Getting some numbers, on x86_64, for dnsmasq-dhcpv6 (for apples to apples comparison) I get:
-rw-r--r-- 1 philipp philipp 157156 Jan 25 20:20 dnsmasq-dhcpv6_2.82-10_x86_64.ipk The Bind packages are: -rw-r--r-- 1 philipp philipp 1140535 Jan 23 13:13 bind-libs_9.16.8-2_x86_64.ipk -rw-r--r-- 1 philipp philipp 161266 Jan 23 13:13 bind-server_9.16.8-2_x86_64.ipk -rw-r--r-- 1 philipp philipp 21592 Jan 23 13:13 bind-client_9.16.8-2_x86_64.ipk -rw-r--r-- 1 philipp philipp 16813 Jan 23 13:13 bind-rndc_9.16.8-2_x86_64.ipk And for ISC-dhcp: -rw-r--r-- 1 philipp philipp 1108571 Jan 23 13:15 isc-dhcp-server-ipv6_4.4.1-13_x86_64.ipk So... about 2.3MB bigger. But you do get a full-fledged DNS server, which you can run two instances of, and provide split-horizon and authoritative external DNS service for your domain to the Internet as well. > On Jan 22, 2021, at 3:51 PM, Paul Spooren <[email protected]> wrote: > > What's the size difference here. I'd be curious to replace dnsmasq for the > default setup, but only if it brings an advantage in size and security. > > Just a personal interest. > > Best, > Paul > -- > > > > Jan 22, 2021 11:44:50 AM Philip Prindeville > <[email protected]>: > >> >> >>> On Jan 22, 2021, at 12:00 PM, Alberto Bursi > <[email protected]> wrote: >>> >>> >>> >>> On 22/01/21 19:53, Philip Prindeville wrote: >>>> As an alternative to dnsmasq, master now has isc-dhcp (v4 only) and > Bind integration, so that's getting close to the essential functionality that > dnsmasq provides. >>>> I stopped using dnsmasq about 8 years ago because it has several > minor violations of the RFC's (which the Kelly's claim are convenient and > therefore justified) but I believe create potential incompatibilities for > specious reasons (yes, I'm a strict-interpretation-of-the-standards nazi). >>> >>> How do I enable/use the "isc-dhcp (v4 only) and Bind integration" and > replace/disable dnsmasq? >>> >>> -Alberto >>> >> >> >> You'll need to remove the dnsmasq package and select > CONFIG_PACKAGE_isc-dhcp-server-ipv4 (or -ipv6 which actually supports both > IPv4 and IPv6, but the UCI scripting for dynDNS for IPv6 as I said is > missing). That will bring in Bind and the related tools. >> >> To the top of your /etc/config/dhcp you'll need to add: >> >> config isc_dhcpd 'isc_dhcpd' >> option authoritative '1' >> option default_lease_time '3600' >> option max_lease_time '86400' >> option always_broadcast 0 >> option boot_unknown_clients 1 >> option log_facility 'daemon' >> option domain 'example.com' >> option dynamicdns 1 >> >> Which are the ISC specific global options. The last line is the one > that enables dynamic DNS internally. >> >> To the subnet sections like: >> >> config dhcp 'lan' >> option interface 'lan' >> option leasetime '12h' >> option start '128' >> option limit '32' >> list dhcp_option > 'option:ntp-servers,192.168.1.40,192.168.1.252' >> >> You can call out specific DHCP options (per dhcp-options(5)) with > something like the last line. >> >> >> For statically configured hosts that you want DNS records for, use: >> >> config domain >> option ip '192.168.1.2' >> option name 'myserver' >> >> Other record types: >> >> config cname >> option cname 'mail' >> option target 'www' >> >> config cname >> option cname 'ftp' >> option target 'www' >> >> config srvhost >> option srv '_sip._udp' >> option target 'pbx' >> option port '5060' >> option priority '0' >> option weight '10' >> >> config mxhost >> option domain '@' >> option relay 'mail' >> option pref '10' >> >> etc. >> >> Hope that helps. Send an email if you have more questions. >> >> -Philip >> >> >> >>>> If anyone