1 version 2.51 2 Add support for internationalised DNS. Non-ASCII characters 3 in domain names found in /etc/hosts, /etc/ethers and 4 /etc/dnsmasq.conf will be correctly handled by translation to 5 punycode, as specified in RFC3490. This function is only 6 available if dnsmasq is compiled with internationalisation 7 support, and adds a dependency on GNU libidn. Without i18n 8 support, dnsmasq continues to be compilable with just 9 standard tools. Thanks to Yves Dorfsman for the 10 suggestion. 11 12 Add two more environment variables for lease-change scripts: 13 First, DNSMASQ_SUPPLIED_HOSTNAME; this is set to the hostname 14 supplied by a client, even if the actual hostname used is 15 over-ridden by dhcp-host or dhcp-ignore-names directives. 16 Also DNSMASQ_RELAY_ADDRESS which gives the address of 17 a DHCP relay, if used. 18 Suggestions from Michael Rack. 19 20 Fix regression which broke echo of relay-agent 21 options. Thanks to Michael Rack for spotting this. 22 23 Don't treat option 67 as being interchangeable with 24 dhcp-boot parameters if it's specified as 25 dhcp-option-force. 26 27 Make the code to call scripts on lease-change compile-time 28 optional. It can be switched off by editing src/config.h 29 or building with "make COPTS=-DNO_SCRIPT". 30 31 Make the TFTP server cope with filenames from Windows/DOS 32 which use '\' as pathname separator. Thanks to Ralf for 33 the patch. 34 35 Updated Polish translation. Thanks to Jan Psota. 36 37 Warn if an IP address is duplicated in /etc/ethers. Thanks 38 to Felix Schwarz for pointing this out. 39 40 Teach --conf-dir to take an option list of file suffices 41 which will be ignored when scanning the directory. Useful 42 for backup files etc. Thanks to Helmut Hullen for the 43 suggestion. 44 45 Add new DHCP option named tftpserver-address, which 46 corresponds to the third argument of dhcp-boot. This 47 allows the complete functionality of dhcp-boot to be 48 replicated with dhcp-option. Useful when using 49 dhcp-optsfile. 50 51 Test which upstream nameserver to use every 10 seconds 52 or 50 queries and not just when a query times out and 53 is retried. This should improve performance when there 54 is a slow nameserver in the list. Thanks to Joe for the 55 suggestion. 56 57 Don't do any PXE processing, even for clients with the 58 correct vendorclass, unless at least one pxe-prompt or 59 pxe-service option is given. This stops dnsmasq 60 interfering with proxy PXE subsystems when it is just 61 the DHCP server. Thanks to Spencer Clark for spotting this. 62 63 Limit the blocksize used for TFTP transfers to a value 64 which avoids packet fragmentation, based on the MTU of the 65 local interface. Many netboot ROMs can't cope with 66 fragmented packets. 67 68 Honour dhcp-ignore configuration for PXE and proxy-PXE 69 requests. Thanks to Niels Basjes for the bug report. 70 71 Updated French translation. Thanks to Gildas Le Nadan. 72 73 74 version 2.50 75 Fix security problem which allowed any host permitted to 76 do TFTP to possibly compromise dnsmasq by remote buffer 77 overflow when TFTP enabled. Thanks to Core Security 78 Technologies and Ivn Arce, Pablo Hernn Jorge, Alejandro 79 Pablo Rodriguez, Martn Coco, Alberto Solio Testa and 80 Pablo Annetta. This problem has Bugtraq id: 36121 81 and CVE: 2009-2957 82 83 Fix a problem which allowed a malicious TFTP client to 84 crash dnsmasq. Thanks to Steve Grubb at Red Hat for 85 spotting this. This problem has Bugtraq id: 36120 and 86 CVE: 2009-2958 87 88 89 version 2.49 90 Fix regression in 2.48 which disables the lease-change 91 script. Thanks to Jose Luis Duran for spotting this. 92 93 Log TFTP "file not found" errors. These were not logged, 94 since a normal PXELinux boot generates many of them, but 95 the lack of the messages seems to be more confusing than 96 routinely seeing them when there is no real error. 97 98 Update Spanish translation. Thanks to Chris Chatham. 99 100 101 version 2.48 102 Archived the extensive, backwards, changelog to 103 CHANGELOG.archive. The current changelog now runs from 104 version 2.43 and runs conventionally. 105 106 Fixed bug which broke binding of servers to physical 107 interfaces when interface names were longer than four 108 characters. Thanks to MURASE Katsunori for the patch. 109 110 Fixed netlink code to check that messages come from the 111 correct source, and not another userspace process. Thanks 112 to Steve Grubb for the patch. 