1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
|
release 0.4 - initial public release
release 0.5 - added caching, removed compiler warning on linux PPC
release 0.6 - TCP handling: close socket and return to connect state if we
can't read the first byte. This corrects a problem seen very
occasionally where dnsmasq would loop using all available CPU.
Added a patch from Cris Bailiff <c.bailiff@e-secure.com.au>
to set SO_REUSEADDR on the tcp socket which stops problems when
dnsmasq is restarted and old connections still exist.
Stopped claiming in doc.html that smail is the default Debian
mailer, since it isn't any longer. (Pointed out by
David Karlin <dkarlin@coloradomtn.edu>)
release 0.7 Create a pidfile at /var/run/dnsmasq.pid
Extensive armouring against "poison packets" courtesy of
Thomas Moestl <tmoestl@gmx.net>
Set sockaddr.sa_family on outgoing address, patch from
David Symonds <xoxus@usa.net>
Patch to clear cache on SIGHUP
from Jason L. Wagner <nialscorva@yahoo.com>
Fix bad bug resulting from not initialising value-result
address-length parameter to recvfrom() and accept() - it
worked by luck before!
release 0.95 Major rewrite: remove calls to gethostbyname() and talk
directly to the upstream server(s) instead.
This has many advantages.
(1) Dnsmasq no longer blocks during long lookups.
(2) All query types are handled now, (eg MX) not just internet
address queries. Addresses are cached, all other
queries are forwarded directly.
(3) Time-to-live data from upstream server is read and
used by dnsmasq to purge entries from the cache.
(4) /etc/hosts is still read and its contents served (unless
the -h option is given).
(5) Dnsmasq can get its upstream servers from
a file other than /etc/resolv.conf (-r option) this allows
dnsmasq to serve names to the machine it is running
on (put nameserver 127.0.0.1 in /etc/resolv.conf and
give dnsmasq the option -r /etc/resolv.dnsmasq)
(6) Dnsmasq will re-read it's servers if the
modification time of resolv.conf changes. Along with
4 above this allows nameservers to be set
automatically by ppp or dhcp.
A really clever NAT-like technique allows the daemon to have lots
of queries in progress, but still remain very lightweight.
Dnsmasq has a small footprint and normally doesn't allocate
any more memory after start-up. The NAT-like forwarding was
inspired by a suggestion from Eli Chen <eli@routefree.com>
release 0.96 Fixed embarrasing thinko in cache linked-list code.
release 0.98 Some enhancements and bug-fixes.
Thanks to "Denis Carre" <denis.carre@laposte.net> and Martin
Otte <otte@essc.psu.edu>
(1) Dnsmasq now always sets the IP source address
of its replies correctly. Older versions would not always
do this on multi-homed and IP aliased hosts, which violates
the RFC.
(2) Dnsmasq no longer crashes if a server loop is created
(ie dnsmasq is told to use itself as an upstream server.)
Now it just logs the problem and doesn't use the bad
server address.
(3) Dnsmasq should now forward (but not cache) inverse queries
and server status queries; this feature has not been tested.
(4) Don't write the pid file when in non-daemon mode.
(5) Create the pid file mode 644, rather then 666 (!).
(6) Generate queries to upstream nameservers with unpredictable
ids, to thwart DNS spoofers.
(7) Dnsmasq no longer forwards queries when the
"recursion desired" bit is not set in the header.
(8) Fixed getopt code to work on compliers with unsigned char.
release 0.991 Added -b flag: when set causes dnsmasq to always answer
reverse queries on the RFC 1918 private IP space itself and
never forward them to an upstream server. If the name is not in
/etc/hosts, dnsmasq replies with the dotted-quad address.
Fixed a bug which stopped dnsmasq working on a box with
two or more interfaces with the same IP address.
Fixed cacheing of CNAMEs. Previously, a CNAME which pointed
to a name with many A records would not have all the addresses
returned when being answered from the cache.
Thanks to "Steve Hardy" <s.a.hardy@connectux.com> for his input
on these fixes.
Fixed race which could cause dnsmasq to miss the second of
two closely-spaced updates of resolv.conf (Thanks to Eli Chen
for pointing this out.)
Fixed a bug which could cause dnsmasq to fail to cache some
dns names.
release 0.992 Small change to memory allocation so that names in /etc/hosts
don't use cache slots. Also make "-c 0" flag meaningfully
disable caching completely.
release 0.993 Return only the first (canonical) name from an entry in
/etc/hosts as reply to reverse query.
Handle wildcard queries for names/addresses in /etc/hosts
this is mainly to allow reverse lookups by dig to succeed.
(Bug reported by Simon J. Rowe" <srowe@mose.org.uk>)
Subtle change to the logic which selects which of multiple
upstream servers we send queries to. This fixes a problem
where dnsmasq continuously sends queries to a server which
is returning error codes and ignores one which is working.
release 0.994 Fixed bug which broke lookup of names in /etc/hosts
which have upper-case letters in them. Thanks for Joao Clemente
for spotting that one.
Output cache statistics on receipt of SIGUSR1. These go
to syslog except in debug (-d) mode, when a complete cache
dump goes to stdout. Suggestion from Joao Clemente, code
based in John Volpe's.
Accept GNU long options on the command line. Code from
John Volpe for this.
Split source code into multiple files and produced
a proper makefile.
Included code from John Volpe to parse dhcp.leases file
written by ISC dhcpd. The hostnames in the leases file are
added to the cache and updated as dhcpd updates the
leases file. The code has been heavily re-worked by me,
so any bugs are probably mine.
release 0.995 Small tidy-ups to signal handling and cache code.
release 0.996 Added negative caching: If dnsmasq gets a "no such domain" reply
from an upstream nameserver, it will cache that information
for a time specified by the SOA RR in the reply. See RFC 2308
for details. This is useful with resolver libraries
which append assorted suffices to non-FQDN in an attempt to
resolve them, causing useless cache misses.
Added -i flag, which restricts dnsmasq to offering name service
only on specified interfaces.
release 0.997 Deleted INSTALL script and added "install" target to makefile.
Stopped distributing binaries in the tarball to avoid
libc version clashes.
Fixed interface detection code to
remove spurious startup errors in rare circumstances.
Dnsmasq now changes its uid, irrevocably, to nobody after
startup for security reasons. Thanks to Peter Bailey for
this patch.
Cope with infinite DHCP leases. Patch thanks to
Yaacov Akiba Slama.
Added rpm control files to .tar.gz distribution. Thanks to
Peter Baldwin at ClarkConnect for those.
Improved startup script for rpms. Thanks to Yaacov Akiba Slama.
release 1.0 Stable release: dnsmasq is now considered feature-complete
and stable.
release 1.1 Added --user argument to allow user to change to
a different userid.
Added --mx-target argument to allow mail to be delivered
away from the gateway machine running dnsmasq.
Fixed highly obscure bug with wildcard queries for
DHCP lease derived names.
Moved manpage from section 1 to section 8.
Added --no-poll option.
Added Suse-rpm support.
Thanks to Joerg Mayer for the last two.
release 1.2 Added IPv6 DNS record support. AAAA records are cached
and read from /etc/hosts. Reverse-lookups in the
ip6.int and ip6.arpa domains are suppored. Dnsmasq can
talk to upstream servers via IPv6 if it finds IP6 addresses
in /etc/resolv.conf and it offers DNS service automatically
if IPv6 support is present in the kernel.
Extended negative caching to NODATA replies.
Re-vamped CNAME processing to cope with RFC 2317's use of
CNAMES to PTR RRs in CIDR.
Added config.h and a couple of symbols to aid
compilation on non-linux systems.
release 1.3 Some versions of the Linux kernel return EINVAL rather
then ENPROTONOSUPPORT when IPv6 is not available,
causing dnsmasq to bomb out. This release fixes that.
Thanks to Steve Davis for pointing this one out.
Trivial change to startup logic so that dnsmasq logs
its stuff and reads config files straight away on
starting, rather than after the first query - principle
of least surprise applies here.
release 1.4 Fix a bug with DHPC lease parsing which broke in
non-UTC timezones. Thanks to Mark Wormgoor for
spotting and diagnosing this. Fixed versions in
the .spec files this time. Fixed bug in Suse startup
script. Thanks to Didi Niklaus for pointing this out.
release 1.5 Added --filterwin2k option which stops dnsmasq from forwarding
"spam" queries from win2k boxes. This is useful to stop spurious
connections over dial-on-demand links. Thanks to Steve Hardy
for this code.
Clear "truncated" bit in replies we return from upstream. This
stops resolvers from switching to TCP, which is pointless since
dnsmasq doesn't support TCP. This should solve problems
in resolving hotmail.com domains.
Don't include getopt.h when Gnu-long-options are disabled -
hopefully this will allow compilation on FreeBSD.
Added the --listen-address and --pid-file flags.
Fixed a bug which caused old entries in the DHCP leases file
to be used in preference to current ones under certain
circumstances.
release 1.6 If a machine gets named via DHCP and the DHCP name doesn't have
a domain part and domain suffix is set using the -s flag, then
that machine has two names with the same address, with and
without the domain suffix. When doing a _reverse_ lookup to
get the name, the "without suffix" name used to be returned,
now the "with suffix" one gets returned instead. This change
suggested by Arnold Schulz.
Fixed assorted typos in the documentation. Thanks
to David Kimdon.
Subtle rearrangement to the downloadable tarball, and stopped
distributing .debs, since dnsmasq is now an official Debian
package.
release 1.7 Fix a problem with cache not clearing properly
on receipt of SIGHUP. Bug spotted by Sat Deshpande.
In group-id changing code:
1) Drop supplimentary groups.
2) Change gid before dropping root (patch from Soewono Effendi.)
3) Change group to "dip" if it exists, to allow access
to /etc/ppp/resolv.conf (suggestion from Jorg Sommer.)
Update docs to reflect above changes.
Other documentation changes from David Miller.
Added suggested script fragment for dhcpcd.exe.
release 1.8 Fix unsafe use of tolower() macro - allows linking against
ulibc. (Patches from Soewono Effendi and Bjorn Andersson.)
Fix typo in usage string.
Added advice about RedHat PPP configuration to
documentation. (Thanks to C. Lee Taylor.)
Patches to fix problems on BSD systems from Marc Huber
and Can Erkin Acar. These add the options
HAVE_ARC4RANDOM and HAVE_SOCKADDR_SA_LEN to config.h.
Elaborated config.h - should really use autoconf.
Fix time-to-live calculation when chasing CNAMEs.
Fix use-after-free and missing initialisation bugs in
the cache code. (Thanks to Marc Huber.)
Builds on Solaris 9. (Thanks to Marc Huber.)
release 1.9 Fixes to rpm .spec files.
Don't put expired DHCP entries into the cache only to
throw them away again.
Put dnsmasq on a severe memory diet: this reduces both
the amount of heap space used and the stack size
required. The difference is not really visible with
bloated libcs like glibc, but should dramatically reduce
memory requirements when linked against ulibc for use on
embeded routers, and that's the point really. Thanks to
Matthew Natalier for prompting this.
Changed debug mode (-d) so that all logging appears on
stderr as well as going to syslogd.
Added HAVE_IPV6 config symbol to allow compilation
against a libc which doesn't have IPv6 support.
Added a facility to log all queries, enabled with -q flag.
Fixed packet size checking bug in address extraction code.
Halved default cache size - 300 was way OTT in typical use.
Added self-MX function, enabled by -e flag. Thanks to
Lyonel Vincent for the patch.
Added HAVE_FORK config symbol and stuff to support
uClinux. Thanks to Matthew Natalier for uClinux stuff.
release 1.10 Log warnings if resolv.conf or dhcp.leases are not
accessable for any reason, as suggested by Hinrich Eilts.
Fixed wrong address printing in error message about
no interface with address.
Updated docs and split installation instuctions into setup.html.
Fix bug in CNAME chasing code: One CNAME pointing
to many A records would lose A records after the
first. This bug was introduced in version 1.9.
Log startup failures at level Critical as well as
printing them to standard error.
Exit with return code 1 when given bad options.
Cleaned up code for no-cache operation.
Added -o option which forces dnsmasq to use to
upstream servers in the order they appear in /etc/resolv.conf.
Added upstream server use logging.
Log full cache dump on receipt of SIGUSR1 when query
logging is enabled (-q switch).
Added -S option to directly specify upstream servers and
added ability to direct queries for specific domains to
specfic servers. Suggested by Jens Vonderheide.
Upgraded random ID generation - patch from Rob Funk.
Fixed reading of domains in arguments with capital
letters or trailing periods.
Fixed potential SEGV when given bad options.
Read options from /etc/dnsmasq.conf if it exists.
Do sensible things with missing parameters, eg
"--resolv-file=" turns off reading /etc/resolv.conf.
release 1.11 Actually implement the -R flag promised in the 1.10 man page.
Improve and rationalise the return codes in answers to
queries. In the case that there are no available
upstream servers to forward a query to, return REFUSED.
This makes sendmail work better on modem connected
systems when the modem link is down (Thanks to Roger Plant).
Cache and return the NXDOMAIN status of failed queries:
this makes the `host` command work when traversing search
paths (Thanks to Peter Bailey). Set the "authoritative"
bit in replies containing names from /etc/hosts or DHCP.
Tolerate MS-DOS style line ending codes in /etc/hosts
and /etc/resolv.conf, for people who copy from winsock
installations.
Allow specification of more than one resolv.conf file. This is
intended for laptops which connect via DHCP or
PPP. Whichever resolv.conf was updated last is used.
Allow -S flags which specify a domain but no server
address. This gives local domains which are never forwarded.
Add -E flag to automatically add the domain suffix to
names in /etc/hosts -suggestion from Phil Harman.
