dns/dnsmasq-devel: update to v2.91test9
Upstream commit history, all changes by Simon Kelley:
- a4569c2 2025-01-20 | Correct BNF for --trust-anchor in manpage.
- 199e65c 2025-01-20 | Remove misleading comment.
- bb8811d 2025-01-20 | Convert DNS names in logs to all lower case.
- 995a16c 2025-01-19 | Implement "DNS-0x20 encoding".
- 65f9c1a 2025-01-19 | Case-sensitive matching of questions and answers.
Upstream CHANGELOG addition:
| Implement "DNS-0x20 encoding", for extra protection against |
| reply-spoof attacks. Since DNS queries are case-insensitive, it's |
| possible to randomly flip the case of letters in a query and still get |
| the correct answer back. |
| This adds an extra dimension for a cache-poisoning attacker to guess |
| when sending replies in-the-blind since it's expected that the |
| legitimate answer will have the same pattern of upper and lower case |
| as the query, so any replies which don't can be ignored as malicious. |
| The amount of extra entropy clearly depends on the number of a-z and |
| A-Z characters in the query, and this implementation puts a hard limit |
| of 32 bits to make rescource allocation easy. This about doubles |
| entropy over the standard random ID and random port combination. |
MFH: 2025Q1
(cherry picked from commit 8d75a12779afbf4c7278a494210be5d2a1a531ac)