Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Spell check v2.91 CHANGELOG

Browse Source
This commit is contained in:
Matthias Andree
2025-02-05 19:47:18 +01:00
committed by Simon Kelley
parent 0b6144583b
commit e72910dec8
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
CHANGELOG
View File

@@ -7,9 +7,9 @@ version 2.91
Literal address records are smaller and don't have Literal address records are smaller and don't have
this field and don't need to be ordered on it. this field and don't need to be ordered on it.
To actually provoke this bug seems to need the same server-literal To actually provoke this bug seems to need the same server-literal
to be repeated twice, eg --address=/a/1.1.1.1 --address-/a/1.1.1.1 to be repeated twice, e.g., --address=/a/1.1.1.1 --address-/a/1.1.1.1
which is clearly rare in the wild, but if it did exist it could which is clearly rare in the wild, but if it did exist it could
provoke a SIGSEV. Thanks to Daniel Rhea for fuzzing this one. provoke a SIGSEGV. Thanks to Daniel Rhea for fuzzing this one.
Fix buffer overflow when configured lease-change script name Fix buffer overflow when configured lease-change script name
is too long. is too long.
@@ -17,7 +17,7 @@ version 2.91
Improve behaviour in the face of non-responsive upstream TCP DNS Improve behaviour in the face of non-responsive upstream TCP DNS
servers. Without shorter timeouts, clients are blocked for too long servers. Without shorter timeouts, clients are blocked for too long
and fail wuth their own timeouts. and fail with their own timeouts.
Set --fast-dns-retries by default when doing DNSSEC. A single Set --fast-dns-retries by default when doing DNSSEC. A single
downstream query can trigger many upstream queries. On an downstream query can trigger many upstream queries. On an
@@ -36,7 +36,7 @@ version 2.91
empty answer. empty answer.
Fix handling of EDNS0 UDP packet sizes. Fix handling of EDNS0 UDP packet sizes.
When talking upstream we always add a pseudoheader, and set the When talking upstream we always add a pseudo header, and set the
UDP packet size to --edns-packet-max. Answering queries from UDP packet size to --edns-packet-max. Answering queries from
downstream, we get the answer (either from upstream or local downstream, we get the answer (either from upstream or local
data) If local data won't fit the advertised size (or 512 if data) If local data won't fit the advertised size (or 512 if
@@ -84,13 +84,13 @@ version 2.91
Handle DS queries to auth zones. When dnsmasq is configured to Handle DS queries to auth zones. When dnsmasq is configured to
act as an authoritative server and has an authoritative zone act as an authoritative server and has an authoritative zone
configured, and recieves a query for that zone _as_forwarder_ configured, and receives a query for that zone _as_forwarder_
it answers the query directly rather than forwarding it. This it answers the query directly rather than forwarding it. This
doesn't affect the answer, but it saves dnsmasq forwarding the doesn't affect the answer, but it saves dnsmasq forwarding the
query to the recusor upstream, whch then bounces it back to dnsmasq query to the recursor upstream, which then bounces it back to dnsmasq
in auth mode. The exception should be when the query is for the root in auth mode. The exception should be when the query is for the root
of zone, for a DS RR. The answer to that has to come from the parent, of zone, for a DS RR. The answer to that has to come from the parent,
via the recursor, and will typically be a proof-of-nonexistence via the recursor, and will typically be a proof-of-non-existence
since dnsmasq doesn't support signed zones. This patch suppresses since dnsmasq doesn't support signed zones. This patch suppresses
local answers and forces forwarding to the upstream recursor for such local answers and forces forwarding to the upstream recursor for such
queries. It stops breakage when a DNSSEC validating client makes queries. It stops breakage when a DNSSEC validating client makes
@@ -107,7 +107,7 @@ version 2.91
and lower case as the query, so any replies which don't can be and lower case as the query, so any replies which don't can be
ignored as malicious. The amount of extra entropy clearly depends ignored as malicious. The amount of extra entropy clearly depends
on the number of a-z and A-Z characters in the query, and this on the number of a-z and A-Z characters in the query, and this
implementation puts a hard limit of 32 bits to make rescource implementation puts a hard limit of 32 bits to make resource
allocation easy. This about doubles entropy over the standard allocation easy. This about doubles entropy over the standard
random ID and random port combination. This technique can interact random ID and random port combination. This technique can interact
badly with rare broken DNS servers which don't preserve the case badly with rare broken DNS servers which don't preserve the case
@@ -1985,7 +1985,7 @@ version 2.61
Set the environment variable DNSMASQ_LOG_DHCP when running Set the environment variable DNSMASQ_LOG_DHCP when running
the script id --log-dhcp is in effect, so that script can the script id --log-dhcp is in effect, so that script can
taylor their logging verbosity. Suggestion from Malte tailor their logging verbosity. Suggestion from Malte
Forkel. Forkel.
Arrange that addresses specified with --listen-address Arrange that addresses specified with --listen-address