2 Add patches to allow build under Android.
4 Provide our own header for the DNS protocol, rather than
5 relying on arpa/nameser.h. This has proved more or less
6 defective over the years and the final straw is that it's
7 effectively empty on Android.
9 Fix regression in 2.56 which caused hex constants in
10 configuration to be rejected if they contain the '*'
13 Correct wrong casts of arguments to ctype.h functions,
14 isdigit(), isxdigit() etc. Thanks to Matthias Andree for
17 Allow build with IDN support independently from i18n.
18 IDN support continues to be included automatically
19 when i18n is included.
20 'make COPTS=-DHAVE_IDN' is the magic incantation.
22 Modify check on extraneous command line junk (added in
23 2.56) so that it doesn't complain about extra _empty_
24 arguments. Otherwise this breaks libvirt.
28 Add a patch to allow dnsmasq to get interface names right in a
29 Solaris zone. Thanks to Dj Padzensky for this.
31 Improve data-type parsing heuristics so that
32 --dhcp-option=option:domain-search,.
33 treats the value as a string and not an IP address.
34 Thanks to Clemens Fischer for spotting that.
36 Add IPv6 support to the TFTP server. Many thanks to Jan
37 'RedBully' Seiffert for the patches.
39 Log DNS queries at level LOG_INFO, rather then
40 LOG_DEBUG. This makes things consistent with DHCP
41 logging. Thanks to Adam Pribyl for spotting the problem.
43 Ensure that dnsmasq terminates cleanly when using
44 --syslog-async even if it cannot make a connection to the
47 Add --add-mac option. This is to support currently
48 experimental DNS filtering facilities. Thanks to Benjamin
49 Petrin for the orignal patch.
51 Fix bug which meant that tags were ignored in dhcp-range
52 configuration specifying PXE-proxy service. Thanks to
53 Cristiano Cumer for spotting this.
55 Raise an error if there is extra junk, not part of an
56 option, on the command line.
58 Flag a couple of log messages in cache.c as coming from
59 the DHCP subsystem. Thanks to Olaf Westrik for the patch.
61 Omit timestamps from logs when a) logging to stderr and
62 b) --keep-in-forground is set. The logging facility on the
63 other end of stderr can be assumned to supply them. Thanks
64 to John Hallam for the patch.
66 Don't complain about strings longer than 255 characters in
67 --txt-record, just split the long strings into 255
68 character chunks instead.
70 Fix crash on double-free. This bug can only happen when
71 dhcp-script is in use and then only in rare circumstances
72 triggered by high DHCP transaction rate and a slow
73 script. Thanks to Ferenc Wagner for finding the problem.
75 Only log that a file has been sent by TFTP after the
76 transfer has completed succesfully.
78 A good suggestion from Ferenc Wagner: extend
79 the --domain option to allow this sort of thing:
80 --domain=thekelleys.org.uk,192.168.0.0/24,local
81 which automatically creates
82 --local=/thekelleys.org.uk/
83 --local=/0.168.192.in-addr.arpa/
85 Tighten up syntax checking of hex contants in the config
86 file. Thanks to Fred Damen for spotting this.
88 Add dnsmasq logo/icon, contributed by Justin Swift. Many
91 Never cache DNS replies which have the 'cd' bit set, or
92 which result from queries forwarded with the 'cd' bit
93 set. The 'cd' bit instructs a DNSSEC validating server
94 upstream to ignore signature failures and return replies
95 anyway. Without this change it's possible to pollute the
96 dnsmasq cache with bad data by making a query with the
97 'cd' bit set and subsequent queries would return this data
98 without its being marked as suspect. Thanks to Anders
99 Kaseorg for pointing out this problem.
101 Add --proxy-dnssec flag, for compliance with RFC
102 4035. Dnsmasq will now clear the 'ad' bit in answers returned
103 from upstream validating nameservers unless this option is
106 Allow a filename of "-" for --conf-file to read
107 stdin. Suggestion from Timothy Redaelli.
109 Rotate the order of SRV records in replies, to provide
110 round-robin load balancing when all the priorities are
111 equal. Thanks to Peter McKinney for the suggestion.
114 contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist
115 so that it doesn't log all queries to a file by
116 default. Thanks again to Peter McKinney.
118 By default, setting an IPv4 address for a domain but not
119 an IPv6 address causes dnsmasq to return
120 an NODATA reply for IPv6 (or vice-versa). So
121 --address=/google.com/1.2.3.4 stops IPv6 queries for
122 *google.com from being forwarded. Make it possible to
123 override this behaviour by defining the sematics if the
124 same domain appears in both --server and --address.
125 In that case, the --address has priority for the address
126 family in which is appears, but the --server has priority
127 of the address family which doesn't appear in --adddress
129 --address=/google.com/1.2.3.4
130 --server=/google.com/#
131 will return 1.2.3.4 for IPv4 queries for *.google.com but
132 forward IPv6 queries to the normal upstream nameserver.
133 Similarly when setting an IPv6 address
134 only this will allow forwarding of IPv4 queries. Thanks to
135 William for pointing out the need for this.
137 Allow more than one --dhcp-optsfile and --dhcp-hostsfile
138 and make them understand directories as arguments in the
139 same way as --addn-hosts. Suggestion from John Hanks.
141 Ignore rebinding requests for leases we don't know
142 about. Rebind is broadcast, so we might get to overhear a
143 request meant for another DHCP server. NAKing this is
144 wrong. Thanks to Brad D'Hondt for assistance with this.
146 Fix cosmetic bug which produced strange output when
147 dumping cache statistics with some configurations. Thanks
148 to Fedor Kozhevnikov for spotting this.
152 Fix crash when /etc/ethers is in use. Thanks to
153 Gianluigi Tiesi for finding this.
155 Fix crash in netlink_multicast(). Thanks to Arno Wald for
158 Allow the empty domain "." in dhcp domain-search (119)
163 There is no version 2.54 to avoid confusion with 2.53,
164 which incorrectly identifies itself as 2.54.
168 Fix failure to compile on Debian/kFreeBSD. Thanks to
169 Axel Beckert and Petr Salinger.
171 Fix code to avoid scary strict-aliasing warnings
172 generated by gcc 4.4.
174 Added FAQ entry warning about DHCP failures with Vista
175 when firewalls block 255.255.255.255.
177 Fixed bug which caused bad things to happen if a
178 resolv.conf file which exists is subsequently removed.
179 Thanks to Nikolai Saoukh for the patch.
181 Rationalised the DHCP tag system. Every configuration item
182 which can set a tag does so by adding "set:<tag>" and
183 every configuration item which is conditional on a tag is
184 made so by "tag:<tag>". The NOT operator changes to '!',
185 which is a bit more intuitive too. Dhcp-host directives
186 can set more than one tag now. The old '#' NOT,
187 "net:" prefix and no-prefixes are still honoured, so
188 no existing config file needs to be changed, but
189 the documentation and new-style config files should be
192 Added --tag-if to allow boolean operations on tags.
193 This allows complicated logic to be clearer and more
194 general. A great suggestion from Richard Voigt.
196 Add broadcast/unicast information to DHCP logging.
198 Allow --dhcp-broadcast to be unconditional.
200 Fixed incorrect behaviour with NOT <tag> conditionals in
201 dhcp-options. Thanks to Max Turkewitz for assistance
204 If we send vendor-class encapsulated options based on the
205 vendor-class supplied by the client, and no explicit
206 vendor-class option is given, echo back the vendor-class
209 Fix bug which stopped dnsmasq from matching both a
210 circuitid and a remoteid. Thanks to Ignacio Bravo for
213 Add --dhcp-proxy, which makes it possible to configure
214 dnsmasq to use a DHCP relay agent as a full proxy, with
215 all DHCP messages passing through the proxy. This is
216 useful if the relay adds extra information to the packets
217 it forwards, but cannot be configured with the RFC 5107
218 server-override option.
220 Added interface:<iface name> part to dhcp-range. The
221 semantics of this are very odd at first sight, but it
222 allows a single line of the form
223 dhcp-range=interface:virt0,192.168.0.4,192.168.0.200
224 to be added to dnsmasq configuration which then supplies
225 DHCP and DNS services to that interface, without affecting
226 what services are supplied to other interfaces and
227 irrespective of the existance or lack of
228 interface=<interface>
229 lines elsewhere in the dnsmasq configuration. The idea is
230 that such a line can be added automatically by libvirt
231 or equivalent systems, without disturbing any manual
234 Similarly to the above, allow --enable-tftp=<interface>
236 Allow a TFTP root to be set separately for requests via
237 different interfaces, --tftp-root=<path>,<interface>
239 Correctly handle and log clashes between CNAMES and
240 DNS names being given to DHCP leases. This fixes a bug
241 which caused nonsense IP addresses to be logged. Thanks to
242 Sergei Zhirikov for finding and analysing the problem.
244 Tweak flush_log so as to avoid leaving the log
245 file in non-blocking mode. O_NONBLOCK is a property of the
246 file, not the process/descriptor.
248 Fix contrib/Solaris10/create_package
249 (/usr/man -> /usr/share/man) Thanks to Vita Batrla.
251 Fix a problem where, if a client got a lease, then went
252 to another subnet and got another lease, then moved back,
253 it couldn't resume the old lease, but would instead get
254 a new address. Thanks to Leonardo Rodrigues for spotting
255 this and testing the fix.
257 Fix weird bug which sometimes omitted certain characters
258 from the start of quoted strings in dhcp-options. Thanks
259 to Dayton Turner for spotting the problem.
261 Add facility to redirect some domains to the standard
262 upstream servers: this allows something like
263 --server=/google.com/1.2.3.4 --server=/www.google.com/#
264 which will send queries for *.google.com to 1.2.3.4,
265 except *www.google.com which will be forwarded as usual.
266 Thanks to AJ Weber for prompting this addition.
268 Improve the hash-algorithm used to generate IP addresses
269 from MAC addresses during initial DHCP address
270 allocation. This improves performance when large numbers
271 of hosts with similar MAC addresses all try and get an IP
272 address at the same time. Thanks to Paul Smith for his
275 Tweak DHCP code so that --bridge-interface can be used to
276 select which IP alias of an interface should be used for
277 DHCP purposes on Linux. If eth0 has an alias eth0:dhcp
278 then adding --bridge-interface=eth0:dhcp,eth0 will use
279 the address of eth0:dhcp to determine the correct subnet
280 for DHCP address allocation. Thanks to Pawel Golaszewski
281 for prompting this and Eric Cooper for further testing.
283 Add --dhcp-generate-names. Suggestion by Ferenc Wagner.
285 Tweak DNS server selection algorithm when there is more
286 than one server available for a domain, eg.
287 --server=/mydomain/1.1.1.1
288 --server=/mydomain/2.2.2.2
289 Thanks to Alberto Cuesta-Canada for spotting a weakness
292 Add --max-ttl. Thanks to Fredrik Ringertz for the patch.
294 Allow --log-facility=- to force all logging to
295 stderr. Suggestion from Clemens Fischer.
297 Fix regression which caused configuration like
298 --address=/.domain.com/1.2.3.4 to be rejected. The dot to the
299 left of the domain has been implied and not required for a
300 long time, but it should be accepted for backward
301 compatibility. Thanks to Andrew Burcin for spotting this.
303 Add --rebind-domain-ok and --rebind-localhost-ok.
304 Suggestion from Clemens Fischer.
306 Log replies to queries of type TXT, when --log-queries
309 Fix compiler warnings when compiled with -DNO_DHCP. Thanks
310 to Shantanu Gadgil for the patch.