is interested in having v6 support to DHCP+Bind > integration, I can look at doing that as well. >>>> Thanks, >>>> -Philip >>>>> On Jan 19, 2021, at 3:56 PM, Hauke Mehrtens <[email protected]> > wrote: >>>>> >>>>> Hi, >>>>> >>>>> The OpenWrt community is proud to announce the sixth service release > of OpenWrt 19.07. It focuses on fixing several security issues. >>>>> >>>>> Main changes from OpenWrt 19.07.5 >>>>> >>>>> Security fixes >>>>> * Security Advisory 2021-01-19-1 - dnsmasq multiple vulnerabilities >>>>> (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, >>>>> CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686) >>>>> * openssl: NULL pointer deref in GENERAL_NAME_cmp function can lead > to >>>>> a DOS attack. (CVE-2020-1971) >>>>> >>>>> Note: security fixes for most packages can also be applied by > upgrading only the affected packages on running devices, without the need for > a full firmware upgrade. This can be done with opkg update; opkg upgrade > the_package_name or through the LuCI web interface. >>>>> >>>>> Nevertheless, we encourage all users to upgrade their devices to > OpenWrt 19.07.6 or later versions whenever possible. >>>>> >>>>> Major bug fixes >>>>> * Fix iOS 14 tethering problem >>>>> >>>>> Device support >>>>> * Enable LED VCC for Asus RT-AC51U >>>>> >>>>> LuCI web interface >>>>> * luci-mod-system: properly handle SSH pubkeys with options > (GH#4684) >>>>> * luci-mod-network: properly handle wireless netdevs when creating >>>>> interfaces >>>>> * Update translations from weblate >>>>> >>>>> Core components >>>>> * Update Linux kernel from 4.14.209 to 4.14.215 >>>>> * Update mac80211 and wifi drivers from 4.19.137-1 to 4.19.161-1 >>>>> * Update wireless-regdb from 2019.06.03 to 2020.11.20 >>>>> * Update mbedtls from 2.16.8 to 2.16.9 >>>>> * Update openssl from 1.1.1h to 1.1.1i >>>>> >>>>> Full release notes and upgrade instructions are available at >>>>> https://openwrt.org/releases/19.07/notes-19.07.6 >>>>> >>>>> In particular, make sure to read the regressions and known issues > before upgrading: >>>>> https://openwrt.org/releases/19.07/notes-19.07.6#regressions >>>>> >>>>> For a very detailed list of all changes since 19.07.5, refer to >>>>> https://openwrt.org/releases/19.07/changelog-19.07.6 >>>>> >>>>> - --- >>>>> >>>>> To stay informed of new OpenWrt releases and security advisories, > there >>>>> are new channels available: >>>>> >>>>> * a low-volume mailing list for important announcements: > https://lists.openwrt.org/mailman/listinfo/openwrt-announce >>>>> >>>>> * a dedicated "announcements" section in the forum: > https://forum.openwrt.org/c/announcements/14 >>>>> >>>>> * other announcement channels (such as RSS feeds) might be added in > the >>>>> future, they will be listed at https://openwrt.org/contact >>>>> >>>>> - --- >>>>> >>>>> For latest information about the 19.07 series, refer to the wiki at: >>>>> https://openwrt.org/releases/19.07/ >>>>> >>>>> To download a OpenWrt 19.07.6 firmware image for your device, head > to the Table of Hardware: >>>>> https://openwrt.org/toh/start >>>>> >>>>> Or navigate directly in the list of firmware images: >>>>> https://downloads.openwrt.org/releases/19.07.6/targets/ >>>>> >>>>> As always, a big thank you goes to all our active package > maintainers, >>>>> testers, documenters, and supporters. >>>>> >>>>> Have fun! >>>>> >>>>> The OpenWrt Community >> >> >> _______________________________________________ >> openwrt-devel mailing list >> [email protected] >> https://lists.openwrt.org/mailman/listinfo/openwrt-devel > > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
