New Features:
Add consistent hash builtin policy
Add EDNSOptionRule
Add DSTPortRule (phonedph1)
Make getOutstanding usable from both lua and console (phonedph1)
Added :excludeRange and :includeRange methods to DynBPFFilter class
(Reinier Schoof)
Add Prometheus stats support (Pavel Odintsov, Kai S)
Name threads in the programs
Support the NXDomain action with dynamic blocks
Add security polling
Add a PoolAvailableRule to easily add backup pools (Robin Geuze)
Improvements:
Get rid of some allocs/copies in DNS parsing
Set a correct EDNS OPT RR for self-generated answers
Fix a sign-comparison warning in isEDNSOptionInOPT()
Add warning rates to DynBlockRulesGroup rules
Add support for exporting a server id in protobuf
dnsdist did not set TCP_NODELAY, causing needless latency
Add a setting to control the number of stored sessions
Wrap GnuTLS and OpenSSL pointers in smart pointers
Add a ‘creationOrder’ field to rules
Fix return-type detection with boost 1.69’s tribool
Fix format string issue on 32bits ARM
Wrap TCP connection objects in smart pointers
Add the setConsoleOutputMaxMsgSize function
Add the ability to update webserver credentials
Bug Fixes:
Display dynblocks’ default action, None, as the global one
Fix compilation when SO_REUSEPORT is not defined
Release memory on DNS over TLS handshake failure
Handle trailing data correctly when adding OPT or ECS info
New features:
- Add support for more than one TLS certificate
- Add a negative ttl option to the packet cache
- Add the ability to dump a summary of the cache content
- Add netmask-based {ex,in}clusions to DynblockRulesGroup
- Add DNSAction.NoOp to debug dynamic blocks
- Add SetECSAction to set an arbitrary outgoing ecs value
- Add support for rotating certificates and keys
New Features
- Add configuration option to disable IP_BIND_ADDRESS_NO_PORT
Improvements
- Handle bracketed IPv6 addresses without ports
Bug Fixes
- Make dnsdist dynamic truncate do right thing on TCP/IP.
- Add missing QPSAction
- Don't create a Remote Logger in client mode.
- Use libsodium's CFLAGS, we might need them to find the includes.
- Keep the TCP connection open on cache hit, generated answers.
- Add the missing <sys/time.h> include to mplexer.hh for struct timeval.
- Sort the servers based on their 'order' after it has been set.
- Quiet unused variable warning on macOS (Chris Hofstaedtler).
- Fix the outstanding counter when an exception is raised.
- Do not connect the snmpAgent from a dnsdist client.
- fix for CVE-2016-7069 and CVE-2017-7557.
- applying rules on cache hits
- addition of runtime changeable rules that matches IP address for a
certain time: TimedIPSetRule
- SNMP support, exporting statistics and sending traps
- preventing the packet cache from ageing responses when deployed in
front of authoritative servers
- TTL alteration capabilities
- consistent hash results over multiple deployments
- exporting CNAME records over protobuf
- tuning the size of the ringbuffers used to keep track of recent
queries and responses
- various DNSCrypt-related fixes and improvements, including automatic
key rotation
Full changelog:
https://dnsdist.org/changelog.html
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its
goal in life is to route traffic to the best server, delivering top
performance to legitimate users while shunting or blocking abusive
traffic.
