Dnsmasq is een lichtgewichte en betrekkelijk makkelijk in te stellen dns- en dhcp-server die zich richt op 'kleine' omgevingen. Ondersteuning voor statische en dynamische dhcp-leases is aanwezig, net zoals bootp en tftp waarmee diskloze machines via het netwerk kunnen opstarten. Voor meer informatie verwijzen we jullie door naar deze pagina. De ontwikkelaar heeft een nieuwe versie van Dnsmasq uitgebracht, die 2.45 als het versienummer heeft gekregen en met de volgende lijst van aanpassingen wordt geleverd:
- Fix total DNS failure in release 2.43 unless --min-port specified. Thanks to Steven Barth and Grant Coady for bugreport. Also reject out-of-range port spec, which could break things too: suggestion from Gilles Espinasse.
- Fix crash when unknown client attempts to renew a DHCP lease, problem introduced in version 2.43. Thanks to Carlos Carvalho for help chasing this down.
- Fix potential crash when a host which doesn't have a lease does DHCPINFORM. Again introduced in 2.43. This bug has never been reported in the wild.
- Fix crash in netlink code introduced in 2.43. Thanks to Jean Wolter for finding this.
- Change implementation of min_port to work even if min-port as large.
- Patch to enable compilation of latest Mac OS X. Thanks to David Gilman.
- Update Spanish translation. Thanks to Christopher Chatham.
- Updated Polish translation. Thanks to Jan Psota.
- Flag errors when configuration options are repeated illegally.
- Further tweaks for GNU/kFreeBSD
- Add --no-wrap to msgmerge call - provides nicer .po file format.
- Honour lease-time spec in dhcp-host lines even for BOOTP. The user is assumed to known what they are doing in this case. (Hosts without the time spec still get infinite leases for BOOTP, over-riding the default in the dhcp-range.) Thanks to Peter Katzmann for uncovering this.
- Fix problem matching relay-agent ids. Thanks to Michael Rack for the bug report.
- Add --naptr-record option. Suggestion from Johan Bergquist.
- Implement RFC 5107 server-id-override DHCP relay agent option.
- Apply patches from Stefan Kruger for compilation on Solaris 10 under Sun studio.
- Yet more tweaking of Linux capability code, to suppress pointless wingeing from kernel 2.6.25 and above.
- Improve error checking during startup. Previously, some errors which occurred during startup would be worked around, with dnsmasq still starting up. Some were logged, some silent. Now, they all cause a fatal error and dnsmasq terminates with a non-zero exit code. The errors are those associated with changing uid and gid, setting process capabilities and writing the pidfile. Thanks to Uwe Gansert and the Suse security team for pointing out this improvement, and Bill Reimers for good implementation suggestions.
- Provide NO_LARGEFILE compile option to switch off largefile support when compiling against versions of uclibc which don't support it. Thanks to Stephane Billiart for the patch.
- Implement random source ports for interactions with upstream nameservers. New spoofing attacks have been found against nameservers which do not do this, though it is not clear if dnsmasq is vulnerable, since to doesn't implement recursion. By default dnsmasq will now use a different source port (and socket) for each query it sends upstream. This behaviour can suppressed using the --query-port option, and the old default behaviour restored using --query-port=0. Explicit source-port specifications in --server configs are still honoured.
- Replace the random number generator, for better security. On most BSD systems, dnsmasq uses the arc4random() RNG, which is secure, but on other platforms, it relied on the C-library RNG, which may be guessable and therefore allow spoofing. This release replaces the libc RNG with the SURF RNG, from Daniel J. Berstein's DJBDNS package.
- Don't attempt to change user or group or set capabilities if dnsmasq is run as a non-root user. Without this, the change from soft to hard errors when these fail causes problems for non-root daemons listening on high ports. Thanks to Patrick McLean for spotting this.
- Updated French translation. Thanks to Gildas Le Nadan.