New
- Automate IP blocking mode #965
Until now, FTL's FullIP
andIP
(IPv6NODATA
) blocking modes sourced the IP to deliver on a blocked domain from thesetupVars.conf
valuesIPV4_ADDRESS
andIPV6_ADDRESS
. This is, however, quite a limitation, especially if the device running Pi-hole has more than one interface.
This PR implements an automated IP blocking. Instead of reading the two addresses fromsetupVars.conf
, we now determine the address of the interface a query arrived on. We then use this IP address in the blocked reply. This does not only reduce maintenance (IPV4_ADDRESS
andIPV6_ADDRESS
can now be removed fromsetupVars.conf
) but also localizes blocked queries. - Simplify handling of
.lua
and.db
files #1086pihole-FTL something.lua
automaticlaly launches the embedded LUA enginepihole-FTL something.db
behaves the same way assqlite3 something.db
- Similar things like
pihole-FTL something.db "SELECT * FROM abc;"
are possible as well
- Update embedded
dnsmasq
to v2.85 #1071
CHANGELOG:- Fix problem with DNS retries in 2.83/2.84.
The new logic in 2.83/2.84 which merges distinct requests for the same domain causes problems with clients which do retries as distinct requests (differing IDs and/or source ports.) The retries just get piggy-backed on the first, failed, request.
The logic is now changed so that distinct requests for repeated queries still get merged into a single ID/source port, but they now always trigger a re-try upstream. - Avoid treating a
dhcp-host
which has an IPv6 address as eligible for use with DHCPv4 on the grounds that it has no address, and vice-versa. - Add
dynamic-host
option
A
andAAAA
records which take their network part from the network of a local interface. Useful for routers with dynamically prefixes. - Teach
bogus-nxdomain
andignore-address
to take an IPv4 subnet. - Use random source ports where possible if source addresses/interfaces in use. CVE-2021-3448 applies.
It's possible to specify the source address or interface to be used when contacting upstream name servers:server=8.8.8.8@1.2.3.4
orserver=8.8.8.8@1.2.3.4#66
orserver=8.8.8.8@eth0
, and all of these have, until now, used a single socket, bound to a fixed port. This was originally done to allow an error (non-existent interface, or non-local address) to be detected at start-up. This means that any upstream servers specified in such a way don't use random source ports, and are more susceptible to cache-poisoning attacks.
We now use random ports where possible, even when the source is specified, soserver=8.8.8.8@1.2.3.4
orserver=8.8.8.8@eth0
will use random source ports.server=8.8.8.8@1.2.3.4#66
or any use ofquery-port
will use the explicitly configured port, and should only be done with understanding of the security implications. Note that this change changes non-existing interface, or non-local source address errors from fatal to run-time. The error will be logged and communication with the server not possible. - Change the method of allocation of random source ports for DNS. Previously, without min-port or max-port configured, dnsmasq would default to the compiled in defaults for those, which are 1024 and 65535. Now, when neither are configured, it defaults instead to the kernel's ephemeral port range, which is typically 32768 to 60999 on Linux systems. This change eliminates the possibility that
dnsmasq
may be using a registered port > 1024 when a long-running daemon starts up and wishes to claim it. This change does likely slightly reduce the number of random ports and therefore the protection from reply spoofing. The older behaviour can be restored using the min-port and max-port config switches should that be a concern. - Scale the size of the DNS random-port pool based on the value of the
dns-forward-max
configuration. - TFTP tweak: Check sender of all received packets, as specified in RFC 1350 para 4.
- Fix problem with DNS retries in 2.83/2.84.
Tweaks
- Add more regex warnings to message table #1092
- Circle CI: skip uploading build artifacts on forks #1093 (thanks @bershanskiy)
- Update SQLite to 3.35.4 #1083 #1089 #1097
- Various enhancements and a few memory-leak fixes #1084
- Resize shared memory only when locking #1072
This is not really a functional change, however, it makes the code more read- and understandable in some places. - Escape DHCP options if necessary #1070
Fixes
- Use
MAXLOGAGE
to control which queries get deleted by GC #1102 - Fix possible infinite loop when Pi-hole ecosystem is not present #1098
- Ensure FTL can be compiled from static tarballs #1091
- Use properly-sized buffer for format_time() #1088 (thanks @bershanskiy)
- Fix
pihole-FTL test
not terminating properly (noticed in adocker
environment) #1067 - Fix incorrect "FATAL: Trying to access upstream ID -1" warning in the logs #1061