113 114 Maintainability drive: removed bug and missing feature 115 workarounds for some old platforms. Solaris 9, OpenBSD 116 older than 4.1, Glibc older than 2.2, Linux 2.2.x and 117 DBus older than 1.1.x are no longer supported. 118 119 Don't read included configuration files more than once: 120 allows complex configuration structures without problems. 121 122 Mark log messages from the various subsystems in dnsmasq: 123 messages from the DHCP subsystem now have the ident string 124 "dnsmasq-dhcp" and messages from TFTP have ident 125 "dnsmasq-tftp". Thanks to Olaf Westrik for the patch. 126 127 Fix possible infinite DHCP protocol loop when an IP 128 address nailed to a hostname (not a MAC address) and a 129 host sometimes provides the name, sometimes not. 130 131 Allow --addn-hosts to take a directory: all the files 132 in the directory are read. Thanks to Phil Cornelius for 133 the suggestion. 134 135 Support --bridge-interface on all platforms, not just BSD. 136 137 Added support for advanced PXE functions. It's now 138 possible to define a prompt and menu options which will 139 be displayed when a client PXE boots. It's also possible to 140 hand-off booting to other boot servers. Proxy-DHCP, where 141 dnsmasq just supplies the PXE information and another DHCP 142 server does address allocation, is also allowed. See the 143 --pxe-prompt and --pxe-service keywords. Thanks to 144 Alkis Georgopoulos for the suggestion and Guilherme Moro 145 and Michael Brown for assistance. 146 147 Improvements to DHCP logging. Thanks to Tom Metro for 148 useful suggestions. 149 150 Add ability to build dnsmasq without DHCP support. To do 151 this, edit src/config.h or build with 152 "make COPTS=-DNO_DHCP". Thanks to Mahavir Jain for the patch. 153 154 Added --test command-line switch - syntax check 155 configuration files only. 156 157 Updated French translation. Thanks to Gildas Le Nadan. 158 159 160 version 2.47 161 Updated French translation. Thanks to Gildas Le Nadan. 162 163 Fixed interface enumeration code to work on NetBSD 164 5.0. Thanks to Roy Marples for the patch. 165 166 Updated config.h to use the same location for the lease 167 file on NetBSD as the other *BSD variants. Also allow 168 LEASEFILE and CONFFILE symbols to be overriden in CFLAGS. 169 170 Handle duplicate address detection on IPv6 more 171 intelligently. In IPv6, an interface can have an address 172 which is not usable, because it is still undergoing DAD 173 (such addresses are marked "tentative"). Attempting to 174 bind to an address in this state returns an error, 175 EADDRNOTAVAIL. Previously, on getting such an error, 176 dnsmasq would silently abandon the address, and never 177 listen on it. Now, it retries once per second for 20 178 seconds before generating a fatal error. 20 seconds should 179 be long enough for any DAD process to complete, but can be 180 adjusted in src/config.h if necessary. Thanks to Martin 181 Krafft for the bug report. 182 183 Add DBus introspection. Patch from Jeremy Laine. 184 185 Update Dbus configuration file. Patch from Colin Walters. 186 Fix for this bug: 187 http://bugs.freedesktop.org/show_bug.cgi?id=18961 188 189 Support arbitrarily encapsulated DHCP options, suggestion 190 and initial patch from Samium Gromoff. This is useful for 191 (eg) gPXE, which expect all its private options to be 192 encapsulated inside a single option 175. So, eg, 193 194 dhcp-option = encap:175, 190, "iscsi-client0" 195 dhcp-option = encap:175, 191, "iscsi-client0-secret" 196 197 will provide iSCSI parameters to gPXE. 198 199 Enhance --dhcp-match to allow testing of the contents of a 200 client-sent option, as well as its presence. This 201 application in mind for this is RFC 4578 202 client-architecture specifiers, but it's generally useful. 203 Joey Korkames suggested the enhancement. 204 205 Move from using the IP_XMIT_IF ioctl to IP_BOUND_IF on 206 OpenSolaris. Thanks to Bastian Machek for the heads-up. 207 208 No longer complain about blank lines in 209 /etc/ethers. Thanks to Jon Nelson for the patch. 210 211 Fix binding of servers to physical devices, eg 212 --server=/domain/1.2.3.4@eth0 which was broken from 2.43 213 onwards unless --query-port=0 set. Thanks to Peter Naulls 214 for the bug report. 215 216 Reply to DHCPINFORM requests even when the supplied ciaddr 217 doesn't fall in any dhcp-range. In this case it's not 218 possible to supply a complete configuration, but 219 individually-configured options (eg PAC) may be useful. 