[dnsdist] First beta release of dnsdist 1.7.0

Remi Gacogne remi.gacogne at powerdns.com
Tue Nov 16 14:56:38 UTC 2021

Hi everyone!

We are happy to announce the first beta release of dnsdist 1.7.0!

We introduced a fair number of improvements and new features since the 
second alpha, and we will now iron out the documentation and fix any 
bugs before hopefully releasing the first release candidate very soon.

The main new feature is the ability to use the same outgoing TCP or DNS 
over TLS connection for queries coming from different clients, leading 
to a huge decrease of the number of outgoing connections needed when the 
backend supports out-of-order processing.

We also added the exact transport type to dnstap and protocol buffer 
messages, making it possible to differentiate between plaintext queries 
and DNS over HTTPS or DNS over TLS ones.

Recently Pierre Grié from Nameshield contributed an XDP program to reply 
to blocked UDP queries with a truncated response directly from the 
kernel, in a similar way to what we were already doing using eBPF socket 
filters. This beta finally adds support for eBPF pinned maps, allowing 
dnsdist to populate the maps using our dynamic blocking mechanism, and 
letting the external XDP program do the actual blocking or response.

Stéphane Bortzmeyer helped us pinpoint a few issues in the encryption 
between dnsdist and its backends, notably in the way the outgoing 
connections are cached while waiting to be reused. That could have led 
to a waste of memory piling up over time.

We also fixed an issue where the threads handling incoming DoH queries 
could have stopped processing responses when they were completely 
overloaded by TLS handshakes, leading to a degradation of performance.

The last issue was that a backend was not properly marked as 
non-available when a certain exception was raised during a health-check 

Finally Rosen Penev contributed a lot of clean up changes to make sure 
that we make the best of what C++17 can offer.

Please see the dnsdist website [1] for the more complete changelog [2] 
and the current documentation.

Please send us all feedback and issues you might have via the mailing 
list, or in case of a bug, via GitHub [3].

The release tarball [4] and its signature [5] are available on the 
downloads website, and packages for several distributions are available 
from our repository [6].

With the future 1.7.0 final release, the 1.4.x releases will be EOL and 
the 1.5.x and 1.6.x releases will go into critical security fixes only mode.

Finally, we would like to thank the PowerDNS community and all external 
contributors for their great work in this release!

[1]: https://dnsdist.org
[2]: https://dnsdist.org/changelog.html#change-1.7.0-beta1
[3]: https://github.com/PowerDNS/pdns/issues/new/choose
[6]: https://repo.powerdns.com

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20211116/bbab0418/attachment.sig>

More information about the dnsdist mailing list