From 7de060b08dc8f7ea9fd1f972e3c55beab2df51b1 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Fri, 26 Aug 2011 17:24:52 +0100 Subject: [PATCH] import of dnsmasq-2.58.tar.gz --- .new | 1 + CHANGELOG | 92 ++ FAQ | 4 +- Makefile | 20 +- bld/Android.mk | 2 +- contrib/conntrack/README | 54 ++ contrib/systemd/README | 16 + contrib/systemd/dnsmasq.service | 12 + contrib/wrt/dhcp_lease_time.1 | 23 + contrib/wrt/dhcp_release.1 | 35 + contrib/wrt/dhcp_release.c | 2 +- dnsmasq.conf.example | 11 + man/dnsmasq.8 | 56 +- man/fr/dnsmasq.8 | 70 +- po/de.po | 694 ++++++++------- po/es.po | 706 +++++++-------- po/fi.po | 737 ++++++++-------- po/fr.po | 647 +++++++------- po/id.po | 665 ++++++++------- po/it.po | 737 ++++++++-------- po/no.po | 728 ++++++++-------- po/pl.po | 1422 ++++++++++++++++--------------- po/pt_BR.po | 737 ++++++++-------- po/ro.po | 728 ++++++++-------- setup.html | 2 +- src/bpf.c | 7 + src/cache.c | 15 + src/config.h | 9 +- src/conntrack.c | 90 ++ src/dhcp.c | 135 +-- src/dns_protocol.h | 2 +- src/dnsmasq.c | 22 +- src/dnsmasq.h | 21 +- src/forward.c | 107 ++- src/lease.c | 15 + src/log.c | 21 +- src/netlink.c | 2 +- src/network.c | 36 +- src/option.c | 50 +- src/rfc1035.c | 20 +- src/rfc2131.c | 304 ++++--- src/tftp.c | 31 +- src/util.c | 8 + 43 files changed, 5085 insertions(+), 4011 deletions(-) create mode 100644 .new create mode 100644 contrib/conntrack/README create mode 100644 contrib/systemd/README create mode 100644 contrib/systemd/dnsmasq.service create mode 100644 contrib/wrt/dhcp_lease_time.1 create mode 100644 contrib/wrt/dhcp_release.1 create mode 100644 src/conntrack.c diff --git a/.new b/.new new file mode 100644 index 0000000..2089e51 --- /dev/null +++ b/.new @@ -0,0 +1 @@ +shlibs:Depends=libc6 (>= 2.1) diff --git a/CHANGELOG b/CHANGELOG index fb15e3d..abf07eb 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,95 @@ +version 2.58 + Provide a definition of the SA_SIZE macro where it's + missing. Fixes build failure on openBSD. + + Don't include a zero terminator at the end of messages + sent to /dev/log when /dev/log is a datagram socket. + Thanks to Didier Rabound for spotting the problem. + + Add --dhcp-sequential-ip flag, to force allocation of IP + addresses in ascending order. Note that the default + pseudo-random mode is in general better but some + server-deployment applications need this. + + Fix problem where a server-id of 0.0.0.0 is sent to a + client when a dhcp-relay is in use if a client renews a + lease after dnsmasq restart and before any clients on the + subnet get a new lease. Thanks to Mike Ruiz for assistance + in chasing this one down. + + Don't return NXDOMAIN to an AAAA query if we have CNAME + which points to an A record only: NODATA is the correct + reply in this case. Thanks to Tom Fernandes for spotting + the problem. + + Relax the need to supply a netmask in --dhcp-range for + networks which use a DHCP relay. Whilst this is still + desireable, in the absence of a netmask dnsmasq will use + a default based on the class (A, B, or C) of the address. + This should at least remove a cause of mysterious failure + for people using RFC1918 addresses and relays. + + Add support for Linux conntrack connection marking. If + enabled with --conntrack, the connection mark for incoming + DNS queries will be copied to the outgoing connections + used to answer those queries. This allows clever firewall + and accounting stuff. Only available if dnsmasq is + compiled with HAVE_CONNTRACK and adds a dependency on + libnetfilter-conntrack. Thanks to Ed Wildgoose for the + initial idea, testing and sponsorship of this function. + + Provide a sane error message when someone attempts to + match a tag in --dhcp-host. + + Tweak the behaviour of --domain-needed, to avoid problems + with recursive nameservers downstream of dnsmasq. The new + behaviour only stops A and AAAA queries, and returns + NODATA rather than NXDOMAIN replies. + + Efficiency fix for very large DHCP configurations, thanks + to James Gartrell and Mike Ruiz for help with this. + + Allow the TFTP-server address in --dhcp-boot to be a + domain-name which is looked up in /etc/hosts. This can + give multiple IP