From 38179500f81cd9e5ef767aa297290b5e57b94220 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 21 Jun 2021 14:35:36 +0100 Subject: [PATCH] CHANGELOG entry for new connmark code. --- CHANGELOG | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index c5865ee..3f75852 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -64,6 +64,18 @@ version 2.86 queries. The requesting address and port have been removed from DNSSEC logging lines, since this is no longer strictly defined. + Connection track mark based DNS query filtering. Thanks to + Etan Kissling for implementing this It extends query filtering + support beyond what is currently possible + with the `--ipset` configuration option, by adding support for: + 1) Specifying allowlists on a per-client basis, based on their + associated Linux connection track mark. + 2) Dynamic configuration of allowlists via Ubus. + 3) Reporting when a DNS query resolves or is rejected via Ubus. + 4) DNS name patterns containing wildcards. + Disallowed queries are not forwarded; they are rejected + with a REFUSED error code. + version 2.85 Fix problem with DNS retries in 2.83/2.84.