+   If none of the DS's are for supported algos, treat the answer as if 
+   it's a proof of no DS at this location. RFC4035 para 5.2.
    return codes:
    STAT_OK          At least one valid DS found and in cache.
    STAT_BOGUS       no DS in reply or not signed, fails validation, bad packet.
@@ -992,8 +996,8 @@ int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, ch
 int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
 {
   unsigned char *p = (unsigned char *)(header+1);
-  int qtype, qclass, rc, i, neganswer, nons, neg_ttl = 0;
-  int aclass, atype, rdlen;
+  int qtype, qclass, rc, i, neganswer, nons, neg_ttl = 0, found_supported = 0;
+  int aclass, atype, rdlen, flags;
   unsigned long ttl;
   union all_addr a;
 
@@ -1012,12 +1016,14 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
   if (STAT_ISEQUAL(rc, STAT_INSECURE))
     {
       my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"), name);
-      log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS - not secure");
+      log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS - not secure", 0);
       return STAT_BOGUS | DNSSEC_FAIL_INDET;
     }
   
   p = (unsigned char *)(header+1);
-  extract_name(header, plen, &p, name, 1, 4);
+  if (!extract_name(header, plen, &p, name, 1, 4))
+      return STAT_BOGUS;
+
   p += 4; /* qtype, qclass */
   
   /* If the key needed to validate the DS is on the same domain as the DS, we'll
@@ -1025,7 +1031,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
      from the DS's zone, and not the parent zone. */
   if (STAT_ISEQUAL(rc, STAT_NEED_KEY) && hostname_isequal(name, keyname))
     {
-      log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
+      log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS", 0);
       return STAT_BOGUS;
     }
   
@@ -1062,14 +1068,22 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
 	      algo = *p++;
 	      digest = *p++;
 	      
-	      if ((key = blockdata_alloc((char*)p, rdlen - 4)))
+	      if (!ds_digest_name(digest) || !algo_digest_name(algo))
+		{
+		  a.log.keytag = keytag;
+		  a.log.algo = algo;
+		  a.log.digest = digest;
+		  log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)", 0);
+		  neg_ttl = ttl;
+		} 
+	      else if ((key = blockdata_alloc((char*)p, rdlen - 4)))
 		{
 		  a.ds.digest = digest;
 		  a.ds.keydata = key;
 		  a.ds.algo = algo;
 		  a.ds.keytag = keytag;
 		  a.ds.keylen = rdlen - 4;
-
+		  
 		  if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))
 		    {
 		      blockdata_free(key);
@@ -1080,26 +1094,29 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
 		      a.log.keytag = keytag;
 		      a.log.algo = algo;
 		      a.log.digest = digest;
-		      if (ds_digest_name(digest) && algo_digest_name(algo))
-			log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu");
-		      else
-			log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)");
+		      log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu", 0);
+		      found_supported = 1;
 		    } 
 		}
 	      
 	      p = psave;
 	    }
+
 	  if (!ADD_RDLEN(header, p, plen, rdlen))
 	    return STAT_BOGUS; /* bad packet */
 	}
 
       cache_end_insert();
 
+      /* Fall through if no supported algo DS found. */
+      if (found_supported)
+	return STAT_OK;
     }
-  else
+  
+  flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
+  
+  if (neganswer)
     {
-      int flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
-            
       if (RCODE(header) == NXDOMAIN)
 	flags |= F_NXDOMAIN;
       
@@ -1107,17 +1124,18 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
 	 to store presence/absence of NS. */
       if (nons)
 	flags &= ~F_DNSSECOK;
-      
-      cache_start_insert();
-	  
-      /* Use TTL from NSEC for negative cache entries */
-      if (!cache_insert(name, NULL, class, now, neg_ttl, flags))
-	return STAT_BOGUS;
-      
-      cache_end_insert();  
-      
-      log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no DS/cut" : "no DS");
     }
+  
+  cache_start_insert();
+  
+  /* Use TTL from NSEC for negative cache entries */
+  if (!cache_insert(name, NULL, class, now, neg_ttl, flags))
+    return STAT_BOGUS;
+  
+  cache_end_insert();  
+  
+  if (neganswer)
+    log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no DS/cut" : "no DS", 0);
       
   return STAT_OK;
 }
@@ -1848,7 +1866,7 @@ static int zone_status(char *name, int class, char *keyname, time_t now)
    STAT_NEED_DS  need DS to complete validation (name is returned in keyname)
 
    daemon->rr_status points to a char array which corressponds to the RRs in the 
-   answer and auth sections. This is set to 1 for each RR which is validated, and 0 for any which aren't.
+   answer and auth sections. This is set to >1 for each RR which is validated, and 0 for any which aren't.
 
    When validating replies to DS records, we're only interested in the NSEC{3} RRs in the auth section.
    Other RRs in that section missing sigs will not cause am INSECURE reply. We determine this mode
@@ -1864,7 +1882,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
   int type1, class1, rdlen1 = 0, type2, class2, rdlen2, qclass, qtype, targetidx;
   int i, j, rc = STAT_INSECURE;
   int secure = STAT_SECURE;
-
+   
   /* extend rr_status if necessary */
   if (daemon->rr_status_sz < ntohs(header->ancount) + ntohs(header->nscount))
     {
@@ -1986,7 +2004,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
 	    {
 	      /* NSEC and NSEC3 records must be signed. We make this assumption elsewhere. */
 	      if (type1 == T_NSEC || type1 == T_NSEC3)
-		rc = STAT_INSECURE;
+		return STAT_BOGUS | DNSSEC_FAIL_NOSIG;
 	      else if (nons && i >= ntohs(header->ancount))
 		/* If we're validating a DS reply, rather than looking for the value of AD bit,
 		   we only care that NSEC and NSEC3 RRs in the auth section are signed. 
@@ -2000,6 +2018,7 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
 		      rc = zone_status(name, class1, keyname, now);
 		      if (STAT_ISEQUAL(rc, STAT_SECURE))
 			rc = STAT_BOGUS | DNSSEC_FAIL_NOSIG;
+		      
 		      if (class)
 			*class = class1; /* Class for NEED_DS or NEED_KEY */
 		    }
@@ -2078,36 +2097,35 @@ int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, ch
     }
 
   /* OK, all the RRsets validate, now see if we have a missing answer or CNAME target. */
-  if (STAT_ISEQUAL(secure, STAT_SECURE))
-    for (j = 0; j <targetidx; j++)
-      if ((p2 = targets[j]))
-	{
-	  if (neganswer)
-	    *neganswer = 1;
-	  
-	  if (!extract_name(header, plen, &p2, name, 1, 10))
-	    return STAT_BOGUS; /* bad packet */
-	  
-	  /* NXDOMAIN or NODATA reply, unanswered question is (name, qclass, qtype) */
-	  
-	  /* For anything other than a DS record, this situation is OK if either
-	     the answer is in an unsigned zone, or there's a NSEC records. */
-	  if (!prove_non_existence(header, plen, keyname, name, qtype, qclass, NULL, nons, nsec_ttl))
-	    {
-	      /* Empty DS without NSECS */
-	      if (qtype == T_DS)
-		return STAT_BOGUS | DNSSEC_FAIL_NONSEC;
-	      
-	      if (STAT_ISEQUAL((rc = zone_status(name, qclass, keyname, now)), STAT_SECURE))
-		{
-		  if (class)
-		    *class = qclass; /* Class for NEED_DS or NEED_KEY */
-		  return rc;
-		} 
-	      
-	      return STAT_BOGUS | DNSSEC_FAIL_NONSEC; /* signed zone, no NSECs */
-	    }
-	}
+  for (j = 0; j <targetidx; j++)
+    if ((p2 = targets[j]))
+      {
+	if (neganswer)
+	  *neganswer = 1;
+	
+	if (!extract_name(header, plen, &p2, name, 1, 10))
+	  return STAT_BOGUS; /* bad packet */
+	
+	/* NXDOMAIN or NODATA reply, unanswered question is (name, qclass, qtype) */
+	
+	/* For anything other than a DS record, this situation is OK if either
+	   the answer is in an unsigned zone, or there's a NSEC records. */
+	if (!prove_non_existence(header, plen, keyname, name, qtype, qclass, NULL, nons, nsec_ttl))
+	  {
+	    /* Empty DS without NSECS */
+	    if (qtype == T_DS)
+	      return STAT_BOGUS | DNSSEC_FAIL_NONSEC;
+	    
+	    if (!STAT_ISEQUAL((rc = zone_status(name, qclass, keyname, now)), STAT_SECURE))
+	      {
+		if (class)
+		  *class = qclass; /* Class for NEED_DS or NEED_KEY */
+		return rc;
+	      } 
+	    
+	    return STAT_BOGUS | DNSSEC_FAIL_NONSEC; /* signed zone, no NSECs */
+	  }
+      }
   
   return secure;
 }
diff --git a/src/domain-match.c b/src/domain-match.c
index f8e4796..fe8e25a 100644
--- a/src/domain-match.c
+++ b/src/domain-match.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -207,16 +207,20 @@ int lookup_domain(char *domain, int flags, int *lowout, int *highout)
 		}
 	    }
 	  
-	  if (found)
+	  if (found && filter_servers(try, flags, &nlow, &nhigh))
+	    /* We have a match, but it may only be (say) an IPv6 address, and
+	       if the query wasn't for an AAAA record, it's no good, and we need
+	       to continue generalising */
 	    {
 	      /* We've matched a setting which says to use servers without a domain.
-		 Continue the search with empty query */
-	      if (daemon->serverarray[try]->flags & SERV_USE_RESOLV)
-		crop_query = qlen;
-	      else if (filter_servers(try, flags, &nlow, &nhigh))
-		/* We have a match, but it may only be (say) an IPv6 address, and
-		   if the query wasn't for an AAAA record, it's no good, and we need
-		   to continue generalising */
+		 Continue the search with empty query. We set the F_SERVER flag
+		 so that --address=/#/... doesn't match. */
+	      if (daemon->serverarray[nlow]->flags & SERV_USE_RESOLV)
+		{
+		  crop_query = qlen;
+		  flags |= F_SERVER;
+		}
+	      else
 		break;
 	    }
 	}
@@ -273,7 +277,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
     nlow--;
   
   while (nhigh < daemon->serverarraysz-1 && order_servers(daemon->serverarray[nhigh], daemon->serverarray[nhigh+1]) == 0)
-	nhigh++;
+    nhigh++;
   
   nhigh++;
   
@@ -293,13 +297,13 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
   else
     {
       /* Now the servers are on order between low and high, in the order
-	 IPv6 addr, IPv4 addr, return zero for both, send upstream, no-data return.
+	 IPv6 addr, IPv4 addr, return zero for both, resolvconf servers, send upstream, no-data return.
 	 
 	 See which of those match our query in that priority order and narrow (low, high) */
-
+      
       for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_6ADDR); i++);
       
-      if (i != nlow && (flags & F_IPV6))
+      if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV6))
 	nhigh = i;
       else
 	{
@@ -307,7 +311,7 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
 	  
 	  for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_4ADDR); i++);
 	  
-	  if (i != nlow && (flags & F_IPV4))
+	  if (!(flags & F_SERVER) && i != nlow && (flags & F_IPV4))
 	    nhigh = i;
 	  else
 	    {
@@ -315,38 +319,46 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
 	      
 	      for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_ALL_ZEROS); i++);
 	      
-	      if (i != nlow && (flags & (F_IPV4 | F_IPV6)))
+	      if (!(flags & F_SERVER) && i != nlow && (flags & (F_IPV4 | F_IPV6)))
 		nhigh = i;
 	      else
 		{
 		  nlow = i;
 		  
-		  /* now look for a server */
-		  for (i = nlow; i < nhigh && !(daemon->serverarray[i]->flags & SERV_LITERAL_ADDRESS); i++);
-
+		  /* Short to resolv.conf servers */
+		  for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_USE_RESOLV); i++);
+		  
 		  if (i != nlow)
-		    {
-		      /* If we want a server that can do DNSSEC, and this one can't, 
-			 return nothing, similarly if were looking only for a server
-			 for a particular domain. */
-		      if ((flags & F_DNSSECOK) && !(daemon->serverarray[nlow]->flags & SERV_DO_DNSSEC))
-			nlow = nhigh;
-		      else if ((flags & F_DOMAINSRV) && daemon->serverarray[nlow]->domain_len == 0)
-			nlow = nhigh;
-		      else
-			nhigh = i;
-		    }
+		    nhigh = i;
 		  else
 		    {
-		      /* --local=/domain/, only return if we don't need a server. */
-		      if (flags & (F_DNSSECOK | F_DOMAINSRV | F_SERVER))
-			nhigh = i;
+		      /* now look for a server */
+		      for (i = nlow; i < nhigh && !(daemon->serverarray[i]->flags & SERV_LITERAL_ADDRESS); i++);
+		      
+		      if (i != nlow)
+			{
+			  /* If we want a server that can do DNSSEC, and this one can't, 
+			     return nothing, similarly if were looking only for a server
+			     for a particular domain. */
+			  if ((flags & F_DNSSECOK) && !(daemon->serverarray[nlow]->flags & SERV_DO_DNSSEC))
+			    nlow = nhigh;
+			  else if ((flags & F_DOMAINSRV) && daemon->serverarray[nlow]->domain_len == 0)
+			    nlow = nhigh;
+			  else
+			    nhigh = i;
+			}
+		      else
+			{
+			  /* --local=/domain/, only return if we don't need a server. */
+			  if (flags & (F_DNSSECOK | F_DOMAINSRV | F_SERVER))
+			    nhigh = i;
+			}
 		    }
 		}
 	    }
 	}
     }
-  
+
   *lowout = nlow;
   *highout = nhigh;
   
@@ -387,13 +399,13 @@ int is_local_answer(time_t now, int first, char *name)
 
 size_t make_local_answer(int flags, int gotname, size_t size, struct dns_header *header, char *name, char *limit, int first, int last, int ede)
 {
-  int trunc = 0;
+  int trunc = 0, anscount = 0;
   unsigned char *p;
   int start;
   union all_addr addr;
   
   if (flags & (F_NXDOMAIN | F_NOERR))
-    log_query(flags | gotname | F_NEG | F_CONFIG | F_FORWARD, name, NULL, NULL);
+    log_query(flags | gotname | F_NEG | F_CONFIG | F_FORWARD, name, NULL, NULL, 0);
 	  
   setup_reply(header, flags, ede);
 	  
@@ -410,9 +422,9 @@ size_t make_local_answer(int flags, int gotname, size_t size, struct dns_header
 	else
 	  addr.addr4 = srv->addr;
 	
-	header->ancount = htons(ntohs(header->ancount) + 1);
-	add_resource_record(header, limit, &trunc, sizeof(struct dns_header), &p, daemon->local_ttl, NULL, T_A, C_IN, "4", &addr);
-	log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV6, name, (union all_addr *)&addr, NULL);
+	if (add_resource_record(header, limit, &trunc, sizeof(struct dns_header), &p, daemon->local_ttl, NULL, T_A, C_IN, "4", &addr))
+	  anscount++;
+	log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV6, name, (union all_addr *)&addr, NULL, 0);
       }
   
   if (flags & gotname & F_IPV6)
@@ -425,14 +437,15 @@ size_t make_local_answer(int flags, int gotname, size_t size, struct dns_header
 	else
 	  addr.addr6 = srv->addr;
 	
-	header->ancount = htons(ntohs(header->ancount) + 1);
-	add_resource_record(header, limit, &trunc, sizeof(struct dns_header), &p, daemon->local_ttl, NULL, T_AAAA, C_IN, "6", &addr);
-	log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV4, name, (union all_addr *)&addr, NULL);
+	if (add_resource_record(header, limit, &trunc, sizeof(struct dns_header), &p, daemon->local_ttl, NULL, T_AAAA, C_IN, "6", &addr))
+	  anscount++;
+	log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV4, name, (union all_addr *)&addr, NULL, 0);
       }
 
   if (trunc)
     header->hb3 |= HB3_TC;
-
+  header->ancount = htons(anscount);
+  
   return p - (unsigned char *)header;
 }
 
@@ -485,7 +498,7 @@ static int order(char *qdomain, size_t qlen, struct server *serv)
   if (qlen > dlen)
     return -1;
 
-  return strcmp(qdomain, serv->domain);
+  return hostname_order(qdomain, serv->domain);
 }
 
 static int order_servers(struct server *s1, struct server *s2)
@@ -520,10 +533,10 @@ static int order_qsort(const void *a, const void *b)
   /* Sort all literal NODATA and local IPV4 or IPV6 responses together,
      in a very specific order. We flip the SERV_LITERAL_ADDRESS bit
      so the order is IPv6 literal, IPv4 literal, all-zero literal, 
-     upstream server, NXDOMAIN literal. */
+     unqualified servers, upstream server, NXDOMAIN literal. */
   if (rc == 0)
-    rc = ((s2->flags & (SERV_LITERAL_ADDRESS | SERV_4ADDR | SERV_6ADDR | SERV_ALL_ZEROS)) ^ SERV_LITERAL_ADDRESS) -
-      ((s1->flags & (SERV_LITERAL_ADDRESS | SERV_4ADDR | SERV_6ADDR | SERV_ALL_ZEROS)) ^ SERV_LITERAL_ADDRESS);
+    rc = ((s2->flags & (SERV_LITERAL_ADDRESS | SERV_4ADDR | SERV_6ADDR | SERV_USE_RESOLV | SERV_ALL_ZEROS)) ^ SERV_LITERAL_ADDRESS) -
+      ((s1->flags & (SERV_LITERAL_ADDRESS | SERV_4ADDR | SERV_6ADDR | SERV_USE_RESOLV | SERV_ALL_ZEROS)) ^ SERV_LITERAL_ADDRESS);
 
   /* Finally, order by appearance in /etc/resolv.conf etc, for --strict-order */
   if (rc == 0)
@@ -533,22 +546,53 @@ static int order_qsort(const void *a, const void *b)
   return rc;
 }
 
+
+/* When loading large numbers of server=.... lines during startup,
+   there's no possibility that there will be server records that can be reused, but
+   searching a long list for each server added grows as O(n^2) and slows things down.
+   This flag is set only if is known there may be free server records that can be reused.
+   There's a call to mark_servers(0) in read_opts() to reset the flag before
+   main config read. */
+
+static int maybe_free_servers = 0;
+
+/* Must be called before  add_update_server() to set daemon->servers_tail */
 void mark_servers(int flag)
 {
-  struct server *serv;
+  struct server *serv, *next, **up;
 
+  maybe_free_servers = !!flag;
+  
+  daemon->servers_tail = NULL;
+  
   /* mark everything with argument flag */
   for (serv = daemon->servers; serv; serv = serv->next)
-    if (serv->flags & flag)
-      serv->flags |= SERV_MARK;
-    else
-      serv->flags &= ~SERV_MARK;
+    {
+      if (serv->flags & flag)
+	serv->flags |= SERV_MARK;
+      else
+	serv->flags &= ~SERV_MARK;
 
-  for (serv = daemon->local_domains; serv; serv = serv->next)
-    if (serv->flags & flag)
-      serv->flags |= SERV_MARK;
-    else
-      serv->flags &= ~SERV_MARK;
+      daemon->servers_tail = serv;
+    }
+  
+  /* --address etc is different: since they are expected to be 
+     1) numerous and 2) not reloaded often. We just delete 
+     and recreate. */
+  if (flag)
+    for (serv = daemon->local_domains, up = &daemon->local_domains; serv; serv = next)
+      {
+	next = serv->next;
+
+	if (serv->flags & flag)
+	  {
+	    *up = next;
+	    free(serv->domain);
+	    free(serv);
+	  }
+	else 
+	  up = &serv->next;
+      }
 }
 
 void cleanup_servers(void)
@@ -556,7 +600,7 @@ void cleanup_servers(void)
   struct server *serv, *tmp, **up;
 
   /* unlink and free anything still marked. */
-  for (serv = daemon->servers, up = &daemon->servers; serv; serv = tmp) 
+  for (serv = daemon->servers, up = &daemon->servers, daemon->servers_tail = NULL; serv; serv = tmp) 
     {
       tmp = serv->next;
       if (serv->flags & SERV_MARK)
@@ -567,21 +611,11 @@ void cleanup_servers(void)
 	 free(serv);
        }
       else 
-       up = &serv->next;
+	{
+	  up = &serv->next;
+	  daemon->servers_tail = serv;
+	}
     }
-  
- for (serv = daemon->local_domains, up = &daemon->local_domains; serv; serv = tmp) 
-   {
-     tmp = serv->next;
-      if (serv->flags & SERV_MARK)
-       {
-	 *up = serv->next;
-	 free(serv->domain);
-	 free(serv);
-       }
-      else 
-	up = &serv->next;
-   }
 }
 
 int add_update_server(int flags,
@@ -609,82 +643,95 @@ int add_update_server(int flags,
   
   if (*domain == 0)
     alloc_domain = whine_malloc(1);
-  else if (!(alloc_domain = canonicalise((char *)domain, NULL)))
+  else
+    alloc_domain = canonicalise((char *)domain, NULL);
+
+  if (!alloc_domain)
     return 0;
-  
-  /* See if there is a suitable candidate, and unmark
-     only do this for forwarding servers, not 
-     address or local, to avoid delays on large numbers. */
+
   if (flags & SERV_IS_LOCAL)
-    for (serv = daemon->servers; serv; serv = serv->next)
-      if ((serv->flags & SERV_MARK) &&
-	  hostname_isequal(alloc_domain, serv->domain))
-	break;
-  
-  if (serv)
-    {
-      free(alloc_domain);
-      alloc_domain = serv->domain;
-    }
-  else
     {
       size_t size;
-
-      if (flags & SERV_LITERAL_ADDRESS)
-	{
-	  if (flags & SERV_6ADDR)
-	    size = sizeof(struct serv_addr6);
-	  else if (flags & SERV_4ADDR)
-	    size = sizeof(struct serv_addr4);
-	  else
-	    size = sizeof(struct serv_local);
-	}
+      
+      if (flags & SERV_6ADDR)
+	size = sizeof(struct serv_addr6);
+      else if (flags & SERV_4ADDR)
+	size = sizeof(struct serv_addr4);
       else
-	size = sizeof(struct server);
+	size = sizeof(struct serv_local);
       
       if (!(serv = whine_malloc(size)))
-	return 0;
+	{
+	  free(alloc_domain);
+	  return 0;
+	}
+      
+      serv->next = daemon->local_domains;
+      daemon->local_domains = serv;
       
-      if (flags & SERV_IS_LOCAL)
+      if (flags & SERV_4ADDR)
+	((struct serv_addr4*)serv)->addr = local_addr->addr4;
+      
+      if (flags & SERV_6ADDR)
+	((struct serv_addr6*)serv)->addr = local_addr->addr6;
+    }
+  else
+    { 
+      /* Upstream servers. See if there is a suitable candidate, if so unmark
+	 and move to the end of the list, for order. The entry found may already
+	 be at the end. */
+      struct server **up, *tmp;
+
+      serv = NULL;
+      
+      if (maybe_free_servers)
+	for (serv = daemon->servers, up = &daemon->servers; serv; serv = tmp)
+	  {
+	    tmp = serv->next;
+	    if ((serv->flags & SERV_MARK) &&
+		hostname_isequal(alloc_domain, serv->domain))
+	      {
+		/* Need to move down? */
+		if (serv->next)
+		  {
+		    *up = serv->next;
+		    daemon->servers_tail->next = serv;
+		    daemon->servers_tail = serv;
+		    serv->next = NULL;
+		  }
+		break;
+	      }
+	    else
+	      up = &serv->next;
+	  }
+      
+      if (serv)
 	{
-	  serv->next = daemon->local_domains;
-	  daemon->local_domains = serv;
+	  free(alloc_domain);
+	  alloc_domain = serv->domain;
 	}
       else
 	{
-	  struct server *s;
-	  /* Add to the end of the chain, for order */
-	  if (!daemon->servers)
-	    daemon->servers = serv;
-	  else
+	  if (!(serv = whine_malloc(sizeof(struct server))))
 	    {
-	      for (s = daemon->servers; s->next; s = s->next);
-	      s->next = serv;
+	      free(alloc_domain);
+	      return 0;
 	    }
 	  
-	  serv->next = NULL;
+	  memset(serv, 0, sizeof(struct server));
+	  
+	  /* Add to the end of the chain, for order */
+	  if (daemon->servers_tail)
+	    daemon->servers_tail->next = serv;
+	  else
+	    daemon->servers = serv;
+	  daemon->servers_tail = serv;
 	}
-    }
-  
-  if (!(flags & SERV_IS_LOCAL))
-    memset(serv, 0, sizeof(struct server));
-  
-  serv->flags = flags;
-  serv->domain = alloc_domain;
-  serv->domain_len = strlen(alloc_domain);
-  
-  if (flags & SERV_4ADDR)
-    ((struct serv_addr4*)serv)->addr = local_addr->addr4;
-
-  if (flags & SERV_6ADDR)
-    ((struct serv_addr6*)serv)->addr = local_addr->addr6;
-  
-  if (!(flags & SERV_IS_LOCAL))
-    {
+      
 #ifdef HAVE_LOOP
       serv->uid = rand32();
 #endif      
-      
+	  
       if (interface)
 	safe_strncpy(serv->interface, interface, sizeof(serv->interface));
       if (addr)
@@ -692,7 +739,11 @@ int add_update_server(int flags,
       if (source_addr)
 	serv->source_addr = *source_addr;
     }
-
+    
+  serv->flags = flags;
+  serv->domain = alloc_domain;
+  serv->domain_len = strlen(alloc_domain);
+  
   return 1;
 }
 
diff --git a/src/domain.c b/src/domain.c
index 91e0f22..a893ce5 100644
--- a/src/domain.c
+++ b/src/domain.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -230,9 +230,17 @@ int is_rev_synth(int flag, union all_addr *addr, char *name)
 
 static int match_domain(struct in_addr addr, struct cond_domain *c)
 {
-  if (!c->is6 &&
-      ntohl(addr.s_addr) >= ntohl(c->start.s_addr) &&
-      ntohl(addr.s_addr) <= ntohl(c->end.s_addr))
+  if (c->interface)
+    {
+      struct addrlist *al;
+      for (al = c->al; al; al = al->next)
+	if (!(al->flags & ADDRLIST_IPV6) &&
+	    is_same_net_prefix(addr, al->addr.addr4, al->prefixlen))
+	  return 1;
+    }
+  else if (!c->is6 &&
+	   ntohl(addr.s_addr) >= ntohl(c->start.s_addr) &&
+	   ntohl(addr.s_addr) <= ntohl(c->end.s_addr))
     return 1;
 
   return 0;
@@ -259,12 +267,21 @@ char *get_domain(struct in_addr addr)
 
 static int match_domain6(struct in6_addr *addr, struct cond_domain *c)
 {
-  u64 addrpart = addr6part(addr);
-  
-  if (c->is6)
+    
+  /* subnet from interface address. */
+  if (c->interface)
+    {
+      struct addrlist *al;
+      for (al = c->al; al; al = al->next)
+	if (al->flags & ADDRLIST_IPV6 &&
+	    is_same_net6(addr, &al->addr.addr6, al->prefixlen))
+	  return 1;
+    }
+  else if (c->is6)
     {
       if (c->prefixlen >= 64)
 	{
+	  u64 addrpart = addr6part(addr);
 	  if (is_same_net6(addr, &c->start6, 64) &&
 	      addrpart >= addr6part(&c->start6) &&
 	      addrpart <= addr6part(&c->end6))
@@ -273,7 +290,7 @@ static int match_domain6(struct in6_addr *addr, struct cond_domain *c)
       else if (is_same_net6(addr, &c->start6, c->prefixlen))
 	return 1;
     }
-
+    
   return 0;
 }
 
diff --git a/src/dump.c b/src/dump.c
index c131953..57352a9 100644
--- a/src/dump.c
+++ b/src/dump.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -18,7 +18,11 @@
 
 #ifdef HAVE_DUMPFILE
 
+#include <netinet/icmp6.h>
+
 static u32 packet_count;
+static void do_dump_packet(int mask, void *packet, size_t len,
+			   union mysockaddr *src, union mysockaddr *dst, int port, int proto);
 
 /* https://wiki.wireshark.org/Development/LibpcapFileFormat */
 struct pcap_hdr_s {
@@ -79,7 +83,45 @@ void dump_init(void)
     }
 }
 
-void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, union mysockaddr *dst)
+void dump_packet_udp(int mask, void *packet, size_t len,
+		     union mysockaddr *src, union mysockaddr *dst, int fd)
+{
+  union mysockaddr fd_addr;
+  socklen_t addr_len = sizeof(fd_addr);
+
+  if (daemon->dumpfd != -1 && (mask & daemon->dump_mask))
+     {
+       /* if fd is negative it carries a port number (negated) 
+	  which we use as a source or destination when not otherwise
+	  specified so wireshark can ID the packet. 
+	  If both src and dst are specified, set this to -1 to avoid
+	  a spurious getsockname() call. */
+       int port = (fd < 0) ? -fd : -1;
+       
+       /* fd >= 0 is a file descriptor and the address of that file descriptor is used
+	  in place of a NULL src or dst. */
+       if (fd >= 0 && getsockname(fd, (struct sockaddr *)&fd_addr, &addr_len) != -1)
+	 {
+	   if (!src)
+	     src = &fd_addr;
+	   
+	   if (!dst)
+	     dst = &fd_addr;
+	 }
+       
+       do_dump_packet(mask, packet, len, src, dst, port, IPPROTO_UDP);
+     }
+}
+
+void dump_packet_icmp(int mask, void *packet, size_t len,
+		      union mysockaddr *src, union mysockaddr *dst)
+{
+  if (daemon->dumpfd != -1 && (mask & daemon->dump_mask))
+    do_dump_packet(mask, packet, len, src, dst, -1, IPPROTO_ICMP);
+}
+
+static void do_dump_packet(int mask, void *packet, size_t len,
+			   union mysockaddr *src, union mysockaddr *dst, int port, int proto)
 {
   struct ip ip;
   struct ip6_hdr ip6;
@@ -96,13 +138,14 @@ void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, unio
   void *iphdr;
   size_t ipsz;
   int rc;
+     
+  /* if port != -1 it carries a port number 
+     which we use as a source or destination when not otherwise
+     specified so wireshark can ID the packet. 
+     If both src and dst are specified, set this to -1 to avoid
+     a spurious getsockname() call. */
+  udp.uh_sport = udp.uh_dport = htons(port < 0 ? 0 : port);
   
-  if (daemon->dumpfd == -1 || !(mask & daemon->dump_mask))
-    return;
-  
-  /* So wireshark can Id the packet. */
-  udp.uh_sport = udp.uh_dport = htons(NAMESERVER_PORT);
-
   if (src)
     family = src->sa.sa_family;
   else
@@ -115,10 +158,16 @@ void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, unio
       memset(&ip6, 0, sizeof(ip6));
       
       ip6.ip6_vfc = 6 << 4;
-      ip6.ip6_plen = htons(sizeof(struct udphdr) + len);
-      ip6.ip6_nxt = IPPROTO_UDP;
       ip6.ip6_hops = 64;
 
+      if ((ip6.ip6_nxt = proto) == IPPROTO_UDP)
+	ip6.ip6_plen = htons(sizeof(struct udphdr) + len);
+      else
+	{
+	  proto = ip6.ip6_nxt = IPPROTO_ICMPV6;
+	  ip6.ip6_plen = htons(len);
+	}
+      
       if (src)
 	{
 	  memcpy(&ip6.ip6_src, &src->in6.sin6_addr, IN6ADDRSZ);
@@ -134,9 +183,8 @@ void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, unio
       /* start UDP checksum */
       for (sum = 0, i = 0; i < IN6ADDRSZ; i+=2)
 	{
-	  sum += ip6.ip6_src.s6_addr[i] + (ip6.ip6_src.s6_addr[i+1] << 8) ;
-	  sum += ip6.ip6_dst.s6_addr[i] + (ip6.ip6_dst.s6_addr[i+1] << 8) ;
-	  
+	  sum += ntohs((ip6.ip6_src.s6_addr[i] << 8) + (ip6.ip6_src.s6_addr[i+1])) ;
+	  sum += ntohs((ip6.ip6_dst.s6_addr[i] << 8) + (ip6.ip6_dst.s6_addr[i+1])) ; 
 	}
     }
   else
@@ -147,9 +195,15 @@ void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, unio
       
       ip.ip_v = IPVERSION;
       ip.ip_hl = sizeof(struct ip) / 4;
-      ip.ip_len = htons(sizeof(struct ip) + sizeof(struct udphdr) + len); 
       ip.ip_ttl = IPDEFTTL;
-      ip.ip_p = IPPROTO_UDP;
+
+      if ((ip.ip_p = proto) == IPPROTO_UDP)
+	ip.ip_len = htons(sizeof(struct ip) + sizeof(struct udphdr) + len);
+      else
+	{
+	  ip.ip_len = htons(sizeof(struct ip) + len);
+	  proto = ip.ip_p = IPPROTO_ICMP;
+	}
       
       if (src)
 	{
@@ -170,7 +224,7 @@ void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, unio
 	sum = (sum & 0xffff) + (sum >> 16);  
       ip.ip_sum = (sum == 0xffff) ? sum : ~sum;
       
-      /* start UDP checksum */
+      /* start UDP/ICMP checksum */
       sum = ip.ip_src.s_addr & 0xffff;
       sum += (ip.ip_src.s_addr >> 16) & 0xffff;
       sum += ip.ip_dst.s_addr & 0xffff;
@@ -180,31 +234,61 @@ void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, unio
   if (len & 1)
     ((unsigned char *)packet)[len] = 0; /* for checksum, in case length is odd. */
 
-  udp.uh_sum = 0;
-  udp.uh_ulen = htons(sizeof(struct udphdr) + len);
-  sum += htons(IPPROTO_UDP);
-  sum += htons(sizeof(struct udphdr) + len);
-  for (i = 0; i < sizeof(struct udphdr)/2; i++)
-    sum += ((u16 *)&udp)[i];
-  for (i = 0; i < (len + 1) / 2; i++)
-    sum += ((u16 *)packet)[i];
-  while (sum >> 16)
-    sum = (sum & 0xffff) + (sum >> 16);
-  udp.uh_sum = (sum == 0xffff) ? sum : ~sum;
+  if (proto == IPPROTO_UDP)
+    {
+      /* Add Remaining part of the pseudoheader. Note that though the
+	 IPv6 pseudoheader is very different to the IPv4 one, the 
+	 net result of this calculation is correct as long as the 
+	 packet length is less than 65536, which is fine for us. */
+      sum += htons(IPPROTO_UDP);
+      sum += htons(sizeof(struct udphdr) + len);
+      
+      udp.uh_sum = 0;
+      udp.uh_ulen = htons(sizeof(struct udphdr) + len);
+      
+      for (i = 0; i < sizeof(struct udphdr)/2; i++)
+	sum += ((u16 *)&udp)[i];
+      for (i = 0; i < (len + 1) / 2; i++)
+	sum += ((u16 *)packet)[i];
+      while (sum >> 16)
+	sum = (sum & 0xffff) + (sum >> 16);
+      udp.uh_sum = (sum == 0xffff) ? sum : ~sum;
 