addresses which are used round-robin, + thus doing TFTP server load-balancing. Thanks to Sushil + Agrawal for the patch. + + When two tagged dhcp-options for a particular option + number are both valid, use the one which is valid without + a tag from the dhcp-range. Allows overriding of the value + of a DHCP option for a particular host as well as + per-network values. So + --dhcp-range=set:interface1,...... + --dhcp-host=set:myhost,..... + --dhcp-option=tag:interface1,option:nis-domain,"domain1" + --dhcp-option=tag:myhost,option:nis-domain,"domain2" + will set the NIS-domain to domain1 for hosts in the range, but + override that to domain2 for a particular host. + + Fix bug which resulted in truncated files and timeouts for + some TFTP transfers. The bug only occurs with netascii + transfers and needs an unfortunate relationship between + file size, blocksize and the number of newlines in the + last block before it manifests itself. Many thanks to + Alkis Georgopoulos for spotting the problem and providing + a comprehensive test-case. + + Fix regression in TFTP server on *BSD platforms introduced + in version 2.56, due to confusion with sockaddr + length. Many thanks to Loïc Pefferkorn for finding this. + + Support scope-ids in IPv6 addresses of nameservers from + /etc/resolv.conf and in --server options. Eg + nameserver fe80::202:a412:4512:7bbf%eth0 or + server=fe80::202:a412:4512:7bbf%eth0. Thanks to + Michael Stapelberg for the suggestion. + + Update Polish translation, thanks to Jan Psota. + + Update French translation. Thanks to Gildas Le Nadan. + + version 2.57 Add patches to allow build under Android. diff --git a/FAQ b/FAQ index a930516..3ab39ee 100644 --- a/FAQ +++ b/FAQ @@ -303,7 +303,7 @@ A: Yes, new releases of dnsmasq are always announced through Q: What does the dhcp-authoritative option do? -A: See http://www.isc.org/index.pl?/sw/dhcp/authoritative.php - that's +A: See http://www.isc.org/files/auth.html - that's for the ISC daemon, but the same applies to dnsmasq. Q: Why does my Gentoo box pause for a minute before getting a new @@ -381,7 +381,7 @@ A: Probably the nameserver is an authoritative nameserver for a Q: Does the dnsmasq DHCP server probe addresses before allocating them, as recommended in RFC2131? -A: Yes, dynmaically allocated IP addresses are checked by sending an +A: Yes, dynamically allocated IP addresses are checked by sending an ICMP echo request (ping). If a reply is received, then dnsmasq assumes that the address is in use, and attempts to allocate an different address. The wait for a reply is between two and three diff --git a/Makefile b/Makefile index 16c69e4..4aa93be 100644 --- a/Makefile +++ b/Makefile @@ -32,20 +32,22 @@ SRC = src PO = po MAN = man -DNSMASQ_CFLAGS=`echo $(COPTS) | ../bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` -DNSMASQ_LIBS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` -IDN_CFLAGS=`echo $(COPTS) | ../bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` -IDN_LIBS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` +DBUS_CFLAGS=`echo $(COPTS) | ../bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1` +DBUS_LIBS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1` +IDN_CFLAGS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn` +IDN_LIBS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn` +CT_CFLAGS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack` +CT_LIBS= `echo $(COPTS) | ../bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack` SUNOS_LIBS= `if uname | grep SunOS 2>&1 >/dev/null; then echo -lsocket -lnsl -lposix4; fi` OBJS = cache.o rfc1035.o util.o option.o forward.o network.o \ dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o \ - helper.o tftp.o log.o + helper.o tftp.o log.o conntrack.o all : @cd $(SRC) && $(MAKE) \ - BUILD_CFLAGS="$(DNSMASQ_CFLAGS) $(IDN_CFLAGS)" \ - BUILD_LIBS="$(DNSMASQ_LIBS) $(IDN_LIBS) $(SUNOS_LIBS)" \ + BUILD_CFLAGS="$(DBUS_CFLAGS) $(IDN_CFLAGS) $(CT_CFLAGS)" \ + BUILD_LIBS="$(DBUS_LIBS) $(IDN_LIBS) $(CT_LIBS) $(SUNOS_LIBS)" \ -f ../Makefile dnsmasq clean : @@ -62,8 +64,8 @@ install-common : all-i18n : @cd $(SRC) && $(MAKE) \ I18N=-DLOCALEDIR='\"$(LOCALEDIR)\"' \ - BUILD_CFLAGS="$(DNSMASQ_CFLAGS) `$(PKG_CONFIG) --cflags libidn`" \ - BUILD_LIBS="$(DNSMASQ_LIBS) $(SUNOS_LIBS) `$(PKG_CONFIG) --libs libidn`" \ + BUILD_CFLAGS="$(DBUS_CFLAGS) $(CT_CFLAGS) `$(PKG_CONFIG) --cflags libidn`" \ + BUILD_LIBS="$(DBUS_LIBS) $(CT_LIBS) $(SUNOS_LIBS) `$(PKG_CONFIG) --libs libidn`" \ -f ../Makefile dnsmasq @cd $(PO); for f in *.po; do \ cd ../$(SRC) && $(MAKE) \ diff --git a/bld/Android.mk b/bld/Android.mk index 373a783..f02657e 100644 --- a/bld/Android.mk +++ b/bld/Android.mk @@ -6,7 +6,7 @@ include $(CLEAR_VARS) LOCAL_SRC_FILES := bpf.c cache.c dbus.c dhcp.c dnsmasq.c \ forward.c helper.c lease.c log.c \ netlink.c network.c option.c rfc1035.c \ - rfc2131.c tftp.c util.c + rfc2131.c tftp.c util.c conntrack.c LOCAL_MODULE := dnsmasq diff --git a/contrib/conntrack/README b/contrib/conntrack/README new file mode 100644 index 0000000..c0d17aa --- /dev/null +++ b/contrib/conntrack/README @@ -0,0 +1,54 @@ +Linux iptables includes that ability to mark individual network packets +with a "firewall mark". Additionally there is a component called +"conntrack" which tries to string sequences of related packets together +into a "connection" (it even relates sequences of UDP and ICMP packets). + There is a related mark for a connection called a "connection mark". +Marks can be copied freely between the firewall and connection marks + +Using these two features it become possible to tag all related traffic +in arbitrary ways, eg authenticated users, traffic from a particular IP, +port, etc. Unfortunately any kind of "proxy" breaks this relationship +because network packets go in one side of the proxy and a completely new +connection comes out of the other side. However, sometimes, we want to +maintain that relationship through the proxy and continue the connection +mark on packets upstream of our proxy + +DNSMasq includes such a feature enabled by the --conntrack +option. This allows, for example, using iptables to mark traffic from +a particular IP, and that mark to be persisted to requests made *by* +DNSMasq. Such a feature could be useful for bandwidth accounting, +captive portals and the like. Note a similar feature has been +implemented in Squid 2.2 + + +As an example consider the following iptables rules: + + +1) iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark +2) iptables -t mangle -A PREROUTING -m mark --mark 0 -s 192.168.111.137 +-j MARK --set-mark 137 +3) iptables -t mangle -A PREROUTING -j CONNMARK --save-mark + +4) iptables -t mangle -A OUTPUT -m mark ! --mark 0 -j CONNMARK --save-mark + +1-3) are all applied to the PREROUTING table and affect all packets +entering the firewall. + +1) copies any existing connection mark into the firewall mark. 2) Checks +the packet not already marked and if not applies an arbitrary mark based +on IP address. 3) Saves the firewall mark back to the connection mark +(which will persist it across related packets) + +4) is applied to the OUTPUT table, which is where we first see packets +generated locally. DNSMasq will have already copied the firewall mark +from the request, across to the new packet, and so all that remains is +for iptables to copy it to the connection mark so it's persisted across +packets. + +Note: iptables can be quite confusing to the beginner. The following +diagram is extremely helpful in understanding the flows + http://linux-ip.net/nf/nfk-traversal.png +Additionally the following URL contains a useful "starting guide" on +linux connection tracking/marking + http://home.regit.org/netfilter-en/netfilter-connmark/ + diff --git a/contrib/systemd/README b/contrib/systemd/README new file mode 100644 index 0000000..c8046c2 --- /dev/null +++ b/contrib/systemd/README @@ -0,0 +1,16 @@ +Hello, + +I created a systemd service file for dnsmasq. +systemd is a sysvinit replacement (see [1] for more information). +One of the goals of systemd is to encourage standardization between different +distributions. This means, while I also submitted a ticket in Debian GNU/Linux, +I would like to ask you to accept this service file as the upstream +distributor, so that other distributions can use the same service file and +don’t have to ship their own. + +Please include