Always return a zero time-to-live for names derived from
DHCP which stops anthing else caching these
names. Previously the TTL was derived from the lease
time but that is incorrect since a lease can be given
up early: dnsmasq would know this but anything with the
name cached with long TTL would not be updated.
Extended HAVE_IPV6 config flag to allow compliation on
old systems which don't have modern library routines
like inet_ntop(). Thanks to Phil Harman for the patch.
release 1.12 Allow more than one domain in server config lines and
make "local" a synonym for "server". This makes things
like "local=/localnet/thekelleys.org.uk/" legal. Allow
port to specified as part of server address.
Allow whole domains to have an IP address specified
in /etc/dnsmasq.conf. (/etc/hosts doesn't work domains).
address=/doubleclick.net/127.0.0.1 should catch all
those nasty banner ads. Inspired by a patch
from Daniel Gryniewicz
Log the source of each query when logging switched on.
Fix bug in script fragment for dhcpcd - thanks to Barry Stewart.
Fix bug which meant that strict-order and self-mx were
always enabled.
Builds with Linux libc5 now - for the Freesco project.
Fixed Makefile installation script (patch from Silvan
Minghetti) and added CC and CFLAGS variables.
Improve resource allocation to reduce vulnerability to
DOS attacks - the old version could have all queries
blocked by a continuous high-speed stream of
queries. Now some queries will succeed, and the excess
will be rejected with a server fail error. This change also
protects against server-loops; setting up a resolving
loop between two instances of dnsmasq is no longer
catastrophic. The servers will continue to run, looped
queries fail and a warning is logged. Thanks to C. Lee
Taylor for help with this.
release 1.13 Added support for building rpms suitable for modern Suse
systems. (patch from Andi <cambeis@netplace.de>)
Added options --group, --localmx, --local-ttl,
--no-negcache, --addn-host.
Moved all the various rpm-building bits into /rpm.
Fix builds with glibc 2.1 (thanks to Cristian
Ionescu-Idbohrn)
Preserve case in domain names, as per RFC1035.
Fixed ANY queries to domains with --address specification.
Fixed FreeBSD build. (thanks to Steven Honson)
Added -Q option which allows a specified port to be used
to talk to upstream servers. Useful for people who want
very paranoid firewalls which open individual UDP port.
(thanks to David Coe for the patch)
release 1.14 Fixed man page description of -b option which confused
/etc/hosts with /etc/resolv.conf. (thanks to Christopher
Weimann)
Fixed config.h to allow building under MACOS X and glibc
2.0.x. (thanks to Matthew Gregan and Serge Caron)
Added --except-interface option. (Suggested by Serge Caron)
Added SIGUSR2 facility to re-scan for new
interfaces. (Suggested by Serge Caron)
Fixed SEGV in option-reading code for invalid options.
(Thanks to Klaas Teschauer)
Fixed man page to clarify effect of SIGUSR1 on
/etc/resolv.conf.
(Thanks to Klaas Teschauer)
Check that recieved queries have only rfc1035-legal characters
in them. This check is mainly to avoid bad strings being
sent to syslog.
Fixed &&/& confusion in option.c and added DESTDIR
variable for "make install" (Thanks to Osvaldo
Marques for the patch.)
Fixed /etc/hosts parsing code to cope with MS-DOS
line-ends in the file. This was supposed to be done in
version 1.11, but something got missed. (Thanks to Doug
Copestake for helping to find this.)
Squash repeated name/address pairs read from hosts
files.
Tidied up resource handling in util.c (Thanks to
Cristian Ionescu-Idbohrn).
Added hashed searching of domain names. People are starting
to use dnsmasq with larger loads now, and bigger caches,
and large lists of ad-block addresses. This means doing
linear searches can start to use lots of CPU so I added hashed
searching and seriously optimised the cache code for
algorithmic efficiency. Also upped the limit on cache
size to 10000.
Fixed logging of the source of names from the additional
hosts file and from the "bogus private address" option.
Fixed spurious re-reading of empty lease files. (Thanks
to Lewis Baughman for spotting this.)
Fixed building under uclibc (patch from Cristian Ionescu-Idbohrn)
Do some socket tweaking to allow dnsmasq to co-exist
with BIND. Thanks to Stefan 'Sec' Zehl for the patch.
release 1.15 Added --bogus-nxdomain option.
Restrict checking of resolv.conf and DHCP leases files
to once per second. This is intended to improve
performance under heavy loads. Also make a system call
to get the current time once per query, rather than four
times.
Increased number of outstanding queries to 150 in
config.h
release 1.16 Allow "/" characters in domain names - this fixes
caching of RFC 2317 CNAME-PTR records.
Fixed brain-fart in -B option when GETOPT_LONG not
enabled - thanks to Steven Young and Jason Miller
for pointing this out.
Generalised bogus-nxdomain code: allow more than one
address to check, and deal with replies with multiple
answer records. (Based on contribution from Humberto
Massa.)
Updated the documentation to include information about
bogus-nxdomain and the Verisign tragedy.
Added libraries needed on Solaris to Makefile.
Added facility to set source address in queries to
upstream nameservers. This is useful with multihomed
hosts, especially when using VPNs. Thanks to Tom Fanning
for suggesting this feature.
Tweaked logging: log to facility LOCAL0 when in
debug/no-daemon mode and changed level of query logging
from INFO to DEBUG. Make log options controllable in
config.h
release 1.17 Fixed crash with DHCP hostnames > 40 characters.
Fixed name-comparision routines to not depend on Locale,
in theory this versions since 1.15 could lock up or give
wrong results when run with locale != 'C'.
Fix potential lockup in cache code. (thanks to Henning
Glawe for help chasing this down.)
Made lease-file reader bullet-proof.
Added -D option, suggested by Peter Fichtner.
release 1.18 Added round-robin DNS for names which have more than one
address. In this case all the addresses will be
returned, as before, but the order will change on each
query.
Remove stray tolower() and isalnum() calls missed in
last release to complete LOCALE independence.
Allow port numbers in source-address specifications.
For hostnames without a domain part which don't get
forwarded because -D is in effect, return NXDOMAIN not
an empty reply.
Add code to return the software version in repsonse to the
correct magic query in the same way as BIND. Use
"dig version.bind chaos txt" to make the query.
Added negative caching for PTR (address to name) records.
Ensure that names of the form typically used in PTR queries
(ie w.x.yz.in-addr.arpa and IPv6 equivalents) get
correct answers when queried as other types. It's
unlikely that anyone would do this, but the change makes
things pedantically correct.
Taught dnsmasq to understand "bitstring" names, as these
are used for PTR lookups of IPv6 addresses by some
resolvers and lookup tools. Dnsmasq now understands both
the ip6.int domain and the ip6.arpa domain and both
nibble and bitstring formats so it should work with any
client code. Standards for this stuff have flip-flopped
over the last few years, leaving many different clients
in their wake. See RFC2673 for details of bitstrings.
Allow '_' characters in domain names: Legal characters
are now [a-z][A-Z].-_ Check names read from hosts files
and leases files and reject illegal ones with a message
in syslog.
Make empty domain names in server and address options
have the special meaning "unqualified
names". (unqualified names are names without any dots in
them). It's now possible to do server=//1.2.3.4 and have
unqualified names sent to a special nameserver.
release 2.0rc1
Moved source code into src/ directory.
Fixes to cure compilation breakage when HAVE_IPV6 not
set, thanks to Claas Hilbrecht.
BIG CHANGE: added an integrated DHCP server and removed
the code to read ISC dhcp.leases. This wins in terms
of ease of setup and configuration flexibility and
total machine resources consumed.
Re-jiged the signal handling code to remove a race
condition and to be more portable.
release 2.0
Thanks to David Ashworth for feedback which informed many
of the fixes below.
Allow hosts to be specified by client ID in dhcp-hosts
options. These are now one of
dhcp-host=<hardware addr>,....
dhcp-host=id:<hex client id>,.....
dhcp-host=id:<ascii client id>,.....
Allow dhcp-host options to specify any IP address on the
DHCP-served network, not just the range available for
dynamic allocation.
Allow dhcp-host options for the same host with different
IP adresses where the correct one will be selected for
the network the host appears on.
Fix parsing of --dhcp-option to allow more than one
IP address and to allow text-type options.
Inhibit use of --dhcp-option to send hostname DHCP options.
Update the DNS with DHCP information after re-reading
/etc/hosts so that any DHCP derived names which have been
shadowed by now-deleted hosts entries become visible.
Fix typos in dnsmasq.conf.example
Fixes to Makefile(s) to help pkgsrc packaging - patch
from "pancake".
Add dhcp-boot option to support network boot.
Check for duplicate IP addresses in dhcp-hosts lines
and refuse to run if found. If allowed to remain these
can provoke an infinite loop in the DHCP protocol.
Attempted to rationalise the .spec files for rpm
building. There are now files for Redhat, Suse and
Mandrake. I hope they work OK.
Fixed hard-to-reproduce crash involving use of local
domains and IPv6 queries. Thanks to Roy Marples for
helping to track that one down.
release 2.1
Thanks to Matt Swift and Dag Wieers for many suggestions
which went into this release.
Tweak include files to allow compilation on FreeBSD 5
Fix unaligned access warnings on BSD/Alpha.
Allow empty DHCP options, like so: dhpc-option=44
Allow single-byte DHCP options like so: dhcp-option=20,1
Allow comments on the same line as options in
/etc/dnsmasq.conf
Don't complain when the same name and address is
allocated to a host using DHCP and /etc/hosts.
Added to the example configuration the dnsmasq equivalent
of the ISC dhcpd settings given in
http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
Fixed long-existing strangeness in Linux IPv6 interface
discovery code. The flags field in /proc/net/if_inet6 is
_not_ the interface flags.
Fail gracefully when getting an ENODEV error when trying
to bind an IPv6 socket, rather than bailing out. Thanks
to Jan Ischebeck for feedback on that.
Allow the name->address mapping for static DHCP leases to
be set by /etc/hosts. It's now possible to have
dhcp-host=<mac addr>,wibble
or even
dhcp-host=wibble
and in /etc/hosts have
wibble 1.2.3.4
and for the correct thing to happen. Note that some sort
of dhcp-host line is still needed, it's not possible for
random host to claim an address in /etc/hosts without
some explicit configuration.
Make 0.0.0.0 in a dhcp-option to mean "the machine
running dnsmasq".
Fix lease time spec when specified in dhcp-range and not
in dhcp-host, previously this was always one hour.
Fix problem with setting domains as "local only". -
thanks to Chris Schank.
Added support for max message size DHCP option.
release 2.2
Fix total lack for DHCP functionality on
Linux systems with IPv6 enabled. - thanks to
Jonathon Hudson for spotting that.
Move default config file under FreeBSD - patch from
Steven Honson
release 2.3
Fix "install" makefile target. (reported by Rob Stevens)
Ensure that "local=/domain/" flag is obeyed for all
queries on a domain, not just A and AAAA. (Reported by
Peter Fichtner.)
Handle DHCPDECLINE messages and provide an error message
in DHCPNAK messages.
Add "domain" setting example to
dnsmasq.conf.example. Thanks to K P Kirchdorfer for
spotting that it was missing.
Subtle change to the DHCPREQUEST handling code to work
around a bug in the DHCP client in HP Jetdirect printers.
Thanks to Marko Stolle for finding this problem.
Return DHCP T1 and T2 times, with "fuzz" to desychronise lease
renewals, as specified in the RFC.
Ensure that the END option is always present in DHCP
packets , even if the packet is too small to fit all
the requested options.
Handle larger-than-default DHCP packets if required, up
to the ethernet MTU.
Fix a couple of places where the return code from
malloc() was not checked.
Cope with a machine taking a DHCP lease and then moving
network so that the lease address is no longer valid.
The DHCP server will now work via a BOOTP relay - remote
networks are configured with the dhcp-range option the
same as directly connected ones, but they need an
additional netmask parameter. Eg
--dhcp-range=192.168.4.10,192.168.4.50,255.255,255.0
will enable DHCP service via a BOOTP relay on the
192.168.4.0 network.
Add a limit on the number of available DHCP leases,
otherwise the daemon could be DOSed by a malicious
host. The default is 150, but it can be changed by the
dhcp-lease-max option.
Fixed compilation on OpenBSD (thanks to Frederic Brodbeck
for help with that.)
Reworked the DHCP network handling code for two good
effects: (1) The limit of one network only for DHCP on
FreeBSD is now gone, (2) The DHCP server copes with
dynamically created interfaces. The one-interface
limitation remains for OpenBSD, which is missing
extensions to the socket API which have been in Linux
since version 2.2 and FreeBSD since version 4.8.
Reworked the DNS network code to also cope with
dynamically created interfaces. dnsmasq will now listen
to the wildcard address and port 53 by default, so if no
--interface or --address options are given it will handle
dynamically created interfaces. The old behaviour can be
restored with --bind-interfaces for people running BIND
on one interface and dnsmasq on another. Note that
--interface and --address options still work, but the
filtering is done by dnsmasq, rather then the kernel.
This works on Linux, and FreeBSD>=5.0. On systems which
don't support the required API extensions, the old
behaviour is used, just as if --bind-interfaces had been set.
Allow IPv6 support to be disabled at compile time. To do
that, add -DNO_IPV6 to the CFLAGS. Thanks to Oleg
I. Vdovikin for the suggestion to do that.
Add ability to set DHCP options per network. This is done
by giving a network an identifier like this:
dhcp-range=red-net,192.168.0.10,192.168.0.50
and then labeling options intended for that network only
like this:
dhcp-option=red-net,6,1.1.1.1
Thanks to Oleg Vdovikin for arguing that one through.
Made errors in the configuration file non-fatal: dnsmasq
will now complain bitterly, but continue.
Added --read-ethers option, to allow dnsmasq to pull
static DHCP information from that file.
Thanks to Andi Cambeis for that suggestion.
Added HAVE_BROKEN_RTC compilation option to support
embedded systems without a stable RTC. Oleg Vdovikin
helped work out how to make that work.
release 2.4
Fixed inability to start when the lease file doesn't
already exist. Thanks to Dag Wieers for reporting that.
Fixed problem were dhcp-host configuration options did
not play well with entries in /etc/ethers for the same
host. Thanks again to Dag Wieers.
Tweaked DHCP code to favour moving to a newly-configured
static IP address rather than an old lease when doing
DHCP allocation.
Added --alias configuration option. This provides IPv4
rewrite facilities like Cisco "DNS doctoring". Suggested
by Chad Skeeters.
Fixed bug in /etc/ethers parsing code triggered by tab
characters. Qudos to Dag Wieers for hepling to nail that
one.
Added "bind-interfaces" option correctly.
release 2.5
Made "where are we allocating addresses?" code in DHCP
server cope with requests via a relay which is on a
directly connected network for which there is not a
configured netmask. This strange state of affairs occurs
with win4lin. Thanks to Alex Melt and Jim Horner for bug
reports and testing with this.
Fixed trivial-but-irritating missing #include which broke
compilation on *BSD.
Force --bind-interfaces if IP-aliased interface
specifications are used, since the sockets API provides
no other sane way to determine which alias of an
interface a packet was sent to. Thanks to Javier Kohen
for the bug report.
release 2.6
Support Token Ring DHCP. Thanks to Dag Wieers for help
testing. Note that Token ring support only works on Linux
currently.
Fix compilation on MacOS X. Thanks to Bernhard Ehlers for
the patch.
Added new "ignore" keyword for
dhcp-host. "dhcp-host=11:22:33:44:55:66,ignore" will
cause the DHCP server to ignore any host with the given
MAC address, leaving it to other servers on the
network. This also works with client-id and hostnames.
Suggestion by Alex Melt.
Fixed parsing of hex client IDs. Problem spotted by Peter
Fichtner.
Allow conf-file options in configuration file, to
provide an include function.
Re-read /etc/ethers on receipt of SIGHUP.
Added back the ability to read ISC dhcpd lease files, by
popular demand. Note that this is deprecated and for
backwards compatibility only. You can get back the 4K of
memory that the code occupies by undefining
"HAVE_ISC_READER" in src/config.h
Added ability to disable "pool" DHCP address allocation
whilst leaving static leases working. The syntax is
"dhcp-range=192.168.0.0,static"
Thanks to Grzegorz Nosek for the suggestion.
Generalized dnsmasq-rh.spec file to work on Mandrake too,
and removed dnsmasq-mdk.spec. Thanks to Doug Keller.
Allow DHCP options which are tied to specific static
leases in the same way as to specific networks.
Generalised the dhcp-option parser a bit to allow hex
strings as parameters. This is now legal:
dhcp-option=128,e4:45:74:68:00:00
Inspired by a patch from Joel Nordell.
Changed the semantics of argument-less dhcp-options for
the default-setting ones, ie 1, 3, 6 and 28. Now, doing
eg, dhcp-option=3 stops dnsmasq from sending a default
router option at all. Thanks to Scott Emmons for pointing
out that this is useful.
Fixed dnsmasq.conf parsing bug which interpreted port
numbers in server= lines as a comment. To start a
comment, a '#' character must now be a the start of a
line or preceded by whitespace. Thanks to Christian
Haggstrom for the bug report.
release 2.7
Allow the dhcp-host specification of id:* which makes
dnsmasq ignore any client-id. This is useful to ensure
that a dual-boot machine sees the same lease when one OS
gives a client-id and the other doesn't. It's also useful
when PXE boot DHCP does not use client IDs but the OS it boots
does. Thanks to Grzegorz Nosek for suggesting this enhancement.
No longer assume that ciaddr is zero in received DHCPDISCOVER
messages, just for security against broken clients.
Set default of siaddr field to the address of the machine running
dnsmasq when not explicitly set using dhcp-boot
option. This is the ISC dhcpd behaviour.
Send T1 and T2 options in DHCPOFFER packets. This is required
by the DHCP client in some JetDirect printers. Thanks
to Paul Mattal for work on this.
Fixed bug with DHCP on OpenBSD reported by Dominique Jacquel.
The code which added loopback interfaces to the list
was confusing the DHCP code, which expected one interface only.
Solved by adding loopback interfaces to address list instead.
Add dhcp-vendorclass option to allow options to be sent only
to certain classes of clients.
Tweaked option search code so that if a netid-qualified
option is used, any unqualified option is ignored.
Changed the method of picking new dynamic IP
addresses. This used to use the next consecutive
address as long it was free, now it uses a hash
from the client hardware address. This reduces the amount
of address movement for clients which let their lease
expire and allows consecutive DHCPOFFERS to the same host
to (almost always) be for the same address, without
storing state before a lease is granted.
Tweaked option handling code to return all possible
options rather than none when DHCP "requested options"
field is missing. This fixes interoperability with
ancient IBM LANMAN DHCP clients. Thanks to Jim Louvau for
help with this.
release 2.8
Pad DHCP packets to a minimum size of 300 bytes. This
fixes interoperability problems with the Linux in-kernel
DHCP/BOOTP client. Thanks to Richard Musil for
diagnosing this and supplying a patch.
Fixed option-parsing bug and potential memory leak. Patch
from Richard Musil.
Improved vendor class configuration and added user class
configuration. Specifically: (1) options are matched on
the netids from dhcp-range, dhcp-host, vendor class and
user class(es). Multiple net-ids are allowed and options
are searched on them all. (2) matches agains vendor class
and user class are now on a substring, if the given
string is a substring of the vendor/user class, then a
match occurs. Thanks again to Richard Musil for prompting
this.
Make "#" match any domain on --address and --server
flags. --address=/#/1.2.3.4 will return 1.2.3.4 for _any_
domain not otherwise matched. Of course
--server=/#/1.2.3.4 is exactly equivalent to
--server=1.2.3.4. Special request from Josh Howlett.
Fixed a nasty bug which would cause dnsmasq to lose track
of leases for hosts which had a --dhcp-host flag without
a name specification. The mechanism for this was that
the hostname could get erroneously set as a zero-length
string and then written to the leases file as a
mal-formed line. Restarting dnsmasq would then lose the lease.
Alex Hermann's work helped chase down this problem.
Add checks against DHCP clients which return zero-length
hostnames. This avoids the potential lease-loss problems
reffered to above. Also, if a client sends a hostname when
it creates a lease but subsequently sends no or a
zero-length hostname whilst renewing, continue to use the
existing hostname, don't wipe it out.
