Today we again released two new versions of DNSdist, 1.9.14 and 2.0.5, fixing one regression introduced in 1.9.13 and 2.0.4, and several small issues that were not included in yesterday's security releases.
The regression introduced in 1.9.13 and 2.0.4 concerns the PRSD detection mechanism enabled with DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI, and causes an exception to be raised when accessing StatNode::fullname from the Lua visitor function.
The other issues fixed in this release are:
-
(1.9.14 and 2.0.5) When DNSdist is compiled in "single acceptor thread" mode, which is designed for embedded systems with low memory, a TCP worker thread was not always created by default, even when DOQ and DoH3 support was enabled, leading to a crash.
-
(2.0.5) The buffers allocated for recvmmsg might have been too large, wasting memory
-
(2.0.5) When the trustForwardForHeader option is used, and the upstream proxy did include X-Forwarded-For header for at least one query in an established connection but somehow does not include it for a subsequent query, DNSdist should reset the client address to the address of the proxy instead of using the last received one
-
(2.0.5): Fix handling of long HTTP/2 Date headers if the administrator explictly used a non-POSIX locale
-
(2.0.5): Detection of some TLS functions was missing when compiling with meson: TLS_client_method and gnutls_transport_set_fastopen
Please see the DNSdist website for the more complete ChangeLogs (1.9.14, 2.0.5) and the current documentation. The upgrade guide is also available there.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.
The release tarballs (1.9.14, 2.0.5) and their signatures (1.9.14, 2.0.5) are available on the downloads website, and packages for several distributions are available from our repository.
