#dnsmasq — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #dnsmasq, aggregated by home.social.
-
If you use #dnsmasq on @fedora or @centos Stream - be aware that there are recently disclosed CVEs - https://www.kb.cert.org/vuls/id/471747
@SUSE at least rates one of them a 9.2 on the CVSS 4.0 scale
https://www.suse.com/security/cve/CVE-2026-2291.html
Fedora updates for stable releases are about to hit testing: https://bodhi.fedoraproject.org/updates/?search=dnsmasq-2.92rel2
and if you have the #CentOSHyperscale repo enabled you can `sudo dnf install centos-release-hyperscale-testing && sudo dnf update 'dnsmasq*'`
Please give feedback for the Fedora builds and for the Hyperscale ones if you give them a spin!
https://gitlab.com/CentOS/Hyperscale/rpms/dnsmasq/-/work_items/1
As of the time of posting there is no advisory from #RedHat yet
-
If you use #dnsmasq on @fedora or @centos Stream - be aware that there are recently disclosed CVEs - https://www.kb.cert.org/vuls/id/471747
@SUSE at least rates one of them a 9.2 on the CVSS 4.0 scale
https://www.suse.com/security/cve/CVE-2026-2291.html
Fedora updates for stable releases are about to hit testing: https://bodhi.fedoraproject.org/updates/?search=dnsmasq-2.92rel2
and if you have the #CentOSHyperscale repo enabled you can `sudo dnf install centos-release-hyperscale-testing && sudo dnf update 'dnsmasq*'`
Please give feedback for the Fedora builds and for the Hyperscale ones if you give them a spin!
https://gitlab.com/CentOS/Hyperscale/rpms/dnsmasq/-/work_items/1
As of the time of posting there is no advisory from #RedHat yet
-
If you use #dnsmasq on @fedora or @centos Stream - be aware that there are recently disclosed CVEs - https://www.kb.cert.org/vuls/id/471747
@SUSE at least rates one of them a 9.2 on the CVSS 4.0 scale
https://www.suse.com/security/cve/CVE-2026-2291.html
Fedora updates for stable releases are about to hit testing: https://bodhi.fedoraproject.org/updates/?search=dnsmasq-2.92rel2
and if you have the #CentOSHyperscale repo enabled you can `sudo dnf install centos-release-hyperscale-testing && sudo dnf update 'dnsmasq*'`
Please give feedback for the Fedora builds and for the Hyperscale ones if you give them a spin!
https://gitlab.com/CentOS/Hyperscale/rpms/dnsmasq/-/work_items/1
As of the time of posting there is no advisory from #RedHat yet
-
If you use #dnsmasq on @fedora or @centos Stream - be aware that there are recently disclosed CVEs - https://www.kb.cert.org/vuls/id/471747
@SUSE at least rates one of them a 9.2 on the CVSS 4.0 scale
https://www.suse.com/security/cve/CVE-2026-2291.html
Fedora updates for stable releases are about to hit testing: https://bodhi.fedoraproject.org/updates/?search=dnsmasq-2.92rel2
and if you have the #CentOSHyperscale repo enabled you can `sudo dnf install centos-release-hyperscale-testing && sudo dnf update 'dnsmasq*'`
Please give feedback for the Fedora builds and for the Hyperscale ones if you give them a spin!
https://gitlab.com/CentOS/Hyperscale/rpms/dnsmasq/-/work_items/1
As of the time of posting there is no advisory from #RedHat yet
-
If you use #dnsmasq on @fedora or @centos Stream - be aware that there are recently disclosed CVEs - https://www.kb.cert.org/vuls/id/471747
@SUSE at least rates one of them a 9.2 on the CVSS 4.0 scale
https://www.suse.com/security/cve/CVE-2026-2291.html
Fedora updates for stable releases are about to hit testing: https://bodhi.fedoraproject.org/updates/?search=dnsmasq-2.92rel2
and if you have the #CentOSHyperscale repo enabled you can `sudo dnf install centos-release-hyperscale-testing && sudo dnf update 'dnsmasq*'`
Please give feedback for the Fedora builds and for the Hyperscale ones if you give them a spin!
https://gitlab.com/CentOS/Hyperscale/rpms/dnsmasq/-/work_items/1
As of the time of posting there is no advisory from #RedHat yet
-
「 Today, 11th May 2026 CERT is releasing a set of six CVEs for serious
security vulnerabilities in dnsmasq. These are all long-standing bugs
which apply to pretty much all non-ancient versions. The CVE has been
pre-disclosed to vendors, so hopefully they will be releasing patched
versions of their dnsmasq packages in a timely manner 」https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
-
🚨 OMG, #dnsmasq is exploding! 🚨 In a shocking twist of fate, CERT drops six #CVEs on lazy vendors who didn't realize their software was a ticking time bomb. Apparently, "longstanding bugs" means "we've ignored this for years, but now it's an emergency" 😂.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html #cybersecurity #softwarebugs #vendorresponsibility #emergencyfix #HackerNews #ngated -
🚨 OMG, #dnsmasq is exploding! 🚨 In a shocking twist of fate, CERT drops six #CVEs on lazy vendors who didn't realize their software was a ticking time bomb. Apparently, "longstanding bugs" means "we've ignored this for years, but now it's an emergency" 😂.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html #cybersecurity #softwarebugs #vendorresponsibility #emergencyfix #HackerNews #ngated -
🚨 OMG, #dnsmasq is exploding! 🚨 In a shocking twist of fate, CERT drops six #CVEs on lazy vendors who didn't realize their software was a ticking time bomb. Apparently, "longstanding bugs" means "we've ignored this for years, but now it's an emergency" 😂.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html #cybersecurity #softwarebugs #vendorresponsibility #emergencyfix #HackerNews #ngated -
🚨 OMG, #dnsmasq is exploding! 🚨 In a shocking twist of fate, CERT drops six #CVEs on lazy vendors who didn't realize their software was a ticking time bomb. Apparently, "longstanding bugs" means "we've ignored this for years, but now it's an emergency" 😂.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html #cybersecurity #softwarebugs #vendorresponsibility #emergencyfix #HackerNews #ngated -
🚨 OMG, #dnsmasq is exploding! 🚨 In a shocking twist of fate, CERT drops six #CVEs on lazy vendors who didn't realize their software was a ticking time bomb. Apparently, "longstanding bugs" means "we've ignored this for years, but now it's an emergency" 😂.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html #cybersecurity #softwarebugs #vendorresponsibility #emergencyfix #HackerNews #ngated -
CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
#HackerNews #CERT #CVEs #dnsmasq #security #vulnerabilities #cybersecurity #patches
-
CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
#HackerNews #CERT #CVEs #dnsmasq #security #vulnerabilities #cybersecurity #patches
-
CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
#HackerNews #CERT #CVEs #dnsmasq #security #vulnerabilities #cybersecurity #patches
-
CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
#HackerNews #CERT #CVEs #dnsmasq #security #vulnerabilities #cybersecurity #patches
-
CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
#HackerNews #CERT #CVEs #dnsmasq #security #vulnerabilities #cybersecurity #patches
-
Простая настройка машины под Linux как роутера — NAT+iptables+dnsmasq
Короткое описание, как я настраивал себе на Linux-машине роутер с пересылкой трафика в интернет, собственным DNS и DHCP. Простое и элегантное решение.
-
So neither .iso nor .img will boot #FreeBSD off of a USB thumbdrive or another, ventoy or raw.
The #ThinkCentre M73 freezes at installer boot screen.#PXE it is. Weirdly #dnsmasq changes the boot file (#wireshark showed me it appends `.0`) in the proxy ACK, but not in the original offer. Whatever, `cp`.
But now it seems like the file size is erroneously transfered, and therefore the #TFTP transfer gleefully halts mid-file.
At least now it's stalled at a blinking cursor instead of freezing.
Sigh...
-
Do you really want to use software distributed via unauthenticated channels (looks like it isn't anymore)? I suggested the authors years ago and he flat out said he did didn't want to and didn't see any value in using https.
I don't trust people who have that attitude about security to write software that I run.
-
and then my DNS failed again 😭
But this time it was my upstream non-HA unbound on opnsense that just terminated.
unbound is serving my local dhcp entries and some magic.. those are not replicated to the backup system :(monit to the rescue! it will (re)start unbound no in case of failure.
-
and then my DNS failed again 😭
But this time it was my upstream non-HA unbound on opnsense that just terminated.
unbound is serving my local dhcp entries and some magic.. those are not replicated to the backup system :(monit to the rescue! it will (re)start unbound no in case of failure.
-
and then my DNS failed again 😭
But this time it was my upstream non-HA unbound on opnsense that just terminated.
unbound is serving my local dhcp entries and some magic.. those are not replicated to the backup system :(monit to the rescue! it will (re)start unbound no in case of failure.
-
and then my DNS failed again 😭
But this time it was my upstream non-HA unbound on opnsense that just terminated.
unbound is serving my local dhcp entries and some magic.. those are not replicated to the backup system :(monit to the rescue! it will (re)start unbound no in case of failure.
-
Also ein Flat LAN mit Fritz!Box, Pihole und rund 75 Netzwerkgeräten in ein ausgewachsenes Business LAN mit OPNsense, Omada, mehreren Access Points und alles schön getrennt in VLANS umzubauen, ist echt ne Lebensaufgabe, bis alles reibungslos funktioniert....... 😛
#opnsense #omada #tplink #dnsmasq #unbounddns #selfhosted #network #netzwerk #fritzbox #homeassistant
-
Chromecast said "Not connected to the internet", rendering it unusuable.
I drop all external DNS (and DNS-over-TLS) requests on my network.
Google (along with Chinese IoT spyware, Samsung, and others) now try to use their hardcoded DNS servers.
My network now fools them all, they think they get a response from their DNS, but it's really my PiHole that answers! NAT + Masquerading FTW!
See the diagram for a simplified overview
AMA
#ama #chromecast #chromecastultra #dns #nat #masquerading #dnsmasq #pihole #networking #adblock #fuckads #samsung #spyware #malware #dns
-
Chromecast said "Not connected to the internet", rendering it unusuable.
I drop all external DNS (and DNS-over-TLS) requests on my network.
Google (along with Chinese IoT spyware, Samsung, and others) now try to use their hardcoded DNS servers.
My network now fools them all, they think they get a response from their DNS, but it's really my PiHole that answers! NAT + Masquerading FTW!
See the diagram for a simplified overview
AMA
#ama #chromecast #chromecastultra #dns #nat #masquerading #dnsmasq #pihole #networking #adblock #fuckads #samsung #spyware #malware #dns
-
Chromecast said "Not connected to the internet", rendering it unusuable.
I drop all external DNS (and DNS-over-TLS) requests on my network.
Google (along with Chinese IoT spyware, Samsung, and others) now try to use their hardcoded DNS servers.
My network now fools them all, they think they get a response from their DNS, but it's really my PiHole that answers! NAT + Masquerading FTW!
See the diagram for a simplified overview
AMA
#ama #chromecast #chromecastultra #dns #nat #masquerading #dnsmasq #pihole #networking #adblock #fuckads #samsung #spyware #malware #dns
-
Chromecast said "Not connected to the internet", rendering it unusuable.
I drop all external DNS (and DNS-over-TLS) requests on my network.
Google (along with Chinese IoT spyware, Samsung, and others) now try to use their hardcoded DNS servers.
My network now fools them all, they think they get a response from their DNS, but it's really my PiHole that answers! NAT + Masquerading FTW!
See the diagram for a simplified overview
AMA
#ama #chromecast #chromecastultra #dns #nat #masquerading #dnsmasq #pihole #networking #adblock #fuckads #samsung #spyware #malware #dns
-
Chromecast said "Not connected to the internet", rendering it unusuable.
I drop all external DNS (and DNS-over-TLS) requests on my network.
Google (along with Chinese IoT spyware, Samsung, and others) now try to use their hardcoded DNS servers.
My network now fools them all, they think they get a response from their DNS, but it's really my PiHole that answers! NAT + Masquerading FTW!
See the diagram for a simplified overview
AMA
#ama #chromecast #chromecastultra #dns #nat #masquerading #dnsmasq #pihole #networking #adblock #fuckads #samsung #spyware #malware #dns
-
I had read good reviews about the #GL-iNet #routers so I purchased one of their products around 18 months ago. One of my main motivations was supporting, at some level, #OpenWrt and including tools like #AdGuardHome and #Wireguard.
But to be honest, it all has been a bit disappointing.
AdGuardHome never worked very well. Apart from being slow, the service would frequently freeze (e.g. whenever I updated the custom filter) and I had to manually restart it.
In addition, the system stack was quite messy and difficult to make sense of. For example, the #DNS service #Dnsmasq could be managed directly or via Openwrt, sometimes creating unintended problems.
Anyway, the router decided to implode after a firmware upgrade, which is quite underwhelming. I tried a few things like reflashing Uboot, factory reset, etc. before deciding to just toss it away and get another one, from a different brand.
-
📬 Pi-hole glänzt mit einigen Verbesserungen
#Datenschutz #Test #ARP #DNSSystem #dnsmasq #FasterThanLight #PiHole #QueryLog #SQLiteDB https://sc.tarnkappe.info/cf91fa -
Switched from #ISC DHCP to #dnsmasq on #opnsense.
The transition wasn't very smooth as the update process disabled #ISC without enabling #dnsmasq so essentially you had to assign static ips to restore your setup after the update, yikes.
Anyway, now finally running a DHCP server that can do both ipv4 and ipv6 in a single process.
-
When upgrading #opnsense I would have really liked to know in advance that it would remove my DHCP static ips and remove the current DHCP server without automatically enabling the new #Dnsmasq server.
I've found this wasn't very clear in advance.
Both having to first create static routes to reconfigure as well as having to rebuild my ranges and static IPs from memory was a pity.
Having a single DHCP server do both the IPV4 and IPV6 in one overview is really nice though!
-
Simon Kelley released #Dnsmasq version 2.92. http://www.thekelleys.org.uk/dnsmasq/doc.html
-
@pid_eins this clearly conflicts with previous declaration systemd-resolved is stub only, not a server. I expect networkd would not recommend non-systemd implementations? I can see this as #Dnsmasq replacement. But Dnsmasq never was a DNS stub client. Does this introduce systemd-dhcpd? Is there a plan to reimplement also radvd?
-
Alright, I think I just got it fixed.
My wildcard entry in #dnsmasq appears to have had the wrong syntax. I corrected the syntax and now it's working again.
The confusing part of all of this is that I don't believe I touched the dnsmasq config when I set up #ipv6 on the other network... which means that it's been wrong for months,* if not over a year*, and everything was just working, regardless.
Somehow the addition of IPV6 must have disrupted whatever bizarre miracle had kept it working when it was only #ipv4. -
@michal mě podráždilo povídání o #dnsmasq. Ano, Simon Kelley to provozuje na svém old school serveru. Není to taky žádný mladíček. Že běží bez služeb jakéhokoliv korporátu, včetně našeho, je dnes nezvyk. Ale není to tak, že by to dělal úplně sám. Já mám v Dnsmasq svoje commity, aniž bych měl právo zápisu. Přispěvatelů je celá řada, nejsem sám. Ale je nás víc, co ten kód zná a sleduje. To dokazuje třeba dispute nedávno přiřazeného CVE od lidí z Oraclu. Závěr byl prostě špatně.
-
🔥 Breaking News: To exploit these "shocking" #dnsmasq #vulnerabilities, simply replace config files! 🛠️🔧 Who knew #hacking required altering critical #system files? 🤔🙄 It's like discovering you need to open a door to enter a room! 🚪🔓
https://seclists.org/oss-sec/2025/q4/79 #news #cybersecurity #exploits #security #HackerNews #ngated -
Are these real CVEs? VulDB entries for dnsmasq rely on replacing config files
https://seclists.org/oss-sec/2025/q4/79
#HackerNews #CVE #Vulnerabilities #dnsmasq #VulDB #SecurityIssues #ConfigFiles
-
CVE Alert: CVE-2025-12198 - n/a - dnsmasq - https://www.redpacketsecurity.com/cve-alert-cve-2025-12198-n-a-dnsmasq/
#OSINT #ThreatIntel #CyberSecurity #cve-2025-12198 #n-a #dnsmasq
-
Critical DNS cache poisoning in dnsmasq.
Sounds like the authors wanted to do coordinated disclosure but accidentally sent it to a public mailing list???
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q3/018288.html
-
#Eigener #DNS- #Server mit Technitium #DNS:
Wie man seine #DNS_Auflösung selbst verwaltet, ohne auf #Upstreamanbieter angewiesen zu sein.
Die Vorteile des #Selbsthostens seines #DNS_Servers liegen auf der Hand: Man ist sicher vor #Zensurbestrebungen durch #Staat und #Provider und kann direkt auf #Domainebene, wie der Artikel zu #dnsmasq schon kurz erwähnt, #Werbung blockieren.
-
Eigener #DNS- #Server mit #Dnsmasq:
Dieser Artikel handelt davon, wie man einen eigenen #DNS- Server mit #Dnsmasq mit #Filterlisten zum #Blockieren von #Werbung und eigenen #DNS- Einträgen einrichtet.
-
This is just after a reboot.
CPU: Intel Core 2 Quad Q9550 (4) @ 2.545GHz
Memory: 0.70GiB / 3.70GiB (18%)
Disk (/): 23G / 40G (61%)It is running #Nextcloud, and so effectively does the cloud storage, calendar & contacts. I've been running this since before Nextcloud (I used to use OwnCloud).
This and SSH is all that is accessible outside of home. Both have MFA and China is currently blocked (I mean to expand this list).
However it also handles DHCP & DNS for the home LAN using #dnsmasq and I use it as an email archive (#dovecot). There is a functional #fetchmail install, but this is currently switched off.
It also has my #Subversion archive. That stays until I get around to having a proper look at #git.
With #USA going downhill I do have plans to get it do do more - but I'm playing with using #docker containers so if anything gets hacked, that will minimise the damage. I currently have too much running on the raw iron.
I'm using #borg for backups onto an external HDD that then occasionally is copied elsewhere (physical media off-site).
