First beta release of dnsdist 1.7.0

Nov 16, 2021
Hello!

We are happy to announce the first beta release of dnsdist 1.7.0!

We introduced a fair number of improvements and new features since the second alpha, and we will now iron out the documentation and fix any bugs before hopefully releasing the first release candidate very soon.

The main new feature is the ability to use the same outgoing TCP or DNS over TLS connection for queries coming from different clients, leading to a huge decrease of the number of outgoing connections needed when the backend supports out-of-order processing.

We also added the exact transport type to dnstap and protocol buffer messages, making it possible to differentiate between plaintext queries and DNS over HTTPS or DNS over TLS ones.

Recently Pierre Grié from Nameshield contributed an XDP program to reply to blocked UDP queries with a truncated response directly from the kernel, in a similar way to what we were already doing using eBPF socket filters. This beta finally adds support for eBPF pinned maps, allowing dnsdist to populate the maps using our dynamic blocking mechanism, and letting the external XDP program do the actual blocking or response.

Stéphane Bortzmeyer helped us pinpoint a few issues in the encryption between dnsdist and its backends, notably in the way the outgoing connections are cached while waiting to be reused. That could have led to a waste of memory piling up over time.

We also fixed an issue where the threads handling incoming DoH queries could have stopped processing responses when they were completely overloaded by TLS handshakes, leading to a degradation of performance.

The last issue was that a backend was not properly marked as non-available when a certain exception was raised during a health-check attempt.

Finally Rosen Penev contributed a lot of clean up changes to make sure that we make the best of what C++17 can offer.

Please see the dnsdist website for the more complete changelog and the current documentation.

Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.

The release tarball and its signature are available on the downloads website, and packages for several distributions are available from our repository.

With the future 1.7.0 final release, the 1.4.x releases will be EOL and the 1.5.x and 1.6.x releases will go into critical security fixes only mode.

About the author

Remi Gacogne

Remi Gacogne

Senior Developer at PowerDNS

Categories

Related Articles

PowerDNS Authoritative Server 4.9.0

This is release 4.9.0 of the Authoritative Server. It brings a few new features, and a collection of small improvements and...

Peter van Dijk Mar 15, 2024

Improving DNSdist performance with AF_XDP

This is the second in a series of three blog posts we are publishing about recent innovative developments with respect to...

Neil Cook Mar 15, 2024

PowerDNS DNSdist 1.9.1

We released PowerDNS DNSdist 1.9.1 today. This version brings no functional changes, and only bumps the version of the...

Remi Gacogne Mar 14, 2024

PowerDNS Recursor: Extended DNS Errors Help You Troubleshooting

This is the seventh episode of a series of blog posts we are publishing, mostly around recent developments with respect to...

Otto Moerbeek Mar 12, 2024