Softpedia >Linux >Internet >DNS >Dnsmasq >  Changelog

Dnsmasq Changelog

What's new in Dnsmasq 2.77

Jul 13, 2017
  • Generate an error when configured with a CNAME loop, rather than a crash. Thanks to George Metz for spotting this problem.
  • Calculate the length of TFTP error reply packet correctly. This fixes a problem when the error message in a TFTP packet exceeds the arbitrary limit of 500 characters. The message was correctly truncated, but not the packet length, so extra data was appended. This is a possible security risk, since the extra data comes from a buffer which is also used for DNS, so that previous DNS queries or replies may be leaked. Thanks to Mozilla for funding the security audit which spotted this bug.
  • Fix logic error in Linux netlink code. This could cause dnsmasq to enter a tight loop on systems with a very large number of network interfaces. Thanks to Ivan Kokshaysky for the diagnosis and patch.
  • Fix problem with --dnssec-timestamp whereby receipt of SIGHUP would erroneously engage timestamp checking. Thanks to Kevin Darbyshire-Bryant for this work.
  • Bump zone serial on reloading /etc/hosts and friends when providing authoritative DNS. Thanks to Harrald Dunkel for spotting this.
  • Handle v4-mapped IPv6 addresses sanely in --synth-domain. These have standard representation like ::ffff:1.2.3.4 and are now converted to names like --ffff-1-2-3-4.
  • Handle binding upstream servers to an interface (--server=1.2.3.4@eth0) when the named interface is destroyed and recreated in the kernel. Thanks to Beniamino Galvani for the patch.
  • Allow wildcard CNAME records in authoritative zones. For example --cname=*.example.com,default.example.com Thanks to Pro Backup for sponsoring this development.
  • Bump the allowed backlog of TCP connections from 5 to 32, and make this a compile-time configurable option. Thanks to Donatas Abraitis for diagnosing this as a potential problem.
  • Add DNSMASQ_REQUESTED_OPTIONS environment variable to the lease-change script. Thanks to ZHAO Yu for the patch.
  • Fix foobar in rrfilter code, that could cause malformed replies, especially when DNSSEC validation on, and the upstream server returns answer with the RRs in a particular order. The only DNS server known to tickle this is Nominum's. Thanks to Dave Täht for spotting the bug and assisting in the fix.
  • Fix the manpage which lied that only the primary address of an interface is used by --interface-name.
  • Make --localise-queries apply to names from --interface-name. Thanks to Kevin Darbyshire-Bryant and Eric Luehrsen for pushing this.
  • Improve connection handling when talking to TCP upstream servers. Specifically, be prepared to open a new TCP connection when we want to make multiple queries but the upstream server accepts fewer queries per connection.
  • Improve logging of upstream servers when there are a lot of "local addresses only" entries. Thanks to Hannu Nyman for the patch.
  • Make --bogus-priv apply to IPv6, for the prefixes specified in RFC6303. Thanks to Kevin Darbyshire-Bryant for work on this.
  • Allow use of MAC addresses with --tftp-unique-root. Thanks to Floris Bos for the patch.
  • Add --dhcp-reply-delay option. Thanks to Floris Bos for the patch.
  • Add mtu setting facility to --ra-param. Thanks to David Flamand for the patch.
  • Capture STDOUT and STDERR output from dhcp-script and log it as part of the dnsmasq log stream. Makes life easier for diagnosing unexpected problems in scripts. Thanks to Petr Mensik for the patch.
  • Generate fatal errors when failing to parse the output of the dhcp-script in "init" mode. Avoids strange errors when the script accidentally emits error messages. Thanks to Petr Mensik for the patch.
  • Make --rev-server for an RFC1918 subnet work even in the presence of the --bogus-priv flag. Thanks to Vladislav Grishenko for the patch.
  • Extend --ra-param mtu: field to allow an interface name. This allows the MTU of a WAN interface to be advertised on the internal interfaces of a router. Thanks to Vladislav Grishenko for the patch.
  • Do ICMP-ping check for address-in-use for DHCPv4 when the client specifies an address in DHCPDISCOVER, and when an address in configured locally. Thanks to Alin Năstac for spotting the problem.
  • Add new DHCP tag "known-othernet" which is set when only a dhcp-host exists for another subnet. Can be used to ensure that privileged hosts are not given "guest" addresses by accident. Thanks to Todd Sanket for the suggestion.
  • Remove historic automatic inclusion of IDN support when building internationalisation support. This doesn't fit now there is a choice of IDN libraries. Be sure to include either -DHAVE_IDN or -DHAVE_LIBIDN2 for IDN support.

New in Dnsmasq 2.72 (Jan 9, 2015)

  • Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
  • Add support for "ipsets" in *BSD, using pf. Thanks to Sven Falempim for the patch.
  • Fix race condition which could lock up dnsmasq when an interface goes down and up rapidly. Thanks to Conrad Kostecki for helping to chase this down.
  • Add DBus methods SetFilterWin2KOption and SetBogusPrivOption. Thanks to the Smoothwall project for the patch.
  • Fix failure to build against Nettle-3.0. Thanks to Steven Barth for spotting this and finding the fix. When assigning existing DHCP leases to intefaces by comparing networks, handle the case that two or more interfaces have the same network part, but different prefix lengths (favour the longer prefix length.) Thanks to Lung-Pin Chang for the patch.
  • Add a mode which detects and removes DNS forwarding loops, ie a query sent to an upstream server returns as a new query to dnsmasq, and would therefore be forwarded again, resulting in a query which loops many times before being dropped. Upstream servers which loop back are disabled and this event is logged. Thanks to Smoothwall for their sponsorship of this feature.
  • Extend --conf-dir to allow filtering of files. So --conf-dir=/etc/dnsmasq.d,\*.conf will load all the files in /etc/dnsmasq.d which end in .conf
  • Fix bug when resulted in NXDOMAIN answers instead of NODATA in some circumstances.
  • Fix bug which caused dnsmasq to become unresponsive if it failed to send packets due to a network interface disappearing. Thanks to Niels Peen for spotting this.
  • Fix problem with --local-service option on big-endian platforms. Thanks to Richard Genoud for the patch.

New in Dnsmasq 2.68 (Dec 9, 2013)

  • Use random addresses for DHCPv6 temporary address allocations, instead of algorithmically determined stable addresses.
  • Fix bug which meant that the DHCPv6 DUID was not available in DHCP script runs during the lifetime of the dnsmasq process which created the DUID de-novo. Once the DUID was created and stored in the lease file and dnsmasq restarted, this bug disappeared.
  • Fix bug introduced in 2.67 which could result in erroneous NXDOMAIN returns to CNAME queries.
  • Fix build failures on MacOS X and openBSD.
  • Allow subnet specifications in --auth-zone to be interface names as well as address literals. This makes it possible to configure authoritative DNS when local address ranges are dynamic and works much better than the previous work-around which exempted contructed DHCP ranges from the IP address filtering. As a consequence, that work-around is removed. Under certain circumstances, this change wil break existing configuration: if you're relying on the contructed-range exception, you need to change --auth-zone to specify the same interface as is used to construct your DHCP ranges, probably with a trailing "/6" like this: --auth-zone=example.com,eth0/6 to limit the addresses to IPv6 addresses of eth0.
  • Fix problems when advertising deleted IPv6 prefixes. If the prefix is deleted (rather than replaced), it doesn't get advertised with zero preferred time. Thanks to Tsachi for the bug report.
  • Fix segfault with some locally configured CNAMEs. Thanks to Andrew Childs for spotting the problem.
  • Fix memory leak on re-reading /etc/hosts and friends, introduced in 2.67.
  • Check the arrival interface of incoming DNS and TFTP requests via IPv6, even in --bind-interfaces mode. This isn't possible for IPv4 and can generate scary warnings, but as it's always possible for IPv6 (the API always exists) then we should do it always.
  • Tweak the rules on prefix-lengths in --dhcp-range for IPv6. The new rule is that the specified prefix length must be larger than or equal to the prefix length of the corresponding address on the local interface.

New in Dnsmasq 2.63 (Aug 18, 2012)

  • The main addition in this release is a new mode, --bind-dynamic, which both avoids binding the wildcard IP address and copes with dynamically created network interfaces, thus removing the main limitations of the two existing network modes.

New in Dnsmasq 2.61 (Apr 30, 2012)

  • This version has a lot of extra work on the DHCPv6 code that debuted in 2.60.
  • Many bugs have been fixed and extra features added.
  • The router advertisement feature is now much more configurable, and there's a mode that allows dnsmasq to make AAAA DNS records for hosts that use SLAAC IPv6 addresses and DHCP IPv4 addresses.

New in Dnsmasq 2.59 (Oct 19, 2011)

  • This version addresses a couple of issues that have surfaced with dnsmasq-2.58, which could cause problems at startup with IPv6 link-local addresses.
  • One is a regression in dnsmasq, and the other stems from a change in the behaviour of bridge interfaces in recent Linux kernels.

New in Dnsmasq 2.58 (Aug 29, 2011)

  • version 2.58
  • Provide a definition of the SA_SIZE macro where it's missing. Fixes build failure on openBSD.
  • Don't include a zero terminator at the end of messages sent to /dev/log when /dev/log is a datagram socket. Thanks to Didier Rabound for spotting the problem.
  • Add --dhcp-sequential-ip flag, to force allocation of IP addresses in ascending order. Note that the default pseudo-random mode is in general better but some server-deployment applications need this.
  • Fix problem where a server-id of 0.0.0.0 is sent to a client when a dhcp-relay is in use if a client renews a lease after dnsmasq restart and before any clients on the subnet get a new lease. Thanks to Mike Ruiz for assistance in chasing this one down.
  • Don't return NXDOMAIN to an AAAA query if we have CNAME which points to an A record only: NODATA is the correct reply in this case. Thanks to Tom Fernandes for spotting the problem.
  • Relax the need to supply a netmask in --dhcp-range for networks which use a DHCP relay. Whilst this is still desireable, in the absence of a netmask dnsmasq will use a default based on the class (A, B, or C) of the address. This should at least remove a cause of mysterious failure for people using RFC1918 addresses and relays.
  • Add support for Linux conntrack connection marking. If enabled with --conntrack, the connection mark for incoming DNS queries will be copied to the outgoing connections used to answer those queries. This allows clever firewall and accounting stuff. Only available if dnsmasq is compiled with HAVE_CONNTRACK and adds a dependency on libnetfilter-conntrack. Thanks to Ed Wildgoose for the initial idea, testing and sponsorship of this function.
  • Provide a sane error message when someone attempts to match a tag in --dhcp-host.
  • Tweak the behaviour of --domain-needed, to avoid problems with recursive nameservers downstream of dnsmasq. The new behaviour only stops A and AAAA queries, and returns NODATA rather than NXDOMAIN replies.
  • Efficiency fix for very large DHCP configurations, thanks to James Gartrell and Mike Ruiz for help with this.
  • Allow the TFTP-server address in --dhcp-boot to be a domain-name which is looked up in /etc/hosts. This can give multiple IP addresses which are used round-robin, thus doing TFTP server load-balancing. Thanks to Sushil Agrawal for the patch.
  • When two tagged dhcp-options for a particular option number are both valid, use the one which is valid without a tag from the dhcp-range. Allows overriding of the value of a DHCP option for a particular host as well as per-network values.
  • --dhcp-range=set:interface1,......
  • --dhcp-host=set:myhost,.....
  • --dhcp-option=tag:interface1,option:nis-domain,"domain1"
  • --dhcp-option=tag:myhost,option:nis-domain,"domain2"
  • will set the NIS-domain to domain1 for hosts in the range, but
  • override that to domain2 for a particular host.
  • Fix bug which resulted in truncated files and timeouts for some TFTP transfers. The bug only occurs with netascii transfers and needs an unfortunate relationship between file size, blocksize and the number of newlines in the last block before it manifests itself. Many thanks to Alkis Georgopoulos for spotting the problem and providing a comprehensive test-case.
  • Fix regression in TFTP server on *BSD platforms introduced in version 2.56, due to confusion with sockaddr length. Many thanks to Loïc Pefferkorn for finding this.
  • Support scope-ids in IPv6 addresses of nameservers from /etc/resolv.conf and in --server options. E
  • Eg nameserver fe80::202:a412:4512:7bbf%eth0
  • server=fe80::202:a412:4512:7bbf%eth0. Thanks to
  • Michael Stapelberg for the suggestion.
  • Update Polish translation, thanks to Jan Psota.
  • Update French translation. Thanks to Gildas Le Nadan.