this file in your next release (just like in init script). + + +[1] http://en.wikipedia.org/wiki/Systemd + + diff --git a/contrib/systemd/dnsmasq.service b/contrib/systemd/dnsmasq.service new file mode 100644 index 0000000..a27fe6d --- /dev/null +++ b/contrib/systemd/dnsmasq.service @@ -0,0 +1,12 @@ +[Unit] +Description=A lightweight DHCP and caching DNS server + +[Service] +Type=dbus +BusName=uk.org.thekelleys.dnsmasq +ExecStartPre=/usr/sbin/dnsmasq --test +ExecStart=/usr/sbin/dnsmasq -k +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/contrib/wrt/dhcp_lease_time.1 b/contrib/wrt/dhcp_lease_time.1 new file mode 100644 index 0000000..2720b71 --- /dev/null +++ b/contrib/wrt/dhcp_lease_time.1 @@ -0,0 +1,23 @@ +.TH DHCP_LEASE_TIME 1 +.SH NAME +dhcp_lease_time \- Query remaining time of a lease on a the local dnsmasq DHCP server. +.SH SYNOPSIS +.B dhcp_lease_time
+.SH "DESCRIPTION" +Send a DHCPINFORM message to a dnsmasq server running on the local host +and print (to stdout) the time remaining in any lease for the given +address. The time is given as string printed to stdout. + +If an error occurs or no lease exists for the given address, +nothing is sent to stdout a message is sent to stderr and a +non-zero error code is returned. + +Requires dnsmasq 2.40 or later and may not work with other DHCP servers. + +The address argument is a dotted-quad IP addresses and mandatory. +.SH SEE ALSO +.BR dnsmasq (8) +.SH AUTHOR +This manual page was written by Simon Kelley . + + diff --git a/contrib/wrt/dhcp_release.1 b/contrib/wrt/dhcp_release.1 new file mode 100644 index 0000000..eb5307a --- /dev/null +++ b/contrib/wrt/dhcp_release.1 @@ -0,0 +1,35 @@ +.TH DHCP_RELEASE 1 +.SH NAME +dhcp_release \- Release a DHCP lease on a the local dnsmasq DHCP server. +.SH SYNOPSIS +.B dhcp_release
+.SH "DESCRIPTION" +A utility which forces the DHCP server running on this machine to release a +DHCP lease. +.PP +Send a DHCPRELEASE message via the specified interface to tell the +local DHCP server to delete a particular lease. + +The interface argument is the interface in which a DHCP +request _would_ be received if it was coming from the client, +rather than being faked up here. + +The address argument is a dotted-quad IP addresses and mandatory. + +The MAC address is colon separated hex, and is mandatory. It may be +prefixed by an address-type byte followed by -, eg + +10-11:22:33:44:55:66 + +but if the address-type byte is missing it is assumed to be 1, the type +for ethernet. This encoding is the one used in dnsmasq lease files. + +The client-id is optional. If it is "*" then it treated as being missing. +.SH NOTES +MUST be run as root - will fail otherwise. +.SH SEE ALSO +.BR dnsmasq (8) +.SH AUTHOR +This manual page was written by Simon Kelley . + + diff --git a/contrib/wrt/dhcp_release.c b/contrib/wrt/dhcp_release.c index c66d3a0..efa3fff 100644 --- a/contrib/wrt/dhcp_release.c +++ b/contrib/wrt/dhcp_release.c @@ -178,7 +178,7 @@ static int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask) return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr); } -static struct in_addr find_interface(struct in_addr client, int fd, int index) +static struct in_addr find_interface(struct in_addr client, int fd, unsigned int index) { struct sockaddr_nl addr; struct nlmsghdr *h; diff --git a/dnsmasq.conf.example b/dnsmasq.conf.example index 719dcff..21f9519 100644 --- a/dnsmasq.conf.example +++ b/dnsmasq.conf.example @@ -348,6 +348,9 @@ # external one. (See below for how to enable the TFTP server.) #dhcp-boot=pxelinux.0 +# The same as above, but use custom tftp-server instead machine running dnsmasq +#dhcp-boot=pxelinux,server.name,192.168.1.100 + # Boot for Etherboot gPXE. The idea is to send two different # filenames, the first loads gPXE, and the second tells gPXE what to # load. The dhcp-match sets the gpxe tag for requests from gPXE. @@ -422,6 +425,14 @@ # Can fail with old PXE ROMS. Overridden by --pxe-service. #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3 +# If there are multiple external tftp servers having a same name +# (using /etc/hosts) then that name can be specified as the +# tftp_servername (the third option