We released PowerDNS DNSdist 1.9.7 today, fixing several issues:
A race condition in the processing of incoming DNS over TLS connections could cause a crash if TLS certificates were reloaded from the console while processing a TLS handshake
Processing a proxy protocol payload present outside of the TLS layer was broken for incoming DNS over TLS connections
The byte-ordering of EDNS flags was reversed after some operations, like setting an extended DNS error status
EDNS was not properly added to responses generated from raw record data, preventing for example the use of extended DNS error statuses
eBPF filtering did interact badly with DNS over QUIC and DNS over HTTP3 queries
The expiry timestamp reported by the Lua binding for Dynamic Blocks could not be used easily
Removing a server early could cause an error because the default pool did not exist yet
A few improvements were also made:
Timeouts are no longer reported by topSlow, and can instead be examined with topTimeouts
Passing a large value to setMaxTCPClientThreads now triggers a warning
A Lua FFI binding has been added to access incoming proxy protocol values
The Rust version we use to build our packages was upgraded to 1.78
The Quiche library used for QUIC was upgraded to 0.22.0 in our packages
We also fixed two minor incompatibility issues preventing DNSdist from being built with newer versions of gcc, clang and the Boost library.
Please see the DNSdist website for the changelog and the current documentation.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.
The release tarball and its signature are available on the downloads website, and packages for several distributions are available from our repository.