+      pcap_header.incl_len = pcap_header.orig_len = ipsz + sizeof(udp) + len;
+    }
+  else
+    {
+      /* ICMP - ICMPv6 packet is a superset of ICMP */
+      struct icmp6_hdr *icmp = packet;
+      
+      /* See comment in UDP code above. */
+      sum += htons(proto);
+      sum += htons(len);
+      
+      icmp->icmp6_cksum = 0;
+      for (i = 0; i < (len + 1) / 2; i++)
+	sum += ((u16 *)packet)[i];
+      while (sum >> 16)
+	sum = (sum & 0xffff) + (sum >> 16);
+      icmp->icmp6_cksum = (sum == 0xffff) ? sum : ~sum;
+
+      pcap_header.incl_len = pcap_header.orig_len = ipsz + len;
+    }
+    
   rc = gettimeofday(&time, NULL);
   pcap_header.ts_sec = time.tv_sec;
   pcap_header.ts_usec = time.tv_usec;
-  pcap_header.incl_len = pcap_header.orig_len = ipsz + sizeof(udp) + len;
   
   if (rc == -1 ||
       !read_write(daemon->dumpfd, (void *)&pcap_header, sizeof(pcap_header), 0) ||
       !read_write(daemon->dumpfd, iphdr, ipsz, 0) ||
-      !read_write(daemon->dumpfd, (void *)&udp, sizeof(udp), 0) ||
+      (proto == IPPROTO_UDP && !read_write(daemon->dumpfd, (void *)&udp, sizeof(udp), 0)) ||
       !read_write(daemon->dumpfd, (void *)packet, len, 0))
     my_syslog(LOG_ERR, _("failed to write packet dump"));
+  else if (option_bool(OPT_EXTRALOG))
+    my_syslog(LOG_INFO, _("%u dumping packet %u mask 0x%04x"),  daemon->log_display_id, ++packet_count, mask);
   else
-    my_syslog(LOG_INFO, _("dumping UDP packet %u mask 0x%04x"), ++packet_count, mask);
+    my_syslog(LOG_INFO, _("dumping packet %u mask 0x%04x"), ++packet_count, mask);
 
 }
 
diff --git a/src/edns0.c b/src/edns0.c
index 7bd26b8..c498eb1 100644
--- a/src/edns0.c
+++ b/src/edns0.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -178,7 +178,7 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l
 	    memcpy(buff, datap, rdlen);	      
 	  
 	  /* now, delete OPT RR */
-	  plen = rrfilter(header, plen, 0);
+	  plen = rrfilter(header, plen, RRFILTER_EDNS0);
 	  
 	  /* Now, force addition of a new one */
 	  p = NULL;	  
@@ -264,44 +264,62 @@ static void encoder(unsigned char *in, char *out)
   out[3] = char64(in[2]);
 }
 
+/* OPT_ADD_MAC = MAC is added (if available)
+   OPT_ADD_MAC + OPT_STRIP_MAC = MAC is replaced, if not available, it is only removed
+   OPT_STRIP_MAC = MAC is removed */
 static size_t add_dns_client(struct dns_header *header, size_t plen, unsigned char *limit,
 			     union mysockaddr *l3, time_t now, int *cacheablep)
 {
-  int maclen, replace = 2; /* can't get mac address, just delete any incoming. */
+  int replace = 0, maclen = 0;
   unsigned char mac[DHCP_CHADDR_MAX];
-  char encode[18]; /* handle 6 byte MACs */
+  char encode[18]; /* handle 6 byte MACs ONLY */
 
-  if ((maclen = find_mac(l3, mac, 1, now)) == 6)
+  if ((option_bool(OPT_MAC_B64) || option_bool(OPT_MAC_HEX)) && (maclen = find_mac(l3, mac, 1, now)) == 6)
     {
-      replace = 1;
-      *cacheablep = 0;
-
-      if (option_bool(OPT_MAC_HEX))
-	print_mac(encode, mac, maclen);
-      else
-	{
-	  encoder(mac, encode);
-	  encoder(mac+3, encode+4);
-	  encode[8] = 0;
-	}
+      if (option_bool(OPT_STRIP_MAC))
+	 replace = 1;
+       *cacheablep = 0;
+    
+       if (option_bool(OPT_MAC_HEX))
+	 print_mac(encode, mac, maclen);
+       else
+	 {
+	   encoder(mac, encode);
+	   encoder(mac+3, encode+4);
+	   encode[8] = 0;
+	 }
     }
+  else if (option_bool(OPT_STRIP_MAC))
+    replace = 2;
+
+  if (replace != 0 || maclen == 6)
+    plen = add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_NOMDEVICEID, (unsigned char *)encode, strlen(encode), 0, replace);
 
-  return add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_NOMDEVICEID, (unsigned char *)encode, strlen(encode), 0, replace); 
+  return plen;
 }
 
 
+/* OPT_ADD_MAC = MAC is added (if available)
+   OPT_ADD_MAC + OPT_STRIP_MAC = MAC is replaced, if not available, it is only removed
+   OPT_STRIP_MAC = MAC is removed */
 static size_t add_mac(struct dns_header *header, size_t plen, unsigned char *limit,
 		      union mysockaddr *l3, time_t now, int *cacheablep)
 {
-  int maclen;
+  int maclen = 0, replace = 0;
   unsigned char mac[DHCP_CHADDR_MAX];
-
-  if ((maclen = find_mac(l3, mac, 1, now)) != 0)
+    
+  if (option_bool(OPT_ADD_MAC) && (maclen = find_mac(l3, mac, 1, now)) != 0)
     {
       *cacheablep = 0;
-      plen = add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_MAC, mac, maclen, 0, 0); 
+      if (option_bool(OPT_STRIP_MAC))
+	replace = 1;
     }
+  else if (option_bool(OPT_STRIP_MAC))
+    replace = 2;
   
+  if (replace != 0 || maclen != 0)
+    plen = add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_MAC, mac, maclen, 0, replace);
+
   return plen; 
 }
 
@@ -378,15 +396,29 @@ static size_t calc_subnet_opt(struct subnet_opt *opt, union mysockaddr *source,
   return len + 4;
 }
  
-static size_t add_source_addr(struct dns_header *header, size_t plen, unsigned char *limit, union mysockaddr *source, int *cacheable)
+/* OPT_CLIENT_SUBNET = client subnet is added
+   OPT_CLIENT_SUBNET + OPT_STRIP_ECS = client subnet is replaced
+   OPT_STRIP_ECS = client subnet is removed */
+static size_t add_source_addr(struct dns_header *header, size_t plen, unsigned char *limit,
+			      union mysockaddr *source, int *cacheable)
 {
   /* http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-02 */
   
-  int len;
+  int replace = 0, len = 0;
   struct subnet_opt opt;
   
-  len = calc_subnet_opt(&opt, source, cacheable);
-  return add_pseudoheader(header, plen, (unsigned char *)limit, PACKETSZ, EDNS0_OPTION_CLIENT_SUBNET, (unsigned char *)&opt, len, 0, 0);
+  if (option_bool(OPT_CLIENT_SUBNET))
+    {
+      if (option_bool(OPT_STRIP_ECS))
+	replace = 1;
+      len = calc_subnet_opt(&opt, source, cacheable);
+    }
+  else if (option_bool(OPT_STRIP_ECS))
+    replace = 2;
+  else
+    return plen;
+
+  return add_pseudoheader(header, plen, (unsigned char *)limit, PACKETSZ, EDNS0_OPTION_CLIENT_SUBNET, (unsigned char *)&opt, len, 0, replace);
 }
 
 int check_source(struct dns_header *header, size_t plen, unsigned char *pseudoheader, union mysockaddr *peer)
@@ -460,47 +492,45 @@ static size_t add_umbrella_opt(struct dns_header *header, size_t plen, unsigned
 
   struct umbrella_opt opt = {{"ODNS"}, UMBRELLA_VERSION, 0, {}};
   u8 *u = &opt.fields[0];
-
-  if (daemon->umbrella_org) {
-    PUTSHORT(UMBRELLA_ORG, u);
-    PUTLONG(daemon->umbrella_org, u);
-  }
-
   int family = source->sa.sa_family;
-  PUTSHORT(family == AF_INET ? UMBRELLA_IPV4 : UMBRELLA_IPV6, u);
   int size = family == AF_INET ? INADDRSZ : IN6ADDRSZ;
+
+  if (daemon->umbrella_org)
+    {
+      PUTSHORT(UMBRELLA_ORG, u);
+      PUTLONG(daemon->umbrella_org, u);
+    }
+  
+  PUTSHORT(family == AF_INET ? UMBRELLA_IPV4 : UMBRELLA_IPV6, u);
   memcpy(u, get_addrp(source, family), size);
   u += size;
+  
+  if (option_bool(OPT_UMBRELLA_DEVID))
+    {
+      PUTSHORT(UMBRELLA_DEVICE, u);
+      memcpy(u, (char *)&daemon->umbrella_device, UMBRELLA_DEVICESZ);
+      u += UMBRELLA_DEVICESZ;
+    }
 
-  if (option_bool(OPT_UMBRELLA_DEVID)) {
-    PUTSHORT(UMBRELLA_DEVICE, u);
-    memcpy(u, (char *)&daemon->umbrella_device, UMBRELLA_DEVICESZ);
-    u += UMBRELLA_DEVICESZ;
-  }
-
-  if (daemon->umbrella_asset) {
-    PUTSHORT(UMBRELLA_ASSET, u);
-    PUTLONG(daemon->umbrella_asset, u);
-  }
-
-  int len = u - &opt.magic[0];
-  return add_pseudoheader(header, plen, (unsigned char *)limit, PACKETSZ, EDNS0_OPTION_UMBRELLA, (unsigned char *)&opt, len, 0, 1);
+  if (daemon->umbrella_asset)
+    {
+      PUTSHORT(UMBRELLA_ASSET, u);
+      PUTLONG(daemon->umbrella_asset, u);
+    }
+  
+  return add_pseudoheader(header, plen, (unsigned char *)limit, PACKETSZ, EDNS0_OPTION_UMBRELLA, (unsigned char *)&opt, u - (u8 *)&opt, 0, 1);
 }
 
 /* Set *check_subnet if we add a client subnet option, which needs to checked 
    in the reply. Set *cacheable to zero if we add an option which the answer
    may depend on. */
 size_t add_edns0_config(struct dns_header *header, size_t plen, unsigned char *limit, 
-			union mysockaddr *source, time_t now, int *check_subnet, int *cacheable)    
+			union mysockaddr *source, time_t now, int *cacheable)    
 {
-  *check_subnet = 0;
   *cacheable = 1;
   
-  if (option_bool(OPT_ADD_MAC))
-    plen  = add_mac(header, plen, limit, source, now, cacheable);
-  
-  if (option_bool(OPT_MAC_B64) || option_bool(OPT_MAC_HEX))
-    plen = add_dns_client(header, plen, limit, source, now, cacheable);
+  plen  = add_mac(header, plen, limit, source, now, cacheable);
+  plen = add_dns_client(header, plen, limit, source, now, cacheable);
   
   if (daemon->dns_client_id)
     plen = add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_NOMCPEID, 
@@ -509,11 +539,7 @@ size_t add_edns0_config(struct dns_header *header, size_t plen, unsigned char *l
   if (option_bool(OPT_UMBRELLA))
     plen = add_umbrella_opt(header, plen, limit, source, cacheable);
   
-  if (option_bool(OPT_CLIENT_SUBNET))
-    {
-      plen = add_source_addr(header, plen, limit, source, cacheable); 
-      *check_subnet = 1;
-    }
-	  
+  plen = add_source_addr(header, plen, limit, source, cacheable);
+  	  
   return plen;
 }
diff --git a/src/forward.c b/src/forward.c
index 3d638e4..0f03818 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -19,6 +19,9 @@
 static struct frec *get_new_frec(time_t now, struct server *serv, int force);
 static struct frec *lookup_frec(unsigned short id, int fd, void *hash, int *firstp, int *lastp);
 static struct frec *lookup_frec_by_query(void *hash, unsigned int flags, unsigned int flagmask);
+#ifdef HAVE_DNSSEC
+static struct frec *lookup_frec_dnssec(char *target, int class, int flags, struct dns_header *header);
+#endif
 
 static unsigned short get_id(void);
 static void free_frec(struct frec *f);
@@ -119,12 +122,20 @@ static void set_outgoing_mark(struct frec *forward, int fd)
 }
 #endif
 
-static void log_query_mysockaddr(unsigned int flags, char *name, union mysockaddr *addr, char *arg)
+static void log_query_mysockaddr(unsigned int flags, char *name, union mysockaddr *addr, char *arg, unsigned short type)
 {
   if (addr->sa.sa_family == AF_INET)
-    log_query(flags | F_IPV4, name, (union all_addr *)&addr->in.sin_addr, arg);
+    {
+      if (flags & F_SERVER)
+	type = ntohs(addr->in.sin_port);
+      log_query(flags | F_IPV4, name, (union all_addr *)&addr->in.sin_addr, arg, type);
+    }
   else
-    log_query(flags | F_IPV6, name, (union all_addr *)&addr->in6.sin6_addr, arg);
+    {
+      if (flags & F_SERVER)
+	type = ntohs(addr->in6.sin6_port);
+      log_query(flags | F_IPV6, name, (union all_addr *)&addr->in6.sin6_addr, arg, type);
+    }
 }
 
 static void server_send(struct server *server, int fd,
@@ -135,46 +146,42 @@ static void server_send(struct server *server, int fd,
 			   sa_len(&server->addr))));
 }
 
-#ifdef HAVE_DNSSEC
-static void server_send_log(struct server *server, int fd,
-			const void *header, size_t plen, int dumpflags,
-			unsigned int logflags, char *name, char *arg)
-{
-#ifdef HAVE_DUMPFILE
-	  dump_packet(dumpflags, (void *)header, (size_t)plen, NULL, &server->addr);
-#endif
-	  log_query_mysockaddr(logflags, name, &server->addr, arg);
-	  server_send(server, fd, header, plen, 0);
-}
-#endif
-
 static int domain_no_rebind(char *domain)
 {
-  struct server *serv;
-  int dlen = (int)strlen(domain);
-  
-  for (serv = daemon->no_rebind; serv; serv = serv->next)
-    if (dlen >= serv->domain_len && strcmp(serv->domain, &domain[dlen - serv->domain_len]) == 0)
+  struct rebind_domain *rbd;
+  size_t tlen, dlen = strlen(domain);
+  char *dots = strchr(domain, '.');
+
+  /* Match whole labels only. Empty domain matches no dots (any single label) */
+  for (rbd = daemon->no_rebind; rbd; rbd = rbd->next)
+    {
+      if (dlen >= (tlen = strlen(rbd->domain)) &&
+	hostname_isequal(rbd->domain, &domain[dlen - tlen]) &&
+	(dlen == tlen || domain[dlen - tlen - 1] == '.'))
       return 1;
 
+      if (tlen == 0 && !dots)
+	return 1;
+    }
+  
   return 0;
 }
 
 static int forward_query(int udpfd, union mysockaddr *udpaddr,
 			 union all_addr *dst_addr, unsigned int dst_iface,
 			 struct dns_header *header, size_t plen,  char *limit, time_t now, 
-			 struct frec *forward, int ad_reqd, int do_bit)
+			 struct frec *forward, int ad_reqd, int do_bit, int fast_retry)
 {
   unsigned int flags = 0;
   unsigned int fwd_flags = 0;
   int is_dnssec = forward && (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY));
   struct server *master;
-  unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
   void *hash = hash_questions(header, plen, daemon->namebuff);
+  unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
   unsigned char *oph = find_pseudoheader(header, plen, NULL, NULL, NULL, NULL);
-  int old_src = 0;
+  int old_src = 0, old_reply = 0;
   int first, last, start = 0;
-  int subnet, cacheable, forwarded = 0;
+  int cacheable, forwarded = 0;
   size_t edns0_len;
   unsigned char *pheader;
   int ede = EDE_UNSET;
@@ -198,7 +205,10 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
      Similarly FREC_NO_CACHE is never set in flags, so a query which is
      contigent on a particular source address EDNS0 option will never be matched. */
   if (forward)
-    old_src = 1;
+    {
+      old_src = 1;
+      old_reply = 1;
+    }
   else if ((forward = lookup_frec_by_query(hash, fwd_flags,
 					   FREC_CHECKING_DISABLED | FREC_AD_QUESTION | FREC_DO_QUESTION |
 					   FREC_HAS_PHEADER | FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_NO_CACHE)))
@@ -211,7 +221,11 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 	  break;
       
       if (src)
-	old_src = 1;
+	{
+	  old_src = 1;
+	  /* If a query is retried, use the log_id for the retry when logging the answer. */
+	  src->log_id = daemon->log_id;
+	}
       else
 	{
 	  /* Existing query, but from new source, just add this 
@@ -230,6 +244,14 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 	  if (!daemon->free_frec_src)
 	    {
 	      query_full(now, NULL);
+	      /* This is tricky; if we're blasted with the same query
+		 over and over, we'll end up taking this path each time
+		 and never resetting until the frec gets deleted by
+		 aging followed by the receipt of a different query. This
+		 is a bit of a DoS vuln. Avoid by explicitly deleting the
+		 frec once it expires. */
+	      if (difftime(now, forward->time) >= TIMEOUT)
+		free_frec(forward);
 	      goto reply;
 	    }
 	  
@@ -255,6 +277,15 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
   /* new query */
   if (!forward)
     {
+      /* If the query is malformed, we can't forward it because
+	 we can't get a reliable hash to recognise the answer. */
+      if (!hash)
+	{
+	  flags = 0;
+	  ede = EDE_INVALID_DATA;
+	  goto reply;
+	}
+      
       if (lookup_domain(daemon->namebuff, gotname, &first, &last))
 	flags = is_local_answer(now, first, daemon->namebuff);
       else
@@ -282,6 +313,14 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 	goto reply;
       /* table full - flags == 0, return REFUSED */
       
+      /* Keep copy of query if we're doing fast retry. */
+      if (daemon->fast_retry_time != 0)
+	{
+	  forward->stash = blockdata_alloc((char *)header, plen);
+	  forward->stash_len = plen;
+	}
+      
+      forward->frec_src.log_id = daemon->log_id;
       forward->frec_src.source = *udpaddr;
       forward->frec_src.orig_id = ntohs(header->id);
       forward->frec_src.dest = *dst_addr;
@@ -325,18 +364,20 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
     }
   else
     {
-      /* retry on existing query, from original source. Send to all available servers  */
 #ifdef HAVE_DNSSEC
       /* If we've already got an answer to this query, but we're awaiting keys for validation,
 	 there's no point retrying the query, retry the key query instead...... */
-      if (forward->blocking_query)
+      while (forward->blocking_query)
+	forward = forward->blocking_query;
+
+      if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY))
 	{
 	  int is_sign;
 	  unsigned char *pheader;
 	  
-	  while (forward->blocking_query)
-	    forward = forward->blocking_query;
-	   
+	  /* log_id should match previous DNSSEC query. */
+	  daemon->log_display_id = forward->frec_src.log_id;
+	  
 	  blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
 	  plen = forward->stash_len;
 	  /* get query for logging. */
@@ -356,7 +397,10 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 #endif
 	{
 	  /* retry on existing query, from original source. Send to all available servers  */
-	  forward->sentto->failed_queries++;
+	  if (udpfd == -1 && !fast_retry)
+	    forward->sentto->failed_queries++;
+	  else
+	    forward->sentto->retrys++;
 	  
 	  if (!filter_servers(forward->sentto->arrayposn, F_SERVER, &first, &last))
 	    goto reply;
@@ -364,20 +408,29 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 	  master = daemon->serverarray[first];
 	  
 	  /* Forward to all available servers on retry of query from same host. */
-	  if (!option_bool(OPT_ORDER) && old_src)
+	  if (!option_bool(OPT_ORDER) && old_src && !fast_retry)
 	    forward->forwardall = 1;
 	  else
 	    {
 	      start = forward->sentto->arrayposn;
 	      
-	      if (option_bool(OPT_ORDER))
+	      if (option_bool(OPT_ORDER) && !fast_retry)
 		{
 		  /* In strict order mode, there must be a server later in the list
 		     left to send to, otherwise without the forwardall mechanism,
 		     code further on will cycle around the list forwever if they
-		     all return REFUSED. If at the last, give up. */
+		     all return REFUSED. If at the last, give up.
+		     Note that we can get here EITHER because a client retried,
+		     or an upstream server returned REFUSED. The above only
+		     applied in the later case. For client retries,
+		     keep trying the last server.. */
 		  if (++start == last)
-		    goto reply;
+		    {
+		      if (old_reply)
+			goto reply;
+		      else
+			start--;
+		    }
 		}
 	    }	  
 	}
@@ -389,18 +442,12 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
       forward->flags |= FREC_TEST_PKTSZ;
     }
 
-  /* If a query is retried, use the log_id for the retry when logging the answer. */
-  forward->frec_src.log_id = daemon->log_id;
-
   /* We may be resending a DNSSEC query here, for which the below processing is not necessary. */
   if (!is_dnssec)
     {
       header->id = htons(forward->new_id);
       
-      plen = add_edns0_config(header, plen, ((unsigned char *)header) + PACKETSZ, &forward->frec_src.source, now, &subnet, &cacheable);
-      
-      if (subnet)
-	forward->flags |= FREC_HAS_SUBNET;
+      plen = add_edns0_config(header, plen, ((unsigned char *)header) + PACKETSZ, &forward->frec_src.source, now, &cacheable);
       
       if (!cacheable)
 	forward->flags |= FREC_NO_CACHE;
@@ -481,7 +528,7 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 	  if (errno == 0)
 	    {
 #ifdef HAVE_DUMPFILE
-	      dump_packet(DUMP_UP_QUERY, (void *)header, plen, NULL, &srv->addr);
+	      dump_packet_udp(DUMP_UP_QUERY, (void *)header, plen, NULL, &srv->addr, fd);
 #endif
 	      
 	      /* Keep info in case we want to re-send this packet */
@@ -494,12 +541,12 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
 		  if (!gotname)
 		    strcpy(daemon->namebuff, "query");
 		  log_query_mysockaddr(F_SERVER | F_FORWARD, daemon->namebuff,
-				       &srv->addr, NULL);
+				       &srv->addr, NULL, 0);
 		}
 #ifdef HAVE_DNSSEC
 	      else
-		log_query_mysockaddr(F_NOEXTRA | F_DNSSEC, daemon->namebuff, &srv->addr,
-				     querystr("dnssec-retry", (forward->flags & FREC_DNSKEY_QUERY) ? T_DNSKEY : T_DS));
+		log_query_mysockaddr(F_NOEXTRA | F_DNSSEC | F_SERVER, daemon->namebuff, &srv->addr,
+				     (forward->flags & FREC_DNSKEY_QUERY) ? "dnssec-retry[DNSKEY]" : "dnssec-retry[DS]", 0);
 #endif
 
 	      srv->queries++;
@@ -516,7 +563,10 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
     }
   
   if (forwarded || is_dnssec)
-    return 1;
+    {
+      forward->forward_timestamp = dnsmasq_milliseconds();
+      return 1;
+    }
   
   /* could not send on, prepare to return */ 
   header->id = htons(forward->frec_src.orig_id);
@@ -555,12 +605,88 @@ static int forward_query(int udpfd, union mysockaddr *udpaddr,
   return 0;
 }
 
+/* Check if any frecs need to do a retry, and action that if so. 
+   Return time in milliseconds until he next retry will be required,
+   or -1 if none. */
+int fast_retry(time_t now)
+{
+  struct frec *f;
+  int ret = -1;
+  
+  if (daemon->fast_retry_time != 0)
+    {
+      u32 millis = dnsmasq_milliseconds();
+      
+      for (f = daemon->frec_list; f; f = f->next)
+	if (f->sentto && f->stash && difftime(now, f->time) < daemon->fast_retry_timeout)
+	  {
+#ifdef HAVE_DNSSEC
+	    if (f->blocking_query)
+	      continue;
+#endif
+	    /* t is milliseconds since last query sent. */ 
+	    int to_run, t = (int)(millis - f->forward_timestamp);
+	    
+	    if (t < f->forward_delay)
+	      to_run = f->forward_delay - t;
+	    else
+	      {
+		unsigned char *udpsz;
+		unsigned short udp_size =  PACKETSZ; /* default if no EDNS0 */
+		struct dns_header *header = (struct dns_header *)daemon->packet;
+		
+		/* packet buffer overwritten */
+		daemon->srv_save = NULL;
+		
+		blockdata_retrieve(f->stash, f->stash_len, (void *)header);
+		
+		/* UDP size already set in saved query. */
+		if (find_pseudoheader(header, f->stash_len, NULL, &udpsz, NULL, NULL))
+		  GETSHORT(udp_size, udpsz);
+		
+		daemon->log_display_id = f->frec_src.log_id;
+		
+		forward_query(-1, NULL, NULL, 0, header, f->stash_len, ((char *) header) + udp_size, now, f,
+			      f->flags & FREC_AD_QUESTION, f->flags & FREC_DO_QUESTION, 1);
+
+		to_run = f->forward_delay = 2 * f->forward_delay;
+	      }
+
+	    if (ret == -1 || ret > to_run)
+	      ret = to_run;
+	  }
+      
+    }
+  return ret;
+}
+
+static struct ipsets *domain_find_sets(struct ipsets *setlist, const char *domain) {
+  /* Similar algorithm to search_servers. */
+  struct ipsets *ipset_pos, *ret = NULL;
+  unsigned int namelen = strlen(domain);
+  unsigned int matchlen = 0;
+  for (ipset_pos = setlist; ipset_pos; ipset_pos = ipset_pos->next) 
+    {
+      unsigned int domainlen = strlen(ipset_pos->domain);
+      const char *matchstart = domain + namelen - domainlen;
+      if (namelen >= domainlen && hostname_isequal(matchstart, ipset_pos->domain) &&
+          (domainlen == 0 || namelen == domainlen || *(matchstart - 1) == '.' ) &&
+          domainlen >= matchlen) 
+        {
+          matchlen = domainlen;
+          ret = ipset_pos;
+        }
+    }
+
+  return ret;
+}
+
 static size_t process_reply(struct dns_header *header, time_t now, struct server *server, size_t n, int check_rebind, 
 			    int no_cache, int cache_secure, int bogusanswer, int ad_reqd, int do_bit, int added_pheader, 
-			    int check_subnet, union mysockaddr *query_source, unsigned char *limit, int ede)
+			    union mysockaddr *query_source, unsigned char *limit, int ede)
 {
   unsigned char *pheader, *sizep;
-  char **sets = 0;
+  struct ipsets *ipsets = NULL, *nftsets = NULL;
   int munged = 0, is_sign;
   unsigned int rcode = RCODE(header);
   size_t plen; 
@@ -571,24 +697,12 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
 
 #ifdef HAVE_IPSET
   if (daemon->ipsets && extract_request(header, n, daemon->namebuff, NULL))
-    {
-      /* Similar algorithm to search_servers. */
-      struct ipsets *ipset_pos;
-      unsigned int namelen = strlen(daemon->namebuff);
-      unsigned int matchlen = 0;
-      for (ipset_pos = daemon->ipsets; ipset_pos; ipset_pos = ipset_pos->next) 
-	{
-	  unsigned int domainlen = strlen(ipset_pos->domain);
-	  char *matchstart = daemon->namebuff + namelen - domainlen;
-	  if (namelen >= domainlen && hostname_isequal(matchstart, ipset_pos->domain) &&
-	      (domainlen == 0 || namelen == domainlen || *(matchstart - 1) == '.' ) &&
-	      domainlen >= matchlen) 
-	    {
-	      matchlen = domainlen;
-	      sets = ipset_pos->sets;
-	    }
-	}
-    }
+    ipsets = domain_find_sets(daemon->ipsets, daemon->namebuff);
+#endif
+
+#ifdef HAVE_NFTSET
+  if (daemon->nftsets && extract_request(header, n, daemon->namebuff, NULL))
+    nftsets = domain_find_sets(daemon->nftsets, daemon->namebuff);
 #endif
 
   if ((pheader = find_pseudoheader(header, n, &plen, &sizep, &is_sign, NULL)))
@@ -596,7 +710,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
       /* Get extended RCODE. */
       rcode |= sizep[2] << 4;
 
-      if (check_subnet && !check_source(header, plen, pheader, query_source))
+      if (option_bool(OPT_CLIENT_SUBNET) && !check_source(header, plen, pheader, query_source))
 	{
 	  my_syslog(LOG_WARNING, _("discarding DNS reply: subnet option mismatch"));
 	  return 0;
@@ -607,7 +721,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
 	  if (added_pheader)
 	    {
 	      /* client didn't send EDNS0, we added one, strip it off before returning answer. */
-	      n = rrfilter(header, n, 0);
+	      n = rrfilter(header, n, RRFILTER_EDNS0);
 	      pheader = NULL;
 	    }
 	  else
@@ -653,7 +767,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
       union all_addr a;
       a.log.rcode = rcode;
       a.log.ede = ede;
-      log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL);
+      log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL, 0);
       
       return resize_packet(header, n, pheader, plen);
     }
@@ -696,13 +810,33 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
 	      cache_secure = 0;
 	    }
 	}
-      
-      if (extract_addresses(header, n, daemon->namebuff, now, sets, is_sign, check_rebind, no_cache, cache_secure, &doctored))
+
+      /* Before extract_addresses() */
+      if (rcode == NOERROR)
 	{
+	  if (option_bool(OPT_FILTER_A))
+	    n = rrfilter(header, n, RRFILTER_A);
+
+	  if (option_bool(OPT_FILTER_AAAA))
+	    n = rrfilter(header, n, RRFILTER_AAAA);
+	}
+
+      switch (extract_addresses(header, n, daemon->namebuff, now, ipsets, nftsets, is_sign, check_rebind, no_cache, cache_secure, &doctored))
+	{
+	case 1:
 	  my_syslog(LOG_WARNING, _("possible DNS-rebind attack detected: %s"), daemon->namebuff);
 	  munged = 1;
 	  cache_secure = 0;
 	  ede = EDE_BLOCKED;
+	  break;
+	  
+	  /* extract_addresses() found a malformed answer. */
+	case 2:
+	  munged = 1;
+	  SET_RCODE(header, SERVFAIL);
+	  cache_secure = 0;
+	  ede = EDE_OTHER;
+	  break;
 	}
 
       if (doctored)
@@ -726,7 +860,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
       
       /* If the requestor didn't set the DO bit, don't return DNSSEC info. */
       if (!do_bit)
-	n = rrfilter(header, n, 1);
+	n = rrfilter(header, n, RRFILTER_DNSSEC);
     }
 #endif
 
@@ -750,7 +884,10 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
       u16 swap = htons((u16)ede);
       n = add_pseudoheader(header, n, limit, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 1);
     }
-  
+
+  if (RCODE(header) == NXDOMAIN)
+    server->nxdomain_replies++;
+
   return n;
 }
 
@@ -791,8 +928,8 @@ static void dnssec_validate(struct frec *forward, struct dns_header *header,
 				       NULL, NULL, NULL);
 #ifdef HAVE_DUMPFILE
       if (STAT_ISEQUAL(status, STAT_BOGUS))
-	dump_packet((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) ? DUMP_SEC_BOGUS : DUMP_BOGUS,
-		    header, (size_t)plen, &forward->sentto->addr, NULL);
+	dump_packet_udp((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) ? DUMP_SEC_BOGUS : DUMP_BOGUS,
+			header, (size_t)plen, &forward->sentto->addr, NULL, -daemon->port);
 #endif
     }
   
@@ -801,106 +938,129 @@ static void dnssec_validate(struct frec *forward, struct dns_header *header,
   if (STAT_ISEQUAL(status, STAT_NEED_DS) || STAT_ISEQUAL(status, STAT_NEED_KEY))
     {
       struct frec *new = NULL;
-      int serverind;
       struct blockdata *stash;
       
       /* Now save reply pending receipt of key data */
-      if ((serverind = dnssec_server(forward->sentto, daemon->keyname, NULL, NULL)) != -1 &&
-	  (stash = blockdata_alloc((char *)header, plen)))
+      if ((stash = blockdata_alloc((char *)header, plen)))
 	{
-	  struct server *server = daemon->serverarray[serverind];
-	  struct frec *orig;
-	  unsigned int flags;
-	  void *hash;
-	  size_t nn;
-
 	  /* validate routines leave name of required record in daemon->keyname */
-	  nn = dnssec_generate_query(header, ((unsigned char *) header) + server->edns_pktsz,
-				     daemon->keyname, forward->class,
-				     STAT_ISEQUAL(status, STAT_NEED_KEY) ? T_DNSKEY : T_DS, server->edns_pktsz);
-	  
-	  flags = STAT_ISEQUAL(status, STAT_NEED_KEY) ? FREC_DNSKEY_QUERY : FREC_DS_QUERY;
-	  hash = hash_questions(header, nn, daemon->namebuff);
+	  unsigned int flags = STAT_ISEQUAL(status, STAT_NEED_KEY) ? FREC_DNSKEY_QUERY : FREC_DS_QUERY;
 
-	  if ((new = lookup_frec_by_query(hash, flags, FREC_DNSKEY_QUERY | FREC_DS_QUERY)))
+	  if ((new = lookup_frec_dnssec(daemon->keyname, forward->class, flags, header)))
 	    {
-	      forward->next_dependent = new->dependent;
-	      new->dependent = forward;
-	      /* Make consistent, only replace query copy with unvalidated answer
-		 when we set ->blocking_query. */
-	      if (forward->stash)
-		blockdata_free(forward->stash);
-	      forward->blocking_query = new;
-	      forward->stash_len = plen;
-	      forward->stash = stash;
-	      return;
+	      /* This is tricky; it detects loops in the dependency
+		 graph for DNSSEC validation, say validating A requires DS B
+		 and validating DS B requires DNSKEY C and validating DNSKEY C requires DS B.
+		 This should never happen in correctly signed records, but it's
+		 likely the case that sufficiently broken ones can cause our validation
+		 code requests to exhibit cycles. The result is that the ->blocking_query list
+		 can form a cycle, and under certain circumstances that can lock us in 
+		 an infinite loop. Here we transform the situation into ABANDONED. */
+	      struct frec *f;
+	      for (f = new; f; f = f->blocking_query)
+		if (f == forward)
+		  break;
+
+	      if (!f)
+		{
+		  forward->next_dependent = new->dependent;
+		  new->dependent = forward;
+		  /* Make consistent, only replace query copy with unvalidated answer
+		     when we set ->blocking_query. */
+		  if (forward->stash)
+		    blockdata_free(forward->stash);
+		  forward->blocking_query = new;
+		  forward->stash_len = plen;
+		  forward->stash = stash;
+		  return;
+		}
 	    }
-	    
-	  /* Find the original query that started it all.... */
-	  for (orig = forward; orig->dependent; orig = orig->dependent);
-	  
-	  /* Make sure we don't expire and free the orig frec during the
-	     allocation of a new one: third arg of get_new_frec() does that. */
-	  if (--orig->work_counter == 0 || !(new = get_new_frec(now, server, 1)))
-	    blockdata_free(stash); /* don't leak this on failure. */
 	  else
 	    {
-	      int fd;
-	      struct frec *next = new->next;
-
-	      *new = *forward; /* copy everything, then overwrite */
-	      new->next = next;
-	      new->blocking_query = NULL;
-	      
-	      new->frec_src.log_id = daemon->log_display_id = ++daemon->log_id;
-	      new->sentto = server;
-	      new->rfds = NULL;
-	      new->frec_src.next = NULL;
-	      new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_HAS_EXTRADATA);
-	      new->flags |= flags;
-	      new->forwardall = 0;
-	      
-	      forward->next_dependent = NULL;
-	      new->dependent = forward; /* to find query awaiting new one. */
-
-	      /* Make consistent, only replace query copy with unvalidated answer
-		 when we set ->blocking_query. */
-	      forward->blocking_query = new; 
-	      if (forward->stash)
-		blockdata_free(forward->stash);
-	      forward->stash_len = plen;
-	      forward->stash = stash;
+	      struct server *server;
+	      struct frec *orig;
+	      void *hash;
+	      size_t nn;
+	      int serverind, fd;
+	      struct randfd_list *rfds = NULL;
 	      
-	      memcpy(new->hash, hash, HASH_SIZE);
-	      new->new_id = get_id();
-	      header->id = htons(new->new_id);
-	      /* Save query for retransmission */
-	      new->stash = blockdata_alloc((char *)header, nn);
-	      new->stash_len = nn;
+	      /* Find the original query that started it all.... */
+	      for (orig = forward; orig->dependent; orig = orig->dependent);
 	      
