Hello!
We are very happy to release dnsdist 1.7.1 today, a maintenance release fixing a few bugs reported since 1.7.0:
- A use-after-free error could happen if a network error occurred in the middle of a XFR query, for a proxy-protocol-enabled backend, leading to a crash
- The TLS Server Name Indication was not properly set on outgoing DNS over HTTPS or DNS over TLS connections to a backend
- The health-check timeout was not properly set for outgoing DNS over HTTPS connections, leading to a very long timeout
- The outgoing protocol was not always properly set in our in-memory ring buffers
- Outgoing UDP timeouts were sometimes processed a bit too late when the health-check interval was set to more than one second
- Filtering qnames via eBPF was broken
- The dynamic block mechanism was not properly switching to eBPF filtering, when available, if the block action was not explicitly set
- The latency histogram was broken in our prometheus metrics
- Trying to create a 0-sized packet cache would lead to a crash
In addition to these fixes, our Docker images no longer have capability requirements. More information on that topic is available in our upgrade guide.
We also improved our compatibility with OpenSSL 3.0.0’s API.
As usual there were also other smaller enhancements and fixes, please see the dnsdist website for the more complete changelog and the current documentation.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.
We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features.
The release tarball and its signature are available on the downloads website, and packages for several distributions are available from our repository.