SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for dnsmasq-2.71-1.1.x86_64.rpm :
Wed Jul 22 14:00:00 2015 maxAATTsuse.com
- Build with support for DNSSEC (fate#318323, bsc#908137).

Tue Apr 28 14:00:00 2015 maxAATTsuse.com
- Fix unchecked return value of the setup_reply() function
(bsc#928867, CVE-2015-3294).
- Fix caching of local records (bsc#923144).

Wed Aug 6 14:00:00 2014 vwallfahrerAATTsuse.com
- Removed Suse and all other OS/Distribution related subdirs from
contrib, so only the rest gets packaged. The subdirs are not
necessary anymore (bnc#889028).

Tue Aug 5 14:00:00 2014 vwallfahrerAATTsuse.com
- Removed README.SUSE file, it was to confusing and not necessary (bnc#889972).
Information is already present in the upstream documentation.
- Split up vendor-files.tar.bz2 into single files
- Comply with systemd packaging guidlines

Thu Jun 12 14:00:00 2014 cdenicoloAATTsuse.com
- license update: GPL-2.0 or GPL-3.0
correct license is dual GPL-2.0 or GPL-3.0; please add COPYING-v3-file to
RPM.

Wed Jun 11 14:00:00 2014 dmuellerAATTsuse.com
- update to 2.71:
Subtle change to error handling to help DNSSEC validation
when servers fail to provide NODATA answers for
non-existent DS records.
Tweak code which removes DNSSEC records from answers when
not required. Fixes broken answers when additional section
has real records in it. Thanks to Marco Davids for the bug
report.
Fix DNSSEC validation of ANY queries. Thanks to Marco Davids
for spotting that too.
Fix total DNS failure and 100% CPU use if cachesize set to zero,
regression introduced in 2.69. Thanks to James Hunt and
the Ubuntu crowd for assistance in fixing this.
Fix crash, introduced in 2.69, on TCP request when dnsmasq
compiled with DNSSEC support, but running without DNSSEC
enabled. Thanks to Manish Sing for spotting that one.
Fix regression which broke ipset functionality. Thanks to
Wang Jian for the bug report.
Implement dynamic interface discovery on
*BSD. This allows
the contructor: syntax to be used in dhcp-range for DHCPv6
on the BSD platform. Thanks to Matthias Andree for
valuable research on how to implement this.
Fix infinite loop associated with some --bogus-nxdomain
configs. Thanks fogobogo for the bug report.
Fix missing RA RDNS option with configuration like
- -dhcp-option=option6:23,[::] Thanks to Tsachi Kimeldorfer
for spotting the problem.
Add [fd00::] and [fe80::] as special addresses in DHCPv6
options, analogous to [::]. [fd00::] is replaced with the
actual ULA of the interface on the machine running
dnsmasq, [fe80::] with the link-local address.
Thanks to Tsachi Kimeldorfer for championing this.
DNSSEC validation and caching. Dnsmasq needs to be
compiled with this enabled, with
make dnsmasq COPTS=-DHAVE_DNSSEC
this add dependencies on the nettle crypto library and the
gmp maths library. It\'s possible to have these linked
statically with
make dnsmasq COPTS=\'-DHAVE_DNSSEC -DHAVE_DNSSEC_STATIC\'
which bloats the dnsmasq binary, but saves the size of
the shared libraries which are much bigger.
To enable, DNSSEC, you will need a set of
trust-anchors. Now that the TLDs are signed, this can be
the keys for the root zone, and for convenience they are
included in trust-anchors.conf in the dnsmasq
distribution. You should of course check that these are
legitimate and up-to-date. So, adding
conf-file=/path/to/trust-anchors.conf
dnssec
to your config is all thats needed to get things
working. The upstream nameservers have to be DNSSEC-capable
too, of course. Many ISP nameservers aren\'t, but the
Google public nameservers (8.8.8.8 and 8.8.4.4) are.
When DNSSEC is configured, dnsmasq validates any queries
for domains which are signed. Query results which are
bogus are replaced with SERVFAIL replies, and results
which are correctly signed have the AD bit set. In
addition, and just as importantly, dnsmasq supplies
correct DNSSEC information to clients which are doing
their own validation, and caches DNSKEY, DS and RRSIG
records, which significantly improve the performance of
downstream validators. Setting --log-queries will show
DNSSEC in action.
If a domain is returned from an upstream nameserver without
DNSSEC signature, dnsmasq by default trusts this. This
means that for unsigned zone (still the majority) there
is effectively no cost for having DNSSEC enabled. Of course
this allows an attacker to replace a signed record with a
