(by upstream maintainer Simon Kelley)
Fix bug in --dynamic-host
when an interface has /16 IPv4
address. Thanks to Mark Dietzer for spotting this.
Add --fast-dns-retry
option. This gives dnsmasq the ability
to originate retries for upstream DNS queries itself, rather
than relying on the downstream client. This is most useful
when doing DNSSEC over unreliable upstream networks. It comes
with some cost in memory usage and network bandwidth.
Add --use-stale-cache
option. When set, if a DNS name exists in the cache, but its time-to-live has expired, dnsmasq will return the data anyway. (It attempts to refresh the data with an upstream query after returning the stale data.) This can improve speed and reliability. It comes at the expense of sometimes returning out-of-date data and less efficient cache utilisation, since old data cannot be flushed when its TTL expires, so the cache becomes strictly least-recently-used.
Make --hostsdir
(but NOT --dhcp-hostsdir
and --dhcp-optsdir
) handle removal of whole files or entries within files.
Thanks to Dominik Derigs for the initial patches for this. Fix bug, introduced in 2.87, which could result in DNS
servers being removed from the configuration when reloading server configuration from DBus, or re-reading /etc/resolv.conf
Only servers from the same source should be replaced, but some servers from other sources (i.e., hard coded or another dynamic source) could mysteriously disappear. Thanks to all reporting this, but especially Christopher J. Madsen who reduced the problem to an easily reproducible case which saved much labour in finding it.
Add --no-round-robin
option.
Allow domain names as well as IP addresses when specifying upstream DNS servers. There are some gotchas associated with this (it will mysteriously fail to work if the dnsmasq instance being started is in the path from the system resolver to the DNS), and a seemingly sensible configuration like --server=domain.name@1.2.3.4
is unactionable if domain.name only resolves to an IPv6 address). There are, however, cases where is can be useful. Thanks to Dominik Derigs for the patch.
Handle DS records for unsupported crypto algorithms correctly. Such a DS, as long as it is validated, should allow answers in the domain it attests to be returned as unvalidated, and not as a validation error.
Optimise reading large numbers of --server
options. When re-reading upstream servers from /etc/resolv.conf or
other sources that can change dnsmasq tries to avoid memory fragmentation by re-using existing records that are being re-read unchanged. This involves seaching all the server records for each new one installed. During startup this search is pointless, and can cause long start times with thousands of --server options because the work needed is O(n^2). Handle this case more intelligently. Thanks to Ye Zhou for spotting the problem and an initial patch.
If we detect that a DNS reply from upstream is malformed don't return it to the requestor; send a SEVFAIL rcode instead.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2022-28dc37634d
Please login to add feedback.
This update has been submitted for testing by pemensik.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'failed'.
This update has been pushed to testing.
This update's test gating status has been changed to 'passed'.
Works great! LGTM! =)
Works fine.
This update can be pushed to stable now if the maintainer wishes
Didn't notice any issues
Works
Works for me. No regressions noted compared to previous version.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.