[Dnsmasq-discuss] dnsmasq-2.43rc3 available.
Patrick McLean
chutzpah at gentoo.org
Thu Jul 10 00:50:10 BST 2008
On Linux 2.6.24 (Gentoo kernel, though I don't see why it wouldn't
happen on other distros), starting this release with the user set to
anything other than root fails with this message:
dnsmasq: setting capabilities failed: Operation not permitted
Simon Kelley wrote:
> 2.43rc3 is available here.
>
> http://www.thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.43rc3.tar.gz
>
>
> This is a reaction to the DNS security farago of the last few days. I'm
> still not completely clear if dnsmasq is affected, since it doesn't do
> recursive name resolution, but this significantly strengthens the
> resistance to spoofing attacks anyway. It implements the same
> countermeasures as the patches to BIND et al, as far as I am aware.
>
>
> The default behaviour now becomes to randomise the source port for
> upstream queries. Each query will get a new, randomly allocated port.
> Under very heavy load, this degenerates into choosing a port from a
> constantly-rotating pool of 64 random ports. --query-port and the
> source-port specifications in --server are still honoured. Setting
> --source-port=0 reverts to the historical behavior, using a single port
> allocated by the OS.
>
> Additionally, the random number generator has been changed. *BSD
> platforms still use arc4random() but everything else, which used to use
> the rand() or random() libc functions now use the SURF RNG from djbdns-1.05
>
> This is quite a large change, and there's some time pressure to release,
> so I'd appreciate it if as many people as possible could try this out as
> soon as possible and get back to me with results.
>
>
> Cheers,
>
> Simon.
>
>
>
>
>
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list