OpenWrt 19.07.6 service release

Philip Prindeville philipp_subx at redfish-solutions.com
Mon Jan 25 22:33:49 EST 2021 

Getting some numbers, on x86_64, for dnsmasq-dhcpv6 (for apples to apples comparison) I get:

-rw-r--r-- 1 philipp philipp  157156 Jan 25 20:20 dnsmasq-dhcpv6_2.82-10_x86_64.ipk

The Bind packages are:

-rw-r--r-- 1 philipp philipp 1140535 Jan 23 13:13 bind-libs_9.16.8-2_x86_64.ipk
-rw-r--r-- 1 philipp philipp  161266 Jan 23 13:13 bind-server_9.16.8-2_x86_64.ipk
-rw-r--r-- 1 philipp philipp   21592 Jan 23 13:13 bind-client_9.16.8-2_x86_64.ipk
-rw-r--r-- 1 philipp philipp   16813 Jan 23 13:13 bind-rndc_9.16.8-2_x86_64.ipk

And for ISC-dhcp:

-rw-r--r-- 1 philipp philipp 1108571 Jan 23 13:15 isc-dhcp-server-ipv6_4.4.1-13_x86_64.ipk


So... about 2.3MB bigger.  But you do get a full-fledged DNS server, which you can run two instances of, and provide split-horizon and authoritative external DNS service for your domain to the Internet as well.





