Download Dnsmasq 2.45

Dnsmasq is a lightweight and relatively easy to set up dns and dhcp server aimed at ‘small’ environments. Support for static and dynamic DHCP leases is provided, as well as bootp and tftp that allow diskless machines to boot over the network. For more information, we refer you to this page. The developer has released a new version of Dnsmasq which has been assigned 2.45 as the version number and comes with the following list of fixes:

Version 2.45:

• Fix total DNS failure in release 2.43 unless –min-port specified. Thanks to Steven Barth and Grant Coady for bug report. Also reject out-of-range port spec, which could break things too: suggestion from Gilles Espinasse.

Version 2.44:

• Fix crash when unknown client attempts to renew a DHCP lease, problem introduced in version 2.43. Thanks to Carlos Carvalho for helping chasing this down.
• Fix potential crash when a host which doesn’t have a lease does DHCPINFORM. Again introduced in 2.43. This bug has never been reported in the wild.
• Fix crash in netlink code introduced in 2.43. Thanks to Jean Wolter for finding this.
• Change implementation of min_port to work even if min-port as large.
• Patch to enable compilation of latest Mac OS X. Thanks to David Gilman.
• Update Spanish translation. Thanks to Christopher Chatham.

Version 2.43:

• Updated Polish translation. Thanks to Jan Psota.
• Flag errors when configuration options are repeated illegally.
• Further tweaks for GNU/kFreeBSD
• Add –no-wrap to msgmerge call – provides nicer .po file format.
• Honor lease-time spec in dhcp host lines even for BOOTP. The user is assumed to know what they are doing in this case. (Hosts without the time spec still get infinite leases for BOOTP, over-riding the default in the dhcp-range.) Thanks to Peter Katzmann for uncovering this.
• Fix problem matching relay agent ids. Thanks to Michael Rack for the bug report.
• Add –naptr record option. Suggestion from Johan Bergquist.
• Implement RFC 5107 server ID override DHCP relay agent option.
• Apply patches from Stefan Kruger for compilation on Solaris 10 under Sun studio.
• Yet more tweaking of Linux capability code, to suppress pointless wingeing from kernel 2.6.25 and above.
• Improve error checking during startup. Previously, some errors which occurred during startup would be worked around, with dnsmasq still starting up. Some were logged, some silent. Now, they all cause a fatal error and dnsmasq terminates with a non-zero exit code. The errors are those associated with changing uid and gid, setting process capabilities and writing the pidfile. Thanks to Uwe Gansert and the Suse security team for pointing out this improvement, and Bill Reimers for good implementation suggestions.
• Provide NO_LARGEFILE compile option to switch off largefile support when compiling against versions of uclibc which don’t support it. Thanks to Stephane Billiart for the patch.
• Implement random source ports for interactions with upstream nameservers. New spoofing attacks have been found against nameservers which do not do this, though it is not clear if dnsmasq is vulnerable, since to doesn’t implement recursion. By default dnsmasq will now use a different source port (and socket) for each query it sends upstream. This behavior can suppressed using the –query-port option, and the old default behavior restored using –query-port=0. Explicit source-port specifications in –server configs are still honored.
• Replace the random number generator, for better security. On most BSD systems, dnsmasq uses the arc4random() RNG, which is secure, but on other platforms, it relied on the C-library RNG, which may be guessable and therefore allow spoofing. This release replaces the libc RNG with the SURF RNG, from Daniel J. Berstein’s DJBDNS package.
• Don’t attempt to change user or group or set capabilities if dnsmasq is run as a non-root user. Without this, the change from soft to hard errors when these fail causes problems for non-root daemons listening on high ports. Thanks to Patrick McLean for spotting this.
• Updated French translation. Thanks to Gildas Le Nadan.