[dnsdist] PowerDNS DNSdist 1.9.14 and 2.0.5 Released

Remi Gacogne remi.gacogne at powerdns.com
Thu Apr 23 09:45:02 UTC 2026 

Hi,

Today we again released two new versions of DNSdist, 1.9.14 and 2.0.5, 
fixing one regression introduced in 1.9.13 and 2.0.4, and several small 
issues that were not included in yesterday's security releases.

The regression introduced in 1.9.13 and 2.0.4 concerns the PRSD 
detection mechanism enabled with DynBlockRulesGroup:setSuffixMatchRule 
or DynBlockRulesGroup:setSuffixMatchRuleFFI, and causes an exception to 
be raised when accessing StatNode::fullname from the Lua visitor function.

The other issues fixed in this release are:
- (1.9.14 and 2.0.5) When DNSdist is compiled in "single acceptor 
thread" mode, which is designed for embedded systems with low memory, a 
TCP worker thread was not always created by default, even when DOQ and 
DoH3 support was enabled, leading to a crash.
- (2.0.5) The buffers allocated for recvmmsg might have been too large, 
wasting memory
- (2.0.5) When the trustForwardForHeader option is used, and the 
upstream proxy did include X-Forwarded-For header for at least one query 
in an established connection but somehow does not include it for a 
subsequent query, DNSdist should reset the client address to the address 
of the proxy instead of using the last received one
- (2.0.5): Fix handling of long HTTP/2 Date headers if the administrator 
explictly used a non-POSIX locale
- (2.0.5): Detection of some TLS functions was missing when compiling 
with meson: TLS_client_method and gnutls_transport_set_fastopen

Please see the DNSdist website [1] for the more complete changelogs 
[2][3] and the current documentation. The upgrade guide is also 
available there [4].

Please send us all feedback and issues you might have via the mailing 
list, or in case of a bug, via GitHub [5].

The release tarballs [6][7] and their signatures [8][9] are available on 
the downloads website, and packages for several distributions are 
available from our repository [10].

[1]: https://dnsdist.org
[2]: https://dnsdist.org/changelog.html#change-1.9.14
[3]: https://dnsdist.org/changelog.html#change-2.0.5
[4]: https://dnsdist.org/upgrade_guide.html
[5]: https://github.com/PowerDNS/pdns/issues/new/choose
[6]: https://downloads.powerdns.com/releases/dnsdist-1.9.14.tar.bz2
[7]: https://downloads.powerdns.com/releases/dnsdist-1.9.14.tar.bz2.sig
[8]: https://downloads.powerdns.com/releases/dnsdist-2.0.5.tar.xz
[9]: https://downloads.powerdns.com/releases/dnsdist-2.0.5.tar.xz.sig
[10]: https://repo.powerdns.com

Best regards,
-
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20260423/742f84f3/attachment.sig>

More information about the dnsdist mailing list