[dnsdist] dnsdist 1.3.2 released

David opendak at shaw.ca
Fri Aug 24 02:27:27 UTC 2018


On 2018-08-23 7:53 PM, Frank Even wrote:
> Will these updates eventually make their way into CentOS EPEL?  Looks 
> like I'm still on 1.3.0 pulling from those repos.

You can also use the PowerDNS repos directly, http://repo.powerdns.com 
if that is an option for your environment.

> 
> On Tue, Jul 10, 2018 at 7:20 AM, Remi Gacogne <remi.gacogne at powerdns.com 
> <mailto:remi.gacogne at powerdns.com>> wrote:
> 
>     Hello everyone,
> 
>     We are very happy to announce the 1.3.2 release of dnsdist. This release
>     contains a few new features, but is mostly fixing bugs and documentation
>     issues reported since the release of dnsdist 1.3.0. You might be
>     wondering why this release is not numbered 1.3.1, we discovered a build
>     issue on some platforms right after tagging 1.3.1 and therefore decided
>     to release 1.3.2 right away.
> 
>     Breaking changes
>     ================
> 
>     After discussing with several users, we noticed that quite a lot of them
>     were not aware that enabling the dnsdist's console without a key, even
>     restricted to the local host, could be a security issue and allow
>     privilege escalation by allowing an unprivileged user to connect to the
>     console and execute Lua code as the dnsdist user. We therefore decided
>     to refuse any connection to the console until a key has been set, so
>     please check that you do set a key before upgrading if you use the
>     console.
> 
>     New features
>     ============
> 
>     The DNS over TLS feature introduced in 1.3.0 was missing the ability to
>     support both an RSA and an ECDSA certificate at the same time, and it
>     was not possible to switch to a new certificate without restarting
>     dnsdist. This has now been fixed.
> 
>     The packet cache has also been improved in this release, with the
>     addition of a negative TTL option to be able to specify how long NODATA
>     and NXDOMAIN answers should be cache, as well as a way to dump the
>     content of the cache. We also made the detection of ECS collisions more
>     robust, preventing two queries for the same name, type and class but a
>     different ECS subnet from colliding even if they did hash to the
>     same value.
> 
>     This version gained the ability to insert dynamic rules that do nothing,
>     and do not stop the processing of subsequent rules, which is very useful
>     for testing purposes. The optimized DynblockRulesGroup introduced in
>     1.3.0 also gained the ability to whitelist and blacklist ranges from
>     dynamic rules, for example to prevent some clients from ever being
>     blocked by a rate-limiting rule.
> 
>     Finally, we introduced the new SetECSAction directive to be able to
>     force the ECS value sent to a downstream server for some or all queries.
> 
>     Bug fixes
>     =========
> 
>     In addition to various documentation and cosmetics fixes, a few annoying
>     bugs have been fixed in this release:
> 
>     - If the first connection attempt to a given backend failed, dnsdist
>     didn't properly reconnect even when the backend became available ;
>     - Dynamic blocks were sometimes created with the wrong duration ;
>     - The ability to iterate over the results of the Lua exceed*() functions
>     was broken in 1.3.0, preventing manual whitelisting from Lua ;
>     - Some statistics were displayed with too many decimals in the web
>     interface ;
>     - A backend outstanding queries counter could become wrong if it dropped
>     a lot of queries for a while.
> 
> 
>     Please see the dnsdist website [1] for the more complete changelog
>     [2] and the current documentation.
> 
>     Release tarballs are available on the downloads website [3].
> 
>     Several packages are also available on our repository [4].
> 
> 
>     [1]: https://dnsdist.org
>     [2]: https://dnsdist.org/changelog.html
>     <https://dnsdist.org/changelog.html>
>     [3]: https://downloads.powerdns.com/releases/dnsdist-1.3.2.tar.bz2
>     <https://downloads.powerdns.com/releases/dnsdist-1.3.2.tar.bz2>
>     [4]: https://repo.powerdns.com/
> 
>     Best regards,
> 
>     -- 
>     Remi Gacogne
>     PowerDNS.COM BV - https://www.powerdns.com/
> 
> 
>     _______________________________________________
>     dnsdist mailing list
>     dnsdist at mailman.powerdns.com <mailto:dnsdist at mailman.powerdns.com>
>     https://mailman.powerdns.com/mailman/listinfo/dnsdist
>     <https://mailman.powerdns.com/mailman/listinfo/dnsdist>
> 
> 
> 
> 
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
> 



More information about the dnsdist mailing list