惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

量子位
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
WordPress大学
WordPress大学
G
Google Developers Blog
博客园 - 三生石上(FineUI控件)
Last Week in AI
Last Week in AI
IT之家
IT之家
博客园_首页
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
爱范儿
爱范儿
大猫的无限游戏
大猫的无限游戏
博客园 - Franky
U
Unit 42
Security Archives - TechRepublic
Security Archives - TechRepublic
C
Cisco Blogs
S
Schneier on Security
T
Threatpost
阮一峰的网络日志
阮一峰的网络日志
Microsoft Security Blog
Microsoft Security Blog
The Cloudflare Blog
博客园 - 聂微东
C
Cybersecurity and Infrastructure Security Agency CISA
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Engineering at Meta
Engineering at Meta
M
MIT News - Artificial intelligence
aimingoo的专栏
aimingoo的专栏
博客园 - 叶小钗
Cisco Talos Blog
Cisco Talos Blog
P
Palo Alto Networks Blog
MongoDB | Blog
MongoDB | Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
V2EX
L
Lohrmann on Cybersecurity
Latest news
Latest news
小众软件
小众软件
有赞技术团队
有赞技术团队
Know Your Adversary
Know Your Adversary
Simon Willison's Weblog
Simon Willison's Weblog
B
Blog
雷峰网
雷峰网
K
Kaspersky official blog
美团技术团队
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Check Point Blog
Recorded Future
Recorded Future
博客园 - 【当耐特】
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security

