[Dnsmasq-discuss] Announce: dnsmasq-2.77

Simon Kelley simon at thekelleys.org.uk
Thu Jun 1 16:38:41 BST 2017

A little over a year since the last release, I'm happy to announce that
we now have a final release of dnsmasq-2.77.

The tarball is available here:


and the release-notes are appended below.




version 2.77
            Generate an error when configured with a CNAME loop,
            rather than a crash. Thanks to George Metz for
            spotting this problem.

            Calculate the length of TFTP error reply packet
            correctly. This fixes a problem when the error
            message in a TFTP packet exceeds the arbitrary
            limit of 500 characters. The message was correctly
            truncated, but not the packet length, so
            extra data was appended. This is a possible
            security risk, since the extra data comes from
            a buffer which is also used for DNS, so that
            previous DNS queries or replies may be leaked.
            Thanks to Mozilla for funding the security audit
            which spotted this bug.

            Fix logic error in Linux netlink code. This could
            cause dnsmasq to enter a tight loop on systems
            with a very large number of network interfaces.
            Thanks to Ivan Kokshaysky for the diagnosis and

            Fix problem with --dnssec-timestamp whereby receipt
            of SIGHUP would erroneously engage timestamp checking.
            Thanks to Kevin Darbyshire-Bryant for this work.

            Bump zone serial on reloading /etc/hosts and friends
            when providing authoritative DNS. Thanks to Harrald
            Dunkel for spotting this.

            Handle v4-mapped IPv6 addresses sanely in --synth-domain.
            These have standard representation like ::ffff:
            and are now converted to names like

            Handle binding upstream servers to an interface
            (--server= at eth0) when the named interface
            is destroyed and recreated in the kernel. Thanks to
            Beniamino Galvani for the patch.

            Allow wildcard CNAME records in authoritative zones.
            For example --cname=*.example.com,default.example.com
            Thanks to Pro Backup for sponsoring this development.

            Bump the allowed backlog of TCP connections from 5 to 32,
            and make this a compile-time configurable option. Thanks
            to Donatas Abraitis for diagnosing this as a potential

            Add DNSMASQ_REQUESTED_OPTIONS environment variable to the
            lease-change script. Thanks to ZHAO Yu for the patch.

            Fix foobar in rrfilter code, that could cause malformed
            replies, especially when DNSSEC validation on, and
            the upstream server returns answer with the RRs in a
            particular order. The only DNS server known to tickle
            this is Nominum's. Thanks to Dave Täht for spotting the
            bug and assisting in the fix.

            Fix the manpage which lied that only the primary address
            of an interface is used by --interface-name.

            Make --localise-queries apply to names from
            Thanks to Kevin Darbyshire-Bryant and Eric Luehrsen
            for pushing this.

            Improve connection handling when talking to TCP upstream
            servers. Specifically, be prepared to open a new TCP
            connection when we want to make multiple queries
            but the upstream server accepts fewer queries per

            Improve logging of upstream servers when there are a lot
            of "local addresses only" entries. Thanks to Hannu Nyman for
            the patch.

            Make --bogus-priv apply to IPv6, for the prefixes specified
            in RFC6303. Thanks to Kevin Darbyshire-Bryant for work on

            Allow use of MAC addresses with --tftp-unique-root. Thanks
            to Floris Bos for the patch.

            Add --dhcp-reply-delay option. Thanks to Floris Bos
            for the patch.

            Add mtu setting facility to --ra-param. Thanks to David
            Flamand for the patch.

            Capture STDOUT and STDERR output from dhcp-script and log
            it as part of the dnsmasq log stream. Makes life easier
            for diagnosing unexpected problems in scripts.
            Thanks to Petr Mensik for the patch.

            Generate fatal errors when failing to parse the output
            of the dhcp-script in "init" mode. Avoids strange errors
            when the script accidentally emits error messages.
            Thanks to Petr Mensik for the patch.

            Make --rev-server for an RFC1918 subnet work even in the
            presence of the --bogus-priv flag. Thanks to
            Vladislav Grishenko for the patch.

            Extend --ra-param mtu: field to allow an interface name.
            This allows the MTU of a WAN interface to be advertised on
            the internal interfaces of a router. Thanks to
            Vladislav Grishenko for the patch.

            Do ICMP-ping check for address-in-use for DHCPv4 when
            the client specifies an address in DHCPDISCOVER, and when
            an address in configured locally. Thanks to Alin Năstac
            for spotting the problem.

            Add new DHCP tag "known-othernet" which is set when only a
            dhcp-host exists for another subnet. Can be used to ensure
            that privileged hosts are not given "guest" addresses by
            accident. Thanks to Todd Sanket for the suggestion.

            Remove historic automatic inclusion of IDN support when
            building internationalisation support. This doesn't
            fit now there is a choice of IDN libraries. Be sure
            to include either -DHAVE_IDN or -DHAVE_LIBIDN2 for
            IDN support.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20170601/9d0aafdb/attachment.sig>

More information about the Dnsmasq-discuss mailing list