in light of the recent CERT advisory about more DNS cache poisoning
vulnerabilities in all DNS server software (discovered by Dan
Kaminsky), the author of Dnsmasq has released version 2.43rc3 of his
DNS forwarder software, which is used in m0n0wall (even though at this
point he believes that Dnsmasq isn't affected, as it doesn't do
recursive name resolution). This version now includes the recommended
query source port randomization.
He'd be grateful if this Dnsmasq version got as much testing as
possible, as there's some time pressure to release a fixed final
version. I have therefore (and also because of the "Register DHCP
leases in DNS forwarder" mishap in 1.3b12) created a preliminary
1.3b13 version for the slightly more adventurous among you to test.
Any problems with the DNS forwarder in this release -> please post to
the mailing list. Thanks!
Changes since 1.3b12:
- updated Dnsmasq to 2.43rc3 (DNS query source port randomization)
- fixed "Register DHCP leases in DNS forwarder" feature
- fixed issue with PPTP VPN and traffic shaper (see http://forum.m0n0.ch/index.php/topic,1905.0/)
- support for IPv6 over PPPoE/PPPTP