312 Updated French translation. Thanks to Gildas Le Nadan.
314 Updated Polish translation. Thanks to Jan Psota.
316 Updated German translation. Thanks to Matthias Andree.
318 Added contrib/static-arp, thanks to Darren Hoo.
320 Fix corruption of the domain when a name from /etc/hosts
321 overrides one supplied by a DHCP client. Thanks to Fedor
322 Kozhevnikov for spotting the problem.
324 Updated Spanish translation. Thanks to Chris Chatham.
328 Work around a Linux kernel bug which insists that the
329 length of the option passed to setsockopt must be at least
330 sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
331 and the device name is "lo". Note that this is fixed
332 in kernel 2.6.31, but the workaround is harmless and
333 allows earlier kernels to be used. Also fix dnsmasq
334 bug which reported the wrong address when this failed.
335 Thanks to Fedor for finding this.
337 The API for IPv6 PKTINFO changed around Linux kernel
338 2.6.14. Workaround the case where dnsmasq is compiled
339 against newer headers, but then run on an old kernel:
340 necessary for some *WRT distros.
342 Re-read the set of network interfaces when re-loading
343 /etc/resolv.conf if --bind-interfaces is not set. This
344 handles the case that loopback interfaces do not exist
345 when dnsmasq is first started.
347 Tweak the PXE code to support port 4011. This should
348 reduce broadcasts and make things more reliable when other
349 servers are around. It also improves inter-operability
350 with certain clients.
352 Make a pxe-service configuration with no filename or boot
353 service type legal: this does a local boot. eg.
354 pxe-service=x86PC, "Local boot"
356 Be more conservative in detecting "A for A"
357 queries. Dnsmasq checks if the name in a type=A query looks
358 like a dotted-quad IP address and answers the query itself
359 if so, rather than forwarding it. Previously dnsmasq
360 relied in the library function inet_addr() to convert
361 addresses, and that will accept some things which are
362 confusing in this context, like 1.2.3 or even just
363 1234. Now we only do A for A processing for four decimal
364 numbers delimited by dots.
366 A couple of tweaks to fix compilation on Solaris. Thanks
367 to Joel Macklow for help with this.
369 Another Solaris compilation tweak, needed for Solaris
370 2009.06. Thanks to Lee Essen for that.
372 Added extract packaging stuff from Lee Essen to
375 Increased the default limit on number of leases to 1000
376 (from 150). This is mainly a defence against DoS attacks,
377 and for the average "one for two class C networks"
378 installation, IP address exhaustion does that just as
379 well. Making the limit greater than the number of IP
380 addresses available in such an installation removes a
381 surprise which otherwise can catch people out.
383 Removed extraneous trailing space in the value of the
384 DNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH and
385 DNSMASQ_LEASE_EXPIRES environment variables. Thanks to
386 Gildas Le Nadan for spotting this.
388 Provide the network-id tags for a DHCP transaction to
389 the lease-change script in the environment variable
390 DNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.
392 Add support for RFC3925 "Vendor-Identifying Vendor
393 Options". The syntax looks like this:
394 --dhcp-option=vi-encap:<enterprise number>, .........
396 Add support to --dhcp-match to allow matching against
397 RFC3925 "Vendor-Identifying Vendor Classes". The syntax
399 --dhcp-match=tag,vi-encap<enterprise number>, <value>
401 Add some application specific code to assist in
402 implementing the Broadband forum TR069 CPE-WAN
403 specification. The details are in contrib/CPE-WAN/README
405 Increase the default DNS packet size limit to 4096, as
406 recommended by RFC5625 section 4.4.3. This can be
407 reconfigured using --edns-packet-max if needed. Thanks to
408 Francis Dupont for pointing this out.
410 Rewrite query-ids even for TSIG signed packets, since
411 this is allowed by RFC5625 section 4.5.
413 Use getopt_long by default on OS X. It has been supported
414 since version 10.3.0. Thanks to Arek Dreyer for spotting
417 Added up-to-date startup configuration for MacOSX/launchd
418 in contrib/MacOSX-launchd. Thanks to Arek Dreyer for
421 Fix link error when including Dbus but excluding DHCP.
422 Thanks to Oschtan for the bug report.
424 Updated French translation. Thanks to Gildas Le Nadan.
426 Updated Polish translation. Thanks to Jan Psota.
428 Updated Spanish translation. Thanks to Chris Chatham.
430 Fixed confusion about domains, when looking up DHCP hosts
431 in /etc/hosts. This could cause spurious "Ignoring
432 domain..." messages. Thanks to Fedor Kozhevnikov for
433 finding and analysing the problem.
