From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 5BD9821F37C for ; Thu, 19 Mar 2015 19:33:23 -0700 (PDT) Received: by oiag65 with SMTP id g65so80998715oia.2 for ; Thu, 19 Mar 2015 19:33:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=lz2V7y5fj079bU7U2demVfZkTAMXeGAp2ItQHadyvdA=; b=DMFsILUkbfVAdNaUUK7zBq7eV2WkZxHQ3EGfkjGBEJG1J6e+zMl7DnZLK6+vRiZM7E gIxyWuQy0NKWpapCnBVVklntuQJxzMRarkypxMPmYfF4hMIyNIlcdVci9GPbfovbc9D2 6cRmInlStfzfjVJuaQ+m+GM3XsvewixfkQkGNvZo3fa3joXefhp6rFdFWBLKD03rgr22 BgrZZV4JnhyYLyg90JabI8jggkfytT+jes95A30t93Hwpu+ZGRT0/Qc5jXvT6G9sc/5m ckQJkqhPDYkh5ybd54oZJ3PLxMAbx1NVEqcQtCTSwVCOZQnvmwSUPU7H6v029Q4dZ2eX yXCA== MIME-Version: 1.0 X-Received: by 10.182.144.136 with SMTP id sm8mr63734131obb.63.1426818803009; Thu, 19 Mar 2015 19:33:23 -0700 (PDT) Received: by 10.202.51.66 with HTTP; Thu, 19 Mar 2015 19:33:22 -0700 (PDT) In-Reply-To: <550B5ED4.7000003@thekelleys.org.uk> References: <550B5ED4.7000003@thekelleys.org.uk> Date: Thu, 19 Mar 2015 19:33:22 -0700 Message-ID: From: Dave Taht To: "cerowrt-devel@lists.bufferbloat.net" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Cerowrt-devel] Fwd: [Dnsmasq-discuss] Announce: dnsmasq-2.73rc1 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2015 02:33:52 -0000 dang it, now I guess I have yet another reason to do a new release of cero. Nicely elegant dnssec timestamp fix, in particular. I am going to cut another pure openwrt release for ubnt this weekend and do a test deployment. ---------- Forwarded message ---------- From: Simon Kelley Date: Thu, Mar 19, 2015 at 4:42 PM Subject: [Dnsmasq-discuss] Announce: dnsmasq-2.73rc1 To: dnsmasq-discuss@thekelleys.org.uk -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I want to start the release-process towards 2.73. There's a whole heap of good stuff since 2.72, and good reasons to get it out there before proceeding further with stuff that's in progress. Please test if you can, code is available at http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.73rc1.tar= .gz Release notes below. Cheers, Simon. version 2.73 Fix crash at startup when an empty suffix is supplied to --conf-dir, also trivial memory leak. Thanks to Tomas Hozza for spotting this. Remove floor of 4096 on advertised EDNS0 packet size when DNSSEC in use, the original rationale for this has long gone. Thanks to Anders Kaseorg for spotting this. Use inotify for checking on updates to /etc/resolv.conf and friends under Linux. This fixes race conditions when the files are updated rapidly and saves CPU by not polling. To build a binary that runs on old Linux kernels without inotify, use make COPTS=3D-DNO_INOTIFY Fix breakage of --domain=3D,,local - only reverse queries were intercepted. THis appears to have been broken since 2.69. Thanks to Josh Stone for finding the bug. Eliminate IPv6 privacy addresses and deprecated addresses from the answers given by --interface-name. Note that reverse queries(ie looking for names, given addresses) are not affected. Thanks to Michael Gorbach for the suggestion. Fix crash in DNSSEC code with long RRs. Thanks to Marco Davids for the bug report. Add --ignore-address option. Ignore replies to A-record queries which include the specified address. No error is generated, dnsmasq simply continues to listen for another reply. This is useful to defeat blocking strategies which rely on quickly supplying a forged answer to a DNS request for certain domains, before the correct answer can arrive. Thanks to Glen Huang for the patch. Revisit the part of DNSSEC validation which determines if an unsigned answer is legit, or is in some part of the DNS tree which should be signed. Dnsmasq now works from the DNS root downward looking for the limit of signed delegations, rather than working bottom up. This is both more correct, and less likely to trip over broken nameservers in the unsigned parts of the DNS tree which don't respond well to DNSSEC queries. Add --log-queries=3Dextra option, which makes logs easier to search automatically. Add --min-cache-ttl option. I've resisted this for a long time, on the grounds that disbelieving TTLs is never a good idea, but I've been persuaded that there are sometimes reasons to do it. (Step forward, GFW). To avoid misuse, there's a hard limit on the TTL floor of one hour. Thansk to RinSatsuki for the patch. Cope with multiple interfaces with the same link-local address. (IPv6 addresses are scoped, so this is allowed.) Thanks to Cory Benfield for help with this. Add --dhcp-hostsdir. This allows addition of new host configurations to a running dnsmasq instance much more cheaply than having dnsmasq re-read all its existing configuration each time. Don't reply to DHCPv6 SOLICIT messages if we're not configured to do stateful DHCPv6. Thanks to Win King Wan for the patch. Fix broken DNSSEC validation of ECDSA signatures. Add --dnssec-timestamp option, which provides an automatic way to detect when the system time becomes valid after boot on systems without an RTC, whilst allowing DNS queries before the clock is valid so that NTP can run. Thanks to Kevin Darbyshire-Bryant for developing this idea. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlULXtQACgkQKPyGmiibgrcgpACgigRXmppeFY2YNMUceMOSsCsk boIAoKYi3cLBqIS+RptX63B+EJlaOGJ5 =3DEA3h -----END PGP SIGNATURE----- _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss --=20 Dave T=C3=A4ht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb