6 :released: 20th of October 2023
8 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading.
11 :tags: New Features, Protobuf
14 Log Extended DNS Errors (EDE) to protobuf
20 Enable back h2o support in our packages
27 Add Lua binding to downstream address (Denis Machard)
30 :tags: New Features, DNS over QUIC
33 Add support for incoming DNS over QUIC
36 :tags: Bugs Fixes, DNS over HTTPS
39 Fix timeouts on incoming DoH connections with nghttp2
42 :tags: Bug Fixes, Metrics
45 Fix a typo in 'Client timeouts' (phonedph1)
51 Set proper levels when logging messages
57 Fix several cosmetic issues in eBPF dynamic blocks, update documentation
60 :tags: Improvements, Webserver
63 Display the rule name, if any, in the web interface
69 Netmask: Normalize subnet masks coming from a string
76 Prevent DNS header alignment issues
79 :version: 1.9.0-alpha2
82 This version was never released due to a last-minute issue in RPM packaging.
86 :released: 11th of October 2023
88 This release fixes the HTTP2 rapid reset attack for the packages we provide.
89 If you are compiling DNSdist yourself or using the packages provided by your distribution,
90 please check that the h2o library has been patched to mitigate this vulnerability.
92 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.8.x.
95 :tags: Bug Fixes, Security
98 Switch to our fork of h2o to mitigate the HTTP2 rapid reset attack
102 :released: 11th of October 2023
104 This release fixes the HTTP2 rapid reset attack for the packages we provide.
105 If you are compiling DNSdist yourself or using the packages provided by your distribution,
106 please check that the h2o library has been patched to mitigate this vulnerability.
108 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.7.x.
111 :tags: Bug Fixes, Security
114 Switch to our fork of h2o to mitigate the HTTP2 rapid reset attack
117 :version: 1.9.0-alpha1
118 :released: 18th of September 2023
120 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading.
123 :tags: Improvements, DNS over HTTPS
126 Add support for incoming DoH via nghttp2
132 Fix building our fuzzing targets from a dist tarball
138 Change the default for building with net-snmp from `auto` to `no`
144 Add a DNSHeader:getTC() Lua binding
151 Add Lua bindings to access selector and action
157 Stop passing -u dnsdist -g dnsdist on systemd's ExecStart
160 :tags: Improvements, Metrics
163 Add metrics for health-check failures
169 Use arc4random only for random values
175 Add an option to write `grepq`'s output to a file
179 :released: 8th of September 2023
181 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.8.x.
187 Print the received, invalid health-check response ID
193 Account for the health-check run time between two runs
199 Properly set the size of the UDP health-check response
205 Add the query ID to health-check log messages, fix nits
211 Stop setting SO_REUSEADDR on outgoing UDP client sockets
214 :tags: Bug Fixes, DNS over HTTPS
217 Fix a crash when X-Forwarded-For overrides the initial source IP
223 Properly handle short reads on backend upgrade discovery
229 Undo an accidentally change of disableZeroScope to disableZeroScoping (Winfried Angele)
236 Fix the group of the dnsdist.conf file when installed via RPM
243 Work around Red Hat 8 messing up OpenSSL's headers and refusing to fix it
249 Fix a typo for libedit in the dnsdist features list
255 Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL
261 Automatically load Lua FFI inspection functions
267 Allow declaring custom metrics at runtime
273 Fix webserver config template for our docker container (Houtworm)
279 Increment the "dyn blocked" counter for eBPF blocks as well
285 YaHTTP: Prevent integer overflow on very large chunks
291 Fix the console description of PoolAction and QPSPoolAction (phonedph1)
298 Properly handle reconnection failure for backend UDP sockets
301 :tags: Bug Fixes, DNS over HTTPS, DNS over TLS
304 Fix a memory leak when processing TLS tickets w/ OpenSSL 3.x
307 :tags: Bug Fixes, DNS over HTTPS
311 Fix cache hit and miss metrics with DoH queries
317 SpoofAction: copy the QClass from the request (Christof Chen)
323 Make DNSQType.TSIG available (Jacob Bunk)
329 Properly record self-answered UDP responses with recvmmsg
332 :tags: Bug Fixes, DNS over TLS
335 Fix a race when creating the first TLS connections
339 :released: 14th of April 2023
341 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.7.x.
348 Fix building with boost < 1.56
355 lock.hh: include <stdexcept>
361 dnsdist-protocols.hh: include <cstdint> (Sander Hoentjen)
368 Add getPoolNames() function, returning a list of pool names (Christof Chen)
374 Fix the formatting of 'showServers'
381 Properly record the incoming flags on a timeout
384 :tags: Bug Fixes, Metrics
388 Properly update rcode-related metrics on RCodeAction hits
391 :tags: Bug Fixes, DNS over TLS, DNS over HTTPS
395 Skip invalid OCSP files after issuing a warning
402 Prevent an underflow of the TCP d_queued counter
405 :tags: Bug Fixes, DNS over HTTPS
408 Fix the health-check timeout computation for DoH backend
411 :tags: Bug Fixes, Webserver
415 Properly encode json strings containing binary data
418 :tags: Bug Fixes, DNS over TLS
422 Ignore unclean TLS session shutdown
429 Properly handle single-SOA XFR responses
436 Also reconnect on ENETUNREACH. (Asgeir Storesund Nilsen)
443 Fix a bug in SetEDNSOptionAction
449 Fix the number of concurrent queries on a backend TCP conn
453 :released: 30th of March 2023
455 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.8.x.
461 Fix 'Unknown key' issue for actions and rules parameters
467 Fix a dnsheader unaligned case
473 secpoll: explicitly include necessary ctime header for time_t
477 :released: 16th of March 2023
479 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.8.x.
485 Use the correct source address when harvesting failed
491 Fix a race when a cross-protocol query triggers an IO error
494 :tags: Improvements, Metrics, Webserver
497 Report per-incoming transport latencies in the web interface
500 :tags: Improvements, Metrics
503 Report the TCP latency for TCP-only Do53, DoT and DoH backends
509 Count hits in the StatNode
513 :released: 9th of March 2023
515 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.8.x.
518 :tags: Improvements, Protobuf
521 Add Lua bindings for PB requestorID, deviceName and deviceID
527 Clean up the fortify and LTO m4 by not directly editing flags
533 Only increment the 'servfail-responses' metric on backend responses (phonedph1)
539 Fix the harvesting of destination addresses
545 YaHTTP: Better detection of whether C++11 features are available
548 :tags: Bug Fixes, Protobuf
551 Fix compilation with DoH disabled (Adam Majer)
557 Skip signal-unsafe logging when we are about to exit, with TSAN
561 :released: 23rd of February 2023
563 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.8.x.
569 Include <cstdint> in dnsdist-protocols.hh (Sander Hoentjen)
575 Enable Link-Time Optimization for our packages
578 :tags: Improvements, Metrics
581 Add support for custom prometheus names in custom metrics
584 :tags: Improvements, Protobuf
587 Add support for metadata in protobuf messages
590 :tags: Improvements, DNS over HTTPS, DNS over TLS, Performance
593 Enable experimental kTLS support with OpenSSL on Linux
596 :tags: Improvements, Performance
599 Improve the scalability of MaxQPSIPRule()
605 Stop using the deprecated `boost::optional::get_value_or`
611 Fix the formatting of 'showServers'
618 Properly record the incoming flags on a timeout
625 List version number early
628 :tags: Improvements, DNS over TLS, DNS over HTTPS
631 OpenSSL 3.0: Offer TLS providers as an alternative to TLS engines
637 Remove duplicate code in xdp (Y7n05h)
643 Warn on unsupported parameters (Aki Tuomi)
650 Add unit tests for the Lua FFI interface
656 Refactor 'cannot be used at runtime' handling
662 Add the ability to change the qname and owner names in DNS packets
669 Fail if we can't check the configuration file
672 :tags: Bug Fixes, DNS over HTTPS
676 Apply the max number of concurrent conns per client to DoH
683 Properly update rcode-related metrics on RCodeAction hits
686 :tags: New Features, Webserver
688 :tickets: 6154, 10468
690 Add an API endpoint to remove entries from caches
693 :tags: Improvements, Webserver
697 Add an option for unauthenticated access to the dashboard
703 Implement async processing of queries and responses
709 Add a configure option to enable LTO
712 :tags: Bug Fixes, Metrics
714 :tickets: 10517, 11216
716 Better handling of multiple carbon servers
722 Add a new configure option to initialize automatic variables
725 :tags: Improvements, DNS over HTTPS, DNS over TLS
729 Skip invalid OCSP files after issuing a warning
732 :tags: Improvements, DNS over HTTPS, DNS over TLS
735 Gracefully handle a failure to create a TLS server context
741 Enable FORTIFY_SOURCE=3 when supported by the compiler
747 Proper accounting of response and cache hits
750 :tags: Improvements, DNS over HTTPS
753 Merge the 'main' and 'client' DoH threads in single acceptor mode
759 Add the ability to cap the TTL of records after insertion into the cache
765 Support OpenSSL 3.0 for ipcipher CA6 encryption/decryption
771 Stronger guarantees against data race in the UDP path
777 Add bindings for the current and query times in DQ/DR
783 Add SetReducedTTLResponseAction
789 Add a Lua FFI interface for metrics
795 Handle out-of-memory exceptions in the UDP receiver thread
802 Prevent an underflow of the TCP d_queued counter
809 Properly handle single-SOA XFR responses
812 :tags: Bug Fixes, DNS over HTTPS
815 Fix the health-check timeout computation for DoH backend
821 Add a new chain of rules triggered after cache insertion
827 Raise RLIMIT_MEMLOCK automatically when eBPF is requested (Yogesh Singh)
834 Systemd: Add "After" dependency on time-sync.target (Kevin P. Fleming)
837 :tags: Improvements, DNS over TLS
841 Ignore unclean TLS session shutdown
844 :tags: Improvements, Performance
847 Reduce useless wake-ups from the event loop
853 Added XDP middleware for dropped/redirected queries logging (Mini Pierre)
859 DNSName constructor use memchr instead of strchr and cleanup with string_view (Axel Viala)
866 Fix building with boost < 1.56
872 Implement a 'lazy' health-checking mode
875 :tags: Improvements, DNS over HTTPS, DNS over TLS
878 Skip DoT/DoH frontend when a tls configuration error occurs
885 Add getPoolNames() function, returning a list of pool names (Christof Chen)
891 Cleaner way of getting the IP/masks associated to a network interface
898 Retain output when expunging from multiple caches (Christof Chen)
904 Add Lua helpers to look into the content of DNS payloads
910 Add more Lua bindings for network-related operations
913 :tags: Improvements, Performance, DNS over HTTPS
916 Faster cache-lookups for DNS over HTTPS queries
919 :tags: Improvements, Performance
922 Add a 'single acceptor thread' build option, reducing the number of threads
928 Add Lua binding for inspecting the in-memory ring buffers
935 Fix a bug in SetEDNSOptionAction
941 Add Lua bindings to look up domain and IP addresses from the cache
944 :tags: Improvements, DNS over HTTPS
947 Speed up DoH handling by preventing allocations and copies
950 :tags: Improvements, Metrics
953 Slightly reduce the number of allocations in API calls
959 Add build-time options to disable the dynamic blocks and UDP response delay
965 Add missing thread names
971 Add a build option (define) to prevent loading OpenSSL's errors
978 Properly load ciphers and digests with OpenSSL 3.0
984 Add local ComboAddress parameter for SBind() at TeeAction() (@FredericDT)
987 :tags: Improvements, Performance
990 Make recording queries/responses in the ringbuffers optional
993 :tags: Improvements, Performance
996 Slightly reduce contention around a pool's servers
999 :tags: Improvements, Performance, DNS over HTTPS
1002 Only call getsockname() once per incoming DoH connection
1008 Do not keep the mplexer created for the initial health-check around
1015 Also reconnect on ENETUNREACH. (Asgeir Storesund Nilsen)
1021 Keep retained capabilities even when switching user/group
1024 :tags: Improvements, Performance
1027 Set TCP_NODELAY on the TCP connection to backends
1033 Use getrandom() if available
1039 Implement a limit of concurrent connections to a backend
1042 :tags: Improvements, Metrics
1045 Add more detailed metrics
1051 Fix the number of concurrent queries on a backend TCP conn
1058 Fill ringbuffers with responses served from the cache
1064 Bind to the requested src interface without a src address
1067 :tags: Improvements, Performance
1070 Avoid allocating memory in LB policies for small number of servers
1073 :tags: Improvements, Metrics
1076 Compute backend latency earlier, to avoid internal latency
1082 Implement `SuffixMatchTree::getBestMatch()` to get the name that matched
1088 Log listening addresses and version at the 'info' level
1094 Refactor sendfromto (Y7n05h)
1100 Use BPF_MAP_TYPE_LPM_TRIE for range matching (Y7n05h)
1103 :tags: Improvements, Performance
1106 SuffixMatchTree: Improve lookup performance
1109 :tags: Improvements, Metrics
1112 Add 'statistics' to the general API endpoint
1118 Optionally send 'verbose' messages to a file, and log them at 'DEBUG' level otherwise
1121 :tags: New Features, Metrics
1124 Add support for user defined metrics
1130 Log when exiting due to a SIGTERM signal
1136 Add the protocol (Do53, DoT, DoH, ...) of backends in the API
1139 :tags: Improvements, Metrics
1142 Add a counter for the number of cache cleanups
1145 :tags: Improvements, Performance
1148 Change dns_tolower() and dns_toupper() to use a table
1154 Add getVerbose() function
1160 Add Lua bindings to access the DNS payload as a string
1167 Remove implicit type conversion (Y7n05h)
1170 :tags: Bug Fixes, DNS over HTTPS
1174 Fix a crash on a invalid protocol in DoH forwarded-for header
1180 Fix invalid proxy protocol payload on a DoH TC to TCP retry
1186 Add setVerbose() to switch the verbose mode at runtime
1189 :tags: Improvements, Performance
1193 Scan the UDP buckets only when we have outstanding queries
1200 Log when a console message exceeds the maximum size
1206 Include the address of the backend in 'relayed to' messages
1209 :tags: Improvements, Webserver, Metrics
1212 Add an option for unauthenticated access to the API
1218 Better log message when no downstream server are available
1225 Add a 'getAddressAndPort()' method to DOHFrontend and TLSFrontend objects
1232 Use the correct outgoing protocol in our ring buffers
1239 Raise the number of entries in a packet cache to at least 1
1246 Merge multiple parameters in newBPFFilter (Y7n05h)
1249 :tags: Improvements, Performance
1252 Prevent allocations in two corner cases
1258 Reject BPFFilter::attachToAllBinds() at configuration time (Y7n05h)
1264 Add more build-time options to select features
1270 Multiplexer: Take the maximum number of events as a hint
1277 Add setTCPFastOpenKey() (Y7n05h)
1280 :tags: Improvements, Performance
1284 Only allocate the health-check mplexer when needed
1287 :tags: Improvements, DNS over HTTPS, DNS over TLS
1290 More useful default ports for DoT/DoH backends
1296 Add --log-timestamps flag
1299 :tags: New Features, DNS over HTTPS, DNS over TLS
1302 Dynamic discovery and upgrade of backends
1305 :tags: New Features, Security
1308 Allow randomly selecting a backend UDP socket and query ID
1315 Remove the leak warning with GnuTLS >= 3.7.3
1321 Add a parameter to PoolAction to keep processing rules
1327 Add Lua FFI helpers for protocol and MAC address access, proxy protocol payload generation
1333 Fix build with OpenSSL 3.0.0
1336 :tags: Improvements, Performance
1339 Defer the actual allocation of the ring buffer entries
1342 :tags: Improvements, DNS over HTTPS, DNS over TLS
1345 Libssl: Load only the ciphers and digests needed for TLS, not all of them
1351 Add support to store mac address in query rings
1357 Build with `-fvisibility=hidden` by default
1363 Add newThread() function
1369 Add a lot more of build-time options to select features
1375 Lua support to remove resource records from a response
1378 :tags: New Features, DNS over HTTPS, DNS over TLS
1381 Add support for password protected PKCS12 files for TLS configuration
1387 Add support to spoof a full self-generated response from lua
1393 Add a Lua FFI helper to generate proxy protocol payloads
1399 Add Lua bindings to get the list of network interfaces, addresses
1402 :tags: New Features, DNS over TLS
1405 Add experimental support for TLS asynchronous engines
1411 Add lua support to limit TTL values of responses
1415 :released: 2nd of November 2022
1417 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.7.x.