437 Add support for internationalised DNS. Non-ASCII characters
438 in domain names found in /etc/hosts, /etc/ethers and
439 /etc/dnsmasq.conf will be correctly handled by translation to
440 punycode, as specified in RFC3490. This function is only
441 available if dnsmasq is compiled with internationalisation
442 support, and adds a dependency on GNU libidn. Without i18n
443 support, dnsmasq continues to be compilable with just
444 standard tools. Thanks to Yves Dorfsman for the
447 Add two more environment variables for lease-change scripts:
448 First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
449 supplied by a client, even if the actual hostname used is
450 over-ridden by dhcp-host or dhcp-ignore-names directives.
451 Also DNSMASQ_RELAY_ADDRESS which gives the address of
452 a DHCP relay, if used.
453 Suggestions from Michael Rack.
455 Fix regression which broke echo of relay-agent
456 options. Thanks to Michael Rack for spotting this.
458 Don't treat option 67 as being interchangeable with
459 dhcp-boot parameters if it's specified as
462 Make the code to call scripts on lease-change compile-time
463 optional. It can be switched off by editing src/config.h
464 or building with "make COPTS=-DNO_SCRIPT".
466 Make the TFTP server cope with filenames from Windows/DOS
467 which use '\' as pathname separator. Thanks to Ralf for
470 Updated Polish translation. Thanks to Jan Psota.
472 Warn if an IP address is duplicated in /etc/ethers. Thanks
473 to Felix Schwarz for pointing this out.
475 Teach --conf-dir to take an option list of file suffices
476 which will be ignored when scanning the directory. Useful
477 for backup files etc. Thanks to Helmut Hullen for the
480 Add new DHCP option named tftpserver-address, which
481 corresponds to the third argument of dhcp-boot. This
482 allows the complete functionality of dhcp-boot to be
483 replicated with dhcp-option. Useful when using
486 Test which upstream nameserver to use every 10 seconds
487 or 50 queries and not just when a query times out and
488 is retried. This should improve performance when there
489 is a slow nameserver in the list. Thanks to Joe for the
492 Don't do any PXE processing, even for clients with the
493 correct vendorclass, unless at least one pxe-prompt or
494 pxe-service option is given. This stops dnsmasq
495 interfering with proxy PXE subsystems when it is just
496 the DHCP server. Thanks to Spencer Clark for spotting this.
498 Limit the blocksize used for TFTP transfers to a value
499 which avoids packet fragmentation, based on the MTU of the
500 local interface. Many netboot ROMs can't cope with
503 Honour dhcp-ignore configuration for PXE and proxy-PXE
504 requests. Thanks to Niels Basjes for the bug report.
506 Updated French translation. Thanks to Gildas Le Nadan.
510 Fix security problem which allowed any host permitted to
511 do TFTP to possibly compromise dnsmasq by remote buffer
512 overflow when TFTP enabled. Thanks to Core Security
513 Technologies and Iván Arce, Pablo Hernán Jorge, Alejandro
514 Pablo Rodriguez, MartÃn Coco, Alberto Soliño Testa and
515 Pablo Annetta. This problem has Bugtraq id: 36121
518 Fix a problem which allowed a malicious TFTP client to
519 crash dnsmasq. Thanks to Steve Grubb at Red Hat for
520 spotting this. This problem has Bugtraq id: 36120 and
525 Fix regression in 2.48 which disables the lease-change
526 script. Thanks to Jose Luis Duran for spotting this.
528 Log TFTP "file not found" errors. These were not logged,
529 since a normal PXELinux boot generates many of them, but
530 the lack of the messages seems to be more confusing than
531 routinely seeing them when there is no real error.
533 Update Spanish translation. Thanks to Chris Chatham.
537 Archived the extensive, backwards, changelog to
538 CHANGELOG.archive. The current changelog now runs from
539 version 2.43 and runs conventionally.