-	      /* Don't resend this. */
-	      daemon->srv_save = NULL;
-	      
-	      if ((fd = allocate_rfd(&new->rfds, server)) != -1)
+	      /* Make sure we don't expire and free the orig frec during the
+		 allocation of a new one: third arg of get_new_frec() does that. */
+	      if ((serverind = dnssec_server(forward->sentto, daemon->keyname, NULL, NULL)) != -1 &&
+		  (server = daemon->serverarray[serverind]) &&
+		  (nn = dnssec_generate_query(header, ((unsigned char *) header) + server->edns_pktsz,
+					      daemon->keyname, forward->class,
+					      STAT_ISEQUAL(status, STAT_NEED_KEY) ? T_DNSKEY : T_DS, server->edns_pktsz)) && 
+		  (hash = hash_questions(header, nn, daemon->namebuff)) &&
+		  --orig->work_counter != 0 &&
+		  (fd = allocate_rfd(&rfds, server)) != -1 &&
+		  (new = get_new_frec(now, server, 1)))
 		{
+		  struct frec *next = new->next;
+		  
+		  *new = *forward; /* copy everything, then overwrite */
+		  new->next = next;
+		  new->blocking_query = NULL;
+		  
+		  new->frec_src.log_id = daemon->log_display_id = ++daemon->log_id;
+		  new->sentto = server;
+		  new->rfds = rfds;
+		  new->frec_src.next = NULL;
+		  new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_HAS_EXTRADATA);
+		  new->flags |= flags;
+		  new->forwardall = 0;
+		  
+		  forward->next_dependent = NULL;
+		  new->dependent = forward; /* to find query awaiting new one. */
+		  
+		  /* Make consistent, only replace query copy with unvalidated answer
+		     when we set ->blocking_query. */
+		  forward->blocking_query = new; 
+		  if (forward->stash)
+		    blockdata_free(forward->stash);
+		  forward->stash_len = plen;
+		  forward->stash = stash;
+		  
+		  memcpy(new->hash, hash, HASH_SIZE);
+		  new->new_id = get_id();
+		  header->id = htons(new->new_id);
+		  /* Save query for retransmission and de-dup */
+		  new->stash = blockdata_alloc((char *)header, nn);
+		  new->stash_len = nn;
+		  if (daemon->fast_retry_time != 0)
+		    new->forward_timestamp = dnsmasq_milliseconds();
+		  
+		  /* Don't resend this. */
+		  daemon->srv_save = NULL;
+		  
 #ifdef HAVE_CONNTRACK
 		  if (option_bool(OPT_CONNTRACK))
 		    set_outgoing_mark(orig, fd);
 #endif
-		  server_send_log(server, fd, header, nn, DUMP_SEC_QUERY,
-				  F_NOEXTRA | F_DNSSEC, daemon->keyname,
-				  querystr("dnssec-query", STAT_ISEQUAL(status, STAT_NEED_KEY) ? T_DNSKEY : T_DS));
+		  
+		  server_send(server, fd, header, nn, 0);
 		  server->queries++;
+#ifdef HAVE_DUMPFILE
+		  dump_packet_udp(DUMP_SEC_QUERY, (void *)header, (size_t)nn, NULL, &server->addr, fd);
+#endif
+		  log_query_mysockaddr(F_NOEXTRA | F_DNSSEC | F_SERVER, daemon->keyname, &server->addr,
+				       STAT_ISEQUAL(status, STAT_NEED_KEY) ? "dnssec-query[DNSKEY]" : "dnssec-query[DS]", 0);
+		  return;
 		}
 	      
-	      return;
+	      free_rfds(&rfds); /* error unwind */
 	    }
+	  
+	  blockdata_free(stash); /* don't leak this on failure. */
 	}
 
-      /* sending DNSSEC query failed. */
+      /* sending DNSSEC query failed or loop detected. */
       status = STAT_ABANDONED;
     }
-  
+
   /* Validated original answer, all done. */
   if (!forward->dependent)
     return_reply(now, forward, header, plen, status);
@@ -976,20 +1136,20 @@ void reply_query(int fd, time_t now)
   if (difftime(now, server->pktsz_reduced) > UDP_TEST_TIME)
     server->edns_pktsz = daemon->edns_pktsz;
 
-#ifdef HAVE_DUMPFILE
-  dump_packet((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) ? DUMP_SEC_REPLY : DUMP_UP_REPLY,
-	      (void *)header, n, &serveraddr, NULL);
-#endif
-
   /* log_query gets called indirectly all over the place, so 
      pass these in global variables - sorry. */
   daemon->log_display_id = forward->frec_src.log_id;
   daemon->log_source_addr = &forward->frec_src.source;
   
+#ifdef HAVE_DUMPFILE
+  dump_packet_udp((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) ? DUMP_SEC_REPLY : DUMP_UP_REPLY,
+		  (void *)header, n, &serveraddr, NULL, fd);
+#endif
+
   if (daemon->ignore_addr && RCODE(header) == NOERROR &&
       check_for_ignored_address(header, n))
     return;
-
+  
   /* Note: if we send extra options in the EDNS0 header, we can't recreate
      the query from the reply. */
   if ((RCODE(header) == REFUSED || RCODE(header) == SERVFAIL) &&
@@ -1004,12 +1164,15 @@ void reply_query(int fd, time_t now)
       size_t nn = 0;
       
 #ifdef HAVE_DNSSEC
-      /* DNSSEC queries have a copy of the original query stashed. 
-	 The query MAY have got a good answer, and be awaiting
+      /* The query MAY have got a good answer, and be awaiting
 	 the results of further queries, in which case
 	 The Stash contains something else and we don't need to retry anyway. */
-      if ((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) && !forward->blocking_query)
+      if (forward->blocking_query)
+	return;
+      
+      if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY))
 	{
+	  /* DNSSEC queries have a copy of the original query stashed. */
 	  blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
 	  nn = forward->stash_len;
 	  udp_size = daemon->edns_pktsz;
@@ -1017,38 +1180,50 @@ void reply_query(int fd, time_t now)
       else
 #endif
 	{
-	  /* recreate query from reply */
-	  if ((pheader = find_pseudoheader(header, (size_t)n, &plen, &udpsz, &is_sign, NULL)))
-	    GETSHORT(udp_size, udpsz);
-	  
-	  /* If the client provides an EDNS0 UDP size, use that to limit our reply.
-	     (bounded by the maximum configured). If no EDNS0, then it
-	     defaults to 512 */
-	  if (udp_size > daemon->edns_pktsz)
-	    udp_size = daemon->edns_pktsz;
-	  else if (udp_size < PACKETSZ)
-	    udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
-	  
-	  if (!is_sign &&
-	      (nn = resize_packet(header, (size_t)n, pheader, plen)) &&
-	      (forward->flags & FREC_DO_QUESTION))
-	    add_do_bit(header, nn,  (unsigned char *)pheader + plen);
-
-	  header->ancount = htons(0);
-	  header->nscount = htons(0);
-	  header->arcount = htons(0);
-	  header->hb3 &= ~(HB3_QR | HB3_AA | HB3_TC);
-	  header->hb4 &= ~(HB4_RA | HB4_RCODE | HB4_CD | HB4_AD);
-	  if (forward->flags & FREC_CHECKING_DISABLED)
-	    header->hb4 |= HB4_CD;
-	  if (forward->flags & FREC_AD_QUESTION)
-	    header->hb4 |= HB4_AD;
+	  /* in fast retry mode, we have a copy of the query. */
+	  if (daemon->fast_retry_time != 0 && forward->stash)
+	    {
+	      blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
+	      nn = forward->stash_len;
+	      /* UDP size already set in saved query. */
+	      if (find_pseudoheader(header, (size_t)n, NULL, &udpsz, NULL, NULL))
+		GETSHORT(udp_size, udpsz);
+	    }
+	  else
+	    {
+	      /* recreate query from reply */
+	      if ((pheader = find_pseudoheader(header, (size_t)n, &plen, &udpsz, &is_sign, NULL)))
+		GETSHORT(udp_size, udpsz);
+	      
+	      /* If the client provides an EDNS0 UDP size, use that to limit our reply.
+		 (bounded by the maximum configured). If no EDNS0, then it
+		 defaults to 512 */
+	      if (udp_size > daemon->edns_pktsz)
+		udp_size = daemon->edns_pktsz;
+	      else if (udp_size < PACKETSZ)
+		udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
+	      
+	      header->ancount = htons(0);
+	      header->nscount = htons(0);
+	      header->arcount = htons(0);
+	      header->hb3 &= ~(HB3_QR | HB3_AA | HB3_TC);
+	      header->hb4 &= ~(HB4_RA | HB4_RCODE | HB4_CD | HB4_AD);
+	      if (forward->flags & FREC_CHECKING_DISABLED)
+		header->hb4 |= HB4_CD;
+	      if (forward->flags & FREC_AD_QUESTION)
+		header->hb4 |= HB4_AD;
+
+	      if (!is_sign &&
+		  (nn = resize_packet(header, (size_t)n, pheader, plen)) &&
+		  (forward->flags & FREC_DO_QUESTION))
+		add_do_bit(header, nn,  (unsigned char *)pheader + plen);
+	    }
 	}
-
+      
       if (nn)
 	{
 	  forward_query(-1, NULL, NULL, 0, header, nn, ((char *) header) + udp_size, now, forward,
-			forward->flags & FREC_AD_QUESTION, forward->flags & FREC_DO_QUESTION);
+			forward->flags & FREC_AD_QUESTION, forward->flags & FREC_DO_QUESTION, 0);
 	  return;
 	}
     }
@@ -1075,6 +1250,22 @@ void reply_query(int fd, time_t now)
     }
 
   forward->sentto = server;
+
+  /* We have a good answer, and will now validate it or return it. 
+     It may be some time before this the validation completes, but we don't need
+     any more answers, so close the socket(s) on which we were expecting
+     answers, to conserve file descriptors, and to save work reading and
+     discarding answers for other upstreams. */
+  free_rfds(&forward->rfds);
+
+  /* calculate modified moving average of server latency */
+  if (server->query_latency == 0)
+    server->mma_latency = (dnsmasq_milliseconds() - forward->forward_timestamp) * 128; /* init */
+  else
+    server->mma_latency += dnsmasq_milliseconds() - forward->forward_timestamp - server->query_latency;
+  /* denominator controls how many queries we average over. */
+  server->query_latency = server->mma_latency/128;
+  
   
 #ifdef HAVE_DNSSEC
   if ((forward->sentto->flags & SERV_DO_DNSSEC) && 
@@ -1136,7 +1327,7 @@ static void return_reply(time_t now, struct frec *forward, struct dns_header *he
 		domain = daemon->namebuff;
 	    }
 	  
-	  log_query(F_SECSTAT, domain, &a, result);
+	  log_query(F_SECSTAT, domain, &a, result, 0);
 	}
     }
 #endif
@@ -1157,7 +1348,7 @@ static void return_reply(time_t now, struct frec *forward, struct dns_header *he
   
   if ((nn = process_reply(header, now, forward->sentto, (size_t)n, check_rebind, no_cache_dnssec, cache_secure, bogusanswer, 
 			  forward->flags & FREC_AD_QUESTION, forward->flags & FREC_DO_QUESTION, 
-			  forward->flags & FREC_ADDED_PHEADER, forward->flags & FREC_HAS_SUBNET, &forward->frec_src.source,
+			  forward->flags & FREC_ADDED_PHEADER, &forward->frec_src.source,
 			  ((unsigned char *)header) + daemon->edns_pktsz, ede)))
     {
       struct frec_src *src;
@@ -1181,10 +1372,6 @@ static void return_reply(time_t now, struct frec *forward, struct dns_header *he
 	{
 	  header->id = htons(src->orig_id);
 	  
-#ifdef HAVE_DUMPFILE
-	  dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &src->source);
-#endif
-	  
 #if defined(HAVE_CONNTRACK) && defined(HAVE_UBUS)
 	  if (option_bool(OPT_CMARK_ALST_EN))
 	    {
@@ -1195,14 +1382,20 @@ static void return_reply(time_t now, struct frec *forward, struct dns_header *he
 	    }
 #endif
 	  
-	  send_from(src->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn, 
-		    &src->source, &src->dest, src->iface);
-	  
-	  if (option_bool(OPT_EXTRALOG) && src != &forward->frec_src)
+	  if (src->fd != -1)
 	    {
-	      daemon->log_display_id = src->log_id;
-	      daemon->log_source_addr = &src->source;
-	      log_query(F_UPSTREAM, "query", NULL, "duplicate");
+#ifdef HAVE_DUMPFILE
+	      dump_packet_udp(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &src->source, src->fd);
+#endif 
+	      send_from(src->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn, 
+			&src->source, &src->dest, src->iface);
+	      
+	      if (option_bool(OPT_EXTRALOG) && src != &forward->frec_src)
+		{
+		  daemon->log_display_id = src->log_id;
+		  daemon->log_source_addr = &src->source;
+		  log_query(F_UPSTREAM, "query", NULL, "duplicate", 0);
+		}
 	    }
 	}
     }
@@ -1292,7 +1485,7 @@ void receive_query(struct listener *listen, time_t now)
   int family = listen->addr.sa.sa_family;
    /* Can always get recvd interface for IPv6 */
   int check_dst = !option_bool(OPT_NOWILD) || family == AF_INET6;
-
+  
   /* packet buffer overwritten */
   daemon->srv_save = NULL;
 
@@ -1378,7 +1571,8 @@ void receive_query(struct listener *listen, time_t now)
 	  static int warned = 0;
 	  if (!warned)
 	    {
-	      my_syslog(LOG_WARNING, _("Ignoring query from non-local network"));
+	      prettyprint_addr(&source_addr, daemon->addrbuff);
+	      my_syslog(LOG_WARNING, _("ignoring query from non-local network %s (logged only once)"), daemon->addrbuff);
 	      warned = 1;
 	    }
 	  return;
@@ -1496,7 +1690,7 @@ void receive_query(struct listener *listen, time_t now)
   daemon->log_source_addr = &source_addr;
 
 #ifdef HAVE_DUMPFILE
-  dump_packet(DUMP_QUERY, daemon->packet, (size_t)n, &source_addr, NULL);
+  dump_packet_udp(DUMP_QUERY, daemon->packet, (size_t)n, &source_addr, NULL, listen->fd);
 #endif
   
 #ifdef HAVE_CONNTRACK
@@ -1509,10 +1703,8 @@ void receive_query(struct listener *listen, time_t now)
 #ifdef HAVE_AUTH
       struct auth_zone *zone;
 #endif
-      char *types = querystr(auth_dns ? "auth" : "query", type);
-
       log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff,
-			   &source_addr, types);
+			   &source_addr, auth_dns ? "auth" : "query", type);
       
 #ifdef HAVE_CONNTRACK
       is_single_query = 1;
@@ -1551,13 +1743,17 @@ void receive_query(struct listener *listen, time_t now)
 	
       /* If the client provides an EDNS0 UDP size, use that to limit our reply.
 	 (bounded by the maximum configured). If no EDNS0, then it
-	 defaults to 512 */
+	 defaults to 512. We write this value into the query packet too, so that
+	 if it's forwarded, we don't specify a maximum size greater than we can handle. */
       if (udp_size > daemon->edns_pktsz)
 	udp_size = daemon->edns_pktsz;
       else if (udp_size < PACKETSZ)
 	udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */
-    }
 
+      pheader -= 6; /* ext_class */
+      PUTSHORT(udp_size, pheader); /* Bounding forwarded queries to maximum configured */
+    }
+  
 #ifdef HAVE_CONNTRACK
 #ifdef HAVE_AUTH
   if (!auth_dns || local_auth)
@@ -1581,7 +1777,7 @@ void receive_query(struct listener *listen, time_t now)
       if (m >= 1)
 	{
 #ifdef HAVE_DUMPFILE
-	  dump_packet(DUMP_REPLY, daemon->packet, m, NULL, &source_addr);
+	  dump_packet_udp(DUMP_REPLY, daemon->packet, m, NULL, &source_addr, listen->fd);
 #endif
 	  send_from(listen->fd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND),
 		    (char *)header, m, &source_addr, &dst_addr, if_index);
@@ -1597,7 +1793,7 @@ void receive_query(struct listener *listen, time_t now)
       if (m >= 1)
 	{
 #ifdef HAVE_DUMPFILE
-	  dump_packet(DUMP_REPLY, daemon->packet, m, NULL, &source_addr);
+	  dump_packet_udp(DUMP_REPLY, daemon->packet, m, NULL, &source_addr, listen->fd);
 #endif
 #if defined(HAVE_CONNTRACK) && defined(HAVE_UBUS)
 	  if (local_auth)
@@ -1612,18 +1808,29 @@ void receive_query(struct listener *listen, time_t now)
 #endif
   else
     {
+      int stale;
       int ad_reqd = do_bit;
+      u16 hb3 = header->hb3, hb4 = header->hb4;
+      int fd = listen->fd;
+      
       /* RFC 6840 5.7 */
       if (header->hb4 & HB4_AD)
 	ad_reqd = 1;
       
       m = answer_request(header, ((char *) header) + udp_size, (size_t)n, 
-			 dst_addr_4, netmask, now, ad_reqd, do_bit, have_pseudoheader);
+			 dst_addr_4, netmask, now, ad_reqd, do_bit, have_pseudoheader, &stale);
       
       if (m >= 1)
 	{
+	  if (stale && have_pseudoheader)
+	    {
+	      u16 swap = htons(EDE_STALE);
+	      
+	      m = add_pseudoheader(header,  m,  ((unsigned char *) header) + udp_size, daemon->edns_pktsz,
+				   EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
+	    }
 #ifdef HAVE_DUMPFILE
-	  dump_packet(DUMP_REPLY, daemon->packet, m, NULL, &source_addr);
+	  dump_packet_udp(DUMP_REPLY, daemon->packet, m, NULL, &source_addr, listen->fd);
 #endif
 #if defined(HAVE_CONNTRACK) && defined(HAVE_UBUS)
 	  if (option_bool(OPT_CMARK_ALST_EN) && have_mark && ((u32)mark & daemon->allowlist_mask))
@@ -1632,12 +1839,39 @@ void receive_query(struct listener *listen, time_t now)
 	  send_from(listen->fd, option_bool(OPT_NOWILD) || option_bool(OPT_CLEVERBIND),
 		    (char *)header, m, &source_addr, &dst_addr, if_index);
 	  daemon->metrics[METRIC_DNS_LOCAL_ANSWERED]++;
+	  if (stale)
+	    daemon->metrics[METRIC_DNS_STALE_ANSWERED]++;
+	}
+      
+      if (m == 0 || stale)
+	{
+	  if (m != 0)
+	    {
+	      size_t plen;
+	      
+	      /* We answered with stale cache data, so forward the query anyway to
+		 refresh that. Restore the query from the answer packet. */
+	      pheader = find_pseudoheader(header, (size_t)m, &plen, NULL, NULL, NULL);
+	      
+	      header->hb3 = hb3;
+	      header->hb4 = hb4;
+	      header->ancount = htons(0);
+	      header->nscount = htons(0);
+	      header->arcount = htons(0);
+
+	      m = resize_packet(header, m, pheader, plen);
+
+	      /* We've already answered the client, so don't send it the answer 
+		 when it comes back. */
+	      fd = -1;
+	    }
+	  
+	  if (forward_query(fd, &source_addr, &dst_addr, if_index,
+			    header, (size_t)n,  ((char *) header) + udp_size, now, NULL, ad_reqd, do_bit, 0))
+	    daemon->metrics[METRIC_DNS_QUERIES_FORWARDED]++;
+	  else
+	    daemon->metrics[METRIC_DNS_LOCAL_ANSWERED]++;
 	}
-      else if (forward_query(listen->fd, &source_addr, &dst_addr, if_index,
-			     header, (size_t)n,  ((char *) header) + udp_size, now, NULL, ad_reqd, do_bit))
-	daemon->metrics[METRIC_DNS_QUERIES_FORWARDED]++;
-      else
-	daemon->metrics[METRIC_DNS_LOCAL_ANSWERED]++;
     }
 }
 
@@ -1651,13 +1885,16 @@ static ssize_t tcp_talk(int first, int last, int start, unsigned char *packet,
   unsigned char *payload = &packet[2];
   struct dns_header *header = (struct dns_header *)payload;
   unsigned char c1, c2;
-  unsigned char hash[HASH_SIZE];
+  unsigned char hash[HASH_SIZE], *hashp;
   unsigned int rsize;
   
   (void)mark;
   (void)have_mark;
 
-  memcpy(hash, hash_questions(header, (unsigned int)qsize, daemon->namebuff), HASH_SIZE);
+  if (!(hashp = hash_questions(header, (unsigned int)qsize, daemon->namebuff)))
+    return 0;
+
+  memcpy(hash, hashp, HASH_SIZE);
   
   while (1) 
     {
@@ -1738,7 +1975,7 @@ static ssize_t tcp_talk(int first, int last, int start, unsigned char *packet,
 	 someone might be attempting to insert bogus values into the cache by 
 	 sending replies containing questions and bogus answers. 
 	 Try another server, or give up */
-      if (memcmp(hash, hash_questions(header, rsize, daemon->namebuff), HASH_SIZE) != 0)
+      if (!(hashp = hash_questions(header, rsize, daemon->namebuff)) || memcmp(hash, hashp, HASH_SIZE) != 0)
 	continue;
       
       serv->flags |= SERV_GOT_TCP;
@@ -1807,8 +2044,8 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
       log_save = daemon->log_display_id;
       daemon->log_display_id = ++daemon->log_id;
       
-      log_query_mysockaddr(F_NOEXTRA | F_DNSSEC, keyname, &server->addr,
-			   querystr("dnssec-query", STAT_ISEQUAL(new_status, STAT_NEED_KEY) ? T_DNSKEY : T_DS));
+      log_query_mysockaddr(F_NOEXTRA | F_DNSSEC | F_SERVER, keyname, &server->addr,
+			    STAT_ISEQUAL(status, STAT_NEED_KEY) ? "dnssec-query[DNSKEY]" : "dnssec-query[DS]", 0);
             
       new_status = tcp_key_recurse(now, new_status, new_header, m, class, name, keyname, server, have_mark, mark, keycount);
 
@@ -1842,7 +2079,7 @@ unsigned char *tcp_request(int confd, time_t now,
   int local_auth = 0;
 #endif
   int checking_disabled, do_bit, added_pheader = 0, have_pseudoheader = 0;
-  int check_subnet, cacheable, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
+  int cacheable, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
   size_t m;
   unsigned short qtype;
   unsigned int gotname;
@@ -1861,10 +2098,11 @@ unsigned char *tcp_request(int confd, time_t now,
   unsigned char *pheader;
   unsigned int mark = 0;
   int have_mark = 0;
-  int first, last;
+  int first, last, stale, do_stale = 0;
   unsigned int flags = 0;
+  u16 hb3, hb4;
     
-  if (getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) == -1)
+  if (!packet || getpeername(confd, (struct sockaddr *)&peer_addr, &peer_len) == -1)
     return packet;
 
 #ifdef HAVE_CONNTRACK
@@ -1907,7 +2145,8 @@ unsigned char *tcp_request(int confd, time_t now,
 	}
       if (!addr)
 	{
-	  my_syslog(LOG_WARNING, _("Ignoring query from non-local network"));
+	  prettyprint_addr(&peer_addr, daemon->addrbuff);
+	  my_syslog(LOG_WARNING, _("ignoring query from non-local network %s"), daemon->addrbuff);
 	  return packet;
 	}
     }
@@ -1916,13 +2155,37 @@ unsigned char *tcp_request(int confd, time_t now,
     {
       int ede = EDE_UNSET;
 
-      if (query_count == TCP_MAX_QUERIES ||
-	  !packet ||
-	  !read_write(confd, &c1, 1, 1) || !read_write(confd, &c2, 1, 1) ||
-	  !(size = c1 << 8 | c2) ||
-	  !read_write(confd, payload, size, 1))
-       	return packet; 
-  
+      if (query_count == TCP_MAX_QUERIES)
+	return packet;
+
+      if (do_stale)
+	{
+	  size_t plen;
+
+	  /* We answered the last query with stale data. Now try and get fresh data.
+	     Restore query from answer. */
+	  pheader = find_pseudoheader(header, m, &plen, NULL, NULL, NULL);
+	  
+	  header->hb3 = hb3;
+	  header->hb4 = hb4;
+	  header->ancount = htons(0);
+	  header->nscount = htons(0);
+	  header->arcount = htons(0);
+	  
+	  size = resize_packet(header, m, pheader, plen);
+	}
+      else
+	{
+	  if (!read_write(confd, &c1, 1, 1) || !read_write(confd, &c2, 1, 1) ||
+	      !(size = c1 << 8 | c2) ||
+	      !read_write(confd, payload, size, 1))
+	    return packet;
+	  
+	  /* for stale-answer processing. */
+	  hb3 = header->hb3;
+	  hb4 = header->hb4;
+	}
+      
       if (size < (int)sizeof(struct dns_header))
 	continue;
 
@@ -1946,26 +2209,28 @@ unsigned char *tcp_request(int confd, time_t now,
 #ifdef HAVE_AUTH
 	  struct auth_zone *zone;
 #endif
-	  char *types = querystr(auth_dns ? "auth" : "query", qtype);
-	  
-	  log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff,
-			       &peer_addr, types);
-	  
+
 #ifdef HAVE_CONNTRACK
 	  is_single_query = 1;
 #endif
-	  
+
+	  if (!do_stale)
+	    {
+	      log_query_mysockaddr(F_QUERY | F_FORWARD, daemon->namebuff,
+				   &peer_addr, auth_dns ? "auth" : "query", qtype);
+	      
 #ifdef HAVE_AUTH
-	  /* find queries for zones we're authoritative for, and answer them directly */
-	  if (!auth_dns && !option_bool(OPT_LOCALISE))
-	    for (zone = daemon->auth_zones; zone; zone = zone->next)
-	      if (in_zone(zone, daemon->namebuff, NULL))
-		{
-		  auth_dns = 1;
-		  local_auth = 1;
-		  break;
-		}
+	      /* find queries for zones we're authoritative for, and answer them directly */
+	      if (!auth_dns && !option_bool(OPT_LOCALISE))
+		for (zone = daemon->auth_zones; zone; zone = zone->next)
+		  if (in_zone(zone, daemon->namebuff, NULL))
+		    {
+		      auth_dns = 1;
+		      local_auth = 1;
+		      break;
+		    }
 #endif
+	    }
 	}
       
       norebind = domain_no_rebind(daemon->namebuff);
@@ -2021,11 +2286,14 @@ unsigned char *tcp_request(int confd, time_t now,
 	   /* RFC 6840 5.7 */
 	   if (header->hb4 & HB4_AD)
 	     ad_reqd = 1;
+
+	   if (do_stale)
+	     m = 0;
+	   else
+	     /* m > 0 if answered from cache */
+	     m = answer_request(header, ((char *) header) + 65536, (size_t)size, 
+				dst_addr_4, netmask, now, ad_reqd, do_bit, have_pseudoheader, &stale);
 	   
-	   /* m > 0 if answered from cache */
-	   m = answer_request(header, ((char *) header) + 65536, (size_t)size, 
-			      dst_addr_4, netmask, now, ad_reqd, do_bit, have_pseudoheader);
-	  
 	  /* Do this by steam now we're not in the select() loop */
 	  check_log_writer(1); 
 	  
@@ -2060,7 +2328,7 @@ unsigned char *tcp_request(int confd, time_t now,
 		  else
 		    start = master->last_server;
 		  
-		  size = add_edns0_config(header, size, ((unsigned char *) header) + 65536, &peer_addr, now, &check_subnet, &cacheable);
+		  size = add_edns0_config(header, size, ((unsigned char *) header) + 65536, &peer_addr, now, &cacheable);
 		  
 #ifdef HAVE_DNSSEC
 		  if (option_bool(OPT_DNSSEC_VALID) && (master->flags & SERV_DO_DNSSEC))
@@ -2089,7 +2357,7 @@ unsigned char *tcp_request(int confd, time_t now,
 		  /* get query name again for logging - may have been overwritten */
 		  if (!(gotname = extract_request(header, (unsigned int)size, daemon->namebuff, &qtype)))
 		    strcpy(daemon->namebuff, "query");
-		  log_query_mysockaddr(F_SERVER | F_FORWARD, daemon->namebuff, &serv->addr, NULL);
+		  log_query_mysockaddr(F_SERVER | F_FORWARD, daemon->namebuff, &serv->addr, NULL, 0);
 		  
 #ifdef HAVE_DNSSEC
 		  if (option_bool(OPT_DNSSEC_VALID) && !checking_disabled && (master->flags & SERV_DO_DNSSEC))
@@ -2121,7 +2389,7 @@ unsigned char *tcp_request(int confd, time_t now,
 			    domain = daemon->namebuff;
 			}
 		      
-		      log_query(F_SECSTAT, domain, &a, result);
+		      log_query(F_SECSTAT, domain, &a, result, 0);
 		    }
 #endif
 		  
@@ -2138,11 +2406,14 @@ unsigned char *tcp_request(int confd, time_t now,
 		  
 		  m = process_reply(header, now, serv, (unsigned int)m, 
 				    option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, cache_secure, bogusanswer,
-				    ad_reqd, do_bit, added_pheader, check_subnet, &peer_addr, ((unsigned char *)header) + 65536, ede); 
+				    ad_reqd, do_bit, added_pheader, &peer_addr, ((unsigned char *)header) + 65536, ede); 
 		}
 	    }
 	}
 	
+      if (do_stale)
+	break;
+    
       /* In case of local answer or no connections made. */
       if (m == 0)
 	{
@@ -2153,13 +2424,19 @@ unsigned char *tcp_request(int confd, time_t now,
 	  if (have_pseudoheader)
 	    {
 	      u16 swap = htons((u16)ede);
-
-	       if (ede != EDE_UNSET)
-		 m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
-	       else
-		 m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0);
+	      
+	      if (ede != EDE_UNSET)
+		m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
+	      else
+		m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, 0, NULL, 0, do_bit, 0);
 	    }
 	}
+      else if (stale)
+	 {
+	   u16 swap = htons((u16)EDE_STALE);
+	   
+	   m = add_pseudoheader(header, m, ((unsigned char *) header) + 65536, daemon->edns_pktsz, EDNS0_OPTION_EDE, (unsigned char *)&swap, 2, do_bit, 0);
+	 }
       
       check_log_writer(1);
       
@@ -2174,8 +2451,26 @@ unsigned char *tcp_request(int confd, time_t now,
 #endif
       if (!read_write(confd, packet, m + sizeof(u16), 0))
 	break;
+      
+      /* If we answered with stale data, this process will now try and get fresh data into
+	 the cache then and cannot therefore accept new queries. Close the incoming
+	 connection to signal that to the client. Then set do_stale and loop round
+	 once more to try and get fresh data, after which we exit. */
+      if (stale)
+	{
+	  shutdown(confd, SHUT_RDWR);
+	  close(confd);
+	  do_stale = 1;
+	}
     }
-  
+
+  /* If we ran once to get fresh data, confd is already closed. */
+  if (!do_stale)
+    {
+      shutdown(confd, SHUT_RDWR);
+      close(confd);
+    }
+
   return packet;
 }
 
@@ -2187,16 +2482,36 @@ static int random_sock(struct server *s)
 
   if ((fd = socket(s->source_addr.sa.sa_family, SOCK_DGRAM, 0)) != -1)
     {
+      /* We need to set IPV6ONLY so we can use the same ports
+	 for IPv4 and IPV6, otherwise, in restriced port situations,
+	 we can end up with all our available ports in use for 
+	 one address family, and the other address family cannot be used. */
+      if (s->source_addr.sa.sa_family == AF_INET6)
+	{
+	  int opt = 1;
+
+	  if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) == -1)
+	    {
+	      close(fd);
+	      return -1;
+	    }
+	}
+      
       if (local_bind(fd, &s->source_addr, s->interface, s->ifindex, 0))
 	return fd;
 
-      if (s->interface[0] == 0)
-	(void)prettyprint_addr(&s->source_addr, daemon->namebuff);
-      else
-	strcpy(daemon->namebuff, s->interface);
-
-      my_syslog(LOG_ERR, _("failed to bind server socket to %s: %s"),
-		daemon->namebuff, strerror(errno));
+      /* don't log errors due to running out of available ports, we handle those. */
+      if (!sockaddr_isnull(&s->source_addr) || errno != EADDRINUSE)
+	{
+	  if (s->interface[0] == 0)
+	    (void)prettyprint_addr(&s->source_addr, daemon->addrbuff);
+	  else
+	    safe_strncpy(daemon->addrbuff, s->interface, ADDRSTRLEN);
+	  
+	  my_syslog(LOG_ERR, _("failed to bind server socket to %s: %s"),
+		    daemon->addrbuff, strerror(errno));
+	}
+	  
       close(fd);
     }
   
@@ -2226,39 +2541,93 @@ int allocate_rfd(struct randfd_list **fdlp, struct server *serv)
 {
   static int finger = 0;
   int i, j = 0;
-  struct randfd_list *rfl;
+  int ports_full = 0;
+  struct randfd_list **up, *rfl, *found, **found_link;
   struct randfd *rfd = NULL;
   int fd = 0;
+  int ports_avail = 0;
+  
+  /* We can't have more randomsocks for this AF available than ports in  our port range,
+     so check that here, to avoid trying and failing to bind every port
+     in local_bind(), called from random_sock(). The actual check is below when 
+     ports_avail != 0 */
+  if (daemon->max_port != 0)
+    {
+      ports_avail = daemon->max_port - daemon->min_port + 1;
+      if (ports_avail >= SMALL_PORT_RANGE)
+	ports_avail = 0;
+    }
   
   /* If server has a pre-allocated fd, use that. */
   if (serv->sfd)
     return serv->sfd->fd;
   
-  /* existing suitable random port socket linked to this transaction? */
-  for (rfl = *fdlp; rfl; rfl = rfl->next)
+  /* existing suitable random port socket linked to this transaction?
+     Find the last one in the list and count how many there are. */
+  for (found = NULL, found_link = NULL, i = 0, up = fdlp, rfl = *fdlp; rfl; up = &rfl->next, rfl = rfl->next)
     if (server_isequal(serv, rfl->rfd->serv))
-      return rfl->rfd->fd;
+      {
+	i++;
+	found = rfl;
+	found_link = up;
+      }
 
-  /* No. need new link. */
+  /* We have the maximum number for this query already. Promote
+     the last one on the list to the head, to circulate them,
+     and return it. */
+  if (found && i >= daemon->randport_limit)
+    {
+      *found_link = found->next;
+      found->next = *fdlp;
+      *fdlp = found;
+      return found->rfd->fd;
+    }
+
+  /* check for all available ports in use. */
+  if (ports_avail != 0)
+    {
+      int ports_inuse;
+
+      for (ports_inuse = 0, i = 0; i < daemon->numrrand; i++)
+	if (daemon->randomsocks[i].refcount != 0 &&
+	    daemon->randomsocks[i].serv->source_addr.sa.sa_family == serv->source_addr.sa.sa_family &&
+	    ++ports_inuse >= ports_avail)
+	  {
+	    ports_full = 1;
+	    break;
+	  }
+    }
+  
+  /* limit the number of sockets we have open to avoid starvation of 
+     (eg) TFTP. Once we have a reasonable number, randomness should be OK */
+  if (!ports_full)
+    for (i = 0; i < daemon->numrrand; i++)
+      if (daemon->randomsocks[i].refcount == 0)
+	{
+	  if ((fd = random_sock(serv)) != -1)
+	    {
+	      rfd = &daemon->randomsocks[i];
+	      rfd->serv = serv;
+	      rfd->fd = fd;
+	      rfd->refcount = 1;
+	    }
+	  break;
+	}
+    
+  /* No good existing. Need new link. */
   if ((rfl = daemon->rfl_spare))
     daemon->rfl_spare = rfl->next;
   else if (!(rfl = whine_malloc(sizeof(struct randfd_list))))
-    return -1;
-   
-  /* limit the number of sockets we have open to avoid starvation of 
-     (eg) TFTP. Once we have a reasonable number, randomness should be OK */
-  for (i = 0; i < daemon->numrrand; i++)
-    if (daemon->randomsocks[i].refcount == 0)
-      {
-	if ((fd = random_sock(serv)) != -1)
-    	  {
-	    rfd = &daemon->randomsocks[i];
-	    rfd->serv = serv;
-	    rfd->fd = fd;
-	    rfd->refcount = 1;
-	  }
-	break;
-      }
+    {
+      /* malloc failed, don't leak allocated sock */
+      if (rfd)
+	{
+	  close(rfd->fd);
+	  rfd->refcount = 0;
+	}
+
+      return -1;
+    }
   