Tweaked option parsing to flag some parameter errors.
release 2.9
Fixed interface filter code for two effects: 1) Fixed bug
where queries sent via loopback interface
but to the address of another interface were ignored
unless the loopback interface was explicitly configured.
2) on OpenBSD failure to configure one interface now
causes a fatal error on startup rather than an huge
stream of log messages. Thanks to Erik Jan Tromp for
finding that bug.
Changed server selection strategy to improve performance
when there are many available servers and some are
broken. The new algorithm is to pick as before for the
first try, but if a query is retried, to send to all
available servers in parallel. The first one to reply
then becomes prefered for the next query. This should
improve reliability without generating significant extra
upstream load.
Fixed breakage of special servers/addresses for
unqualified domains introduced in version 2.8
Allow fallback to "bind-interfaces" at runtime: Some
verions of *BSD seem to have enough stuff in the header
files to build but no kernel support. Also now log if
"bind-interfaces" is forced on.
Log replies from upstream servers which refuse to do
recursion - dnsmasq is not a recursive nameserver and
relies on upstream servers to do the recursion, this
flags a configuration error.
Disable client-id matching for hosts whose MAC address is
read from /etc/ethers. Patch from Oleg I. Vdovikin.
Extended --mx-host flag to allow arbitrary targets for MX
records, suggested by Moritz Bunkus.
Fixed build under NetBSD 2.0 - thanks to Felix Deichmann
for the patch.
Deal correctly with repeated addresses in /etc/hosts. The
first name found is now returned for reverse lookups,
rather than all of them.
Add back fatal errors when nonexistant
interfaces or interface addresses are given but only in
"bind-interfaces" mode. Principle of least surprise applies.
Allow # as the argument to --domain, meaning "read the
domain from the first search directive in
/etc.resolv.conf". Feature suggested by Evan Jones.
release 2.10
Allow --query-port to be set to a low port by creating and
binding the socket before dropping root. (Suggestion from
Jamie Lokier)
Support TCP queries. It turned out to be possible to do
this with a couple of hundred lines of code, once I knew
how. The executable size went up by a few K on i386.
There are a few limitations: data obtained via TCP is not
cached, and dynamically-created interfaces may break under
certain circumstances. Source-address or query-port
specifications are ignored for TCP.
NAK attempts to renew a DHCP lease where the DHCP range
has changed and the lease is no longer in the allowed
range. Jamie Lokier pointed out this bug.
NAK attempts to renew a pool DHCP lease when a statically
allocated address has become available, forcing a host to
move to it's allocated address. Lots of people have
suggested this change and been rebuffed (they know who
they are) the straws that broke the camel's back were Tim
Cutts and Jamie Lokier.
Remove any nameserver records from answers which are
modified by --alias flags. If the answer is modified, it
cannot any longer be authoritative.
Change behaviour of "bogus-priv" option to return NXDOMAIN
rather than a PTR record with the dotted-quad address as
name. The new behaviour doesn't provoke tcpwrappers like
the old behavior did.
Added a patch for the Suse rpm. That changes the default
group to one suitable for Suse and disables inclusion of
the ISC lease-file reader code. Thanks to Andy Cambeis for
his ongoing work on Suse packaging.
Support forwarding of EDNS.0 The maximum UDP packet size
defaults to 1280, but may be changed with the
--edns-packet-max option. Detect queries with the do bit
set and always forward them, since DNSSEC records are
not cached. This behaviour is required to make
DNSSECbis work properly though dnsmasq. Thanks to Simon
Josefsson for help with this.
Move default config file location under OpenBSD from
/usr/local/etc/dnsmasq.conf to /etc/dnsmasq.conf. Bug
report from Jonathan Weiss.
Use a lease with matching MAC address for a host which
doesn't present a client-id, even if there was a client ID
at some point in the past. This reduces surprises when
changing DHCP clients, adding id:* to a host, and from the
semantics change of /etc/ethers in 2.9. Thanks to Bernard
Sammer for finding that.
Added a "contrib" directory and in it the dnslist utility,
from Thomas Tuttle.
Fixed "fail to start up" problems under Linux with IPv6
enabled. It's not clear that these were an issue in
released versions, but they manifested themselves when TCP
support was added. Thanks to Michael Hamilton for
assistance with this.
version 2.11
Fixed DHCP problem which could result in two leases in the
database with the same address. This looked much more
alarming then it was, since it could only happen when a
machine changes MAC address but kept the same name. The
old lease would persist until it timed out but things
would still work OK.
Check that IP addresses in all dhcp-host directives are
unique and die horribly if they are not, since otherwise
endless protocol loops can occur.
Use IPV6_RECVPKTINFO as socket option rather than
IPV6_PKTINFO where available. This keeps late-model FreeBSD
happy.
Set source interface when replying to IPv6 UDP
queries. This is needed to cope with link-local addresses.
version 2.12
Added extra checks to ensure that DHCP created DNS entries
cannot generate multiple DNS address->name entries. Thanks to
Stefan Monnier for finding the exact set of configuration
options which could create this.
Don't set the the filterwin2k option in the example config
file and add warnings that is breaks Kerberos. Thanks to
Simon Josefsson and Timothy Folks for pointing that out.
Log types of incoming queries as well as source and domain.
Log NODATA replies generated as a result of the
filterwin2k option.
version 2.13
Fixed crash with un-named DHCP hosts introduced in 2.12.
Thanks to Nicolo Wojewoda and Gregory Gathy for bug reports.
version 2.14
Fix DHCP network detection for hosts which talk via a
relay. This makes lease renewal for such hosts work
correctly.
Support RFC3011 subnet selectors in the DHCP server.
Fix DHCP code to generate RFC-compliant responses
to hosts in the INIT-REBOOT state.
In the DHCP server, set the receive buffer size on
the transmit-only packet socket to zero, to avoid
waste of kernel buffers.
Fix DHCP address allocation code to use the whole of
the DHCP range, including the start and end addresses.
Attempt an ICMP "ping" on new addresses before allocating
them to leases, to avoid allocating addresses which are in use.
Handle rfc951 BOOTP as well as DHCP for hosts which have
MAC address to IP address mapping defined.
Fix compilation under MacOS X. Thanks to Chris Tomlinson.
Fix compilation under NetBSD. Thanks to Felix Deichmann.
Added "keep-in-foreground" option. Thanks to Sean
MacLennan for the patch.
version 2.15
Fixed NXDOMAIN/NODATA confusion for locally known
names. We now return a NODATA reponse for names which are
locally known. Now a query for (eg AAAA or MX) for a name
with an IPv4 address in /etc/hosts which fails upstream
will generate a NODATA response. Note that the query
is still tried upstream, but a NXDOMAIN reply gets
converted to NODATA. Thanks to Eric de Thouars, Eric
Spakman and Mike Mestnik for bug reports/testing.
Allow multiple dhcp-ranges within the same network. The
original intention was that there would be a dhcp-range
option for each network served, but there's no real reason
not to allow discontinuous ranges within a network so this
release adds support for that.