541 Fixed bug which broke binding of servers to physical
542 interfaces when interface names were longer than four
543 characters. Thanks to MURASE Katsunori for the patch.
545 Fixed netlink code to check that messages come from the
546 correct source, and not another userspace process. Thanks
547 to Steve Grubb for the patch.
549 Maintainability drive: removed bug and missing feature
550 workarounds for some old platforms. Solaris 9, OpenBSD
551 older than 4.1, Glibc older than 2.2, Linux 2.2.x and
552 DBus older than 1.1.x are no longer supported.
554 Don't read included configuration files more than once:
555 allows complex configuration structures without problems.
557 Mark log messages from the various subsystems in dnsmasq:
558 messages from the DHCP subsystem now have the ident string
559 "dnsmasq-dhcp" and messages from TFTP have ident
560 "dnsmasq-tftp". Thanks to Olaf Westrik for the patch.
562 Fix possible infinite DHCP protocol loop when an IP
563 address nailed to a hostname (not a MAC address) and a
564 host sometimes provides the name, sometimes not.
566 Allow --addn-hosts to take a directory: all the files
567 in the directory are read. Thanks to Phil Cornelius for
570 Support --bridge-interface on all platforms, not just BSD.
572 Added support for advanced PXE functions. It's now
573 possible to define a prompt and menu options which will
574 be displayed when a client PXE boots. It's also possible to
575 hand-off booting to other boot servers. Proxy-DHCP, where
576 dnsmasq just supplies the PXE information and another DHCP
577 server does address allocation, is also allowed. See the
578 --pxe-prompt and --pxe-service keywords. Thanks to
579 Alkis Georgopoulos for the suggestion and Guilherme Moro
580 and Michael Brown for assistance.
582 Improvements to DHCP logging. Thanks to Tom Metro for
585 Add ability to build dnsmasq without DHCP support. To do
586 this, edit src/config.h or build with
587 "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch.
589 Added --test command-line switch - syntax check
590 configuration files only.
592 Updated French translation. Thanks to Gildas Le Nadan.
596 Updated French translation. Thanks to Gildas Le Nadan.
598 Fixed interface enumeration code to work on NetBSD
599 5.0. Thanks to Roy Marples for the patch.
601 Updated config.h to use the same location for the lease
602 file on NetBSD as the other *BSD variants. Also allow
603 LEASEFILE and CONFFILE symbols to be overriden in CFLAGS.
605 Handle duplicate address detection on IPv6 more
606 intelligently. In IPv6, an interface can have an address
607 which is not usable, because it is still undergoing DAD
608 (such addresses are marked "tentative"). Attempting to
609 bind to an address in this state returns an error,
610 EADDRNOTAVAIL. Previously, on getting such an error,
611 dnsmasq would silently abandon the address, and never
612 listen on it. Now, it retries once per second for 20
613 seconds before generating a fatal error. 20 seconds should
614 be long enough for any DAD process to complete, but can be
615 adjusted in src/config.h if necessary. Thanks to Martin
616 Krafft for the bug report.
618 Add DBus introspection. Patch from Jeremy Laine.
620 Update Dbus configuration file. Patch from Colin Walters.
622 http://bugs.freedesktop.org/show_bug.cgi?id=18961
624 Support arbitrarily encapsulated DHCP options, suggestion
625 and initial patch from Samium Gromoff. This is useful for
626 (eg) gPXE, which expect all its private options to be
627 encapsulated inside a single option 175. So, eg,
629 dhcp-option = encap:175, 190, "iscsi-client0"
630 dhcp-option = encap:175, 191, "iscsi-client0-secret"
632 will provide iSCSI parameters to gPXE.
634 Enhance --dhcp-match to allow testing of the contents of a
635 client-sent option, as well as its presence. This
636 application in mind for this is RFC 4578
637 client-architecture specifiers, but it's generally useful.
638 Joey Korkames suggested the enhancement.
640 Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on
641 OpenSolaris. Thanks to Bastian Machek for the heads-up.
643 No longer complain about blank lines in
644 /etc/ethers. Thanks to Jon Nelson for the patch.
