From peter.van.dijk at powerdns.com Fri Jan 14 13:27:13 2022 From: peter.van.dijk at powerdns.com (Peter van Dijk) Date: Fri, 14 Jan 2022 14:27:13 +0100 Subject: [Pdns-announce] First Release Candidate for Authoritative Server 4.6.0 Message-ID: Hello! Today we released the first Release Candidate for Authoritative Server version 4.6.0. Version 4.6.0 mostly brings small improvements and fixes, but there are three notable new features: * support for incoming PROXY headers * support for EDNS cookies * autoprimary management via pdnsutil and the API A note to downstream packagers: we removed the randombackend. You may need to adjust your ./configure call and perhaps some file listings. Support for PROXY headers allows you to put a load balancer (such as dnsdist) in front of the Authoritative Server, while still having the Auth see the actual IPs of clients talking to it. EDNS Cookies allow resolvers that support it to have an extra layer of authentication on their communication with the Authoritative Server. Compared to 4.6.0-alpha1, the major user visible change is the new NSEC3PARAM settings - check the upgrade docs below for more information. Besides that, various bugs have been fixed. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.6.html#change-4.6.0-rc1 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.6.0-rc1.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.6.0-rc1.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ -------------- next part -------------- _______________________________________________ Pdns-announce mailing list Pdns-announce at mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-announce -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 914 bytes Desc: This is a digitally signed message part URL: From remi.gacogne at powerdns.com Mon Jan 17 13:01:02 2022 From: remi.gacogne at powerdns.com (Remi Gacogne) Date: Mon, 17 Jan 2022 14:01:02 +0100 Subject: [Pdns-announce] dnsdist 1.7.0 released Message-ID: <20e979d6-9067-5b05-e327-f8245c40722f@powerdns.com> Hi everyone! We are proud to announce the release of dnsdist 1.7.0. This release contains several new exciting features since 1.6.1, as well as improvements and bug fixes. It contains one single change from the first release candidate, a fix for DynBlockRatioRule::warningRatioExceeded provided by Doug Freed. In our view, the most exciting new feature of 1.7.0 is the support of outgoing DNS over TLS and DNS over HTTPS, as well as the ability to do "cross-protocol" queries, meaning a query received over a given protocol (UDP, TCP, DoT, DoH, ...) can be forwarded over a different one. Now that dnsdist is capable of contacting its backend over an encrypted channel, full end-to-end encryption is possible, offering improved confidentiality and integrity. Among the new features is the ability to add a custom EDNS option to a query before forwarding it to a backend, via SetEDNSOptionAction. phonedph1 also contributed a new rule making it possible to route a query based on the number of outstanding queries in a pool, PoolOutstandingRule. Pierre Gri? from Nameshield contributed an XDP program to reply to blocked UDP queries with a truncated response directly from the kernel, in a similar way to what we were already doing using eBPF socket filters. This version adds support for eBPF pinned maps, allowing dnsdist to populate the maps using our dynamic blocking mechanism, and letting the external XDP program do the actual blocking or response. The packet cache has been improved so that one can now configure which EDNS options should be ignored, raising the cache hit ratio behind customer-premises equipment. The incoming and outgoing protocols have been added to the output of the grepq command for a better understanding of the recently processed traffic. Dimitrios Mavrommatis improved the handling of AXFR and IXFR queries, making it possible to reuse a TCP connection used for a zone transfer much more efficiently. We added support for generating the still experimental SVCB and HTTPS records directly from dnsdist, offering potential benefits to both performance and privacy. Our LMDB code has gained the ability to do range-based lookups, and is now more performant even for simple lookups. Extending the per-thread custom load-balancing policies introduced in 1.6.0, it is now possible to write blazing-fast, lock-less per-thread custom actions using the Lua foreign function interface. Holger Hoffst?tte also improved the reporting of an unavailable backend, making sure the existing metrics are no longer reported to prevent any confusion. This release also reduces the memory footprint of dnsdist in several places, which makes it easier to use in resource-constrained environments. Please see the dnsdist website [1] for the more complete changelog [2] and the current documentation. Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub [3]. The release tarball [4] and its signature [5] are available on the downloads website, and packages for several distributions are available from our repository [6]. With this release, the 1.4.x releases become EOL and the 1.5.x and 1.6.x releases go into critical security fixes only mode. Finally, we would like to thank the PowerDNS community and all external contributors for their great work in this release! [1]: https://dnsdist.org [2]: https://dnsdist.org/changelog.html#change-1.7.0 [3]: https://github.com/PowerDNS/pdns/issues/new/choose [4]: https://downloads.powerdns.com/releases/dnsdist-1.7.0.tar.bz2 [5]: https://downloads.powerdns.com/releases/dnsdist-1.7.0.tar.bz2.sig [6]: https://repo.powerdns.com Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From peter.van.dijk at powerdns.com Fri Jan 21 09:46:46 2022 From: peter.van.dijk at powerdns.com (Peter van Dijk) Date: Fri, 21 Jan 2022 10:46:46 +0100 Subject: [Pdns-announce] PowerDNS Authoritative Server 4.5.3 Message-ID: Hello! Today we published release 4.5.3 of the Authoritative Server. It contains several robustness fixes for the LMDB backend, and for the zone cache. Please find a full list in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com and packages for various Linux distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.5.html#change-4.5.3 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.5.3.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.5.3.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 914 bytes Desc: This is a digitally signed message part URL: