stable

dnsmasq-2.88-1.fc37

FEDORA-2022-28dc37634d created by pemensik 2 years ago for Fedora 37

Changelog

(by upstream maintainer Simon Kelley)

  • Fix bug in --dynamic-host when an interface has /16 IPv4 address. Thanks to Mark Dietzer for spotting this.

  • Add --fast-dns-retry option. This gives dnsmasq the ability to originate retries for upstream DNS queries itself, rather than relying on the downstream client. This is most useful when doing DNSSEC over unreliable upstream networks. It comes with some cost in memory usage and network bandwidth.

  • Add --use-stale-cache option. When set, if a DNS name exists in the cache, but its time-to-live has expired, dnsmasq will return the data anyway. (It attempts to refresh the data with an upstream query after returning the stale data.) This can improve speed and reliability. It comes at the expense of sometimes returning out-of-date data and less efficient cache utilisation, since old data cannot be flushed when its TTL expires, so the cache becomes strictly least-recently-used.

  • Make --hostsdir (but NOT --dhcp-hostsdir and --dhcp-optsdir) handle removal of whole files or entries within files. Thanks to Dominik Derigs for the initial patches for this. Fix bug, introduced in 2.87, which could result in DNS servers being removed from the configuration when reloading server configuration from DBus, or re-reading /etc/resolv.conf Only servers from the same source should be replaced, but some servers from other sources (i.e., hard coded or another dynamic source) could mysteriously disappear. Thanks to all reporting this, but especially Christopher J. Madsen who reduced the problem to an easily reproducible case which saved much labour in finding it.

  • Add --no-round-robin option.

  • Allow domain names as well as IP addresses when specifying upstream DNS servers. There are some gotchas associated with this (it will mysteriously fail to work if the dnsmasq instance being started is in the path from the system resolver to the DNS), and a seemingly sensible configuration like --server=domain.name@1.2.3.4 is unactionable if domain.name only resolves to an IPv6 address). There are, however, cases where is can be useful. Thanks to Dominik Derigs for the patch.

  • Handle DS records for unsupported crypto algorithms correctly. Such a DS, as long as it is validated, should allow answers in the domain it attests to be returned as unvalidated, and not as a validation error.

  • Optimise reading large numbers of --server options. When re-reading upstream servers from /etc/resolv.conf or other sources that can change dnsmasq tries to avoid memory fragmentation by re-using existing records that are being re-read unchanged. This involves seaching all the server records for each new one installed. During startup this search is pointless, and can cause long start times with thousands of --server options because the work needed is O(n^2). Handle this case more intelligently. Thanks to Ye Zhou for spotting the problem and an initial patch.

  • If we detect that a DNS reply from upstream is malformed don't return it to the requestor; send a SEVFAIL rcode instead.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-28dc37634d

This update has been submitted for testing by pemensik.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'failed'.

2 years ago

This update has been pushed to testing.

2 years ago

This update's test gating status has been changed to 'passed'.

2 years ago
User Icon besser82 commented & provided feedback a year ago
karma

Works great! LGTM! =)

User Icon adscvr commented & provided feedback a year ago
karma

Works fine.

This update can be pushed to stable now if the maintainer wishes

a year ago
User Icon frantisekz commented & provided feedback a year ago
karma

Didn't notice any issues

User Icon pwalter commented & provided feedback a year ago
karma

Works

User Icon chr77 commented & provided feedback a year ago
karma

Works for me. No regressions noted compared to previous version.

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
enhancement
Severity
medium
Karma
5
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
5
Stable by Time
30 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
a year ago
BZ#2067270 dnsmasq fails validation on GOSTHASH digests
0
0
BZ#2150667 dnsmasq-2.88 is available
0
0

Automated Test Results