to dhcp-boot) and in that +# case dnsmasq resolves this name and returns the resultant IP +# addresses in round robin fasion. This facility can be used to +# load balance the tftp load among a set of servers. +#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name + # Set the limit on DHCP leases, the default is 150 #dhcp-lease-max=150 diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 index 511f57f..f3168bc 100644 --- a/man/dnsmasq.8 +++ b/man/dnsmasq.8 @@ -249,8 +249,8 @@ requested name has underscores, to catch LDAP requests. .B \-r, --resolv-file= Read the IP addresses of the upstream nameservers from , instead of /etc/resolv.conf. For the format of this file see -.BR resolv.conf (5) -the only lines relevant to dnsmasq are nameserver ones. Dnsmasq can +.BR resolv.conf (5). +The only lines relevant to dnsmasq are nameserver ones. Dnsmasq can be told to poll more than one resolv.conf file, the first file name specified overrides the default, subsequent ones add to the list. This is only allowed when polling; the file with the currently latest modification @@ -303,7 +303,7 @@ This is useful when new nameservers may have different data than that held in cache. .TP .B \-D, --domain-needed -Tells dnsmasq to never forward queries for plain names, without dots +Tells dnsmasq to never forward A or AAAA queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned. .TP @@ -350,6 +350,9 @@ is a synonym for .B server to make configuration files clearer in this case. +IPv6 addresses may include a %interface scope-id, eg +fe80::202:a412:4512:7bbf%eth0. + The optional string after the @ character tells dnsmasq how to set the source of the queries to this nameserver. It should be an ip-address, which should belong to the machine on which @@ -481,6 +484,16 @@ If you use the first DNSSEC mode, validating resolvers in clients, this option is not required. Dnsmasq always returns all the data needed for a client to do validation itself. .TP +.B --conntrack +Read the Linux connection track mark associated with incoming DNS +queries and set the same mark value on upstream traffic used to answer +those queries. This allows traffic generated by dnsmasq to be +associated with the queries which cause it, useful for bandwidth +accounting and firewalling. Dnsmasq must have conntrack support +compiled in and the kernel must have conntrack support +included and configured. This option cannot be combined with +--query-port. +.TP .B \-F, --dhcp-range=[interface:,][tag:[,tag:],][set:,[,[,]][,] Enable the DHCP server. Addresses will be given out from the range to and from statically defined addresses given @@ -494,8 +507,11 @@ minimum lease time is two minutes. This option may be repeated, with different addresses, to enable DHCP service to more than one network. For directly connected networks (ie, networks on which the machine running dnsmasq has an interface) the -netmask is optional. It is, however, required for networks which -receive DHCP service via a relay agent. The broadcast address is +netmask is optional: dnsmasq will determine it from the interface +configuration. For networks which receive DHCP service via a relay +agent, dnsmasq cannot determine the netmask itself, so it should be +specified, otherwise dnsmasq will have to guess, based on the class (A, B or +C) of the network address. The broadcast address is always optional. It is always allowed to have more than one dhcp-range in a single subnet. @@ -845,7 +861,7 @@ to supply no tags, in which case this is unconditional. Most DHCP clients which need broadcast replies set a flag in their requests so that this happens automatically, some old BOOTP clients do not. .TP -.B \-M, --dhcp-boot=[tag:,],[[,]] +.B \-M, --dhcp-boot=[tag:,],[[,|]] Set BOOTP options to be returned by the DHCP server. Server name and address are optional: if not provided, the name is left empty, and the address set to the address of the machine running dnsmasq. If dnsmasq @@ -854,6 +870,23 @@ is providing a TFTP service (see ) then only the filename is required here to enable network booting. If the optional tag(s) are given, they must match for this configuration to be sent. +Instead of an IP