What's the size difference here. I'd be curious to replace dnsmasq for
the default setup, but only if it brings an advantage in size and
security.
Just a personal interest.
Best,
Paul
--
Jan 22, 2021 11:44:50 AM Philip Prindeville
<philipp_s...@redfish-solutions.com>:
On Jan 22, 2021, at 12:00 PM, Alberto Bursi
<bobafetthotm...@gmail.com> wrote:
On 22/01/21 19:53, Philip Prindeville wrote:
As an alternative to dnsmasq, master now has isc-dhcp (v4 only) and
Bind integration, so that's getting close to the essential functionality
that dnsmasq provides.
I stopped using dnsmasq about 8 years ago because it has several
minor violations of the RFC's (which the Kelly's claim are convenient and
therefore justified) but I believe create potential incompatibilities for
specious reasons (yes, I'm a strict-interpretation-of-the-standards
nazi).
How do I enable/use the "isc-dhcp (v4 only) and Bind integration" and
replace/disable dnsmasq?
-Alberto
You'll need to remove the dnsmasq package and select
CONFIG_PACKAGE_isc-dhcp-server-ipv4 (or -ipv6 which actually supports
both IPv4 and IPv6, but the UCI scripting for dynDNS for IPv6 as I said
is missing). That will bring in Bind and the related tools.
To the top of your /etc/config/dhcp you'll need to add:
config isc_dhcpd 'isc_dhcpd'
option authoritative '1'
option default_lease_time '3600'
option max_lease_time '86400'
option always_broadcast 0
option boot_unknown_clients 1
option log_facility 'daemon'
option domain 'example.com'
option dynamicdns 1
Which are the ISC specific global options. The last line is the one
that enables dynamic DNS internally.
To the subnet sections like:
config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option start '128'
option limit '32'
list dhcp_option
'option:ntp-servers,192.168.1.40,192.168.1.252'
You can call out specific DHCP options (per dhcp-options(5)) with
something like the last line.
For statically configured hosts that you want DNS records for, use:
config domain
option ip '192.168.1.2'
option name 'myserver'
Other record types:
config cname
option cname 'mail'
option target 'www'
config cname
option cname 'ftp'
option target 'www'
config srvhost
option srv '_sip._udp'
option target 'pbx'
option port '5060'
option priority '0'
option weight '10'
config mxhost
option domain '@'
option relay 'mail'
option pref '10'
etc.
Hope that helps. Send an email if you have more questions.
-Philip
If anyone is interested in having v6 support to DHCP+Bind
integration, I can look at doing that as well.
Thanks,
-Philip
On Jan 19, 2021, at 3:56 PM, Hauke Mehrtens <ha...@hauke-m.de>
wrote:
Hi,
The OpenWrt community is proud to announce the sixth service release
of OpenWrt 19.07. It focuses on fixing several security issues.
Main changes from OpenWrt 19.07.5
Security fixes
* Security Advisory 2021-01-19-1 - dnsmasq multiple vulnerabilities
(CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687,
CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686)
* openssl: NULL pointer deref in GENERAL_NAME_cmp function can lead
to
a DOS attack. (CVE-2020-1971)
Note: security fixes for most packages can also be applied by
upgrading only the affected packages on running devices, without the need
for a full firmware upgrade. This can be done with opkg update; opkg
upgrade the_package_name or through the LuCI web interface.
Nevertheless, we encourage all users to upgrade their devices to
OpenWrt 19.07.6 or later versions whenever possible.
Major bug fixes
* Fix iOS 14 tethering problem
Device support
* Enable LED VCC for Asus RT-AC51U
LuCI web interface
* luci-mod-system: properly handle SSH pubkeys with options
(GH#4684)
* luci-mod-network: properly handle wireless netdevs when creating
interfaces
* Update translations from weblate
Core components
* Update Linux kernel from 4.14.209 to 4.14.215
* Update mac80211 and wifi drivers from 4.19.137-1 to 4.19.161-1
* Update wireless-regdb from 2019.06.03 to 2020.11.20
* Update mbedtls from 2.16.8 to 2.16.9
* Update openssl from 1.1.1h to 1.1.1i
Full release notes and upgrade instructions are available at
https://openwrt.org/releases/19.07/notes-19.07.6
In particular, make sure to read the regressions and known issues
before upgrading:
https://openwrt.org/releases/19.07/notes-19.07.6#regressions
For a very detailed list of all changes since 19.07.5, refer to
https://openwrt.org/releases/19.07/changelog-19.07.6
- ---
To stay informed of new OpenWrt releases and security advisories,
there
are new channels available:
* a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listinfo/openwrt-announce
* a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14
* other announcement channels (such as RSS feeds) might be added in
the
future, they will be listed at https://openwrt.org/contact
- ---
For latest information about the 19.07 series, refer to the wiki at:
https://openwrt.org/releases/19.07/
To download a OpenWrt 19.07.6 firmware image for your device, head
to the Table of Hardware:
https://openwrt.org/toh/start
Or navigate directly in the list of firmware images:
https://downloads.openwrt.org/releases/19.07.6/targets/
As always, a big thank you goes to all our active package
maintainers,
testers, documenters, and supporters.
Have fun!
The OpenWrt Community
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