1419 dnsdist 1.7.3 contains no functional changes or bugfixes.
1420 This release strictly serves to bring dnsdist packages to our EL9 and Ubuntu Jammy repositories, and upgrades the dnsdist Docker image from Debian buster to Debian bullseye, as buster is officially EOL.
1426 add el9/9stream targets
1432 docker images: upgrade to Debian bullseye
1438 dh_builddeb: force gzip compression (this makes the Ubuntu Jammy packages compatible with our Debian-hosted repositories)
1442 :released: 14th of June 2022
1444 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.7.x.
1451 Scan the UDP buckets only when we have outstanding queries
1458 Only allocate the health-check mplexer when needed
1461 :tags: Bug Fixes, Metrics
1465 Add missing descriptions for prometheus metrics
1468 :tags: Bug Fixes, DNS over HTTPS
1472 Fix invalid proxy protocol payload on a DoH TC to TCP retry
1479 Add Lua bindings to access the DNS payload as a string
1482 :tags: Bug Fixes, DNS over HTTPS
1486 Fix a crash on a invalid protocol in DoH forwarded-for header
1490 :released: 25th of April 2022
1492 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.7.x.
1498 Fix compilation with OpenSSL 3.0.0
1505 Docker images: remove capability requirements
1512 Docker image: install ca-certificates
1519 Fix a use-after-free in case of a network error in the middle of a XFR query
1526 Properly use eBPF when the DynBlock is not set
1533 Work around a compiler bug seen on OpenBSD/amd64 using clang-13
1539 Stop using the now deprecated and useless std::binary_function
1542 :tags: Bug Fixes, DNS over HTTPS, DNS over TLS
1546 Set Server Name Indication on outgoing TLS connections (DoT, DoH)
1549 :tags: Bug Fixes, DNS over HTTPS
1553 Fix the health-check timeout for outgoing DoH connections
1560 Fix 'inConfigCheck()'
1563 :tags: Bug Fixes, Metrics
1567 Fix the latency-count metric
1570 :tags: Improvements, DNS over HTTPS, DNS over TLS
1574 Remove the leak warning with GnuTLS >= 3.7.3
1581 Use the correct outgoing protocol in our ring buffers
1588 Raise the number of entries in a packet cache to at least 1
1595 Add a 'getAddressAndPort()' method to DOHFrontend and TLSFrontend objects
1601 Fix wrong eBPF values (qtype, counter) being inserted for qnames
1608 The check interval applies to health-check, not timeouts
1612 :released: 17th of January 2022
1614 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.7.x.
1621 Test the correct member in DynBlockRatioRule::warningRatioExceeded (Doug Freed)
1625 :released: 22nd of December 2021
1627 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.7.x.
1630 :tags: Improvements, DNS over TLS, Performance
1633 Reuse and save the TLS session tickets in DoT healthchecks
1636 :tags: Bug Fixes, DNS over HTTPS, Security
1639 Fix a double-free when a DoH cross-protocol response is dropped
1642 :tags: Bug Fixes, DNS over HTTPS
1645 Check the size of the query when re-sending a DoH query
1648 :version: 1.7.0-beta2
1649 :released: 29th of November 2021
1656 Fix compiler/static analyzer warnings
1659 :tags: Improvements, DNS over HTTPS, DNS over TLS
1662 Add a function to know how many TLS sessions are currently cached
1665 :tags: Bug Fixes, DNS over HTTPS, DNS over TLS
1668 Fix a memory leak when reusing TLS tickets for outgoing connections
1671 :tags: Improvements, DNS over HTTPS, DNS over TLS
1674 Warn that GnuTLS 3.7.x leaks memory when validating certs
1681 Add 'showWebserverConfig'
1687 Fix Lua parameters bound checks
1690 :tags: Improvements, Performance
1694 Add a function to set the UDP recv/snd buffer sizes
1700 Add missing visibility attribute on `dnsdist_ffi_dnsquestion_get_qname_hash`
1703 :version: 1.7.0-beta1
1704 :released: 16th of November 2021
1706 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.7.x.
1712 Convert make_pair to emplace (Rosen Penev)
1719 Add syslog identifier to service file
1726 Add range support for dynamic blocks
1729 :tags: Bug Fixes, DNS over HTTPS
1732 Keep watching idle DoH backend connections
1735 :tags: Improvements, Performance
1738 Use the same outgoing TCP connection for different clients
1744 Get rid of make_pair (Rosen Penev)
1750 Use make_unique instead of new (Rosen Penev)
1756 Properly handle I/O exceptions in the health checker
1759 :tags: Improvements, DNS over HTTPS, Performance
1762 Read as many DoH responses as possible before yielding
1765 :tags: Improvements, DNS over HTTPS, Performance
1768 Stop over-allocating for DoH queries
1771 :tags: Improvements, Protobuf, DNSTAP
1775 Support DoT, DoH and DNSCrypt transports for protobuf and dnstap
1781 NetmaskTree: Drop the 'noexcept' qualifier on the TreeNode ctor
1788 Handle existing EDNS content for SetMacAddrAction/SetEDNSOptionAction
1791 :tags: Bug Fixes, DNS over HTTPS, DNS over TLS
1794 Fix the cleaning of TCP, DoT and DoH connections to the backend
1800 Fix build without nghttp2
1806 Add the ability to retain select capabilities at runtime
1812 Remove debug print line flooding logs (Eugen Mayer)
1819 Credentials: EVP_PKEY_CTX_set1_scrypt_salt() takes an `unsigned char*`
1822 :tags: New Features, Performance
1823 :pullreq: 10883, 10498
1825 Implement filesystem pinning for eBPF maps, drop and truncate via XDP (Pierre Grié)
1828 :version: 1.7.0-alpha2
1829 :released: 19th of October 2021
1831 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.7.x.
1837 Don't create SSLKEYLOGFILE files with wide permissions
1843 Update existing tags when calling setTagAction and setTagResponseAction
1846 :tags: Bug Fixes, DNS over HTTPS
1850 Better handling of outgoing DoH workers
1857 Fix the unit tests to handle v4-only or v6-only connectivity
1863 Improve the coverage of the outgoing DoH code
1869 Properly cache UDP queries passed to a TCP/DoT/DoH backend
1875 Allow skipping arbitrary EDNS options when computing packet hash
1881 Add lua support for SetEDNSOptionAction
1884 :tags: Improvements, DNS over HTTPS, DNS over TLS
1887 Disable TLS renegotiation, release buffers for outgoing TLS
1893 Rule for basing decisions on outstanding queries in a pool (phonedph1)
1899 Add incoming and outgoing protocols to grepq
1906 Allow setting the block reason from the SMT callback
1912 Use per-thread credentials for GnuTLS client connections
1918 Clear the UDP states of TCP-only backends
1924 Replace shared by unique ptrs, reduce structs size
1930 Only set recursion protection once we know we do not return
1933 :version: 1.7.0-alpha1
1934 :released: 23rd of September 2021
1936 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.7.x.
1943 Move to hashed passwords for the web interface
1949 Reorganize the IDState and Rings fields to reduce memory usage
1955 Fix 'temporary used in loop' warnings reported by g++ 11.1.0
1961 Skip some memory allocations in client mode to reduce memory usage
1967 Support multiple ip addresses for dnsdist-resolver lua script (Wim)
1974 Make DNSDist XFR aware when transfer is finished (Dimitrios Mavrommatis)
1981 Add FFI functions to spoof multiple raw values
1988 Do not report latency metrics of down upstream servers (Holger Hoffstätte)
1995 Carry the exact incoming protocol (Do53, DNSCrypt, DoT, DoH) in DQ
2002 Implement 'reload()' to rotate Log(Response)Action's log file
2005 :tags: New Features, Performance
2008 Add support for Lua per-thread FFI rules and actions
2011 :tags: Improvements, Performance
2014 Don't look up the LMDB dbi by name for every query
2021 Add support for range-based lookups into a Key-Value store
2027 Document that setECSOverride has its drawbacks (Andreas Jakum)
2033 Convert dnsdist and the recursor to LockGuarded
2039 Handle waiting for a descriptor to become readable OR writable
2045 Catch FDMultiplexerException in IOStateHandler's destructor
2048 :tags: New Features, DNS over TLS
2051 Implement cross-protocol queries, including outgoing DNS over TLS
2057 Resizing LMDB map size while there might be open transactions is unsafe
2064 Implement SpoofSVCAction to return SVC responses
2071 Ignore TCAction over TCP
2077 Clean up a bit of "cast from type [...] casts away qualifiers" warnings
2080 :tags: New Features, DNS over HTTPS
2083 Implementation of DoH between dnsdist and the backend
2089 Stop raising the number of TCP workers to the number of TCP binds
2095 Handle exception raised in IOStateGuard's destructor
2099 :released: 15th of September 2021
2101 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.6.x.
2107 Backport a missing mutex header
2110 :tags: Bug Fixes, DNSTAP
2114 Set the dnstap/protobuf transport to TCP for DoH queries
2121 Add the missing DOHFronted::loadNewCertificatesAndKeys()
2128 Implement a web endpoint to get metrics for only one pool
2135 Properly handle ECS for queries with ancount or nscount > 0
2141 Catch FDMultiplexerException in IOStateHandler's destructor
2148 Fix outstanding counter issue on TCP error
2152 :released: 11th of May 2021
2154 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.6.x.
2158 :released: 10th of May 2021
2160 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.5.x.
2173 Fix eBPF filtering of long qnames
2176 :tags: Bug Fixes, Metrics
2180 Fix a typo in prometheus metrics dnsdist_frontend_tlshandshakefailures #9728 (AppliedPrivacy)
2183 :tags: Bug Fixes, Performance
2186 Fix the DNSName move assignment operator
2192 Fix a hang when removing a server with more than one socket
2195 :tags: Bug Fixes, DNS over HTTPS, DNS over TLS
2199 Fix SNI on resumed sessions by acknowledging the name sent by the client
2202 :tags: Bug Fixes, DNS over HTTPS
2206 Fix a crash when a DoH responses map is updated at runtime
2213 Fix Dynamic Block RCode rules messing up the queries count
2220 Fix EDNS in ServFail generated when no server is available
2227 Prevent a crash with DynBPF objects in client mode
2233 Add missing getEDNSOptions and getDO bindings for DNSResponse
2237 :released: 4th of May 2021
2239 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.6.x.
2242 :tags: Improvements, Metrics
2245 Make the backend queryLoad and dropRate values atomic
2252 Only use eBPF for "drop" actions, clean up more often
2255 :tags: Bug Fixes, DNSCrypt
2258 Fix missing locks in DNSCrypt certificates management
2262 :released: 20th of April 2021
2264 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.6.x.
2270 Lua: don't destroy keys during table iteration
2277 Replace pthread_rwlock with std::shared_mutex
2283 Also disable PMTU for v6
2290 Add missing getEDNSOptions and getDO bindings for DNSResponse
2296 Fix some issues reported by Thread Sanitizer
2299 :version: 1.6.0-alpha3
2300 :released: 29th of March 2021
2302 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.6.x.
2308 Improve TCP connection reuse, add metrics
2315 Using DATA to report memory usage is unreliable, start using RES instead, as it seems reliable and relevant
2318 :tags: Improvements, DNS over HTTPS, DNS over TLS
2321 Set OpenSSL to release buffers when idle, saves 35 kB per connection
2327 Add a metric for TCP listen queue full events
2333 Fix the TCP connect timeout, add metrics
2339 Enable sharding by default, greater pipe buffer sizes
2345 Add limits for cached TCP connections, metrics
2348 :tags: Bug Fixes, DNS over HTTPS
2351 Fix the handling of DoH queries with a non-zero ID
2354 :tags: Improvements, DNSCrypt, DNS over HTTPS, DNS over TLS
2357 Unify certificate reloading syntaxes
2360 :tags: Improvements, DNS over HTTPS, DNS over TLS
2363 Disable TLS renegotiation by default
2366 :version: 1.6.0-alpha2
2367 :released: 4th of March 2021
2369 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.6.x.
2375 Bind __tostring instead of toString for Lua, so that conversion to string works automatically (Aki Tuomi)
2382 Make NetmaskTree::fork() a bit easier to understand
2389 Remove forgotten debug line in the web server
2395 Add option to spoofRawAction to spoof multiple answers (Sander Hoentjen)
2401 Add 'spoof' and 'spoofRaw' Lua bindings
2407 Create TCP worker threads before acceptors ones
2414 Prevent a crash with DynBPF objects in client mode
2420 Fix several bugs in the TCP code path, add unit tests
2426 Do not update the TCP error counters on idle states
2432 Fix size check during trailing data addition, regression tests
2438 Clean up expired entries from all the packet cache's shards
2441 :version: 1.6.0-alpha1
2442 :released: 2nd of February 2021
2444 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.6.x.
2450 Add Lua bindings to get a server's latency
2456 Wrap more FILE objects in smart pointers
2463 Use toStringWithPort instead of manual addr/port concat (Mischan Toosarani-Hausberger)
2469 Force a reconnection when a downstream transitions to the UP state (Nuitari, Stephane Bakhos)
2475 Set the default EDNS buffer size on generated answers to 1232
2482 Add support for FreeBSD's SO_REUSEPORT_LB
2485 :tags: Improvements, Performance
2488 Speed up the round robin policy
2494 Handle EINTR in DelayPipe
2497 :tags: Improvements, Performance
2500 Avoid unnecessary allocations and copies with DNSName::toDNSString()
2503 :tags: Improvements, Performance
2507 Get rid of allocations in the packet cache's fast path
2513 Accept string in DNSDistPacketCache:expungeByName
2519 Handle empty DNSNames in grepq()
2525 Add per-thread Lua FFI load-balancing policies
2531 DNSName: add toDNSString convenience function
2534 :tags: Improvements, Security
2537 Use more of systemd's sandboxing options when available
2544 Skip EDNS Cookies in the packet cache
2547 :tags: Improvements, DNS over HTTPS, DNS over TLS
2550 Prioritize ChaCha20-Poly1305 when client does (Sukhbir Singh)
2562 Rename topRule() and friends
2568 Add the query payload size to the verbose log over TCP
2571 :tags: New Features, webserver
2575 Implement Lua custom web endpoints
2582 Fix eBPF filtering of long qnames
2588 Improve const-correctness of Lua bindings (Georgeto)
2595 Add the response code in the packet cache dump
2598 :tags: Improvements, Performance
2601 Fix the DNSName move assignment operator
2607 Implement TCP out-of-order
2613 Add an optional name to rules
2620 Remove useless second argument for `SpoofAction`
2623 :tags: Improvements, Metrics
2626 Add prometheus metrics for top Dynamic Blocks entries
2632 Add the ability to set ACL from a file (Matti Hiljanen)
2635 :tags: Improvements, Performance
2638 Don't copy the policy for every query
2641 :tags: Improvements, Performance
2644 UUID: Use the non-cryptographic variant of the boost::uuid
2651 Add a Lua binding for the number of queries dropped by a server
2654 :tags: Improvements, Metrics, DNS over HTTPS
2657 Add per connection queries count and duration stats for DoH
2663 Fix a hang when removing a server with more than one socket
2666 :tags: Improvements, Performance
2668 :tickets: 9756, 9756, 6763
2670 Use an eBPF filter for Dynamic blocks when available
2673 :tags: Improvements, Performance, Protobuf, DNSTAP
2675 :tickets: 9780, 9781
2677 Use protozero for Protocol Buffer operations
2680 :tags: Bug Fixes, DNS over TLS
2683 Fix SNI on resumed sessions by acknowledging the name sent by the client
2689 Appease clang++ 12 ASAN on macOS
2701 Add support for incoming Proxy Protocol
2707 Bunch of signed vs unsigned warnings
2714 Fix warnings on autoconf 2.70
2717 :tags: Bug Fixes, DNS over HTTPS
2721 Fix a crash when a DoH responses map is updated at runtime
2724 :tags: Improvements, webserver
2727 Reduce diff to upstream yahttp, fixing a few CodeQL reports
2734 Add SkipCacheResponseAction
2737 :tags: Improvements, DNS over HTTPS
2740 Add an option to allow sub-paths for DoH
2747 Handle syslog facility as string, document the numerical one
2750 :tags: Improvements, webserver
2752 :tickets: 8710, 9311
2754 Deprecate parameters to webserver(), add 'statsRequireAuthentication' parameter
2757 :tags: Improvements, DNS over TLS
2760 Start all TCP worker threads on startup
2767 Add a counter for queries truncated because of a rule
2774 Send a NotImp answer on empty (qdcount=0) queries
2780 Replace offensive terms in our code and documentation
2787 Don't apply QPS to backend server on cache hits
2794 Fix EDNS in ServFail generated when no server is available
2801 Use aligned atomics to prevent false sharing
2804 :tags: Improvements, Removals
2808 Unify non-terminal actions as SetXXXAction()
2815 Accept a NMG to fill DynBlockRulesGroup ranges
2821 Silence clang 12 warning
2824 :tags: Improvements, Webserver
2828 Limit the number of concurrent console and web connections
2834 Fix a few warnings reported by clang's static analyzer and cppcheck
2838 :released: 1st of October 2020
2840 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.5.x.