220 221 Allow the source address of an alias to be a range: 222 --alias=192.168.0.0,10.0.0.0,255.255.255.0 maps the whole 223 subnet 192.168.0.0->192.168.0.255 to 10.0.0.0->10.0.0.255, 224 as before. 225 --alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0 226 maps only the 192.168.0.10->192.168.0.40 region. Thanks to 227 Ib Uhrskov for the suggestion. 228 229 Don't dynamically allocate DHCP addresses which may break 230 Windows. Addresses which end in .255 or .0 are broken in 231 Windows even when using supernetting. 232 --dhcp-range=192.168.0.1,192.168.1.254,255,255,254.0 means 233 192.168.0.255 is a valid IP address, but not for Windows. 234 See Microsoft KB281579. We therefore no longer allocate 235 these addresses to avoid hard-to-diagnose problems. 236 237 Update Polish translation. Thanks to Jan Psota. 238 239 Delete the PID-file when dnsmasq shuts down. Note that by 240 this time, dnsmasq is normally not running as root, so 241 this will fail if the PID-file is stored in a root-owned 242 directory; such failure is silently ignored. To take 243 advantage of this feature, the PID-file must be stored in a 244 directory owned and write-able by the user running 245 dnsmasq. 246 247 248 version 2.46 249 Allow --bootp-dynamic to take a netid tag, so that it may 250 be selectively enabled. Thanks to Olaf Westrik for the 251 suggestion. 252 253 Remove ISC-leasefile reading code. This has been 254 deprecated for a long time, and last time I removed it, it 255 ended up going back by request of one user. This time, 256 it's gone for good; otherwise it would need to be 257 re-worked to support multiple domains (see below). 258 259 Support DHCP clients in multiple DNS domains. This is a 260 long-standing request. Clients are assigned to a domain 261 based in their IP address. 262 263 Add --dhcp-fqdn flag, which changes behaviour if DNS names 264 assigned to DHCP clients. When this is set, there must be 265 a domain associated with each client, and only 266 fully-qualified domain names are added to the DNS. The 267 advantage is that the only the FQDN needs to be unique, 268 so that two or more DHCP clients can share a hostname, as 269 long as they are in different domains. 270 271 Set environment variable DNSMASQ_DOMAIN when invoking 272 lease-change script. This may be useful information to 273 have now that it's variable. 274 275 Tighten up data-checking code for DNS packet 276 handling. Thanks to Steve Dodd who found certain illegal 277 packets which could crash dnsmasq. No memory overwrite was 278 possible, so this is not a security issue beyond the DoS 279 potential. 280 281 Update example config dhcp option 47, the previous 282 suggestion generated an illegal, zero-length, 283 option. Thanks to Matthias Andree for finding this. 284 285 Rewrite hosts-file reading code to remove the limit of 286 1024 characters per line. John C Meuser found this. 287 288 Create a net-id tag with the name of the interface on 289 which the DHCP request was received. 290 291 Fixed minor memory leak in DBus code, thanks to Jeremy 292 Laine for the patch. 293 294 Emit DBus signals as the DHCP lease database 295 changes. Thanks to Jeremy Laine for the patch. 296 297 Allow for more that one MAC address in a dhcp-host 298 line. This configuration tells dnsmasq that it's OK to 299 abandon a DHCP lease of the fixed address to one MAC 300 address, if another MAC address in the dhcp-host statement 301 asks for an address. This is useful to give a fixed 302 address to a host which has two network interfaces 303 (say, a laptop with wired and wireless interfaces.) 304 It's very important to ensure that only one interface 305 at a time is up, since dnsmasq abandons the first lease 306 and re-uses the address before the leased time has 307 elapsed. John Gray suggested this. 308 309 Tweak the response to a DHCP request packet with a wrong 310 server-id when --dhcp-authoritative is set; dnsmasq now 311 returns a DHCPNAK, rather than silently ignoring the 312 packet. Thanks to Chris Marget for spotting this 313 improvement. 314 315 Add --cname option. This provides a limited alias 316 function, usable for DHCP names. Thanks to AJ Weber for 317 suggestions on this. 318 319 Updated contrib/webmin with latest version from Neil 320 Fisher. 321 322 Updated Polish translation. Thanks to Jan Psota. 