OpenWrt 19.07.6 service release

Philip Prindeville philipp_subx at redfish-solutions.com
Fri Jan 22 16:43:52 EST 2021



> On Jan 22, 2021, at 12:00 PM, Alberto Bursi <bobafetthotmail at gmail.com> wrote:
> 
> 
> 
> On 22/01/21 19:53, Philip Prindeville wrote:
>> As an alternative to dnsmasq, master now has isc-dhcp (v4 only) and Bind integration, so that's getting close to the essential functionality that dnsmasq provides.
>> I stopped using dnsmasq about 8 years ago because it has several minor violations of the RFC's (which the Kelly's claim are convenient and therefore justified) but I believe create potential incompatibilities for specious reasons (yes, I'm a strict-interpretation-of-the-standards nazi).
> 
> How do I enable/use the "isc-dhcp (v4 only) and Bind integration" and replace/disable dnsmasq?
> 
> -Alberto
> 


You'll need to remove the dnsmasq package and select CONFIG_PACKAGE_isc-dhcp-server-ipv4 (or -ipv6 which actually supports both IPv4 and IPv6, but the UCI scripting for dynDNS for IPv6 as I said is missing).  That will bring in Bind and the related tools.

To the top of your /etc/config/dhcp you'll need to add:

config isc_dhcpd 'isc_dhcpd'
        option authoritative '1'
        option default_lease_time '3600'
        option max_lease_time '86400'
        option always_broadcast 0
        option boot_unknown_clients 1
        option log_facility 'daemon'
        option domain 'example.com'
        option dynamicdns 1

Which are the ISC specific global options.  The last line is the one that enables dynamic DNS internally.

To the subnet sections like:

config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option start '128'
        option limit '32'
        list dhcp_option 'option:ntp-servers,192.168.1.40,192.168.1.252'

You can call out specific DHCP options (per dhcp-options(5)) with something like the last line.


For statically configured hosts that you want DNS records for, use:

config domain
	option ip '192.168.1.2'
	option name 'myserver'

Other record types:

config cname
	option cname 'mail'
	option target 'www'

config cname
	option cname 'ftp'
	option target 'www'

config srvhost
        option srv '_sip._udp'
        option target 'pbx'
        option port '5060'
        option priority '0'
        option weight '10'

config mxhost
        option domain '@'
        option relay 'mail'
        option pref '10'

etc.

Hope that helps.  Send an email if you have more questions.

-Philip



>> If anyone is interested in having v6 support to DHCP+Bind integration, I can look at doing that as well.
>> Thanks,
>> -Philip
>>> On Jan 19, 2021, at 3:56 PM, Hauke Mehrtens <hauke at hauke-m.de> wrote:
>>> 
>>> Hi,
>>> 
>>> The OpenWrt community is proud to announce the sixth service release of OpenWrt 19.07. It focuses on fixing several security issues.
>>> 
>>> Main changes from OpenWrt 19.07.5
>>> 
>>> Security fixes
>>> * Security Advisory 2021-01-19-1 - dnsmasq multiple vulnerabilities
>>>  (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687,
>>>   CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686)
>>> * openssl: NULL pointer deref in GENERAL_NAME_cmp function can lead to
>>>  a DOS attack. (CVE-2020-1971)
>>> 
>>> Note: security fixes for most packages can also be applied by upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface.
>>> 
>>> Nevertheless, we encourage all users to upgrade their devices to OpenWrt 19.07.6 or later versions whenever possible.
>>> 
>>> Major bug fixes
>>> * Fix iOS 14 tethering problem
>>> 
>>> Device support
>>> * Enable LED VCC for Asus RT-AC51U
>>> 
>>> LuCI web interface
>>> * luci-mod-system: properly handle SSH pubkeys with options (GH#4684)
>>> * luci-mod-network: properly handle wireless netdevs when creating
>>>  interfaces
>>> * Update translations from weblate
>>> 
>>> Core components
>>> * Update Linux kernel from 4.14.209 to 4.14.215
>>> * Update mac80211 and wifi drivers from 4.19.137-1 to 4.19.161-1
>>> * Update wireless-regdb from 2019.06.03 to 2020.11.20
>>> * Update mbedtls from 2.16.8 to 2.16.9
>>> * Update openssl from 1.1.1h to 1.1.1i
>>> 
>>> Full release notes and upgrade instructions are available at
>>> https://openwrt.org/releases/19.07/notes-19.07.6
>>> 
>>> In particular, make sure to read the regressions and known issues before upgrading:
>>> https://openwrt.org/releases/19.07/notes-19.07.6#regressions
>>> 
>>> For a very detailed list of all changes since 19.07.5, refer to
>>> https://openwrt.org/releases/19.07/changelog-19.07.6
>>> 
>>> - ---
>>> 
>>> To stay informed of new OpenWrt releases and security advisories, there
>>> are new channels available:
>>> 
>>> * a low-volume mailing list for important announcements: https://lists.openwrt.org/mailman/listinfo/openwrt-announce
>>> 
>>> * a dedicated "announcements" section in the forum: https://forum.openwrt.org/c/announcements/14
>>> 
>>> * other announcement channels (such as RSS feeds) might be added in the
>>>   future, they will be listed at https://openwrt.org/contact
>>> 
>>> - ---
>>> 
>>> For latest information about the 19.07 series, refer to the wiki at:
>>> https://openwrt.org/releases/19.07/
>>> 
>>> To download a OpenWrt 19.07.6 firmware image for your device, head to the Table of Hardware:
>>> https://openwrt.org/toh/start
>>> 
>>> Or navigate directly in the list of firmware images:
>>> https://downloads.openwrt.org/releases/19.07.6/targets/
>>> 
>>> As always, a big thank you goes to all our active package maintainers,
>>> testers, documenters, and supporters.
>>> 
>>> Have fun!
>>> 
>>> The OpenWrt Community




More information about the openwrt-devel mailing list