|
||||||||
On Wed, Jul 9, 2008 at 5:32 PM, Manuel Kasper <mk at neon1 dot net> wrote: > Hello, > > in light of the recent CERT advisory about more DNS cache poisoning > vulnerabilities in all DNS server software (discovered by Dan Kaminsky), the > author of Dnsmasq has released version 2.43rc3 of his DNS forwarder > software, which is used in m0n0wall (even though at this point he believes > that Dnsmasq isn't affected, as it doesn't do recursive name resolution). > This version now includes the recommended query source port randomization. > > He'd be grateful if this Dnsmasq version got as much testing as possible, as > there's some time pressure to release a fixed final version. I have > therefore (and also because of the "Register DHCP leases in DNS forwarder" > mishap in 1.3b12) created a preliminary 1.3b13 version for the slightly more > adventurous among you to test. > Haven't messed with the "Register DHCP leases", but the updated dnsmasq does appear to work properly in both m0n0wall and pfSense from my testing. This dnsmasq update is the result of a flurry of emails between Manuel, Scott Ullrich, the pfSense dev list, Simon Kelley (dnsmasq author), and me. Thanks much to Simon Kelley for getting an update out so quickly even though it's apparently not relevant, and to Manuel for getting an updated m0n0wall release out. Note everything at this point indicates this isn't relevant to dnsmasq, as Manuel mentioned. More from me on that here: http://blog.pfsense.org/?p=210 I don't feel this is a critical update at this point, but it's good to get it tested and ready for wider deployment. -Chris |