   /* No free ones or cannot get new socket, grab an existing one */
   if (!rfd)
@@ -2269,14 +2638,23 @@ int allocate_rfd(struct randfd_list **fdlp, struct server *serv)
 	    server_isequal(serv, daemon->randomsocks[i].serv) &&
 	    daemon->randomsocks[i].refcount != 0xfffe)
 	  {
-	    finger = i + 1;
-	    rfd = &daemon->randomsocks[i];
-	    rfd->refcount++;
-	    break;
+	    struct randfd_list *rl;
+	    /* Don't pick one we already have. */
+	    for (rl = *fdlp; rl; rl = rl->next)
+	      if (rl->rfd == &daemon->randomsocks[i])
+		break;
+
+	    if (!rl)
+	      {
+		finger = i + 1;
+		rfd = &daemon->randomsocks[i];
+		rfd->refcount++;
+		break;
+	      }
 	  }
       }
 
-  if (j == daemon->numrrand)
+  if (!rfd) /* should be when j == daemon->numrrand */
     {
       struct randfd_list *rfl_poll;
 
@@ -2384,13 +2762,13 @@ static void free_frec(struct frec *f)
   f->sentto = NULL;
   f->flags = 0;
 
-#ifdef HAVE_DNSSEC
   if (f->stash)
     {
       blockdata_free(f->stash);
       f->stash = NULL;
     }
-
+  
+#ifdef HAVE_DNSSEC
   /* Anything we're waiting on is pointless now, too */
   if (f->blocking_query)
     {
@@ -2446,6 +2824,7 @@ static struct frec *get_new_frec(time_t now, struct server *master, int force)
 	    {
 	      if (difftime(now, f->time) >= 4*TIMEOUT)
 		{
+		  daemon->metrics[METRIC_DNS_UNANSWERED_QUERY]++;
 		  free_frec(f);
 		  target = f;
 		}
@@ -2467,6 +2846,7 @@ static struct frec *get_new_frec(time_t now, struct server *master, int force)
   if (!target && oldest && ((int)difftime(now, oldest->time)) >= TIMEOUT)
     { 
       /* can't find empty one, use oldest if there is one and it's older than timeout */
+      daemon->metrics[METRIC_DNS_UNANSWERED_QUERY]++;
       free_frec(oldest);
       target = oldest;
     }
@@ -2478,8 +2858,11 @@ static struct frec *get_new_frec(time_t now, struct server *master, int force)
     }
 
   if (target)
-    target->time = now;
-
+    {
+      target->time = now;
+      target->forward_delay = daemon->fast_retry_time;
+    }
+  
   return target;
 }
 
@@ -2504,28 +2887,29 @@ static struct frec *lookup_frec(unsigned short id, int fd, void *hash, int *firs
   struct server *s;
   int first, last;
   struct randfd_list *fdl;
-  
-  for(f = daemon->frec_list; f; f = f->next)
-    if (f->sentto && f->new_id == id && 
-	(memcmp(hash, f->hash, HASH_SIZE) == 0))
-      {
-	filter_servers(f->sentto->arrayposn, F_SERVER, firstp, lastp);
 
-	/* sent from random port */
-	for (fdl = f->rfds; fdl; fdl = fdl->next)
-	  if (fdl->rfd->fd == fd)
-	  return f;
-	
-	/* Sent to upstream from socket associated with a server. 
-	   Note we have to iterate over all the possible servers, since they may
-	   have different bound sockets. */
-	for (first = *firstp, last = *lastp; first != last; first++)
-	  {
-	    s = daemon->serverarray[first];
-	    if (s->sfd && s->sfd->fd == fd)
+  if (hash)
+    for (f = daemon->frec_list; f; f = f->next)
+      if (f->sentto && f->new_id == id && 
+	  (memcmp(hash, f->hash, HASH_SIZE) == 0))
+	{
+	  filter_servers(f->sentto->arrayposn, F_SERVER, firstp, lastp);
+	  
+	  /* sent from random port */
+	  for (fdl = f->rfds; fdl; fdl = fdl->next)
+	    if (fdl->rfd->fd == fd)
 	      return f;
-	  }
-      }
+	  
+	  /* Sent to upstream from socket associated with a server. 
+	     Note we have to iterate over all the possible servers, since they may
+	     have different bound sockets. */
+	  for (first = *firstp, last = *lastp; first != last; first++)
+	    {
+	      s = daemon->serverarray[first];
+	      if (s->sfd && s->sfd->fd == fd)
+		return f;
+	    }
+	}
   
   return NULL;
 }
@@ -2534,15 +2918,47 @@ static struct frec *lookup_frec_by_query(void *hash, unsigned int flags, unsigne
 {
   struct frec *f;
 
-  for(f = daemon->frec_list; f; f = f->next)
-    if (f->sentto &&
-	(f->flags & flagmask) == flags &&
-	memcmp(hash, f->hash, HASH_SIZE) == 0)
-      return f;
+  if (hash)
+    for (f = daemon->frec_list; f; f = f->next)
+      if (f->sentto &&
+	  (f->flags & flagmask) == flags &&
+	  memcmp(hash, f->hash, HASH_SIZE) == 0)
+	return f;
   
   return NULL;
 }
 
+#ifdef HAVE_DNSSEC
+/* DNSSEC frecs have the complete query in the block stash.
+   Search for an existing query using that. */
+static struct frec *lookup_frec_dnssec(char *target, int class, int flags, struct dns_header *header)
+{
+   struct frec *f;
+
+   for (f = daemon->frec_list; f; f = f->next)
+     if (f->sentto &&
+	 (f->flags & flags) &&
+	 blockdata_retrieve(f->stash, f->stash_len, (void *)header))
+       {
+	 unsigned char *p = (unsigned char *)(header+1);
+	 int hclass;
+
+	 if (extract_name(header, f->stash_len, &p, target, 0, 4) != 1)
+	   continue;
+
+	 p += 2;  /* type, known from flags */ 
+	 GETSHORT(hclass, p);
+
+	 if (class != hclass)
+	   continue;
+
+	 return f;
+       }
+
+   return NULL;
+}
+#endif
+
 /* Send query packet again, if we can. */
 void resend_query()
 {
diff --git a/src/hash-questions.c b/src/hash-questions.c
index f41023b..adcf62c 100644
--- a/src/hash-questions.c
+++ b/src/hash-questions.c
@@ -23,7 +23,7 @@
 
    The hash used is SHA-256. If we're building with DNSSEC support,
    we use the Nettle cypto library. If not, we prefer not to
-   add a dependency on Nettle, and use a stand-alone implementaion. 
+   add a dependency on Nettle, and use a stand-alone implementation. 
 */
 
 #include "dnsmasq.h"
@@ -55,7 +55,7 @@ unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name
       char *cp, c;
 
       if (!extract_name(header, plen, &p, name, 1, 4))
-	break; /* bad packet */
+	return NULL; /* bad packet */
 
       for (cp = name; (c = *cp); cp++)
 	 if (c >= 'A' && c <= 'Z')
@@ -67,7 +67,7 @@ unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name
 
       p += 4;
       if (!CHECK_LEN(header, p, plen, 0))
-	break; /* bad packet */
+	return NULL; /* bad packet */
     }
   
   hash->digest(ctx, hash->digest_size, digest);
@@ -109,7 +109,7 @@ unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name
       char *cp, c;
 
       if (!extract_name(header, plen, &p, name, 1, 4))
-	break; /* bad packet */
+	return NULL; /* bad packet */
 
       for (cp = name; (c = *cp); cp++)
 	 if (c >= 'A' && c <= 'Z')
@@ -121,7 +121,7 @@ unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name
 
       p += 4;
       if (!CHECK_LEN(header, p, plen, 0))
-	break; /* bad packet */
+	return NULL; /* bad packet */
     }
   
   sha256_final(&ctx, digest);
diff --git a/src/helper.c b/src/helper.c
index 02340a0..ee2cab3 100644
--- a/src/helper.c
+++ b/src/helper.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -233,8 +233,13 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	  is6 = (data.flags != AF_INET);
 	  data.action = ACTION_ARP;
 	}
-       else 
-	continue;
+       else if (data.action == ACTION_RELAY_SNOOP)
+	 {
+	   is6 = 1;
+	   action_str = "relay-snoop";
+	 }
+       else
+	 continue;
       	
       /* stringify MAC into dhcp_buff */
       p = daemon->dhcp_buff;
@@ -286,7 +291,7 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	  char *dot;
 	  hostname = (char *)buf;
 	  hostname[data.hostname_len - 1] = 0;
-	  if (data.action != ACTION_TFTP)
+	  if (data.action != ACTION_TFTP && data.action != ACTION_RELAY_SNOOP)
 	    {
 	      if (!legal_hostname(hostname))
 		hostname = NULL;
@@ -332,6 +337,24 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 		  lua_call(lua, 2, 0);	/* pass 2 values, expect 0 */
 		}
 	    }
+	  else if (data.action == ACTION_RELAY_SNOOP)
+	    {
+	      lua_getglobal(lua, "snoop"); 
+	      if (lua_type(lua, -1) != LUA_TFUNCTION)
+		lua_pop(lua, 1); /* tftp function optional */
+	      else
+		{
+		  lua_pushstring(lua, action_str); /* arg1 - action */
+		  lua_newtable(lua);               /* arg2 - data table */
+		  lua_pushstring(lua, daemon->addrbuff);
+		  lua_setfield(lua, -2, "client_address");
+		  lua_pushstring(lua, hostname);
+		  lua_setfield(lua, -2, "prefix"); 
+		  lua_pushstring(lua, data.interface);
+		  lua_setfield(lua, -2, "client_interface");
+		  lua_call(lua, 2, 0);	/* pass 2 values, expect 0 */
+		}
+	    }
 	  else if (data.action == ACTION_ARP)
 	    {
 	      lua_getglobal(lua, "arp"); 
@@ -398,6 +421,9 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	      
 	      end = extradata + data.ed_len;
 	      buf = extradata;
+
+	      lua_pushnumber(lua, data.ed_len == 0 ? 1 : 0);
+	      lua_setfield(lua, -2, "data_missing");
 	      
 	      if (!is6)
 		buf = grab_extradata_lua(buf, end, "vendor_class");
@@ -425,15 +451,17 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 		  buf = grab_extradata_lua(buf, end, "subscriber_id");
 		  buf = grab_extradata_lua(buf, end, "remote_id");
 		}
-	      
+
+	      buf = grab_extradata_lua(buf, end, "requested_options");
+	      buf = grab_extradata_lua(buf, end, "mud_url");
 	      buf = grab_extradata_lua(buf, end, "tags");
 	      
 	      if (is6)
 		buf = grab_extradata_lua(buf, end, "relay_address");
 	      else if (data.giaddr.s_addr != 0)
 		{
-		  inet_ntop(AF_INET, &data.giaddr, daemon->addrbuff, ADDRSTRLEN);
-		  lua_pushstring(lua, daemon->addrbuff);
+		  inet_ntop(AF_INET, &data.giaddr, daemon->dhcp_buff2, ADDRSTRLEN);
+		  lua_pushstring(lua, daemon->dhcp_buff2);
 		  lua_setfield(lua, -2, "relay_address");
 		}
 	      
@@ -553,7 +581,7 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	  close(pipeout[1]);
 	}
       
-      if (data.action != ACTION_TFTP && data.action != ACTION_ARP)
+      if (data.action != ACTION_TFTP && data.action != ACTION_ARP && data.action != ACTION_RELAY_SNOOP)
 	{
 #ifdef HAVE_DHCP6
 	  my_setenv("DNSMASQ_IAID", is6 ? daemon->dhcp_buff3 : NULL, &err);
@@ -576,6 +604,9 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	  
 	  end = extradata + data.ed_len;
 	  buf = extradata;
+
+	  if (data.ed_len == 0)
+	    my_setenv("DNSMASQ_DATA_MISSING", "1", &err);
 	  
 	  if (!is6)
 	    buf = grab_extradata(buf, end, "DNSMASQ_VENDOR_CLASS", &err);
@@ -604,18 +635,19 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	      buf = grab_extradata(buf, end, "DNSMASQ_CIRCUIT_ID", &err);
 	      buf = grab_extradata(buf, end, "DNSMASQ_SUBSCRIBER_ID", &err);
 	      buf = grab_extradata(buf, end, "DNSMASQ_REMOTE_ID", &err);
-	      buf = grab_extradata(buf, end, "DNSMASQ_REQUESTED_OPTIONS", &err);
 	    }
 	  
+	  buf = grab_extradata(buf, end, "DNSMASQ_REQUESTED_OPTIONS", &err);
+	  buf = grab_extradata(buf, end, "DNSMASQ_MUD_URL", &err);
 	  buf = grab_extradata(buf, end, "DNSMASQ_TAGS", &err);
-
+	  	  
 	  if (is6)
 	    buf = grab_extradata(buf, end, "DNSMASQ_RELAY_ADDRESS", &err);
 	  else
 	    {
 	      const char *giaddr = NULL;
 	      if (data.giaddr.s_addr != 0)
-		  giaddr = inet_ntop(AF_INET, &data.giaddr, daemon->addrbuff, ADDRSTRLEN);
+		  giaddr = inet_ntop(AF_INET, &data.giaddr, daemon->dhcp_buff2, ADDRSTRLEN);
 	      my_setenv("DNSMASQ_RELAY_ADDRESS", giaddr, &err);
 	    }
 	  
@@ -640,6 +672,9 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	fcntl(event_fd, F_SETFD, i | FD_CLOEXEC);
       close(pipefd[0]);
 
+      if (data.action == ACTION_RELAY_SNOOP)
+	strcpy(daemon->packet, data.interface);
+      
       p =  strrchr(daemon->lease_change_command, '/');
       if (err == 0)
 	{
@@ -810,6 +845,29 @@ void queue_script(int action, struct dhcp_lease *lease, char *hostname, time_t n
   bytes_in_buf = p - (unsigned char *)buf;
 }
 
+#ifdef HAVE_DHCP6
+void queue_relay_snoop(struct in6_addr *client, int if_index, struct in6_addr *prefix, int prefix_len)
+{
+  /* no script */
+  if (daemon->helperfd == -1)
+    return;
+  
+  inet_ntop(AF_INET6, prefix, daemon->addrbuff, ADDRSTRLEN);
+
+  /* 5 for /nnn and zero on the end of the prefix. */
+  buff_alloc(sizeof(struct script_data) + ADDRSTRLEN + 5);
+  memset(buf, 0, sizeof(struct script_data));
+
+  buf->action = ACTION_RELAY_SNOOP;
+  buf->addr6 = *client;
+  buf->hostname_len = sprintf((char *)(buf+1), "%s/%u", daemon->addrbuff, prefix_len) + 1;
+  
+  indextoname(daemon->dhcp6fd, if_index, buf->interface);
+
+  bytes_in_buf = sizeof(struct script_data) + buf->hostname_len;
+}
+#endif
+
 #ifdef HAVE_TFTP
 /* This nastily re-uses DHCP-fields for TFTP stuff */
 void queue_tftp(off_t file_len, char *filename, union mysockaddr *peer)
diff --git a/src/inotify.c b/src/inotify.c
index 5776feb..d3c8277 100644
--- a/src/inotify.c
+++ b/src/inotify.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
  
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -133,74 +133,112 @@ void inotify_dnsmasq_init()
     }
 }
 
+static struct hostsfile *dyndir_addhosts(struct dyndir *dd, char *path)
+{
+  /* Check if this file is already known in dd->files */
+  struct hostsfile *ah = NULL;
+  for(ah = dd->files; ah; ah = ah->next)
+    if(ah && ah->fname && strcmp(path, ah->fname) == 0)
+      return ah;
+
+  /* Not known, create new hostsfile record for this dyndir */
+  struct hostsfile *newah = NULL;
+  if(!(newah = whine_malloc(sizeof(struct hostsfile))))
+    return NULL;
+
+  /* Add this file to the tip of the linked list */
+  newah->next = dd->files;
+  dd->files = newah;
+
+  /* Copy flags, set index and the full file path */
+  newah->flags = dd->flags;
+  newah->index = daemon->host_index++;
+  newah->fname = path;
+
+  return newah;
+}
+
 
 /* initialisation for dynamic-dir. Set inotify watch for each directory, and read pre-existing files */
 void set_dynamic_inotify(int flag, int total_size, struct crec **rhash, int revhashsz)
 {
-  struct hostsfile *ah;
-  
-  for (ah = daemon->dynamic_dirs; ah; ah = ah->next)
+  struct dyndir *dd;
+
+  for (dd = daemon->dynamic_dirs; dd; dd = dd->next)
     {
       DIR *dir_stream = NULL;
       struct dirent *ent;
       struct stat buf;
-     
-      if (!(ah->flags & flag))
+
+      if (!(dd->flags & flag))
 	continue;
- 
-      if (stat(ah->fname, &buf) == -1 || !(S_ISDIR(buf.st_mode)))
+
+      if (stat(dd->dname, &buf) == -1)
 	{
 	  my_syslog(LOG_ERR, _("bad dynamic directory %s: %s"), 
-		    ah->fname, strerror(errno));
+		    dd->dname, strerror(errno));
 	  continue;
 	}
-      
-       if (!(ah->flags & AH_WD_DONE))
+
+      if (!(S_ISDIR(buf.st_mode)))
+	{
+	  my_syslog(LOG_ERR, _("bad dynamic directory %s: %s"), 
+		    dd->dname, _("not a directory"));
+	  continue;
+	}
+
+       if (!(dd->flags & AH_WD_DONE))
 	 {
-	   ah->wd = inotify_add_watch(daemon->inotifyfd, ah->fname, IN_CLOSE_WRITE | IN_MOVED_TO);
-	   ah->flags |= AH_WD_DONE;
+	   dd->wd = inotify_add_watch(daemon->inotifyfd, dd->dname, IN_CLOSE_WRITE | IN_MOVED_TO | IN_DELETE);
+	   dd->flags |= AH_WD_DONE;
 	 }
 
        /* Read contents of dir _after_ calling add_watch, in the hope of avoiding
 	  a race which misses files being added as we start */
-       if (ah->wd == -1 || !(dir_stream = opendir(ah->fname)))
+       if (dd->wd == -1 || !(dir_stream = opendir(dd->dname)))
 	 {
 	   my_syslog(LOG_ERR, _("failed to create inotify for %s: %s"),
-		     ah->fname, strerror(errno));
+		     dd->dname, strerror(errno));
 	   continue;
 	 }
 
        while ((ent = readdir(dir_stream)))
 	 {
-	   size_t lendir = strlen(ah->fname);
+	   size_t lendir = strlen(dd->dname);
 	   size_t lenfile = strlen(ent->d_name);
 	   char *path;
-	   
+
 	   /* ignore emacs backups and dotfiles */
 	   if (lenfile == 0 || 
 	       ent->d_name[lenfile - 1] == '~' ||
 	       (ent->d_name[0] == '#' && ent->d_name[lenfile - 1] == '#') ||
 	       ent->d_name[0] == '.')
 	     continue;
-	   
+
 	   if ((path = whine_malloc(lendir + lenfile + 2)))
 	     {
-	       strcpy(path, ah->fname);
+	       struct hostsfile *ah;
+
+	       strcpy(path, dd->dname);
 	       strcat(path, "/");
 	       strcat(path, ent->d_name);
+
+	       if (!(ah = dyndir_addhosts(dd, path)))
+		 {
+		   free(path);
+		   continue;
+		 }
 	       
 	       /* ignore non-regular files */
 	       if (stat(path, &buf) != -1 && S_ISREG(buf.st_mode))
 		 {
-		   if (ah->flags & AH_HOSTS)
+		   if (dd->flags & AH_HOSTS)
 		     total_size = read_hostsfile(path, ah->index, total_size, rhash, revhashsz);
 #ifdef HAVE_DHCP
-		   else if (ah->flags & (AH_DHCP_HST | AH_DHCP_OPT))
-		     option_read_dynfile(path, ah->flags);
+		   else if (dd->flags & (AH_DHCP_HST | AH_DHCP_OPT))
+		     option_read_dynfile(path, dd->flags);
 #endif		   
 		 }
-
-	       free(path);
 	     }
 	 }
 
@@ -211,7 +249,7 @@ void set_dynamic_inotify(int flag, int total_size, struct crec **rhash, int revh
 int inotify_check(time_t now)
 {
   int hit = 0;
-  struct hostsfile *ah;
+  struct dyndir *dd;
 
   while (1)
     {
@@ -242,36 +280,51 @@ int inotify_check(time_t now)
 	    if (res->wd == in->wd && strcmp(res->file, in->name) == 0)
 	      hit = 1;
 
-	  for (ah = daemon->dynamic_dirs; ah; ah = ah->next)
-	    if (ah->wd == in->wd)
+	  for (dd = daemon->dynamic_dirs; dd; dd = dd->next)
+	    if (dd->wd == in->wd)
 	      {
-		size_t lendir = strlen(ah->fname);
+		size_t lendir = strlen(dd->dname);
 		char *path;
-		
+				
 		if ((path = whine_malloc(lendir + in->len + 2)))
 		  {
-		    strcpy(path, ah->fname);
+		    struct hostsfile *ah = NULL;
+
+		    strcpy(path, dd->dname);
 		    strcat(path, "/");
 		    strcat(path, in->name);
-		     
-		    my_syslog(LOG_INFO, _("inotify, new or changed file %s"), path);
 
-		    if (ah->flags & AH_HOSTS)
+		    /* Is this is a deletion event? */
+		    if (in->mask & IN_DELETE)
+		      my_syslog(LOG_INFO, _("inotify: %s removed"), path);
+		    else 
+		      my_syslog(LOG_INFO, _("inotify: %s new or modified"), path);
+
+		    if (dd->flags & AH_HOSTS)
 		      {
-			read_hostsfile(path, ah->index, 0, NULL, 0);
-#ifdef HAVE_DHCP
-			if (daemon->dhcp || daemon->doing_dhcp6) 
+			if ((ah = dyndir_addhosts(dd, path)))
 			  {
-			    /* Propagate the consequences of loading a new dhcp-host */
-			    dhcp_update_configs(daemon->dhcp_conf);
-			    lease_update_from_configs(); 
-			    lease_update_file(now); 
-			    lease_update_dns(1);
-			  }
+			    const unsigned int removed = cache_remove_uid(ah->index);
+			    if (removed > 0)
+			      my_syslog(LOG_INFO, _("inotify: flushed %u names read from %s"), removed, path);
+
+			    /* (Re-)load hostsfile only if this event isn't triggered by deletion */
+			    if (!(in->mask & IN_DELETE))
+			      read_hostsfile(path, ah->index, 0, NULL, 0);
+#ifdef HAVE_DHCP
+			    if (daemon->dhcp || daemon->doing_dhcp6) 
+			      {
+				/* Propagate the consequences of loading a new dhcp-host */
+				dhcp_update_configs(daemon->dhcp_conf);
+				lease_update_from_configs(); 
+				lease_update_file(now); 
+				lease_update_dns(1);
+			      }
 #endif
+			  }
 		      }
 #ifdef HAVE_DHCP
-		    else if (ah->flags & AH_DHCP_HST)
+		    else if (dd->flags & AH_DHCP_HST)
 		      {
 			if (option_read_dynfile(path, AH_DHCP_HST))
 			  {
@@ -282,11 +335,12 @@ int inotify_check(time_t now)
 			    lease_update_dns(1);
 			  }
 		      }
-		    else if (ah->flags & AH_DHCP_OPT)
+		    else if (dd->flags & AH_DHCP_OPT)
 		      option_read_dynfile(path, AH_DHCP_OPT);
 #endif
 		    
-		    free(path);
+		    if (!ah)
+		      free(path);
 		  }
 	      }
 	}
diff --git a/src/ip6addr.h b/src/ip6addr.h
index 6388c7d..977e684 100644
--- a/src/ip6addr.h
+++ b/src/ip6addr.h
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/src/lease.c b/src/lease.c
index 1a9f1c6..8a7b975 100644
--- a/src/lease.c
+++ b/src/lease.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1180,17 +1180,11 @@ void lease_add_extradata(struct dhcp_lease *lease, unsigned char *data, unsigned
   if ((lease->extradata_size - lease->extradata_len) < (len + 1))
     {
       size_t newsz = lease->extradata_len + len + 100;
-      unsigned char *new = whine_malloc(newsz);
+      unsigned char *new = whine_realloc(lease->extradata, newsz);
   
       if (!new)
 	return;
       
-      if (lease->extradata)
-	{
-	  memcpy(new, lease->extradata, lease->extradata_len);
-	  free(lease->extradata);
-	}
-
       lease->extradata = new;
       lease->extradata_size = newsz;
     }
diff --git a/src/log.c b/src/log.c
index 1ec3447..0a64026 100644
--- a/src/log.c
+++ b/src/log.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -100,10 +100,23 @@ int log_start(struct passwd *ent_pw, int errfd)
   /* If we're running as root and going to change uid later,
      change the ownership here so that the file is always owned by
      the dnsmasq user. Then logrotate can just copy the owner.
-     Failure of the chown call is OK, (for instance when started as non-root) */
-  if (log_to_file && !log_stderr && ent_pw && ent_pw->pw_uid != 0 && 
-      fchown(log_fd, ent_pw->pw_uid, -1) != 0)
-    ret = errno;
+     Failure of the chown call is OK, (for instance when started as non-root).
+     
+     If we've created a file with group-id root, we also make
+     the file group-writable. This gives processes in the root group
+     write access to the file and avoids the problem that on some systems,
+     once the file is owned by the dnsmasq user, it can't be written
+     whilst dnsmasq is running as root during startup.
+ */
+  if (log_to_file && !log_stderr && ent_pw && ent_pw->pw_uid != 0)
+    {
+      struct stat ls;
+      if (getgid() == 0 && fstat(log_fd, &ls) == 0 && ls.st_gid == 0 &&
+	  (ls.st_mode & S_IWGRP) == 0)
+	(void)fchmod(log_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP);
+      if (fchown(log_fd, ent_pw->pw_uid, -1) != 0)
+	ret = errno;
+    }
 
   return ret;
 }
@@ -118,7 +131,7 @@ int log_reopen(char *log_file)
       /* NOTE: umask is set to 022 by the time this gets called */
       
       if (log_file)
-	log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);      
+	log_fd = open(log_file, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP);
       else
 	{
 #if defined(HAVE_SOLARIS_NETWORK) || defined(__ANDROID__)
diff --git a/src/loop.c b/src/loop.c
index 01f0c28..cd4855e 100644
--- a/src/loop.c
+++ b/src/loop.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/src/metrics.c b/src/metrics.c
index fac5b00..f3e6728 100644
--- a/src/metrics.c
+++ b/src/metrics.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,6 +22,8 @@ const char * metric_names[] = {
     "dns_queries_forwarded",
     "dns_auth_answered",
     "dns_local_answered",
+    "dns_stale_answered",
+    "dns_unanswered",
     "bootp",
     "pxe",
     "dhcp_ack",
@@ -42,3 +44,23 @@ const char * metric_names[] = {
 const char* get_metric_name(int i) {
     return metric_names[i];
 }
+
+void clear_metrics(void)
+{
+  int i;
+  struct server *serv;
+  
+  for (i = 0; i < __METRIC_MAX; i++)
+    daemon->metrics[i] = 0;
+
+  for (serv = daemon->servers; serv; serv = serv->next)
+    {
+      serv->queries = 0;
+      serv->failed_queries = 0;
+      serv->failed_queries = 0;
+      serv->retrys = 0;
+      serv->nxdomain_replies = 0;
+      serv->query_latency = 0;
+    }
+}
+	
diff --git a/src/metrics.h b/src/metrics.h
index cecf8c8..6f62a40 100644
--- a/src/metrics.h
+++ b/src/metrics.h
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -21,6 +21,8 @@ enum {
   METRIC_DNS_QUERIES_FORWARDED,
   METRIC_DNS_AUTH_ANSWERED,
   METRIC_DNS_LOCAL_ANSWERED,
+  METRIC_DNS_STALE_ANSWERED,
+  METRIC_DNS_UNANSWERED_QUERY,
   METRIC_BOOTP,
   METRIC_PXE,
   METRIC_DHCPACK,
@@ -41,3 +43,4 @@ enum {
 };
 
 const char* get_metric_name(int);
+void clear_metrics(void);
diff --git a/src/netlink.c b/src/netlink.c
index 7840ef9..c156cde 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -66,17 +66,10 @@ char *netlink_init(void)
   addr.nl_pad = 0;
   addr.nl_pid = 0; /* autobind */
   addr.nl_groups = RTMGRP_IPV4_ROUTE;
-  if (option_bool(OPT_CLEVERBIND))
-    addr.nl_groups |= RTMGRP_IPV4_IFADDR;  
+  addr.nl_groups |= RTMGRP_IPV4_IFADDR;  
   addr.nl_groups |= RTMGRP_IPV6_ROUTE;
-  if (option_bool(OPT_CLEVERBIND))
-    addr.nl_groups |= RTMGRP_IPV6_IFADDR;
+  addr.nl_groups |= RTMGRP_IPV6_IFADDR;
 
-#ifdef HAVE_DHCP6
-  if (daemon->doing_ra || daemon->doing_dhcp6)
-    addr.nl_groups |= RTMGRP_IPV6_IFADDR;
-#endif
-  
   /* May not be able to have permission to set multicast groups don't die in that case */
   if ((daemon->netlinkfd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) != -1)
     {
@@ -265,7 +258,16 @@ int iface_enumerate(int family, void *parm, int (*callback)())
 		    
 		    while (RTA_OK(rta, len1))
 		      {
-			if (rta->rta_type == IFA_ADDRESS)
+			/*
+			 * Important comment: (from if_addr.h)
+			 * IFA_ADDRESS is prefix address, rather than local interface address.
+			 * It makes no difference for normally configured broadcast interfaces,
+			 * but for point-to-point IFA_ADDRESS is DESTINATION address,
+			 * local address is supplied in IFA_LOCAL attribute.
+			 */
+			if (rta->rta_type == IFA_LOCAL)
+			  addrp = ((struct in6_addr *)(rta+1));
+			else if (rta->rta_type == IFA_ADDRESS && !addrp)
 			  addrp = ((struct in6_addr *)(rta+1)); 
 			else if (rta->rta_type == IFA_CACHEINFO)
 			  {
diff --git a/src/network.c b/src/network.c
index 3fc179d..1e41a78 100644
--- a/src/network.c
+++ b/src/network.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -114,13 +114,8 @@ int iface_check(int family, union all_addr *addr, char *name, int *auth)
   struct iname *tmp;
   int ret = 1, match_addr = 0;
 
-  /* Note: have to check all and not bail out early, so that we set the
-     "used" flags.
-
-     May be called with family == AF_LOCALto check interface by name only. */
-  
-  if (auth)
-    *auth = 0;
+  /* Note: have to check all and not bail out early, so that we set the "used" flags.
+     May be called with family == AF_LOCAL to check interface by name only. */
   
   if (daemon->if_names || daemon->if_addrs)
     {
@@ -149,25 +144,29 @@ int iface_check(int family, union all_addr *addr, char *name, int *auth)
       if (tmp->name && wildcard_match(tmp->name, name))
 	ret = 0;
     
+  if (auth)
+    {
+      *auth = 0;
 
-  for (tmp = daemon->authinterface; tmp; tmp = tmp->next)
-    if (tmp->name)
-      {
-	if (strcmp(tmp->name, name) == 0 &&
-	    (tmp->addr.sa.sa_family == 0 || tmp->addr.sa.sa_family == family))
+      for (tmp = daemon->authinterface; tmp; tmp = tmp->next)
+	if (tmp->name)
+	  {
+	    if (strcmp(tmp->name, name) == 0 &&
+		(tmp->addr.sa.sa_family == 0 || tmp->addr.sa.sa_family == family))
+	      break;
+	  }
+	else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET &&
+		 tmp->addr.in.sin_addr.s_addr == addr->addr4.s_addr)
 	  break;
-      }
-    else if (addr && tmp->addr.sa.sa_family == AF_INET && family == AF_INET &&
-	     tmp->addr.in.sin_addr.s_addr == addr->addr4.s_addr)
-      break;
-    else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 &&
-	     IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr6))
-      break;
-
-  if (tmp && auth) 
-    {
-      *auth = 1;
-      ret = 1;
+	else if (addr && tmp->addr.sa.sa_family == AF_INET6 && family == AF_INET6 &&
+		 IN6_ARE_ADDR_EQUAL(&tmp->addr.in6.sin6_addr, &addr->addr6))
+	  break;
+      
+      if (tmp) 
+	{
+	  *auth = 1;
+	  ret = 1;
+	}
     }
 
   return ret; 
@@ -232,6 +231,7 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
 			 union mysockaddr *addr, struct in_addr netmask, int prefixlen, int iface_flags) 
 {
   struct irec *iface;
+  struct cond_domain *cond;
   int loopback;
   struct ifreq ifr;
   int tftp_ok = !!option_bool(OPT_TFTP);
@@ -360,7 +360,7 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
 		
 		if (int_name->flags & INP4)
 		  {
-		    if (netmask.s_addr == 0xffff)
+		    if (netmask.s_addr == 0xffffffff)
 		      continue;
 
 		    newaddr.s_addr = (addr->in.sin_addr.s_addr & netmask.s_addr) |
@@ -454,7 +454,37 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
 	      }
 	  }
     }
- 
+
+  /* Update addresses for domain=<domain>,<interface> */
+  for (cond = daemon->cond_domain; cond; cond = cond->next)
+    if (cond->interface && strncmp(label, cond->interface, IF_NAMESIZE) == 0)
+      {
+	struct addrlist *al;
+
+	if (param->spare)
+	  {
+	    al = param->spare;
+	    param->spare = al->next;
+	  }
+	else
+	  al = whine_malloc(sizeof(struct addrlist));
+
+	if (addr->sa.sa_family == AF_INET)
+	  {
+	    al->addr.addr4 = addr->in.sin_addr;
+	    al->flags = 0;
+	  }
+	else
+	  {
+	    al->addr.addr6 =  addr->in6.sin6_addr;
+	    al->flags = ADDRLIST_IPV6;
+	  }
+
+	al->prefixlen = prefixlen;
+	al->next = cond->al;
+	cond->al = al;
+      }
+  
   /* check whether the interface IP has been added already 
      we call this routine multiple times. */
   for (iface = daemon->interfaces; iface; iface = iface->next) 
@@ -692,6 +722,7 @@ int enumerate_interfaces(int reset)
   int errsave, ret = 1;
   struct addrlist *addr, *tmp;
   struct interface_name *intname;
+  struct cond_domain *cond;
   struct irec *iface;
 #ifdef HAVE_AUTH
   struct auth_zone *zone;
@@ -751,6 +782,19 @@ again:
       intname->addr = NULL;
     }
 
+  /* remove addresses stored against cond-domains. */
+  for (cond = daemon->cond_domain; cond; cond = cond->next)
+    {
+      for (addr = cond->al; addr; addr = tmp)
+	{
+	  tmp = addr->next;
+	  addr->next = spare;
+	  spare = addr;
+      }
+      
+      cond->al = NULL;
+    }
+  
   /* Remove list of addresses of local interfaces */
   for (addr = daemon->interface_addrs; addr; addr = tmp)
     {
@@ -1327,7 +1371,7 @@ int local_bind(int fd, union mysockaddr *addr, char *intname, unsigned int ifind
 	 or both are set. Otherwise use the OS's random ephemeral port allocation by
 	 leaving port == 0 and tries == 1 */
       ports_avail = daemon->max_port - daemon->min_port + 1;
-      tries = ports_avail < 30 ? 3 * ports_avail : 100;
+      tries =  (ports_avail < SMALL_PORT_RANGE) ? ports_avail : 100;
       port = htons(daemon->min_port + (rand16() % ports_avail));
     }
   
@@ -1356,7 +1400,16 @@ int local_bind(int fd, union mysockaddr *addr, char *intname, unsigned int ifind
       if (--tries == 0)
 	return 0;
 
-      port = htons(daemon->min_port + (rand16() % ports_avail));
+      /* For small ranges, do a systematic search, not a random one. */
+      if (ports_avail < SMALL_PORT_RANGE)
+	{
+	  unsigned short hport = ntohs(port);
+	  if (hport++ == daemon->max_port)
+	    hport = daemon->min_port;
+	  port = htons(hport);
+	}
+      else
+	port = htons(daemon->min_port + (rand16() % ports_avail));
     }
 
   if (!is_tcp && ifindex > 0)
@@ -1586,6 +1639,9 @@ void check_servers(int no_loop_check)
       if (serv->sfd)
 	serv->sfd->used = 1;
       
+      if (count == SERVERS_LOGGED)
+	my_syslog(LOG_INFO, _("more servers are defined but not logged"));
+      
       if (++count > SERVERS_LOGGED)
 	continue;
       
@@ -1623,7 +1679,8 @@ void check_servers(int no_loop_check)
 	 continue;
        
        if ((serv->flags & SERV_LITERAL_ADDRESS) &&
-	   !(serv->flags & (SERV_6ADDR | SERV_4ADDR | SERV_ALL_ZEROS)))
+	   !(serv->flags & (SERV_6ADDR | SERV_4ADDR | SERV_ALL_ZEROS)) &&
+	   strlen(serv->domain))
 	 {
 	   count--;
 	   if (++locals <= LOCALS_LOGGED)
@@ -1739,6 +1796,8 @@ int reload_servers(char *fname)
 /* Called when addresses are added or deleted from an interface */
 void newaddress(time_t now)
 {
+  struct dhcp_relay *relay;
+
   (void)now;
   
   if (option_bool(OPT_CLEVERBIND) || option_bool(OPT_LOCAL_SERVICE) ||
@@ -1747,6 +1806,12 @@ void newaddress(time_t now)
   
   if (option_bool(OPT_CLEVERBIND))
     create_bound_listeners(0);
+
+#ifdef HAVE_DHCP
+  /* clear cache of subnet->relay index */
+  for (relay = daemon->relay4; relay; relay = relay->next)
+    relay->iface_index = 0;
+#endif
   
 #ifdef HAVE_DHCP6
   if (daemon->doing_dhcp6 || daemon->relay6 || daemon->doing_ra)
@@ -1757,5 +1822,8 @@ void newaddress(time_t now)
   
   if (daemon->doing_dhcp6)
     lease_find_interfaces(now);
+
+  for (relay = daemon->relay6; relay; relay = relay->next)
+    relay->iface_index = 0;
 #endif
 }
diff --git a/src/nftset.c b/src/nftset.c
new file mode 100644
index 0000000..4e152dc
--- /dev/null
+++ b/src/nftset.c
@@ -0,0 +1,94 @@
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991, or
+   (at your option) version 3 dated 29 June, 2007.
+ 
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+     
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "dnsmasq.h"
+
+#if defined (HAVE_NFTSET) && defined (HAVE_LINUX_NETWORK)
+
+#include <nftables/libnftables.h>
+
+#include <string.h>
+#include <arpa/inet.h>
+
+static struct nft_ctx *ctx = NULL;
+static const char *cmd_add = "add element %s { %s }";
+static const char *cmd_del = "delete element %s { %s }";
+
+void nftset_init()
+{
+  ctx = nft_ctx_new(NFT_CTX_DEFAULT);
+  if (ctx == NULL)
+    die(_("failed to create nftset context"), NULL, EC_MISC);
+
+  /* disable libnftables output */
+  nft_ctx_buffer_error(ctx);
+}
+
+int add_to_nftset(const char *setname, const union all_addr *ipaddr, int flags, int remove)
+{
+  const char *cmd = remove ? cmd_del : cmd_add;
+  int ret, af = (flags & F_IPV4) ? AF_INET : AF_INET6;
+  size_t new_sz;
+  char *new, *err, *nl;
+  static char *cmd_buf = NULL;
+  static size_t cmd_buf_sz = 0;
+
+  inet_ntop(af, ipaddr, daemon->addrbuff, ADDRSTRLEN);
+
+  if (setname[1] == ' ' && (setname[0] == '4' || setname[0] == '6'))
+    {
+      if (setname[0] == '4' && !(flags & F_IPV4))
+	return -1;
+
+      if (setname[0] == '6' && !(flags & F_IPV6))
+	return -1;
+
+      setname += 2;
+    }
+  
+  if (cmd_buf_sz == 0)
+    new_sz = 150; /* initial allocation */
+  else
+    new_sz = snprintf(cmd_buf, cmd_buf_sz, cmd, setname, daemon->addrbuff);
+  
+  if (new_sz > cmd_buf_sz)
+    {
+      if (!(new = whine_malloc(new_sz + 10)))
+	return 0;
+
+      if (cmd_buf)
+	free(cmd_buf);
+      cmd_buf = new;
+      cmd_buf_sz = new_sz + 10;
+      snprintf(cmd_buf, cmd_buf_sz, cmd, setname, daemon->addrbuff);
+    }
+
+  ret = nft_run_cmd_from_buffer(ctx, cmd_buf);
+  err = (char *)nft_ctx_get_error_buffer(ctx);
+
+  if (ret != 0)
+    {
+      /* Log only first line of error return. */
+      if ((nl = strchr(err, '\n')))
+	*nl = 0;
+      my_syslog(LOG_ERR,  "nftset %s %s", setname, err);
+    }
+  
+  return ret;
+}
+
+#endif
diff --git a/src/option.c b/src/option.c
index ffce9fc..8e61a6b 100644
--- a/src/option.c
+++ b/src/option.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -174,7 +174,18 @@ struct myoption {
 #define LOPT_CMARK_ALST_EN 365
 #define LOPT_CMARK_ALST    366
 #define LOPT_QUIET_TFTP    367
- 
+#define LOPT_NFTSET        368
+#define LOPT_FILTER_A      369
+#define LOPT_FILTER_AAAA   370
+#define LOPT_STRIP_SBNET   371
+#define LOPT_STRIP_MAC     372
+#define LOPT_CONF_OPT      373
+#define LOPT_CONF_SCRIPT   374
+#define LOPT_RANDPORT_LIM  375
+#define LOPT_FAST_RETRY    376
+#define LOPT_STALE_CACHE   377
+#define LOPT_NORR          378
+
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
 #else
@@ -211,6 +222,8 @@ static const struct myoption opts[] =
     { "ignore-address", 1, 0, LOPT_IGNORE_ADDR },
     { "selfmx", 0, 0, 'e' },
     { "filterwin2k", 0, 0, 'f' },
+    { "filter-A", 0, 0, LOPT_FILTER_A },
+    { "filter-AAAA", 0, 0, LOPT_FILTER_AAAA },
     { "pid-file", 2, 0, 'x' },
     { "strict-order", 0, 0, 'o' },
     { "server", 1, 0, 'S' },
@@ -218,11 +231,13 @@ static const struct myoption opts[] =
     { "local", 1, 0, LOPT_LOCAL },
     { "address", 1, 0, 'A' },
     { "conf-file", 2, 0, 'C' },
+    { "conf-script", 1, 0, LOPT_CONF_SCRIPT },
     { "no-resolv", 0, 0, 'R' },
     { "expand-hosts", 0, 0, 'E' },
     { "localmx", 0, 0, 'L' },
     { "local-ttl", 1, 0, 'T' },
     { "no-negcache", 0, 0, 'N' },
+    { "no-round-robin", 0, 0, LOPT_NORR },
     { "addn-hosts", 1, 0, 'H' },
     { "hostsdir", 1, 0, LOPT_HOST_INOTIFY },
     { "query-port", 1, 0, 'Q' },
@@ -309,7 +324,9 @@ static const struct myoption opts[] =
     { "dhcp-generate-names", 2, 0, LOPT_GEN_NAMES },
     { "rebind-localhost-ok", 0, 0,  LOPT_LOC_REBND },
     { "add-mac", 2, 0, LOPT_ADD_MAC },
+    { "strip-mac", 0, 0, LOPT_STRIP_MAC },
     { "add-subnet", 2, 0, LOPT_ADD_SBNET },
+    { "strip-subnet", 0, 0, LOPT_STRIP_SBNET },
     { "add-cpe-id", 1, 0 , LOPT_CPE_ID },
     { "proxy-dnssec", 0, 0, LOPT_DNSSEC },
     { "dhcp-sequential-ip", 0, 0,  LOPT_INCR_ADDR },
@@ -327,6 +344,7 @@ static const struct myoption opts[] =
     { "auth-sec-servers", 1, 0, LOPT_AUTHSFS },
     { "auth-peer", 1, 0, LOPT_AUTHPEER }, 
     { "ipset", 1, 0, LOPT_IPSET },
+    { "nftset", 1, 0, LOPT_NFTSET },
     { "connmark-allowlist-enable", 2, 0, LOPT_CMARK_ALST_EN },
     { "connmark-allowlist", 1, 0, LOPT_CMARK_ALST },
     { "synth-domain", 1, 0, LOPT_SYNTH },
@@ -351,8 +369,11 @@ static const struct myoption opts[] =
     { "dhcp-ignore-clid", 0, 0,  LOPT_IGNORE_CLID },
     { "dynamic-host", 1, 0, LOPT_DYNHOST },
     { "log-debug", 0, 0, LOPT_LOG_DEBUG },
-	{ "umbrella", 2, 0, LOPT_UMBRELLA },
+    { "umbrella", 2, 0, LOPT_UMBRELLA },
     { "quiet-tftp", 0, 0, LOPT_QUIET_TFTP },
+    { "port-limit", 1, 0, LOPT_RANDPORT_LIM },
+    { "fast-dns-retry", 2, 0, LOPT_FAST_RETRY },
+    { "use-stale-cache", 2, 0 , LOPT_STALE_CACHE },
     { NULL, 0, 0, 0 }
   };
 
@@ -380,6 +401,8 @@ static struct {
   { 'e', OPT_SELFMX, NULL, gettext_noop("Return self-pointing MX records for local hosts."), NULL },
   { 'E', OPT_EXPAND, NULL, gettext_noop("Expand simple names in /etc/hosts with domain-suffix."), NULL },
   { 'f', OPT_FILTER, NULL, gettext_noop("Don't forward spurious DNS requests from Windows hosts."), NULL },
+  { LOPT_FILTER_A, OPT_FILTER_A, NULL, gettext_noop("Don't include IPv4 addresses in DNS answers."), NULL },
+  { LOPT_FILTER_AAAA, OPT_FILTER_AAAA, NULL, gettext_noop("Don't include IPv6 addresses in DNS answers."), NULL },
   { 'F', ARG_DUP, "<ipaddr>,...", gettext_noop("Enable DHCP in the range given with lease duration."), NULL },
   { 'g', ARG_ONE, "<groupname>", gettext_noop("Change to this group after startup (defaults to %s)."), CHGRP },
   { 'G', ARG_DUP, "<hostspec>", gettext_noop("Set address or hostname for a specified machine."), NULL },
@@ -408,6 +431,7 @@ static struct {
   { 'M', ARG_DUP, "<bootp opts>", gettext_noop("Specify BOOTP options to DHCP server."), NULL },
   { 'n', OPT_NO_POLL, NULL, gettext_noop("Do NOT poll %s file, reload only on SIGHUP."), RESOLVFILE }, 
   { 'N', OPT_NO_NEG, NULL, gettext_noop("Do NOT cache failed search results."), NULL },
+  { LOPT_STALE_CACHE, ARG_ONE, "[=<max_expired>]", gettext_noop("Use expired cache data for faster reply."), NULL },
   { 'o', OPT_ORDER, NULL, gettext_noop("Use nameservers strictly in the order given in %s."), RESOLVFILE },
   { 'O', ARG_DUP, "<optspec>", gettext_noop("Specify options to be sent to DHCP clients."), NULL },
   { LOPT_FORCE, ARG_DUP, "<optspec>", gettext_noop("DHCP option sent even if the client does not request it."), NULL},
@@ -415,6 +439,7 @@ static struct {
   { 'P', ARG_ONE, "<integer>", gettext_noop("Maximum supported UDP packet size for EDNS.0 (defaults to %s)."), "*" },
   { 'q', ARG_DUP, NULL, gettext_noop("Log DNS queries."), NULL },
   { 'Q', ARG_ONE, "<integer>", gettext_noop("Force the originating port for upstream DNS queries."), NULL },
+  { LOPT_RANDPORT_LIM, ARG_ONE, "#ports", gettext_noop("Set maximum number of random originating ports for a query."), NULL },
   { 'R', OPT_NO_RESOLV, NULL, gettext_noop("Do NOT read resolv.conf."), NULL },
   { 'r', ARG_DUP, "<path>", gettext_noop("Specify path to resolv.conf (defaults to %s)."), RESOLVFILE }, 
   { LOPT_SERVERS_FILE, ARG_ONE, "<path>", gettext_noop("Specify path to file with server= options"), NULL },
@@ -428,6 +453,7 @@ static struct {
   { LOPT_MAXTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL },
   { LOPT_MAXCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live ceiling for cache."), NULL },
   { LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live floor for cache."), NULL },
+  { LOPT_FAST_RETRY, ARG_ONE, "<milliseconds>", gettext_noop("Retry DNS queries after this many milliseconds."), NULL},
   { 'u', ARG_ONE, "<username>", gettext_noop("Change to this user after startup. (defaults to %s)."), CHUSER }, 
   { 'U', ARG_DUP, "set:<tag>,<class>", gettext_noop("Map DHCP vendor class to tag."), NULL },
   { 'v', 0, NULL, gettext_noop("Display dnsmasq version and copyright information."), NULL },
@@ -455,6 +481,7 @@ static struct {
   { LOPT_SCRIPTUSR, ARG_ONE, "<username>", gettext_noop("Run lease-change scripts as this user."), NULL },
   { LOPT_SCRIPT_ARP, OPT_SCRIPT_ARP, NULL, gettext_noop("Call dhcp-script with changes to local ARP table."), NULL },
   { '7', ARG_DUP, "<path>", gettext_noop("Read configuration from all the files in this directory."), NULL },
+  { LOPT_CONF_SCRIPT, ARG_DUP, "<path>", gettext_noop("Execute file and read configuration from stdin."), NULL },
   { '8', ARG_ONE, "<facility>|<file>", gettext_noop("Log to this syslog facility or file. (defaults to DAEMON)"), NULL },
   { '9', OPT_LEASE_RO, NULL, gettext_noop("Do not use leasefile."), NULL },
   { '0', ARG_ONE, "<integer>", gettext_noop("Maximum number of concurrent DNS queries. (defaults to %s)"), "!" }, 
@@ -493,7 +520,9 @@ static struct {
   { LOPT_PXE_SERV, ARG_DUP, "<service>", gettext_noop("Boot service for PXE menu."), NULL },
   { LOPT_TEST, 0, NULL, gettext_noop("Check configuration syntax."), NULL },
   { LOPT_ADD_MAC, ARG_DUP, "[=base64|text]", gettext_noop("Add requestor's MAC address to forwarded DNS queries."), NULL },
+  { LOPT_STRIP_MAC, OPT_STRIP_MAC, NULL, gettext_noop("Strip MAC information from queries."), NULL },
   { LOPT_ADD_SBNET, ARG_ONE, "<v4 pref>[,<v6 pref>]", gettext_noop("Add specified IP subnet to forwarded DNS queries."), NULL },
+  { LOPT_STRIP_SBNET, OPT_STRIP_ECS, NULL, gettext_noop("Strip ECS information from queries."), NULL },
   { LOPT_CPE_ID, ARG_ONE, "<text>", gettext_noop("Add client identification to forwarded DNS queries."), NULL },
   { LOPT_DNSSEC, OPT_DNSSEC_PROXY, NULL, gettext_noop("Proxy DNSSEC validation results from upstream nameservers."), NULL },
   { LOPT_INCR_ADDR, OPT_CONSEC_ADDR, NULL, gettext_noop("Attempt to allocate sequential IP addresses to DHCP clients."), NULL },
@@ -514,6 +543,7 @@ static struct {
   { LOPT_AUTHSFS, ARG_DUP, "<NS>[,<NS>...]", gettext_noop("Secondary authoritative nameservers for forward domains"), NULL },
   { LOPT_AUTHPEER, ARG_DUP, "<ipaddr>[,<ipaddr>...]", gettext_noop("Peers which are allowed to do zone transfer"), NULL },
   { LOPT_IPSET, ARG_DUP, "/<domain>[/<domain>...]/<ipset>...", gettext_noop("Specify ipsets to which matching domains should be added"), NULL },
+  { LOPT_NFTSET, ARG_DUP, "/<domain>[/<domain>...]/<nftset>...", gettext_noop("Specify nftables sets to which matching domains should be added"), NULL },
   { LOPT_CMARK_ALST_EN, ARG_ONE, "[=<mask>]", gettext_noop("Enable filtering of DNS queries with connection-track marks."), NULL },
   { LOPT_CMARK_ALST, ARG_DUP, "<connmark>[/<mask>][,<pattern>[/<pattern>...]]", gettext_noop("Set allowed DNS patterns for a connection-track mark."), NULL },
   { LOPT_SYNTH, ARG_DUP, "<domain>,<range>,[<prefix>]", gettext_noop("Specify a domain and address range for synthesised names"), NULL },
@@ -539,6 +569,7 @@ static struct {
   { LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL, gettext_noop("Call dhcp-script when lease expiry changes."), NULL },
   { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL },
   { LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine TFTP."), NULL },
+  { LOPT_NORR, OPT_NORR, NULL, gettext_noop("Suppress round-robin ordering of DNS records."), NULL },
   { 0, 0, NULL, NULL, NULL }
 }; 
 
@@ -654,7 +685,7 @@ static char *canonicalise_opt(char *s)
     return 0;
 
   if (strlen(s) == 0)
-    return opt_string_alloc("");
+    return opt_malloc(1); /* Heap-allocated empty string */
 
   unhide_metas(s);
   if (!(ret = canonicalise(s, &nomem)) && nomem)
@@ -798,7 +829,7 @@ static void do_usage(void)
 	     
       if (usage[i].arg)
 	{
-	  strcpy(buff, usage[i].arg);
+	  safe_strncpy(buff, usage[i].arg, sizeof(buff));
 	  for (j = 0; tab[j].handle; j++)
 	    if (tab[j].handle == *(usage[i].arg))
 	      sprintf(buff, "%d", tab[j].val);
@@ -824,163 +855,407 @@ static char *parse_mysockaddr(char *arg, union mysockaddr *addr)
   return NULL;
 }
 
-char *parse_server(char *arg, union mysockaddr *addr, union mysockaddr *source_addr, char *interface, u16 *flags)
+char *parse_server(char *arg, struct server_details *sdetails)
 {
-  int source_port = 0, serv_port = NAMESERVER_PORT;
-  char *portno, *source;
-  char *interface_opt = NULL;
-  int scope_index = 0;
-  char *scope_id;
-
-  *interface = 0;
+  sdetails->serv_port = NAMESERVER_PORT;
+  char *portno;
+  int ecode = 0;
+  struct addrinfo hints;
 
+  memset(&hints, 0, sizeof(struct addrinfo));
+  
+  *sdetails->interface = 0;
+  sdetails->addr_type = AF_UNSPEC;
+     
   if (strcmp(arg, "#") == 0)
     {
-      if (flags)
-	*flags |= SERV_USE_RESOLV;
+      if (sdetails->flags)
+	*sdetails->flags |= SERV_USE_RESOLV;
+      sdetails->addr_type = AF_LOCAL;
+      sdetails->valid = 1;
       return NULL;
     }
   
-  if ((source = split_chr(arg, '@')) && /* is there a source. */
-      (portno = split_chr(source, '#')) &&
-      !atoi_check16(portno, &source_port))
+  if ((sdetails->source = split_chr(arg, '@')) && /* is there a source. */
+      (portno = split_chr(sdetails->source, '#')) &&
+      !atoi_check16(portno, &sdetails->source_port))
     return _("bad port");
   
   if ((portno = split_chr(arg, '#')) && /* is there a port no. */
-      !atoi_check16(portno, &serv_port))
+      !atoi_check16(portno, &sdetails->serv_port))
     return _("bad port");
   
-  scope_id = split_chr(arg, '%');
+  sdetails->scope_id = split_chr(arg, '%');
   
-  if (source) {
-    interface_opt = split_chr(source, '@');
+  if (sdetails->source) {
+    sdetails->interface_opt = split_chr(sdetails->source, '@');
 
-    if (interface_opt)
+    if (sdetails->interface_opt)
       {
 #if defined(SO_BINDTODEVICE)
-	safe_strncpy(interface, source, IF_NAMESIZE);
-	source = interface_opt;
+	safe_strncpy(sdetails->interface, sdetails->source, IF_NAMESIZE);
+	sdetails->source = sdetails->interface_opt;
 #else
 	return _("interface binding not supported");
 #endif
       }
   }
 
-  if (inet_pton(AF_INET, arg, &addr->in.sin_addr) > 0)
+  if (inet_pton(AF_INET, arg, &sdetails->addr->in.sin_addr) > 0)
+      sdetails->addr_type = AF_INET;
+  else if (inet_pton(AF_INET6, arg, &sdetails->addr->in6.sin6_addr) > 0)
+      sdetails->addr_type = AF_INET6;
+  else 
+    {
+      /* if the argument is neither an IPv4 not an IPv6 address, it might be a
+	 hostname and we should try to resolve it to a suitable address. */
+      memset(&hints, 0, sizeof(hints));
+      /* The AI_ADDRCONFIG flag ensures that then IPv4 addresses are returned in
+         the result only if the local system has at least one IPv4 address
+         configured, and IPv6 addresses are returned only if the local system
+         has at least one IPv6 address configured. The loopback address is not
+         considered for this case as valid as a configured address. This flag is
+         useful on, for example, IPv4-only systems, to ensure that getaddrinfo()
+         does not return IPv6 socket addresses that would always fail in
+         subsequent connect() or bind() attempts. */
+      hints.ai_flags = AI_ADDRCONFIG;
+#if defined(HAVE_IDN) && defined(AI_IDN)
+      /* If the AI_IDN flag is specified and we have glibc 2.3.4 or newer, then
+         the node name given in node is converted to IDN format if necessary.
+         The source encoding is that of the current locale. */
+      hints.ai_flags |= AI_IDN;
+#endif
+      /* The value AF_UNSPEC indicates that getaddrinfo() should return socket
+         addresses for any address family (either IPv4 or IPv6, for example)
+         that can be used with node <arg> and service "domain". */
+      hints.ai_family = AF_UNSPEC;
+
+      /* Get addresses suitable for sending datagrams. We assume that we can use the
+	 same addresses for TCP connections. Settting this to zero gets each address
+	 threes times, for SOCK_STREAM, SOCK_RAW and SOCK_DGRAM, which is not useful. */
+      hints.ai_socktype = SOCK_DGRAM;
+
+      /* Get address associated with this hostname */
+      ecode = getaddrinfo(arg, NULL, &hints, &sdetails->hostinfo);
+      if (ecode == 0)
+	{
+	  /* The getaddrinfo() function allocated and initialized a linked list of
+	     addrinfo structures, one for each network address that matches node
+	     and service, subject to the restrictions imposed by our <hints>
+	     above, and returns a pointer to the start of the list in <hostinfo>.
+	     The items in the linked list are linked by the <ai_next> field. */
+	  sdetails->valid = 1;
+	  sdetails->orig_hostinfo = sdetails->hostinfo;
+	  return NULL;
+	}
+      else
+	{
+	  /* Lookup failed, return human readable error string */
+	  if (ecode == EAI_AGAIN)
+	    return _("Cannot resolve server name");
+	  else
+	    return _((char*)gai_strerror(ecode));
+	}
+    }
+  
+  sdetails->valid = 1;
+  return NULL;
+}
+
+char *parse_server_addr(struct server_details *sdetails)
+{
+  if (sdetails->addr_type == AF_INET)
     {
-      addr->in.sin_port = htons(serv_port);	
-      addr->sa.sa_family = source_addr->sa.sa_family = AF_INET;
+      sdetails->addr->in.sin_port = htons(sdetails->serv_port);
+      sdetails->addr->sa.sa_family = sdetails->source_addr->sa.sa_family = AF_INET;
 #ifdef HAVE_SOCKADDR_SA_LEN
-      source_addr->in.sin_len = addr->in.sin_len = sizeof(struct sockaddr_in);
+      sdetails->source_addr->in.sin_len = sdetails->addr->in.sin_len = sizeof(struct sockaddr_in);
 #endif
-      source_addr->in.sin_addr.s_addr = INADDR_ANY;
-      source_addr->in.sin_port = htons(daemon->query_port);
+      sdetails->source_addr->in.sin_addr.s_addr = INADDR_ANY;
+      sdetails->source_addr->in.sin_port = htons(daemon->query_port);
       
-      if (source)
+      if (sdetails->source)
 	{
-	  if (flags)
-	    *flags |= SERV_HAS_SOURCE;
-	  source_addr->in.sin_port = htons(source_port);
-	  if (!(inet_pton(AF_INET, source, &source_addr->in.sin_addr) > 0))
+	  if (sdetails->flags)
+	    *sdetails->flags |= SERV_HAS_SOURCE;
+	  sdetails->source_addr->in.sin_port = htons(sdetails->source_port);
+	  if (inet_pton(AF_INET, sdetails->source, &sdetails->source_addr->in.sin_addr) == 0)
 	    {
+	      if (inet_pton(AF_INET6, sdetails->source, &sdetails->source_addr->in6.sin6_addr) == 1)
+		{
+		  sdetails->source_addr->sa.sa_family = AF_INET6;
+		  /* When resolving a server IP by hostname, we can simply skip mismatching
+		     server / source IP pairs. Otherwise, when an IP address is given directly,
+		     this is a fatal error. */
+		  if (!sdetails->orig_hostinfo)
+		    return _("cannot use IPv4 server address with IPv6 source address");
+		}
+	      else
+		{
 #if defined(SO_BINDTODEVICE)
-	      if (interface_opt)
-		return _("interface can only be specified once");
-	      
-	      source_addr->in.sin_addr.s_addr = INADDR_ANY;
-	      safe_strncpy(interface, source, IF_NAMESIZE);
+		  if (sdetails->interface_opt)
+		    return _("interface can only be specified once");
+
+		  sdetails->source_addr->in.sin_addr.s_addr = INADDR_ANY;
+		  safe_strncpy(sdetails->interface, sdetails->source, IF_NAMESIZE);
 #else
-	      return _("interface binding not supported");
+		  return _("interface binding not supported");
 #endif
+		}
 	    }
 	}
     }
-  else if (inet_pton(AF_INET6, arg, &addr->in6.sin6_addr) > 0)
+  else if (sdetails->addr_type == AF_INET6)
     {
-      if (scope_id && (scope_index = if_nametoindex(scope_id)) == 0)
+      if (sdetails->scope_id && (sdetails->scope_index = if_nametoindex(sdetails->scope_id)) == 0)
 	return _("bad interface name");
-      
-      addr->in6.sin6_port = htons(serv_port);
-      addr->in6.sin6_scope_id = scope_index;
-      source_addr->in6.sin6_addr = in6addr_any; 
-      source_addr->in6.sin6_port = htons(daemon->query_port);
-      source_addr->in6.sin6_scope_id = 0;
-      addr->sa.sa_family = source_addr->sa.sa_family = AF_INET6;
-      addr->in6.sin6_flowinfo = source_addr->in6.sin6_flowinfo = 0;
+
+      sdetails->addr->in6.sin6_port = htons(sdetails->serv_port);
+      sdetails->addr->in6.sin6_scope_id = sdetails->scope_index;
+      sdetails->source_addr->in6.sin6_addr = in6addr_any;
+      sdetails->source_addr->in6.sin6_port = htons(daemon->query_port);
+      sdetails->source_addr->in6.sin6_scope_id = 0;
+      sdetails->addr->sa.sa_family = sdetails->source_addr->sa.sa_family = AF_INET6;
+      sdetails->addr->in6.sin6_flowinfo = sdetails->source_addr->in6.sin6_flowinfo = 0;
 #ifdef HAVE_SOCKADDR_SA_LEN
-      addr->in6.sin6_len = source_addr->in6.sin6_len = sizeof(addr->in6);
+      sdetails->addr->in6.sin6_len = sdetails->source_addr->in6.sin6_len = sizeof(sdetails->addr->in6);
 #endif
-      if (source)
+      if (sdetails->source)
 	{
-	  if (flags)
-	    *flags |= SERV_HAS_SOURCE;
-	  source_addr->in6.sin6_port = htons(source_port);
-	  if (inet_pton(AF_INET6, source, &source_addr->in6.sin6_addr) == 0)
+	  if (sdetails->flags)
+	    *sdetails->flags |= SERV_HAS_SOURCE;
+	  sdetails->source_addr->in6.sin6_port = htons(sdetails->source_port);
+	  if (inet_pton(AF_INET6, sdetails->source, &sdetails->source_addr->in6.sin6_addr) == 0)
 	    {
+	      if (inet_pton(AF_INET, sdetails->source, &sdetails->source_addr->in.sin_addr) == 1)
+		{
+		  sdetails->source_addr->sa.sa_family = AF_INET;
+		  /* When resolving a server IP by hostname, we can simply skip mismatching
+		     server / source IP pairs. Otherwise, when an IP address is given directly,
+		     this is a fatal error. */
+		  if(!sdetails->orig_hostinfo)
+		    return _("cannot use IPv6 server address with IPv4 source address");
+		}
+	      else
+		{
 #if defined(SO_BINDTODEVICE)
-	      if (interface_opt)
-		return _("interface can only be specified once");
-	      
-	      source_addr->in6.sin6_addr = in6addr_any;
-	      safe_strncpy(interface, source, IF_NAMESIZE);
+		  if (sdetails->interface_opt)
+		  return _("interface can only be specified once");
+
+		  sdetails->source_addr->in6.sin6_addr = in6addr_any;
+		  safe_strncpy(sdetails->interface, sdetails->source, IF_NAMESIZE);
 #else
-	      return _("interface binding not supported");
+		  return _("interface binding not supported");
 #endif
+		}
 	    }
 	}
     }
-  else
+  else if (sdetails->addr_type != AF_LOCAL)
     return _("bad address");
-
+  
   return NULL;
 }
 
-static int domain_rev4(char *domain, struct in_addr addr, int msize)
+int parse_server_next(struct server_details *sdetails)
+{
+  /* Looping over resolved addresses? */
+  if (sdetails->hostinfo)
+    {
+      /* Get address type */
+      sdetails->addr_type = sdetails->hostinfo->ai_family;
+
+      /* Get address */
+      if (sdetails->addr_type == AF_INET)
+	memcpy(&sdetails->addr->in.sin_addr,
+		&((struct sockaddr_in *) sdetails->hostinfo->ai_addr)->sin_addr,
+		sizeof(sdetails->addr->in.sin_addr));
+      else if (sdetails->addr_type == AF_INET6)
+	memcpy(&sdetails->addr->in6.sin6_addr,
+		&((struct sockaddr_in6 *) sdetails->hostinfo->ai_addr)->sin6_addr,
+		sizeof(sdetails->addr->in6.sin6_addr));
+
+      /* Iterate to the next available address */
+      sdetails->valid = sdetails->hostinfo->ai_next != NULL;
+      sdetails->hostinfo = sdetails->hostinfo->ai_next;
+      return 1;
+    }
+  else if (sdetails->valid)
+    {
+      /* When using an IP address, we return the address only once */
+      sdetails->valid = 0;
+      return 1;
+    }
+  /* Stop iterating here, we used all available addresses */
+  return 0;
+}
+
+static char *domain_rev4(int from_file, char *server, struct in_addr *addr4, int size)
 {
-  in_addr_t a = ntohl(addr.s_addr);
+  int i, j;
+  char *string;
+  int msize;
+  u16 flags = 0;
+  char domain[29]; /* strlen("xxx.yyy.zzz.ttt.in-addr.arpa")+1 */
+  union mysockaddr serv_addr, source_addr;
+  char interface[IF_NAMESIZE+1];
+  int count = 1, rem, addrbytes, addrbits;
+  struct server_details sdetails;
+
+  memset(&sdetails, 0, sizeof(struct server_details));
+  sdetails.addr = &serv_addr;
+  sdetails.source_addr = &source_addr;
+  sdetails.interface = interface;
+  sdetails.flags = &flags;
+    
+  if (!server)
+    flags = SERV_LITERAL_ADDRESS;
+  else if ((string = parse_server(server, &sdetails)))
+    return string;
+  
+  if (from_file)
+    flags |= SERV_FROM_FILE;
  
-  *domain = 0;
+  rem = size & 0x7;
+  addrbytes = (32 - size) >> 3;
+  addrbits = (32 - size) & 7;
+  
+  if (size > 32 || size < 1)
+    return _("bad IPv4 prefix length");
+  
+  /* Zero out last address bits according to CIDR mask */
+  ((u8 *)addr4)[3-addrbytes] &= ~((1 << addrbits)-1);
+  
+  size = size & ~0x7;
   
-  switch (msize)
+  if (rem != 0)
+    count = 1 << (8 - rem);
+  
+  for (i = 0; i < count; i++)
     {
-    case 32:
-      domain += sprintf(domain, "%u.", a & 0xff);
-      /* fall through */
-    case 24:
-      domain += sprintf(domain, "%d.", (a >> 8) & 0xff);
-      /* fall through */
-    case 16:
-      domain += sprintf(domain, "%d.", (a >> 16) & 0xff);
-      /* fall through */
-    case 8:
-      domain += sprintf(domain, "%d.", (a >> 24) & 0xff);
-      break;
-    default:
-      return 0;
+      *domain = 0;
+      string = domain;
+      msize = size/8;
+      
+      for (j = (rem == 0) ? msize-1 : msize; j >= 0; j--)
+	{ 
+	  int dig = ((unsigned char *)addr4)[j];
+	  
+	  if (j == msize)
+	    dig += i;
+	  
+	  string += sprintf(string, "%d.", dig);
+	}
+      
+      sprintf(string, "in-addr.arpa");
+
+      if (flags & SERV_LITERAL_ADDRESS)
+	{
+	  if (!add_update_server(flags, &serv_addr, &source_addr, interface, domain, NULL))
+	    return  _("error");
+	}
+      else
+	{
+	  while (parse_server_next(&sdetails))
+	    {
+	      if ((string = parse_server_addr(&sdetails)))
+		return string;
+	      
+	      if (!add_update_server(flags, &serv_addr, &source_addr, interface, domain, NULL))
+		return  _("error");
+	    }
+
+	  if (sdetails.orig_hostinfo)
+	    freeaddrinfo(sdetails.orig_hostinfo);
+	}
     }
   
-  domain += sprintf(domain, "in-addr.arpa");
-  
-  return 1;
+  return NULL;
 }
 
-static int domain_rev6(char *domain, struct in6_addr *addr, int msize)
+static char *domain_rev6(int from_file, char *server, struct in6_addr *addr6, int size)
 {
-  int i;
+  int i, j;
+  char *string;
+  int msize;
+  u16 flags = 0;
+  char domain[73]; /* strlen("32*<n.>ip6.arpa")+1 */
+  union mysockaddr serv_addr, source_addr;
+  char interface[IF_NAMESIZE+1];
+  int count = 1, rem, addrbytes, addrbits;
+  struct server_details sdetails;
+  
+  memset(&sdetails, 0, sizeof(struct server_details));
+  sdetails.addr = &serv_addr;
+  sdetails.source_addr = &source_addr;
+  sdetails.interface = interface;
+  sdetails.flags = &flags;
+   
+  if (!server)
+    flags = SERV_LITERAL_ADDRESS;
+  else if ((string = parse_server(server, &sdetails)))
+    return string;
 
-  if (msize > 128 || msize%4)
-    return 0;
+  if (from_file)
+    flags |= SERV_FROM_FILE;
+  
+  rem = size & 0x3;
+  addrbytes = (128 - size) >> 3;
+  addrbits = (128 - size) & 7;
+  
+  if (size > 128 || size < 1)
+    return _("bad IPv6 prefix length");
+  
+  /* Zero out last address bits according to CIDR mask */
+  addr6->s6_addr[15-addrbytes] &= ~((1 << addrbits) - 1);
+  
+  size = size & ~0x3;
+  
+  if (rem != 0)
+    count = 1 << (4 - rem);
+      
+  for (i = 0; i < count; i++)
+    {
+      *domain = 0;
+      string = domain;
+      msize = size/4;
   
-  *domain = 0;
+      for (j = (rem == 0) ? msize-1 : msize; j >= 0; j--)
+	{ 
+	  int dig = ((unsigned char *)addr6)[j>>1];
+	  
+	  dig = j & 1 ? dig & 15 : dig >> 4;
+	  
+	  if (j == msize)
+	    dig += i;
+	  
+	  string += sprintf(string, "%.1x.", dig);
+	}
+      
+      sprintf(string, "ip6.arpa");
 
-  for (i = msize-1; i >= 0; i -= 4)
-    { 
-      int dig = ((unsigned char *)addr)[i>>3];
-      domain += sprintf(domain, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
+      if (flags & SERV_LITERAL_ADDRESS)
+	{
+	  if (!add_update_server(flags, &serv_addr, &source_addr, interface, domain, NULL))
+	    return  _("error");
+	}
+      else
+	{
+	  while (parse_server_next(&sdetails))
+	    {
+	      if ((string = parse_server_addr(&sdetails)))
+		return string;
+	      
+	      if (!add_update_server(flags, &serv_addr, &source_addr, interface, domain, NULL))
+		return  _("error");
+	    }
+
+	  if (sdetails.orig_hostinfo)
+	    freeaddrinfo(sdetails.orig_hostinfo);
+	}
     }
-  domain += sprintf(domain, "ip6.arpa");
   
-  return 1;
+  return NULL;
 }
 
 #ifdef HAVE_DHCP
@@ -1723,6 +1998,17 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	break;
       }
 
+    case LOPT_CONF_SCRIPT: /* --conf-script */
+      {
+	char *file = opt_string_alloc(arg);
+	if (file)
+	  {
+	    one_file(file, LOPT_CONF_SCRIPT);
+	    free(file);
+	  }
+	break;
+      }
+
     case '7': /* --conf-dir */	      
       {
 	DIR *dir_stream;
@@ -1829,6 +2115,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 		new->next = li;
 		*up = new;
 	      }
+	    else
+	      free(path);
 
 	  }
 
@@ -1995,7 +2283,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	
 	if (!(name = canonicalise_opt(arg)) || 
 	    (comma && !(target = canonicalise_opt(comma))))
-	  ret_err(_("bad MX name"));
+	  {
+	    free(name);
+	    free(target);
+	    ret_err(_("bad MX name"));
+	  }
 	
 	new = opt_malloc(sizeof(struct mx_srv_record));
 	new->next = daemon->mxnames;
@@ -2045,15 +2337,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 
     case LOPT_DHCP_HOST:     /* --dhcp-hostsfile */
     case LOPT_DHCP_OPTS:     /* --dhcp-optsfile */
-    case LOPT_DHCP_INOTIFY:  /* --dhcp-hostsdir */
-    case LOPT_DHOPT_INOTIFY: /* --dhcp-optsdir */
-    case LOPT_HOST_INOTIFY:  /* --hostsdir */
     case 'H':                /* --addn-hosts */
       {
 	struct hostsfile *new = opt_malloc(sizeof(struct hostsfile));
-	static unsigned int hosts_index = SRC_AH;
 	new->fname = opt_string_alloc(arg);
-	new->index = hosts_index++;
+	new->index = daemon->host_index++;
 	new->flags = 0;
 	if (option == 'H')
 	  {
@@ -2069,21 +2357,29 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	  {
 	    new->next = daemon->dhcp_opts_file;
 	    daemon->dhcp_opts_file = new;
-	  } 	  
-	else 
-	  {
-	    new->next = daemon->dynamic_dirs;
-	    daemon->dynamic_dirs = new; 
-	    if (option == LOPT_DHCP_INOTIFY)
-	      new->flags |= AH_DHCP_HST;
-	    else if (option == LOPT_DHOPT_INOTIFY)
-	      new->flags |= AH_DHCP_OPT;
-	    else if (option == LOPT_HOST_INOTIFY)
-	      new->flags |= AH_HOSTS;
 	  }
 	
 	break;
       }
+
+    case LOPT_DHCP_INOTIFY:  /* --dhcp-hostsdir */
+    case LOPT_DHOPT_INOTIFY: /* --dhcp-optsdir */
+    case LOPT_HOST_INOTIFY:  /* --hostsdir */
+      {
+	struct dyndir *new = opt_malloc(sizeof(struct dyndir));
+	new->dname = opt_string_alloc(arg);
+	new->flags = 0;
+	new->next = daemon->dynamic_dirs;
+	daemon->dynamic_dirs = new; 
+	if (option == LOPT_DHCP_INOTIFY)
+	new->flags |= AH_DHCP_HST;
+	else if (option == LOPT_DHOPT_INOTIFY)
+	new->flags |= AH_DHCP_OPT;
+	else if (option == LOPT_HOST_INOTIFY)
+	new->flags |= AH_HOSTS;
+
+	break;
+      }
       
     case LOPT_AUTHSERV: /* --auth-server */
       comma = split(arg);
@@ -2146,8 +2442,10 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	comma = split(arg);
 		
 	new = opt_malloc(sizeof(struct auth_zone));
-	new->domain = opt_string_alloc(arg);
-	new->subnet = NULL;
+	new->domain = canonicalise_opt(arg);
+	if (!new->domain)
+	  ret_err_free(_("invalid auth-zone"), new);
+ 	new->subnet = NULL;
 	new->exclude = NULL;
 	new->interface_names = NULL;
 	new->next = daemon->auth_zones;
@@ -2302,17 +2600,13 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 				      strlen(new->prefix) > MAXLABEL - INET_ADDRSTRLEN)
 				    ret_err_free(_("bad prefix"), new);
 				}
-			      else if (strcmp(arg, "local") != 0 ||
-				       (msize != 8 && msize != 16 && msize != 24))
+			      else if (strcmp(arg, "local") != 0)
 				ret_err_free(gen_err, new);
 			      else
 				{
-				  char domain[29]; /* strlen("xxx.yyy.zzz.ttt.in-addr.arpa")+1 */
 				  /* local=/xxx.yyy.zzz.in-addr.arpa/ */
-				  /* domain_rev4 can't fail here, msize checked above. */
-				  domain_rev4(domain, new->start, msize);
-				  add_update_server(SERV_LITERAL_ADDRESS, NULL, NULL, NULL, domain, NULL);
-				  
+				  domain_rev4(0, NULL, &new->start, msize);
+				 				  
 				  /* local=/<domain>/ */
 				  /* d_raw can't failed to canonicalise here, checked above. */
 				  add_update_server(SERV_LITERAL_ADDRESS, NULL, NULL, NULL, d_raw, NULL);
@@ -2347,16 +2641,14 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 				      strlen(new->prefix) > MAXLABEL - INET6_ADDRSTRLEN)
 				    ret_err_free(_("bad prefix"), new);
 				}	
-			      else if (strcmp(arg, "local") != 0 || ((msize & 4) != 0))
+			      else if (strcmp(arg, "local") != 0)
 				ret_err_free(gen_err, new);
 			      else 
 				{
-				  char domain[73]; /* strlen("32*<n.>ip6.arpa")+1 */
 				  /* generate the equivalent of
 				     local=/xxx.yyy.zzz.ip6.arpa/ */
-				  domain_rev6(domain, &new->start6, msize);
-				  add_update_server(SERV_LITERAL_ADDRESS, NULL, NULL, NULL, domain, NULL);
-
+				  domain_rev6(0, NULL, &new->start6, msize);
+				  
 				  /* local=/<domain>/ */
 				  /* d_raw can't failed to canonicalise here, checked above. */
 				  add_update_server(SERV_LITERAL_ADDRESS, NULL, NULL, NULL, d_raw, NULL);
@@ -2388,9 +2680,15 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 			  else if (!inet_pton(AF_INET6, arg, &new->end6))
 			    ret_err_free(gen_err, new);
 			}
-		      else 
+		      else if (option == 's')
+			{
+			  /* subnet from interface. */
+			  new->interface = opt_string_alloc(comma);
+			  new->al = NULL;
+			}
+		      else
 			ret_err_free(gen_err, new);
-
+		      
 		      if (option != 's' && prefstr)
 			{
 			  if (!(new->prefix = canonicalise_opt(prefstr)) ||
@@ -2436,39 +2734,48 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 
     case LOPT_UMBRELLA: /* --umbrella */
       set_option_bool(OPT_UMBRELLA);
-      while (arg) {
-        comma = split(arg);
-        if (strstr(arg, "deviceid:")) {
-          arg += 9;
-          if (strlen(arg) != 16)
-              ret_err(gen_err);
-          for (char *p = arg; *p; p++) {
-            if (!isxdigit((int)*p))
-              ret_err(gen_err);
-          }
-          set_option_bool(OPT_UMBRELLA_DEVID);
-
-          u8 *u = daemon->umbrella_device;
-          char word[3];
-          for (u8 i = 0; i < sizeof(daemon->umbrella_device); i++, arg+=2) {
-            memcpy(word, &(arg[0]), 2);
-            *u++ = strtoul(word, NULL, 16);
-          }
-        }
-        else if (strstr(arg, "orgid:")) {
-          if (!strtoul_check(arg+6, &daemon->umbrella_org)) {
-            ret_err(gen_err);
-          }
-        }
-        else if (strstr(arg, "assetid:")) {
-          if (!strtoul_check(arg+8, &daemon->umbrella_asset)) {
-            ret_err(gen_err);
-          }
-        }
-        arg = comma;
-      }
+      while (arg)
+	{
+	  comma = split(arg);
+	  if (strstr(arg, "deviceid:"))
+	    {
+	      char *p;
+	      u8 *u = daemon->umbrella_device;
+	      char word[3];
+	      
+	      arg += 9;
+	      if (strlen(arg) != 16)
+		ret_err(gen_err);
+	      
+	      for (p = arg; *p; p++)
+		if (!isxdigit((int)*p))
+		  ret_err(gen_err);
+	      
+	      set_option_bool(OPT_UMBRELLA_DEVID);
+	      
+	      for (i = 0; i < (int)sizeof(daemon->umbrella_device); i++, arg+=2)
+		{
+		  memcpy(word, &(arg[0]), 2);
+		  *u++ = strtoul(word, NULL, 16);
+		}
+	    }
+	  else if (strstr(arg, "orgid:"))
+	    {
+	      if (!strtoul_check(arg+6, &daemon->umbrella_org))
+		ret_err(gen_err);
+	    }
+	  else if (strstr(arg, "assetid:"))
+	    {
+	      if (!strtoul_check(arg+8, &daemon->umbrella_asset))
+		ret_err(gen_err);
+	    }
+	  else
+	    ret_err(gen_err);
+	  
+	  arg = comma;
+	}
       break;
-
+      
     case LOPT_ADD_MAC: /* --add-mac */
       if (!arg)
 	set_option_bool(OPT_ADD_MAC);
@@ -2635,7 +2942,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
       
     case LOPT_NO_REBIND: /*  --rebind-domain-ok */
       {
-	struct server *new;
+	struct rebind_domain *new;
 
 	unhide_metas(arg);
 
@@ -2644,9 +2951,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	
 	do {
 	  comma = split_chr(arg, '/');
-	  new = opt_malloc(sizeof(struct serv_local));
-	  new->domain = opt_string_alloc(arg);
-	  new->domain_len = strlen(arg);
+	  new = opt_malloc(sizeof(struct  rebind_domain));
+	  new->domain = canonicalise_opt(arg);
 	  new->next = daemon->no_rebind;
 	  daemon->no_rebind = new;
 	  arg = comma;
@@ -2659,13 +2965,20 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
     case LOPT_LOCAL:     /*  --local */
     case 'A':            /*  --address */
       {
-	char *lastdomain = NULL, *domain = "";
+	char *lastdomain = NULL, *domain = "", *cur_domain;
 	u16 flags = 0;
 	char *err;
 	union all_addr addr;
 	union mysockaddr serv_addr, source_addr;
 	char interface[IF_NAMESIZE+1];
+	struct server_details sdetails;
 
+	memset(&sdetails, 0, sizeof(struct server_details));
+	sdetails.addr = &serv_addr;
+	sdetails.source_addr = &source_addr;
+	sdetails.interface = interface;
+	sdetails.flags = &flags;
+			
 	unhide_metas(arg);
 	
 	/* split the domain args, if any and skip to the end of them. */
@@ -2698,29 +3011,55 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	  }
 	else
 	  {
-	    if ((err = parse_server(arg, &serv_addr, &source_addr, interface, &flags)))
+	    if ((err = parse_server(arg, &sdetails)))
 	      ret_err(err);
 	  }
 
 	if (servers_only && option == 'S')
 	  flags |= SERV_FROM_FILE;
-	
-	while (1)
+
+	cur_domain = domain;
+	while ((flags & SERV_LITERAL_ADDRESS) || parse_server_next(&sdetails))
 	  {
-	    /* server=//1.2.3.4 is special. */
-	    if (strlen(domain) == 0 && lastdomain)
-	      flags |= SERV_FOR_NODOTS;
-	    else
-	      flags &= ~SERV_FOR_NODOTS;
+	    cur_domain = domain;
 
-	    if (!add_update_server(flags, &serv_addr, &source_addr, interface, domain, &addr))
-	      ret_err(gen_err);
-	    
-	    if (!lastdomain || domain == lastdomain)
+	    if (!(flags & SERV_LITERAL_ADDRESS) && (err = parse_server_addr(&sdetails)))
+	      ret_err(err);
+
+	    /* When source is set only use DNS records of the same type and skip all others */
+	    if (flags & SERV_HAS_SOURCE && sdetails.addr_type != sdetails.source_addr->sa.sa_family)
+	      continue;
+
+	    while (1)
+	      {
+		/* server=//1.2.3.4 is special. */
+		if (lastdomain)
+		  {
+		    if (strlen(cur_domain) == 0)
+		      flags |= SERV_FOR_NODOTS;
+		    else
+		      flags &= ~SERV_FOR_NODOTS;
+		    
+		    /* address=/#/ matches the same as without domain */
+		    if (option == 'A' && cur_domain[0] == '#' && cur_domain[1] == 0)
+		      cur_domain[0] = 0;
+		  }
+		
+		if (!add_update_server(flags, sdetails.addr, sdetails.source_addr, sdetails.interface, cur_domain, &addr))
+		  ret_err(gen_err);
+		
+		if (!lastdomain || cur_domain == lastdomain)
+		  break;
+
+		cur_domain += strlen(cur_domain) + 1;
+	      }
+
+	    if (flags & SERV_LITERAL_ADDRESS)
 	      break;
-	    
-	    domain += strlen(domain) + 1;
 	  }
+
+	if (sdetails.orig_hostinfo)
+	  freeaddrinfo(sdetails.orig_hostinfo);
 	
      	break;
       }
@@ -2729,57 +3068,62 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
       {
 	char *string;
 	int size;
-	u16 flags = 0;
-	char domain[73]; /* strlen("32*<n.>ip6.arpa")+1 */
 	struct in_addr addr4;
 	struct in6_addr addr6;
- 	union mysockaddr serv_addr, source_addr;
-	char interface[IF_NAMESIZE+1];
-	
+ 	
 	unhide_metas(arg);
 	if (!arg)
 	  ret_err(gen_err);
 	
 	comma=split(arg);
-
-	if (!(string = split_chr(arg, '/')) || !atoi_check(string, &size))
-	  ret_err(gen_err);
 	
+	if (!(string = split_chr(arg, '/')) || !atoi_check(string, &size))
+	  size = -1;
+
 	if (inet_pton(AF_INET, arg, &addr4))
 	  {
-	    if (!domain_rev4(domain, addr4, size))
-	      ret_err(_("bad IPv4 prefix"));
+	   if (size == -1)
+	     size = 32;
+
+	   if ((string = domain_rev4(servers_only, comma, &addr4, size)))
+	      ret_err(string);
 	  }
 	else if (inet_pton(AF_INET6, arg, &addr6))
 	  {
-	    if (!domain_rev6(domain, &addr6, size))
-	      ret_err(_("bad IPv6 prefix"));
+	     if (size == -1)
+	       size = 128;
+
+	     if ((string = domain_rev6(servers_only, comma, &addr6, size)))
+	      ret_err(string);
 	  }
 	else
 	  ret_err(gen_err);
 	
-	if (!comma)
-	  flags |= SERV_LITERAL_ADDRESS;
-	else if ((string = parse_server(comma, &serv_addr, &source_addr, interface, &flags)))
-	  ret_err(string);
-	
-	if (servers_only)
-	  flags |= SERV_FROM_FILE;
-
-	if (!add_update_server(flags, &serv_addr, &source_addr, interface, domain, NULL))
-	  ret_err(gen_err);
-	
 	break;
       }
 
     case LOPT_IPSET: /* --ipset */
+    case LOPT_NFTSET: /* --nftset */
 #ifndef HAVE_IPSET
-      ret_err(_("recompile with HAVE_IPSET defined to enable ipset directives"));
-      break;
-#else
+      if (option == LOPT_IPSET)
+        {
+          ret_err(_("recompile with HAVE_IPSET defined to enable ipset directives"));
+          break;
+        }
+#endif
+#ifndef HAVE_NFTSET
+      if (option == LOPT_NFTSET)
+        {
+          ret_err(_("recompile with HAVE_NFTSET defined to enable nftset directives"));
+          break;
+        }
+#endif
+
       {
 	 struct ipsets ipsets_head;
 	 struct ipsets *ipsets = &ipsets_head;
+         struct ipsets **daemon_sets =
+           (option == LOPT_IPSET) ? &daemon->ipsets : &daemon->nftsets;
 	 int size;
 	 char *end;
 	 char **sets, **sets_pos;
@@ -2824,19 +3168,24 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	 sets = sets_pos = opt_malloc(sizeof(char *) * size);
 	 
 	 do {
+	   char *p;
 	   end = split(arg);
-	   *sets_pos++ = opt_string_alloc(arg);
+	   *sets_pos = opt_string_alloc(arg);
+	   /* Use '#' to delimit table and set */
+	   if (option == LOPT_NFTSET)
+	     while ((p = strchr(*sets_pos, '#')))
+	       *p = ' ';
+	   sets_pos++;
 	   arg = end;
 	 } while (end);
 	 *sets_pos = 0;
 	 for (ipsets = &ipsets_head; ipsets->next; ipsets = ipsets->next)
 	   ipsets->next->sets = sets;
-	 ipsets->next = daemon->ipsets;
-	 daemon->ipsets = ipsets_head.next;
+	 ipsets->next = *daemon_sets;
+	 *daemon_sets = ipsets_head.next;
 	 
 	 break;
       }
-#endif
       
     case LOPT_CMARK_ALST_EN: /* --connmark-allowlist-enable */
 #ifndef HAVE_CONNTRACK
@@ -3044,6 +3393,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
       if (daemon->query_port == 0)
 	daemon->osport = 1;
       break;
+
+    case LOPT_RANDPORT_LIM: /* --port-limit */
+      if (!atoi_check(arg, &daemon->randport_limit) || (daemon->randport_limit < 1))
+	ret_err(gen_err);
+      break;
       
     case 'T':         /* --local-ttl */
     case LOPT_NEGTTL: /* --neg-ttl */
@@ -3079,7 +3433,30 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	  daemon->local_ttl = (unsigned long)ttl;
 	break;
       }
+
+    case LOPT_FAST_RETRY:
+      daemon->fast_retry_timeout = TIMEOUT;
       
+      if (!arg)
+	daemon->fast_retry_time = DEFAULT_FAST_RETRY;
+      else
+	{
+	  int retry;
+	  
+	  comma = split(arg);
+	  if (!atoi_check(arg, &retry) || retry < 50)
+	    ret_err(gen_err);
+	  daemon->fast_retry_time = retry;
+	  
+	  if (comma)
+	    {
+	      if (!atoi_check(comma, &retry))
+		ret_err(gen_err);
+	      daemon->fast_retry_timeout = retry/1000;
+	    }
+	}
+      break;
+            
 #ifdef HAVE_DHCP
     case 'X': /* --dhcp-lease-max */
       if (!atoi_check(arg, &daemon->dhcp_max))
@@ -3616,6 +3993,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 		      inet_ntop(AF_INET, &in, daemon->addrbuff, ADDRSTRLEN);
 		      sprintf(errstr, _("duplicate dhcp-host IP address %s"),
 			      daemon->addrbuff);
+		      dhcp_config_free(new);
 		      return 0;
 		    }	      
 	      }
@@ -3779,16 +4157,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 
     case LOPT_NAME_MATCH: /* --dhcp-name-match */
       {
-	struct dhcp_match_name *new = opt_malloc(sizeof(struct dhcp_match_name));
-	struct dhcp_netid *id = opt_malloc(sizeof(struct dhcp_netid));
+	struct dhcp_match_name *new;
 	ssize_t len;
 	
 	if (!(comma = split(arg)) || (len = strlen(comma)) == 0)
 	  ret_err(gen_err);
 
+	new = opt_malloc(sizeof(struct dhcp_match_name));
 	new->wildcard = 0;
-	new->netid = id;
-	id->net = opt_string_alloc(set_prefix(arg));
+	new->netid = opt_malloc(sizeof(struct dhcp_netid));
+	new->netid->net = opt_string_alloc(set_prefix(arg));
 
 	if (comma[len-1] == '*')
 	  {
@@ -3992,6 +4370,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	       }
 	   }
 	 
+	 dhcp_netid_free(new->netid);
+	 free(new);
 	 ret_err(gen_err);
        }
 	 
@@ -4026,7 +4406,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
     case LOPT_SUBSCR:   /* --dhcp-subscrid */
       {
 	 unsigned char *p;
-	 int dig = 0;
+	 int dig, colon;
 	 struct dhcp_vendor *new = opt_malloc(sizeof(struct dhcp_vendor));
 	 
 	 if (!(comma = split(arg)))
@@ -4050,13 +4430,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	 else
 	   comma = arg;
 	 
-	 for (p = (unsigned char *)comma; *p; p++)
+	 for (dig = 0, colon = 0, p = (unsigned char *)comma; *p; p++)
 	   if (isxdigit(*p))
 	     dig = 1;
-	   else if (*p != ':')
+	   else if (*p == ':')
+	     colon = 1;
+	   else
 	     break;
+	 
 	 unhide_metas(comma);
-	 if (option == 'U' || option == 'j' || *p || !dig)
+	 if (option == 'U' || option == 'j' || *p || !dig || !colon)
 	   {
 	     new->len = strlen(comma);  
 	     new->data = opt_malloc(new->len);
@@ -4179,26 +4562,66 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	}
       }
       break;
-
+      
     case LOPT_RELAY: /* --dhcp-relay */
       {
 	struct dhcp_relay *new = opt_malloc(sizeof(struct dhcp_relay));
-	comma = split(arg);
-	new->interface = opt_string_alloc(split(comma));
+	char *two = split(arg);
+	char *three = split(two);
+	
 	new->iface_index = 0;
-	if (comma && inet_pton(AF_INET, arg, &new->local) && inet_pton(AF_INET, comma, &new->server))
+
+	if (two)
 	  {
-	    new->next = daemon->relay4;
-	    daemon->relay4 = new;
-	  }
+	    if (inet_pton(AF_INET, arg, &new->local))
+	      {
+		char *hash = split_chr(two, '#');
+
+		if (!hash || !atoi_check16(hash, &new->port))
+		  new->port = DHCP_SERVER_PORT;
+		
+		if (!inet_pton(AF_INET, two, &new->server))
+		  {
+		    new->server.addr4.s_addr = 0;
+		    		    
+		    /* Fail for three arg version where there are not two addresses. 
+		       Also fail when broadcasting to wildcard address. */
+		    if (three || strchr(two, '*'))
+		      two = NULL;
+		    else
+		      three = two;
+		  }
+		
+		new->next = daemon->relay4;
+		daemon->relay4 = new;
+	      }
 #ifdef HAVE_DHCP6
-	else if (comma && inet_pton(AF_INET6, arg, &new->local) && inet_pton(AF_INET6, comma, &new->server))
-	  {
-	    new->next = daemon->relay6;
-	    daemon->relay6 = new;
-	  }
+	    else if (inet_pton(AF_INET6, arg, &new->local))
+	      {
+		char *hash = split_chr(two, '#');
+
+		if (!hash || !atoi_check16(hash, &new->port))
+		  new->port = DHCPV6_SERVER_PORT;
+
+		if (!inet_pton(AF_INET6, two, &new->server))
+		  {
+		    inet_pton(AF_INET6, ALL_SERVERS, &new->server.addr6);
+		    /* Fail for three arg version where there are not two addresses.
+		       Also fail when multicasting to wildcard address. */
+		    if (three || strchr(two, '*'))
+		      two = NULL;
+		    else
+		      three = two;
+		  }
+		new->next = daemon->relay6;
+		daemon->relay6 = new;
+	      }
 #endif
-	else
+
+	    new->interface = opt_string_alloc(three);
+	  }
+	
+	if (!two)
 	  {
 	    free(new->interface);
 	    ret_err_free(_("Bad dhcp-relay"), new);
@@ -4367,7 +4790,7 @@ err:
     case LOPT_CNAME: /* --cname */
       {
 	struct cname *new;
-	char *alias, *target, *last, *pen;
+	char *alias, *target=NULL, *last, *pen;
 	int ttl = -1;
 
 	for (last = pen = NULL, comma = arg; comma; comma = split(comma))
@@ -4382,13 +4805,13 @@ err:
 	if (pen != arg && atoi_check(last, &ttl))
 	  last = pen;
 	  	
-    	target = canonicalise_opt(last);
-
 	while (arg != last)
 	  {
 	    int arglen = strlen(arg);
 	    alias = canonicalise_opt(arg);
 
+	    if (!target)
+	      target = canonicalise_opt(last);
 	    if (!alias || !target)
 	      {
 		free(target);
@@ -4691,7 +5114,7 @@ err:
 		struct name_list *nl;
 		if (!canon)
                   {
-		    struct name_list *tmp = new->names, *next;
+		    struct name_list *tmp, *next;
 		    for (tmp = new->names; tmp; tmp = next)
 		      {
 			next = tmp->next;
@@ -4728,6 +5151,24 @@ err:
 	break;
       }
 
+    case LOPT_STALE_CACHE:
+      {
+	int max_expiry = STALE_CACHE_EXPIRY;
+	if (arg)
+	  {
+	    /* Don't accept negative TTLs here, they'd have the counter-intuitive
+	       side-effect of evicting cache records before they expire */
+	    if (!atoi_check(arg, &max_expiry) || max_expiry < 0)
+	      ret_err(gen_err);
+	    /* Store "serve expired forever" as -1 internally, the option isn't
+	       active for daemon->cache_max_expiry == 0 */
+	    if (max_expiry == 0)
+	      max_expiry = -1;
+	  }
+	daemon->cache_max_expiry = max_expiry;
+	break;
+      }
+
 #ifdef HAVE_DNSSEC
     case LOPT_DNSSEC_STAMP: /* --dnssec-timestamp */
       daemon->timestamp_file = opt_string_alloc(arg); 
@@ -4809,7 +5250,7 @@ err:
   return 1;
 }
 
-static void read_file(char *file, FILE *f, int hard_opt)	
+static void read_file(char *file, FILE *f, int hard_opt, int from_script)	
 {
   volatile int lineno = 0;
   char *buff = daemon->namebuff;
@@ -4817,10 +5258,12 @@ static void read_file(char *file, FILE *f, int hard_opt)
   while (fgets(buff, MAXDNAME, f))
     {
       int white, i;
-      volatile int option = (hard_opt == LOPT_REV_SERV) ? 0 : hard_opt;
+      volatile int option;
       char *errmess, *p, *arg, *start;
       size_t len;
 
+      option = (hard_opt == LOPT_REV_SERV) ? 0 : hard_opt;
+
       /* Memory allocation failure longjmps here if mem_recover == 1 */ 
       if (option != 0 || hard_opt == LOPT_REV_SERV)
 	{
@@ -4828,7 +5271,7 @@ static void read_file(char *file, FILE *f, int hard_opt)
 	    continue;
 	  mem_recover = 1;
 	}
-      
+
       arg = NULL;
       lineno++;
       errmess = NULL;
@@ -4934,7 +5377,11 @@ static void read_file(char *file, FILE *f, int hard_opt)
 	  
       if (errmess || !one_opt(option, arg, daemon->namebuff, _("error"), 0, hard_opt == LOPT_REV_SERV))
 	{
-	  sprintf(daemon->namebuff + strlen(daemon->namebuff), _(" at line %d of %s"), lineno, file);
+	  if (from_script)
+	    sprintf(daemon->namebuff + strlen(daemon->namebuff), _(" in output from %s"), file);
+	  else
+	    sprintf(daemon->namebuff + strlen(daemon->namebuff), _(" at line %d of %s"), lineno, file);
+	  
 	  if (hard_opt != 0)
 	    my_syslog(LOG_ERR, "%s", daemon->namebuff);
 	  else
@@ -4943,7 +5390,6 @@ static void read_file(char *file, FILE *f, int hard_opt)
     }
 
   mem_recover = 0;
-  fclose(f);
 }
 
 #if defined(HAVE_DHCP) && defined(HAVE_INOTIFY)
@@ -4963,7 +5409,7 @@ int option_read_dynfile(char *file, int flags)
 static int one_file(char *file, int hard_opt)
 {
   FILE *f;
-  int nofile_ok = 0;
+  int nofile_ok = 0, do_popen = 0;
   static int read_stdin = 0;
   static struct fileread {
     dev_t dev;
@@ -4971,14 +5417,20 @@ static int one_file(char *file, int hard_opt)
     struct fileread *next;
   } *filesread = NULL;
   
-  if (hard_opt == '7')
+  if (hard_opt == LOPT_CONF_OPT)
     {
       /* default conf-file reading */
       hard_opt = 0;
       nofile_ok = 1;
     }
 
-  if (hard_opt == 0 && strcmp(file, "-") == 0)
+   if (hard_opt == LOPT_CONF_SCRIPT)
+     {
+       hard_opt = 0;
+       do_popen = 1;
+     }
+   
+   if (hard_opt == 0 && !do_popen && strcmp(file, "-") == 0)
     {
       if (read_stdin == 1)
 	return 1;
@@ -5005,8 +5457,13 @@ static int one_file(char *file, int hard_opt)
 	  r->dev = statbuf.st_dev;
 	  r->ino = statbuf.st_ino;
 	}
-      
-      if (!(f = fopen(file, "r")))
+
+      if (do_popen)
+	{
+	  if (!(f = popen(file, "r")))
+	    die(_("cannot execute %s: %s"), file, EC_FILE);
+	}
+      else if (!(f = fopen(file, "r")))
 	{   
 	  if (errno == ENOENT && nofile_ok)
 	    return 1; /* No conffile, all done. */
@@ -5024,7 +5481,21 @@ static int one_file(char *file, int hard_opt)
 	} 
     }
   
-  read_file(file, f, hard_opt);
+   read_file(file, f, hard_opt, do_popen);
+
+  if (do_popen)
+    {
+      int rc;
+
+      if ((rc = pclose(f)) == -1)
+	die(_("error executing %s: %s"), file, EC_MISC);
+
+      if (rc != 0)
+	die(_("%s returns non-zero error code"), file, rc+10);
+    }
+  else
+    fclose(f);
+	
   return 1;
 }
 
@@ -5164,7 +5635,8 @@ void read_servers_file(void)
     }
   
   mark_servers(SERV_FROM_FILE);
-  read_file(daemon->servers_file, f, LOPT_REV_SERV);
+  read_file(daemon->servers_file, f, LOPT_REV_SERV, 0);
+  fclose(f);
   cleanup_servers();
   check_servers(0);
 }
@@ -5282,6 +5754,8 @@ void read_opts(int argc, char **argv, char *compile_opts)
   daemon->soa_refresh = SOA_REFRESH;
   daemon->soa_retry = SOA_RETRY;
   daemon->soa_expiry = SOA_EXPIRY;
+  daemon->randport_limit = 1;
+  daemon->host_index = SRC_AH;
   
 #ifndef NO_ID
   add_txt("version.bind", "dnsmasq-" VERSION, 0 );
@@ -5297,7 +5771,10 @@ void read_opts(int argc, char **argv, char *compile_opts)
 #endif
   add_txt("servers.bind", NULL, TXT_STAT_SERVERS);
 #endif
-
+  
+  /* See comment above make_servers(). Optimises server-read code. */
+  mark_servers(0);
+  
   while (1) 
     {
 #ifdef HAVE_GETOPT_LONG
@@ -5390,7 +5867,7 @@ void read_opts(int argc, char **argv, char *compile_opts)
       free(conffile);
     }
   else
-    one_file(CONFFILE, '7');
+    one_file(CONFFILE, LOPT_CONF_OPT);
 
   /* port might not be known when the address is parsed - fill in here */
   if (daemon->servers)
diff --git a/src/outpacket.c b/src/outpacket.c
index da6f73c..abb3a3a 100644
--- a/src/outpacket.c
+++ b/src/outpacket.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/src/pattern.c b/src/pattern.c
index 03e23b9..e56e495 100644
--- a/src/pattern.c
+++ b/src/pattern.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -129,9 +129,9 @@ int is_valid_dns_name(const char *value)
   
   size_t num_bytes = 0;
   size_t num_labels = 0;
-  const char *label = NULL;
+  const char *c, *label = NULL;
   int is_label_numeric = 1;
-  for (const char *c = value;; c++)
+  for (c = value;; c++)
     {
       if (*c &&
 	  *c != '-' && *c != '.' &&
@@ -242,11 +242,11 @@ int is_valid_dns_name_pattern(const char *value)
   
   size_t num_bytes = 0;
   size_t num_labels = 0;
-  const char *label = NULL;
+  const char *c, *label = NULL;
   int is_label_numeric = 1;
   size_t num_wildcards = 0;
   int previous_label_has_wildcard = 1;
-  for (const char *c = value;; c++)
+  for (c = value;; c++)
     {
       if (*c &&
 	  *c != '*' && /* Wildcard. */
diff --git a/src/poll.c b/src/poll.c
index f414690..bbb9009 100644
--- a/src/poll.c
+++ b/src/poll.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -96,28 +96,21 @@ void poll_listen(int fd, short event)
      pollfds[i].events |= event;
    else
      {
-       if (arrsize != nfds)
-	 memmove(&pollfds[i+1], &pollfds[i], (nfds - i) * sizeof(struct pollfd));
-       else
+       if (arrsize == nfds)
 	 {
 	   /* Array too small, extend. */
 	   struct pollfd *new;
 
 	   arrsize = (arrsize == 0) ? 64 : arrsize * 2;
 
-	   if (!(new = whine_malloc(arrsize * sizeof(struct pollfd))))
+	   if (!(new = whine_realloc(pollfds, arrsize * sizeof(struct pollfd))))
 	     return;
 
