Conntrack support reads the connection track mark associated with
incoming DNS queries and sets the same mark value on the upstream
forwarded DNS query. This can be usefull to track traffic generated
by dnsmasq to associate it with the clients who generate the queries,
usefull for bandwidth accouting and firewall.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Running dnsmasq in a dedicated user/group allows matching its outgoing
traffic more easily using iptables' owner match.
Add UID/GID to the package metadata and append the user/group
parameters to the init script.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 49252
Parameter allows to enable/disable static leases; by default the value is 1
to keep backwards compatibility
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 49187
Enable setting a host-specific lease time for static hosts.
The new option is called "leasetime" and the format is similar
as for the default lease time: e.g. 12h, 3d, infinite
Default lease time is used for all hosts for which there is
no host-specific definition.
The option is added to /etc/config/dhcp for the selected hosts:
config host
option name 'Nexus'
option mac 'd8:50:66:55:59:7c'
option ip '192.168.1.245'
option leasetime '2h'
It gets appended to /var/etc/dnsmasq.conf like this:
dhcp-host=d8:50:66:55:59:7c,192.168.1.245,Nexus,2h
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 48801
Commit 6a7e56b adds support for adding local hostname for own lan ula adress
but if ula prefix is not specified results into an invalid config (address=/OpenWrt.lan/1)
causing dnsmasq not to start up.
Use lanaddr6 when adding local hostname as the lan ula address is constructed based on the
UCI parameters ip6hint and ip6ifaceid and thus not always ula prefix suffixed with 1
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 48495
By default dnsmasq uses random ports for outbound dns queries;
when the minport UCI option is specified the ports used will
always be larger than the specified value.
This is usefull for systems behind firewalls.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 48244
By default dnsmasq sends an ICMP echo request before allocating
an IP address to a host; the uci option noping allows to disable
this check.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 47974
Changed option nonwildcard from --bind-interfaces into --bind-dynamic.
With this, Dnsmasq binds the address of individual interfaces, allowing multiple
dnsmasq instances, but if new interfaces or addresses appear, it automatically
listens on those. This makes dynamically created interfaces work in the same way as
the default, but allows also use of other DNS-servers (like Named) at the same time
on diffirent interfaces where Dnsmasq is NOT configured, whereas with
--bind-interfaces will still reserve every interface even if not used and thus
disallowing use of any other DNS-program even on unused interfaces.
Tested-by: Vaasa Hacklab <info@vaasa.hacklab.fi>
Signed-off-by: Sami Olmari <sami@olmari.fi>
SVN-Revision: 47953
Add the option "--all-servers" which forces dnsmasq to send all
queries to all servers and then take the first answer.
Signed-off-by: Andréas Gustafsson <gurgalof@gmail.com>
SVN-Revision: 47857
Since r46834, IPv6 support is builtin if selected. Therefor, dependencies
on kmod-ipv6 can no longer be fulfilled, since it is not a module anymore.
Signed-off-by: Arjen de Korte <arjen+openwrt@de-korte.org>
SVN-Revision: 47022
Fixes a 100% cpu usage issue if using dhcp-script.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46550
When enabled the dnsmasq DHCP server allocates the IP addresses sequentially
starting from the lowest available IP address.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 46211
Bump dnsmasq to v2.73rc8
Important - fixes remotely exploitable buffer overflow introduced in all v2.73 test/release candidates.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
SVN-Revision: 45693
This patch backports the option --tftp-no-fail to dnsmasq and prevents the
service from aborting if the specified TFTP root directory is not available;
this might be the case if TFTP files are located on external media that might
occasionally not be present at startup.
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 45213
DNSMASQ has the ability to provide a menu to a pxeboot system, using
the --pxe-prompt and --pxe-service configuration options. The current
init.d script converting the "dhcp" file to "dnsmasq.conf" does not
find these options, but they are supported. This patch thus enables
the options.
Signed-off-by: Derek LaHousse <dlahouss@mtu.edu>
SVN-Revision: 44747
The --dhcp-boot option of dnsmasq does not require servername and serveraddress
arguments if the builtin tftp server is used.
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 44744
The --quiet-dhcp setting increases privacy by omitting DHCP lease logs including MAC addresses.
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
SVN-Revision: 44006
This patch tries to
- Let the DHCPv6 feature depend on CONFIG_IPV6.
- Conditionally select libnettle, kmod-ipv6, kmod-ipt-ipset only if the
corresponding features are enabled.
- Install `trust-anchors.conf` only if DNSSEC is selected.
- Add PKG_CONFIG_DEPENDS for the configurable options.
- Add a patch to let the Makefile of dnsmasq be aware of changes in
COPTS variable.
Big thanks goes to Frank Schäfer <fschaefer.oss@googlemail.com> for
providing necessary information on connections and dependency relations
between these CONFIGs and packages.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 43851
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
Use an if/else statement to cover the two different syntaxes. Add
comments explaining what the end results should look like.
This patch should not change the script's output.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
SVN-Revision: 42320
An entry like this in /etc/config/dhcp:
config 'host'
option 'name' 'pc2'
option 'ip' '192.168.100.56'
option 'dns' '1'
results in a /tmp/hosts/dhcp entry that looks like this:
192.168.100.56 .lan
Obviously it should say "pc2.lan".
This happens because $name is set to "" in order to support the MAC-less
syntax: "--dhcp-host=lap,192.168.0.199". Fix this by reordering the
operations. Also, refuse to add a DNS entry if the hostname or IP is
missing.
Fixes#17683
Reported-by: Kostas Papadopoulos <kpapad75@travelguide.gr>
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
SVN-Revision: 42319
LuCI creates "domain" UCI config sections, which the dnsmasq init file
then, currently, translates into "address" config lines. This is not
the correct usage of "address" (see r36943), and also causes rDNS
records to not be created. This patches dnsmasq.init to utilize the
additional hosts file introduced in r40799 for such domain names,
resolving both issues.
Signed-off-by: Tyler Fenby <tylerf@securecominc.com>
SVN-Revision: 42318
* Add Authoritative DNS and IPSET to full variant
* Remove some bloat from IPSET support
* Reintroduce "DHCP no address warning"-patch
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 41246
Ship keys for the root zone and add two uci options to enable
DNSSEC checks:
Option 'dnssec': Activate DNSSEC validation
Option 'dnsseccheckunsigned': Ensure answers without DNSSEC are in
unsigned zones.
Signed-off-by: Andre Heider <a.heider@gmail.com>
SVN-Revision: 41245
This variant includes support for DHCPv6 and DNSSEC.
DNSSEC adds a dependency on libnettle.
Signed-off-by: Andre Heider <a.heider@gmail.com>
SVN-Revision: 41244
As documented in config.h.
Doing otherwise will break dnsmasq's pkg-wrapper script to find its
libs to link to.
Signed-off-by: Andre Heider <a.heider@gmail.com>
SVN-Revision: 41241
DHCP entries in /etc/config/dhcp will not automatically create A or PTR
records. Add an "option dns" directive which appends an entry to
/tmp/hosts/dhcp to facilitate forward and reverse DNS lookups. For
instance, this item:
config host
option ip '192.168.0.10'
option mac '00:13:57:9b:df:02'
option name 'winpc'
option dns '1'
will add a corresponding entry to /tmp/hosts/dhcp:
192.168.0.10 winpc.lan
This keeps the hostname/IP/MAC in a single place, for easy maintenance.
Related: ticket #13854 reports an regression involving missing PTR
records when using "config domain" to define static DNS entries for
individual hosts. However, per Simon Kelley[1], the --address feature
used by "config domain" was never intended to generate DNS A records for
hosts. It would probably be better for the reporter to apply this patch,
and then use "config host" sections instead of "config domain" sections.
[1] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q4/002498.html
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 40799
- cache udhcp check results to speed up subsequent reloads
- enable procd file tracking for /var/etc/dnsmasq.conf to only reload service if needed
- implement reload action to only restart dnsmasq if /var/etc/dnsmasq.conf actually changed
- launch dnsmasq from interface hotplug to avoid race conditions with network bringup
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 39152
This commit changes the dnsmasq init script to use the interface
status exposed by netifd. The old references to scan_interfaces()
and (indirect) accesses to uci state variables are removed and
replaced with corresponding network_*() calls.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 39101
Changeset r36943 ("dnsmasq: use host-record instead of address") removed
the automatic domain expansion for config domain sections, this breaks
existing setups and alters the old behaviour in unexpected ways, therfore
restore behaviour of the current stable release.
Additionally handle fully qualified hostnames properly when setting up the
own hostrecord by stripping the local domain part form the given name
instead of unconditionally appending it, so that "example.lan" results
in "example example.lan" and not "example.lan example.lan.lan".
SVN-Revision: 38648
There are certain consumer devices which are outliers in protocol conformance.
An example is Samsung bluray players, which require broadcast DHCP responses
(on Ethernet only, strangely not on Wifi).
By specifying:
config host
...
option broadcast 1
this will enable the response to be sent as an Ethernet broadcast and not as
a unicast.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 38365
Changes include:
* removing unused variables
* replacing spaces with tabs where appropriate
* more consistency with variable declarations
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 38142
Using "--address" for individual host A records is broken, use "--host-record" instead.
The following patch changes dnsmasq.init to build individual host records using "--host-record" instead of "--address".
Signed-off-by: Adam Gensler <openwrt at gnslr.us>
[jow: shorter description, simplified shell script code]
SVN-Revision: 36943
This patch simply adds support for the "--proxy-dnssec" command in dnsmasq into the init file so it can be used with /etc/config/dhcp.
Signed-off-by: Adam Gensler <openwrt@kristenandadam.net>
SVN-Revision: 36570