323 324 Correct the text names for DHCP options 64 and 65 to be 325 "nis+-domain" and "nis+-servers". 326 327 Updated Spanish translation. Thanks to Chris Chatham. 328 329 Force re-reading of /etc/resolv.conf when an "interface 330 up" event occurs. 331 332 333 version 2.45 334 Fix total DNS failure in release 2.44 unless --min-port 335 specified. Thanks to Steven Barth and Grant Coady for 336 bugreport. Also reject out-of-range port spec, which could 337 break things too: suggestion from Gilles Espinasse. 338 339 340 version 2.44 341 Fix crash when unknown client attempts to renew a DHCP 342 lease, problem introduced in version 2.43. Thanks to 343 Carlos Carvalho for help chasing this down. 344 345 Fix potential crash when a host which doesn't have a lease 346 does DHCPINFORM. Again introduced in 2.43. This bug has 347 never been reported in the wild. 348 349 Fix crash in netlink code introduced in 2.43. Thanks to 350 Jean Wolter for finding this. 351 352 Change implementation of min_port to work even if min-port 353 is large. 354 355 Patch to enable compilation of latest Mac OS X. Thanks to 356 David Gilman. 357 358 Update Spanish translation. Thanks to Christopher Chatham. 359 360 361 version 2.43 362 Updated Polish translation. Thanks to Jan Psota. 363 364 Flag errors when configuration options are repeated 365 illegally. 366 367 Further tweaks for GNU/kFreeBSD 368 369 Add --no-wrap to msgmerge call - provides nicer .po file 370 format. 371 372 Honour lease-time spec in dhcp-host lines even for 373 BOOTP. The user is assumed to known what they are doing in 374 this case. (Hosts without the time spec still get infinite 375 leases for BOOTP, over-riding the default in the 376 dhcp-range.) Thanks to Peter Katzmann for uncovering this. 377 378 Fix problem matching relay-agent ids. Thanks to Michael 379 Rack for the bug report. 380 381 Add --naptr-record option. Suggestion from Johan 382 Bergquist. 383 384 Implement RFC 5107 server-id-override DHCP relay agent 385 option. 386 387 Apply patches from Stefan Kruger for compilation on 388 Solaris 10 under Sun studio. 389 390 Yet more tweaking of Linux capability code, to suppress 391 pointless wingeing from kernel 2.6.25 and above. 392 393 Improve error checking during startup. Previously, some 394 errors which occurred during startup would be worked 395 around, with dnsmasq still starting up. Some were logged, 396 some silent. Now, they all cause a fatal error and dnsmasq 397 terminates with a non-zero exit code. The errors are those 398 associated with changing uid and gid, setting process 399 capabilities and writing the pidfile. Thanks to Uwe 400 Gansert and the Suse security team for pointing out 401 this improvement, and Bill Reimers for good implementation 402 suggestions. 403 404 Provide NO_LARGEFILE compile option to switch off largefile 405 support when compiling against versions of uclibc which 406 don't support it. Thanks to Stephane Billiart for the patch. 407 408 Implement random source ports for interactions with 409 upstream nameservers. New spoofing attacks have been found 410 against nameservers which do not do this, though it is not 411 clear if dnsmasq is vulnerable, since to doesn't implement 412 recursion. By default dnsmasq will now use a different 413 source port (and socket) for each query it sends 414 upstream. This behaviour can suppressed using the 415 --query-port option, and the old default behaviour 416 restored using --query-port=0. Explicit source-port 417 specifications in --server configs are still honoured. 418 419 Replace the random number generator, for better 420 security. On most BSD systems, dnsmasq uses the 421 arc4random() RNG, which is secure, but on other platforms, 422 it relied on the C-library RNG, which may be 423 guessable and therefore allow spoofing. This release 424 replaces the libc RNG with the SURF RNG, from Daniel 425 J. Berstein's DJBDNS package. 426 427 Don't attempt to change user or group or set capabilities 428 if dnsmasq is run as a non-root user. Without this, the 429 change from soft to hard errors when these fail causes 430 problems for non-root daemons listening on high 431 ports. Thanks to Patrick McLean for spotting this. 432 433 Updated French translation. Thanks to Gildas Le Nadan. 434 435 436 version 2.42 437 The changelog for version 2.42 and earlier is 438 available in CHANGELOG.archive. 439
