OpenWrt 19.07.6 service release

Paul Spooren mail at aparcar.org
Fri Jan 22 17:51:52 EST 2021 

What's the size difference here. I'd be curious to replace dnsmasq for 
the default setup, but only if it brings an advantage in size and 
security.

Just a personal interest.

Best,
Paul
-- 



Jan 22, 2021 11:44:50 AM Philip Prindeville 
<philipp_subx at redfish-solutions.com>:

>
>
>> On Jan 22, 2021, at 12:00 PM, Alberto Bursi 
<bobafetthotmail at gmail.com> wrote:
>>
>>
>>
>> On 22/01/21 19:53, Philip Prindeville wrote:
>>> As an alternative to dnsmasq, master now has isc-dhcp (v4 only) and 
Bind integration, so that's getting close to the essential functionality 
that dnsmasq provides.
>>> I stopped using dnsmasq about 8 years ago because it has several 
minor violations of the RFC's (which the Kelly's claim are convenient and 
therefore justified) but I believe create potential incompatibilities for 
specious reasons (yes, I'm a strict-interpretation-of-the-standards 
nazi).
>>
>> How do I enable/use the "isc-dhcp (v4 only) and Bind integration" and 
replace/disable dnsmasq?
>>
>> -Alberto
>>
>
>
> You'll need to remove the dnsmasq package and select 
CONFIG_PACKAGE_isc-dhcp-server-ipv4 (or -ipv6 which actually supports 
both IPv4 and IPv6, but the UCI scripting for dynDNS for IPv6 as I said 
is missing).  That will bring in Bind and the related tools.
>
> To the top of your /etc/config/dhcp you'll need to add:
>
> config isc_dhcpd 'isc_dhcpd'
>         option authoritative '1'
>         option default_lease_time '3600'
>         option max_lease_time '86400'
>         option always_broadcast 0
>         option boot_unknown_clients 1
>         option log_facility 'daemon'
>         option domain 'example.com'
>         option dynamicdns 1
>
> Which are the ISC specific global options.  The last line is the one 
that enables dynamic DNS internally.
>
> To the subnet sections like:
>
> config dhcp 'lan'
>         option interface 'lan'
>         option leasetime '12h'
>         option start '128'
>         option limit '32'
>         list dhcp_option 
'option:ntp-servers,192.168.1.40,192.168.1.252'
>
> You can call out specific DHCP options (per dhcp-options(5)) with 
something like the last line.
>
>
> For statically configured hosts that you want DNS records for, use:
>
> config domain
>   option ip '192.168.1.2'
>   option name 'myserver'
>
> Other record types:
>
> config cname
>   option cname 'mail'
>   option target 'www'
>
> config cname
>   option cname 'ftp'
>   option target 'www'
>
> config srvhost
>         option srv '_sip._udp'
>         option target 'pbx'
>         option port '5060'
>         option priority '0'
>         option weight '10'
>
> config mxhost
>         option domain '@'
>         option relay 'mail'
>         option pref '10'
>
> etc.
>
> Hope that helps.  Send an email if you have more questions.
>
> -Philip
>
>
>
>>> If anyone is interested in having v6 support to DHCP+Bind 
integration, I can look at doing that as well.
>>> Thanks,
>>> -Philip
>>>> On Jan 19, 2021, at 3:56 PM, Hauke Mehrtens <hauke at hauke-m.de> 
wrote:
>>>>
>>>> Hi,
>>>>
>>>> The OpenWrt community is proud to announce the sixth service release 
of OpenWrt 19.07. It focuses on fixing several security issues.
>>>>
>>>> Main changes from OpenWrt 19.07.5
>>>>
>>>> Security fixes
>>>> * Security Advisory 2021-01-19-1 - dnsmasq multiple vulnerabilities
>>>> (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687,
>>>>   CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686)
>>>> * openssl: NULL pointer deref in GENERAL_NAME_cmp function can lead 
to
>>>> a DOS attack. (CVE-2020-1971)
>>>>
>>>> Note: security fixes for most packages can also be applied by 
upgrading only the affected packages on running devices, without the need 
for a full firmware upgrade. This can be done with opkg update; opkg 
upgrade the_package_name or through the LuCI web interface.
>>>>
>>>> Nevertheless, we encourage all users to upgrade their devices to 
OpenWrt 19.07.6 or later versions whenever possible.
>>>>
>>>> Major bug fixes
>>>> * Fix iOS 14 tethering problem
>>>>
>>>> Device support
>>>> * Enable LED VCC for Asus RT-AC51U
>>>>
>>>> LuCI web interface
>>>> * luci-mod-system: properly handle SSH pubkeys with options 
(GH#4684)
>>>> * luci-mod-network: properly handle wireless netdevs when creating
>>>> interfaces
>>>> * Update translations from weblate
>>>>
>>>> Core components
>>>> * Update Linux kernel from 4.14.209 to 4.14.215
>>>> * Update mac80211 and wifi drivers from 4.19.137-1 to 4.19.161-1
>>>> * Update wireless-regdb from 2019.06.03 to 2020.11.20
>>>> * Update mbedtls from 2.16.8 to 2.16.9
>>>> * Update openssl from 1.1.1h to 1.1.1i
>>>>
>>>> Full release notes and upgrade instructions are available at
>>>> https://openwrt.org/releases/19.07/notes-19.07.6
>>>>
>>>> In particular, make sure to read the regressions and known issues 
before upgrading:
>>>> https://openwrt.org/releases/19.07/notes-19.07.6#regressions
>>>>
>>>> For a very detailed list of all changes since 19.07.5, refer to
>>>> https://openwrt.org/releases/19.07/changelog-19.07.6
>>>>
>>>> - ---
>>>>
>>>> To stay informed of new OpenWrt releases and security advisories, 
there
>>>> are new channels available:
>>>>
>>>> * a low-volume mailing list for important announcements: 
https://lists.openwrt.org/mailman/listinfo/openwrt-announce
>>>>
>>>> * a dedicated "announcements" section in the forum: 
https://forum.openwrt.org/c/announcements/14
>>>>
>>>> * other announcement channels (such as RSS feeds) might be added in 
the
>>>>   future, they will be listed at https://openwrt.org/contact
>>>>
>>>> - ---
>>>>
>>>> For latest information about the 19.07 series, refer to the wiki at:
>>>> https://openwrt.org/releases/19.07/
>>>>
>>>> To download a OpenWrt 19.07.6 firmware image for your device, head 
to the Table of Hardware:
>>>> https://openwrt.org/toh/start
>>>>
>>>> Or navigate directly in the list of firmware images:
>>>> https://downloads.openwrt.org/releases/19.07.6/targets/
>>>>
>>>> As always, a big thank you goes to all our active package 
maintainers,
>>>> testers, documenters, and supporters.
>>>>
>>>> Have fun!
>>>>
>>>> The OpenWrt Community
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list