We released PowerDNS DNSdist 2.0.2 today, fixing several issues:
- the wrong reply address was used when using DNS over QUIC or DNS over HTTP/3 on FreeBSD
- query rules were not processed after setting a tag from a dynamic rule
- selecting the Lua version to use was not possible when building with meson
- rules executed from a timeout when invoked without a valid DNS header, causing issues with some selectors and actions
- large UDP responses received via AF_XDP/XSK were not always properly processed
- the round-robin load-balancing policy was not using an atomic counter, and could thus have a bias
- meta protocol buffer keys were not properly passed from query to response
- setting the hash perturbation to a custom value from YAML was not working properly
- TCP connections to backends could fail on macOS and some BSD systems
- invalid regular expressions from YAML are now properly handled
- unknown selectors and policies in YAML could lead to a crash when parsing the configuration
- "TimedIPSet" objects can now be used from YAML
- errors in Lua traceback handlers are now properly handled
- we added a workaround for a memory leak present in OpenSSL 3.6.0
A few performance improvements were also made:
- inserting into the in-memory rings is a bit faster
- using "recvmmsg" is now be faster
- change bogusV4/bogusV6 addresses to static constants to avoid parse in every call (delichik)
- the default maximum number of descriptors has been raised to 1M
- the FFI "alternate name" interface has been refactored
And the following new features were added:
- a new selector to match the incoming protocol
- a Date: response header is now included for rejected HTTP/1 requests
Please see the DNSdist website for the changelog and the current documentation.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.
The release tarball and its signature are available on the downloads website, and packages for several distributions are available from our repository.