[dnsdist] First beta release of dnsdist 1.7.0
Remi Gacogne
remi.gacogne at powerdns.com
Tue Nov 16 14:56:38 UTC 2021
Hi everyone!
We are happy to announce the first beta release of dnsdist 1.7.0!
We introduced a fair number of improvements and new features since the
second alpha, and we will now iron out the documentation and fix any
bugs before hopefully releasing the first release candidate very soon.
The main new feature is the ability to use the same outgoing TCP or DNS
over TLS connection for queries coming from different clients, leading
to a huge decrease of the number of outgoing connections needed when the
backend supports out-of-order processing.
We also added the exact transport type to dnstap and protocol buffer
messages, making it possible to differentiate between plaintext queries
and DNS over HTTPS or DNS over TLS ones.
Recently Pierre Grié from Nameshield contributed an XDP program to reply
to blocked UDP queries with a truncated response directly from the
kernel, in a similar way to what we were already doing using eBPF socket
filters. This beta finally adds support for eBPF pinned maps, allowing
dnsdist to populate the maps using our dynamic blocking mechanism, and
letting the external XDP program do the actual blocking or response.
Stéphane Bortzmeyer helped us pinpoint a few issues in the encryption
between dnsdist and its backends, notably in the way the outgoing
connections are cached while waiting to be reused. That could have led
to a waste of memory piling up over time.
We also fixed an issue where the threads handling incoming DoH queries
could have stopped processing responses when they were completely
overloaded by TLS handshakes, leading to a degradation of performance.
The last issue was that a backend was not properly marked as
non-available when a certain exception was raised during a health-check
attempt.
Finally Rosen Penev contributed a lot of clean up changes to make sure
that we make the best of what C++17 can offer.
Please see the dnsdist website [1] for the more complete changelog [2]
and the current documentation.
Please send us all feedback and issues you might have via the mailing
list, or in case of a bug, via GitHub [3].
The release tarball [4] and its signature [5] are available on the
downloads website, and packages for several distributions are available
from our repository [6].
With the future 1.7.0 final release, the 1.4.x releases will be EOL and
the 1.5.x and 1.6.x releases will go into critical security fixes only mode.
Finally, we would like to thank the PowerDNS community and all external
contributors for their great work in this release!
[1]: https://dnsdist.org
[2]: https://dnsdist.org/changelog.html#change-1.7.0-beta1
[3]: https://github.com/PowerDNS/pdns/issues/new/choose
[4]:
https://downloads.powerdns.com/releases/dnsdist-1.7.0-beta1.tar.bz2
[5]:
hhttps://downloads.powerdns.com/releases/dnsdist-1.7.0-beta1.tar.bz2.sig
[6]: https://repo.powerdns.com
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20211116/bbab0418/attachment.sig>
More information about the dnsdist
mailing list