We are very happy to release dnsdist 1.7.2 today, a maintenance release fixing a few bugs reported since 1.7.1:
- An unhandled exception could happen when an invalid protocol was used in an incoming DNS over HTTPS forwarded-for header and passed to the backend via the proxy protocol, leading to a use-after-free and a crash. Forwarded-for headers are not used by default and should only be used if the client can be trusted (#11667)
- An invalid proxy-protocol was sent to the backend, over TCP, if a query received via DNS over HTTPS resulted in a truncated UDP response from the backend (#11665)
- Some metrics lacked a proper description in our Prometheus endpoint (#11664)
- A side-effect of fixing the health-check timeout in 1.7.1 was leading to a CPU usage increase on devices that are mostly idle. We improved that situation, reducing the CPU usage even below what it was in 1.7.0 (#11579, #11580)
We also added a couple Lua bindings to make it easier to look into the DNS payload from custom Lua rules and actions (#11666).
Please see the dnsdist website for the more complete changelog and the current documentation.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.
We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features.
The release tarball and its signature are available on the downloads website, and packages for several distributions are available from our repository.