August 18th, 2012
· The main addition in this release is a new mode, --bind-dynamic, which both avoids binding the wildcard IP address and copes with dynamically created network interfaces, thus removing the main limitations of the two existing network modes.
April 30th, 2012
· This version has a lot of extra work on the DHCPv6 code that debuted in 2.60.
· Many bugs have been fixed and extra features added.
· The router advertisement feature is now much more configurable, and there's a mode that allows dnsmasq to make AAAA DNS records for hosts that use SLAAC IPv6 addresses and DHCP IPv4 addresses.
October 19th, 2011
· This version addresses a couple of issues that have surfaced with dnsmasq-2.58, which could cause problems at startup with IPv6 link-local addresses.
· One is a regression in dnsmasq, and the other stems from a change in the behaviour of bridge interfaces in recent Linux kernels.
August 29th, 2011
· version 2.58
· Provide a definition of the SA_SIZE macro where it's missing. Fixes build failure on openBSD.
· Don't include a zero terminator at the end of messages sent to /dev/log when /dev/log is a datagram socket. Thanks to Didier Rabound for spotting the problem.
· Add --dhcp-sequential-ip flag, to force allocation of IP addresses in ascending order. Note that the default pseudo-random mode is in general better but some server-deployment applications need this.
· Fix problem where a server-id of 0.0.0.0 is sent to a client when a dhcp-relay is in use if a client renews a lease after dnsmasq restart and before any clients on the subnet get a new lease. Thanks to Mike Ruiz for assistance in chasing this one down.
· Don't return NXDOMAIN to an AAAA query if we have CNAME which points to an A record only: NODATA is the correct reply in this case. Thanks to Tom Fernandes for spotting the problem.
· Relax the need to supply a netmask in --dhcp-range for networks which use a DHCP relay. Whilst this is still desireable, in the absence of a netmask dnsmasq will use a default based on the class (A, B, or C) of the address. This should at least remove a cause of mysterious failure for people using RFC1918 addresses and relays.
· Add support for Linux conntrack connection marking. If enabled with --conntrack, the connection mark for incoming DNS queries will be copied to the outgoing connections used to answer those queries. This allows clever firewall and accounting stuff. Only available if dnsmasq is compiled with HAVE_CONNTRACK and adds a dependency on libnetfilter-conntrack. Thanks to Ed Wildgoose for the initial idea, testing and sponsorship of this function.
· Provide a sane error message when someone attempts to match a tag in --dhcp-host.
· Tweak the behaviour of --domain-needed, to avoid problems with recursive nameservers downstream of dnsmasq. The new behaviour only stops A and AAAA queries, and returns NODATA rather than NXDOMAIN replies.
· Efficiency fix for very large DHCP configurations, thanks to James Gartrell and Mike Ruiz for help with this.
· Allow the TFTP-server address in --dhcp-boot to be a domain-name which is looked up in /etc/hosts. This can give multiple IP addresses which are used round-robin, thus doing TFTP server load-balancing. Thanks to Sushil Agrawal for the patch.
· When two tagged dhcp-options for a particular option number are both valid, use the one which is valid without a tag from the dhcp-range. Allows overriding of the value of a DHCP option for a particular host as well as per-network values.
· will set the NIS-domain to domain1 for hosts in the range, but
· override that to domain2 for a particular host.
· Fix bug which resulted in truncated files and timeouts for some TFTP transfers. The bug only occurs with netascii transfers and needs an unfortunate relationship between file size, blocksize and the number of newlines in the last block before it manifests itself. Many thanks to Alkis Georgopoulos for spotting the problem and providing a comprehensive test-case.
· Fix regression in TFTP server on *BSD platforms introduced in version 2.56, due to confusion with sockaddr length. Many thanks to LoÃ¯c Pefferkorn for finding this.
· Support scope-ids in IPv6 addresses of nameservers from /etc/resolv.conf and in --server options. E
· Eg nameserver fe80::202:a412:4512:7bbf%eth0
· server=fe80::202:a412:4512:7bbf%eth0. Thanks to
· Michael Stapelberg for the suggestion.
· Update Polish translation, thanks to Jan Psota.
· Update French translation. Thanks to Gildas Le Nadan.
February 21st, 2011
· This version fixes a couple of regressions in the previous release and adds support for the Android platform.
February 15th, 2011
· Add a patch to allow dnsmasq to get interface names right in a Solaris zone. Thanks to Dj Padzensky for this.
· Improve data-type parsing heuristics so that --dhcp-option=option:domain-search,. treats the value as a string and not an IP address. Thanks to Clemens Fischer for spotting that.
· Add IPv6 support to the TFTP server. Many thanks to Jan 'RedBully' Seiffert for the patches.
· Log DNS queries at level LOG_INFO, rather then LOG_DEBUG. This makes things consistent with DHCP logging. Thanks to Adam Pribyl for spotting the problem.
· Ensure that dnsmasq terminates cleanly when using--syslog-async even if it cannot make a connection to the syslogd.
· Add --add-mac option. This is to support currently experimental DNS filtering facilities. Thanks to Benjamin Petrin for the orignal patch.
· Fix bug which meant that tags were ignored in dhcp-range configuration specifying PXE-proxy service. Thanks to Cristiano Cumer for spotting this.
· Raise an error if there is extra junk, not part of an option, on the command line.
· Flag a couple of log messages in cache.c as coming from the DHCP subsystem. Thanks to Olaf Westrik for the patch.
· Omit timestamps from logs when a) logging to stderr and b) --keep-in-forground is set. The logging facility on the other end of stderr can be assumned to supply them. Thanks to John Hallam for the patch.
· Don't complain about strings longer than 255 characters in --txt-record, just split the long strings into 255character chunks instead.
· Fix crash on double-free. This bug can only happen when dhcp-script is in use and then only in rare circumstances triggered by high DHCP transaction rate and a slow script. Thanks to Ferenc Wagner for finding the problem
· Only log that a file has been sent by TFTP after the transfer has completed succesfully.
· A good suggestion from Ferenc Wagner: extend the --domain option to allow this sort of thing: --domain=thekelleys.org.uk,192.168.0.0/24,local which automatically creates
· Tighten up syntax checking of hex contants in the config file. Thanks to Fred Damen for spotting this.
· Add dnsmasq logo/icon, contributed by Justin Swift. Many thanks for that.
· Never cache DNS replies which have the 'cd' bit set, or which result from queries forwarded with the 'cd' bit set. The 'cd' bit instructs a DNSSEC validating server upstream to ignore signature failures and return replies anyway. Without this change it's possible to pollute the dnsmasq cache with bad data by making a query with the 'cd' bit set and subsequent queries would return this data without its being marked as suspect. Thanks to Anders Kaseorg for pointing out this problem.
· Add --proxy-dnssec flag, for compliance with RFC 4035. Dnsmasq will now clear the 'ad' bit in answers returned from upstream validating nameservers unless this option is set.
· Allow a filename of "-" for --conf-file to read stdin. Suggestion from Timothy Redaelli.
· Rotate the order of SRV records in replies, to provide round-robin load balancing when all the priorities are equal. Thanks to Peter McKinney for the suggestion.
· Edit contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist so that it doesn't log all queries to a file by default. Thanks again to Peter McKinney.
· By default, setting an IPv4 address for a domain but not an IPv6 address causes dnsmasq to return an NODATA reply for IPv6 (or vice-versa). So --address=/google.com/126.96.36.199 stops IPv6 queries for *google.com from being forwarded. Make it possible to override this behaviour by defining the sematics if the same domain appears in both --server and--address. In that case, the --address has priority for the address family in which is appears, but the --server has priority of the address family which doesn't appear in--adddress
· Will return 188.8.131.52 for IPv4 queries for *.google.com but forward IPv6 queries to the normal upstream nameserver. Similarly when setting an IPv6 address only this will allow forwarding of IPv4 queries. Thanks to William for pointing out the need for this.
· Allow more than one --dhcp-optsfile and --dhcp-hostsfile and make them understand directories as arguments in the same way as --addn-hosts. Suggestion from John Hanks.
· Ignore rebinding requests for leases we don't know about. Rebind is broadcast, so we might get to overhear a request meant for another DHCP server. NAKing this is wrong. Thanks to Brad D'Hondt for assistance with this.
· Fix cosmetic bug which produced strange output when dumping cache statistics with some configurations. Thanks to Fedor Kozhevnikov for spotting this.
June 8th, 2010
· Fix crash when /etc/ethers is in use. Thanks to Gianluigi Tiesi for finding this.
· Fix crash in netlink_multicast(). Thanks to Arno Wald for finding this one.
· Allow the empty domain "." in dhcp domain-search (119) options.
June 4th, 2010
· Fix failure to compile on Debian/kFreeBSD. Thanks to Axel Beckert and Petr Salinger. Fix code to avoid scary strict-aliasing warnings generated by gcc 4.4. Added FAQ entry warning about DHCP failures with Vista when firewalls block 255.255.255.255. Fixed bug which caused bad things to happen if a resolv.conf file which exists is subsequently removed. Thanks to Nikolai Saoukh for the patch. Rationalised the DHCP tag system. Every configuration item which can set a tag does so by adding "set:< tag >" and every configuration item which is conditional on a tag is made so by "tag:< tag >". The NOT operator changes to '!', which is a bit more intuitive too. Dhcp-host directives can set more than one tag now. The old '#' NOT, "net:" prefix and no-prefixes are still honoured, so no existing config file needs to be changed, but the documentation and new-style config files should be much less confusing. Added --tag-if to allow boolean operations on tags. This allows complicated logic to be clearer and more general. A great suggestion from Richard Voigt. Add broadcast/unicast information to DHCP logging. Allow --dhcp-broadcast to be unconditional. Fixed incorrect behaviour with NOT < tag > conditionals in dhcp-options. Thanks to Max Turkewitz for assistance finding this. If we send vendor-class encapsulated options based on the vendor-class supplied by the client, and no explicit vendor-class option is given, echo back the vendor-class from the client. Fix bug which stopped dnsmasq from matching both a circuitid and a remoteid. Thanks to Ignacio Bravo for finding this. Add --dhcp-proxy, which makes it possible to configure dnsmasq to use a DHCP relay agent as a full proxy, with all DHCP messages passing through the proxy. This is useful if the relay adds extra information to the packets it forwards, but cannot be configured with the RFC 5107 server-override option. Added interface:< iface name > part to dhcp-range. The semantics of this are very odd at first sight, but it allows a single line of the form dhcp-range=interface:virt0,192.168.0.4,192.168.0.200 to be added to dnsmasq configuration which then supplies DHCP and DNS services to that interface, without affecting what services are supplied to other interfaces and irrespective of the existance or lack of interface=< interface > lines elsewhere in the dnsmasq configuration. The idea is that such a line can be added automatically by libvirt or equivalent systems, without disturbing any manual configuration. Similarly to the above, allow --enable-tftp=< interface > Allow a TFTP root to be set separately for requests via different interfaces, --tftp-root=< path >,< interface > Correctly handle and log clashes between CNAMES and DNS names being given to DHCP leases. This fixes a bug which caused nonsense IP addresses to be logged. Thanks to Sergei Zhirikov for finding and analysing the problem. Tweak flush_log so as to avoid leaving the log file in non-blocking mode. O_NONBLOCK is a property of the file, not the process/descriptor. Fix contrib/Solaris10/create_package (/usr/man - > /usr/share/man) Thanks to Vita Batrla. Fix a problem where, if a client got a lease, then went to another subnet and got another lease, then moved back, it couldn't resume the old lease, but would instead get a new address. Thanks to Leonardo Rodrigues for spotting this and testing the fix. Fix weird bug which sometimes omitted certain characters from the start of quoted strings in dhcp-options. Thanks to Dayton Turner for spotting the problem. Add facility to redirect some domains to the standard upstream servers: this allows something like --server=/google.com/184.108.40.206 --server=/www.google.com/# which will send queries for *.google.com to 220.127.116.11, except *www.google.com which will be forwarded as usual. Thanks to AJ Weber for prompting this addition. Improve the hash-algorithm used to generate IP addresses from MAC addresses during initial DHCP address allocation. This improves performance when large numbers of hosts with similar MAC addresses all try and get an IP address at the same time. Thanks to Paul Smith for his work on this. Tweak DHCP code so that --bridge-interface can be used to select which IP alias of an interface should be used for DHCP purposes on Linux. If eth0 has an alias eth0:dhcp then adding --bridge-interface=eth0:dhcp,eth0 will use the address of eth0:dhcp to determine the correct subnet for DHCP address allocation. Thanks to Pawel Golaszewski for prompting this and Eric Cooper for further testing. Add --dhcp-generate-names. Suggestion by Ferenc Wagner. Tweak DNS server selection algorithm when there is more than one server available for a domain, eg. --server=/mydomain/18.104.22.168 --server=/mydomain/22.214.171.124 Thanks to Alberto Cuesta-Canada for spotting a weakness here. Add --max-ttl. Thanks to Fredrik Ringertz for the patch. Allow --log-facility=- to force all logging to stderr. Suggestion from Clemens Fischer. Fix regression which caused configuration like --address=/.domain.com/126.96.36.199 to be rejected. The dot to the left of the domain has been implied and not required for a long time, but it should be accepted for backward compatibility. Thanks to Andrew Burcin for spotting this. Add --rebind-domain-ok and --rebind-localhost-ok. Suggestion from Clemens Fischer. Log replies to queries of type TXT, when --log-queries is set. Fix compiler warnings when compiled with -DNO_DHCP. Thanks to Shantanu Gadgil for the patch. Updated French translation. Thanks to Gildas Le Nadan. Updated Polish translation. Thanks to Jan Psota. Updated German translation. Thanks to Matthias Andree. Added contrib/static-arp, thanks to Darren Hoo. Fix corruption of the domain when a name from /etc/hosts overrides one supplied by a DHCP client. Thanks to Fedor Kozhevnikov for spotting the problem. Updated Spanish translation. Thanks to Chris Chatham.
January 23rd, 2010
· Work around a Linux kernel bug which insists that the length of the option passed to setsockopt must be at least
· sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
· and the device name is "lo". Note that this is fixed in kernel 2.6.31, but the workaround is harmless and allows earlier kernels to be used. Also fix dnsmasq bug which reported the wrong address when this failed. Thanks to Fedor for finding this.
· The API for IPv6 PKTINFO changed around Linux kernel2.6.14. Workaround the case where dnsmasq is compiledagainst newer headers, but then run on an old kernel:necessary for some *WRT distros.
· Re-read the set of network interfaces when re-loading/etc/resolv.conf if --bind-interfaces is not set. Thishandles the case that loopback interfaces do not existwhen dnsmasq is first started.
· Tweak the PXE code to support port 4011. This shouldreduce broadcasts and make things more reliable when otherservers are around. It also improves inter-operabilitywith certain clients.
· Make a pxe-service configuration with no filename or boot service type legal: this does a local boot. eg.pxe-service=x86PC, "Local boot"
· Be more conservative in detecting "A for A"queries. Dnsmasq checks if the name in a type=A query lookslike a dotted-quad IP address and answers the query itselfif so, rather than forwarding it. Previously dnsmasqrelied in the library function inet_addr() to convertaddresses, and that will accept some things which areconfusing in this context, like 1.2.3 or even just1234. Now we only do A for A processing for four decimalnumbers delimited by dots.
· A couple of tweaks to fix compilation on Solaris. Thanksto Joel Macklow for help with this.
· Another Solaris compilation tweak, needed for Solaris2009.06. Thanks to Lee Essen for that.
· Added extract packaging stuff from Lee Essen to contrib/Solaris10.
· Increased the default limit on number of leases to 1000 (from 150). This is mainly a defence against DoS attacks, and for the average "one for two class C networks" installation, IP address exhaustion does that just as well. Making the limit greater than the number of IP addresses available in such an installation removes a surprise which otherwise can catch people out.
· Removed extraneous trailing space in the value of theDNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH andDNSMASQ_LEASE_EXPIRES environment variables. Thanks toGildas Le Nadan for spotting this.
· Provide the network-id tags for a DHCP transaction to the lease-change script in the environment variableDNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.
· Add support for RFC3925 "Vendor-Identifying VendorOptions". The syntax looks like this: --dhcp-option=vi-encap:, .........
· Add support to --dhcp-match to allow matching againstRFC3925 "Vendor-Identifying Vendor Classes". The syntaxlooks like this:--dhcp-match=tag,vi-encap, Add some application specific code to assist inimplementing the Broadband forum TR069 CPE-WANspecification. The details are in contrib/CPE-WAN/README
· Increase the default DNS packet size limit to 4096, asrecommended by RFC5625 section 4.4.3. This can bereconfigured using --edns-packet-max if needed. Thanks toFrancis Dupont for pointing this out.
· Rewrite query-ids even for DNSSEC signed packets, sincethis is allowed by RFC5625 section 4.5.Use getopt_long by default on OS X. It has been supportedsince version 10.3.0. Thanks to Arek Dreyer for spottingthis.
· Added up-to-date startup configuration for MacOSX/launchdin contrib/MacOSX-launchd. Thanks to Arek Dreyer forproviding this.
· Fix link error when including Dbus but excluding DHCP. Thanks to Oschtan for the bug report.
· Updated French translation. Thanks to Gildas Le Nadan.
· Updated Polish translation. Thanks to Jan Psota.
· Updated Spanish translation. Thanks to Chris Chatham.
October 14th, 2009
· The main change for this version is support for internationalized DNS (IDN). Non-ASCII characters in domain names found in /etc/hosts, /etc/ethers, and /etc/dnsmasq.conf will be correctly handled by translation to punycode, as specified in RFC3490.
· There are also minor enhancements to TFTP and PXE handling, and a bugfix that re-enables DHCP relay agent options.
September 1st, 2009
· There are two security fixes.
· One issue allowed a crafted malformed TFTP packet to crash dnsmasq with a NULL pointer dereference.
· The other allowed a crafted TFTP packet to overflow the heap by the length of the TFTP prefix.
June 11th, 2009
· Fix regression in 2.48 which disables the lease-change script. Thanks to Jose Luis Duran for spotting this.
· Log TFTP "file not found" errors. These were not logged, since a normal PXELinux boot generates many of them, but the lack of the messages seems to be more confusing than routinely seeing them when there is no real error.
· Update Spanish translation. Thanks to Chris Chatham.
February 6th, 2009
· Bugs fixed include NetBSD 5.0 compatibility, DBus configuration, and network interface binding.
· Additional features include more flexible encapsulated DHCP options (for gPXE), better DHCP packet matching facilities, and IP address rewriting.
November 15th, 2008
· This release adds two frequently-requested features: ability to handle more than one DNS domain, and static DHCP address assignment to more than one MAC address (for laptops with both wired and wireless networking).
· There are also enhancements to the DBus interface and a (limited) facility to return CNAME DNS records.