-
-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update embedded dnsmasq to v2.90 (Pi-hole v5) #1881
Commits on Feb 8, 2024
-
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for b650631 - Browse repository at this point
Copy the full SHA b650631View commit details -
Necessary changed to handle the most recent dnsmasq changes in FTL
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for d38a0a6 - Browse repository at this point
Copy the full SHA d38a0a6View commit details -
Behave better when attempting to contact unresponsive TCP servers.
By default TCP connect takes minutes to fail when trying to connect a server which is not responding and for which the network layer doesn't generate HOSTUNREACH errors. This is doubled because having failed to connect in FASTOPEN mode, the code then tries again with a call to connect(). We set TCP_SYNCNT to 2, which make the timeout about 10 seconds. This in an unportable Linux feature, so it doesn't work on other platforms. No longer try connect() if sendmsg in fastopen mode fails with ETIMEDOUT or EHOSTUNREACH since the story will just be the same. Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 6b48e6d - Browse repository at this point
Copy the full SHA 6b48e6dView commit details -
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 6cc10f7 - Browse repository at this point
Copy the full SHA 6cc10f7View commit details -
Update changed indentation of known DNSMASQ warning
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 0a90f07 - Browse repository at this point
Copy the full SHA 0a90f07View commit details
Commits on Feb 9, 2024
-
Force-update embedded dnsmasq version. We are loosing the individual …
…dnsmasq history of the ~ last year, however, given the multitude of merge conflicts and the fact that this code will soon(ish) be replaced by development-v6 (where the history is 100% intact), this isn't much of an issue Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 45c342a - Browse repository at this point
Copy the full SHA 45c342aView commit details
Commits on Feb 13, 2024
-
Tweak logging and special handling of T_ANY in rr-filter code.
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for cc98853 - Browse repository at this point
Copy the full SHA cc98853View commit details -
Make --filter-rr=ANY filter the answer to ANY queries.
Thanks to Dominik Derigs for an earlier patch which inspired this. Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 9091f18 - Browse repository at this point
Copy the full SHA 9091f18View commit details -
Update embedded dnsmasq version to 2.90test4
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 91b924d - Browse repository at this point
Copy the full SHA 91b924dView commit details -
Protection against pathalogical DNSSEC domains.
An attacker can create DNSSEC signed domains which need a lot of work to verfify. We limit the number of crypto operations to avoid DoS attacks by CPU exhaustion. Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 108ab67 - Browse repository at this point
Copy the full SHA 108ab67View commit details -
Update header with new EDE values.
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for bf17dd3 - Browse repository at this point
Copy the full SHA bf17dd3View commit details -
Update NSEC3 iterations handling to conform with RFC 9276.
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 70b0431 - Browse repository at this point
Copy the full SHA 70b0431View commit details -
Measure cryptographic work done by DNSSEC.
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for dd11688 - Browse repository at this point
Copy the full SHA dd11688View commit details -
Fix error introduced in 635bc51cac3d5d7dd49ce9e27149cf7e402b7e79
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 2e0d8ff - Browse repository at this point
Copy the full SHA 2e0d8ffView commit details -
Parameterise work limits for DNSSEC validation.
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for a133029 - Browse repository at this point
Copy the full SHA a133029View commit details -
Update EDE code -> text conversion.
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 8b9c5d3 - Browse repository at this point
Copy the full SHA 8b9c5d3View commit details -
Rework validate-by-DS to avoid DoS vuln without arbitrary limits.
By calculating the hash of a DNSKEY once for each digest algo, we reduce the hashing work from (no. DS) x (no. DNSKEY) to (no. DNSKEY) x (no. distinct digests) The number of distinct digests can never be more than 255 and it's limited by which hashes we implement, so currently only 4. Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 0ce9541 - Browse repository at this point
Copy the full SHA 0ce9541View commit details -
Overhaul data checking in NSEC code.
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for c32b467 - Browse repository at this point
Copy the full SHA c32b467View commit details -
Better stats and logging from DNSSEC resource limiting.
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for a389bcc - Browse repository at this point
Copy the full SHA a389bccView commit details -
Better allocation code for DS digest cache.
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for c3bc0f9 - Browse repository at this point
Copy the full SHA c3bc0f9View commit details -
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for fbc5713 - Browse repository at this point
Copy the full SHA fbc5713View commit details -
Reverse suppression of ANY query answer logging.
Signed-off-by: DL6ER <dl6er@dl6er.de>
Configuration menu - View commit details
-
Copy full SHA for 65402b1 - Browse repository at this point
Copy the full SHA 65402b1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3e32d96 - Browse repository at this point
Copy the full SHA 3e32d96View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3bb1fcf - Browse repository at this point
Copy the full SHA 3bb1fcfView commit details