[Pdns-users] First alpha release of PowerDNS DNSdist 2.0.0 released

[Remi Gacogne]

Hello!

Today we released the first alpha version of what will become PowerDNS 
DNSdist 2.0.0.

This is the first release featuring the whole new YAML configuration 
syntax for DNSdist. While the existing Lua configuration format will 
remain supported, the new YAML format is much more consistent, 
tremendously easier to understand, and can easily be processed by 
external tools. A bare-bone configuration file looks like this:

---
binds:
     - listen_address: "192.0.2.1:53"
       reuseport: true
       protocol: Do53
       threads: 2

backends:
     - address: "192.0.2.128:53"
       protocol: Do53
       pools:
         - ""

query_rules:
     - name: "Drop"
       selector:
         type: "QName"
         qname: "drop.dnsdist.org."
       action:
         type: "Drop"

Please be aware that the YAML configuration code has been written in the 
Rust programming language, so if you are compiling DNSdist from the 
source, you will need a Rust compiler to be able to use this optional 
feature.

This new release also comes with several new features:

- the ability to set tags from dynamic block rules, making it possible 
to postpone the actual action to the usual rule mechanism. This means 
that the whole set of selectors and actions can now be used in 
conjunction with dynamic rules
- a new response chain to apply rules to XFR (AXFR, IXFR) responses
- a new query chain to apply rules to queries after a cache miss
- DNS over HTTP3 metadata (headers, query string, path and scheme) can 
now be accessed from selectors and Lua script
- Custom HTTP responses are now supported with DNS over HTTP3
- Server Name Indication is now available for DNS over QUIC and DNS over 
HTTP3 queries, provided that DNSdist was compiled with a recent enough 
version of Quiche (>= 0.23.1)

Packagers will also note that this release is introducing a new build 
mechanism using meson. Meson provides a much cleaner way of detecting 
dependencies, does not generate a huge, almost impossible to read shell 
script, and thus reduces the attack surface for supply-chain attacks. 
While it's still possible to build DNSdist using the existing autotools 
build system, meson is now the preferred way of building DNSdist, and 
new features introduced from now on might not be supported via the 
autotools build system. Our own packages are now built using meson, 
switching to the clang compiler in the process, and we encourage all 
packages to move to meson if possible.

Other notable changes are the removal of the X-Proxied-For feature, and 
the fact that the h2o library is no longer used in our packages.

As this release introduces major changes, we invite everyone to test it 
as soon as possible to make sure that all existing use cases are still 
working properly, and that there is no performance degradation.

Please see the DNSdist website [1] for the more complete changelog [2] 
and the current documentation. The upgrade guide is also available there 
[3].

Please send us all feedback and issues you might have via the mailing 
list, or in case of a bug, via GitHub [4].

The release tarball [5] and its signature [6] are available on the 
downloads website, and packages for several distributions are available 
from our repository [7].

[1]: https://dnsdist.org
[2]: https://dnsdist.org/changelog.html#change-2.0.0-alpha1
[3]: https://dnsdist.org/upgrade_guide.html
[4]: https://github.com/PowerDNS/pdns/issues/new/choose
[5]:
https://downloads.powerdns.com/releases/dnsdist-2.0.0-alpha1.tar.xz
[6]:
https://downloads.powerdns.com/releases/dnsdist-2.0.0-alpha1.tar.xz.sig
[7]: https://repo.powerdns.com

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20250318/d65fc49c/attachment.sig>