We are thrilled to release the third alpha release of what will become PowerDNS DNSdist 1.9.0!
Let's first address the elephant in the room: the second alpha was never released due to a last-minute issue discovered in RPM packaging after the tag was pushed, so we went to alpha3 right away.
The most exciting new feature in this third alpha is support for DNS over QUIC, which combines the confidentiality and integrity capabilities of DNS over TLS and DNS over HTTPS without the overhead of TCP connections.
Our implementation is based on Cloudflare's Quiche, which has already been battle-tested by being used on their edge network and in Android's DNS resolver. We first selected Quiche as the building block for QUIC because the API is both simple and powerful, but also because it is written in Rust. Rust is a memory-safe language and significantly reduces the risk of security issues.
One annoying drawback is that Quiche has not yet been packaged in most Linux distributions. This is not an issue if you are using our packages, because we ship the latest release of Quiche along DNSdist, but it might make building DNSdist with DNS over QUIC support a bit harder if you are doing it on your own, as you will need to first compile Quiche. We hope that distributions will adopt Quiche in the near future.
In addition to DNS over QUIC, we also added a few new features:
We also fixed a few issues:
Please also note that, as we did for stable releases, we switched to our own fork of libh2o in order to mitigate CVE-2023-44487, also known as HTTP/2 rapid reset.
We still have a few surprises left for 1.9.0 final, but more on that later!
Please see the DNSdist website for the more complete changelog and the current documentation.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.
We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features.
The release tarball and its signature are available on the downloads website, and packages for several distributions are available from our repository.