[ previous ] [ next ] [ threads ]
 
 From:  "David Kitchens" <spider at webweaver dot com>
 To:  "'Manuel Kasper'" <mk at neon1 dot net>, "'m0n0wall'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Preliminary release 1.3b13-pre (-> DNS insecurity panic)
 Date:  Fri, 11 Jul 2008 12:36:09 -0400 
Just to let you know, this upgrade went perfectly on generic-pc, thanks
again Manual for providing such a great firewall and resolving issuses so
quickly. Dnsmasq patch fixed my last upgrade problem, I use the dns
forwarder a lot, turning it off for b12 would have cut my access to my dmz
servers which would not have been good.

Dave 

-----Original Message-----
From: Manuel Kasper [mailto:mk at neon1 dot net] 
Sent: Wednesday, July 09, 2008 5:32 PM
To: m0n0wall
Subject: [m0n0wall] Preliminary release 1.3b13-pre (-> DNS insecurity panic)

Hello,

in light of the recent CERT advisory about more DNS cache poisoning
vulnerabilities in all DNS server software (discovered by Dan Kaminsky), the
author of Dnsmasq has released version 2.43rc3 of his DNS forwarder
software, which is used in m0n0wall (even though at this point he believes
that Dnsmasq isn't affected, as it doesn't do recursive name resolution).
This version now includes the recommended query source port randomization.

He'd be grateful if this Dnsmasq version got as much testing as possible, as
there's some time pressure to release a fixed final version. I have
therefore (and also because of the "Register DHCP leases in DNS forwarder"
mishap in 1.3b12) created a preliminary
1.3b13 version for the slightly more adventurous among you to test.

http://m0n0.ch/wall/downloads-local/cdrom-1.3b13-pre.iso
http://m0n0.ch/wall/downloads-local/generic-pc-1.3b13-pre.img
http://m0n0.ch/wall/downloads-local/net45xx-1.3b13-pre.img
http://m0n0.ch/wall/downloads-local/net48xx-1.3b13-pre.img
http://m0n0.ch/wall/downloads-local/wrap-1.3b13-pre.img

Any problems with the DNS forwarder in this release -> please post to the
mailing list. Thanks!

Changes since 1.3b12:

- updated Dnsmasq to 2.43rc3 (DNS query source port randomization)

- fixed "Register DHCP leases in DNS forwarder" feature

- fixed issue with PPTP VPN and traffic shaper (see
http://forum.m0n0.ch/index.php/topic,1905.0/)

- support for IPv6 over PPPoE/PPPTP

Good night(/morning/afternoon/whatever),

Manuel

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch