Pi-hole v4.2 Available With Shared Memory, New Blocking Modes, And More
We’re always happy when we can release a new version of Pi-hole, so today we’re announcing v4.2 of Pi-hole. Thank you to to our patrons and everyone else who continue to support us. Along with many other things, we’ve merged in the upstream code from dnsmasq
v2.80. For anyone who doesn’t know, FTLDNS (pihole-FTL
) is just our fork of dnsmasq
.
v4.2.1 Hotfix
We have released a small hotfix which addresses possible crashes experienced for users without libcap
capabilities (running FTLDNS under root
). For most users, this update will not change anything.
Highlights
New Blocking Mode
We’ve added a new blocking mode (NODATA
), where blocked requested are replied with a status code of NOERROR
and A
/ AAAA
records are empty. It’s unclear if there are advantages to this mode over others, but you’re welcome to experiment with it.
Shared Memory
In preparation of the new API we are working on, FTLDNS will now store its data in a shared-memory space, so that the API can come in and read from that memory to fulfill requests. In short, this means FTLDNS will be even lighter as it doesn’t have to care about sending the statistics to some requester. Instead, it will concentrate on generating the statistics and the API can read FTL’s data directly, resulting in reduced delays in the API.
wpad Vulnerability Fix
We previously mentioned how you could work around a vulnerability regarding wpad
entries. This fix is now in place as suggested by dnsmaq.conf.example
.
Fixes And Tweaks
- We updated SQLite to 3.26.0
- We fixed the query status if a forwarded query was partially replied to from the cache
- We now prevent multiple static DHCP entries with same IP
- And more…
Docker Version Also Updated
We heard your feedback and we made sure to coordinate better to release our traditional install and our Docker install together. The docker image will be released when testing is complete.
Thanks for the new version and I will try it soon.
I am looking at the new blocking option for IPv4 by returning NODATA. I have good results with Null blocking and you just throw a bone to the requester and tell have much fun with it.
NODATA is more specific which (subdomain.)domain.tld is no existent. NXDOMAIN is telling that the domain.tld is not existing.
However, as indicated, it is how the requester is dealing with this negative answer.
I don’t expect a better reaction then with NXDOMAIN which made me to be a fanboy of Null blocking.
Then, NODATA is much much better than NXDOMAIN, it is like a scapel cutting out specific replies and not squash the whole domain like NXDOMAIN does.
https://prefetch.net/blog/2016/09/28/the-subtleties-between-the-nxdomain-noerror-and-nodata-dns-response-codes/
And I think there is some confusion,
domain.tld
is a domain,sub.domain.tld
is also a domain. NXDOMAIN does not stop at the top level, or any level, it is a response that the requested domain does not exist. You can NXDOMAINmy.domain.tld
and still have a validdomain.tld
query and response.This is known and will be fixed by FTL v4.2.1 which is about to be released
Updated to 4.2.1 today, without obvious problems so far. Thanks for the new version
Short side note: the following reported behavior is unchanged. As soon as the “Use DNSSEC” option is enabled the cache doesn’t work anymore.