We are very happy to release dnsdist 1.7.2 today, a maintenance release fixing a few bugs reported since 1.7.1:
- An unhandled exception could happen when an invalid protocol was used in an incoming DNS over HTTPS forwarded-for header and passed to the backend via the proxy protocol, leading to a use-after-free and a crash. Forwarded-for headers are not used by default and should only be used if the client can be trusted (#11667)
- An invalid proxy-protocol was sent to the backend, over TCP, if a query received via DNS over HTTPS resulted in a truncated UDP response from the backend (#11665)
- Some metrics lacked a proper description in our Prometheus endpoint (#11664)
- A side-effect of fixing the health-check timeout in 1.7.1 was leading to a CPU usage increase on devices that are mostly idle. We improved that situation, reducing the CPU usage even below what it was in 1.7.0 (#11579, #11580)
We also added a couple Lua bindings to make it easier to look into the DNS payload from custom Lua rules and actions (#11666).
We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features.