[Cerowrt-devel] Fwd: [Dnsmasq-discuss] Announce: dnsmasq-2.73rc1

Dave Taht dave.taht at gmail.com
Thu Mar 19 22:33:22 EDT 2015

dang it, now I guess I have yet another reason to do a new release of
cero. Nicely elegant dnssec timestamp fix, in particular.

I am going to cut another pure openwrt release for ubnt this weekend
and do a test deployment.

---------- Forwarded message ----------
From: Simon Kelley <simon at thekelleys.org.uk>
Date: Thu, Mar 19, 2015 at 4:42 PM
Subject: [Dnsmasq-discuss] Announce: dnsmasq-2.73rc1
To: dnsmasq-discuss at thekelleys.org.uk

Hash: SHA1

I want to start the release-process towards 2.73. There's a whole heap
of good stuff since 2.72, and good reasons to get it out there before
proceeding further with stuff that's in progress.

Please test if you can, code is available at


Release notes below.



version 2.73
            Fix crash at startup when an empty suffix is supplied to
            --conf-dir, also trivial memory leak. Thanks to
            Tomas Hozza for spotting this.

            Remove floor of 4096 on advertised EDNS0 packet size when
            DNSSEC in use, the original rationale for this has
            long  gone. Thanks to Anders Kaseorg for spotting this.

            Use inotify for checking on updates to /etc/resolv.conf and
            friends under Linux. This fixes race conditions when the
            files are updated rapidly and saves CPU by not polling. To
            build a binary that runs on old Linux kernels without
            inotify, use make COPTS=-DNO_INOTIFY

            Fix breakage of --domain=<domain>,<subnet>,local - only
            reverse queries were intercepted. THis appears to have been
            broken since 2.69. Thanks to Josh Stone for finding the bug.

            Eliminate IPv6 privacy addresses and deprecated addresses
            from the answers given by --interface-name. Note that
            reverse queries(ie looking for names, given addresses) are
            not affected.
            Thanks to Michael Gorbach for the suggestion.

            Fix crash in DNSSEC code with long RRs. Thanks to
            Marco Davids for the bug report.

            Add --ignore-address option. Ignore replies to A-record
            queries which include the specified address. No error is
            generated, dnsmasq simply continues to listen for another
            reply. This is useful to defeat blocking strategies which
            rely on quickly supplying a forged answer to a DNS
            request for certain domains, before the correct answer can
            arrive. Thanks to Glen Huang for the patch.

            Revisit the part of DNSSEC validation which determines if
            an unsigned answer is legit, or is in some part of the DNS
            tree which should be signed. Dnsmasq now works from the
            DNS root downward looking for the limit of signed
            delegations, rather than working bottom up. This is
            both more correct, and less likely to trip over broken
            nameservers in the unsigned parts of the DNS tree
            which don't respond well to DNSSEC queries.

            Add --log-queries=extra option, which makes logs easier
            to search automatically.

            Add --min-cache-ttl option. I've resisted this for a long
            time, on the grounds that disbelieving TTLs is never a
            good idea, but I've been persuaded that there are
            sometimes reasons to do it. (Step forward, GFW).
            To avoid misuse, there's a hard limit on the TTL
            floor of one hour. Thansk to RinSatsuki for the patch.

            Cope with multiple interfaces with the same link-local
            address. (IPv6 addresses are scoped, so this is allowed.)
            Thanks to Cory Benfield for help with this.

            Add --dhcp-hostsdir. This allows addition of new host
            configurations to a running dnsmasq instance much more
            cheaply than having dnsmasq re-read all its existing
            configuration each time.

            Don't reply to DHCPv6 SOLICIT messages if we're not
            configured to do stateful DHCPv6. Thanks to Win King Wan
            for the patch.

            Fix broken DNSSEC validation of ECDSA signatures.

            Add --dnssec-timestamp option, which provides an automatic
            way to detect when the system time becomes valid after boot
            on systems without an RTC, whilst allowing DNS queries
            before the clock is valid so that NTP can run. Thanks to
            Kevin Darbyshire-Bryant for developing this idea.

Version: GnuPG v1


Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk

Dave Täht
Let's make wifi fast, less jittery and reliable again!


More information about the Cerowrt-devel mailing list