[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Preliminary release 1.3b13-pre (-> DNS insecurity panic)
 Date:  Wed, 9 Jul 2008 23:32:03 +0200
Hello,

in light of the recent CERT advisory about more DNS cache poisoning  
vulnerabilities in all DNS server software (discovered by Dan  
Kaminsky), the author of Dnsmasq has released version 2.43rc3 of his  
DNS forwarder software, which is used in m0n0wall (even though at this  
point he believes that Dnsmasq isn't affected, as it doesn't do  
recursive name resolution). This version now includes the recommended  
query source port randomization.

He'd be grateful if this Dnsmasq version got as much testing as  
possible, as there's some time pressure to release a fixed final  
version. I have therefore (and also because of the "Register DHCP  
leases in DNS forwarder" mishap in 1.3b12) created a preliminary  
1.3b13 version for the slightly more adventurous among you to test.

http://m0n0.ch/wall/downloads-local/cdrom-1.3b13-pre.iso
http://m0n0.ch/wall/downloads-local/generic-pc-1.3b13-pre.img
http://m0n0.ch/wall/downloads-local/net45xx-1.3b13-pre.img
http://m0n0.ch/wall/downloads-local/net48xx-1.3b13-pre.img
http://m0n0.ch/wall/downloads-local/wrap-1.3b13-pre.img

Any problems with the DNS forwarder in this release -> please post to  
the mailing list. Thanks!

Changes since 1.3b12:

- updated Dnsmasq to 2.43rc3 (DNS query source port randomization)

- fixed "Register DHCP leases in DNS forwarder" feature

- fixed issue with PPTP VPN and traffic shaper (see http://forum.m0n0.ch/index.php/topic,1905.0/)

- support for IPv6 over PPPoE/PPPTP

Good night(/morning/afternoon/whatever),

Manuel