[dnsdist] PowerDNS DNSdist 1.9.0

Remi Gacogne remi.gacogne at powerdns.com
Fri Feb 16 14:27:47 UTC 2024 

Hello!

We are very happy to release PowerDNS DNSdist 1.9.0 today! This new 
version brings a fair number of new features since 1.8.3:

- DNS over QUIC [1]
- DNS over HTTP3
- AF_XDP [2] support
- the ability to set Extended DNS Error [3] statuses
- a cache-miss ratio dynamic block rule
- getAddressInfo for asynchronous DNS resolution
- Proxy Protocol support for TeeAction
- Proxy Protocol support can now be enabled on a per-bind basis
- many new selectors and actions

We would like to express our gratitude to Y7n05h [4] who contributed 
AF_XDP support during Google Summef Code! It took us far too long to 
integrate their contribution into a release, but it's finally there with 
impressive results.

We also replaced the default library handling DNS over HTTPS, switching 
from h2o to nghttp2 [5]. This change should be transparent for most 
users, since we made sure to preserve the existing features and 
configuration directives. Switching to nghttp2 allows us to support 
hardware acceleration for TLS exchanges, using for example Linux's kTLS 
[6] or Intel Quick-Assist Technology [7]. It also reduces our footprint 
on low-end devices by not requiring an additional library, since nghttp2 
was already used for outgoing DNS over HTTPS requests. Finally, while it 
was a long time coming, h2o is officially [8] no longer maintained in a 
way that makes it possible to use it as a stable library. Technically it 
will still be possible to revert to the use of h2o for incoming DNS over 
HTTPS in DNSdist 1.9.x, but we will remove that support after that.

Packagers need to be aware that SNMP support is no longer enabled by 
default, as it had been causing integration issues in some environments 
for a while, but it's still enabled in our packages. Two new features, 
DNS over QUIC and DNS over HTTP3, require the Cloudflare's Quiche [9] 
library, which is written in Rust [10] and might not be already present 
in some distributions.

We also made changes to our Open Source End of Life policy. Older 
release trains are now supported for one year after the following major 
release. Consult the EOL policy [11] for more details.

Please see the DNSdist website [12] for the more complete changelog [13] 
and the current documentation. The upgrade guide is also available there 
[14].

Please send us all feedback and issues you might have via the mailing 
list, or in case of a bug, via GitHub [15].

We are grateful to the PowerDNS community for the reporting of bugs, 
issues, feature requests, and especially to the submitters of fixes and 
implementations of features. We are particularly thankful to Denis 
Machard for testing and reporting issues with dnstap and protobuf 
exports, Håkan Lindqvist for tirelessly tracking issues in our DNS over 
HTTP3 feature, Oto Šťáva from the Knot Resolver team for testing DNSdist 
against his DNS over QUIC implementation in DNS Shotgun and reporting 
several discrepancies!

The release tarball [16] and its signature [17] are available on the 
downloads website, and packages for several distributions are available 
from our repository [18].

[1]: https://www.rfc-editor.org/rfc/rfc9250.html
[2]: https://www.kernel.org/doc/html/next/networking/af_xdp.html
[3]: https://www.rfc-editor.org/rfc/rfc8914.html
[4]: https://github.com/Y7n05h
[5]: https://nghttp2.org/
[6]: https://docs.kernel.org/networking/tls-offload.html
[7]: 
https://www.intel.com/content/www/us/en/architecture-and-technology/intel-quick-assist-technology-overview.html
[8]: https://github.com/h2o/h2o/issues/3230
[9]: https://github.com/cloudflare/quiche
[10]: https://www.rust-lang.org/
[11]: https://dnsdist.org/eol.html
[12]: https://dnsdist.org
[13]: https://dnsdist.org/changelog.html#change-1.9.0
[14]: https://dnsdist.org/upgrade_guide.html
[15]: https://github.com/PowerDNS/pdns/issues/new/choose
[16]:
https://downloads.powerdns.com/releases/dnsdist-1.9.0.tar.bz2
[17]:
https://downloads.powerdns.com/releases/dnsdist-1.9.0.tar.bz2.sig
[18]: https://repo.powerdns.com

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20240216/a4be9a03/attachment.sig>

More information about the dnsdist mailing list