[Dnsmasq-discuss] Announce: dnsmasq-2.88

Simon Kelley simon at thekelleys.org.uk
Sun Dec 4 22:26:25 UTC 2022 

I just released dnsmasq version 2.88

CHANGELOG below.


Cheers,

Simon.

         Fix bug in --dynamic-host when an interface has /16 IPv4
         address. Thanks to Mark Dietzer for spotting this.

         Add --fast-dns-retry option. This gives dnsmasq the ability
         to originate retries for upstream DNS queries itself, rather
         than relying on the downstream client. This is most useful
         when doing DNSSEC over unreliable upstream networks. It comes
         with some cost in memory usage and network bandwidth.

         Add --use-stale-cache option. When set, if a DNS name exists
         in the cache, but its time-to-live has expired, dnsmasq will
         return the data anyway. (It attempts to refresh the
         data with an upstream query after returning the stale data.)
         This can improve speed and reliability. It comes
         at the expense of sometimes returning out-of-date data and
         less efficient cache utilisation, since old data cannot be
         flushed when its TTL expires, so the cache becomes
         strictly least-recently-used.

         Make --hostsdir (but NOT --dhcp-hostsdir and --dhcp-optsdir)
         handle removal of whole files or entries within files.
         Thanks to Dominik Derigs for the initial patches for this.
         Fix bug, introduced in 2.87, which could result in DNS
         servers being removed from the configuration when reloading
         server configuration from DBus, or re-reading /etc/resolv.conf
         Only servers from the same source should be replaced, but some
         servers from other sources (i.e., hard coded or another
	dynamic source) could mysteriously disappear. Thanks to all
	reporting this, but especially Christopher J. Madsen who
	reduced the problem to an easily reproducible case which
	saved much labour in finding it.

         Add --no-round-robin option.

         Allow domain names as well as IP addresses when specifying
         upstream DNS servers. There are some gotchas associated with
	this (it will mysteriously fail to work if the dnsmasq instance
         being started is in the path from the system resolver to the
	DNS), and a seemingly sensible configuration like
         --server=domain.name at 1.2.3.4 is unactionable if domain.name
         only resolves to an IPv6 address). There are, however,
         cases where is can be useful. Thanks to Dominik Derigs for
         the patch.

         Handle DS records for unsupported crypto algorithms correctly.
	Such a DS, as long as it is validated, should allow answers
         in the domain it attests to be returned as unvalidated, and not
         as a validation error.

         Optimise reading large numbers of --server options. When
	re-reading upstream servers from /etc/resolv.conf or
	other sources that can change dnsmasq tries to avoid
	memory fragmentation by re-using existing records that are
	being re-read unchanged. This involves
         seaching all the server records for each new one installed.
         During startup this search is pointless, and can cause long
         start times with thousands of --server options because the work
         needed is O(n^2). Handle this case more intelligently.
         Thanks to Ye Zhou for spotting the problem and an initial patch.

         If we detect that a DNS reply from upstream is malformed don't
         return it to the requestor; send a SEVFAIL rcode instead.

More information about the Dnsmasq-discuss mailing list