Check for dhcp-ranges which are inconsistent with their
netmask, and generate errors or warnings.
Improve error messages when there are problems with
configuration.
version 2.16
Fixed typo in OpenBSD-only code which stopped compilation
under that OS. Chris Weinhaupl gets credit for reporting
this.
Added dhcp-authoritative option which restores non-RFC
compliant but desirable behaviour of pre-2.14 versions and
avoids long timeouts while DHCP clients try to renew leases
which are unknown to dnsmasq. Thanks to John Mastwijk for
help with this.
Added support to the DHCP option code to allow RFC-3397
domain search DHCP option (119) to be sent.
Set NONBLOCK on all listening sockets to workaround non-POSIX
compliance in Linux 2.4 and 2.6. This fixes rare hangs which
occured when corrupted packets were received. Thanks to
Joris van Rantwijk for chasing that down.
Updated config.h for NetBSD. Thanks to Martin Lambers.
Do a better job of distinguishing between retransmissions
and new queries when forwarding. This fixes a bug
triggered by the polipo web cache which sends A and AAAA
queries both with the same transaction-ID. Thanks to
Joachim Berdal Haga and Juliusz Chroboczek for help with this.
Rewrote cache code to store CNAMES, rather then chasing
them before storage. This eliminates bad situations when
clients get inconsistent views depending on if data comes
from the cache.
Allow for more than one --addn-hosts flag.
Clarify logged message when a DHCP lease clashes with an
/etc/hosts entry. Thanks to Mat Swift for the suggestion.
Added dynamic-dnsmasq from Peter Willis to the contrib
section.
version 2.17
Correctly deduce the size of numeric dhcp-options, rather
than making wild guesses. Also cope with negative values.
Fixed use of C library reserved symbol "index" which broke
under certain combinations of library and compiler.
Make bind-interfaces work for IPv6 interfaces too.
Warn if an interface is given for listening which doesn't
currently exist when not in bind-interfaces mode. (This is
already a fatal error when bind-interfaces is set.)
Allow the --interface and --except-interface options to
take a comma-separated list of interfaces.
Tweak --dhcp-userclass matching code to work with the
ISC dhclient which violates RFC3004 unless its
configuration is very warped. Thanks to Cedric Duval for
the bug report.
Allow more than one network-id tag in a dhcp-option. All
the tags must match to enable the option.
Added dhcp-ignore option to disable classes of hosts based
on network-id tags. Also allow BOOTP options to be
controlled by network tags.
Fill in sname, file and siaddr fields in replies to
DHCPINFORM messages.
Don't send NAK replies to DHCPREQUEST packets for disabled
clients. Credit to Cedric Duval for spotting this.
Fix rare crash associated with long DNS names and CNAME
records. Thanks to Holger Hoffstatte and especially Steve
Grecni for help chasing that one down.
version 2.18
Reworked the Linux interface discovery code (again) to
cope with interfaces which have only IPv6 addresses and
interfaces with more than one IPv6 address. Thanks to
Martin Pels for help with that.
Fix problems which occured when more than one dhcp-range
was specified in the same subnet: sometimes parameters
(lease time, network-id tag) from the wrong one would be
used. Thanks to Rory Campbell-Lange for the bug report.
Reset cache statistics when clearing the cache.
Enable long command line options on FreeBSD when the
C library supports them.
version 2.19
Tweaked the Linux-only interface discovery code to cope
with interface-indexes larger than 8 bits in
/proc/net/if_inet6. This only affects Linux, obviously.
Thanks to Richard Atterer for the bug report.
Check for under-length option fields in DHCP packets, a
zero length client-id, in particluar, could seriously
confuse dnsmasq 'till now. Thanks to Will Murname for help
with that.
If a DHCP-allocated address has an associated name in
/etc/hosts, and the client does not provide a hostname
parameter and there is no hostname in a matching dhcp-host
option, send the /etc/hosts name as the hostname in
the DHCP lease. Thanks to Will Murname for the suggestion.
version 2.20
Allow more than one instance of dnsmasq to run on a
machine, each providing DHCP service on a different
interface, provided that --bind-interfaces is set. This
configuration used to work, but regressed in version 2.14
Fix compilation on Mac OS X. Thanks to Kevin Bullock.
Protect against overlong names and overlong
labels in configuration and from DHCP.
Fix interesting corner case in CNAME handling. This occurs
when a CNAME has a target which "shadowed" by a name in
/etc/hosts or from DHCP. Resolving the CNAME would sneak
the upstream value of the CNAME's target into the cache,
alongside the local value. Now that doesn't happen, though
resolving the CNAME still gives the unshadowed value. This
is arguably wrong but rather difficult to fix. The main
thing is to avoid getting strange results for the target
due to the cache pollution when resolving the
CNAME. Thanks to Pierre Habouzit for exploring the corner
and submitting a very clear bug report.
Fix subtle bug in the DNS packet parsing code. It's almost
impossible to describe this succinctly, but the one known
manifestation is the inability to cache the A record for
www.apple.com. Thanks to Bob Alexander for spotting that.
Support SRV records. Thanks to Robert Kean for the patches
for this.
Fixed sign confusion in the vendor-id matching code which
could cause crashes sometimes. (Credit to Mark Wiater for
help finding this.)
Added the ability to match the netid tag in a
dhcp-range. Combined with the ability to have multiple
ranges in a single subnet, this provides a means to
segregate hosts on different address ranges based on
vendorclass or userclass. Thanks to Mark Wiater for
prompting this enhancement.
Added preference values for MX records.
Added the --localise-queries option.
version 2.21
Improve handling of SERVFAIL and REFUSED errors. Receiving
these now initiates search for a new good server, and a
server which returns them is not a candidate as a good
server. Thanks to Istvan Varadi for pointing out the
problem.
Tweak the time code in BROKEN_RTC mode.
Sanity check lease times in dhcp-range and dhcp-host
configurations and force them to be at least two minutes
(120s) leases shorter than a minute confuse some clients,
notably Apple MacOS X. Rory Campbell-Lange found this
problem.
Only warn once about an upstream server which is refusing to do
recursive queries.
Fix DHCP address allocation problem when netid tags are in
use. Thanks to Will Murnane for the bug report and
subsequent testing.
Add an additional data section to the reply for MX and SRV
queries. Add support for DNS TXT records. Thanks to Robert
Kean and John Hampton for prompts and testing of these.
Apply address rewriting to records in the additional data section
of DNS packets. This makes things like MX records work
with the alias function. Thanks to Chad Skeeters for
pointing out the need for this.
Added support for quoted strings in config file.
Detect and defeat cache-poisoning attacks which attempt to
send (malicious) answers to questions we didn't
send. These are ignored now even if the attacker manages
to guess a random query-id.
Provide DHCP support for interfaces with multiple IP
addresses or aliases. This in only enabled under Linux.
See the FAQ entry for details.
