-
-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade embedded dnsmasq to v2.80 #401
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
…e.c any more) Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Ready to be merged into |
3 tasks
Signed-off-by: DL6ER <dl6er@dl6er.de>
…ked (to avoid double counting) Signed-off-by: DL6ER <dl6er@dl6er.de>
…nfig file blocking rules (may it be NXDOMAIN or NULL based) Signed-off-by: DL6ER <dl6er@dl6er.de>
Properly account for user-defined wildcards
Merge bugfix #411 also into dnsmasq/v2.80
…LL address. Signed-off-by: DL6ER <dl6er@dl6er.de>
… having displayed regex.list even though the blocking was done due to a gravity.list entry. Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Fix record_source() sometimes incorrectly returning regex.list
…efault path is not available. Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
…ode will be reused a few times Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
…imes. Signed-off-by: DL6ER <dl6er@dl6er.de>
…y are not used anywhere anymore. Signed-off-by: DL6ER <dl6er@dl6er.de>
…or a local pihole-FTL.conf if none was found in the default locations Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
…his required a certain rearrangement of how we handle domains and clients internally. Signed-off-by: DL6ER <dl6er@dl6er.de>
…n. Lowering the privacy level is possible, but you need to restart pihole-FTL to enable it. Signed-off-by: DL6ER <dl6er@dl6er.de>
…t when using the web interface. Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: DL6ER <dl6er@dl6er.de>
Fix/privacy levels regex filtering
…ully matched and assigned. Signed-off-by: DL6ER <dl6er@dl6er.de>
Adjustable file locations
Signed-off-by: DL6ER <dl6er@dl6er.de>
AzureMarker
approved these changes
Nov 21, 2018
This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm the following (please check boxes, eg [X]) Failure to fill the template will close your PR:
Please submit all pull requests against the
development
branch. Failure to do so will delay or deny your requestHow familiar are you with the codebase?:
10
Official changelog:
dnssec-check-unsigned
. Versions of dnsmasq prior to 2.80 defaulted to not checking unsigned replies, and used--dnssec-check-unsigned
to switch this on. Such configurations will continue to work as before, but those which used the default of no checking will need to be altered to explicitly select no checking. The new default is because switching off checking for unsigned replies is inherently dangerous. Not only does it open the possiblity of forged replies, but it allows everything to appear to be working even when the upstream namesevers do not support DNSSEC, and in this case no DNSSEC validation at all is occuring.--no-ping
AND--dhcp-sequential-ip
are set. Thanks to Daniel Miess for help with this.--dumpfile
- option, and a bitmap controlling which packets should be dumped is given by the--dumpmask
option.dhcp-range
s on the same interface better. We don't now construct adhcp-range
if there's - already one specified. This allows the specified interface to have different parameters and avoids advertising the same prefix twice. Thanks - to Luis Marsano for spotting this case.auth-peer
is specified, even ifauth-sec-servers
is not. Thanks to Raphael Halimi for the suggestion.server
,local
,address
,rebind-domain-ok
,ipset
,alias
). Thanks to Eugene Lozovoy for - spotting the problem.--synth-domain
which has no prefix. Introduced in 2.79. Thanks to Andreas Engel for the bug report.systemd-resolvd
. Thanks to Steve Dodd for characterising the problem.--dhcp-name-match config
option.--caa-record config
option.--address=/example.com/#
as (more efficient) syntactic sugar for--address=/example.com/0.0.0.0
and--address=/example.com/::
- Returning null addresses is a useful technique for ad-blocking. Thanks to Peter Russell for the suggestion.SERVFAIL
, we now always - forward, and never answer from the cache. This allows "dig +trace" command to work. (fixes Can't dig +trace #383)wpad
". This is a fix for the CERT Vulnerability VU#598349.Note: This PR is Work-In-Progress and only meant for testing. As it implements a still rather fresh release of
dnsmasq
, it should not be merged todevelopment
until Pi-hole v4.1 has been released. Consider this branch as experimental as there is a certain likeliness that more internals ofpihole-FTL
may need to be adapted due to changes deeper inside thednsmasq
code.The PR statistics are
+1,460 -283
when ignoring whitespace changes.This template was created based on the work of
udemy-dl
.