false unsigned record. This is addressed by the
- -dnssec-check-unsigned flag, which instructs dnsmasq
to prove that an unsigned record is legitimate, by finding
a secure proof that the zone containing the record is not
signed. Doing this has costs (typically one or two extra
upstream queries). It also has a nasty failure mode if
dnsmasq\'s upstream nameservers are not DNSSEC capable.
Without --dnssec-check-unsigned using such an upstream
server will simply result in not queries being validated;
with --dnssec-check-unsigned enabled and a
DNSSEC-ignorant upstream server, _all_ queries will fail.
Note that DNSSEC requires that the local time is valid and
accurate, if not then DNSSEC validation will fail. NTP
should be running. This presents a problem for routers
without a battery-backed clock. To set the time needs NTP
to do DNS lookups, but lookups will fail until NTP has run.
To address this, there\'s a flag, --dnssec-no-timecheck
which disables the time checks (only) in DNSSEC. When dnsmasq
is started and the clock is not synced, this flag should
be used. As soon as the clock is synced, SIGHUP dnsmasq.
The SIGHUP clears the cache of partially-validated data and
resets the no-timecheck flag, so that all DNSSEC checks
henceforward will be complete.
The development of DNSSEC in dnsmasq was started by
Giovanni Bajo, to whom huge thanks are owed. It has been
supported by Comcast, whose techfund grant has allowed for
an invaluable period of full-time work to get it to
a workable state.
Add --rev-server. Thanks to Dave Taht for suggesting this.
Add --servers-file. Allows dynamic update of upstream servers
full access to configuration.
Add --local-service. Accept DNS queries only from hosts
whose address is on a local subnet, ie a subnet for which
an interface exists on the server. This option
only has effect if there are no --interface --except-interface,
- -listen-address or --auth-server options. It is intended
to be set as a default on installation, to allow
unconfigured installations to be useful but also safe from
being used for DNS amplification attacks.
Fix crashes in cache_get_cname_target() when dangling CNAMEs
encountered. Thanks to Andy and the rt-n56u project for
find this and helping to chase it down.
Fix wrong RCODE in authoritative DNS replies to PTR queries. The
correct answer was included, but the RCODE was set to NXDOMAIN.
Thanks to Craig McQueen for spotting this.
Make statistics available as DNS queries in the .bind TLD as
well as logging them.
Use random addresses for DHCPv6 temporary address
allocations, instead of algorithmically determined stable
addresses.
Fix bug which meant that the DHCPv6 DUID was not available
in DHCP script runs during the lifetime of the dnsmasq
process which created the DUID de-novo. Once the DUID was
created and stored in the lease file and dnsmasq
restarted, this bug disappeared.
Fix bug introduced in 2.67 which could result in erroneous
NXDOMAIN returns to CNAME queries.
Fix build failures on MacOS X and openBSD.
Allow subnet specifications in --auth-zone to be interface
names as well as address literals. This makes it possible
to configure authoritative DNS when local address ranges
are dynamic and works much better than the previous
work-around which exempted contructed DHCP ranges from the
IP address filtering. As a consequence, that work-around
is removed. Under certain circumstances, this change wil
break existing configuration: if you\'re relying on the
contructed-range exception, you need to change --auth-zone
to specify the same interface as is used to construct your
DHCP ranges, probably with a trailing \"/6\" like this:
- -auth-zone=example.com,eth0/6 to limit the addresses to
IPv6 addresses of eth0.
Fix problems when advertising deleted IPv6 prefixes. If
the prefix is deleted (rather than replaced), it doesn\'t
get advertised with zero preferred time. Thanks to Tsachi
for the bug report.
Fix segfault with some locally configured CNAMEs. Thanks
to Andrew Childs for spotting the problem.
Fix memory leak on re-reading /etc/hosts and friends,
introduced in 2.67.
Check the arrival interface of incoming DNS and TFTP
requests via IPv6, even in --bind-interfaces mode. This
isn\'t possible for IPv4 and can generate scary warnings,
but as it\'s always possible for IPv6 (the API always
exists) then we should do it always.
Tweak the rules on prefix-lengths in --dhcp-range for
IPv6. The new rule is that the specified prefix length
must be larger than or equal to the prefix length of the
corresponding address on the local interface.
Fix crash if upstream server returns SERVFAIL when
- -conntrack in use. Thanks to Giacomo Tazzari for finding
this and supplying the patch.
Repair regression in 2.64. That release stopped sending
lease-time information in the reply to DHCPINFORM
requests, on the correct grounds that it was a standards
violation. However, this broke the dnsmasq-specific
dhcp_lease_time utility. Now, DHCPINFORM returns
lease-time only if it\'s specifically requested
(maintaining standards) and the dhcp_lease_time utility
has been taught to ask for it (restoring functionality).
Fix --dhcp-match, --dhcp-vendorclass and --dhcp-userclass
to work with BOOTP and well as DHCP. Thanks to Peter
Korsgaard for spotting the problem.
Add --synth-domain. Thanks to Vishvananda Ishaya for
suggesting this.
Fix failure to compile ipset.c if old kernel headers are
in use. Thanks to Eugene Rudoy for pointing this out.
Handle IPv4 interface-address labels in Linux. These are
often used to emulate the old IP-alias addresses. Before,
using --interface=eth0 would service all the addresses of
eth0, including ones configured as aliases, which appear
in ifconfig as eth0:0. Now, only addresses with the label
eth0 are active. This is not backwards compatible: if you
want to continue to bind the aliases too, you need to add
eg. --interface=eth0:0 to the config.
Fix \"failed to set SO_BINDTODEVICE on DHCP socket: Socket
operation on non-socket\" error on startup with
configurations which have exactly one --interface option
and do RA but _not_ DHCPv6. Thanks to Trever Adams for the
bug report.
Generalise --interface-name to cope with IPv6 addresses
and multiple addresses per interface per address family.
Fix option parsing for --dhcp-host, which was generating a
spurious error when all seven possible items were
included. Thanks to Zhiqiang Wang for the bug report.
Remove restriction on prefix-length in --auth-zone. Thanks
to Toke Hoiland-Jorgensen for suggesting this.
Log when the maximum number of concurrent DNS queries is
reached. Thanks to Marcelo Salhab Brogliato for the patch.
If wildcards are used in --interface, don\'t assume that
there will only ever be one available interface for DHCP
just because there is one at start-up. More may appear, so
we can\'t use SO_BINDTODEVICE. Thanks to Natrio for the bug
report.
Increase timeout/number of retries in TFTP to accomodate
AudioCodes Voice Gateways doing streaming writes to flash.
Thanks to Damian Kaczkowski for spotting the problem.
Fix crash with empty DHCP string options when adding zero
terminator. Thanks to Patrick McLean for the bug report.
Allow hostnames to start with a number, as allowed in
RFC-1123. Thanks to Kyle Mestery for the patch.
Fixes to DHCP FQDN option handling: don\'t terminate FQDN
if domain not known and allow a FQDN option with blank
name to request that a FQDN option is returned in the
reply. Thanks to Roy Marples for the patch.
Make --clear-on-reload apply to setting upstream servers
via DBus too.
When the address which triggered the construction of an
advertised IPv6 prefix disappears, continue to advertise
the prefix for up to 2 hours, with the preferred lifetime
set to zero. This satisfies RFC 6204 4.3 L-13 and makes
things work better if a prefix disappears without being
deprecated first. Thanks to Uwe Schindler for persuasively
arguing for this.
Fix MAC address enumeration on
*BSD. Thanks to Brad Smith
for the bug report.
Support RFC-4242 information-refresh-time options in the
reply to DHCPv6 information-request. The lease time of the
smallest valid dhcp-range is sent. Thanks to Uwe Schindler
for suggesting this.
Make --listen-address higher priority than --except-interface
in all circumstances. Thanks to Thomas Hood for the bugreport.
Provide independent control over which interfaces get TFTP
service. If enable-tftp is given a list of interfaces, then TFTP
is provided on those. Without the list, the previous behaviour
(provide TFTP to the same interfaces we provide DHCP to)
is retained. Thanks to Lonnie Abelbeck for the suggestion.
Add --dhcp-relay config option. Many thanks to vtsl.net
for sponsoring this development.
Fix crash with empty tag: in --dhcp-range. Thanks to
Kaspar Schleiser for the bug report.
Add \"baseline\" and \"bloatcheck\" makefile targets, for
revealing size changes during development. Thanks to
Vladislav Grishenko for the patch.
Cope with DHCPv6 clients which send REQUESTs without
address options - treat them as SOLICIT with rapid commit.
Support identification of clients by MAC address in
DHCPv6. When using a relay, the relay must support RFC
6939 for this to work. It always works for directly
connected clients. Thanks to Vladislav Grishenko
for prompting this feature.
Remove the rule for constructed DHCP ranges that the local
address must be either the first or last address in the
range. This was originally to avoid SLAAC addresses, but
we now explicitly autoconfig and privacy addresses instead.
Update Polish translation. Thanks to Jan Psota.
Fix problem in DHCPv6 vendorclass/userclass matching
code. Thanks to Tanguy Bouzeloc for the patch.
Update Spanish transalation. Thanks to Vicente Soriano.
Add --ra-param option. Thanks to Vladislav Grishenko for
inspiration on this.
Add --add-subnet configuration, to tell upstream DNS
servers where the original client is. Thanks to DNSthingy
for sponsoring this feature.
Add --quiet-dhcp, --quiet-dhcp6 and --quiet-ra. Thanks to
Kevin Darbyshire-Bryant for the initial patch.
Allow A/AAAA records created by --interface-name to be the
target of --cname. Thanks to Hadmut Danisch for the
suggestion.
Avoid treating a --dhcp-host which has an IPv6 address
as eligable for use with DHCPv4 on the grounds that it has
no address, and vice-versa. Thanks to Yury Konovalov for
spotting the problem.
Do a better job caching dangling CNAMEs. Thanks to Yves
Dorfsman for spotting the problem.
Add the ability to act as an authoritative DNS
server. Dnsmasq can now answer queries from the wider \'net
with local data, as long as the correct NS records are set
up. Only local data is provided, to avoid creating an open
DNS relay. Zone transfer is supported, to allow secondary
servers to be configured.
Add \"constructed DHCP ranges\" for DHCPv6. This is intended
for IPv6 routers which get prefixes dynamically via prefix
delegation. With suitable configuration, stateful DHCPv6
and RA can happen automatically as prefixes are delegated
and then deprecated, without having to re-write the
dnsmasq configuration file or restart the daemon. Thanks to
Steven Barth for extensive testing and development work on
this idea.
Fix crash on startup on Solaris 11. Regression probably
introduced in 2.61. Thanks to Geoff Johnstone for the
patch.
Add code to make behaviour for TCP DNS requests that same
as for UDP requests, when a request arrives for an allowed
address, but via a banned interface. This change is only
active on Linux, since the relevant API is missing (AFAIK)
on other platforms. Many thanks to Tomas Hozza for
spotting the problem, and doing invaluable discovery of
the obscure and undocumented API required for the solution.
Don\'t send the default DHCP option advertising dnsmasq as
the local DNS server if dnsmasq is configured to not act
as DNS server, or it\'s configured to a non-standard port.
Add DNSMASQ_CIRCUIT_ID, DNSMASQ_SUBCRIBER_ID,
DNSMASQ_REMOTE_ID variables to the environment of the
lease-change script (and the corresponding Lua). These hold
information inserted into the DHCP request by a DHCP relay
agent. Thanks to Lakefield Communications for providing a
bounty for this addition.
Fixed crash, introduced in 2.64, whilst handling DHCPv6
information-requests with some common configurations.
Thanks to Robert M. Albrecht for the bug report and
chasing the problem.
Add --ipset option. Thanks to Jason A. Donenfeld for the
patch.
Don\'t erroneously reject some option names in --dhcp-match
options. Thanks to Benedikt Hochstrasser for the bug report.
Allow a trailing \'
*\' wildcard in all interface-name
configurations. Thanks to Christian Parpart for the patch.
Handle the situation where libc headers define
SO_REUSEPORT, but the kernel in use doesn\'t, to cope with
the introduction of this option to Linux. Thanks to Rich
Felker for the bug report.
Update Polish translation. Thanks to Jan Psota.
Fix crash if the configured DHCP lease limit is
reached. Regression occurred in 2.61. Thanks to Tsachi for
the bug report.
Update the French translation. Thanks to Gildas le Nadan.

Wed Mar 26 13:00:00 2014 crrodriguezAATTopensuse.org
- dnsmasq.service: Set PrivateDevices=yes so we run in a
separate namespace with the bare minimum device nodes isolated
from the host.

Mon Apr 22 14:00:00 2013 meissnerAATTsuse.com
- reintroduced /sbin/rcdnsmasq as /sbin/service link.

Sat Apr 20 14:00:00 2013 crrodriguezAATTopensuse.org
- Do not order after syslog.target which it is neither
required not recommended and currently no longer even exists.

Sat Apr 13 14:00:00 2013 cooloAATTsuse.com
- sync /srv/tftpboot directory attributes with atftp package

Wed Apr 3 14:00:00 2013 crrodriguezAATTopensuse.org
- remove all sysvinit support

Tue Mar 12 13:00:00 2013 vuntzAATTsuse.com
- Create a utils subpackage to include DHCP lease management utils
(that are living in contrib/wrt):
+ Explicitly build them in %build and install the files in
%install.
+ Summary and description of the new subpackage are taken from
Fedora.

Fri Feb 22 13:00:00 2013 rmilasanAATTsuse.com
- Install dnsmasq.service accordingly (/usr/lib/systemd for 12.3
and up or /lib/systemd for older versions).

Fri Dec 14 13:00:00 2012 toganmAATTopensuse.org
- Update to version 2.65. For other changes relating to other
versions in between please see the CHANGELOG

* Fix regression which broke forwarding orgf queries sent via
TCP which are not for A and AAAA and which were directed to
non-default servers. Thanks to Niax for the bug reportst.
Fix failure to build with DHCP support excluded. Thanks to
Gustavo Zacarias for the patch.
Fix nasty regression in 27.64 which completely broke cacheing.
- renamed group_and_isc.diff to group_and_isc.patch rebasinp to -p1
level as outlined in the documentation at
http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines

Thu Oct 4 14:00:00 2012 cfarrellAATTsuse.com
- license update: GPL-2.0
Most of the source code files give a choice of either GPL-2.0 or GPL-3.0
(not GPL-2.0+). The website states that the COPYING file in the
distribution is the official license - in this case it is GPL-2.0. This
is consistent with what Fedora state about the package. Accordingly, I^d
be ok with License: GPL-2.0 or License: (GPL-2.0 or GPL-3.0) but not
License: GPL-2.0+

Sun Jun 24 14:00:00 2012 crrodriguezAATTopensuse.org
- Update to version 2.62, misc bugfixes
- Fix CFLAGS/LDFLAGS usage
- fix the small cache size problem in a different way by tweaking
the build config instead.

Sat Jun 23 14:00:00 2012 crrodriguezAATTopensuse.org
- The default cache size is way too small (150 entries) use a sane
default of 2000 as used in
*WRT embeeded routers which is still
very conservative for a desktop/server machine.
- use async logging

Sun Apr 29 14:00:00 2012 pascal.bleserAATTopensuse.org
- update to 2.61:

* add ra-names, ra-stateless and slaac keywords for DHCPv6: dnsmasq can now
synthesise AAAA records for dual-stack hosts which get IPv6 addresses via
SLAAC; it is also now possible to use SLAAC and stateless DHCPv6, and to
tell clients to use SLAAC addresses as well as DHCP ones

* add --dhcp-duid to allow DUID-EN uids to be used

* explicity send DHCPv6 replies to the correct port, instead of relying on
clients to send requests with the correct source address, since at least
one client in the wild gets this wrong

* send a preference value of 255 in DHCPv6 replies when --dhcp-authoritative
is in effect: his tells clients not to wait around for other DHCP servers

* better logging of DHCPv6 options

* add --host-record

* invoke the DHCP script with action \"tftp\" when a TFTP file transfer
completes: the size of the file, address to which it was sent and complete
pathname are supplied; note that version 2.60 introduced some script
incompatibilties associated with DHCPv6, and this is a further change; to
be safe, scripts should ignore unknown actions, and if not IPv6-aware,
should exit if the environment variable DNSMASQ_IAID is set; the use-case
for this is to track netboot/install

* update contrib/port-forward/dnsmasq-portforward to reflect the above

* set the environment variable DNSMASQ_LOG_DHCP when running the script id
- -log-dhcp is in effect, so that script can taylor their logging verbosity

