Changelog¶

1.4.0-rc3¶

Released: 30th of September 2019

Improvements¶

Display the DoH and DoT binds in the web view¶
References: pull request 8264
Allow accepting DoH queries over HTTP instead of HTTPS¶
References: pull request 8267
Implement TLS session ticket keys management for DoH¶
References: pull request 8349
Clean up our interactions with errno¶
References: #7845, pull request 8083
Remove the ‘blockfilter’ stat from the web view¶
References: #5514, pull request 8265
Fix some spelling mistakes noticed by lintian (Chris Hofstaedtler)¶
References: pull request 8268
dnsdistconf.lua use non-deprecated versions for 1.4.0 (phonedph1)¶
References: pull request 8285
Better use of labels in our DoH prometheus export¶
References: pull request 8318

Bug Fixes¶

Fix the newCDBKVStore console completion when LMDB is not enabled (phonedph1)¶
References: pull request 8281
Allow configure CDB_CFLAGS to work (phonedph1)¶
References: pull request 8283
Fix the warning message on an invalid secpoll answer¶
References: pull request 8303
Don’t connect to remote logger in client/command mode¶
References: #8300, pull request 8304

1.4.0-rc2¶

Released: 2nd of September 2019

New Features¶

Add support for early DoH HTTP responses¶
References: pull request 8206
Add a KeyValueStoreLookup action based on CDB or LMDB¶
References: pull request 8139

Improvements¶

Add minTLSVersion for DoH and DoT¶
References: #8202, pull request 8207
Split dnsdist-lua-bindings.cc to reduce memory consumption during compilation¶
References: pull request 8250
Add a Lua binding for dynBlockRulesGroup:setQuiet(quiet)¶
References: pull request 8252

misc¶

Update h2o to 2.2.6, fixing CVE-2019-9512, CVE-2019-9514 and CVE-2019-9515 for repo.powerdns.com packages¶
References: pull request 8200

1.4.0-rc1¶

Released: 12th of August 2019

New Features¶

Add OCSP stapling (from files) for DoT and DoH¶
References: #7812, pull request 8141
Add support for custom DoH headers (Melissa Voegeli)¶
References: #7957, #7900, pull request 8148
Add lua bindings, rules and action for DoH¶
References: #8133, pull request 8153
Implement ContinueAction()¶
References: pull request 8117

Improvements¶

Send better HTTP status codes, handle ACL drops earlier¶
References: pull request 7917
Add more stats about DoH HTTP responses¶
References: #7898, pull request 7933
Improve error messages for DoT issues¶
References: pull request 7978
Accept more than one certificate in addDNSCryptBind()¶
References: #8020, pull request 8042
Disallow TCP disablement¶
References: pull request 7860
Update boost.m4 to the latest version¶
References: pull request 7862
Print stats from expungeByName (Matti Hiljanen)¶
References: pull request 7909
Squelch unused function warning¶
References: #7950, pull request 7952
SuffixMatchNode:add(): accept more types¶
References: pull request 7985
Explicitly align the buffer used for cmsgs¶
References: #7981, pull request 7990
Add quiet parameter to NetmaskGroupRule¶
References: pull request 7992
Clear cmsg_space(sizeof(data)) in cmsghdr to appease Valgrind¶
References: #7981, pull request 7996
Add static assertions for the size of the src address control buffer¶
References: pull request 8007
Don’t create temporary strings to escape DNSName labels¶
References: pull request 8013
Display TCP/DoT queries and responses in verbose mode, opcode in grepq¶
References: pull request 8024
Be a bit more explicit about what failed in testCrypto()¶
References: pull request 8025
Update URLs to use HTTPS scheme (Chris Hofstaedtler)¶
References: pull request 8110
Double-check we only increment the outstanding counter once¶
References: pull request 8113
ext/ipcrypt: ship license in tarballs (Chris Hofstaedtler)¶
References: #8108, pull request 8135
Use a counter to mark IDState usage instead of the FD¶
References: pull request 8154
Increase the default value of setMaxUDPOutstanding to 65535¶
References: pull request 8175

Bug Fixes¶

Properly override the HTTP Server header for DoH¶
References: #7894, pull request 7911
Exit when requested DoT/DoH support is not compiled in¶
References: pull request 7915
Proper HTTP response for timeouts over DoH¶
References: #7917, pull request 7927
Prevent a dangling DOHUnit pointer when send() failed¶
References: pull request 8112
Skip non-dnscrypt binds in showDNSCryptBinds()¶
References: #8014, pull request 8015
SuffixMatchTree: fix root removal, partial match of non-leaf nodes
¶
References: pull request 7886
Deduplicate frontends entries with carbon and prometheus¶
References: #7933, pull request 7934
Update boost.m4¶
References: #8084, #6942, pull request 7951
Fix short IOs over TCP¶
References: #7971, pull request 7974
Fix handling of backend connection failing over TCP¶
References: pull request 7979
Insert the response into the ringbuffer right after sending it¶
References: pull request 8003
Handle ENOTCONN on read() over TCP¶
References: #8021, pull request 8030
Make sure we always compile with BOOST_CB_ENABLE_DEBUG set to 0¶
References: pull request 8067
Catch exceptions thrown when handling a TCP response¶
References: pull request 8078
Fix unlimited retries when TCP Fast Open is enabled¶
References: pull request 8079
M4/systemd.m4: fail when systemctl is not available¶
References: pull request 8081
Fix a typo in the Server’s latency description for Prometheus (phonedph1)¶
References: pull request 8105
Console: flush cout after printing g_outputbuffer (Doug Freed)¶
References: #8130, pull request 8131
Fix signedness issue in isEDNSOptionInOpt()¶
References: pull request 8158

1.4.0-beta1¶

Released: 6th of June 2019

New Features¶

Implement SNIRule for DoT and DoH¶
References: #7210, pull request 7825

Improvements¶

Support Prometheus latency histograms (Marlin Cremers)¶
References: #6088, pull request 7853

Bug Fixes¶

DoH: Don’t let ‘self’ dangling while parsing the request’s qname, this could lead to a crash¶
References: #7810, pull request 7814
Fix minor issues reported by Coverity¶
References: pull request 7823
Remove second, incomplete copy of lua EDNSOptionCode table¶
References: pull request 7833

1.4.0-alpha2¶

Released: 26th of April 2019

New Features¶

Add DNS over HTTPS support based on libh2o¶
References: #7526, #6911, pull request 7726

Improvements¶

Ignore Path MTU discovery on UDP server socket¶
References: pull request 7410
Alternative solution to the unaligned accesses.¶
References: pull request 7708

Bug Fixes¶

Exit when setting ciphers fails (GnuTLS)¶
References: pull request 7718

1.4.0-alpha1¶

Released: 12th of April 2019

New Features¶

Make recursor & dnsdist communicate (ECS) ‘variable’ status¶
References: pull request 7209
Add namespace and instance variable to carbon key (Gibheer)¶
References: #6941, #2362, pull request 6959
Allow NoRecurse for use in dynamic blocks or Lua rules (phonedph1)¶
References: pull request 7087
Expose secpoll status¶
References: #7194, pull request 7197
Add an optional ‘checkTimeout’ parameter to ‘newServer()’¶
References: #7236, pull request 7323
Add a ‘rise’ parameter to ‘newServer()’¶
References: #7237, pull request 7322
Add a ‘keepStaleData’ option to the packet cache¶
References: #7239, pull request 7310
Expose trailing data (Richard Gibson)¶
References: #6846, #6897, pull request 6967
Add option to set interval between health checks (1848)¶
References: pull request 7142
Add EDNS unknown version handling (Dmitry Alenichev)¶
References: pull request 7406
DNSNameSet and QNameSetRule (Andrey)¶
References: pull request 7537
Add support for encrypting ip addresses #gdpr¶
References: #6242, pull request 7481
Add ‘setSyslogFacility()’¶
References: #5653, pull request 7677
Add ‘reloadAllCertificates()’¶
References: pull request 7676

Improvements¶

Fix warnings, mostly unused parameters, reported by -wextra¶
References: pull request 7168
Add optional uuid column to showServers()¶
References: pull request 7191
Configure –enable-pdns-option –with-third-party-module (Josh Soref)¶
References: pull request 7026
Drop remaining capabilities after startup¶
References: pull request 7138
More sandboxing using systemd’s features¶
References: pull request 6634
Reduce systemcall usage in Protobuf logging¶
References: pull request 7428
Resync YaHTTP code to cmouse/yahttp@11be77a1fc4032 (Chris Hofstaedtler)¶
References: pull request 7433
Pass empty response (Dmitry Alenichev)¶
References: pull request 7431
Change the way getRealMemusage() works on linux (using statm)¶
References: pull request 7502
Prevent 0-ttl cache hits
¶
References: #7534, pull request 7585
Add addDynBlockSMT() support to dynBlockRulesGroup¶
References: #7139, pull request 7343
Add frontend response statistics (Matti Hiljanen)¶
References: pull request 7578
Remove addLuaAction and addLuaResponseAction¶
References: pull request 7670
Refactoring of the TCP stack¶
References: #7526, #4814, pull request 7559
Prevent a conflict with BADSIG being clobbered¶
References: #7556, pull request 7692
Switch to the new ‘newPacketCache()’ syntax for 1.4.0¶
References: pull request 7689
Move constants to proper namespace¶
References: pull request 7678
Unify the management of DNS/DNSCrypt/DoT frontends¶
References: pull request 7694
Fix compiler warning about returning garbage (Adam Majer)
¶
References: pull request 7167

Bug Fixes¶

Protect GnuTLS tickets key rotation with a read-write lock¶
References: pull request 7256
Check that SO_ATTACH_BPF is defined before enabling eBPF¶
References: pull request 7267
Fix off-by-one in mvRule counting¶
References: pull request 7426
Don’t convert nsec to usec if we need nsec¶
References: pull request 7520
Fix setRules()¶
References: pull request 7594
Handle EAGAIN in the GnuTLS DNS over TLS provider¶
References: pull request 7560
Gracefully handle a null latency in the webserver’s js¶
References: #7461, pull request 7586
EDNSOptionView improvements¶
References: pull request 7652
Honor libcrypto include path¶
References: #7481, pull request 7674

1.3.3¶

Released: 8th of November 2018

New Features¶

Add consistent hash builtin policy¶
References: #6932, pull request 6939, pull request 6737
Add EDNSOptionRule¶
References: pull request 6803
Add DSTPortRule (phonedph1)¶
References: pull request 6813
Make getOutstanding usable from both lua and console (phonedph1)¶
References: pull request 6826
Added :excludeRange and :includeRange methods to DynBPFFilter class (Reinier Schoof)¶
References: pull request 6856
Add Prometheus stats support (Pavel Odintsov, Kai S)¶
References: #4947, #6002, pull request 3935, pull request 7089, pull request 6343, pull request 6901, pull request 7007
Name threads in the programs¶
References: #6974, pull request 6997
Support the NXDomain action with dynamic blocks¶
References: #6908, pull request 7075
Add security polling¶
References: pull request 7115
Add a PoolAvailableRule to easily add backup pools (Robin Geuze)¶
References: pull request 7140

Improvements¶

Get rid of some allocs/copies in DNS parsing¶
References: pull request 6831
Set a correct EDNS OPT RR for self-generated answers¶
References: #4857, #6348, pull request 6847
Fix a sign-comparison warning in isEDNSOptionInOPT()¶
References: pull request 6877
Add warning rates to DynBlockRulesGroup rules¶
References: #6907, pull request 6986
Add support for exporting a server id in protobuf
¶
References: #6990, #7004, pull request 7015
dnsdist did not set TCP_NODELAY, causing needless latency¶
References: pull request 7030
Add a setting to control the number of stored sessions¶
References: pull request 7062
Wrap GnuTLS and OpenSSL pointers in smart pointers
¶
References: #7060, pull request 7064
Add a ‘creationOrder’ field to rules¶
References: #6909, pull request 7078
Fix return-type detection with boost 1.69’s tribool¶
References: #7091, pull request 7092
Fix format string issue on 32bits ARM¶
References: #7096, pull request 7104
Wrap TCP connection objects in smart pointers¶
References: pull request 7108
Add the setConsoleOutputMaxMsgSize function¶
References: #7084, pull request 7109
Add the ability to update webserver credentials¶
References: #7112, pull request 7117

Bug Fixes¶

Display dynblocks’ default action, None, as the global one¶
References: pull request 6835
Fix compilation when SO_REUSEPORT is not defined¶
References: pull request 6956
Release memory on DNS over TLS handshake failure¶
References: pull request 7060
Handle trailing data correctly when adding OPT or ECS info¶
References: #6896, pull request 7165

1.3.2¶

Released: 10th of July 2018

Bug Fixes¶

Add missing include for PRId64, fix build on CentOS 6 / SLES 12¶
References: pull request 6785

1.3.1¶

Released: 10th of July 2018

New Features¶

Add support for more than one TLS certificate¶
References: #6450, pull request 6524
Add a negative ttl option to the packet cache¶
References: #6579, pull request 6740
Add the ability to dump a summary of the cache content¶
References: pull request 6749
Add netmask-based {ex,in}clusions to DynblockRulesGroup¶
References: pull request 6760
Add DNSAction.NoOp to debug dynamic blocks¶
References: #6703, pull request 6776
Add SetECSAction to set an arbitrary outgoing ecs value¶
References: #6404, pull request 6734
Add support for rotating certificates and keys¶
References: pull request 6764

Improvements¶

Remove thelog and thel and replace this with a global g_log¶
References: #6357, pull request 6358
Fix two small nits on the documentation¶
References: pull request 6422
Move the el6 dnsdist package to upstart¶
References: #6394, pull request 6426
CLI option improvements (Chris Hofstaedtler)¶
References: #6433, pull request 6435
Split pdns_enable_unit_tests (Chris Hofstaedtler)¶
References: pull request 6436
Re-do lua detection¶
References: #6423, pull request 6445, pull request 6470, pull request 6457
Docs: fix missing ref in the dnsdist docs¶
References: pull request 6460
Be more permissive in wrandom tests, log values on failure¶
References: pull request 6502
Tests: avoid failure on not-so-optimal distribution
¶
References: #6430, pull request 6523
Add syntax to dns.proto to silence compilation warning.¶
References: pull request 6577
Fix warnings reported by gcc 8.1.0¶
References: pull request 6590
Document setVerboseHealthchecks()¶
References: #6483, pull request 6592
Update dq.rst (phonedph1)¶
References: pull request 6615
Fix rpm scriptlets¶
References: pull request 6641
Don’t copy unitialized values of SuffixMatchTree¶
References: pull request 6637
Expose toString of various objects to Lua (Chris Hofstaedtler)¶
References: pull request 6684
Remove ‘expired’ states from MaxQPSIPRule¶
References: pull request 6674
Mark the remote member of DownstreamState as const¶
References: #6664, pull request 6688
Test the content of dynamic blocks using the API¶
References: #6706, pull request 6710
Default set “connection: close” header for web requests¶
References: #6532, pull request 6711
Update timedipsetrule.rst (phonedph1)¶
References: pull request 6717
Don’t access the TCP buffer vector past its size¶
References: #6712, pull request 6716
Show droprate in API output¶
References: pull request 6563
Refuse console connection without a proper key set¶
References: #6709, #6683, pull request 6715
Use LRU to clean the MaxQPSIPRule’s store¶
References: pull request 6726
Disable maybe uninitialized warnings with boost optional¶
References: pull request 6769
Luawrapper: report caught std::exception as lua_error¶
References: #6541, pull request 6658
Dnstap.rst: fix some editing errors (Chris Hofstaedtler)¶
References: pull request 6602
Allow known exception types to be converted to string¶
References: #6535, pull request 6541

Bug Fixes¶

Initialize the done variable in the rings’ unit tests¶
References: pull request 6425
Reorder headers to fix OpenBSD build¶
References: pull request 6429
Restrict value range for weight parameter, avoid sum overflows dropping queries (Dan McCombs)¶
References: pull request 6448
Fix reconnection handling
¶
References: pull request 6672
Dynamic blocks were being created with the wrong duration (David Freedman)¶
References: pull request 6706
Limit qps and latency to two decimals in the web view¶
References: #6442, pull request 6718
Check the flags to detect collisions in the packet cache¶
References: pull request 6747
Fix iterating over the results of exceed*() functions¶
References: pull request 6762
Fix duration false positive in the dynblock regression tests¶
References: pull request 6767
Implement NoneAction()¶
References: #6758, pull request 6775
Detect ECS collisions in the packet cache¶
References: #6747, pull request 6754
Fix an outstanding counter race when reusing states¶
References: pull request 6773

1.3.0¶

Released: 30th of March 2018

New Features¶

Add an optional status parameter to Server:setAuto().¶
References: pull request 5625
Add inClientStartup() function.¶
References: pull request 6072
Add tag-based routing of queries.¶
References: pull request 6037
Add experimental DNS-over-TLS support.¶
References: pull request 6176, pull request 6177, pull request 6117, pull request 6175, pull request 6189
Add simple dnstap support (Justin Valentini, Chris Hofstaedtler).¶
References: pull request 5201, pull request 6170
Add experimental XPF support based on draft-bellis-dnsop-xpf-04.¶
References: #5654, #5079, pull request 6220, pull request 5594
Add ERCodeRule() to match on extended RCodes (Chris Hofstaedtler).¶
References: pull request 6147
Add TempFailureCacheTTLAction() (Chris Hofstaedtler).¶
References: pull request 6003
Add DynBlockRulesGroup to improve processing speed of the maintenance() function by reducing memory usage and not walking the ringbuffers multiple times.¶
References: pull request 6391
Add console ACL functions.¶
References: #4654, pull request 6399
Allow adding EDNS Client Subnet information to a query before looking in the cache. This allows serving ECS enabled answers from the cache when all servers in a pool are down.¶
References: #6098, pull request 6400

Improvements¶

Add cache sharding, recvmmsg and CPU pinning support. With these, the scalability of dnsdist is drastically improved.¶
References: #5202, #5859, pull request 5576, pull request 5860
Add burst option to MaxQPSIPRule() (42wim).¶
References: pull request 5970
Add Pools, cacheHitResponseRules to the API.¶
References: pull request 6022
Add a class option to health checks.¶
References: #5748, pull request 5929
Add UUIDs to rules, this allows tracking rules through modifications and moving them around.¶
References: pull request 6030
Apply ResponseRules to locally generated answers (Chris Hofstaedtler).¶
References: #6182, pull request 6185
Report LuaAction() and LuaResponseAction() failures in the log and send SERVFAIL instead of not answering the query (Chris Hofstaedtler).¶
References: pull request 6283
Unify global statistics accounting (Chris Hofstaedtler).¶
References: pull request 6289
Speed up the processing of large ring buffers. This change will make dnsdist more scalable with a large number of different clients.¶
References: pull request 6366, pull request 6350
Make custom addLuaAction() and addLuaResponseAction() callback’s second return value optional.¶
References: #6346, pull request 6363
Add “server-up” metric count to Carbon Reporting (Lowell Mower).¶
References: pull request 6327
Add xchacha20 support for DNSCrypt.¶
References: pull request 6045, pull request 6382
Scalability improvement: Add an option to use several source ports towards a backend.¶
References: pull request 6317
Add ‘?’ and ‘help’ for providing help() output on dnsdist -c (Kirill Ponomarev, Chris Hofstaedtler).¶
References: #4845, pull request 5866, pull request 6375
Replace the Lua mutex with a rw lock to limit contention. This improves the processing speed and parallelism of the policies.¶
References: pull request 6190, pull request 6381
Ensure dnsdist compiles on NetBSD (Tom Ivar Helbekkmo).¶
References: pull request 6146
Also log eBPF dynamic blocks, as regular dynamic block already are.¶
References: #5845, pull request 5845
Ensure large numbers are shown correctly in the API.¶
References: #6211, pull request 6401
Add option to showRules() to truncate the output length.¶
References: #5763, pull request 6402
Fix several warnings reported by clang’s analyzer and cppcheck, should lead to small performance increases.¶
References: pull request 6407

Bug Fixes¶

Handle SNMP alarms so we can reconnect to the master.¶
References: #5327, pull request 5328
Fix signed/unsigned comparison warnings on ARM.¶
References: #5489, pull request 5597
Keep trying if the first connection to the remote logger failed¶
References: pull request 5770
Fix escaping unusual DNS label octets in DNSName is off by one (Kees Monshouwer).¶
References: pull request 6018
Avoid assertion errors in NewServer() (Chris Hofstaedtler).¶
References: pull request 6403

Removals¶

Remove the --daemon option from dnsdist.¶
References: #6329, pull request 6394

1.2.1¶

Released: 16th of February 2018

New Features¶

Add configuration option to disable IP_BIND_ADDRESS_NO_PORT (Dan McCombs).¶
References: pull request 5880

Improvements¶

Handle bracketed IPv6 addresses without ports (Chris Hofstaedtler).¶
References: pull request 6057

Bug Fixes¶

Make dnsdist dynamic truncate do right thing on TCP/IP.¶
References: pull request 5647
Add missing QPSAction¶
References: pull request 5686
Don’t create a Remote Logger in client mode.¶
References: pull request 5847
Use libsodium’s CFLAGS, we might need them to find the includes.¶
References: pull request 5858
Keep the TCP connection open on cache hit, generated answers.¶
References: pull request 6012
Add the missing <sys/time.h> include to mplexer.hh for struct timeval.¶
References: pull request 6041
Sort the servers based on their ‘order’ after it has been set.¶
References: pull request 6043
Quiet unused variable warning on macOS (Chris Hofstaedtler).¶
References: pull request 6073
Fix the outstanding counter when an exception is raised.¶
References: #5652, pull request 6094
Do not connect the snmpAgent from a dnsdist client.¶
References: #6163, pull request 6164

1.2.0¶

Released: 21st of August 2017

New Features¶

Add an option to export CNAME records over protobuf.¶
References: #4709, pull request 4776
Add TCP management options from RFC 7766 section 10.¶
References: pull request 4611
Add an option to ‘mute’ UDP responses per bind.¶
References: #4527, pull request 4536
Save history to home-dir, only use CWD as a last resort.¶
References: #4562, pull request 4779
Add the setRingBuffersSize() directive to allows changing the ringbuffer size.¶
References: pull request 4898
Allow TTL alteration via Lua.¶
References: #4707, pull request 4787
Add RDRule() to match queries with the RD flag set.¶
References: pull request 4837
Add setWHashedPertubation() for consistent whashed results.¶
References: pull request 4897
Add tcpConnectTimeout to newServer().¶
References: pull request 4818
Add cache hit response rules.¶
References: #4708, pull request 5036, pull request 4788
Add SNMP support.¶
References: pull request 4989, pull request 5204, pull request 5123
Allow passing DNSNames as DNSRules.¶
References: pull request 5070
Add support for setting the server selection policy on a per pool basis (Robin Geuze).¶
References: pull request 5113
Add a suffixMatch parameter to PacketCache:expungeByName() (Robin Geuze).¶
References: pull request 5159
Add an option so the packet cache entries don’t age.¶
References: #5126, pull request 5136
Add QNameRule().¶
References: pull request 5235
Add an optional action to addDynBlocks().¶
References: pull request 5337
Add an optional interface parameter to addLocal()/setLocal().¶
References: pull request 5344
Make a truncate action available to DynBlock and Lua.¶
References: pull request 5386
Implement a runtime changeable rule that matches IP address for a certain time called TimedIPSetRule().¶
References: pull request 5336
Add support for returning several IPs to spoof from Lua.¶
References: pull request 5496
Add Lua bindings to be able to rotate DNSCrypt keys, see DNSCrypt.¶
References: #5507, #5420, pull request 5490, pull request 5508
Add the capability to set arbitrary tags in protobuf messages.¶
References: pull request 5577, pull request 5396
Add setConsoleConnectionsLogging().¶
References: #5565, pull request 5581

Improvements¶

Merge the client and server nonces to prevent replay attacks.¶
References: pull request 4815
Store the computed shared key and reuse it for the response for DNSCrypt messages.¶
References: pull request 4813, pull request 4926
Add setTCPUseSinglePipe() to use a single TCP waiting queue.¶
References: pull request 4817
Add sendSizeAndMsgWithTimeout to send size and data in a single call and use it for TCP Fast Open towards backends.¶
References: #5494, pull request 4985, pull request 5501
Tune systemd unit-file for medium-sized installations (Winfried Angele).¶
References: pull request 4958
Add the possiblity to fill a NetmaskGroup (using NetmaskGroup:addMask()) from exceeds* results.¶
References: pull request 5185
Add labels count to StatNode, only set the name once.¶
References: pull request 5353
DNSName: Check that both first two bits are set in compressed labels.¶
References: #4851, pull request 4852
Handle unreachable servers at startup, reconnect stale sockets¶
References: #4131, #4155, pull request 4285
Gracefully handle invalid addresses in newServer().¶
References: #4471, pull request 4474
Use IP_BIND_ADDRESS_NO_PORT when available.¶
References: pull request 4786
Add an optional seconds parameter to statNodeRespRing().¶
References: #4775, #4660, pull request 4780
Report a more specific lua version and report luajit in --version.¶
References: pull request 4910
Prevent issues by unshadowing variables.¶
References: pull request 5056
Register DNSName::chopOff (@plzz).¶
References: pull request 4920
Make includeDirectory() work sorted (Robin Geuze).¶
References: #5053, pull request 5150, pull request 5171
Allow embedded NULs in strings received from Lua.¶
References: pull request 5147
Cleanup closed TCP downstream connections.¶
References: pull request 5163
Improve reporting of C++ exceptions that bubble up via Lua.¶
References: pull request 5230
Add better logging on queries that get dropped, timed out or received.¶
References: pull request 5253
Print useful messages when query and response actions are mixed.¶
References: pull request 5342
Add DNSRule::toString() and add virtual destructors to DNSRule, DNSAction and DNSResponseAction so the destructors of derived classes are run even when deleted via the base type.¶
References: pull request 5497
Don’t use square brackets for IPv6 in Carbon metrics.¶
References: #5538, pull request 5579

Bug Fixes¶

Unified -k and setKey() behaviour for client and server mode now.¶
References: pull request 5199
Refactor SuffixMatchNode using a SuffixMatchTree.¶
References: #4761, pull request 4950
Get rid of std::move() calls preventing copy elision.¶
References: pull request 5359
Send an HTTP 404 on unknown API paths.¶
References: pull request 5089
LuaWrapper: Use the correct index when storing a function.¶
References: pull request 4775
Send a latency of 0 over carbon, null over API for down servers.¶
References: #4689, pull request 4785
Fix negative port detection for IPv6 addresses on 32-bit.¶
References: pull request 4911
Fix crashed on SmartOS/Illumos (Roman Dayneko).¶
References: #4579, pull request 4877
Change truncateTC to defaulting to off, having it enabled by default causes an compatibility with RFC 6891 (Robin Geuze).¶
References: #4857, pull request 4859
Don’t cache answers without any TTL (like SERVFAIL).¶
References: #4983, pull request 5037, pull request 4987
Fix destination port reporting on “any” binds.¶
References: pull request 5194
Correctly truncate EDNS Client Subnetmasks.¶
References: pull request 5320
Fix RecordsTypeCountRule()’s handling of the # of records in a section.¶
References: #5365, pull request 5369
Change stats functions to always return lowercase names (Robin Geuze).¶
References: #5287, pull request 5383
Only use TCP Fast Open when supported and prevent compiler warnings.¶
References: pull request 5449, pull request 5454
Skip timeouts on the response latency graph.¶
References: #5559, pull request 5563
Copy the DNS header before encrypting it in place.¶
References: #5566, pull request 5580

Removals¶

Remove BlockFilter.¶
References: #5513, pull request 5514
Deprecate syntactic sugar functions.¶
References: #5069, pull request 5526

misc¶

Fix potential pointer wrap-around on 32 bits.¶
References: pull request 5630
Make the API available with an API key only.¶
References: pull request 5631

1.1.0¶

Released December 29th 2016

Changes since 1.1.0-beta2:

Improvements¶

#4783: Add -latomic on powerpc
#4812: Handle header-only responses, handle Refused as Servfail in the cache

Bug fixes¶

#4762: SuffixMatchNode: Fix an insertion issue for an existing node
#4772: Fix dnsdist initscript config check

1.1.0-beta2¶

Released December 14th 2016

Changes since 1.1.0-beta1:

New features¶

#4518: Fix dynblocks over TCP, allow refusing dyn blocked queries
#4519: Allow altering the ECS behavior via rules and Lua
#4535: Add DNSQuestion:getDO()
#4653: getStatisticsCounters() to access counters from Lua
#4657: Add includeDirectory(dir)
#4658: Allow editing the ACL via the API
#4702: Add setUDPTimeout(n)
#4726: Add an option to return ServFail when no server is available
#4748: Add setCacheCleaningPercentage()

Improvements¶

#4533: Fix building with clang on OS X and FreeBSD
#4537: Replace luawrapper’s std::forward/std::make_tuple combo with std::forward_as_tuple (Sangwhan “fish” Moon)
#4596: Change the default max number of queued TCP conns to 1000
#4632: Improve dnsdist error message on a common typo/config mistake
#4694: Don’t use a const_iterator for erasing (fix compilation with some versions of gcc)
#4715: Specify that dnsmessage.proto uses protobuf version 2
#4765: Some service improvements

Bug fixes¶

#4425: Fix a protobuf regression (requestor/responder mix-up) caused by a94673e
#4541: Fix insertion issues in SuffixMatchTree, move it to dnsname.hh
#4553: Flush output in single command client mode
#4578: Fix destination address reporting
#4640: Don’t exit dnsdist on an exception in maintenance
#4721: Handle exceptions in the UDP responder thread
#4734: Add the TCP socket to the map only if the connection succeeds. Closes #4733
#4742: Decrement the queued TCP conn count if writing to the pipe fails
#4743: Ignore newBPFFilter() and newDynBPFFilter() in client mode
#4753: Fix FD leak on TCP connection failure, handle TCP worker creation failure
#4764: Prevent race while creating new TCP worker threads

1.1.0-beta1¶

Released September 1st 2016

Changes since 1.0.0:

New features¶

#3762 Teeaction: send copy of query to second nameserver, sponge responses
#3876 Add showResponseRules(), {mv,rm,top}ResponseRule()
#3936 Filter on opcode, records count/type, trailing data
#3975 Make dnsdist {A,I}XFR aware, document possible issues
#4006 Add eBPF source address and qname/qtype filtering
#4008 Node infrastructure for querying recent traffic
#4042 Add server-side TCP Fast Open support
#4050 Add clearRules() and setRules()
#4114 Add QNameLabelsCountRule() and QNameWireLengthRule()
#4116 Added src boolean to NetmaskGroupRule to match destination address (Reinier Schoof)
#4175 Implemented query counting (Reinier Schoof)
#4244 Add a setCD parameter to set cd=1 on health check queries
#4284 Add RCodeRule(), Allow, Delay and Drop response actions
#4305 Add an optional Lua callback for altering a Protobuf message
#4309 Add showTCPStats function (RobinGeuze)
#4329 Add options to LogAction() so it can append (instead of truncate) (Duane Wessels)

Improvements¶

#3714 Add documentation links to dnsdist.service (Ruben Kerkhof)
#3754 Allow the use of custom headers in the web server
#3826 Implement a ‘quiet’ mode for SuffixMatchNodeRule()
#3836 Log the content of webserver’s exceptions
#3858 Only log YaHTTP’s parser exceptions in verbose mode
#3877 Increase max FDs in systemd unit, warn if clearly too low
#4019 Add an optional addECS option to TeeAction()
#4029 Add version and feature information to version output
#4079 Return an error on RemoteLog{,Response}Action() w/o protobuf
#4246 API now sends pools as a JSON array instead of a string
#4302 Add help() and showVersion()
#4286 Add response rules to the API and Web status page
#4068 Display the dyn eBPF filters stats in the web interface

Bug fixes¶

#3755 Fix RegexRule example in dnsdistconf.lua
#3773 Stop copying the HTTP request headers to the response
#3837 Remove dnsdist service file on trusty
#3840 Catch WrongTypeException in client mode
#3906 Keep the servers ordered inside pools
#3988 Fix grepq() output in the README
#3992 Fix some typos in the AXFR/IXFR documentation
#3995 Fix comparison between signed and unsigned integer
#4049 Fix dnsdist rpm building script #4048 (Daniel Stirnimann)
#4065 Include editline/readline.h instead of readline.h/history.h
#4067 Disable eBPF support when BPF_FUNC_tail_call is not found
#4069 Fix a buffer overflow when displaying an OpcodeRule
#4101 Fix $ expansion in build-dnsdist-rpm
#4198 newServer setting maxCheckFailures makes no sense (stutiredboy)
#4205 Prevent the use of “any” addresses for downstream server
#4220 Don’t log an error when parsing an invalid UDP query
#4348 Fix invalid outstanding count for {A,I}XFR over TCP
#4365 Reset origFD asap to keep the outstanding count correct
#4375 Tuple requires make_tuple to initialize
#4380 Fix compilation with clang when eBPF support is enabled

1.0.0¶

Released April 21st 2016

Changes since 1.0.0-beta1:

Improvements¶

#3700 Create user from the RPM package to drop privs
#3712 Make check should run testrunner
#3713 Remove contrib/dnsdist.service (Ruben Kerkhof)
#3722 Use LT_INIT and disable static objects (Ruben Kerkhof)
#3724 Include PDNS_CHECK_OS in configure (Christian Hofstaedtler)
#3728 Document libedit Ctrl-R workaround for CentOS 6
#3730 Make topBandwidth() behave like other top* functions
#3731 Clarify a bit the documentation of load-balancing policies

Bug fixes¶

#3711 Building rpm needs systemd headers (Ruben Kerkhof)
#3736 Add missing Lua binding for NetmaskGroupRule()
#3739 Drop privileges after daemonizing and writing our pid

1.0.0-beta1¶

Released April 14th 2016

Changes since 1.0.0-alpha2:

New features¶

Per-pool packet cache
Some actions do not stop the processing anymore when they match, allowing more complex setups: Delay, Disable Validation, Log, MacAddr, No Recurse and of course None
The new RE2Rule() is available, using the RE2 regular expression library to match queries, in addition to the existing POSIX-based RegexRule()
SpoofAction() now supports multiple A and AAAA records
Remote logging of questions and answers via Protocol Buffer

Improvements¶

#3405 Add health check logging, maxCheckFailures to backend
#3412 Check config
#3440 Client operation improvements
#3466 Add dq binding for skipping packet cache in LuaAction (Jan Broer)
#3499 Add support for multiple carbon servers
#3504 Allow accessing the API with an optional API key
#3556 Add an option to limit the number of queued TCP connections
#3578 Add a disable-syslog option
#3608 Export cache stats to carbon
#3622 Display the ACL content on startup
#3627 Remove ECS option from response’s OPT RR when necessary
#3633 Count “TTL too short” cache events
#3677 systemd-notify support

Bug fixes¶

#3388 Lock the Lua context before executing a LuaAction
#3433 Check that the answer matches the initial query
#3461 Fix crash when calling rmServer() with an invalid index
#3550,#3551 Fix build failure on FreeBSD (Ruben Kerkhof)
#3594 Prevent EOF error for empty console response w/o sodium
#3634 Prevent dangling TCP fd in case setupTCPDownstream() fails
#3641 Under threshold, QPS action should return None, not Allow
#3658 Fix a race condition in MaxQPSIPRule

1.0.0-alpha2¶

Released February 5th 2016

Changes since 1.0.0-alpha1:

New features¶

Lua functions now receive a DNSQuestion dq object instead of several parameters. This adds a greater compatibility with PowerDNS and allows adding more parameters without breaking the API (#3198)
Added a source option to newServer() to specify the local address or interface used to contact a downstream server (#3138)
CNAME and IPv6-only support have been added to spoofed responses (#3064)
grepq() can be used to search for slow queries, along with topSlow()
New Lua functions: addDomainCNAMESpoof(), AllowAction() by @bearggg, exceedQRate(), MacAddrAction(), makeRule(), NotRule(), OrRule(), QClassRule(), RCodeAction(), SpoofCNAMEAction(), SuffixMatchNodeRule(), TCPRule(), topSlow()
NetmaskGroup support have been added in Lua (#3144)
Added MacAddrAction() to add the source MAC address to the forwarded query (#3313)

Bug fixes¶

An issue in DelayPipe could make dnsdist crash at startup
downstream-timeouts metric was not always updated
truncateTC was unproperly updating the response length (#3126)
DNSCrypt responses larger than queries were unproperly truncated
An issue prevented info message from being displayed in non-verbose mode, fixed by Jan Broer
Reinstating an expired Dynamic Rule was not correctly logged (#3323)
Initialized counters in the TCP client thread might have cause FD and memory leak, reported by Martin Pels (#3300)
We now drop queries containing no question (qdcount == 0) (#3290)
Outstanding TCP queries count was not always correct (#3288)
A locking issue in exceedRespGen() might have caused crashs (#3277)
Useless sockets were created in client mode (#3257)
addAnyTCRule() was generating TC=1 responses even over TCP (#3251)

Web interface¶

Cleanup of the HTML by Sander Hoentjen
Fixed an XSS reported by @janeczku (#3217)
Removed remote images
Set the charset to UTF-8, added some security-related and CORS HTTP headers
Added server latency by Jan Broer (#3201)
Switched to official minified versions of JS scripts, by Sander Hoentjen (#3317)
Don’t log unauthenticated HTTP request as an authentication failure

Various documentation updates and minor cleanups:¶

Added documentation for Advanced DNS Protection features (Dynamic rules, maintenance())
Make topBandwidth() default to the top 10 clients
Replaced readline with libedit
Added GPL2 License (#3200)
Added incbin License (#3269)
Updated completion rules
Removed wrong option --daemon-no by Stefan Schmidt

1.0.0-alpha1¶

Released December 24th 2015

Initial release