PowerDNS Blog

PowerDNS DNSdist 2.1.0 Released

Written by Remi Gacogne | Jul 2, 2026 9:01:38 AM

Today we are thrilled to be releasing PowerDNS DNSdist 2.1.0.

This new version brings several bug fixes since the first release candidate, including security issues that have been recently fixed in stable branches.

Compared to 2.0, 2.1 brings many new features:

  • OpenTelemetry tracing support has been added

  • Structured logging has been added

  • A and AAAA records can now be shuffled in the packet cache (Karel Bilek)

  • Lua parsers are now available for A, AAAA and CNAME records (Ensar Sarajčić)

  • A Lua hook can now be invoked on server state changes (@pacnal)

  • Add prepend and append methods to Lua DNSName

  • Export DNS flags via ProtoBuf

  • Add actions, methods and FFI functions to unset a tag

  • Implement "allowed rcodes/total" ratio dynamic rule

  • Subnets excluded from dynamic rules should not count towards thresholds

  • Add a Lua callback to validate health-check responses

  • IPCrypt2 PFX support has been added, to preserve network prefix relationships in encrypted output

It also contains many performance improvements:

  • Load-balancing policies are more efficient

  • Server selection using the load-balancing policy is now entirely skipped on cache hits

  • Holger Hoffstätte improved the "roundrobin" load-balancing policy

  • AF_XDP / XSK packets are now reused more efficiently

  • The in-memory ring buffers now support sampling to be able to retain data for a longer time period without keeping too many entries in memory

Please be aware that DNSdist now looks by default for a configuration file named "dnsdist.yml" in the systemd configuration directory, instead of "dnsdist.conf". It will however fall back for a "dnsdist.conf" file if there is no "dnsdist.yml" file, so existing configurations should still work as expected.

Other notable changes are the removal of DNS over HTTPS support via the h2o library, meaning DNS over HTTPS is now only available via the nghttp2 library.

Please see the DNSdist website for the more complete changelog and the current documentation. The upgrade guide is also available there.

Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.

The release tarball and its signature are available on the downloads website, and packages for several distributions are available from our repository.

Older release trains are supported for one year after the following major release. Consult the EOL policy for more details.