* arrange that addresses specified with --listen-address work even if there
is no interface carrying the address; this is chiefly useful for IPv4
loopback addresses, where any address in 127.0.0.0/8 is a valid loopback
address, but normally only 127.0.0.1 appears on the lo interface

* fix crash, introduced in 2.60, when a DHCPINFORM is received from a network
which has no valid dhcp-range

* add a new DHCP lease time keyword, \"deprecated\" for --dhcp-range: this is
only valid for IPv6, and sets the preffered lease time for both DHCP and RA
to zero; the effect is that clients can continue to use the address for
existing connections, but new connections will use other addresses, if they
exist; this makes hitless renumbering at least possible

* fix bug in address6_available() which caused DHCPv6 lease aquistion to fail
if more than one dhcp-range in use

* provide RDNSS and DNSSL data in router advertisements, using the settings
provided for DHCP options option6:domain-search and option6:dns-server

* don\'t cache data from non-recursive nameservers, since it may erroneously
look like a valid CNAME to a non-exitant name

* call SO_BINDTODEVICE on the DHCP socket(s) when doing DHCP on exacly one
interface and --bind-interfaces is set; this makes the OpenStack use-case
of one dnsmasq per virtual interface work

* give correct from-cache answers to explict CNAME queries

* add --tftp-lowercase option

* ensure that the DBus DhcpLeaseUpdated events are generated when a lease
goes through INIT_REBOOT state, even if the dhcp-script is not in use

Tue Mar 6 13:00:00 2012 ugAATTsuse.de
- some dhcp fixes
- Add Lua integration
- Set TOS on DHCP sockets
- Improve start-up speed when reading large hosts files
- Fix problem if dnsmasq is started without the stdin
- Allow the TFP server or boot server in --pxe-service
- Support DHCPv6. Support is there for the sort of things
the existing v4 server does, including tags, options,
static addresses and relay support
- Support IPv6 router advertisements
- Fix long-standing wrinkle with --localise-queries that
could result in wrong answers when DNS packets arrive
via an interface other than the expected one
- 2.60

Wed Feb 8 13:00:00 2012 ugAATTsuse.de
- added correct group for tftp
(bnc#738905)

Mon Feb 6 13:00:00 2012 crrodriguezAATTopensuse.org
- Use systemd macros correctly
- build with PIE and full RELRO.

Thu Jan 19 13:00:00 2012 crrodriguezAATTopensuse.org
- --enable-dbus must be explicit in systemd unit
- default user is provided in config file or takes defaults on
group_and_isc.diff

Wed Jan 18 13:00:00 2012 crrodriguezAATTopensuse.org
- dnsmasq has dbus support, use it for systemd service.

Fri Nov 25 13:00:00 2011 ugAATTsuse.de
- removed systemd config for pre-12.1

Thu Nov 24 13:00:00 2011 crrodriguezAATTopensuse.org
- Must be of type forking and change uid to dnsmasq

Thu Nov 24 13:00:00 2011 crrodriguezAATTopensuse.org
- Add systemd startup script

Thu Oct 20 14:00:00 2011 ugAATTsuse.de
- dnsmasq still announced itself as 2.59-RC1
no other code changes than just the correct version string

Tue Oct 18 14:00:00 2011 ugAATTsuse.de
- fixed binding to IPv6 link-local addresses
(regression from 2.58)
- 2.59

Sun Sep 18 14:00:00 2011 jengelhAATTmedozas.de
- Remove redundant tags/sections from specfile
(cf. packaging guidelines)
- Use %_smp_mflags for parallel build

Fri Aug 26 14:00:00 2011 ugAATTsuse.de
- Support scope-ids in IPv6 addresses of nameservers from
/etc/resolv.conf and in --server options
- Fix bug which resulted in truncated files and timeouts for
some TFTP transfers
- Allow the TFTP-server address in --dhcp-boot to be a
domain-name which is looked up in /etc/hosts
- Tweak the behaviour of --domain-needed
- Add support for Linux conntrack connection marking
- Don\'t return NXDOMAIN to an AAAA query if we have CNAME
which points to an A record only
- logging fixes
- many DHCP fixes and features (see Changelog)
- update to 2.58

Wed Mar 2 13:00:00 2011 ugAATTsuse.de
- Add IPv6 support to the TFTP server
- Log DNS queries at level LOG_INFO
- Add --add-mac option
- some logging fixes
- Don\'t complain about strings longer than
255 characters in txt records
- extended the --domain option
- Never cache DNS replies which have the \'cd\' bit set
- Add --proxy-dnssec flag
- Allow a filename of \"-\" for --conf-file
- some smaller bugfixes
- update to 2.57

Tue Jun 8 14:00:00 2010 ugAATTsuse.de

* Fix crash when /etc/ethers is in use.

* Fix crash in netlink_multicast().

* Allow the empty domain \".\" in dhcp domain-search (119)
options.

* 2.55 (there was no 2.54)

Mon Jun 7 14:00:00 2010 ugAATTsuse.de

* Fixed bug which caused bad things to happen if a
resolv.conf file which exists is subsequently removed

* Rationalised the DHCP tag system

* Added --tag-if to allow boolean operations on tags

* Add broadcast/unicast information to DHCP logging

* Allow --dhcp-broadcast to be unconditional

* Fixed incorrect behaviour with NOT conditionals in
dhcp-options

* If we send vendor-class encapsulated options based on the
vendor-class supplied by the client, and no explicit
vendor-class option is given, echo back the vendor-class
from the client.

* Fix bug which stopped dnsmasq from matching both a
circuitid and a remoteid

* Add --dhcp-proxy

* Added interface: part to dhcp-range

* and a lot more ... checke the CHANGELOG in the package

* 2.53

Mon Jan 25 13:00:00 2010 ugAATTsuse.de

* adds support for RFC 3925 vendor identifying vendor
options.

* has some minor enhancements to the PXE subsystem and external
hooks for tracking DHCP leases.

* 2.52

Fri Nov 20 13:00:00 2009 ugAATTsuse.de

* Add support for internationalised DNS.

* Add two more environment variables for lease-change scripts:
First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname
supplied by a client, even if the actual hostname used is
over-ridden by dhcp-host or dhcp-ignore-names directives.
Also DNSMASQ_RELAY_ADDRESS which gives the address of
a DHCP relay, if used.

* Fix regression which broke echo of relay-agent
options. Thanks to Michael Rack for spotting this.

* Don\'t treat option 67 as being interchangeable with
dhcp-boot parameters if it\'s specified as
dhcp-option-force.

* Make the code to call scripts on lease-change compile-time
optional. It can be switched off by editing src/config.h
or building with \"make COPTS=-DNO_SCRIPT\".

* Make the TFTP server cope with filenames from Windows/DOS
which use \'\\\' as pathname separator. Thanks to Ralf for
the patch.

* Warn if an IP address is duplicated in /etc/ethers.

* Teach --conf-dir to take an option list of file suffices
which will be ignored when scanning the directory. Useful
for backup files etc. Thanks to Helmut Hullen for the
suggestion.

* Add new DHCP option named tftpserver-address

* Don\'t do any PXE processing, even for clients with the
correct vendorclass, unless at least one pxe-prompt or
pxe-service option is given.

* Limit the blocksize used for TFTP transfers to a value
which avoids packet fragmentation, based on the MTU of the
local interface. Many netboot ROMs can\'t cope with
fragmented packets.

* Honour dhcp-ignore configuration for PXE and proxy-PXE
requests.

* 2.51

Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0

Tue Sep 1 14:00:00 2009 ugAATTsuse.de
- Fix security problem which allowed any host permitted to
do TFTP to possibly compromise dnsmasq by remote buffer
overflow when TFTP enabled.
- version 2.50

Tue Jun 16 14:00:00 2009 ugAATTsuse.de
- Fix regression in 2.48 which disables the lease-change
script
- version 2.49

Fri Jun 5 14:00:00 2009 ugAATTsuse.de
-Fixed bug which broke binding of servers to physical
interfaces when interface names were longer than four
characters.
- Fixed netlink code
- Don\'t read included configuration files more than once
- Mark log messages from the various subsystems in dnsmasq
- Fix possible infinite DHCP protocol loop when an IP
address nailed to a hostname
- Allow --addn-hosts to take a directory
- Support --bridge-interface on all platforms
- Added support for advanced PXE functions
- Improvements to DHCP logging
- Added --test command-line switch
- version 2.48

Mon Mar 16 13:00:00 2009 ugAATTsuse.de
- dbus documentation added

Tue Mar 10 13:00:00 2009 ugAATTsuse.de
- Enable dbus support by jnelson


  
ICM