[dnsdist] PowerDNS DNSdist 1.9.7 released

Remi Gacogne remi.gacogne at powerdns.com
Fri Oct 4 12:12:32 UTC 2024


Hello!

We released PowerDNS DNSdist 1.9.7 today, fixing several issues:

- A race condition in the processing of incoming DNS over TLS 
connections could cause a crash if TLS certificates were reloaded from 
the console while processing a TLS handshake
- Processing a proxy protocol payload present outside of the TLS layer 
was broken for incoming DNS over TLS connections
- The byte-ordering of EDNS flags was reversed after some operations, 
like setting an extended DNS error status
- EDNS was not properly added to responses generated from raw record 
data, preventing for example the use of extended DNS error statuses
- eBPF filtering did interact badly with DNS over QUIC and DNS over 
HTTP3 queries
- The expiry timestamp reported by the Lua binding for Dynamic Blocks 
could not be used easily
- Removing a server early could cause an error because the default pool 
did not exist yet

A few improvements were also made:

- Timeouts are no longer reported by topSlow, and can instead be 
examined with topTimeouts
- Passing a large value to setMaxTCPClientThreads now triggers a warning
- A Lua FFI binding has been added to access incoming proxy protocol values
- The Rust version we use to build our packages was upgraded to 1.78
- The Quiche library used for QUIC was upgraded to 0.22.0 in our packages

We also fixed two minor incompatibility issues preventing DNSdist from 
being built with newer versions of gcc, clang and the Boost library.

Please see the DNSdist website [1] for the more complete changelog [2] 
and the current documentation. The upgrade guide is also available there 
[3].

Please send us all feedback and issues you might have via the mailing 
list, or in case of a bug, via GitHub [4].

The release tarball [5] and its signature [6] are available on the 
downloads website, and packages for several distributions are available 
from our repository [7].

[1]: https://dnsdist.org
[2]: https://dnsdist.org/changelog.html#change-1.9.7
[3]: https://dnsdist.org/upgrade_guide.html
[4]: https://github.com/PowerDNS/pdns/issues/new/choose
[5]:
https://downloads.powerdns.com/releases/dnsdist-1.9.7.tar.bz2
[6]:
https://downloads.powerdns.com/releases/dnsdist-1.9.7.tar.bz2.sig
[7]: https://repo.powerdns.com

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20241004/ac4978f1/attachment.sig>


More information about the dnsdist mailing list