- 12 May, 2017 1 commit
- 
- 
Simon Kelley authored
 
- 
- 11 May, 2017 2 commits
- 
- 
Simon Kelley authored
- 
Petr Menšík authored
 
- 
- 10 May, 2017 2 commits
- 
- 
Simon Kelley authored
- 
Simon Kelley authored
 
- 
- 09 May, 2017 2 commits
- 
- 
Simon Kelley authoredThis was causing confusion: DNSSEC queries would be sent to servers for domains that don't do DNSSEC, but because of that status the answers would be treated as answers to ordinary queries, sometimes resulting in a crash. 
- 
Simon Kelley authored
 
- 
- 04 May, 2017 2 commits
- 
- 
Vladislav Grishenko authoredThis fixes build time warnings with POSIX.1-2008-aware c libraries. 
- 
Simon Kelley authoredThanks to Stephan Zeisberg and american fuzzy lop http://lcamtuf.coredump.cx/afl/ 
 
- 
- 01 May, 2017 1 commit
- 
- 
Simon Kelley authored
 
- 
- 29 Apr, 2017 3 commits
- 
- 
Simon Kelley authored
- 
Simon Kelley authoredThis reverts commit 88a77a78. A least one client has been found which breaks with this change. Since the use-case is not clear, I'm reverting the change, at least for now. 
- 
Simon Kelley authored
 
- 
- 25 Apr, 2017 2 commits
- 
- 
Vladislav Grishenko authored
- 
Vladislav Grishenko authored
 
- 
- 23 Apr, 2017 1 commit
- 
- 
Petr Menšík authored
 
- 
- 17 Apr, 2017 5 commits
- 
- 
Simon Kelley authored
- 
- 
Simon Kelley authored
- 
Simon Kelley authored
- 
Petr Menšík authored
 
- 
- 12 Apr, 2017 4 commits
- 
- 
Simon Kelley authored
- 
- 
Simon Kelley authored
- 
Simon Kelley authored
 
- 
- 11 Apr, 2017 6 commits
- 
- 
Simon Kelley authored
- 
Simon Kelley authored
- 
Simon Kelley authored
- 
Simon Kelley authored
- 
Floris Bos authoredDnsmasq's startup script seems to assume users always want to use dnsmasq as local DNS resolver, and tells resolvconf to put "nameserver 127.0.0.1" in /etc/resolv.conf The problem with this is that if users just want to use dnsmasq as DHCP server, and put port=0 in /etc/dnsmasq.conf to disable the DNS functionality, they end up with broken name resolving. Put a basic check in the startup script that skips resolvconf configuration if a line starting with port=0 is in /etc/dnsmasq.conf This doesn't cover all cases (e.g. configuration could also be in different file in /etc/dnsmasq.d), but is better than current situation. 
- 
David Flamand authored
 
- 
- 10 Apr, 2017 2 commits
- 
- 
Floris Bos authoredAdds option to delay replying to DHCP packets by one or more seconds. This provides a workaround for a PXE boot firmware implementation that has a bug causing it to fail if it receives a (proxy) DHCP reply instantly. On Linux it looks up the exact receive time of the UDP packet with the SIOCGSTAMP ioctl to prevent multiple delays if multiple packets come in around the same time. 
- 
Floris Bos authoredIt is currently only possible to let the TFTP server serve a different folder depending on the client's IP address. However it isn't always possible to predict what the client's IP address will be, especially in situations in which we are not responsible for handing them out (e.g. proxy dhcp setups). Extend the current --tftp-unique-root parameter to support having a separate folder per MAC address instead. 
 
- 
- 23 Mar, 2017 1 commit
- 
- 
Kristian Evensen authoredThe current --server syntax allows for binding to interface or address. However, in some (admittedly special) cases it is useful to be able to specify both. This commit introduces the following syntax to support binding to both interface and address: --server X.X.X.X@IP@interface#port Based on my tests, the syntax is backwards compatible with the current @IP/interface#port. The code will fail if two interface names are given. v1->v2: * Add man page description of the extended server syntax (thanks Simon Kelley) Signed-off-by:Kristian Evensen <kristian.evensen@gmail.com> 
 
- 
- 18 Mar, 2017 2 commits
- 
- 
James Bottomley authoredThe man page says that we don't do DNSSEC on forwarded domains, but if you turn on dnssec_check_signatures this turns out to be untrue, because we try to build up a DS chain to them. Since forwarded domains are usually used for split DNS to hidden domains, they're unlikely to verify to the DNS root anyway, so the way to do DNSSEC for them (as the manual says) is to provide a trust anchor for each forwarder. The problem I've run into is a split DNS setup where I want DNSSEC to work mostly, but one of the forwarding domains doesn't have an internal DNSSEC capable resolver. Without this patch the entire domain goes unresolvable because the DS record query to the internal resolver returns a failure which is interpreted as the domain being BOGUS. The fix is not to do the DS record chase for forwarded domains. 
- 
Petr Menšík authored
 
- 
- 07 Mar, 2017 3 commits
- 
- 
Bert Gijsbers authored
- 
Olivier Gayot authoredThe rev-server directive only handles the following CIDR prefixes properly: /8, /16, /24, /32. Any other value was silently converted to /16 which could result in unexpected behaviour. This patch rejects any other value instead of making a silent conversion. 
- 
Olivier Gayot authored[ excerpt from the man page ] The rev-server directive provides a syntactic sugar to make specifying address-to-name queries easier. For example --rev-server=1.2.3.0/24,192.168.0.1 is exactly equivalent to --server=/3.2.1.in-addr.arpa/192.168.0.1 It is not mentioned in the man page but the only prefixes that the directive properly handles when dealing with IPv4 are /8, /16 and /24. Specifying anything else as the same effect as specifying /16. It is not a big deal for subnets on non-octet boundaries since they cannot be represented using a single in-addr.arpa address. However, it is unconvenient for /32 prefix while the analogous server directive behaves as expected. E.g. the following server directive work as expected: server=/42.10.168.192.in-addr.arpa/1.2.3.4 but the following does not: rev-server=192.168.10.42/32,1.2.3.4 and, in practice, the later behaves the same as: server=/168.192.in-addr.arpa/1.2.3.4 This strange behaviour is fixed by accepting /32 CIDR prefixes as a valid value. Any other value will still be considered the same as /16.
 
- 
- 01 Mar, 2017 1 commit
- 
- 
Simon Kelley authored
 
- 