> On Jan 22, 2021, at 3:51 PM, Paul Spooren <mail at aparcar.org> wrote:
> 
> What's the size difference here. I'd be curious to replace dnsmasq for the default setup, but only if it brings an advantage in size and security.
> 
> Just a personal interest.
> 
> Best,
> Paul
> -- 
> 
> 
> 
> Jan 22, 2021 11:44:50 AM Philip Prindeville <philipp_subx at redfish-solutions.com>:
> 
>> 
>> 
>>> On Jan 22, 2021, at 12:00 PM, Alberto Bursi 
> <bobafetthotmail at gmail.com> wrote:
>>> 
>>> 
>>> 
>>> On 22/01/21 19:53, Philip Prindeville wrote:
>>>> As an alternative to dnsmasq, master now has isc-dhcp (v4 only) and 
> Bind integration, so that's getting close to the essential functionality that dnsmasq provides.
>>>> I stopped using dnsmasq about 8 years ago because it has several 
> minor violations of the RFC's (which the Kelly's claim are convenient and therefore justified) but I believe create potential incompatibilities for specious reasons (yes, I'm a strict-interpretation-of-the-standards nazi).
>>> 
>>> How do I enable/use the "isc-dhcp (v4 only) and Bind integration" and 
> replace/disable dnsmasq?
>>> 
>>> -Alberto
>>> 
>> 
>> 
>> You'll need to remove the dnsmasq package and select 
> CONFIG_PACKAGE_isc-dhcp-server-ipv4 (or -ipv6 which actually supports both IPv4 and IPv6, but the UCI scripting for dynDNS for IPv6 as I said is missing).  That will bring in Bind and the related tools.
>> 
>> To the top of your /etc/config/dhcp you'll need to add:
>> 
>> config isc_dhcpd 'isc_dhcpd'
>>         option authoritative '1'
>>         option default_lease_time '3600'
>>         option max_lease_time '86400'
>>         option always_broadcast 0
>>         option boot_unknown_clients 1
>>         option log_facility 'daemon'
>>         option domain 'example.com'
>>         option dynamicdns 1
>> 
>> Which are the ISC specific global options.  The last line is the one 
> that enables dynamic DNS internally.
>> 
>> To the subnet sections like:
>> 
>> config dhcp 'lan'
>>         option interface 'lan'
>>         option leasetime '12h'
>>         option start '128'
>>         option limit '32'
>>         list dhcp_option 
> 'option:ntp-servers,192.168.1.40,192.168.1.252'
>> 
>> You can call out specific DHCP options (per dhcp-options(5)) with 
> something like the last line.
>> 
>> 
>> For statically configured hosts that you want DNS records for, use:
>> 
>> config domain
>>   option ip '192.168.1.2'
>>   option name 'myserver'
>> 
>> Other record types:
>> 
>> config cname
>>   option cname 'mail'
>>   option target 'www'
>> 
>> config cname
>>   option cname 'ftp'
>>   option target 'www'
>> 
>> config srvhost
>>         option srv '_sip._udp'
>>         option target 'pbx'
>>         option port '5060'
>>         option priority '0'
>>         option weight '10'
>> 
>> config mxhost
>>         option domain '@'
>>         option relay 'mail'
>>         option pref '10'
>> 
>> etc.
>> 
>> Hope that helps.  Send an email if you have more questions.
>> 
>> -Philip
>> 
>> 
>> 
>>>> If anyone is interested in having v6 support to DHCP+Bind 
> integration, I can look at doing that as well.
>>>> Thanks,
>>>> -Philip
>>>>> On Jan 19, 2021, at 3:56 PM, Hauke Mehrtens <hauke at hauke-m.de> 
> wrote:
>>>>> 
>>>>> Hi,
>>>>> 
>>>>> The OpenWrt community is proud to announce the sixth service release 
> of OpenWrt 19.07. It focuses on fixing several security issues.
>>>>> 
>>>>> Main changes from OpenWrt 19.07.5
>>>>> 
>>>>> Security fixes
>>>>> * Security Advisory 2021-01-19-1 - dnsmasq multiple vulnerabilities
>>>>> (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687,
>>>>>   CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686)
>>>>> * openssl: NULL pointer deref in GENERAL_NAME_cmp function can lead 
> to
>>>>> a DOS attack. (CVE-2020-1971)
>>>>> 
>>>>> Note: security fixes for most packages can also be applied by 
> upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface.
>>>>> 
>>>>> Nevertheless, we encourage all users to upgrade their devices to 
> OpenWrt 19.07.6 or later versions whenever possible.
>>>>> 
>>>>> Major bug fixes
>>>>> * Fix iOS 14 tethering problem
>>>>> 
>>>>> Device support
>>>>> * Enable LED VCC for Asus RT-AC51U
>>>>> 
>>>>> LuCI web interface
>>>>> * luci-mod-system: properly handle SSH pubkeys with options 
> (GH#4684)
>>>>> * luci-mod-network: properly handle wireless netdevs when creating
>>>>> interfaces
>>>>> * Update translations from weblate
>>>>> 
>>>>> Core components
>>>>> * Update Linux kernel from 4.14.209 to 4.14.215
>>>>> * Update mac80211 and wifi drivers from 4.19.137-1 to 4.19.161-1
>>>>> * Update wireless-regdb from 2019.06.03 to 2020.11.20
>>>>> * Update mbedtls from 2.16.8 to 2.16.9
>>>>> * Update openssl from 1.1.1h to 1.1.1i
>>>>> 
>>>>> Full release notes and upgrade instructions are available at
>>>>> https://openwrt.org/releases/19.07/notes-19.07.6
>>>>> 
>>>>> In particular, make sure to read the regressions and known issues 
> before upgrading:
>>>>> https://openwrt.org/releases/19.07/notes-19.07.6#regressions
>>>>> 
>>>>> For a very detailed list of all changes since 19.07.5, refer to
>>>>> https://openwrt.org/releases/19.07/changelog-19.07.6
>>>>> 
>>>>> - ---
>>>>> 
>>>>> To stay informed of new OpenWrt releases and security advisories, 
> there
>>>>> are new channels available:
>>>>> 
>>>>> * a low-volume mailing list for important announcements: 
> https://lists.openwrt.org/mailman/listinfo/openwrt-announce
>>>>> 
>>>>> * a dedicated "announcements" section in the forum: 
> https://forum.openwrt.org/c/announcements/14
>>>>> 
>>>>> * other announcement channels (such as RSS feeds) might be added in 
> the
>>>>>   future, they will be listed at https://openwrt.org/contact
>>>>> 
>>>>> - ---
>>>>> 
>>>>> For latest information about the 19.07 series, refer to the wiki at:
>>>>> https://openwrt.org/releases/19.07/
>>>>> 
>>>>> To download a OpenWrt 19.07.6 firmware image for your device, head 
> to the Table of Hardware:
>>>>> https://openwrt.org/toh/start
>>>>> 
>>>>> Or navigate directly in the list of firmware images:
>>>>> https://downloads.openwrt.org/releases/19.07.6/targets/
>>>>> 
>>>>> As always, a big thank you goes to all our active package 
> maintainers,
>>>>> testers, documenters, and supporters.
>>>>> 
>>>>> Have fun!
>>>>> 
>>>>> The OpenWrt Community
>> 
>> 
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list