New in Dnsmasq 2.57 (Feb 21, 2011)

  • This version fixes a couple of regressions in the previous release and adds support for the Android platform.

New in Dnsmasq 2.56 (Feb 15, 2011)

  • Add a patch to allow dnsmasq to get interface names right in a Solaris zone. Thanks to Dj Padzensky for this.
  • Improve data-type parsing heuristics so that --dhcp-option=option:domain-search,. treats the value as a string and not an IP address. Thanks to Clemens Fischer for spotting that.
  • Add IPv6 support to the TFTP server. Many thanks to Jan 'RedBully' Seiffert for the patches.
  • Log DNS queries at level LOG_INFO, rather then LOG_DEBUG. This makes things consistent with DHCP logging. Thanks to Adam Pribyl for spotting the problem.
  • Ensure that dnsmasq terminates cleanly when using--syslog-async even if it cannot make a connection to the syslogd.
  • Add --add-mac option. This is to support currently experimental DNS filtering facilities. Thanks to Benjamin Petrin for the orignal patch.
  • Fix bug which meant that tags were ignored in dhcp-range configuration specifying PXE-proxy service. Thanks to Cristiano Cumer for spotting this.
  • Raise an error if there is extra junk, not part of an option, on the command line.
  • Flag a couple of log messages in cache.c as coming from the DHCP subsystem. Thanks to Olaf Westrik for the patch.
  • Omit timestamps from logs when a) logging to stderr and b) --keep-in-forground is set. The logging facility on the other end of stderr can be assumned to supply them. Thanks to John Hallam for the patch.
  • Don't complain about strings longer than 255 characters in --txt-record, just split the long strings into 255character chunks instead.
  • Fix crash on double-free. This bug can only happen when dhcp-script is in use and then only in rare circumstances triggered by high DHCP transaction rate and a slow script. Thanks to Ferenc Wagner for finding the problem
  • Only log that a file has been sent by TFTP after the transfer has completed succesfully.
  • A good suggestion from Ferenc Wagner: extend the --domain option to allow this sort of thing: --domain=thekelleys.org.uk,192.168.0.0/24,local which automatically creates
  • --local=/thekelleys.org.uk/
  • --local=/0.168.192.in-addr.arpa/
  • Tighten up syntax checking of hex contants in the config file. Thanks to Fred Damen for spotting this.
  • Add dnsmasq logo/icon, contributed by Justin Swift. Many thanks for that.
  • Never cache DNS replies which have the 'cd' bit set, or which result from queries forwarded with the 'cd' bit set. The 'cd' bit instructs a DNSSEC validating server upstream to ignore signature failures and return replies anyway. Without this change it's possible to pollute the dnsmasq cache with bad data by making a query with the 'cd' bit set and subsequent queries would return this data without its being marked as suspect. Thanks to Anders Kaseorg for pointing out this problem.
  • Add --proxy-dnssec flag, for compliance with RFC 4035. Dnsmasq will now clear the 'ad' bit in answers returned from upstream validating nameservers unless this option is set.
  • Allow a filename of "-" for --conf-file to read stdin. Suggestion from Timothy Redaelli.
  • Rotate the order of SRV records in replies, to provide round-robin load balancing when all the priorities are equal. Thanks to Peter McKinney for the suggestion.
  • Edit contrib/MacOSX-launchd/uk.org.thekelleys.dnsmasq.plist so that it doesn't log all queries to a file by default. Thanks again to Peter McKinney.
  • By default, setting an IPv4 address for a domain but not an IPv6 address causes dnsmasq to return an NODATA reply for IPv6 (or vice-versa). So --address=/google.com/1.2.3.4 stops IPv6 queries for *google.com from being forwarded. Make it possible to override this behaviour by defining the sematics if the same domain appears in both --server and--address. In that case, the --address has priority for the address family in which is appears, but the --server has priority of the address family which doesn't appear in--adddress
  • So:
  • --address=/google.com/1.2.3.4
  • --server=/google.com/#
  • Will return 1.2.3.4 for IPv4 queries for *.google.com but forward IPv6 queries to the normal upstream nameserver. Similarly when setting an IPv6 address only this will allow forwarding of IPv4 queries. Thanks to William for pointing out the need for this.
  • Allow more than one --dhcp-optsfile and --dhcp-hostsfile and make them understand directories as arguments in the same way as --addn-hosts. Suggestion from John Hanks.
  • Ignore rebinding requests for leases we don't know about. Rebind is broadcast, so we might get to overhear a request meant for another DHCP server. NAKing this is wrong. Thanks to Brad D'Hondt for assistance with this.
  • Fix cosmetic bug which produced strange output when dumping cache statistics with some configurations. Thanks to Fedor Kozhevnikov for spotting this.

New in Dnsmasq 2.55 (Jun 8, 2010)

  • Fix crash when /etc/ethers is in use. Thanks to Gianluigi Tiesi for finding this.
  • Fix crash in netlink_multicast(). Thanks to Arno Wald for finding this one.
  • Allow the empty domain "." in dhcp domain-search (119) options.

New in Dnsmasq 2.53 (Jun 4, 2010)

  • Fix failure to compile on Debian/kFreeBSD. Thanks to Axel Beckert and Petr Salinger. Fix code to avoid scary strict-aliasing warnings generated by gcc 4.4. Added FAQ entry warning about DHCP failures with Vista when firewalls block 255.255.255.255. Fixed bug which caused bad things to happen if a resolv.conf file which exists is subsequently removed. Thanks to Nikolai Saoukh for the patch. Rationalised the DHCP tag system. Every configuration item which can set a tag does so by adding "set:< tag >" and every configuration item which is conditional on a tag is made so by "tag:< tag >". The NOT operator changes to '!', which is a bit more intuitive too. Dhcp-host directives can set more than one tag now. The old '#' NOT, "net:" prefix and no-prefixes are still honoured, so no existing config file needs to be changed, but the documentation and new-style config files should be much less confusing. Added --tag-if to allow boolean operations on tags. This allows complicated logic to be clearer and more general. A great suggestion from Richard Voigt. Add broadcast/unicast information to DHCP logging. Allow --dhcp-broadcast to be unconditional. Fixed incorrect behaviour with NOT < tag > conditionals in dhcp-options. Thanks to Max Turkewitz for assistance finding this. If we send vendor-class encapsulated options based on the vendor-class supplied by the client, and no explicit vendor-class option is given, echo back the vendor-class from the client. Fix bug which stopped dnsmasq from matching both a circuitid and a remoteid. Thanks to Ignacio Bravo for finding this. Add --dhcp-proxy, which makes it possible to configure dnsmasq to use a DHCP relay agent as a full proxy, with all DHCP messages passing through the proxy. This is useful if the relay adds extra information to the packets it forwards, but cannot be configured with the RFC 5107 server-override option. Added interface:< iface name > part to dhcp-range. The semantics of this are very odd at first sight, but it allows a single line of the form dhcp-range=interface:virt0,192.168.0.4,192.168.0.200 to be added to dnsmasq configuration which then supplies DHCP and DNS services to that interface, without affecting what services are supplied to other interfaces and irrespective of the existance or lack of interface=< interface > lines elsewhere in the dnsmasq configuration. The idea is that such a line can be added automatically by libvirt or equivalent systems, without disturbing any manual configuration. Similarly to the above, allow --enable-tftp=< interface > Allow a TFTP root to be set separately for requests via different interfaces, --tftp-root=< path >,< interface > Correctly handle and log clashes between CNAMES and DNS names being given to DHCP leases. This fixes a bug which caused nonsense IP addresses to be logged. Thanks to Sergei Zhirikov for finding and analysing the problem. Tweak flush_log so as to avoid leaving the log file in non-blocking mode. O_NONBLOCK is a property of the file, not the process/descriptor. Fix contrib/Solaris10/create_package (/usr/man - > /usr/share/man) Thanks to Vita Batrla. Fix a problem where, if a client got a lease, then went to another subnet and got another lease, then moved back, it couldn't resume the old lease, but would instead get a new address. Thanks to Leonardo Rodrigues for spotting this and testing the fix. Fix weird bug which sometimes omitted certain characters from the start of quoted strings in dhcp-options. Thanks to Dayton Turner for spotting the problem. Add facility to redirect some domains to the standard upstream servers: this allows something like --server=/google.com/1.2.3.4 --server=/www.google.com/# which will send queries for *.google.com to 1.2.3.4, except *www.google.com which will be forwarded as usual. Thanks to AJ Weber for prompting this addition. Improve the hash-algorithm used to generate IP addresses from MAC addresses during initial DHCP address allocation. This improves performance when large numbers of hosts with similar MAC addresses all try and get an IP address at the same time. Thanks to Paul Smith for his work on this. Tweak DHCP code so that --bridge-interface can be used to select which IP alias of an interface should be used for DHCP purposes on Linux. If eth0 has an alias eth0:dhcp then adding --bridge-interface=eth0:dhcp,eth0 will use the address of eth0:dhcp to determine the correct subnet for DHCP address allocation. Thanks to Pawel Golaszewski for prompting this and Eric Cooper for further testing. Add --dhcp-generate-names. Suggestion by Ferenc Wagner. Tweak DNS server selection algorithm when there is more than one server available for a domain, eg. --server=/mydomain/1.1.1.1 --server=/mydomain/2.2.2.2 Thanks to Alberto Cuesta-Canada for spotting a weakness here. Add --max-ttl. Thanks to Fredrik Ringertz for the patch. Allow --log-facility=- to force all logging to stderr. Suggestion from Clemens Fischer. Fix regression which caused configuration like --address=/.domain.com/1.2.3.4 to be rejected. The dot to the left of the domain has been implied and not required for a long time, but it should be accepted for backward compatibility. Thanks to Andrew Burcin for spotting this. Add --rebind-domain-ok and --rebind-localhost-ok. Suggestion from Clemens Fischer. Log replies to queries of type TXT, when --log-queries is set. Fix compiler warnings when compiled with -DNO_DHCP. Thanks to Shantanu Gadgil for the patch. Updated French translation. Thanks to Gildas Le Nadan. Updated Polish translation. Thanks to Jan Psota. Updated German translation. Thanks to Matthias Andree. Added contrib/static-arp, thanks to Darren Hoo. Fix corruption of the domain when a name from /etc/hosts overrides one supplied by a DHCP client. Thanks to Fedor Kozhevnikov for spotting the problem. Updated Spanish translation. Thanks to Chris Chatham.