dnsmasq-discuss

[Dnsmasq-discuss] Announce: dnsmasq-2.92rc2 Re: [Dnsmasq-discuss] [PATCH] Fix arguments order for chaos subdomain check Re: [Dnsmasq-discuss] patch: block-file/allow-file - for review/feedback Re: [Dnsmasq-discuss] patch: block-file/allow-file - for review/feedback Re: [Dnsmasq-discuss] patch: block-file/allow-file - for review/feedback Re: [Dnsmasq-discuss] patch: block-file/allow-file - for review/feedback [Dnsmasq-discuss] patch: block-file/allow-file - for review/feedback Re: [Dnsmasq-discuss] server= with interface parameter changes behavior over time [Dnsmasq-discuss] NFTsets and hosts-files [Dnsmasq-discuss] [PATCH] Allow expired RRSIGs when stale caching is enabled [Dnsmasq-discuss] [PATCH] Fix local host records being overridden by upstream NXDOMAIN [Dnsmasq-discuss] [PATCH] Fix arguments order for chaos subdomain check Re: [Dnsmasq-discuss] Malformed RRSIG Can Crash dnsmasq [Dnsmasq-discuss] Malformed NSEC/NSEC3 Can Hang dnsmasq [Dnsmasq-discuss] Malformed RRSIG Can Crash dnsmasq [Dnsmasq-discuss] Security - IMPORTANT Re: [Dnsmasq-discuss] Issue with circuit-id matching on dhcp requests Re: [Dnsmasq-discuss] Issue with circuit-id matching on dhcp requests Re: [Dnsmasq-discuss] Issue with circuit-id matching on dhcp requests [Dnsmasq-discuss] Issue with circuit-id matching on dhcp requests Re: [Dnsmasq-discuss] [PATCH] bpf.c: fix memory leak in arp_enumerate() on BSD Re: [Dnsmasq-discuss] [PATCH] bpf.c: fix memory leak in arp_enumerate() on BSD Re: [Dnsmasq-discuss] dnssec problem here and now Re: [Dnsmasq-discuss] dnssec problem here and now [Dnsmasq-discuss] dnssec problem here and now Re: [Dnsmasq-discuss] server= with interface parameter changes behavior over time Re: [Dnsmasq-discuss] [PATCH] bpf.c: fix memory leak in arp_enumerate() on BSD Re: [Dnsmasq-discuss] [PATCH] bpf.c: fix memory leak in arp_enumerate() on BSD Re: [Dnsmasq-discuss] [PATCH] Preserve existing log file permissions when adding group-write bit. [Dnsmasq-discuss] server= with interface parameter changes behavior over time [Dnsmasq-discuss] [PATCH] bpf.c: fix memory leak in arp_enumerate() on BSD Re: [Dnsmasq-discuss] [PATCH] Preserve existing log file permissions when adding group-write bit. Re: [Dnsmasq-discuss] [BUG] SIGSEGV when parsing invalid "--interface-name" or "--dynamic-host" options Re: [Dnsmasq-discuss] Suggestion to increase default for max-tcp-connections [Dnsmasq-discuss] server priority clarification after e86d53c [Dnsmasq-discuss] [BUG] SIGSEGV when parsing invalid "--interface-name" or "--dynamic-host" options [Dnsmasq-discuss] Suggestion to increase default for max-tcp-connections Re: [Dnsmasq-discuss] [PATCH] Preserve existing log file permissions when adding group-write bit. [Dnsmasq-discuss] [Bug] Heap buffer overflow in cache_recv_insert() due to pipe de-synchronization Re: [Dnsmasq-discuss] Regression/Feature Request for 2.92 Re: [Dnsmasq-discuss] [PATCH] DHCPv6 network range is not checked well with dhcp-sequential-ip [Dnsmasq-discuss] [Bug] Buffer underflow in hostname_issubdomain() [Dnsmasq-discuss] [PATCH] Don't penalize conditional forwarders for REFUSED responses [Dnsmasq-discuss] BUG:Heap buffer overflow in src/forward.c due to incorrect pointer arithmetic (CWE-122) Re: [Dnsmasq-discuss] Regression/Feature Request for 2.92 Re: [Dnsmasq-discuss] Regression/Feature Request for 2.92 Re: [Dnsmasq-discuss] Regression/Feature Request for 2.92 Re: [Dnsmasq-discuss] Potential privacy issue: filter-rr inefficiency Re: [Dnsmasq-discuss] TCP optimization regressions Re: [Dnsmasq-discuss] Bug: Null pointer dereference in domain-match.c at line 82 (dnsmasq 2.92test21-1-gee09f06) [Dnsmasq-discuss] [PATCH] ubus: add lease management methods [Dnsmasq-discuss] Regression/Feature Request for 2.92 [Dnsmasq-discuss] cotillon por mayor [Dnsmasq-discuss] Por Qué el Alquiler de Plataformas Elevadoras es la Clave del Éxito para Tu Empresa Re: [Dnsmasq-discuss] [PATCH] dnsmasq: failed to create inotify for /etc/resolv.conf: No space left on device [Dnsmasq-discuss] Bug: Null pointer dereference in domain-match.c at line 82 (dnsmasq 2.92test21-1-gee09f06) [Dnsmasq-discuss] TCP optimization regressions Re: [Dnsmasq-discuss] [PATCH] dnsmasq: failed to create inotify for /etc/resolv.conf: No space left on device Re: [Dnsmasq-discuss] dnsmasq 2.92 build-error against Nettle 4.0 Re: [Dnsmasq-discuss] dnsmasq 2.92 build-error against Nettle 4.0 Re: [Dnsmasq-discuss] dnsmasq 2.92 build-error against Nettle 4.0 [Dnsmasq-discuss] dnsmasq 2.92 build-error against Nettle 4.0 [Dnsmasq-discuss] Potential privacy issue: filter-rr inefficiency Re: [Dnsmasq-discuss] Bug with NS records when using dnsmasq as authoritative nameserver without specific auth-interface Re: [Dnsmasq-discuss] Bug with NS records when using dnsmasq as authoritative nameserver without specific auth-interface Re: [Dnsmasq-discuss] segfault with an empty OPTION_SNAME [Dnsmasq-discuss] Bug with NS records when using dnsmasq as authoritative nameserver without specific auth-interface Re: [Dnsmasq-discuss] segfault with an empty OPTION_SNAME [Dnsmasq-discuss] segfault with an empty OPTION_SNAME Re: [Dnsmasq-discuss] Shut down caused by device request address. Re: [Dnsmasq-discuss] Shut down caused by device request address. Re: [Dnsmasq-discuss] Shut down caused by device request address. [Dnsmasq-discuss] Shut down caused by device request address. [Dnsmasq-discuss] [PATCH] dnsmasq: failed to create inotify for /etc/resolv.conf: No space left on device Re: [Dnsmasq-discuss] dnsmasq with high availability and dynamic range [Dnsmasq-discuss] dnsmasq with high availability and dynamic range [Dnsmasq-discuss] PATCH] PXE boot server (PXEBS) responses broken in 2.92 — missing else in dhcp.c [Dnsmasq-discuss] PATCH] PXE boot server (PXEBS) responses broken in 2.92 — missing else in dhcp.c [Dnsmasq-discuss] Potential memory leak Re: [Dnsmasq-discuss] Incorrect SERVFAIL on dnssec and rivcoed.org. domain Re: [Dnsmasq-discuss] dnsmasq does not forward requests with no default route is set [Dnsmasq-discuss] DNSSEC validation fails for wildcard subdomains [Dnsmasq-discuss] Add an option to not always add a pseudo header? Re: [Dnsmasq-discuss] Announce: 2.92.rc1, rc3 & patches overseen Re: [Dnsmasq-discuss] Portable PXE boot appliance [Dnsmasq-discuss] Portable PXE boot appliance Re: [Dnsmasq-discuss] Question about IPv6 settings [Dnsmasq-discuss] Incorrect SERVFAIL on dnssec and rivcoed.org. domain [Dnsmasq-discuss] Question about IPv6 settings Re: [Dnsmasq-discuss] iPhone 17 Pro Max DHCP not working [Dnsmasq-discuss] iPhone 17 Pro Max DHCP not working Re: [Dnsmasq-discuss] [PATCH 0/3] Announce: 2.92.rc1 [Dnsmasq-discuss] [PATCH 0/3] Announce: 2.92.rc1 [Dnsmasq-discuss] [PATCH 3/3] Fix some issues with the swedish manual page, some causing lintian warnings [Dnsmasq-discuss] [PATCH2/3] Fix typos in the english manual page [Dnsmasq-discuss] [PATCH 1/3] Remove trailing white space from dnsmasq.conf.example [Dnsmasq-discuss] Announce: 2.92.rc1 [Dnsmasq-discuss] dnsmasq rejects TCP queries originating from Kubernetes pods Re: [Dnsmasq-discuss] Git: Is first dhcp.c address_available() for/if code correct? [Dnsmasq-discuss] [PATCH dnsmasq 1/1] fix SIGSEGV in dbus.c when no dhcp-range is configured
[Dnsmasq-discuss] Announce: dnsmasq-2.92
Simon Kelley · 2026-01-14 · via dnsmasq-discuss
After another delay, unrelated to dnsmasq, I'm now in a position to
finally make the 2.92 release.

Summary below.

Cheers,

Simon.

version 2.92
Redesign the interaction between DNSSEC validation and
per-domain servers, specified as --server=/<domain>/<ip-address>. This should just work in all cases now. If the normal chain-of-trust exists into the delegated domain then whether the domain is signed or not, DNSSEC validation will function normally. In the case the delegated domain is an "overlay" on top of the global DNS and no NS and/or DS records exist connecting it to the global dns, then if the domain is unsigned the situation will be handled by synthesising a
proof-of-non-existence-of-DS for the domain and queries will be
answered unvalidated; this action will be logged. A signed domain
without chain-of-trust can be validated if a suitable trust-anchor
is provided using --trust-anchor. This change should be backwards
compatible for all existing working configurations; it extends the
space of possible configurations which are functional.

Fix a couple of problems with DNSSEC validation and DNAME. One
could cause validation failure on correct domains, and the other
would fail to spot an invalid domain. Thanks to Graham Clinch
for spotting the problem.

Add --log-queries=auth option to only log replies from the auth DNS
facility.

Fix some edge-cases with domains and --address and --server. There
has been some regressions with this in previous releases. This change
fixes the priority order from lower to highest as:
--address with a IPv4 or IPv6 address (as long as the query matches the type)
--address with # for all-zeros, as long as the query is A or AAAA)
--address with no address, which returns NXDOMAIN or NOERROR for all types.
--server with address set to # to use the unqualified servers.
--server with matching domain.
--server without domain or from /etc/resolv.conf.

Fix problems with ipset or nftset and TCP DNS transport. Previously
this was racy, and insertion of addresses could fail on a busy server
when DNS-over-TCP transport was involved.

DNSSEC validation change for reverse lookups in RFC-1918 ranges and friends. The large public DNS services seem not to return proof-of-nonexistence for DS records at the start of RFC-1918 in-addr.arpa domains and the their IPv6 equivalents. 10.in-addr.arpa, 168.192.in-addr.arpa etc.
Since dnsmasq already has an option which instructs it not bother
upstream servers with pointless queries about these address ranges,
namely --bogus-priv, we extend that to enable behaviour which allows
dnsmasq to assume that insecure NXDOMAIN replies for these domains
are expected and to assume that the domains are legitimately unsigned.
This behaviour only matters when some address range is directed to
another upstream server using --rev-server. In that case it allows
replies from that server to pass DNSSEC validation. Without such a
server configured, queries are never sent upstream so they are never
validated and the new behaviour is moot.

Add support for leasequery to the dnsmasq DHCPv4 server.
This has to be specifically enabled with the --leasequery option.
Many thanks to JAXPORT, Jacksonville Port Authority for sponsoring
this enhancement to dnsmasq.

Fix failure to cache PTR RRs when a reply contains more than one answer.
Thanks to Dmitry for spotting this.

Add TFTP options windowsize (RFC 7440) and timeout (RFC 2349).

Change the behaviour of the DHCPv6 server when a REBIND message
is received but no lease exists. Under these circumstances a new
lease is created _only_ when the --dhcp-authoritative option is
set. This matches the behavior of the DHCPv4 server.

Add --dhcp-split-relay option. This makes a DHCPv4 relay which
is functional when client and server networks aren't mutually
route-able.

Fix failure to add client MAC address to queries in TCP mode.
The options which cause dnsmasq to decorate a DNS query with the MAC
address on the originating client can fail when the query is sent
using TCP. Thanks to Bruno Ravara for spotting and
characterising this bug.

_______________________________________________
Dnsmasq-discuss mailing list
[email protected]
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss