Skip to content

DNSdist 1.5.0 delivers enhancements for DoH and better performance

Jul 31, 2020 4:16:00 PM

Open-Xchange has launched the latest version of DNSdist – our unique DNS proxy and load balancer that optimizes the internet experience of hundreds of millions of internet subscribers.

It is a major driver of DNS encryption and powers some significant production DNS over HTTPS (DoH) environments, as well as pilots for a range of international big telcos. It also ensures the best possible performance of DNS deployments and optimizes DNS traffic in front of the PowerDNS Recursor (or existing legacy recursive DNS servers), delivering low latency responses to subscribers based on location, time and content.

In addition, DNSdist is highly optimized to protect against malicious and abusive traffic such as DDoS attacks and DNS tunneling, and includes a flexible policy engine to enable new rules and filters to be created and combined to suit the characteristics of local traffic.

PowerDNS DNSdist 1.5.0 comes with performance enhancements and offers improvements in areas including DNS encryption and per device security.

DNSdist 1.4.0, which launched in November 2019, introduced two standards to encrypt DNS traffic, DNS over TLS (DoT) and DoH. Both of these protocols provide privacy and integrity protection for DNS traffic and are used to encrypt the traffic between the DNS client (e.g. laptop, mobile device, IoT device, etc.) and the DNS resolver.

DNSdist 1.4.0 is currently involved in a range of trials with large network providers, including BT in the UK, which understands the importance of keeping DNS available at the Internet Service Provider. This brings advantages to both to end-users, in terms of latency and access to local content caches, and the network itself, as it offers better control over CDN caching and control over the end-to-end latency experience for subscribers.

To further support the use of DNS encryption, DNSdist 1.5.0 comes with a number of DoH improvements, such as the interaction with generic HTTPS caches through a cache control header. The cache control header allows setting the lowest DNS time to live (TTL) for the generic cache, forcing the cache to be cleared at the minimum expiration time.

DNSdist 1.5.0 also further extends PowerDNS’ endpoint security capabilities and enables specific per device filtering options for parental controls and malware protection. This is done via a proxy protocol, which provides the information needed for automated decision-making and autonomous actions.

Finally, DNSdist 1.5.0 also improves the overall load balancer’s performance to ensure the best possible performance is gained in every DNS installation. This includes:

  • Custom Lua rules that now enable DNSdist to adapt to individual needs without impacting performance;
  • The ability to balance traffic over all backends equally when desired, so that no individual backend handles significantly more traffic than others;
  • Quicker overall checkups based on parallel – instead of sequential – health checks for installations with a large number of backends;
  • Overall performance improvement for logging queries.

For more information on PowerDNS DNSdist 1.5.0 please contact us.

 

Back to overview

Related Articles

DNS encryption in PowerDNS: where we are

Alexander ter Haar July 13, 2021

Back in 2018, when the IETF introduced two standards on DNS encryption, PowerDNS was amongst the fi...

PowerDNS releases DNSdist 1.6.0

Alexander ter Haar May 21, 2021

PowerDNS is pleased to announce the release of DNSdist 1.6.0, the latest version of its state-of-th...

BT starts DoH trial with DNSdist

Neil Cook March 19, 2020

It is very likely that you heard and read a lot about the importance of DNS encryption in the last ...

Encrypt your DNS traffic with DNSdist 1.4.0

Alexander ter Haar November 27, 2019

Open-Xchange is excited to announce the release of a new version of its DNS loadbalancer DNSdist. D...