address, the TFTP server address can be given as a domain +name which is looked up in /etc/hosts. This name can be associated in +/etc/hosts with multiple IP addresses, which are used round-robin. +This facility can be used to load balance the tftp load among a set of servers. +.TP +.B --dhcp-sequential-ip +Dnsmasq is designed to choose IP addresses for DHCP clients using a +hash of the client's MAC address. This normally allows a client's +address to remain stable long-term, even if the client sometimes allows its DHCP +lease to expire. In this default mode IP addresses are distributed +pseudo-randomly over the entire available address range. There are +sometimes circumstances (typically server deployment) where it is more +convenient to have IP +addresses allocated sequentially, starting from the lowest available +address, and setting this flag enables this mode. Note that in the +sequential mode, clients which allow a lease to expire are much more +likely to move IP address; for this reason it should not be generally used. .TP .B --pxe-service=[tag:,],[,|][,] Most uses of PXE boot-ROMS simply allow the PXE @@ -1324,6 +1357,17 @@ so --dhcp=option=tag:!purple,3,1.2.3.4 sends the option when the tag purple is not in the set of valid tags. (If using this in a command line rather than a configuration file, be sure to escape !, which is a shell metacharacter) + +When selecting dhcp-options, a tag from dhcp-range is second class +relative to other tags, to make it easy to override options for +individual hosts, so +.B dhcp-range=set:interface1,...... +.B dhcp-host=set:myhost,..... +.B dhcp-option=tag:interface1,option:nis-domain,"domain1" +.B dhcp-option=tag:myhost,option:nis-domain,"domain2" +will set the NIS-domain to domain1 for hosts in the range, but +override that to domain2 for a particular host. + .PP Note that for .B dhcp-range diff --git a/man/fr/dnsmasq.8 b/man/fr/dnsmasq.8 index 44c301b..ca81a6d 100644 --- a/man/fr/dnsmasq.8 +++ b/man/fr/dnsmasq.8 @@ -347,10 +347,10 @@ Cela est utile si les nouveaux serveurs sont susceptibles d'avoir des données différentes de celles stockées dans le cache. .TP .B \-D, --domain-needed -Indique à Dnsmasq de ne jamais transmettre en amont de requêtes pour des noms -simples, ne comprenant donc ni points ni nom de domaine. Si un nom n'est pas -dans /etc/hosts ou dans la liste des baux DHCP, alors une réponse de type -"non trouvé" est renvoyée. +Indique à Dnsmasq de ne jamais transmettre en amont de requêtes A ou AAAA pour +des noms simples, c'est à dire ne comprenant ni points ni nom de domaine. Si un +nom n'est pas dans /etc/hosts ou dans la liste des baux DHCP, alors une réponse +de type "non trouvé" est renvoyée. .TP .B \-S, --local, --server=[/[]/[domaine/]][[#][@|[#]]] Spécifie directement l'adresse IP d'un serveur de nom amont. Cette option ne @@ -402,6 +402,10 @@ est synonyme de ("serveur") afin de rendre plus claire l'utilisation de cette option pour cet usage particulier. +Les adresses IPv6 peuvent inclure un identifiant de zone sous la forme +%interface tel que par exemple +fe80::202:a412:4512:7bbf%eth0. + La chaîne de caractères optionnelle suivant le caractère @ permet de définir la source que Dnsmasq doit utiliser pour les réponses à ce serveur de nom. Il doit s'agir d'une des adresses IP appartenant à la machine sur @@ -565,6 +569,16 @@ Si vous utilisez le premier mode DNSSEC, la validation par le resolveur des clients, cette option n'est pas requise. Dnsmasq retourne toujours toutes les données nécessaires par un client pour effectuer la validation lui-même. .TP +.B --conntrack +Lis le marquage de suivi de connexion Linux associé aux requêtes DNS entrantes +et positionne la même marque au trafic amont utilisé pour répondre à ces +requétes. Cela permet au trafic généré par Dnsmasq d'étre associé aux requêtes +l'ayant déclenché, ce qui est pratique pour la gestion de la bande passante +(accounting) et le filtrage (firewall). Dnsmasq doit pour cela être compilé +avec le support conntrack, le noyau doit également inclure conntrack et être +configuré pour cela. Cette option ne peut pas être combinée avec +--query-port. +.TP .B \-F, --dhcp-range=[interface:,][tag: