[Pdns-users] Third Alpha Release of DNSDist 1.6.0

Remi Gacogne remi.gacogne at powerdns.com
Mon Mar 29 09:05:12 UTC 2021


Hi everyone,

We are happy to announce the third alpha release of dnsdist 1.6.0. This
release contains a few fixes for issues reported in the second release
candidate:

- DNS over HTTPS queries with a non-zero ID were not properly handled.
  Very few DoH clients actually send an ID with a value different than
  0 but it does happen and is allowed by RFC 8484. Many thanks to Frank
  Denis for reporting the issue!
- The connect timeout was not used for outgoing TCP connections, and
  the write timeout was used instead.

In addition to these fixes, several improvements were made:

- Reduced memory usage for idle DNS over HTTPS and DNS over TLS
  connections, saving roughly 35 kB per connection.
- Smarter caching of outgoing TCP connections, ability to configure the
  number of concurrent incoming TCP connections per frontend, with more
  metrics.
- Sharding has been enabled in the ring buffers and the packet cache by
  default, leading to better performance in the default configuration.
- TLS renegotiation is now disabled by default, to prevent issues like
  CVE-2021-3449 in the future.

Please see the dnsdist website [1] for the more complete changelog [2]
and the current documentation.

Please send us all feedback and issues you might have via the mailing
list, or in case of a bug, via GitHub [3].

Release tarballs are available on the downloads website [4], and
packages for CentOS 7 and 8, Debian Buster and Ubuntu Bionic and Focal
are available from our repository [5].

With the future 1.6.0 final release, the 1.3.x releases will be EOL and
the 1.4.x releases will go into critical security fixes only mode.

We would also like to take this opportunity to announce that we will
stop supporting systems using 32-bit time. This includes 32-bit Linux
platforms like arm and i386 before kernel version 5.1.

[1]: https://dnsdist.org
[2]: https://dnsdist.org/changelog.html#change-1.6.0-alpha3
[3]: https://github.com/PowerDNS/pdns/issues/new/choose
[4]:
https://downloads.powerdns.com/releases/dnsdist-1.6.0-alpha3.tar.bz2
[5]: https://repo.powerdns.com

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210329/53e4624d/attachment.sig>


More information about the Pdns-users mailing list