We released PowerDNS DNSdist 1.9.7 today, fixing several issues:
-
A race condition in the processing of incoming DNS over TLS connections could cause a crash if TLS certificates were reloaded from the console while processing a TLS handshake
-
Processing a proxy protocol payload present outside of the TLS layer was broken for incoming DNS over TLS connections
-
The byte-ordering of EDNS flags was reversed after some operations, like setting an extended DNS error status
-
EDNS was not properly added to responses generated from raw record data, preventing for example the use of extended DNS error statuses
-
eBPF filtering did interact badly with DNS over QUIC and DNS over HTTP3 queries
-
The expiry timestamp reported by the Lua binding for Dynamic Blocks could not be used easily
-
Removing a server early could cause an error because the default pool did not exist yet
A few improvements were also made:
-
Timeouts are no longer reported by topSlow, and can instead be examined with topTimeouts
-
Passing a large value to setMaxTCPClientThreads now triggers a warning
-
A Lua FFI binding has been added to access incoming proxy protocol values
-
The Rust version we use to build our packages was upgraded to 1.78
-
The Quiche library used for QUIC was upgraded to 0.22.0 in our packages
We also fixed two minor incompatibility issues preventing DNSdist from being built with newer versions of gcc, clang and the Boost library.
Please see the DNSdist website for the changelog and the current documentation.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.
The release tarball and its signature are available on the downloads website, and packages for several distributions are available from our repository.