-	   if (pollfds)
-	     {
-	       memcpy(new, pollfds, i * sizeof(struct pollfd));
-	       memcpy(&new[i+1], &pollfds[i], (nfds - i) * sizeof(struct pollfd));
-	       free(pollfds);
-	     }
-	   
 	   pollfds = new;
 	 }
-       
+
+       memmove(&pollfds[i+1], &pollfds[i], (nfds - i) * sizeof(struct pollfd));
+
        pollfds[i].fd = fd;
        pollfds[i].events = event;
        nfds++;
diff --git a/src/radv-protocol.h b/src/radv-protocol.h
index 8314e8a..7fb6bd8 100644
--- a/src/radv-protocol.h
+++ b/src/radv-protocol.h
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/src/radv.c b/src/radv.c
index 3255904..5820f4a 100644
--- a/src/radv.c
+++ b/src/radv.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -123,7 +123,11 @@ void ra_start_unsolicited(time_t now, struct dhcp_context *context)
      and pick up new interfaces */
   
   if (context)
-    context->ra_short_period_start = context->ra_time = now;
+    {
+      context->ra_short_period_start = now;
+      /* start after 1 second to get logging right at startup. */
+      context->ra_time = now + 1;
+    }
   else
     for (context = daemon->dhcp6; context; context = context->next)
       if (!(context->flags & CONTEXT_TEMPLATE))
@@ -162,7 +166,7 @@ void icmp6_packet(time_t now)
     return;
    
   packet = (unsigned char *)daemon->outpacket.iov_base;
-  
+
   for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
     if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
       {
@@ -187,24 +191,36 @@ void icmp6_packet(time_t now)
  
   if (packet[1] != 0)
     return;
-  
+
   if (packet[0] == ICMP6_ECHO_REPLY)
     lease_ping_reply(&from.sin6_addr, packet, interface); 
   else if (packet[0] == ND_ROUTER_SOLICIT)
     {
       char *mac = "";
       struct dhcp_bridge *bridge, *alias;
+      ssize_t rem;
+      unsigned char *p;
+      int opt_sz;
+      
+#ifdef HAVE_DUMPFILE
+      dump_packet_icmp(DUMP_RA, (void *)packet, sz, (union mysockaddr *)&from, NULL);
+#endif           
       
       /* look for link-layer address option for logging */
-      if (sz >= 16 && packet[8] == ICMP6_OPT_SOURCE_MAC && (packet[9] * 8) + 8 <= sz)
+      for (rem = sz - 8, p = &packet[8]; rem >= 2; rem -= opt_sz, p += opt_sz)
 	{
-	  if ((packet[9] * 8 - 2) * 3 - 1 >= MAXDNAME) {
-	    return;
-	  }
-	  print_mac(daemon->namebuff, &packet[10], (packet[9] * 8) - 2);
-	  mac = daemon->namebuff;
+	  opt_sz = p[1] * 8;
+	  
+	  if (opt_sz == 0 || opt_sz > rem)
+	    return; /* Bad packet */
+	  
+	  if (p[0] == ICMP6_OPT_SOURCE_MAC && ((opt_sz - 2) * 3 - 1 < MAXDNAME))
+	    {
+	      print_mac(daemon->namebuff, &p[2], opt_sz - 2);
+	      mac = daemon->namebuff;
+	    }
 	}
-         
+      
       if (!option_bool(OPT_QUIET_RA))
 	my_syslog(MS_DHCP | LOG_INFO, "RTR-SOLICIT(%s) %s", interface, mac);
 
@@ -543,6 +559,16 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad
       setsockopt(daemon->icmp6fd, IPPROTO_IPV6, IPV6_MULTICAST_IF, &send_iface, sizeof(send_iface));
     }
   
+#ifdef HAVE_DUMPFILE
+  {
+    struct sockaddr_in6 src;
+    src.sin6_family = AF_INET6;
+    src.sin6_addr = parm.link_local;
+    
+    dump_packet_icmp(DUMP_RA, (void *)daemon->outpacket.iov_base, save_counter(-1), (union mysockaddr *)&src, (union mysockaddr *)&addr);
+  }
+#endif
+
   while (retry_send(sendto(daemon->icmp6fd, daemon->outpacket.iov_base, 
 			   save_counter(-1), 0, (struct sockaddr *)&addr, 
 			   sizeof(addr))));
@@ -746,6 +772,8 @@ static int add_lla(int index, unsigned int type, char *mac, size_t maclen, void
 	 add 7 to round up */
       int len = (maclen + 9) >> 3;
       unsigned char *p = expand(len << 3);
+      if (!p)
+	return 1;
       memset(p, 0, len << 3);
       *p++ = ICMP6_OPT_SOURCE_MAC;
       *p++ = len;
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 6fc4f26..5c0df56 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -526,7 +526,7 @@ static int print_txt(struct dns_header *header, const size_t qlen, char *name,
 	}
 
       *p3 = 0;
-      log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, (char*)p1);
+      log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, (char*)p1, 0);
       /* restore */
       memmove(p1 + 1, p1, i);
       *p1 = len;
@@ -538,10 +538,12 @@ static int print_txt(struct dns_header *header, const size_t qlen, char *name,
 /* Note that the following code can create CNAME chains that don't point to a real record,
    either because of lack of memory, or lack of SOA records.  These are treated by the cache code as 
    expired and cleaned out that way. 
-   Return 1 if we reject an address because it look like part of dns-rebinding attack. */
+   Return 1 if we reject an address because it look like part of dns-rebinding attack. 
+   Return 2 if the packet is malformed.
+*/
 int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t now, 
-		      char **ipsets, int is_sign, int check_rebind, int no_cache_dnssec,
-		      int secure, int *doctored)
+		      struct ipsets *ipsets, struct ipsets *nftsets, int is_sign, int check_rebind,
+		      int no_cache_dnssec, int secure, int *doctored)
 {
   unsigned char *p, *p1, *endrr, *namep;
   int j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0;
@@ -552,6 +554,11 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 #else
   (void)ipsets; /* unused */
 #endif
+#ifdef HAVE_NFTSET
+  char **nftsets_cur;
+#else
+  (void)nftsets; /* unused */
+#endif
   int found = 0, cname_count = CNAME_CHAIN;
   struct crec *cpp = NULL;
   int flags = RCODE(header) == NXDOMAIN ? F_NXDOMAIN : 0;
@@ -584,7 +591,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
   namep = p = (unsigned char *)(header+1);
   
   if (ntohs(header->qdcount) != 1 || !extract_name(header, qlen, &p, name, 1, 4))
-    return 0; /* bad packet */
+    return 2; /* bad packet */
   
   GETSHORT(qtype, p); 
   GETSHORT(qclass, p);
@@ -602,13 +609,13 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	{
 	cname_loop:
 	  if (!(p1 = skip_questions(header, qlen)))
-	    return 0;
+	    return 2;
 	  
 	  for (j = 0; j < ntohs(header->ancount); j++) 
 	    {
 	      int secflag = 0;
 	      if (!(res = extract_name(header, qlen, &p1, name, 0, 10)))
-		return 0; /* bad packet */
+		return 2; /* bad packet */
 	      
 	      GETSHORT(aqtype, p1); 
 	      GETSHORT(aqclass, p1);
@@ -643,10 +650,10 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 #endif
 
 		  if (aqtype == T_CNAME)
-		    log_query(secflag | F_CNAME | F_FORWARD | F_UPSTREAM, name, NULL, NULL);
+		    log_query(secflag | F_CNAME | F_FORWARD | F_UPSTREAM, name, NULL, NULL, 0);
 		  
 		  if (!extract_name(header, qlen, &p1, name, 1, 0))
-		    return 0;
+		    return 2;
 		  
 		  if (aqtype == T_CNAME)
 		    {
@@ -661,10 +668,10 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 		  found = 1; 
 		  
 		  if (!name_encoding)
-		    log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, querystr(NULL, aqtype));
+		    log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, NULL, aqtype);
 		  else
 		    {
-		      log_query(name_encoding | secflag | F_REVERSE | F_UPSTREAM, name, &addr, NULL);
+		      log_query(name_encoding | secflag | F_REVERSE | F_UPSTREAM, name, &addr, NULL, 0);
 		      if (insert)
 			cache_insert(name, &addr, C_IN, now, cttl, name_encoding | secflag | F_REVERSE);
 		    }
@@ -672,7 +679,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 
 	      p1 = endrr;
 	      if (!CHECK_LEN(header, p1, qlen, 0))
-		return 0; /* bad packet */
+		return 2; /* bad packet */
 	    }
 	}
       
@@ -691,7 +698,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	      cache_insert(NULL, &addr, C_IN, now, ttl, flags);
 	    }
 	  
-	  log_query(flags | F_UPSTREAM, name, &addr, NULL);
+	  log_query(flags | F_UPSTREAM, name, &addr, NULL, 0);
 	}
     }
   else
@@ -717,14 +724,14 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
       
     cname_loop1:
       if (!(p1 = skip_questions(header, qlen)))
-	return 0;
+	return 2;
       
       for (j = 0; j < ntohs(header->ancount); j++) 
 	{
 	  int secflag = 0;
 	  
 	  if (!(res = extract_name(header, qlen, &p1, name, 0, 10)))
-	    return 0; /* bad packet */
+	    return 2; /* bad packet */
 	  
 	  GETSHORT(aqtype, p1); 
 	  GETSHORT(aqclass, p1);
@@ -742,7 +749,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	    {
 	      p1 = endrr;
 	      if (!CHECK_LEN(header, p1, qlen, 0))
-		return 0; /* bad packet */
+		return 2; /* bad packet */
 	      continue;
 	    }
 	  
@@ -762,7 +769,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	      if (!cname_count--)
 		return 0; /* looped CNAMES */
 	      
-	      log_query(secflag | F_CNAME | F_FORWARD | F_UPSTREAM, name, NULL, NULL);
+	      log_query(secflag | F_CNAME | F_FORWARD | F_UPSTREAM, name, NULL, NULL, 0);
 	      
 	      if (insert)
 		{
@@ -785,16 +792,19 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	      
 	      namep = p1;
 	      if (!extract_name(header, qlen, &p1, name, 1, 0))
-		return 0;
+		return 2;
 	      
-	      goto cname_loop1;
+	      if (qtype != T_CNAME)
+		goto cname_loop1;
+
+	      found = 1;
 	    }
 	  else if (aqtype != qtype)
 	    {
 #ifdef HAVE_DNSSEC
 	      if (!option_bool(OPT_DNSSEC_VALID) || aqtype != T_RRSIG)
 #endif
-		log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, querystr(NULL, aqtype));
+		log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, NULL, aqtype);
 	    }
 	  else if (!(flags & F_NXDOMAIN))
 	    {
@@ -805,25 +815,25 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 		  unsigned char *tmp = namep;
 		  
 		  if (!CHECK_LEN(header, p1, qlen, 6))
-		    return 0; /* bad packet */
+		    return 2; /* bad packet */
 		  GETSHORT(addr.srv.priority, p1);
 		  GETSHORT(addr.srv.weight, p1);
 		  GETSHORT(addr.srv.srvport, p1);
 		  if (!extract_name(header, qlen, &p1, name, 1, 0))
-		    return 0;
+		    return 2;
 		  addr.srv.targetlen = strlen(name) + 1; /* include terminating zero */
 		  if (!(addr.srv.target = blockdata_alloc(name, addr.srv.targetlen)))
 		    return 0;
 		  
 		  /* we overwrote the original name, so get it back here. */
 		  if (!extract_name(header, qlen, &tmp, name, 1, 0))
-		    return 0;
+		    return 2;
 		}
 	      else if (flags & (F_IPV4 | F_IPV6))
 		{
 		  /* copy address into aligned storage */
 		  if (!CHECK_LEN(header, p1, qlen, addrlen))
-		    return 0; /* bad packet */
+		    return 2; /* bad packet */
 		  memcpy(&addr, p1, addrlen);
 		  
 		  /* check for returned address in private space */
@@ -840,14 +850,15 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 		  
 #ifdef HAVE_IPSET
 		  if (ipsets && (flags & (F_IPV4 | F_IPV6)))
-		    {
-		      ipsets_cur = ipsets;
-		      while (*ipsets_cur)
-			{
-			  log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, name, &addr, *ipsets_cur);
-			  add_to_ipset(*ipsets_cur++, &addr, flags, 0);
-			}
-		    }
+		    for (ipsets_cur = ipsets->sets; *ipsets_cur; ipsets_cur++)
+		      if (add_to_ipset(*ipsets_cur, &addr, flags, 0) == 0)
+			log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, ipsets->domain, &addr, *ipsets_cur, 1);
+#endif
+#ifdef HAVE_NFTSET
+		  if (nftsets && (flags & (F_IPV4 | F_IPV6)))
+		    for (nftsets_cur = nftsets->sets; *nftsets_cur; nftsets_cur++)
+		      if (add_to_nftset(*nftsets_cur, &addr, flags, 0) == 0)
+			log_query((flags & (F_IPV4 | F_IPV6)) | F_IPSET, nftsets->domain, &addr, *nftsets_cur, 0);
 #endif
 		}
 	      
@@ -866,19 +877,30 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	      if (aqtype == T_TXT)
 		{
 		  if (!print_txt(header, qlen, name, p1, ardlen, secflag))
-		    return 0;
+		    return 2;
 		}
 	      else
-		log_query(flags | F_FORWARD | secflag | F_UPSTREAM, name, &addr, querystr(NULL, aqtype));
+		log_query(flags | F_FORWARD | secflag | F_UPSTREAM, name, &addr, NULL, aqtype);
 	    }
 	  
 	  p1 = endrr;
 	  if (!CHECK_LEN(header, p1, qlen, 0))
-	    return 0; /* bad packet */
+	    return 2; /* bad packet */
 	}
       
-      if (!found && !option_bool(OPT_NO_NEG))
+      if (!found && (qtype != T_ANY || (flags & F_NXDOMAIN)))
 	{
+	  if (flags & F_NXDOMAIN)
+	    {
+	      flags &= ~(F_IPV4 | F_IPV6 | F_SRV);
+	      
+	      /* Can store NXDOMAIN reply to CNAME or ANY query. */
+	      if (qtype == T_CNAME || qtype == T_ANY)
+		insert = 1;
+	    }
+	  
+	  log_query(F_UPSTREAM | F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0), name, NULL, NULL, 0);
+	  
 	  if (!searched_soa)
 	    {
 	      searched_soa = 1;
@@ -887,22 +909,17 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	  
 	  /* If there's no SOA to get the TTL from, but there is a CNAME 
 	     pointing at this, inherit its TTL */
-	  if (ttl || cpp)
+	  if (insert && !option_bool(OPT_NO_NEG) && (ttl || cpp))
 	    {
 	      if (ttl == 0)
 		ttl = cttl;
 	      
-	      log_query(F_UPSTREAM | F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0), name, NULL, NULL);
-	      
-	      if (insert)
+	      newc = cache_insert(name, NULL, C_IN, now, ttl, F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0));	
+	      if (newc && cpp)
 		{
-		  newc = cache_insert(name, NULL, C_IN, now, ttl, F_FORWARD | F_NEG | flags | (secure ? F_DNSSECOK : 0));	
-		  if (newc && cpp)
-		    {
-		      next_uid(newc);
-		      cpp->addr.cname.target.cache = newc;
-		      cpp->addr.cname.uid = newc->uid;
-		    }
+		  next_uid(newc);
+		  cpp->addr.cname.target.cache = newc;
+		  cpp->addr.cname.uid = newc->uid;
 		}
 	    }
 	}
@@ -1080,7 +1097,7 @@ void setup_reply(struct dns_header *header, unsigned int flags, int ede)
       union all_addr a;
       a.log.rcode = REFUSED;
       a.log.ede = ede;
-      log_query(F_CONFIG | F_RCODE, "error", &a, NULL);
+      log_query(F_CONFIG | F_RCODE, "error", &a, NULL, 0);
       SET_RCODE(header, REFUSED);
     }
 }
@@ -1345,8 +1362,15 @@ int add_resource_record(struct dns_header *header, char *limit, int *truncp, int
 #undef CHECK_LIMIT
 }
 
+static int crec_isstale(struct crec *crecp, time_t now)
+{
+  return (!(crecp->flags & F_IMMORTAL)) && difftime(crecp->ttd, now) < 0; 
+}
+
 static unsigned long crec_ttl(struct crec *crecp, time_t now)
 {
+  signed long ttl = difftime(crecp->ttd, now);
+
   /* Return 0 ttl for DHCP entries, which might change
      before the lease expires, unless configured otherwise. */
 
@@ -1355,8 +1379,8 @@ static unsigned long crec_ttl(struct crec *crecp, time_t now)
       int conf_ttl = daemon->use_dhcp_ttl ? daemon->dhcp_ttl : daemon->local_ttl;
       
       /* Apply ceiling of actual lease length to configured TTL. */
-      if (!(crecp->flags & F_IMMORTAL) && (crecp->ttd - now) < conf_ttl)
-	return crecp->ttd - now;
+      if (!(crecp->flags & F_IMMORTAL) && ttl < conf_ttl)
+	return ttl;
       
       return conf_ttl;
     }	  
@@ -1365,9 +1389,13 @@ static unsigned long crec_ttl(struct crec *crecp, time_t now)
   if (crecp->flags & F_IMMORTAL)
     return crecp->ttd;
 
+  /* Stale cache entries. */
+  if (ttl < 0)
+    return 0;
+  
   /* Return the Max TTL value if it is lower than the actual TTL */
-  if (daemon->max_ttl == 0 || ((unsigned)(crecp->ttd - now) < daemon->max_ttl))
-    return crecp->ttd - now;
+  if (daemon->max_ttl == 0 || ((unsigned)ttl < daemon->max_ttl))
+    return ttl;
   else
     return daemon->max_ttl;
 }
@@ -1380,7 +1408,8 @@ static int cache_validated(const struct crec *crecp)
 /* return zero if we can't answer from cache, or packet size if we can */
 size_t answer_request(struct dns_header *header, char *limit, size_t qlen,  
 		      struct in_addr local_addr, struct in_addr local_netmask, 
-		      time_t now, int ad_reqd, int do_bit, int have_pseudoheader) 
+		      time_t now, int ad_reqd, int do_bit, int have_pseudoheader,
+		      int *stale) 
 {
   char *name = daemon->namebuff;
   unsigned char *p, *ansp;
@@ -1396,6 +1425,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
   size_t len;
   int rd_bit = (header->hb3 & HB3_RD);
 
+  if (stale)
+    *stale = 0;
+  
   /* never answer queries with RD unset, to avoid cache snooping. */
   if (ntohs(header->ancount) != 0 ||
       ntohs(header->nscount) != 0 ||
@@ -1440,36 +1472,64 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 
       ans = 0; /* have we answered this question */
 
-      while (--count != 0 && (crecp = cache_find_by_name(NULL, name, now, F_CNAME)))
-	{
-	  char *cname_target = cache_get_cname_target(crecp);
-
-	  /* If the client asked for DNSSEC  don't use cached data. */
-	  if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
-	      (rd_bit && (!do_bit || cache_validated(crecp))))
-	    {
-	      if (crecp->flags & F_CONFIG || qtype == T_CNAME)
-		ans = 1;
-
-	      if (!(crecp->flags & F_DNSSECOK))
-		sec_data = 0;
-
-	      if (!dryrun)
-		{
-		  log_query(crecp->flags, name, NULL, record_source(crecp->uid));
-		  if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
-					  crec_ttl(crecp, now), &nameoffset,
-					  T_CNAME, C_IN, "d", cname_target))
-		    anscount++;
-		}
-
-	    }
-	  else
-	    return 0; /* give up if any cached CNAME in chain can't be used for DNSSEC reasons. */
+      if (qclass == C_IN)
+	while (--count != 0 && (crecp = cache_find_by_name(NULL, name, now, F_CNAME | F_NXDOMAIN)))
+	  {
+	    char *cname_target;
+	    int stale_flag = 0;
+	    
+	    if (crec_isstale(crecp, now))
+	      {
+		if (stale)
+		  *stale = 1;
+		
+		stale_flag = F_STALE;
+	      }
+	    
+	    if (crecp->flags & F_NXDOMAIN)
+	      {
+		if (qtype == T_CNAME)
+		  {
+		   if (!dryrun)
+		     log_query(stale_flag | crecp->flags, name, NULL, record_source(crecp->uid), 0);
+		    auth = 0;
+		    nxdomain = 1;
+		    ans = 1;
+		  }
+		break;
+	      }  
 
-	  strcpy(name, cname_target);
-	}
-	  
+	    cname_target = cache_get_cname_target(crecp);
+	    
+	    /* If the client asked for DNSSEC  don't use cached data. */
+	    if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
+		(rd_bit && (!do_bit || cache_validated(crecp))))
+	      {
+		if (crecp->flags & F_CONFIG || qtype == T_CNAME)
+		  ans = 1;
+		
+		if (!(crecp->flags & F_DNSSECOK))
+		  sec_data = 0;
+		
+		if (!dryrun)
+		  {
+		    log_query(stale_flag | crecp->flags, name, NULL, record_source(crecp->uid), 0);
+		    if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
+					    crec_ttl(crecp, now), &nameoffset,
+					    T_CNAME, C_IN, "d", cname_target))
+		      anscount++;
+		  }
+		
+	      }
+	    else
+	      return 0; /* give up if any cached CNAME in chain can't be used for DNSSEC reasons. */
+	    
+	    if (qtype == T_CNAME)
+	      break;
+	    
+	    strcpy(name, cname_target);
+	  }
+      
       if (qtype == T_TXT || qtype == T_ANY)
 	{
 	  struct txt_record *t;
@@ -1493,7 +1553,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 #endif
 		      if (ok)
 			{
-			  log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>");
+			  log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>", 0);
 			  if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 						  ttl, NULL,
 						  T_TXT, t->class, "t", t->len, t->txt))
@@ -1515,7 +1575,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		  if (!dryrun)
 		    {
 		       addr.log.rcode = NOTIMP;
-		       log_query(F_CONFIG | F_RCODE, name, &addr, NULL);
+		       log_query(F_CONFIG | F_RCODE, name, &addr, NULL, 0);
 		    }
 		  ans = 1, sec_data = 0;
 		}
@@ -1533,7 +1593,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		sec_data = 0;
 		if (!dryrun)
 		  {
-		    log_query(F_CONFIG | F_RRNAME, name, NULL, querystr(NULL, t->class));
+		    log_query(F_CONFIG | F_RRNAME, name, NULL, NULL, t->class);
 		    if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					    daemon->local_ttl, NULL,
 					    t->class, C_IN, "t", t->len, t->txt))
@@ -1563,7 +1623,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		    
 		    if (addrlist)
 		      break;
-		    else
+		    else if (!(intr->flags & INP4))
 		      while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
 			intr = intr->next;
 		  }
@@ -1578,7 +1638,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		    
 		    if (addrlist)
 		      break;
-		    else
+		    else if (!(intr->flags & INP6))
 		      while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
 			intr = intr->next;
 		  }
@@ -1589,7 +1649,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		  ans = 1;
 		  if (!dryrun)
 		    {
-		      log_query(is_arpa | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
+		      log_query(is_arpa | F_REVERSE | F_CONFIG, intr->name, &addr, NULL, 0);
 		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					      daemon->local_ttl, NULL,
 					      T_PTR, C_IN, "d", intr->name))
@@ -1602,7 +1662,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		  sec_data = 0;
 		  if (!dryrun)
 		    {
-		      log_query(F_CONFIG | F_RRNAME, name, NULL, "<PTR>");
+		      log_query(F_CONFIG | F_RRNAME, name, NULL, "<PTR>", 0);
 		      for (ptr = daemon->ptr; ptr; ptr = ptr->next)
 			if (hostname_isequal(name, ptr->name) &&
 			    add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
@@ -1612,7 +1672,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 			 
 		    }
 		}
-	      else if ((crecp = cache_find_by_addr(NULL, &addr, now, is_arpa)))
+	      else if (is_arpa && (crecp = cache_find_by_addr(NULL, &addr, now, is_arpa)))
 		{
 		  /* Don't use cache when DNSSEC data required, unless we know that
 		     the zone is unsigned, which implies that we're doing
@@ -1622,22 +1682,33 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		    {
 		      do 
 			{ 
+			  int stale_flag = 0;
+			  
+			  if (crec_isstale(crecp, now))
+			    {
+			      if (stale)
+				*stale = 1;
+			      
+			      stale_flag = F_STALE;
+			    }
+			  
 			  /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */
 			  if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
 			    continue;
 			  
+			  
 			  if (!(crecp->flags & F_DNSSECOK))
 			    sec_data = 0;
-			   
+			  
 			  ans = 1;
-			   
+			  
 			  if (crecp->flags & F_NEG)
 			    {
 			      auth = 0;
 			      if (crecp->flags & F_NXDOMAIN)
 				nxdomain = 1;
 			      if (!dryrun)
-				log_query(crecp->flags & ~F_FORWARD, name, &addr, NULL);
+				log_query(stale_flag | (crecp->flags & ~F_FORWARD), name, &addr, NULL, 0);
 			    }
 			  else
 			    {
@@ -1645,8 +1716,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 				auth = 0;
 			      if (!dryrun)
 				{
-				  log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr, 
-					    record_source(crecp->uid));
+				  log_query(stale_flag | (crecp->flags & ~F_FORWARD), cache_get_name(crecp), &addr, 
+					    record_source(crecp->uid), 0);
 				  
 				  if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 							  crec_ttl(crecp, now), NULL,
@@ -1663,7 +1734,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		  sec_data = 0;
 		  if (!dryrun)
 		    {
-		      log_query(F_CONFIG | F_REVERSE | is_arpa, name, &addr, NULL); 
+		      log_query(F_CONFIG | F_REVERSE | is_arpa, name, &addr, NULL, 0);
 		      
 		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					      daemon->local_ttl, NULL,
@@ -1681,7 +1752,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		  nxdomain = 1;
 		  if (!dryrun)
 		    log_query(F_CONFIG | F_REVERSE | is_arpa | F_NEG | F_NXDOMAIN,
-			      name, &addr, NULL);
+			      name, &addr, NULL, 0);
 		}
 	    }
 
@@ -1736,7 +1807,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 			      if (!dryrun)
 				{
 				  gotit = 1;
-				  log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
+				  log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL, 0);
 				  if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 							  daemon->local_ttl, NULL, type, C_IN, 
 							  type == T_A ? "4" : "6", &addrlist->addr))
@@ -1746,15 +1817,15 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		      }
 		  
 		  if (!dryrun && !gotit)
-		    log_query(F_FORWARD | F_CONFIG | flag | F_NEG, name, NULL, NULL);
+		    log_query(F_FORWARD | F_CONFIG | flag | F_NEG, name, NULL, NULL, 0);
 		     
 		  continue;
 		}
 
-	      if ((crecp = cache_find_by_name(NULL, name, now, flag | (dryrun ? F_NO_RR : 0))))
+	      if ((crecp = cache_find_by_name(NULL, name, now, flag | F_NXDOMAIN | (dryrun ? F_NO_RR : 0))))
 		{
 		  int localise = 0;
-		  
+		 		  
 		  /* See if a putative address is on the network from which we received
 		     the query, is so we'll filter other answers. */
 		  if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && flag == F_IPV4)
@@ -1776,6 +1847,16 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		      (rd_bit && (!do_bit || cache_validated(crecp)) ))
 		    do
 		      { 
+			int stale_flag = 0;
+			
+			if (crec_isstale(crecp, now))
+			  {
+			    if (stale)
+			      *stale = 1;
+			    
+			    stale_flag = F_STALE;
+			  }
+			
 			/* don't answer wildcard queries with data not from /etc/hosts
 			   or DHCP leases */
 			if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)))
@@ -1791,7 +1872,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 			    if (crecp->flags & F_NXDOMAIN)
 			      nxdomain = 1;
 			    if (!dryrun)
-			      log_query(crecp->flags, name, NULL, NULL);
+			      log_query(stale_flag | crecp->flags, name, NULL, NULL, 0);
 			  }
 			else 
 			  {
@@ -1808,8 +1889,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 			    ans = 1;
 			    if (!dryrun)
 			      {
-				log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr,
-					  record_source(crecp->uid));
+				log_query(stale_flag | (crecp->flags & ~F_REVERSE), name, &crecp->addr,
+					  record_source(crecp->uid), 0);
 				
 				if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 							crec_ttl(crecp, now), NULL, type, C_IN, 
@@ -1824,7 +1905,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		  ans = 1, sec_data = 0;
 		  if (!dryrun)
 		    {
-		      log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL);
+		      log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL, 0);
 		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 					      daemon->local_ttl, NULL, type, C_IN, type == T_A ? "4" : "6", &addr))
 			anscount++;
@@ -1843,7 +1924,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		    if (!dryrun)
 		      {
 			int offset;
-			log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
+			log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>", 0);
 			if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
 						&offset, T_MX, C_IN, "sd", rec->weight, rec->target))
 			  {
@@ -1861,7 +1942,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		  sec_data = 0;
 		  if (!dryrun)
 		    {
-		      log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
+		      log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>", 0);
 		      if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL, 
 					      T_MX, C_IN, "sd", 1, 
 					      option_bool(OPT_SELFMX) ? name : daemon->mxtarget))
@@ -1883,7 +1964,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		    if (!dryrun)
 		      {
 			int offset;
-			log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>");
+			log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>", 0);
 			if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, 
 						&offset, T_SRV, C_IN, "sssd", 
 						rec->priority, rec->weight, rec->srvport, rec->target))
@@ -1915,27 +1996,40 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 
 	      if (!found)
 		{
-		  if ((crecp = cache_find_by_name(NULL, name, now, F_SRV | (dryrun ? F_NO_RR : 0))) &&
+		  if ((crecp = cache_find_by_name(NULL, name, now, F_SRV | F_NXDOMAIN | (dryrun ? F_NO_RR : 0))) &&
 		      rd_bit && (!do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))))
-		    {
-		      if (!(crecp->flags & F_DNSSECOK))
-			sec_data = 0;
-		      
-		      auth = 0;
-		      found = ans = 1;
-		      
-		      do {
+		    do
+		      {
+			int stale_flag = 0;
+			
+			if (crec_isstale(crecp, now))
+			  {
+			    if (stale)
+			      *stale = 1;
+			    
+			    stale_flag = F_STALE;
+			  }
+			/* don't answer wildcard queries with data not from /etc/hosts or dhcp leases, except for NXDOMAIN */
+			if (qtype == T_ANY && !(crecp->flags & (F_NXDOMAIN)))
+			  break;
+			
+			if (!(crecp->flags & F_DNSSECOK))
+			  sec_data = 0;
+			
+			auth = 0;
+			found = ans = 1;
+			
 			if (crecp->flags & F_NEG)
 			  {
 			    if (crecp->flags & F_NXDOMAIN)
 			      nxdomain = 1;
 			    if (!dryrun)
-			      log_query(crecp->flags, name, NULL, NULL);
+			      log_query(stale_flag | crecp->flags, name, NULL, NULL, 0);
 			  }
 			else if (!dryrun)
 			  {
 			    char *target = blockdata_retrieve(crecp->addr.srv.target, crecp->addr.srv.targetlen, NULL);
-			    log_query(crecp->flags, name, NULL, 0);
+			    log_query(stale_flag | crecp->flags, name, NULL, NULL, 0);
 			    
 			    if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, 
 						    crec_ttl(crecp, now), NULL, T_SRV, C_IN, "sssd",
@@ -1945,14 +2039,13 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 			  }
 		      } while ((crecp = cache_find_by_name(crecp, name, now, F_SRV)));
 		    }
-		}
-
+	      
 	      if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_'))))
 		{
 		  ans = 1;
 		  sec_data = 0;
 		  if (!dryrun)
-		    log_query(F_CONFIG | F_NEG, name, NULL, NULL);
+		    log_query(F_CONFIG | F_NEG, name, NULL, NULL, 0);
 		}
 	    }
 
@@ -1966,7 +2059,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 		    sec_data = 0;
 		    if (!dryrun)
 		      {
-			log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>");
+			log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>", 0);
 			if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, 
 						NULL, T_NAPTR, C_IN, "sszzzd", 
 						na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
@@ -1983,7 +2076,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
 	      ans = 1;
 	      sec_data = 0;
 	      if (!dryrun)
-		log_query(F_CONFIG | F_NEG, name, &addr, NULL);
+		log_query(F_CONFIG | F_NEG, name, &addr, NULL, 0);
 	    }
 	}
 
diff --git a/src/rfc2131.c b/src/rfc2131.c
index c902eb7..17e97b5 100644
--- a/src/rfc2131.c
+++ b/src/rfc2131.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1153,15 +1153,22 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 	  tagif_netid = run_tag_if(&context->netid);
 	}
 
-      log_tags(tagif_netid, ntohl(mess->xid));
       apply_delay(mess->xid, recvtime, tagif_netid);
 
       if (option_bool(OPT_RAPID_COMMIT) && option_find(mess, sz, OPTION_RAPID_COMMIT, 0))
 	{
 	  rapid_commit = 1;
+	  /* If a lease exists for this host and another address, squash it. */
+	  if (lease && lease->addr.s_addr != mess->yiaddr.s_addr)
+	    {
+	      lease_prune(lease, now);
+	      lease = NULL;
+	    }
 	  goto rapid_commit;
 	}
       
+      log_tags(tagif_netid, ntohl(mess->xid));
+
       daemon->metrics[METRIC_DHCPOFFER]++;
       log_packet("DHCPOFFER" , &mess->yiaddr, emac, emac_len, iface_name, NULL, NULL, mess->xid);
       
@@ -1420,21 +1427,18 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 		  /* DNSMASQ_REQUESTED_OPTIONS */
 		  if ((opt = option_find(mess, sz, OPTION_REQUESTED_OPTIONS, 1)))
 		    {
-		      int len = option_len(opt);
+		      int i, len = option_len(opt);
 		      unsigned char *rop = option_ptr(opt, 0);
-		      char *q = daemon->namebuff;
-		      int i;
+		      
 		      for (i = 0; i < len; i++)
-		        {
-		          q += snprintf(q, MAXDNAME - (q - daemon->namebuff), "%d%s", rop[i], i + 1 == len ? "" : ",");
-		        }
-		      lease_add_extradata(lease, (unsigned char *)daemon->namebuff, (q - daemon->namebuff), 0); 
+			lease_add_extradata(lease, (unsigned char *)daemon->namebuff,
+					    sprintf(daemon->namebuff, "%u", rop[i]), (i + 1) == len ? 0 : ',');
 		    }
 		  else
-		    {
-		      add_extradata_opt(lease, NULL);
-		    }
-
+		    lease_add_extradata(lease, NULL, 0, 0);
+		  
+		  add_extradata_opt(lease, option_find(mess, sz, OPTION_MUD_URL_V4, 1));
+		  
 		  /* space-concat tag set */
 		  if (!tagif_netid)
 		    add_extradata_opt(lease, NULL);
@@ -2200,8 +2204,9 @@ static int pxe_uefi_workaround(int pxe_arch, struct dhcp_netid *netid, struct dh
       inet_ntop(AF_INET, &mess->siaddr, (char *)mess->sname, INET_ADDRSTRLEN);
     }
   
-  snprintf((char *)mess->file, sizeof(mess->file), 
-	   strchr(found->basename, '.') ? "%s" : "%s.0", found->basename);
+  if (found->basename)
+    snprintf((char *)mess->file, sizeof(mess->file), 
+	     strchr(found->basename, '.') ? "%s" : "%s.0", found->basename);
   
   return 1;
 }
diff --git a/src/rfc3315.c b/src/rfc3315.c
index 5c2ff97..8754481 100644
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -33,9 +33,9 @@ struct state {
   unsigned int mac_len, mac_type;
 };
 
-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, 
+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, 
 			     struct in6_addr *client_addr, int is_unicast, time_t now);
-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now);
+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now);
 static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts);
 static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string);
 static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string);
@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if
 }
 
 /* This cost me blood to write, it will probably cost you blood to understand - srk. */
-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, 
+static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, 
 			     struct in6_addr *client_addr, int is_unicast, time_t now)
 {
   void *end = inbuff + sz;
   void *opts = inbuff + 34;
-  int msg_type = *((unsigned char *)inbuff);
+  int msg_type = *inbuff;
   unsigned char *outmsgtypep;
   void *opt;
   struct dhcp_vendor *vendor;
@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz,
   return 1;
 }
 
-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now)
+static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now)
 {
   void *opt;
-  int i, o, o1, start_opts;
+  int i, o, o1, start_opts, start_msg;
   struct dhcp_opt *opt_cfg;
   struct dhcp_netid *tagif;
   struct dhcp_config *config = NULL;
   struct dhcp_netid known_id, iface_id, v6_id;
-  unsigned char *outmsgtypep;
+  unsigned char outmsgtype;
   struct dhcp_vendor *vendor;
   struct dhcp_context *context_tmp;
   struct dhcp_mac *mac_opt;
@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
   v6_id.next = state->tags;
   state->tags = &v6_id;
 
-  /* copy over transaction-id, and save pointer to message type */
-  if (!(outmsgtypep = put_opt6(inbuff, 4)))
+  start_msg = save_counter(-1);
+  /* copy over transaction-id */
+  if (!put_opt6(inbuff, 4))
     return 0;
   start_opts = save_counter(-1);
-  state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16;
-   
+  state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16;
+    
   /* We're going to be linking tags from all context we use. 
      mark them as unused so we don't link one twice and break the list */
   for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current)
@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
       (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE))
     
     {  
-      *outmsgtypep = DHCP6REPLY;
+      outmsgtype = DHCP6REPLY;
       o1 = new_opt6(OPTION6_STATUS_CODE);
       put_opt6_short(DHCP6USEMULTI);
       put_opt6_string("Use multicast");
@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
 	struct dhcp_netid *solicit_tags;
 	struct dhcp_context *c;
 	
-	*outmsgtypep = DHCP6ADVERTISE;
+	outmsgtype = DHCP6ADVERTISE;
 	
 	if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0))
 	  {
-	    *outmsgtypep = DHCP6REPLY;
+	    outmsgtype = DHCP6REPLY;
 	    state->lease_allocate = 1;
 	    o = new_opt6(OPTION6_RAPID_COMMIT);
 	    end_opt6(o);
@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
 	int start = save_counter(-1);
 
 	/* set reply message type */
-	*outmsgtypep = DHCP6REPLY;
+	outmsgtype = DHCP6REPLY;
 	state->lease_allocate = 1;
 
 	log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL);
@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
 	int address_assigned = 0;
 
 	/* set reply message type */
-	*outmsgtypep = DHCP6REPLY;
+	outmsgtype = DHCP6REPLY;
 	
 	log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL);
 
@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
 	int good_addr = 0;
 
 	/* set reply message type */
-	*outmsgtypep = DHCP6REPLY;
+	outmsgtype = DHCP6REPLY;
 	
 	log6_quiet(state, "DHCPCONFIRM", NULL, NULL);
 	
@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
 	log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname);
 	if (ignore)
 	  return 0;
-	*outmsgtypep = DHCP6REPLY;
+	outmsgtype = DHCP6REPLY;
 	tagif = add_options(state, 1);
 	break;
       }
@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
     case DHCP6RELEASE:
       {
 	/* set reply message type */
-	*outmsgtypep = DHCP6REPLY;
+	outmsgtype = DHCP6REPLY;
 
 	log6_quiet(state, "DHCPRELEASE", NULL, NULL);
 
@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
     case DHCP6DECLINE:
       {
 	/* set reply message type */
-	*outmsgtypep = DHCP6REPLY;
+	outmsgtype = DHCP6REPLY;
 	
 	log6_quiet(state, "DHCPDECLINE", NULL, NULL);
 
@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
       }
 
     }
-  
+
+  /* Fill in the message type. Note that we store the offset,
+     not a direct pointer, since the packet memory may have been 
+     reallocated. */
+  ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype;
+
   log_tags(tagif, state->xid);
   log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1));
   
@@ -1873,23 +1879,24 @@ static void update_leases(struct state *state, struct dhcp_context *context, str
 #ifdef HAVE_SCRIPT
       if (daemon->lease_change_command)
 	{
-	  void *class_opt;
+	  void *opt;
+	  
 	  lease->flags |= LEASE_CHANGED;
 	  free(lease->extradata);
 	  lease->extradata = NULL;
 	  lease->extradata_size = lease->extradata_len = 0;
 	  lease->vendorclass_count = 0; 
 	  
-	  if ((class_opt = opt6_find(state->packet_options, state->end, OPTION6_VENDOR_CLASS, 4)))
+	  if ((opt = opt6_find(state->packet_options, state->end, OPTION6_VENDOR_CLASS, 4)))
 	    {
-	      void *enc_opt, *enc_end = opt6_ptr(class_opt, opt6_len(class_opt));
+	      void *enc_opt, *enc_end = opt6_ptr(opt, opt6_len(opt));
 	      lease->vendorclass_count++;
 	      /* send enterprise number first  */
-	      sprintf(daemon->dhcp_buff2, "%u", opt6_uint(class_opt, 0, 4));
+	      sprintf(daemon->dhcp_buff2, "%u", opt6_uint(opt, 0, 4));
 	      lease_add_extradata(lease, (unsigned char *)daemon->dhcp_buff2, strlen(daemon->dhcp_buff2), 0);
 	      
-	      if (opt6_len(class_opt) >= 6) 
-		for (enc_opt = opt6_ptr(class_opt, 4); enc_opt; enc_opt = opt6_next(enc_opt, enc_end))
+	      if (opt6_len(opt) >= 6) 
+		for (enc_opt = opt6_ptr(opt, 4); enc_opt; enc_opt = opt6_next(enc_opt, enc_end))
 		  {
 		    lease->vendorclass_count++;
 		    lease_add_extradata(lease, opt6_ptr(enc_opt, 0), opt6_len(enc_opt), 0);
@@ -1899,6 +1906,24 @@ static void update_leases(struct state *state, struct dhcp_context *context, str
 	  lease_add_extradata(lease, (unsigned char *)state->client_hostname, 
 			      state->client_hostname ? strlen(state->client_hostname) : 0, 0);				
 	  
+	  /* DNSMASQ_REQUESTED_OPTIONS */
+	  if ((opt = opt6_find(state->packet_options, state->end, OPTION6_ORO, 2)))
+	    {
+	      int i, len = opt6_len(opt)/2;
+	      u16 *rop = opt6_ptr(opt, 0);
+	      
+	      for (i = 0; i < len; i++)
+		lease_add_extradata(lease, (unsigned char *)daemon->namebuff,
+				    sprintf(daemon->namebuff, "%u", ntohs(rop[i])), (i + 1) == len ? 0 : ',');
+	    }
+	  else
+	    lease_add_extradata(lease, NULL, 0, 0);
+
+	  if ((opt = opt6_find(state->packet_options, state->end, OPTION6_MUD_URL, 1)))
+	    lease_add_extradata(lease, opt6_ptr(opt, 0), opt6_len(opt), 0);
+	  else
+	    lease_add_extradata(lease, NULL, 0, 0);
+
 	  /* space-concat tag set */
 	  if (!tagif && !context->netid.net)
 	    lease_add_extradata(lease, NULL, 0, 0);
@@ -1928,10 +1953,10 @@ static void update_leases(struct state *state, struct dhcp_context *context, str
 	  
 	  lease_add_extradata(lease, (unsigned char *)daemon->addrbuff, state->link_address ? strlen(daemon->addrbuff) : 0, 0);
 	  
-	  if ((class_opt = opt6_find(state->packet_options, state->end, OPTION6_USER_CLASS, 2)))
+	  if ((opt = opt6_find(state->packet_options, state->end, OPTION6_USER_CLASS, 2)))
 	    {
-	      void *enc_opt, *enc_end = opt6_ptr(class_opt, opt6_len(class_opt));
-	      for (enc_opt = opt6_ptr(class_opt, 0); enc_opt; enc_opt = opt6_next(enc_opt, enc_end))
+	      void *enc_opt, *enc_end = opt6_ptr(opt, opt6_len(opt));
+	      for (enc_opt = opt6_ptr(opt, 0); enc_opt; enc_opt = opt6_next(enc_opt, enc_end))
 		lease_add_extradata(lease, opt6_ptr(enc_opt, 0), opt6_len(enc_opt), 0);
 	    }
 	}
@@ -2100,95 +2125,106 @@ static unsigned int opt6_uint(unsigned char *opt, int offset, int size)
   return ret;
 } 
 
-void relay_upstream6(struct dhcp_relay *relay, ssize_t sz, 
-		     struct in6_addr *peer_address, u32 scope_id, time_t now)
+int relay_upstream6(int iface_index, ssize_t sz, 
+		    struct in6_addr *peer_address, u32 scope_id, time_t now)
 {
-  /* ->local is same value for all relays on ->current chain */
-  
-  union all_addr from;
   unsigned char *header;
   unsigned char *inbuff = daemon->dhcp_packet.iov_base;
   int msg_type = *inbuff;
-  int hopcount;
+  int hopcount, o;
   struct in6_addr multicast;
   unsigned int maclen, mactype;
   unsigned char mac[DHCP_CHADDR_MAX];
+  struct dhcp_relay *relay;
+  
+  for (relay = daemon->relay6; relay; relay = relay->next)
+    if (relay->iface_index != 0 && relay->iface_index == iface_index)
+      break;
 
+  /* No relay config. */
+  if (!relay)
+    return 0;
+  
   inet_pton(AF_INET6, ALL_SERVERS, &multicast);
   get_client_mac(peer_address, scope_id, mac, &maclen, &mactype, now);
-
-  /* source address == relay address */
-  from.addr6 = relay->local.addr6;
-    
+  
   /* Get hop count from nested relayed message */ 
   if (msg_type == DHCP6RELAYFORW)
     hopcount = *((unsigned char *)inbuff+1) + 1;
   else
     hopcount = 0;
 
-  /* RFC 3315 HOP_COUNT_LIMIT */
-  if (hopcount > 32)
-    return;
-
   reset_counter();
 
-  if ((header = put_opt6(NULL, 34)))
+  /* RFC 3315 HOP_COUNT_LIMIT */
+  if (hopcount > 32 || !(header = put_opt6(NULL, 34)))
+    return 1;
+  
+  header[0] = DHCP6RELAYFORW;
+  header[1] = hopcount;
+  memcpy(&header[18], peer_address, IN6ADDRSZ);
+  
+  /* RFC-6939 */
+  if (maclen != 0)
     {
-      int o;
-
-      header[0] = DHCP6RELAYFORW;
-      header[1] = hopcount;
-      memcpy(&header[2],  &relay->local.addr6, IN6ADDRSZ);
-      memcpy(&header[18], peer_address, IN6ADDRSZ);
- 
-      /* RFC-6939 */
-      if (maclen != 0)
-	{
-	  o = new_opt6(OPTION6_CLIENT_MAC);
-	  put_opt6_short(mactype);
-	  put_opt6(mac, maclen);
-	  end_opt6(o);
-	}
-      
-      o = new_opt6(OPTION6_RELAY_MSG);
-      put_opt6(inbuff, sz);
+      o = new_opt6(OPTION6_CLIENT_MAC);
+      put_opt6_short(mactype);
+      put_opt6(mac, maclen);
       end_opt6(o);
-      
-      for (; relay; relay = relay->current)
-	{
-	  union mysockaddr to;
-	  
-	  to.sa.sa_family = AF_INET6;
-	  to.in6.sin6_addr = relay->server.addr6;
-	  to.in6.sin6_port = htons(DHCPV6_SERVER_PORT);
-	  to.in6.sin6_flowinfo = 0;
-	  to.in6.sin6_scope_id = 0;
+    }
+  
+  o = new_opt6(OPTION6_RELAY_MSG);
+  put_opt6(inbuff, sz);
+  end_opt6(o);
+  
+  for (; relay; relay = relay->next)
+    if (relay->iface_index != 0 && relay->iface_index == iface_index)
+      {
+	union mysockaddr to;
 
-	  if (IN6_ARE_ADDR_EQUAL(&relay->server.addr6, &multicast))
-	    {
-	      int multicast_iface;
-	      if (!relay->interface || strchr(relay->interface, '*') ||
-		  (multicast_iface = if_nametoindex(relay->interface)) == 0 ||
-		  setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_MULTICAST_IF, &multicast_iface, sizeof(multicast_iface)) == -1)
-		my_syslog(MS_DHCP | LOG_ERR, _("Cannot multicast to DHCPv6 server without correct interface"));
-	    }
-		
-	  send_from(daemon->dhcp6fd, 0, daemon->outpacket.iov_base, save_counter(-1), &to, &from, 0);
-	  
-	  if (option_bool(OPT_LOG_OPTS))
-	    {
-	      inet_ntop(AF_INET6, &relay->local, daemon->addrbuff, ADDRSTRLEN);
-	      inet_ntop(AF_INET6, &relay->server, daemon->namebuff, ADDRSTRLEN);
-	      my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay %s -> %s"), daemon->addrbuff, daemon->namebuff);
-	    }
+	memcpy(&header[2], &relay->local.addr6, IN6ADDRSZ);
+	
+	to.sa.sa_family = AF_INET6;
+	to.in6.sin6_addr = relay->server.addr6;
+	to.in6.sin6_port = htons(relay->port);
+	to.in6.sin6_flowinfo = 0;
+	to.in6.sin6_scope_id = 0;
+	
+	if (IN6_ARE_ADDR_EQUAL(&relay->server.addr6, &multicast))
+	  {
+	    int multicast_iface;
+	    if (!relay->interface || strchr(relay->interface, '*') ||
+		(multicast_iface = if_nametoindex(relay->interface)) == 0 ||
+		setsockopt(daemon->dhcp6fd, IPPROTO_IPV6, IPV6_MULTICAST_IF, &multicast_iface, sizeof(multicast_iface)) == -1)
+	      {
+		my_syslog(MS_DHCP | LOG_ERR, _("Cannot multicast DHCP relay via interface %s"), relay->interface);
+		continue;
+	      }
+	  }
+	
+#ifdef HAVE_DUMPFILE
+	dump_packet_udp(DUMP_DHCPV6, (void *)daemon->outpacket.iov_base, save_counter(-1), NULL, &to, daemon->dhcp6fd);
+#endif
 
-	  /* Save this for replies */
-	  relay->iface_index = scope_id;
-	}
-    }
+	while (retry_send(sendto(daemon->dhcp6fd, (void *)daemon->outpacket.iov_base, save_counter(-1),
+				 0, (struct sockaddr *)&to, sa_len(&to))));
+	
+	if (option_bool(OPT_LOG_OPTS))
+	  {
+	    inet_ntop(AF_INET6, &relay->local, daemon->addrbuff, ADDRSTRLEN);
+	    if (IN6_ARE_ADDR_EQUAL(&relay->server.addr6, &multicast))
+	      snprintf(daemon->namebuff, MAXDNAME, _("multicast via %s"), relay->interface);
+	    else
+	      inet_ntop(AF_INET6, &relay->server, daemon->namebuff, ADDRSTRLEN);
+	    my_syslog(MS_DHCP | LOG_INFO, _("DHCP relay at %s -> %s"), daemon->addrbuff, daemon->namebuff);
+	  }
+	
+      }
+  
+  return 1;
 }
 
-unsigned short relay_reply6(struct sockaddr_in6 *peer, ssize_t sz, char *arrival_interface)
+int relay_reply6(struct sockaddr_in6 *peer, ssize_t sz, char *arrival_interface)
 {
   struct dhcp_relay *relay;
   struct in6_addr link;
@@ -2220,11 +2256,76 @@ unsigned short relay_reply6(struct sockaddr_in6 *peer, ssize_t sz, char *arrival
 	    put_opt6(opt6_ptr(opt, 0), opt6_len(opt));
 	    memcpy(&peer->sin6_addr, &inbuff[18], IN6ADDRSZ); 
 	    peer->sin6_scope_id = relay->iface_index;
-	    return encap_type == DHCP6RELAYREPL ? DHCPV6_SERVER_PORT : DHCPV6_CLIENT_PORT;
+
+	    if (encap_type == DHCP6RELAYREPL)
+	      {
+		peer->sin6_port = ntohs(DHCPV6_SERVER_PORT);
+		return 1;
+	      }
+
+	    peer->sin6_port = ntohs(DHCPV6_CLIENT_PORT);
+	    
+#ifdef HAVE_SCRIPT
+	    if (daemon->lease_change_command && encap_type == DHCP6REPLY)
+	      {
+		/* decapsulate relayed message */
+		opts = opt6_ptr(opt, 4);
+		end = opt6_ptr(opt, opt6_len(opt));
+
+		for (opt = opts; opt; opt = opt6_next(opt, end))
+		  if (opt6_type(opt) == OPTION6_IA_PD && opt6_len(opt) > 12) 
+		    {
+		      void *ia_opts = opt6_ptr(opt, 12);
+		      void *ia_end = opt6_ptr(opt, opt6_len(opt));
+		      void *ia_opt;
+		      
+		      for (ia_opt = ia_opts; ia_opt; ia_opt = opt6_next(ia_opt, ia_end))
+			/* valid lifetime must not be zero. */
+			if (opt6_type(ia_opt) == OPTION6_IAPREFIX && opt6_len(ia_opt) >= 25 && opt6_uint(ia_opt, 4, 4) != 0)
+			  {
+			    if (daemon->free_snoops ||
+				(daemon->free_snoops = whine_malloc(sizeof(struct snoop_record))))
+			      {
+				struct snoop_record *snoop = daemon->free_snoops;
+				
+				daemon->free_snoops = snoop->next;
+				snoop->client = peer->sin6_addr;
+				snoop->prefix_len = opt6_uint(ia_opt, 8, 1); 
+				memcpy(&snoop->prefix, opt6_ptr(ia_opt, 9), IN6ADDRSZ); 
+				snoop->next = relay->snoop_records;
+				relay->snoop_records = snoop;
+			      }
+			  }
+		    }
+	      }
+#endif		
+	    return 1;
 	  }
+      
     }
+  
+  return 0;
+}
 
+#ifdef HAVE_SCRIPT
+int do_snoop_script_run(void)
+{
+  struct dhcp_relay *relay;
+  struct snoop_record *snoop;
+  
+  for (relay = daemon->relay6; relay; relay = relay->next)
+    if ((snoop = relay->snoop_records))
+      {
+	relay->snoop_records = snoop->next;
+	snoop->next = daemon->free_snoops;
+	daemon->free_snoops = snoop;
+	
+	queue_relay_snoop(&snoop->client, relay->iface_index, &snoop->prefix, snoop->prefix_len);
+	return 1;
+      }
+  
   return 0;
 }
+#endif
 
 #endif
diff --git a/src/rrfilter.c b/src/rrfilter.c
index 58c6d8f..42d9c21 100644
--- a/src/rrfilter.c
+++ b/src/rrfilter.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -156,10 +156,10 @@ static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, i
 }
 	
 
-/* mode is 0 to remove EDNS0, 1 to filter DNSSEC RRs */
+/* mode may be remove EDNS0 or DNSSEC RRs or remove A or AAAA from answer section. */
 size_t rrfilter(struct dns_header *header, size_t plen, int mode)
 {
-  static unsigned char **rrs;
+  static unsigned char **rrs = NULL;
   static int rr_sz = 0;
 
   unsigned char *p = (unsigned char *)(header+1);
@@ -192,20 +192,37 @@ size_t rrfilter(struct dns_header *header, size_t plen, int mode)
       if (!ADD_RDLEN(header, p, plen, rdlen))
 	return plen;
 
-      /* Don't remove the answer. */
-      if (i < ntohs(header->ancount) && type == qtype && class == qclass)
-	continue;
-      
-      if (mode == 0) /* EDNS */
+      if (mode == RRFILTER_EDNS0) /* EDNS */
 	{
 	  /* EDNS mode, remove T_OPT from additional section only */
 	  if (i < (ntohs(header->nscount) + ntohs(header->ancount)) || type != T_OPT)
 	    continue;
 	}
-      else if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
-	/* DNSSEC mode, remove SIGs and NSECs from all three sections. */
-	continue;
-      
+      else if (mode == RRFILTER_DNSSEC)
+	{
+	  if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
+	    /* DNSSEC mode, remove SIGs and NSECs from all three sections. */
+	    continue;
+
+	  /* Don't remove the answer. */
+	  if (i < ntohs(header->ancount) && type == qtype && class == qclass)
+	    continue;
+	}
+      else
+	{
+	  /* Only looking at answer section now. */
+	  if (i >= ntohs(header->ancount))
+	    break;
+
+	  if (class != C_IN)
+	    continue;
+	  
+	  if (mode == RRFILTER_A && type != T_A)
+	    continue;
+
+	  if (mode == RRFILTER_AAAA && type != T_AAAA)
+	    continue;
+	}
       
       if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
 	return plen; 
@@ -322,15 +339,11 @@ int expand_workspace(unsigned char ***wkspc, int *szp, int new)
     return 0;
 
   new += 5;
-  
-  if (!(p = whine_malloc(new * sizeof(unsigned char *))))
-    return 0;  
-  
-  if (old != 0 && *wkspc)
-    {
-      memcpy(p, *wkspc, old * sizeof(unsigned char *));
-      free(*wkspc);
-    }
+
+  if (!(p = whine_realloc(*wkspc, new * sizeof(unsigned char *))))
+    return 0;
+
+  memset(p+old, 0, new-old);
   
   *wkspc = p;
   *szp = new;
diff --git a/src/slaac.c b/src/slaac.c
index 9b10063..7d3fce4 100644
--- a/src/slaac.c
+++ b/src/slaac.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/src/tftp.c b/src/tftp.c
index 37bdff2..0861f37 100644
--- a/src/tftp.c
+++ b/src/tftp.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -19,9 +19,9 @@
 #ifdef HAVE_TFTP
 
 static void handle_tftp(time_t now, struct tftp_transfer *transfer, ssize_t len);
-static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix);
+static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix, char *client);
 static void free_transfer(struct tftp_transfer *transfer);
-static ssize_t tftp_err(int err, char *packet, char *message, char *file);
+static ssize_t tftp_err(int err, char *packet, char *message, char *file, char *arg2);
 static ssize_t tftp_err_oops(char *packet, const char *file);
 static ssize_t get_block(char *packet, struct tftp_transfer *transfer);
 static char *next(char **p, char *end);
@@ -95,6 +95,10 @@ void tftp_request(struct listener *listen, time_t now)
 
   if ((len = recvmsg(listen->tftpfd, &msg, 0)) < 2)
     return;
+
+#ifdef HAVE_DUMPFILE
+  dump_packet_udp(DUMP_TFTP, (void *)packet, len, (union mysockaddr *)&peer, NULL, listen->tftpfd);
+#endif
   
   /* Can always get recvd interface for IPv6 */
   if (!check_dest)
@@ -362,7 +366,7 @@ void tftp_request(struct listener *listen, time_t now)
       !(mode = next(&p, end)) ||
       (strcasecmp(mode, "octet") != 0 && strcasecmp(mode, "netascii") != 0))
     {
-      len = tftp_err(ERR_ILL, packet, _("unsupported request from %s"), daemon->addrbuff);
+      len = tftp_err(ERR_ILL, packet, _("unsupported request from %s"), daemon->addrbuff, NULL);
       is_err = 1;
     }
   else
@@ -472,7 +476,7 @@ void tftp_request(struct listener *listen, time_t now)
       strncat(daemon->namebuff, filename, (MAXDNAME-1) - strlen(daemon->namebuff));
       
       /* check permissions and open file */
-      if ((transfer->file = check_tftp_fileperm(&len, prefix)))
+      if ((transfer->file = check_tftp_fileperm(&len, prefix, daemon->addrbuff)))
 	{
 	  if ((len = get_block(packet, transfer)) == -1)
 	    len = tftp_err_oops(packet, daemon->namebuff);
@@ -482,6 +486,10 @@ void tftp_request(struct listener *listen, time_t now)
     }
 
   send_from(transfer->sockfd, !option_bool(OPT_SINGLE_PORT), packet, len, &peer, &addra, if_index);
+
+#ifdef HAVE_DUMPFILE
+  dump_packet_udp(DUMP_TFTP, (void *)packet, len, NULL, (union mysockaddr *)&peer, transfer->sockfd);
+#endif
   
   if (is_err)
     free_transfer(transfer);
@@ -492,7 +500,7 @@ void tftp_request(struct listener *listen, time_t now)
     }
 }
  
-static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix)
+static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix, char *client)
 {
   char *packet = daemon->packet, *namebuff = daemon->namebuff;
   struct tftp_file *file;
@@ -509,7 +517,7 @@ static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix)
     {
       if (errno == ENOENT)
 	{
-	  *len = tftp_err(ERR_FNF, packet, _("file %s not found"), namebuff);
+	  *len = tftp_err(ERR_FNF, packet, _("file %s not found for %s"), namebuff, client);
 	  return NULL;
 	}
       else if (errno == EACCES)
@@ -562,8 +570,7 @@ static struct tftp_file *check_tftp_fileperm(ssize_t *len, char *prefix)
   return file;
   
  perm:
-  errno = EACCES;
-  *len =  tftp_err(ERR_PERM, packet, _("cannot access %s: %s"), namebuff);
+  *len =  tftp_err(ERR_PERM, packet, _("cannot access %s: %s"), namebuff, strerror(EACCES));
   if (fd != -1)
     close(fd);
   return NULL;
@@ -599,8 +606,12 @@ void check_tftp_listeners(time_t now)
 		{
 		  /* Wrong source address. See rfc1350 para 4. */
 		  prettyprint_addr(&peer, daemon->addrbuff);
-		  len = tftp_err(ERR_TID, daemon->packet, _("ignoring packet from %s (TID mismatch)"), daemon->addrbuff);
-		  sendto(transfer->sockfd, daemon->packet, len, 0, &peer.sa, sa_len(&peer));
+		  len = tftp_err(ERR_TID, daemon->packet, _("ignoring packet from %s (TID mismatch)"), daemon->addrbuff, NULL);
+		  while(retry_send(sendto(transfer->sockfd, daemon->packet, len, 0, &peer.sa, sa_len(&peer))));
+
+#ifdef HAVE_DUMPFILE
+		  dump_packet_udp(DUMP_TFTP, (void *)daemon->packet, len, NULL, (union mysockaddr *)&peer, transfer->sockfd);
+#endif
 		}
 	    }
 	}
@@ -635,9 +646,14 @@ void check_tftp_listeners(time_t now)
 	    }
 
 	  if (len != 0)
-	    send_from(transfer->sockfd, !option_bool(OPT_SINGLE_PORT), daemon->packet, len,
-		      &transfer->peer, &transfer->source, transfer->if_index);
-	  	  
+	    {
+	      send_from(transfer->sockfd, !option_bool(OPT_SINGLE_PORT), daemon->packet, len,
+			&transfer->peer, &transfer->source, transfer->if_index);
+#ifdef HAVE_DUMPFILE
+	      dump_packet_udp(DUMP_TFTP, (void *)daemon->packet, len, NULL, (union mysockaddr *)&transfer->peer, transfer->sockfd);
+#endif
+	    }
+	  
 	  if (endcon || len == 0)
 	    {
 	      strcpy(daemon->namebuff, transfer->file->filename);
@@ -743,22 +759,21 @@ static void sanitise(char *buf)
 }
 
 #define MAXMESSAGE 500 /* limit to make packet < 512 bytes and definitely smaller than buffer */ 
-static ssize_t tftp_err(int err, char *packet, char *message, char *file)
+static ssize_t tftp_err(int err, char *packet, char *message, char *file, char *arg2)
 {
   struct errmess {
     unsigned short op, err;
     char message[];
   } *mess = (struct errmess *)packet;
   ssize_t len, ret = 4;
-  char *errstr = strerror(errno);
-  
+    
   memset(packet, 0, daemon->packet_buff_sz);
   if (file)
     sanitise(file);
   
   mess->op = htons(OP_ERR);
   mess->err = htons(err);
-  len = snprintf(mess->message, MAXMESSAGE,  message, file, errstr);
+  len = snprintf(mess->message, MAXMESSAGE,  message, file, arg2);
   ret += (len < MAXMESSAGE) ? len + 1 : MAXMESSAGE; /* include terminating zero */
   
   if (err != ERR_FNF || !option_bool(OPT_QUIET_TFTP))
@@ -772,7 +787,7 @@ static ssize_t tftp_err_oops(char *packet, const char *file)
   /* May have >1 refs to file, so potentially mangle a copy of the name */
   if (file != daemon->namebuff)
     strcpy(daemon->namebuff, file);
-  return tftp_err(ERR_NOTDEF, packet, _("cannot read %s: %s"), daemon->namebuff);
+  return tftp_err(ERR_NOTDEF, packet, _("cannot read %s: %s"), daemon->namebuff, strerror(errno));
 }
 
 /* return -1 for error, zero for done. */
diff --git a/src/ubus.c b/src/ubus.c
index 0c502ad..09071cf 100644
--- a/src/ubus.c
+++ b/src/ubus.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/src/util.c b/src/util.c
index 1425764..e0ce67d 100644
--- a/src/util.c
+++ b/src/util.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2021 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2022 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -115,7 +115,8 @@ u64 rand64(void)
   return (u64)out[outleft+1] + (((u64)out[outleft]) << 32);
 }
 
-/* returns 2 if names is OK but contains one or more underscores */
+/* returns 1 if name is OK and ascii printable
+ * returns 2 if name should be processed by IDN */
 static int check_name(char *in)
 {
   /* remove trailing . 
@@ -123,7 +124,9 @@ static int check_name(char *in)
   size_t dotgap = 0, l = strlen(in);
   char c;
   int nowhite = 0;
+  int idn_encode = 0;
   int hasuscore = 0;
+  int hasucase = 0;
   
   if (l == 0 || l > MAXDNAME) return 0;
   
@@ -136,28 +139,49 @@ static int check_name(char *in)
   for (; (c = *in); in++)
     {
       if (c == '.')
-	dotgap = 0;
+        dotgap = 0;
       else if (++dotgap > MAXLABEL)
-	return 0;
+        return 0;
       else if (isascii((unsigned char)c) && iscntrl((unsigned char)c)) 
-	/* iscntrl only gives expected results for ascii */
-	return 0;
-#if !defined(HAVE_IDN) && !defined(HAVE_LIBIDN2)
+        /* iscntrl only gives expected results for ascii */
+        return 0;
       else if (!isascii((unsigned char)c))
-	return 0;
+#if !defined(HAVE_IDN) && !defined(HAVE_LIBIDN2)
+        return 0;
+#else
+        idn_encode = 1;
 #endif
       else if (c != ' ')
-	{
-	  nowhite = 1;
-	  if (c == '_')
-	    hasuscore = 1;
-	}
+        {
+          nowhite = 1;
+#if defined(HAVE_LIBIDN2) && (!defined(IDN2_VERSION_NUMBER) || IDN2_VERSION_NUMBER < 0x02000003)
+          if (c == '_')
+            hasuscore = 1;
+#else
+          (void)hasuscore;
+#endif
+
+#if defined(HAVE_IDN) || defined(HAVE_LIBIDN2)
+          if (c >= 'A' && c <= 'Z')
+            hasucase = 1;
+#else
+          (void)hasucase;
+#endif
+        }
     }
 
   if (!nowhite)
     return 0;
 
-  return hasuscore ? 2 : 1;
+#if defined(HAVE_LIBIDN2) && (!defined(IDN2_VERSION_NUMBER) || IDN2_VERSION_NUMBER < 0x02000003)
+  /* Older libidn2 strips underscores, so don't do IDN processing
+     if the name has an underscore unless it also has non-ascii characters. */
+  idn_encode = idn_encode || (hasucase && !hasuscore);
+#else
+  idn_encode = idn_encode || hasucase;
+#endif
+
+  return (idn_encode) ? 2 : 1;
 }
 
 /* Hostnames have a more limited valid charset than domain names
@@ -204,17 +228,11 @@ char *canonicalise(char *in, int *nomem)
   if (!(rc = check_name(in)))
     return NULL;
   
-#if defined(HAVE_LIBIDN2) && (!defined(IDN2_VERSION_NUMBER) || IDN2_VERSION_NUMBER < 0x02000003)
-  /* older libidn2 strips underscores, so don't do IDN processing
-     if the name has an underscore (check_name() returned 2) */
-  if (rc != 2)
-#endif
 #if defined(HAVE_IDN) || defined(HAVE_LIBIDN2)
+  if (rc == 2)
     {
 #  ifdef HAVE_LIBIDN2
       rc = idn2_to_ascii_lz(in, &ret, IDN2_NONTRANSITIONAL);
-      if (rc == IDN2_DISALLOWED)
-	rc = idn2_to_ascii_lz(in, &ret, IDN2_TRANSITIONAL);
 #  else
       rc = idna_to_ascii_lz(in, &ret, 0);
 #  endif
@@ -234,12 +252,14 @@ char *canonicalise(char *in, int *nomem)
       
       return ret;
     }
+#else
+  (void)rc;
 #endif
   
   if ((ret = whine_malloc(strlen(in)+1)))
     strcpy(ret, in);
   else if (nomem)
-    *nomem = 1;    
+    *nomem = 1;
 
   return ret;
 }
@@ -316,6 +336,16 @@ void *whine_malloc(size_t size)
   return ret;
 }
 
+void *whine_realloc(void *ptr, size_t size)
+{
+  void *ret = realloc(ptr, size);
+
+  if (!ret)
+    my_syslog(LOG_ERR, _("failed to reallocate %d bytes"), (int) size);
+
+  return ret;
+}
+
 int sockaddr_isequal(const union mysockaddr *s1, const union mysockaddr *s2)
 {
   if (s1->sa.sa_family == s2->sa.sa_family)
@@ -334,6 +364,19 @@ int sockaddr_isequal(const union mysockaddr *s1, const union mysockaddr *s2)
   return 0;
 }
 
+int sockaddr_isnull(const union mysockaddr *s)
+{
+  if (s->sa.sa_family == AF_INET &&
+      s->in.sin_addr.s_addr == 0)
+    return 1;
+  
+  if (s->sa.sa_family == AF_INET6 &&
+      IN6_IS_ADDR_UNSPECIFIED(&s->in6.sin6_addr))
+    return 1;
+  
+  return 0;
+}
+
 int sa_len(union mysockaddr *addr)
 {
 #ifdef HAVE_SOCKADDR_SA_LEN
@@ -347,7 +390,7 @@ int sa_len(union mysockaddr *addr)
 }
 
 /* don't use strcasecmp and friends here - they may be messed up by LOCALE */
-int hostname_isequal(const char *a, const char *b)
+int hostname_order(const char *a, const char *b)
 {
   unsigned int c1, c2;
   
@@ -360,11 +403,19 @@ int hostname_isequal(const char *a, const char *b)
     if (c2 >= 'A' && c2 <= 'Z')
       c2 += 'a' - 'A';
     
-    if (c1 != c2)
-      return 0;
+    if (c1 < c2)
+      return -1;
+    else if (c1 > c2)
+      return 1;
+    
   } while (c1);
   
-  return 1;
+  return 0;
+}
+
+int hostname_isequal(const char *a, const char *b)
+{
+  return hostname_order(a, b) == 0;
 }
 
 /* is b equal to or a subdomain of a return 2 for equal, 1 for subdomain */
@@ -408,18 +459,26 @@ int hostname_issubdomain(char *a, char *b)
 time_t dnsmasq_time(void)
 {
 #ifdef HAVE_BROKEN_RTC
-  struct tms dummy;
-  static long tps = 0;
+  struct timespec ts;
 
-  if (tps == 0)
-    tps = sysconf(_SC_CLK_TCK);
+  if (clock_gettime(CLOCK_MONOTONIC, &ts) < 0)
+    die(_("cannot read monotonic clock: %s"), NULL, EC_MISC);
 
-  return (time_t)(times(&dummy)/tps);
+  return ts.tv_sec;
 #else
   return time(NULL);
 #endif
 }
 
+u32 dnsmasq_milliseconds(void)
+{
+  struct timeval tv;
+
+  gettimeofday(&tv, NULL);
+
+  return (tv.tv_sec) * 1000 + (tv.tv_usec / 1000);
+}
+
 int netmask_length(struct in_addr mask)
 {
   int zero_count = 0;
@@ -528,7 +587,7 @@ void prettyprint_time(char *buf, unsigned int t)
       if ((x = (t/60)%60))
 	p += sprintf(&buf[p], "%um", x);
       if ((x = t%60))
-	p += sprintf(&buf[p], "%us", x);
+	sprintf(&buf[p], "%us", x);
     }
 }
 
@@ -574,7 +633,7 @@ int parse_hex(char *in, unsigned char *out, int maxlen,
 		  int j, bytes = (1 + (r - in))/2;
 		  for (j = 0; j < bytes; j++)
 		    { 
-		      char sav = sav;
+		      char sav;
 		      if (j < bytes - 1)
 			{
 			  sav = in[(j+1)*2];
-- 
2.7.4