[Pdns-dev] First alpha release of dnsdist 1.6.0

Remi Gacogne remi.gacogne at powerdns.com
Tue Feb 2 13:10:45 UTC 2021


We are proud to announce the first alpha release of dnsdist 1.6.0. This
release contains several new exciting features, as well as improvements
and bug fixes.

In our view, the most exciting new feature is the support of
out-of-order processing for TCP and DNS over TLS connections.
Out-of-order processing makes it possible to have several concurrent
queries on the same TCP connection, and to receive the answers to these
queries as soon as they are ready. Along with connection reuse, this
reduces the overhead of TCP by a huge factor. Starting with 1.6.0,
dnsdist will accept up to 65536 concurrent queries on the same incoming
TCP connection, and will pass all of these to the backend over a single
connection as well, provided that the backend supports it. This feature
is not enabled by default, and can be enabled via the "maxInFlight"
parameter of the "addLocal"/"addTLSLocal" (client-side) and the
"newServer" (backend-side) commands.

This new version also brings support for accepting a Proxy Protocol
header on incoming connections, making it possible for a frontend to
provide dnsdist with the initial source and destination ports and
addresses, as well as custom values. dnsdist can then process, add and
remove values before passing the information to the backend. Chaining
two dnsdist instances has never been this easy!

Other new features include the ability to define custom web endpoints
in Lua 9676, to extend the existing API, as well as the ability to
create blazing-fast, lock-less per-thread custom load-balancing
policies using the Lua foreign function interface (FFI). 

Among the many improvements, dnsdist's packet cache no longer hashes
EDNS Cookies by default, which means that two queries that are
identical except for the content of their cookies will now be served
the same answer. Note that it might necessary to restore the existing
behaviour when dnsdist is in front of a backend actually using EDNS
Cookies, which can be done via the "cookieHashing" parameter to

Users of our own protocol buffer logging mechanism, or of dnstap, will
be happy to learn that we replaced our implementation based on Google's
protocol buffer library by a tremendously faster one, based on the
protozero library. This change results in much lower CPU utilization
and increased scalability in a transparent way..

If you intend to test this alpha release, for which we would be very
grateful, please be aware that a few actions and commands have been
renamed to clear some ambiguities. Almost all actions that allow
further processing of rules now start with 'Set', to prevent mistakes:
- "DisableECSAction" to "SetDisableECSAction"
- "DisableValidationAction" to "SetDisableValidationAction"
- "ECSOverrideAction" to "SetECSOverrideAction"
- "ECSPrefixLengthAction" to "SetECSPrefixLengthAction"
- "MacAddrAction" to "SetMacAddrAction"
- "NoRecurseAction" to "SetNoRecurseAction"
- "SkipCacheAction" to "SetSkipCacheAction"
- "TagAction" to "SetTagAction"
- "TagResponseAction" to "SetTagResponseAction"
- "TempFailureCacheTTLAction" to "SetAdditionalProxyProtocolValueAction"
- "SetNegativeAndSOAAction" to "NegativeAndSOAAction"

Some commands changing the order of the rules could have easily been
confused with the ones providing insight into the current traffic, and
have therefore also been renamed:
- "topCacheHitResponseRule" to "mvCacheHitResponseRuleToTop"
- "topResponseRule" to "mvResponseRuleToTop"
- "topRule" to "mvRuleToTop"
- "topSelfAnsweredResponseRule" to "mvSelfAnsweredResponseRuleToTop"

Please also note that the use of additional parameters on the
"webserver" command has been deprecated in favor of using

Regular users should not be impacted by this change, but packagers
should be aware that since 1.6.0 dnsdist now uses the C++17 standard
instead of the C++11 one it was previously using.

Please see the dnsdist website [1] for the more complete changelog [2]
and the current documentation.

Please send us all feedback and issues you might have via the mailing
list, or in case of a bug, via GitHub [3].

The tarball (signature) is available from our download server [4] and
packages for CentOS 7 and 8, Debian Buster and Ubuntu Bionic and Focal
are available from our repository [5].

With the future 1.6.0 final release, the 1.3.x releases will be EOL and
the 1.4.x releases will go into critical security fixes only mode.

We would also like to take this opportunity to announce that we will
stop supporting systems using 32-bit time. This includes 32-bit Linux
platforms like arm and i386 before kernel version 5.1.

Finally, we would like to thank the PowerDNS community and all external
contributors for their great work in this release, and in particular
Stephane Bakhos, Georgeto, Matti Hiljanen, Nuitari, Sukhbir Singh and
Mischan Toosarani-Hausberger!

[1]: https://dnsdist.org
[2]: https://dnsdist.org/changelog.html#change-1.6.0-alpha1
[3]: https://github.com/PowerDNS/pdns/issues/new/choose
[5]: https://repo.powerdns.com

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20210202/cc59d4bd/attachment.sig>

More information about the Pdns-dev mailing list