From remi.gacogne at powerdns.com Wed Sep 15 09:09:03 2021 From: remi.gacogne at powerdns.com (Remi Gacogne) Date: Wed, 15 Sep 2021 11:09:03 +0200 Subject: [Pdns-announce] dnsdist 1.6.1 released Message-ID: Hello! We are happy to release dnsdist 1.6.1 today, a maintenance release fixing a few bugs reported since 1.6.0: - Adding ECS failed for queries with records in the answer or additional section (Dimitrios Mavrommatis) - The transport was not properly set in dnstap and protobuf messages for DoH queries - The outstanding queries counter was not properly reset when some TCP I/O errors occurred - The ability to load a new certificate on a DoH frontend was missing - A missing header could have caused a compilation issue on some platforms As usual there were also other smaller enhancements and fixes, please see the dnsdist website [1] for the more complete changelog [2] and the current documentation. Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub [3]. We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features. The release tarball [4] (signature [5]) is available on the downloads website, and packages for CentOS 7 and 8, Debian Buster and Bullseye, and Ubuntu Bionic and Focal are available from our repository [6]. [1]: https://dnsdist.org [2]: https://dnsdist.org/changelog.html#change-1.6.1 [3]: https://github.com/PowerDNS/pdns/issues/new/choose [4]: https://downloads.powerdns.com/releases/dnsdist-1.6.1.tar.bz2 [5]: https://downloads.powerdns.com/releases/dnsdist-1.6.1.tar.bz2.sig [6]: https://repo.powerdns.com Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From remi.gacogne at powerdns.com Thu Sep 23 09:05:54 2021 From: remi.gacogne at powerdns.com (Remi Gacogne) Date: Thu, 23 Sep 2021 11:05:54 +0200 Subject: [Pdns-announce] First alpha release of dnsdist 1.7.0 Message-ID: <9176ae50-6ae6-9015-63b2-578f62d01e87@powerdns.com> Hi everyone, We are proud to announce the first alpha release of dnsdist 1.7.0. This release contains several new exciting features, as well as improvements and bug fixes. In our view, the most exciting new feature is the support of outgoing DNS over TLS and DNS over HTTPS, as well as the ability to do "cross-protocol" queries, meaning a query received over a given protocol (UDP, TCP, DoT, DoH, ...) can be forwarded over a different one. Now that dnsdist is capable of contacting its backend over an encrypted channel, full end-to-end encryption is possible, offering improved confidentiality and integrity. This release also reduces the memory footprint of dnsdist in several places, which makes it easier to use in resource-constrained environments. We added support for generating the still experimental SVCB and HTTPS records directly from dnsdist, offering potential benefits to both performance and privacy. Our LMDB code has gained the ability to do range-based lookups, and is now more efficient even for simple lookups. Extending the per-thread custom load-balancing policies introduced in 1.6.0, it is now possible to write blazing-fast, lock-less per-thread custom actions using the Lua foreign function interface. Dimitrios Mavrommatis improved the handling of AXFR and IXFR queries, making it possible to reuse a TCP connection used for a zone transfer much more efficiently. Holger Hoffst?tte also improved the reporting of an unavailable backend, making sure the existing metrics are no longer reported to prevent any confusion. Please see the dnsdist website [1] for the more complete changelog [2] and the current documentation. Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub. Release tarballs are available on the downloads website, and packages for CentOS 7 and 8, Debian Buster, Bullseye, and Ubuntu Bionic and Focal are available from our repository. With the future 1.7.0 final release, the 1.4.x releases will be EOL and the 1.5.x releases will go into critical security fixes only mode. Finally, we would like to thank the PowerDNS community and all external contributors for their great work in this release! [1]: https://dnsdist.org [2]: https://dnsdist.org/changelog.html#change-1.7.0-alpha1 [3]: https://github.com/PowerDNS/pdns/issues/new/choose [4]: https://downloads.powerdns.com/releases/dnsdist-1.7.0-alpha1.tar.bz2 [5]: hhttps://downloads.powerdns.com/releases/dnsdist-1.7.0-alpha1.tar.bz2.sig [6]: https://repo.powerdns.com Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From otto.moerbeek at open-xchange.com Wed Sep 29 09:10:12 2021 From: otto.moerbeek at open-xchange.com (Otto Moerbeek) Date: Wed, 29 Sep 2021 11:10:12 +0200 (CEST) Subject: [Pdns-announce] First Alpha release of PowerDNS Recursor 4.6.0 Message-ID: <1873108373.7845.1632906612786@appsuite-guard.open-xchange.com> We are proud to announce the first alpha release of PowerDNS Recursor 4.6.0. Compared to the previous major (4.5) release of PowerDNS Recursor, this release contains two major sets of changes: * a rewrite of the outgoing TCP code, adding both re-use of connections and support for DoT to authoritative servers or forwarders, * many improvements in the area of metrics: more metrics are collected and more metrics are now exported in a Prometheus friendly way. Re-use of TCP/DoT connections is achieved by not closing connections, leaving them open for re-use. Previously, a TCP connection would be closed after a single query-reply exchange. The policy used to keep idle connections open is governed by various settings[1]. By default[2], if a forwarder is specified using port 853, DoT will be used to connect to that forwarder. It is also possible to list[3] specific nameservers that should be contacted over DoT. Note that no certificate validation is done. After the standard committees define discovery of authoritative servers offering DoT, we will add functionality to allow automatic switching to DoT including validation of certificates. As always, there are also many smaller bug fixes and improvements, please refer to the changelog[4] for additional details. Please send us all feedback and issues you might have via the mailing list[5], or in case of a bug, via GitHub[6]. The tarball[7] (signature[8]) is available from our download server[9] and packages for several distributions are available from our repository[10]. With the final 4.6 release, the 4.3.x releases will be EOL and the 4.4.x and 4.5.x releases will go into critical fixes only mode. Consult the EOL policy[11] for more details. We would also like to mention that with the 4.5 release we stopped supporting systems using 32-bit time. This includes 32-bit Linux platforms like arm6, arm7, and i386. We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features. References 1. https://docs.powerdns.com/recursor/settings.html#tcp-out-max-idle-ms 2. https://docs.powerdns.com/recursor/settings.html#dot-to-port-853 3. https://docs.powerdns.com/recursor/settings.html#dot-to-auth-names 4. https://doc.powerdns.com/recursor/changelog/4.6.html#change-4.6.0-alpha1 5. https://mailman.powerdns.com/mailman/listinfo/pdns-users 6. https://github.com/PowerDNS/pdns/issues/new/choose 7. https://downloads.powerdns.com/releases/pdns-recursor-4.6.0-alpha1.tar.bz2 8. https://downloads.powerdns.com/releases/pdns-recursor-4.6.0-alpha1.tar.bz2.sig 9. https://downloads.powerdns.com/releases/ 10. https://repo.powerdns.com/ 11. https://docs.powerdns.com/recursor/appendices/EOL.html -- kind regards, Otto Moerbeek PowerDNS Developer Email: otto.moerbeek at open-xchange.com ------------------------------------------------------------------------------------- Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District Court Cologne HRB 95366 Managing Board: Andreas Gauger, Carsten Dirks, Dirk Valbert, Frank Hoberg, Stephan Martin Chairman of the Board: Richard Seibt PowerDNS.COM BV, Koninginnegracht 14L, 2514 AA Den Haag, The Netherlands Managing Director: Robert Brandt, Carsten Dirks ------------------------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 475 bytes Desc: not available URL: