The all-rounder DNSdist 2.0 is here

DNSdist is a powerful and versatile tool designed for a wide range of use cases. This is likely why DNSdist optimizes DNS traffic for hundreds of millions of internet users every day. Today, we are excited to announce the release of our PowerDNS-allrounder: DNSdist 2.0!

The brand-new DNSdist 2.0 is now fully configurable in YAML. YAML is a data serialization language designed for simplicity and readability. Its standardized format for representing structured data is easy to understand for humans and machine-readable. With YAML support in DNSdist 2.0, configuring DNSdist in plain YAML and tailoring it for specific needs has never been easier – whether you're a commercial PowerDNS customer or a community user. Additionally, this new version allows for seamless integration into cloud environments, where YAML is the de facto standard for configuration.

Previously, DNSdist could only be configured using Lua scripts. While Lua is a lightweight and flexible programming language, configuring DNSdist with Lua requires considerable expertise in both Lua programming and DNS internals. You need to write Lua code or use Lua functions to define parameters that dictate DNSdist's behavior. However, DNSdist 2.0 still supports Lua for advanced configurations that require the flexibility of a full-fledged programming language, such as defining a custom visitor_function for DynamicBlocks.

The introduction of YAML support in DNSdist is part of a broader initiative to simplify and unify configuration mechanisms across PowerDNS products. PowerDNS Recursor has supported YAML configuration since version 5.0, and the newly introduced DNSdist add-on, DNSdist Defender, also comes with YAML support. With the 2.0 release, DNSdist now aligns with this unified approach.

Originally designed as a DNS-aware load balancer, DNSdist has evolved into a powerful solution for various DNS challenges. DNSdist 2.0 continues this evolution, offering support for multiple use cases:

• Load Balancing: DNSdist intelligently distributes traffic of your users to the most suitable server using a range of high-availability and traffic distribution techniques, ensuring optimal performance.
• Caching: By caching DNS queries, DNSdist reduces response times, enhances the experience for your users, and improves reliability in case a primary DNS server fails.
• Encryption: DNSdist encrypts traffic between the client and the load balancer with support for DoT, DoH, DoQ, and DoH3, enhancing user privacy and protecting personal data from interception and profiling.
• Protection: The DNSdist add-on, DNSdist Defender, acts as a DNS firewall, offering comprehensive protection against DNS misuse, including DNS tunneling, data exfiltration, PRSD attacks, DNS reflection/amplification, and C2 attempts.
• CPE Security Enhancement: DNSdist provides encryption and enables filtering on routers, safeguarding user traffic right at the first mile of the internet connection – before it even reaches your ISP network.

When it comes to deployment, DNSdist again offers exceptional flexibility. It can be deployed conventionally in front of the PowerDNS Recursor while also working seamlessly with legacy DNS resolvers. This means you can take advantage of DNSdist’s capabilities without needing to overhaul your existing DNS infrastructure. Many mobile operators deploy DNSdist on edge nodes within their 5G networks, bringing its benefits closer to end users and enabling key 5G features such as tiered caching at the network edge.

DNSdist can be deployed on bare metal, as part of Virtual Network Functions (VNF), or in cloud-native environments. Increasingly, it is implemented via PowerDNS Cloud Control on Kubernetes clusters using Helm charts. A cloud-native deployment of DNSdist enables automatic scaling and efficient management of large-scale instances while maintaining full feature support.  DNSdist is a true all-rounder – reach out to us, and we’ll help you unlock its full potential!