Changelog

1.7.3

Released: 2nd of November 2022

dnsdist 1.7.3 contains no functional changes or bugfixes. This release strictly serves to bring dnsdist packages to our EL9 and Ubuntu Jammy repositories, and upgrades the dnsdist Docker image from Debian buster to Debian bullseye, as buster is officially EOL.

Improvements

1.7.2

Released: 14th of June 2022

Improvements

Bug Fixes

1.7.1

Released: 25th of April 2022

Improvements

Bug Fixes

1.7.0

Released: 17th of January 2022

Bug Fixes

1.7.0-rc1

Released: 22nd of December 2021

Improvements

Bug Fixes

1.7.0-beta2

Released: 29th of November 2021

Improvements

Bug Fixes

1.7.0-beta1

Released: 16th of November 2021

New Features

Improvements

Bug Fixes

1.7.0-alpha2

Released: 19th of October 2021

New Features

Improvements

Bug Fixes

1.7.0-alpha1

Released: 23rd of September 2021

New Features

Improvements

Bug Fixes

1.6.1

Released: 15th of September 2021

New Features

Bug Fixes

1.6.0

Released: 11th of May 2021

1.5.2

Released: 10th of May 2021

Bug Fixes

1.6.0-rc2

Released: 4th of May 2021

Improvements

Bug Fixes

1.6.0-rc1

Released: 20th of April 2021

Improvements

Bug Fixes

1.6.0-alpha3

Released: 29th of March 2021

Improvements

Bug Fixes

1.6.0-alpha2

Released: 4th of March 2021

New Features

Improvements

Bug Fixes

1.6.0-alpha1

Released: 2nd of February 2021

New Features

Improvements

Bug Fixes

Removals

1.5.1

Released: 1st of October 2020

Improvements

Bug Fixes

1.5.0

Released: 30th of July 2020

Improvements

  • Use explicit flag for the specific version of c++ we are targeting.

    References: pull request 9231

  • Prevent a copy of a pool’s backends when selecting a server.

    References: pull request 9360

Bug Fixes

1.5.0-rc4

Released: 7th of July 2020

Bug Fixes

1.5.0-rc3

Released: 18th of June 2020

New Features

Improvements

Bug Fixes

1.5.0-rc2

Released: 13th of May 2020

Improvements

Bug Fixes

1.5.0-rc1

Released: 16th of April 2020

Improvements

Bug Fixes

1.5.0-alpha1

Released: 20th of March 2020

New Features

Improvements

Bug Fixes

1.4.0

Released: 20th of November 2019

Improvements

Bug Fixes

misc

1.4.0-rc5

Released: 30th of October 2019

Improvements

  • Rename the ‘address’ label to ‘frontend’ for DoH metrics

    References: pull request 8465

Bug Fixes

  • Increment the DOHUnit ref count when it’s set in the IDState

    References: pull request 8471

1.4.0-rc4

Released: 25th of October 2019

New Features

Improvements

Bug Fixes

1.4.0-rc3

Released: 30th of September 2019

Improvements

Bug Fixes

1.4.0-rc2

Released: 2nd of September 2019

New Features

Improvements

misc

  • Update h2o to 2.2.6, fixing CVE-2019-9512, CVE-2019-9514 and CVE-2019-9515 for repo.powerdns.com packages

    References: pull request 8200

1.4.0-rc1

Released: 12th of August 2019

New Features

Improvements

Bug Fixes

1.4.0-beta1

Released: 6th of June 2019

New Features

Improvements

Bug Fixes

1.4.0-alpha2

Released: 26th of April 2019

New Features

Improvements

Bug Fixes

1.4.0-alpha1

Released: 12th of April 2019

New Features

Improvements

Bug Fixes

1.3.3

Released: 8th of November 2018

New Features

Improvements

Bug Fixes

1.3.2

Released: 10th of July 2018

Bug Fixes

  • Add missing include for PRId64, fix build on CentOS 6 / SLES 12

    References: pull request 6785

1.3.1

Released: 10th of July 2018

New Features

Improvements

Bug Fixes

1.3.0

Released: 30th of March 2018

New Features

Improvements

Bug Fixes

Removals

1.2.1

Released: 16th of February 2018

New Features

  • Add configuration option to disable IP_BIND_ADDRESS_NO_PORT (Dan McCombs).