646 Fix binding of servers to physical devices, eg
647 --server=/domain/1.2.3.4@eth0 which was broken from 2.43
648 onwards unless --query-port=0 set. Thanks to Peter Naulls
651 Reply to DHCPINFORM requests even when the supplied ciaddr
652 doesn't fall in any dhcp-range. In this case it's not
653 possible to supply a complete configuration, but
654 individually-configured options (eg PAC) may be useful.
656 Allow the source address of an alias to be a range:
657 --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole
658 subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255,
660 --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
661 maps only the 192.168.0.10->192.168.0.40 region. Thanks to
662 Ib Uhrskov for the suggestion.
664 Don't dynamically allocate DHCP addresses which may break
665 Windows. Addresses which end in .255 or .0 are broken in
666 Windows even when using supernetting.
667 --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means
668 192.168.0.255 is a valid IP address, but not for Windows.
669 See Microsoft KB281579. We therefore no longer allocate
670 these addresses to avoid hard-to-diagnose problems.
672 Update Polish translation. Thanks to Jan Psota.
674 Delete the PID-file when dnsmasq shuts down. Note that by
675 this time, dnsmasq is normally not running as root, so
676 this will fail if the PID-file is stored in a root-owned
677 directory; such failure is silently ignored. To take
678 advantage of this feature, the PID-file must be stored in a
679 directory owned and write-able by the user running
684 Allow --bootp-dynamic to take a netid tag, so that it may
685 be selectively enabled. Thanks to Olaf Westrik for the
688 Remove ISC-leasefile reading code. This has been
689 deprecated for a long time, and last time I removed it, it
690 ended up going back by request of one user. This time,
691 it's gone for good; otherwise it would need to be
692 re-worked to support multiple domains (see below).
694 Support DHCP clients in multiple DNS domains. This is a
695 long-standing request. Clients are assigned to a domain
696 based in their IP address.
698 Add --dhcp-fqdn flag, which changes behaviour if DNS names
699 assigned to DHCP clients. When this is set, there must be
700 a domain associated with each client, and only
701 fully-qualified domain names are added to the DNS. The
702 advantage is that the only the FQDN needs to be unique,
703 so that two or more DHCP clients can share a hostname, as
704 long as they are in different domains.
706 Set environment variable DNSMASQ_DOMAIN when invoking
707 lease-change script. This may be useful information to
708 have now that it's variable.
710 Tighten up data-checking code for DNS packet
711 handling. Thanks to Steve Dodd who found certain illegal
712 packets which could crash dnsmasq. No memory overwrite was
713 possible, so this is not a security issue beyond the DoS
716 Update example config dhcp option 47, the previous
717 suggestion generated an illegal, zero-length,
718 option. Thanks to Matthias Andree for finding this.
720 Rewrite hosts-file reading code to remove the limit of
721 1024 characters per line. John C Meuser found this.
723 Create a net-id tag with the name of the interface on
724 which the DHCP request was received.
726 Fixed minor memory leak in DBus code, thanks to Jeremy
729 Emit DBus signals as the DHCP lease database
730 changes. Thanks to Jeremy Laine for the patch.
732 Allow for more that one MAC address in a dhcp-host
733 line. This configuration tells dnsmasq that it's OK to
734 abandon a DHCP lease of the fixed address to one MAC
735 address, if another MAC address in the dhcp-host statement
736 asks for an address. This is useful to give a fixed
737 address to a host which has two network interfaces
738 (say, a laptop with wired and wireless interfaces.)
739 It's very important to ensure that only one interface
740 at a time is up, since dnsmasq abandons the first lease
741 and re-uses the address before the leased time has
742 elapsed. John Gray suggested this.
744 Tweak the response to a DHCP request packet with a wrong
745 server-id when --dhcp-authoritative is set; dnsmasq now
746 returns a DHCPNAK, rather than silently ignoring the
747 packet. Thanks to Chris Marget for spotting this
750 Add --cname option. This provides a limited alias
751 function, usable for DHCP names. Thanks to AJ Weber for
754 Updated contrib/webmin with latest version from Neil
757 Updated Polish translation. Thanks to Jan Psota.
759 Correct the text names for DHCP options 64 and 65 to be
760 "nis+-domain" and "nis+-servers".
762 Updated Spanish translation. Thanks to Chris Chatham.
764 Force re-reading of /etc/resolv.conf when an "interface
769 Fix total DNS failure in release 2.44 unless --min-port
770 specified. Thanks to Steven Barth and Grant Coady for
771 bugreport. Also reject out-of-range port spec, which could
772 break things too: suggestion from Gilles Espinasse.
776 Fix crash when unknown client attempts to renew a DHCP
777 lease, problem introduced in version 2.43. Thanks to
778 Carlos Carvalho for help chasing this down.
780 Fix potential crash when a host which doesn't have a lease
781 does DHCPINFORM. Again introduced in 2.43. This bug has
782 never been reported in the wild.
784 Fix crash in netlink code introduced in 2.43. Thanks to
785 Jean Wolter for finding this.
787 Change implementation of min_port to work even if min-port
790 Patch to enable compilation of latest Mac OS X. Thanks to
793 Update Spanish translation. Thanks to Christopher Chatham.
797 Updated Polish translation. Thanks to Jan Psota.
799 Flag errors when configuration options are repeated
802 Further tweaks for GNU/kFreeBSD
804 Add --no-wrap to msgmerge call - provides nicer .po file
807 Honour lease-time spec in dhcp-host lines even for
808 BOOTP. The user is assumed to known what they are doing in
809 this case. (Hosts without the time spec still get infinite
810 leases for BOOTP, over-riding the default in the
811 dhcp-range.) Thanks to Peter Katzmann for uncovering this.
813 Fix problem matching relay-agent ids. Thanks to Michael
814 Rack for the bug report.
816 Add --naptr-record option. Suggestion from Johan
819 Implement RFC 5107 server-id-override DHCP relay agent
822 Apply patches from Stefan Kruger for compilation on
823 Solaris 10 under Sun studio.
825 Yet more tweaking of Linux capability code, to suppress
826 pointless wingeing from kernel 2.6.25 and above.
828 Improve error checking during startup. Previously, some
829 errors which occurred during startup would be worked
830 around, with dnsmasq still starting up. Some were logged,
831 some silent. Now, they all cause a fatal error and dnsmasq
832 terminates with a non-zero exit code. The errors are those
833 associated with changing uid and gid, setting process
834 capabilities and writing the pidfile. Thanks to Uwe
835 Gansert and the Suse security team for pointing out
836 this improvement, and Bill Reimers for good implementation
839 Provide NO_LARGEFILE compile option to switch off largefile
840 support when compiling against versions of uclibc which
841 don't support it. Thanks to Stephane Billiart for the patch.
843 Implement random source ports for interactions with
844 upstream nameservers. New spoofing attacks have been found
845 against nameservers which do not do this, though it is not
846 clear if dnsmasq is vulnerable, since to doesn't implement
847 recursion. By default dnsmasq will now use a different
848 source port (and socket) for each query it sends
849 upstream. This behaviour can suppressed using the
850 --query-port option, and the old default behaviour
851 restored using --query-port=0. Explicit source-port
852 specifications in --server configs are still honoured.
854 Replace the random number generator, for better
855 security. On most BSD systems, dnsmasq uses the
856 arc4random() RNG, which is secure, but on other platforms,
857 it relied on the C-library RNG, which may be
858 guessable and therefore allow spoofing. This release
859 replaces the libc RNG with the SURF RNG, from Daniel
860 J. Berstein's DJBDNS package.
862 Don't attempt to change user or group or set capabilities
863 if dnsmasq is run as a non-root user. Without this, the
864 change from soft to hard errors when these fail causes
865 problems for non-root daemons listening on high
866 ports. Thanks to Patrick McLean for spotting this.
868 Updated French translation. Thanks to Gildas Le Nadan.
872 The changelog for version 2.42 and earlier is
873 available in CHANGELOG.archive.