New in Dnsmasq 2.52 (Jan 23, 2010)

  • Work around a Linux kernel bug which insists that the length of the option passed to setsockopt must be at least
  • sizeof(int) bytes, even if we're calling SO_BINDTODEVICE
  • and the device name is "lo". Note that this is fixed in kernel 2.6.31, but the workaround is harmless and allows earlier kernels to be used. Also fix dnsmasq bug which reported the wrong address when this failed. Thanks to Fedor for finding this.
  • The API for IPv6 PKTINFO changed around Linux kernel2.6.14. Workaround the case where dnsmasq is compiledagainst newer headers, but then run on an old kernel:necessary for some *WRT distros.
  • Re-read the set of network interfaces when re-loading/etc/resolv.conf if --bind-interfaces is not set. Thishandles the case that loopback interfaces do not existwhen dnsmasq is first started.
  • Tweak the PXE code to support port 4011. This shouldreduce broadcasts and make things more reliable when otherservers are around. It also improves inter-operabilitywith certain clients.
  • Make a pxe-service configuration with no filename or boot service type legal: this does a local boot. eg.pxe-service=x86PC, "Local boot"
  • Be more conservative in detecting "A for A"queries. Dnsmasq checks if the name in a type=A query lookslike a dotted-quad IP address and answers the query itselfif so, rather than forwarding it. Previously dnsmasqrelied in the library function inet_addr() to convertaddresses, and that will accept some things which areconfusing in this context, like 1.2.3 or even just1234. Now we only do A for A processing for four decimalnumbers delimited by dots.
  • A couple of tweaks to fix compilation on Solaris. Thanksto Joel Macklow for help with this.
  • Another Solaris compilation tweak, needed for Solaris2009.06. Thanks to Lee Essen for that.
  • Added extract packaging stuff from Lee Essen to contrib/Solaris10.
  • Increased the default limit on number of leases to 1000 (from 150). This is mainly a defence against DoS attacks, and for the average "one for two class C networks" installation, IP address exhaustion does that just as well. Making the limit greater than the number of IP addresses available in such an installation removes a surprise which otherwise can catch people out.
  • Removed extraneous trailing space in the value of theDNSMASQ_TIME_REMAINING DNSMASQ_LEASE_LENGTH andDNSMASQ_LEASE_EXPIRES environment variables. Thanks toGildas Le Nadan for spotting this.
  • Provide the network-id tags for a DHCP transaction to the lease-change script in the environment variableDNSMASQ_TAGS. A good suggestion from Gildas Le Nadan.
  • Add support for RFC3925 "Vendor-Identifying VendorOptions". The syntax looks like this: --dhcp-option=vi-encap:, .........
  • Add support to --dhcp-match to allow matching againstRFC3925 "Vendor-Identifying Vendor Classes". The syntaxlooks like this:--dhcp-match=tag,vi-encap, Add some application specific code to assist inimplementing the Broadband forum TR069 CPE-WANspecification. The details are in contrib/CPE-WAN/README
  • Increase the default DNS packet size limit to 4096, asrecommended by RFC5625 section 4.4.3. This can bereconfigured using --edns-packet-max if needed. Thanks toFrancis Dupont for pointing this out.
  • Rewrite query-ids even for DNSSEC signed packets, sincethis is allowed by RFC5625 section 4.5.Use getopt_long by default on OS X. It has been supportedsince version 10.3.0. Thanks to Arek Dreyer for spottingthis.
  • Added up-to-date startup configuration for MacOSX/launchdin contrib/MacOSX-launchd. Thanks to Arek Dreyer forproviding this.
  • Fix link error when including Dbus but excluding DHCP. Thanks to Oschtan for the bug report.
  • Updated French translation. Thanks to Gildas Le Nadan.
  • Updated Polish translation. Thanks to Jan Psota.
  • Updated Spanish translation. Thanks to Chris Chatham.

New in Dnsmasq 2.51 (Oct 14, 2009)

  • The main change for this version is support for internationalized DNS (IDN). Non-ASCII characters in domain names found in /etc/hosts, /etc/ethers, and /etc/dnsmasq.conf will be correctly handled by translation to punycode, as specified in RFC3490.
  • There are also minor enhancements to TFTP and PXE handling, and a bugfix that re-enables DHCP relay agent options.

New in Dnsmasq 2.50 (Sep 1, 2009)

  • There are two security fixes.
  • One issue allowed a crafted malformed TFTP packet to crash dnsmasq with a NULL pointer dereference.
  • The other allowed a crafted TFTP packet to overflow the heap by the length of the TFTP prefix.

New in Dnsmasq 2.49 (Jun 11, 2009)

  • Fix regression in 2.48 which disables the lease-change script. Thanks to Jose Luis Duran for spotting this.
  • Log TFTP "file not found" errors. These were not logged, since a normal PXELinux boot generates many of them, but the lack of the messages seems to be more confusing than routinely seeing them when there is no real error.
  • Update Spanish translation. Thanks to Chris Chatham.

New in Dnsmasq 2.47 (Feb 6, 2009)

  • Bugs fixed include NetBSD 5.0 compatibility, DBus configuration, and network interface binding.
  • Additional features include more flexible encapsulated DHCP options (for gPXE), better DHCP packet matching facilities, and IP address rewriting.

New in Dnsmasq 2.46 (Nov 15, 2008)

  • This release adds two frequently-requested features: ability to handle more than one DNS domain, and static DHCP address assignment to more than one MAC address (for laptops with both wired and wireless networking).
  • There are also enhancements to the DBus interface and a (limited) facility to return CNAME DNS records.