I just tagged and push the final 2.79 release. Release notes below.



version 2.79
        Fix parsing of CNAME arguments, which are confused by extra
        spaces. Thanks to Diego Aguirre for spotting the bug.

        Where available, use IP_UNICAST_IF or IPV6_UNICAST_IF to bind
        upstream servers to an interface, rather than SO_BINDTODEVICE.
        Thanks to Beniamino Galvani for the patch.

        Always return a SERVFAIL answer to DNS queries without the
        recursion desired bit set, UNLESS acting as an authoritative
        DNS server. This avoids a potential route to cache snooping.

        Add support for Ed25519 signatures in DNSSEC validation.

        No longer support RSA/MD5 signatures in DNSSEC validation,
        since these are not secure. This behaviour is mandated in

        Fix incorrect error exit code from dhcp_release6 utility.
        Thanks Gaudenz Steinlin for the bug report.

        Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC
        time validation when --dnssec-no-timecheck is in use.
        Note that this is an incompatible change from earlier releases.

        Allow more than one --bridge-interface option to refer to an
        interface, so that we can use
        as an alternative to
        Thanks to Neil Jerram for work on this.

        Fix for DNSSEC with wildcard-derived NSEC records.
        It's OK for NSEC records to be expanded from wildcards,
        but in that case, the proof of non-existence is only valid
        starting at the wildcard name, *.<domain> NOT the name expanded
        from the wildcard. Without this check it's possible for an
        attacker to craft an NSEC which wrongly proves non-existence.
        Thanks to Ralph Dolmans for finding this, and co-ordinating
        the vulnerability tracking and fix release.
        CVE-2017-15107 applies.

        Remove special handling of A-for-A DNS queries. These
        are no longer a significant problem in the global DNS.
        Thanks to Mattias Hellström for the initial patch.

        Fix failure to delete dynamically created dhcp options
        from files in -dhcp-optsdir directories. Thanks to
        Lindgren Fredrik for the bug report.

     Add to --synth-domain the ability to create names using
        sequential numbers, as well as encodings of IP addresses.
        For instance,
        creates 21 domain names of the form
        internal-4.thekelleys.org.uk over the address range given, with
        internal-0.thekelleys.org.uk being and
        internal-20.thekelleys.org.uk being
        Thanks to Andy Hawkins for the suggestion.

        Tidy up Crypto code, removing workarounds for ancient
        versions of libnettle. We now require libnettle 3.

Dnsmasq-discuss mailing list

Reply via email to