We are very happy to be releasing the first alpha release of what will become DNSdist 1.9.0!
The most important change since 1.8.1 is that incoming DNS over HTTPS requests are now handled by the nghttp2 library, instead of the h2o one. This change should be transparent for most users, since we made sure to preserve the existing features and configuration directives. Switching to nghttp2 allows us to support hardware acceleration for TLS exchanges, using for example Linux's kTLS or Intel Quick-Assist Technology. It also reduces our footprint on low-end devices by not requiring an additional library, since nghttp2 was already used for outgoing DNS over HTTPS requests. Finally, while it was a long time coming, h2o is officially no longer maintained in a way that makes it possible to use it as a stable library. Technically it will still be possible to revert to the use of h2o for incoming DNS over HTTPS in DNSdist 1.9.x, but we will remove that support after that.
We have made a lot of small improvements since 1.8.x as well, like adding Lua bindings to access selectors and actions, more fields of a DNS header in Lua actions, and adding metrics for health-check events.
We still have several wonderful features planned for 1.9.0 that have not been merged yet, but rest assured that the final release will not be boring!
Packagers need to be aware that SNMP support is no longer enabled by default, as it had been causing integration issues in some environments for a while, but it's still enabled in our packages.
Speaking of packages, we are now publishing SLSA attestations along with our packages, making it possible to verify how exactly they were built and reproduce our workflow, providing strong guarantees against supply-chain attacks. Please get in touch if you want to know more!
We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features.