Merge pull request #1875 from pi-hole/update/dnsmasq

Update embedded dnsmasq to v2.90
pi-hole · Feb 13, 2024 · 6681804 · 6681804
2 parents 9e3ccd9 + a326d80
commit 6681804
Show file tree

Hide file tree

Showing 58 changed files with 1,967 additions and 1,269 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -12,6 +12,6 @@ cmake_minimum_required(VERSION 2.8.12)
 
 project(PIHOLE_FTL C)
 
-set(DNSMASQ_VERSION pi-hole-v2.89-e1de9c2)
+set(DNSMASQ_VERSION pi-hole-v2.90)
 
 add_subdirectory(src)
diff --git a/src/api/docs/content/specs/info.yaml b/src/api/docs/content/specs/info.yaml
@@ -752,6 +752,115 @@ components:
               type: boolean
               description: Whether or not FTL is allowed to perform destructive actions
               example: true
+            dnsmasq:
+              type: object
+              description: Metrics from the embedded dnsmasq resolver
+              properties:
+                dns_cache_inserted:
+                  type: integer
+                  description: Number of inserted entries in DNS cache
+                  example: 8
+                dns_cache_live_freed:
+                  type: integer
+                  description: Number of freed live entries in DNS cache
+                  example: 0
+                dns_queries_forwarded:
+                  type: integer
+                  description: Number of forwarded DNS queries
+                  example: 2
+                dns_auth_answered:
+                  type: integer
+                  description: Number of DNS queries for authoritative zones
+                  example: 0
+                dns_local_answered:
+                  type: integer
+                  description: Number of DNS queries answered from local cache
+                  example: 74
+                dns_stale_answered:
+                  type: integer
+                  description: Number of DNS queries answered from local cache (stale entries)
+                  example: 0
+                dns_unanswered:
+                  type: integer
+                  description: Number of unanswered DNS queries
+                  example: 0
+                bootp:
+                  type: integer
+                  description: Number of BOOTP requests
+                  example: 0
+                pxe:
+                  type: integer
+                  description: Number of PXE requests
+                  example: 0
+                dhcp_ack:
+                  type: integer
+                  description: Number of DHCP ACK
+                  example: 0
+                dhcp_decline:
+                  type: integer
+                  description: Number of DHCP DECLINE
+                  example: 0
+                dhcp_discover:
+                  type: integer
+                  description: Number of DHCP DISCOVER
+                  example: 0
+                dhcp_inform:
+                  type: integer
+                  description: Number of DHCP INFORM
+                  example: 0
+                dhcp_nak:
+                  type: integer
+                  description: Number of DHCP NAK
+                  example: 0
+                dhcp_offer:
+                  type: integer
+                  description: Number of DHCP OFFER
+                  example: 0
+                dhcp_release:
+                  type: integer
+                  description: Number of DHCP RELEASE
+                  example: 0
+                dhcp_request:
+                  type: integer
+                  description: Number of DHCP REQUEST
+                  example: 0
+                noanswer:
+                  type: integer
+                  description: Number of DHCP requests without answer (rapid commit)
+                  example: 0
+                leases_allocated_4:
+                  type: integer
+                  description: Number of allocated IPv4 leases
+                  example: 0
+                leases_pruned_4:
+                  type: integer
+                  description: Number of pruned IPv4 leases
+                  example: 0
+                leases_allocated_6:
+                  type: integer
+                  description: Number of allocated IPv6 leases
+                  example: 0
+                leases_pruned_6:
+                  type: integer
+                  description: Number of pruned IPv6 leases
+                  example: 0
+                tcp_connections:
+                  type: integer
+                  description: Number of dedicated TCP workers
+                  example: 0
+                dnssec_max_crypto_use:
+                  type: integer
+                  description: DNSSEC per-query crypto work HWM
+                  example: 0
+                dnssec_max_sig_fail:
+                  type: integer
+                  description: DNSSEC per-RRSet signature fails HWM
+                  example: 0
+                dnssec_max_work:
+                  type: integer
+                  description: DNSSEC per-query subqueries HWM
+                  example: 0
+
     database:
       type: object
       properties:

diff --git a/src/api/info.c b/src/api/info.c
@@ -590,6 +590,11 @@ static int get_ftl_obj(struct ftl_conn *api, cJSON *ftl)
 
 	JSON_ADD_BOOL_TO_OBJECT(ftl, "allow_destructive", config.webserver.api.allow_destructive.v.b);
 
+	// dnsmasq struct
+	cJSON *dnsmasq = JSON_NEW_OBJECT();
+	get_dnsmasq_metrics_obj(dnsmasq);
+	JSON_ADD_ITEM_TO_OBJECT(ftl, "dnsmasq", dnsmasq);
+
 	// All okay
 	return 0;
 }

diff --git a/src/config/dnsmasq_config.c b/src/config/dnsmasq_config.c
@@ -658,6 +658,15 @@ bool __attribute__((const)) write_dnsmasq_config(struct config *conf, bool test_
 		}
 	}
 
+	// Add ANY filtering
+	fputs("# RFC 8482: Providing Minimal-Sized Responses to DNS Queries That Have QTYPE=ANY\n", pihole_conf);
+	fputs("# Filters replies to queries for type ANY. Everything other than A, AAAA, MX and CNAME\n", pihole_conf);
+	fputs("# records are removed. Since ANY queries with forged source addresses can be used in DNS amplification attacks\n", pihole_conf);
+	fputs("# replies to ANY queries can be large) this defangs such attacks, whilst still supporting the\n", pihole_conf);
+	fputs("# one remaining possible use of ANY queries. See RFC 8482 para 4.3 for details.\n", pihole_conf);
+	fputs("filter-rr=ANY\n", pihole_conf);
+	fputs("\n", pihole_conf);
+
 	// Add additional config lines to disk (if present)
 	if(conf->misc.dnsmasq_lines.v.json != NULL &&
 	   cJSON_GetArraySize(conf->misc.dnsmasq_lines.v.json) > 0)

diff --git a/src/dnsmasq/arp.c b/src/dnsmasq/arp.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2023 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2024 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by

diff --git a/src/dnsmasq/auth.c b/src/dnsmasq/auth.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2023 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2024 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by

diff --git a/src/dnsmasq/blockdata.c b/src/dnsmasq/blockdata.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2023 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2024 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by

diff --git a/src/dnsmasq/bpf.c b/src/dnsmasq/bpf.c
@@ -1,4 +1,4 @@
-/* dnsmasq is Copyright (c) 2000-2023 Simon Kelley
+/* dnsmasq is Copyright (c) 2000-2024 Simon Kelley
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by