Revisit the MAC-address and client-id matching code to
provide saner behaviour with PXE boots, where some
requests have a client-id and some don't.
Fixed off-by-one buffer overflow in lease file reading
code. Thanks to Rob Holland for the bug report.
Added wildcard matching for MAC addresses in dhcp-host
options. A sensible suggestion by Nathaniel McCallum.
version 2.22
Fixed build problems on (many) systems with older libc
headers where <linux/types.h> is required before
<linux/netlink.h>. Enabled HAVE_RTNETLINK under uclibc now
that this fix is in place.
Added support for encapsulated vendor-class-specific DHCP
options. Thanks to Eric Shattow for help with this.
Fix regression in 2.21 which broke commas in filenames and
corrupted argv. Thanks to Eric Scott for the bugreport.
Fixed stupid thinko which caused dnsmasq to wedge during
startup with certain MX-record options. Another 2.21 regression.
Fixed broken-ness when reading /etc/ethers. 2.21 broke
this too.
Fixed wedge with certain DHCP options. Yet another 2.21
regression. Rob Holland and Roy Marples chased this one
down.
version 2.23
Added a check to ensure that there cannot be more than one
dhcp-host option for any one IP address, even if the
addresses are assigned indirectly via a hostname and
/etc/hosts.
Include a "server identifier" in DHCPNAK replies, as
required by RFC2131.
Added method support for DBus
(http://www.freedesktop.org/Software/dbus)
This is a superior way to re-configure dnsmasq on-the-fly
with different upstream nameservers, as the host moves
between networks. DBus support must be enabled in
src/config.h and should be considered experimental at this
point. See DBus-interface for the specification of the
DBus method calls supported.
Added information to the FAQ about setting the DNS domain
in windows XP and Mac OS X, thanks to Rick Hull.
Added sanity check to resolv.conf polling code to cope
with backwards-moving clocks. Thanks to Leonardo Canducci
for help with this.
Handle so-called "A-for-A" queries, which are queries for
the address associated with a name which is already a
dotted-quad address. These should be handled by the
resolver code, but sometimes aren't and there's no point
in forwarding them.
Added "no-dhcp-interface" option to disable DHCP service
on an interface, whilst still providing DNS.
Fix format-string problem - config file names get passed
to fprintf as a format string, so % characters could cause
crashes. Thanks to Rob Holland for sleuthing that one.
Fixed multiple compiler warnings from gcc 4. Thanks to
Tim Cutts for the report.
Send the hostname option on DHCP offer messages as well as
DHCP ack messages. This is required by the Rio Digital
Audio Receiver. Thanks to Ron Frederick for the patch.
Add 'd' (for day) as a possible time multiplier in lease
time specifications. Thanks to Michael Deegan.
Make quoting suppress recognition of IP addresses, so
dhcp-option=66,1.2.3.4 now means something different to
dhcp-option=66,"1.2.3.4", which sets the option to a
string value. Thanks to Brian Macauley for the bug report.
Fixed the option parsing code to avoid segfaults from some
invalid configurations. Thanks to Wookey for spotting that one.
Provide information about which compile-time options were
selected, both in the log at startup and as part of the output
from dnsmasq --version. Thanks to Dirk Schenkewitz for
the suggestion.
Fix pathalogical behaviour when a broken client keeps sending
DHCPDISCOVER messages repeatedly and fast. Because dealing with
each of these takes a few seconds, (because of the ping) then a
queue of DHCP packets could build up. Now, the results of a ping
test are assumed to be valid for 30 seconds, so repeated waits are
not required. Thanks to Luca Landi for finding this.
Allow DHCPINFORM requests without hardware address
information. These are generated by some browsers, looking
for proxy information. Thanks to Stanley Jaddoe for the
bug report on that.
Add support of the "client FQDN" DHCP option. If present,
this is used to allow the client to tell dnsmasq its name,
in preference to (mis)using the hostname option. See
http://tools.ietf.org/wg/dhc/draft-ietf-dhc-fqdn-option/\
draft-ietf-dhc-fqdn-option-10.txt
for details of the draft spec.
Added startup scripts for MacOS X Tiger/Panther to the
contrib collection. Thanks to Tim Cutts.
Tweak DHCP network selection so that clients which turn up
on our network in REBINDING state and with a lease for a
foreign network will get a NAK response. Thanks to Dan
Shechter for work on this and an initial patch and thanks
to Gyorgy Farkas for further testing.
Fix DNS query forwarding for empty queries and forward
queries even when the recursion-desired bit is clear. This
allows "dig +trace" to work. Problem report from Uwe
Gansert.
Added "const" declarations where appropriate, thanks to
Andreas Mohr for the patch.
Added --bootp-dynamic option and associated
functionality. Thanks to Josef Wolf for the suggestion.
version 2.24
Updated contrib/openvpn/dnsmasq.patch from Joseph Tate.
Tweaked DHCP NAK code, a DHCP NAK is now unicast as a
fallback in cases where a broadcast is futile: namely in
response to a unicast REQUEST from a non-local network
which was not sent via a relay.
Slightly changed the semantics of domain matching in
--server and --address configs. --server=/domain.com/ still
matches domain.com and sub.domain.com but does not
now match newdomain.com The semantics of
--server=/.domain.com/ are unchanged.
Thanks to Chris Blaise for the patch.
Added backwards-compatible internationalisation support.
The existing make targets, (all, dnsmasq, install) work as
before. New ones (all-i18n, and install-i18n) add gettext.
The translations live in po/ There are not too many
strings, so if anybody can provide translations (and for
the manpage....) please send them in.
Tweak behaviour on receipt of REFUSED or SERVFAIL rcodes,
now the query gets retried on all servers before returning
the error to the source of the query. Thanks to Javier
Kohen for the report.
Added Polish translation - thanks to Tomasz Sochanski.
Changed default manpage install location from /usr/man
to /usr/share/man
Added Spanish translation - thanks to Christopher Chatham.
Log a warning when a DHCP packet is truncated due to lack
of space. (Thanks to Michael Welle for the prompt to do
this.)
Added French translation - thanks to Lionel Tricon.
Added Indonesian translation - thanks to Salman AS.
Tweaked the netlink code to cope with interface broadcast
address not set, or set to 0.0.0.0.
Fixed problem assigning fixed addresses to hosts when more
than one dhcp-range is available. Thanks to Sorin Panca
for help chasing this down.
Added more explict error mesages to the hosts file and
ethers file reading code. Markus Kaiserswerth suffered to
make this happen.
Ensure that a hostname supplied by a DHCP client can never
override one configured on the server. Previously, any
host claiming a name would be given it, even if that
over-rode a dhcp-host declaration, leading to potentially
confusing situations.
Added Slackware package-build stuff into contrib/ The i18n
effort broke the current scripts, and working ones were
needed for testing, so they ended up here rather than make
Pat re-invent the wheel.
Added Romanian translation, thanks to Sorin Panca for
that.
|