    References: pull request 5880

Improvements

  • Handle bracketed IPv6 addresses without ports (Chris Hofstaedtler).

    References: pull request 6057

Bug Fixes

1.2.0

Released: 21st of August 2017

New Features

Improvements

Bug Fixes

Removals

misc

1.1.0

Released December 29th 2016

Changes since 1.1.0-beta2:

Improvements

  • #4783: Add -latomic on powerpc
  • #4812: Handle header-only responses, handle Refused as Servfail in the cache

Bug fixes

  • #4762: SuffixMatchNode: Fix an insertion issue for an existing node
  • #4772: Fix dnsdist initscript config check

1.1.0-beta2

Released December 14th 2016

Changes since 1.1.0-beta1:

New features

  • #4518: Fix dynblocks over TCP, allow refusing dyn blocked queries
  • #4519: Allow altering the ECS behavior via rules and Lua
  • #4535: Add DNSQuestion:getDO()
  • #4653: getStatisticsCounters() to access counters from Lua
  • #4657: Add includeDirectory(dir)
  • #4658: Allow editing the ACL via the API
  • #4702: Add setUDPTimeout(n)
  • #4726: Add an option to return ServFail when no server is available
  • #4748: Add setCacheCleaningPercentage()

Improvements

  • #4533: Fix building with clang on OS X and FreeBSD
  • #4537: Replace luawrapper’s std::forward/std::make_tuple combo with std::forward_as_tuple (Sangwhan “fish” Moon)
  • #4596: Change the default max number of queued TCP conns to 1000
  • #4632: Improve dnsdist error message on a common typo/config mistake
  • #4694: Don’t use a const_iterator for erasing (fix compilation with some versions of gcc)
  • #4715: Specify that dnsmessage.proto uses protobuf version 2
  • #4765: Some service improvements

Bug fixes

  • #4425: Fix a protobuf regression (requestor/responder mix-up) caused by a94673e
  • #4541: Fix insertion issues in SuffixMatchTree, move it to dnsname.hh
  • #4553: Flush output in single command client mode
  • #4578: Fix destination address reporting
  • #4640: Don’t exit dnsdist on an exception in maintenance
  • #4721: Handle exceptions in the UDP responder thread
  • #4734: Add the TCP socket to the map only if the connection succeeds. Closes #4733
  • #4742: Decrement the queued TCP conn count if writing to the pipe fails
  • #4743: Ignore newBPFFilter() and newDynBPFFilter() in client mode
  • #4753: Fix FD leak on TCP connection failure, handle TCP worker creation failure
  • #4764: Prevent race while creating new TCP worker threads

1.1.0-beta1

Released September 1st 2016

Changes since 1.0.0:

New features

  • #3762 Teeaction: send copy of query to second nameserver, sponge responses
  • #3876 Add showResponseRules(), {mv,rm,top}ResponseRule()
  • #3936 Filter on opcode, records count/type, trailing data
  • #3975 Make dnsdist {A,I}XFR aware, document possible issues
  • #4006 Add eBPF source address and qname/qtype filtering
  • #4008 Node infrastructure for querying recent traffic
  • #4042 Add server-side TCP Fast Open support
  • #4050 Add clearRules() and setRules()
  • #4114 Add QNameLabelsCountRule() and QNameWireLengthRule()
  • #4116 Added src boolean to NetmaskGroupRule to match destination address (Reinier Schoof)
  • #4175 Implemented query counting (Reinier Schoof)
  • #4244 Add a setCD parameter to set cd=1 on health check queries
  • #4284 Add RCodeRule(), Allow, Delay and Drop response actions
  • #4305 Add an optional Lua callback for altering a Protobuf message
  • #4309 Add showTCPStats function (RobinGeuze)
  • #4329 Add options to LogAction() so it can append (instead of truncate) (Duane Wessels)

Improvements

  • #3714 Add documentation links to dnsdist.service (Ruben Kerkhof)
  • #3754 Allow the use of custom headers in the web server
  • #3826 Implement a ‘quiet’ mode for SuffixMatchNodeRule()
  • #3836 Log the content of webserver’s exceptions
  • #3858 Only log YaHTTP’s parser exceptions in verbose mode
  • #3877 Increase max FDs in systemd unit, warn if clearly too low
  • #4019 Add an optional addECS option to TeeAction()
  • #4029 Add version and feature information to version output
  • #4079 Return an error on RemoteLog{,Response}Action() w/o protobuf
  • #4246 API now sends pools as a JSON array instead of a string
  • #4302 Add help() and showVersion()
  • #4286 Add response rules to the API and Web status page
  • #4068 Display the dyn eBPF filters stats in the web interface

Bug fixes

  • #3755 Fix RegexRule example in dnsdistconf.lua
  • #3773 Stop copying the HTTP request headers to the response
  • #3837 Remove dnsdist service file on trusty
  • #3840 Catch WrongTypeException in client mode
  • #3906 Keep the servers ordered inside pools
  • #3988 Fix grepq() output in the README
  • #3992 Fix some typos in the AXFR/IXFR documentation
  • #3995 Fix comparison between signed and unsigned integer
  • #4049 Fix dnsdist rpm building script #4048 (Daniel Stirnimann)
  • #4065 Include editline/readline.h instead of readline.h/history.h
  • #4067 Disable eBPF support when BPF_FUNC_tail_call is not found
  • #4069 Fix a buffer overflow when displaying an OpcodeRule
  • #4101 Fix $ expansion in build-dnsdist-rpm
  • #4198 newServer setting maxCheckFailures makes no sense (stutiredboy)
  • #4205 Prevent the use of “any” addresses for downstream server
  • #4220 Don’t log an error when parsing an invalid UDP query
  • #4348 Fix invalid outstanding count for {A,I}XFR over TCP
  • #4365 Reset origFD asap to keep the outstanding count correct
  • #4375 Tuple requires make_tuple to initialize
  • #4380 Fix compilation with clang when eBPF support is enabled

1.0.0

Released April 21st 2016

Changes since 1.0.0-beta1:

Improvements

  • #3700 Create user from the RPM package to drop privs
  • #3712 Make check should run testrunner
  • #3713 Remove contrib/dnsdist.service (Ruben Kerkhof)
  • #3722 Use LT_INIT and disable static objects (Ruben Kerkhof)
  • #3724 Include PDNS_CHECK_OS in configure (Chris Hofstaedtler)
  • #3728 Document libedit Ctrl-R workaround for CentOS 6
  • #3730 Make topBandwidth() behave like other top* functions
  • #3731 Clarify a bit the documentation of load-balancing policies

Bug fixes

  • #3711 Building rpm needs systemd headers (Ruben Kerkhof)
  • #3736 Add missing Lua binding for NetmaskGroupRule()
  • #3739 Drop privileges after daemonizing and writing our pid

1.0.0-beta1

Released April 14th 2016

Changes since 1.0.0-alpha2:

New features

  • Per-pool packet cache
  • Some actions do not stop the processing anymore when they match, allowing more complex setups: Delay, Disable Validation, Log, MacAddr, No Recurse and of course None
  • The new RE2Rule() is available, using the RE2 regular expression library to match queries, in addition to the existing POSIX-based RegexRule()
  • SpoofAction() now supports multiple A and AAAA records
  • Remote logging of questions and answers via Protocol Buffer

Improvements

  • #3405 Add health check logging, maxCheckFailures to backend
  • #3412 Check config
  • #3440 Client operation improvements
  • #3466 Add dq binding for skipping packet cache in LuaAction (Jan Broer)
  • #3499 Add support for multiple carbon servers
  • #3504 Allow accessing the API with an optional API key
  • #3556 Add an option to limit the number of queued TCP connections
  • #3578 Add a disable-syslog option
  • #3608 Export cache stats to carbon
  • #3622 Display the ACL content on startup
  • #3627 Remove ECS option from response’s OPT RR when necessary
  • #3633 Count “TTL too short” cache events
  • #3677 systemd-notify support

Bug fixes

  • #3388 Lock the Lua context before executing a LuaAction
  • #3433 Check that the answer matches the initial query
  • #3461 Fix crash when calling rmServer() with an invalid index
  • #3550,#3551 Fix build failure on FreeBSD (Ruben Kerkhof)
  • #3594 Prevent EOF error for empty console response w/o sodium
  • #3634 Prevent dangling TCP fd in case setupTCPDownstream() fails
  • #3641 Under threshold, QPS action should return None, not Allow
  • #3658 Fix a race condition in MaxQPSIPRule

1.0.0-alpha2

Released February 5th 2016

Changes since 1.0.0-alpha1:

New features

  • Lua functions now receive a DNSQuestion dq object instead of several parameters. This adds a greater compatibility with PowerDNS and allows adding more parameters without breaking the API (#3198)
  • Added a source option to newServer() to specify the local address or interface used to contact a downstream server (#3138)
  • CNAME and IPv6-only support have been added to spoofed responses (#3064)
  • grepq() can be used to search for slow queries, along with topSlow()
  • New Lua functions: addDomainCNAMESpoof(), AllowAction() by @bearggg, exceedQRate(), MacAddrAction(), makeRule(), NotRule(), OrRule(), QClassRule(), RCodeAction(), SpoofCNAMEAction(), SuffixMatchNodeRule(), TCPRule(), topSlow()
  • NetmaskGroup support have been added in Lua (#3144)
  • Added MacAddrAction() to add the source MAC address to the forwarded query (#3313)

Bug fixes

  • An issue in DelayPipe could make dnsdist crash at startup
  • downstream-timeouts metric was not always updated
  • truncateTC was unproperly updating the response length (#3126)
  • DNSCrypt responses larger than queries were unproperly truncated
  • An issue prevented info message from being displayed in non-verbose mode, fixed by Jan Broer
  • Reinstating an expired Dynamic Rule was not correctly logged (#3323)
  • Initialized counters in the TCP client thread might have cause FD and memory leak, reported by Martin Pels (#3300)
  • We now drop queries containing no question (qdcount == 0) (#3290)
  • Outstanding TCP queries count was not always correct (#3288)
  • A locking issue in exceedRespGen() might have caused crashes (#3277)
  • Useless sockets were created in client mode (#3257)
  • addAnyTCRule() was generating TC=1 responses even over TCP (#3251)

Web interface

  • Cleanup of the HTML by Sander Hoentjen
  • Fixed an XSS reported by @janeczku (#3217)
  • Removed remote images
  • Set the charset to UTF-8, added some security-related and CORS HTTP headers
  • Added server latency by Jan Broer (#3201)
  • Switched to official minified versions of JS scripts, by Sander Hoentjen (#3317)
  • Don’t log unauthenticated HTTP request as an authentication failure

Various documentation updates and minor cleanups:

  • Added documentation for Advanced DNS Protection features (Dynamic rules, maintenance())
  • Make topBandwidth() default to the top 10 clients
  • Replaced readline with libedit
  • Added GPL2 License (#3200)
  • Added incbin License (#3269)
  • Updated completion rules
  • Removed wrong option --daemon-no by Stefan Schmidt

1.0.0-alpha1

Released December 24th 2015

Initial release