Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,341 Commits 8 Branches 0 Tags
55ecde7f1b70d5c05dc5a39cf08098426f466bbc
Commit Graph

121 Commits

Author SHA1 Message Date
Simon Kelley
baf553db0c Default min-port to 1024 to avoid reserved ports. 2018-01-29 23:04:06 +00:00
Simon Kelley
d1ced3ae38 Update copyrights to 2018. 2018-01-01 22:18:03 +00:00
Simon Kelley
9d6918d32c Use IP[V6]_UNICAST_IF socket option instead of SO_BINDTODEVICE for DNS. 
dnsmasq allows to specify a interface for each name server passed with
the -S option or pushed through D-Bus; when an interface is set,
queries to the server will be forced via that interface.

Currently dnsmasq uses SO_BINDTODEVICE to enforce that traffic goes
through the given interface; SO_BINDTODEVICE also guarantees that any
response coming from other interfaces is ignored.

This can cause problems in some scenarios: consider the case where
eth0 and eth1 are in the same subnet and eth0 has a name server ns0
associated.  There is no guarantee that the response to a query sent
via eth0 to ns0 will be received on eth0 because the local router may
have in the ARP table the MAC address of eth1 for the IP of eth0. This
can happen because Linux sends ARP responses for all the IPs of the
machine through all interfaces. The response packet on the wrong
interface will be dropped because of SO_BINDTODEVICE and the
resolution will fail.

To avoid this situation, dnsmasq should only restrict queries, but not
responses, to the given interface. A way to do this on Linux is with
the IP_UNICAST_IF and IPV6_UNICAST_IF socket options which were added
in kernel 3.4 and, respectively, glibc versions 2.16 and 2.26.

Reported-by: Hector Martin <marcan@marcan.st>
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
 2017-10-13 17:55:09 +01:00
Simon Kelley
a49c5c2265 Fix search_servers() segfault with DNSSEC. 
--address=/example.com/<IP> would segfault if query on example.com
was generated as part of DNSSEC validation.
 2017-10-10 22:04:59 +01:00
Simon Kelley
50ca85504c Bump year in copyrights. 2017-06-24 22:43:18 +01:00
Petr Menšík
ad59f278c6 Fix man page re interface labels and add warning when used badly. 2017-03-17 17:22:19 +00:00
Hannu Nyman
3e2496fb16 Decrease the number of individual sites listed in log. 
By default 30 first servers are listed individually to system log, and
then a count of the remaining items. With e.g. a NXDOMAIN based adblock
service, dnsmasq lists 30 unnecessary ad sites every time when dnsmasq
evaluates the list. But the actual nameservers in use are evaluated last
and are not displayed as they get included in the "remaining items" total.

Handle the "local addresses only" separately and list only a few of them.
Remove the "local addresses only" from the general count.
 2017-02-11 13:44:08 +00:00
Josh Soref
730c6745f0 Comprehensive spelling/typo fixes. 
Thanks to Josh Soref for generating these fixes.
 2017-02-06 16:14:04 +00:00
Simon Kelley
09b768efa4 Bump TCP connection backlog from 5 to 32. 2016-12-22 22:16:58 +00:00
Simon Kelley
16800ea072 Fix crash introduced in 2675f20615 2016-08-30 23:07:06 +01:00
Beniamino Galvani
2675f20615 Handle binding upstream servers to an interface 
(--server=1.2.3.4@eth0) when the named interface
is destroyed and recreated in the kernel.
 2016-08-28 20:44:05 +01:00
Simon Kelley
b97026035e Limit number of upstream nameservers when logging configuration. 2016-05-03 22:34:06 +01:00
Simon Kelley
14ffa0770b Fix init of per server EDNS UDP packet size. 2016-04-25 16:36:44 +01:00
Simon Kelley
529b030228 Tidy code. 2016-03-16 19:00:45 +00:00
Simon Kelley
b8ac466209 Tidy code. 2016-03-10 18:40:53 +00:00
Hans Dedecker
926332a764 Add --max-port config option. 2016-01-23 10:48:12 +00:00
Simon Kelley
92be34a407 Complete work to allow DNSSEC validation with private DNS servers. 2016-01-16 18:39:54 +00:00
Simon Kelley
367341f745 Disable DNSSEC for server=/domain/.. servers unless trust-anchor provided. 2016-01-12 15:58:23 +00:00
Simon Kelley
c49778df4a Update copyright notices. Happy new year! 2016-01-06 18:52:33 +00:00
Simon Kelley
9cdcfe9f19 Suggest solution to ENOMEM error with IPv6 multicast. 2015-08-26 22:38:08 +01:00
Simon Kelley
a77cec8d58 Handle UDP packet loss when fragmentation of large packets is broken. 2015-05-08 16:25:38 +01:00
Simon Kelley
979fe86bc8 Make --address=/example.com/ equivalent to --server=/example.com/ 2015-03-19 22:50:22 +00:00
Simon Kelley
aff3396280 Update copyrights for dawn of 2015. 2015-01-31 20:13:40 +00:00
Simon Kelley
476693678e Eliminate IPv6 privacy addresses from --interface-name answers. 2014-12-17 12:41:56 +00:00
Simon Kelley
bd9520b7ad Remove redundant IN6_IS_ADDR_ULA(a) macro defn. 2014-12-16 20:41:29 +00:00
Simon Kelley
40766e55e8 Check all servers loopiness, when any subset is changed. 2014-07-29 16:52:00 +01:00
Simon Kelley
b5ea1cc255 Add --dns-loop-detect feature. 2014-07-29 16:34:14 +01:00
Simon Kelley
47a9516980 Use event system to re-send query on new route. Tidies module boundaries. 2014-07-08 22:22:02 +01:00
Simon Kelley
a0358e5ddb Handle async notification of address changes using the event system. 2014-06-07 13:38:48 +01:00
Simon Kelley
89b12ed35b OPT_LOCAL_SERVICE needs up-to-date interface list too. 2014-03-06 13:27:57 +00:00
Simon Kelley
c8a80487cd --local-service. Default protection from DNS amplification attacks. 2014-03-05 14:29:54 +00:00
Simon Kelley
7b1eae4f50 Add --servers-file option. 2014-02-20 13:43:28 +00:00
Simon Kelley
7bcca0060f More server cleanup. 2014-02-19 17:45:17 +00:00
Simon Kelley
d68c2ca2b7 Cleanup of server reading code, preparation, for dynamic reading from files. 2014-02-18 22:30:30 +00:00
Simon Kelley
c47e3ba446 Update copyright for 2014. 2014-01-08 17:07:54 +00:00
Simon Kelley
1ee9be4c3f Implement dynamic interface discovery on *BSD 2013-12-09 16:50:19 +00:00
Simon Kelley
2329bef5ba Check arrival interface of IPv6 requests, even in --bind-interfaces. 2013-12-03 13:41:16 +00:00
Simon Kelley
62ab3ccd3d Only set scope_id in addresses to bind() for linklocal addresses. 
FreeBSD complains otherwise.
 2013-12-03 11:53:53 +00:00
Matthias Andree
71aaa5a791 Fix previous errno saving fix. 2013-12-03 11:20:45 +00:00
Simon Kelley
08619211f8 Garbage collect listening sockets when their address is deleted. 
In --bind-dynamic mode, stop listening on an address when it's
removed from an interface. 6rd and 6to4 tunnels can go through
lots of addresses.
 2013-12-02 14:43:48 +00:00
Simon Kelley
3dffbc3ebf Don't overwrite errno before generating message. 2013-12-02 13:22:37 +00:00
Vladislav Grishenko
3b19596122 Fix compiler warnings. 2013-11-26 11:08:21 +00:00
Simon Kelley
f7029f5c08 Extend /4 and /6 syntax to --interface-name 2013-11-21 15:10:02 +00:00
Simon Kelley
f25e6c6d33 Support /4 and /6 suffixes in interface names in --auth-server 2013-11-17 12:23:42 +00:00
Simon Kelley
376d48c7f1 Allow interface name to specify subnets in --auth-zone. 2013-11-13 13:04:30 +00:00
Simon Kelley
dc27e148a1 Warning when using --bind-interfaces and routeable addresses. 2013-10-16 14:33:23 +01:00
Vladislav Grishenko
408c368fa5 Remove unused variable warnings when omitting stuff at compile-time. 2013-09-24 16:18:49 +01:00
Simon Kelley
91543f4831 Fix FTBFS when various facilities omitted at compile time. 2013-09-23 12:41:20 +01:00
Simon Kelley
89500e31f1 Support MAC addresses in dhcp-host and dhcp-mac for DHCPv6. 2013-09-20 16:29:20 +01:00
Simon Kelley
397542b213 Fix bug resulting in tight-loop when new interfaces arrive. 2013-09-05 11:27:34 +01:00