2847 Add the 'clearConsoleHistory' command
2854 Stop the related responder thread when a backend is removed
2860 Fix getEDNSOptions() for {AN,NS}COUNT != 0 and ARCOUNT = 0
2866 Fix building with LLVM11 (@RvdE)
2872 Only add EDNS on negative answers if the query had EDNS
2876 :released: 30th of July 2020
2878 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.5.x.
2884 Use explicit flag for the specific version of c++ we are targeting.
2890 Prevent a possible overflow via large Proxy Protocol values. (Valentei Sergey)
2897 Avoid name clashes on Solaris derived systems.
2903 Resize hostname to final size in getCarbonHostname(). (Aki Tuomi)
2906 :tags: Bug Fixes, DNS over HTTPS
2909 Fix compilation with h2o_socket_get_ssl_server_name().
2915 Fix compilation on OpenBSD/amd64.
2921 Handle calling PacketCache methods on a nil object.
2927 Prevent a copy of a pool's backends when selecting a server.
2931 :released: 7th of July 2020
2933 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.5.x.
2939 Prevent a race between the DoH handling threads
2943 :released: 18th of June 2020
2945 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.5.x.
2951 Less negatives in secpoll error messages improves readability.
2958 Fix compilation on systems that do not define HOST_NAME_MAX
2964 Use std::string_view when available (Rosen Penev)
2967 :tags: Bug Fixes, DNS over HTTPS
2971 Use non-blocking pipes to pass DoH queries/responses around
2977 Do not use `using namespace std;`
2983 Implement an ACL in the internal web server
2990 Clean up dnsdistconf.lua as a default configuration file
2996 Add optional masks to KeyValueLookupKeySourceIP
3000 :released: 13th of May 2020
3002 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.5.x.
3009 Fix compilation of the ports event multiplexer
3015 Avoid copies in for loops
3021 Build with -Wmissing-declarations -Wredundant-decls
3028 Use std::shuffle instead of std::random_shuffle
3034 Get rid of a naked pointer in the /dev/poll event multiplexer
3040 A few warnings fixed, reported by clang on OpenBSD
3043 :tags: Bug Fixes, DNS over HTTPS
3046 Fix duplicated HTTP/1 counter in 'showDOHFrontends()'
3052 Gracefully handle a failure to remove FD on (re)-connection
3058 Wrap pthread objects
3061 :tags: Improvements, Metrics
3064 Add the unit to the help for latency buckets
3070 NetmaskTree: do not test node for null, the loop guarantees node is not null.
3074 :released: 16th of April 2020
3076 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.5.x.
3082 On OpenBSD string_view is both in boost and std
3088 Expose SuffixMatchNode::remove in Lua
3094 Remove a std::move() preventing Return-Value Optimization in lmdb-safe.cc
3097 :tags: Bug Fixes, DNSCrypt
3100 Keep accepting fragmented UDP datagrams on DNSCrypt binds
3103 :tags: Bug Fixes, DNSCrypt
3107 Accept UDP datagrams larger than 1500 bytes for DNSCrypt
3113 Drop responses with the QR bit set to 0
3120 Add an option to control the size of the TCP listen queue
3123 :version: 1.5.0-alpha1
3124 :released: 20th of March 2020
3126 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.5.x.
3132 Don't start as root within a systemd environment
3139 Fix ECS addition when the OPT record is not the last one
3146 Add SetNegativeAndSOAAction() and its Lua binding
3152 Implement dynamic blocking on ratio of rcode/total responses
3155 :tags: Improvements, Performance
3158 Rework NetmaskTree for better CPU and memory efficiency. (Stephan Bosch)
3161 :tags: Improvements, DNS over TLS
3164 Switch the default DoT provider from GnuTLS to OpenSSL
3170 Separate the check-config and client modes
3173 :tags: Improvements, Performance
3176 Implement parallel health checks
3179 :tags: New Features, Performance
3183 Implement LuaFFIRule, LuaFFIAction and LuaFFIResponseAction
3189 Add the number of received bytes to StatNode entries
3192 :tags: Improvements, Performance
3195 Use move semantics when updating the content of the StateHolder
3202 Support setting the value of AA, AD and RA when self-generating answers
3209 Add bounded loads to the consistent hashing policy
3215 pthread_rwlock_init() should be matched by pthread_rwlock_destroy()
3221 Wait longer for the TLS ticket to arrive in our tests
3227 Add missing exception message in KVS error
3233 Replace include guard ifdef/define with pragma once (Chris Hofstaedtler)
3239 LogResponseAction (phonedph1)
3245 Allow retrieving and deleting a backend via its UUID
3248 :tags: Bug Fixes, DNS over TLS
3251 Display the correct DoT provider
3254 :tags: Improvements, Protobuf
3257 Add the source and destination ports to the protobuf msg
3263 Add spoofRawAction() to craft answers from raw bytes
3269 Load an openssl configuration file, if any, during startup
3272 :tags: Improvements, DNS over HTTPS
3276 Don't accept sub-paths of configured DoH URLs
3279 :tags: Bug Fixes, DNS over TLS
3282 Use ref counting for the DoT TLS context
3285 :tags: Improvements, DNS over HTTPS
3289 Implement Cache-Control headers in DoH
3292 :tags: Improvements, Metrics
3296 Add backend status to prometheus metrics
3302 Add getTag()/setTag() Lua bindings for a DNSResponse
3305 :tags: Improvements, Metrics
3308 Add 'IO wait' and 'steal' metrics on Linux
3315 Fix key logging for DNS over TLS
3318 :tags: Improvements, Performance
3321 Keep a masked network in the Netmask class
3327 Add support for Proxy Protocol between dnsdist and the recursor
3333 Add get*BindCount() functions
3339 Fix a typo in the help/completion for getDNSCryptBindCount
3345 Implement rmACL() (swoga)
3351 Remove unused lambda capture reported by clang++
3357 Add sessionTimeout setting for TLS session lifetime (Matti Hiljanen)
3360 :tags: Bug Fixes, Protobuf
3364 Add 'queue full' metrics for our remote logger, log at debug only
3367 :tags: Improvements, Protobuf
3370 Better handling of reconnections in Remote Logger
3373 :tags: Improvements, DNS over HTTPS, DNS over TLS
3377 Document that the 'keyLogFile' option requires OpenSSL >= 1.1.1
3384 Detect {Libre,Open}SSL functions availability during configure
3387 :tags: Improvements, DNS over HTTPS
3391 Change the default DoH path from / to /dns-query
3397 Implement bounded loads for the whashed and wrandom policies
3400 :tags: Improvements, DNSTAP, Performance
3403 Make FrameStream IO parameters configurable
3406 :tags: Improvements, DNS over HTTPS
3410 Add support for the processing of X-Forwarded-For headers
3413 :tags: Bug Fixes, DNS over HTTPS
3416 Set the DoH ticket rotation delay before loading tickets
3423 Warn on startup about low weight values with chashed
3427 :released: 20th of November 2019
3429 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.4.x.
3435 Lowercase the name blocked by a SMT dynamic block
3441 Fix the default value of ``setMaxUDPOutstanding`` in the console's help (phonedph1)
3447 Add bindings for the noerrors and drops members of StatNode
3450 :tags: DNS over HTTPS, DNS over TLS
3453 Prefer the cipher suite from the server by default (DoH, DoT)
3459 Fix -Wshadow warnings (Aki Tuomi)
3465 Fix typo: settting to setting (Chris Hofstaedtler)
3469 :released: 30th of October 2019
3471 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.4.x.
3474 :tags: Improvements, DNS over HTTPS, Metrics
3477 Rename the 'address' label to 'frontend' for DoH metrics
3480 :tags: Bug Fixes, DNS over HTTPS
3483 Increment the DOHUnit ref count when it's set in the IDState
3487 :released: 25th of October 2019
3489 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.4.x.
3492 :tags: New Features, DNS over HTTPS, DNS over TLS
3495 Add support dumping TLS keys via keyLogFile
3498 :tags: Improvements, DNS over HTTPS
3501 Implement reference counting for the DOHUnit object
3504 :tags: Improvements, DNS over HTTPS, DNS over TLS, Metrics
3507 Add metrics about TLS handshake failures for DoH and DoT
3514 Add more options to LogAction (non-verbose mode, timestamps)
3517 :tags: Improvements, DNS over HTTPS, DNS over TLS
3520 Merge the setup of TLS contexts in DoH and DoT
3526 Fix the caching of large entries
3532 Fix formatting in showTCPStats()
3539 Work around cmsg_space somehow not being a constexpr on macOS
3545 Use SO_BINDTODEVICE when available for newServer's source interface
3548 :tags: Bug Fixes, Metrics
3551 Add missing prometheus descriptions for cache-related metrics
3554 :tags: Improvements, DNS over HTTPS, DNS over TLS, Metrics
3557 Add metrics about unknown/inactive TLS ticket keys
3560 :tags: Improvements, DNS over TLS, Metrics
3563 Add metrics about TLS versions with DNS over TLS
3566 :tags: Improvements, DNS over HTTPS, Metrics
3569 Count the number of concurrent connections for DoH as well
3572 :tags: Bug Fixes, DNS over HTTPS
3575 Clear the DoH session ticket encryption key in the ctor
3578 :tags: Improvements, DNS over HTTPS, DNS over TLS
3581 Add a 'preferServerCiphers' option for DoH and DoT
3584 :tags: Bug Fixes, Metrics
3587 Add a prometheus 'thread' label to distinguish identical frontends
3590 :tags: Bug Fixes, Metrics
3593 Fix a typo in the prometheus description of 'senderrors'
3596 :tags: Bug Fixes, Metrics
3599 More prometheus fixes
3602 :tags: Improvements, DNS over HTTPS
3606 Lowercase custom DoH header names
3613 Check the address supplied to 'webserver' in check-config
3616 :tags: Improvements, DNS over HTTPS, Metrics
3619 Refactor DoH prometheus metrics again
3625 Fix the creation order of rules when inserted via setRules()
3629 :released: 30th of September 2019
3631 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.4.x.
3639 Clean up our interactions with errno
3642 :tags: Improvements, DNS over HTTPS, DNS over TLS
3645 Display the DoH and DoT binds in the web view
3652 Remove the 'blockfilter' stat from the web view
3655 :tags: Improvements, DNS over HTTPS
3658 Allow accepting DoH queries over HTTP instead of HTTPS
3664 Fix some spelling mistakes noticed by lintian (Chris Hofstaedtler)
3670 Fix the newCDBKVStore console completion when LMDB is not enabled (phonedph1)
3676 Allow configure CDB_CFLAGS to work (phonedph1)
3682 dnsdistconf.lua use non-deprecated versions for 1.4.0 (phonedph1)
3688 Fix the warning message on an invalid secpoll answer
3695 Don't connect to remote logger in client/command mode
3701 Better use of labels in our DoH prometheus export
3704 :tags: Improvements, DNS over HTTPS
3707 Implement TLS session ticket keys management for DoH
3711 :released: 2nd of September 2019
3713 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.4.x.
3720 Add a KeyValueStoreLookup action based on CDB or LMDB
3726 Update h2o to 2.2.6, fixing CVE-2019-9512, CVE-2019-9514 and CVE-2019-9515 for repo.powerdns.com packages
3729 :tags: New Features, DNS over HTTPS
3732 Add support for early DoH HTTP responses
3735 :tags: Improvements, DNS over HTTPS, DNS over TLS
3739 Add minTLSVersion for DoH and DoT
3745 Split dnsdist-lua-bindings.cc to reduce memory consumption during compilation
3751 Add a Lua binding for `dynBlockRulesGroup:setQuiet(quiet)`
3755 :released: 12th of August 2019
3757 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.4.x.
3763 Disallow TCP disablement
3769 Update boost.m4 to the latest version
3775 SuffixMatchTree: fix root removal, partial match of non-leaf nodes
3781 Print stats from expungeByName (Matti Hiljanen)
3784 :tags: Bug Fixes, DNS over HTTPS
3788 Properly override the HTTP Server header for DoH
3791 :tags: Bug Fixes, DNS over HTTPS, DNS over TLS
3794 Exit when requested DoT/DoH support is not compiled in
3797 :tags: Improvements, DNS over HTTPS
3800 Send better HTTP status codes, handle ACL drops earlier
3803 :tags: Bug Fixes, DNS over HTTPS
3807 Proper HTTP response for timeouts over DoH
3810 :tags: Improvements, DNS over HTTPS
3814 Add more stats about DoH HTTP responses
3817 :tags: Bug Fixes, Carbon, Prometheus
3821 Deduplicate frontends entries with carbon and prometheus
3826 :tickets: 6942, 8084
3835 Squelch unused function warning
3842 Fix short IOs over TCP
3845 :tags: Improvements, DNS over TLS
3848 Improve error messages for DoT issues
3854 Fix handling of backend connection failing over TCP
3860 SuffixMatchNode:add(): accept more types
3867 Explicitly align the buffer used for cmsgs
3873 Add `quiet` parameter to NetmaskGroupRule
3880 Clear cmsg_space(sizeof(data)) in cmsghdr to appease Valgrind
3886 Insert the response into the ringbuffer right after sending it
3892 Add static assertions for the size of the src address control buffer
3898 Don't create temporary strings to escape DNSName labels
3901 :tags: Bug Fixes, DNSCrypt
3905 Skip non-dnscrypt binds in `showDNSCryptBinds()`
3911 Display TCP/DoT queries and responses in verbose mode, opcode in grepq
3917 Be a bit more explicit about what failed in testCrypto()
3924 Handle ENOTCONN on read() over TCP
3927 :tags: Improvements, DNSCrypt
3931 Accept more than one certificate in `addDNSCryptBind()`
3937 Make sure we always compile with BOOST_CB_ENABLE_DEBUG set to 0
3943 Catch exceptions thrown when handling a TCP response
3949 Fix unlimited retries when TCP Fast Open is enabled
3955 M4/systemd.m4: fail when systemctl is not available
3958 :tags: Bug Fixes, Prometheus
3961 Fix a typo in the Server's latency description for Prometheus (phonedph1)
3967 Update URLs to use HTTPS scheme (Chris Hofstaedtler)
3970 :tags: Bug Fixes, DNS over HTTPS
3973 Prevent a dangling DOHUnit pointer when send() failed
3979 Double-check we only increment the outstanding counter once
3985 Implement ContinueAction()
3992 Console: flush cout after printing g_outputbuffer (Doug Freed)
3999 ext/ipcrypt: ship license in tarballs (Chris Hofstaedtler)
4002 :tags: New Features, DNS over HTTPS, DNS over TLS
4006 Add OCSP stapling (from files) for DoT and DoH
4009 :tags: New Features, DNS over HTTPS
4011 :tickets: 7957, 7900
4013 Add support for custom DoH headers (Melissa Voegeli)
4016 :tags: New Features, DNS over HTTPS
4020 Add lua bindings, rules and action for DoH
4026 Use a counter to mark IDState usage instead of the FD
4032 Fix signedness issue in isEDNSOptionInOpt()
4038 Increase the default value of setMaxUDPOutstanding to 65535
4041 :version: 1.4.0-beta1
4042 :released: 6th of June 2019
4044 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.4.x.
4047 :tags: Bug Fixes, DoH
4051 DoH: Don't let 'self' dangling while parsing the request's qname, this could lead to a crash
4057 Fix minor issues reported by Coverity
4060 :tags: New Features, DoT, DoH
4064 Implement SNIRule for DoT and DoH
4070 Remove second, incomplete copy of lua EDNSOptionCode table
4073 :tags: Improvements, Prometheus
4077 Support Prometheus latency histograms (Marlin Cremers)
4080 :version: 1.4.0-alpha2
4081 :released: 26th of April 2019
4083 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.4.x.
4089 Ignore Path MTU discovery on UDP server socket
4095 Alternative solution to the unaligned accesses.
4101 Exit when setting ciphers fails (GnuTLS)
4106 :tickets: 6911, 7526
4108 Add DNS over HTTPS support based on libh2o
4111 :version: 1.4.0-alpha1
4112 :released: 12th of April 2019
4114 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.4.x.
4120 Make recursor & dnsdist communicate (ECS) 'variable' status
4126 Fix compiler warning about returning garbage (Adam Majer)
4132 Fix warnings, mostly unused parameters, reported by -wextra
4137 :tickets: 6941, 2362
4139 Add namespace and instance variable to carbon key (Gibheer)
4145 Add optional uuid column to showServers()
4151 Allow NoRecurse for use in dynamic blocks or Lua rules (phonedph1)
4158 Expose secpoll status
4164 Configure --enable-pdns-option --with-third-party-module (Josh Soref)
4170 Protect GnuTLS tickets key rotation with a read-write lock
4176 Check that ``SO_ATTACH_BPF`` is defined before enabling eBPF
4182 Drop remaining capabilities after startup
4189 Add an optional 'checkTimeout' parameter to 'newServer()'
4196 Add a 'rise' parameter to 'newServer()'
4203 Add a 'keepStaleData' option to the packet cache
4208 :tickets: 6846, 6897
4210 Expose trailing data (Richard Gibson)
4216 More sandboxing using systemd's features
4222 Fix off-by-one in mvRule counting
4228 Reduce systemcall usage in Protobuf logging
4234 Resync YaHTTP code to cmouse/yahttp@11be77a1fc4032 (Chris Hofstaedtler)
4240 Add option to set interval between health checks (1848)
4246 Add EDNS unknown version handling (Dmitry Alenichev)
4252 Pass empty response (Dmitry Alenichev)
4258 Change the way getRealMemusage() works on linux (using statm)
4264 Don't convert nsec to usec if we need nsec
4270 DNSNameSet and QNameSetRule (Andrey)
4282 Handle EAGAIN in the GnuTLS DNS over TLS provider
4289 Gracefully handle a null latency in the webserver's js
4296 Prevent 0-ttl cache hits
4303 Add addDynBlockSMT() support to dynBlockRulesGroup
4309 Add frontend response statistics (Matti Hiljanen)
4315 EDNSOptionView improvements
4322 Add support for encrypting ip addresses #gdpr
4328 Remove addLuaAction and addLuaResponseAction
4333 :tickets: 7526, 4814
4335 Refactoring of the TCP stack
4342 Honor libcrypto include path
4349 Add 'setSyslogFacility()'
4356 Prevent a conflict with BADSIG being clobbered
4362 Switch to the new 'newPacketCache()' syntax for 1.4.0
4368 Add 'reloadAllCertificates()'
4374 Move constants to proper namespace
4380 Unify the management of DNS/DNSCrypt/DoT frontends
4384 :released: 8th of November 2018
4386 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.3.x.
4390 :pullreq: 6737, 6939
4393 Add consistent hash builtin policy
4405 Add DSTPortRule (phonedph1)
4411 Make getOutstanding usable from both lua and console (phonedph1)
4417 Get rid of some allocs/copies in DNS parsing
4423 Display dynblocks' default action, None, as the global one
4428 :tickets: 6348, 4857
4430 Set a correct EDNS OPT RR for self-generated answers
4436 Added :excludeRange and :includeRange methods to DynBPFFilter class (Reinier Schoof)
4442 Fix a sign-comparison warning in isEDNSOptionInOPT()
4446 :pullreq: 3935, 6343, 6901, 7007, 7089
4447 :tickets: 4947, 6002
4449 Add Prometheus stats support (Pavel Odintsov, Kai S)
4455 Fix compilation when SO_REUSEPORT is not defined
4460 :tickets: 6907, 6907
4462 Add warning rates to DynBlockRulesGroup rules
4469 Name threads in the programs
4474 :tickets: 7004, 6990
4476 Add support for exporting a server id in protobuf
4482 dnsdist did not set TCP_NODELAY, causing needless latency
4488 Release memory on DNS over TLS handshake failure
4494 Add a setting to control the number of stored sessions
4501 Wrap GnuTLS and OpenSSL pointers in smart pointers
4508 Support the NXDomain action with dynamic blocks
4515 Add a 'creationOrder' field to rules
4522 Fix return-type detection with boost 1.69's tribool
4529 Fix format string issue on 32bits ARM
4535 Wrap TCP connection objects in smart pointers
4542 Add the setConsoleOutputMaxMsgSize function
4548 Add security polling
4555 Add the ability to update webserver credentials
4561 Add a PoolAvailableRule to easily add backup pools (Robin Geuze)
4568 Handle trailing data correctly when adding OPT or ECS info
4572 :released: 10th of July 2018
4574 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.3.x.
4580 Add missing include for PRId64, fix build on CentOS 6 / SLES 12
4584 :released: 10th of July 2018
4586 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.3.x.
4593 Remove `thelog` and `thel` and replace this with a global g_log
4599 Fix two small nits on the documentation
4606 Move the el6 dnsdist package to upstart
4612 Initialize the done variable in the rings' unit tests
4618 Reorder headers to fix OpenBSD build
4625 CLI option improvements (Chris Hofstaedtler)
4631 Split pdns_enable_unit_tests (Chris Hofstaedtler)
4637 Restrict value range for weight parameter, avoid sum overflows dropping queries (Dan McCombs)
4641 :pullreq: 6445, 6457, 6470
4650 Docs: fix missing ref in the dnsdist docs
4656 Be more permissive in wrandom tests, log values on failure
4663 Tests: avoid failure on not-so-optimal distribution
4670 Add support for more than one TLS certificate
4676 Add syntax to dns.proto to silence compilation warning.
4682 Fix warnings reported by gcc 8.1.0
4689 Document setVerboseHealthchecks()
4695 Update dq.rst (phonedph1)
4707 Don't copy unitialized values of SuffixMatchTree
4713 Expose toString of various objects to Lua (Chris Hofstaedtler)
4719 Remove 'expired' states from MaxQPSIPRule
4725 Fix reconnection handling
4732 Mark the remote member of DownstreamState as const
4738 Dynamic blocks were being created with the wrong duration (David Freedman)
4745 Test the content of dynamic blocks using the API
4752 Default set "connection: close" header for web requests
4758 Update timedipsetrule.rst (phonedph1)
4765 Don't access the TCP buffer vector past its size
4771 Show droprate in API output
4778 Limit qps and latency to two decimals in the web view
4783 :tickets: 6683, 6709
4785 Refuse console connection without a proper key set
4792 Add a negative ttl option to the packet cache
4798 Check the flags to detect collisions in the packet cache
4804 Add the ability to dump a summary of the cache content
4810 Fix iterating over the results of exceed*() functions
4816 Fix duration false positive in the dynblock regression tests
4822 Add netmask-based {ex,in}clusions to DynblockRulesGroup
4829 Add DNSAction.NoOp to debug dynamic blocks
4836 Implement NoneAction()
4843 Detect ECS collisions in the packet cache
4849 Fix an outstanding counter race when reusing states
4856 Add SetECSAction to set an arbitrary outgoing ecs value
4862 Use LRU to clean the MaxQPSIPRule's store
4868 Disable maybe uninitialized warnings with boost optional
4874 Add support for rotating certificates and keys
4881 Luawrapper: report caught std::exception as lua_error
4887 Dnstap.rst: fix some editing errors (Chris Hofstaedtler)
4894 Allow known exception types to be converted to string
4899 :released: 30th of March 2018
4901 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.3.x.
4904 :tags: Improvements, New Features
4905 :pullreq: 5576, 5860
4906 :tickets: 5202, 5859
4908 Add cache sharding, ``recvmmsg`` and CPU pinning support.
4909 With these, the scalability of :program:`dnsdist` is drastically improved.
4915 Add burst option to :func:`MaxQPSIPRule` (42wim).
4922 Handle SNMP alarms so we can reconnect to the daemon.
4928 Add an optional `status` parameter to :func:`Server:setAuto`.
4935 Fix signed/unsigned comparison warnings on ARM.
4941 Add Pools, cacheHitResponseRules to the API.
4947 Add :func:`inClientStartup` function.
4954 Add a class option to health checks.
4960 Add tag-based routing of queries.
4964 :pullreq: 6117, 6175, 6176, 6177, 6189
4966 Add experimental :doc:`DNS-over-TLS <guides/dns-over-tls>` support.
4972 Add UUIDs to rules, this allows tracking rules through modifications and moving them around.
4978 Keep trying if the first connection to the remote logger failed
4982 :pullreq: 5201, 6170
4984 Add simple :doc:`dnstap <reference/dnstap>` support (Justin Valentini, Chris Hofstaedtler).
4991 Apply ResponseRules to locally generated answers (Chris Hofstaedtler).
4997 Report :func:`LuaAction` and :func:`LuaResponseAction` failures in the log and send SERVFAIL instead of not answering the query (Chris Hofstaedtler).
5003 Unify global statistics accounting (Chris Hofstaedtler).
5007 :pullreq: 6350, 6366
5009 Speed up the processing of large ring buffers.
5010 This change will make :program:`dnsdist` more scalable with a large number of different clients.
5017 Make custom :func:`addLuaAction` and :func:`addLuaResponseAction` callback's second return value optional.
5023 Add "server-up" metric count to Carbon Reporting (Lowell Mower).
5027 :pullreq: 6045, 6382
5029 Add xchacha20 support for :doc:`DNSCrypt <guides/dnscrypt>`.
5035 Scalability improvement: Add an option to use several source ports towards a backend.
5039 :pullreq: 6375, 5866
5042 Add '?' and 'help' for providing help() output on ``dnsdist -c`` (Kirill Ponomarev, Chris Hofstaedtler).
5046 :pullreq: 6190, 6381
5048 Replace the Lua mutex with a rw lock to limit contention.
5049 This improves the processing speed and parallelism of the policies.
5053 :pullreq: 6220, 5594
5054 :tickets: 5079, 5654
5056 Add experimental XPF support based on `draft-bellis-dnsop-xpf-04 <https://tools.ietf.org/html/draft-bellis-dnsop-xpf-04>`__.
5062 Add :func:`ERCodeRule` to match on extended RCodes (Chris Hofstaedtler).
5068 Fix escaping unusual DNS label octets in DNSName is off by one (Kees Monshouwer).
5074 Add :func:`TempFailureCacheTTLAction` (Chris Hofstaedtler).
5080 Ensure :program:`dnsdist` compiles on NetBSD (Tom Ivar Helbekkmo).
5087 Also log eBPF dynamic blocks, as regular dynamic block already are.
5090 :tags: New Features, Improvements
5093 Add :ref:`DynBlockRulesGroup` to improve processing speed of the :func:`maintenance` function by reducing memory usage and not walking the ringbuffers multiple times.
5100 Remove the ``--daemon`` option from :program:`dnsdist`.
5107 Add :func:`console ACL <addConsoleACL>` functions.
5114 Allow adding :meth:`EDNS Client Subnet information <ServerPool:setECS>` to a query before looking in the cache.
5115 This allows serving ECS enabled answers from the cache when all servers in a pool are down.
5122 Ensure large numbers are shown correctly in the API.
5129 Add option to :func:`showRules` to truncate the output length.
5135 Avoid assertion errors in :func:`NewServer` (Chris Hofstaedtler).
5141 Fix several warnings reported by clang's analyzer and cppcheck, should lead to small performance increases.
5146 :released: 16th of February 2018
5148 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.2.x.
5154 Add configuration option to disable IP_BIND_ADDRESS_NO_PORT (Dan McCombs).
5160 Handle bracketed IPv6 addresses without ports (Chris Hofstaedtler).
5166 Make dnsdist dynamic truncate do right thing on TCP/IP.
5172 Add missing QPSAction
5178 Don't create a Remote Logger in client mode.
5184 Use libsodium's CFLAGS, we might need them to find the includes.
5190 Keep the TCP connection open on cache hit, generated answers.
5196 Add the missing <sys/time.h> include to mplexer.hh for struct timeval.
5202 Sort the servers based on their 'order' after it has been set.
5208 Quiet unused variable warning on macOS (Chris Hofstaedtler).
5215 Fix the outstanding counter when an exception is raised.
5222 Do not connect the snmpAgent from a dnsdist client.
5226 :released: 21st of August 2017
5228 Please review the :doc:`Upgrade Guide <../upgrade_guide>` before upgrading from versions < 1.2.x.
5235 DNSName: Check that both first two bits are set in compressed labels.
5240 :tickets: 4131, 4155
5242 Handle unreachable servers at startup, reconnect stale sockets
5249 Gracefully handle invalid addresses in :func:`newServer`.
5256 Add an option to 'mute' UDP responses per bind.
5259 :tags: New Features, Performance
5262 Add TCP management options from :rfc:`RFC 7766 section 10 <7766#section-10>`.
5268 LuaWrapper: Use the correct index when storing a function.
5275 Save history to home-dir, only use CWD as a last resort.
5281 Add the :func:`setRingBuffersSize` directive to allows changing the ringbuffer size.
5284 :tags: Improvements, Security
5287 Merge the client and server nonces to prevent replay attacks.
5293 Use ``IP_BIND_ADDRESS_NO_PORT`` when available.
5300 Send a latency of 0 over carbon, null over API for down servers.
5305 :tickets: 4775, 4660
5307 Add an optional ``seconds`` parameter to :func:`statNodeRespRing`.
5313 Report a more specific lua version and report luajit in ``--version``.
5316 :tags: Improvements, DNSCrypt
5317 :pullreq: 4813, 4926
5319 Store the computed shared key and reuse it for the response for DNSCrypt messages.
5322 :tags: New Features, Protobuf
5326 Add an option to export CNAME records over protobuf.
5333 Allow TTL alteration via Lua.
5339 Add :func:`RDRule` to match queries with the ``RD`` flag set.
5345 Add :func:`setWHashedPertubation` for consistent ``whashed`` results.
5351 Add ``tcpConnectTimeout`` to :func:`newServer`.
5357 Fix negative port detection for IPv6 addresses on 32-bit.
5364 Fix crashed on SmartOS/Illumos (Roman Dayneko).
5368 :pullreq: 4788, 5036
5371 Add cache hit response rules.
5374 :tags: Improvements, Performance
5377 Add :func:`setTCPUseSinglePipe` to use a single TCP waiting queue.
5384 Change ``truncateTC`` to defaulting to off, having it enabled by default causes an compatibility with :rfc:`6891` (Robin Geuze).
5388 :pullreq: 4987, 5037
5391 Don't cache answers without any TTL (like SERVFAIL).
5394 :tags: Improvements, Performance
5395 :pullreq: 4985, 5501
5398 Add ``sendSizeAndMsgWithTimeout`` to send size and data in a single call and use it for TCP Fast Open towards backends.
5404 Prevent issues by unshadowing variables.
5407 :tags: New Features, SNMP
5408 :pullreq: 4989, 5123, 5204
5410 Add :doc:`SNMP support <advanced/snmp>`.
5413 :tags: Bug Fixes, Performance
5417 Refactor SuffixMatchNode using a SuffixMatchTree.
5423 Register DNSName::chopOff (@plzz).
5429 Allow passing :class:`DNSName`\ s as DNSRules.
5432 :tags: Bug Fixes, Webserver
5435 Send an HTTP 404 on unknown API paths.
5438 :tags: Improvements, Performance
5441 Tune systemd unit-file for medium-sized installations (Winfried Angele).
5447 Add support for setting the server selection policy on a per pool basis (Robin Geuze).
5451 :pullreq: 5150, 5171
5454 Make :func:`includeDirectory` work sorted (Robin Geuze).
5457 :tags: Improvements, LuaWrapper
5460 Allow embedded NULs in strings received from Lua.
5466 Add a ``suffixMatch`` parameter to :meth:`PacketCache:expungeByName` (Robin Geuze).
5472 Cleanup closed TCP downstream connections.
5478 Fix destination port reporting on "any" binds.
5485 Add an option so the packet cache entries don't age.
5488 :tags: Bug Fixes, Security
5491 Unified ``-k`` and :func:`setKey` behaviour for client and server mode now.
5497 Improve reporting of C++ exceptions that bubble up via Lua.
5500 :tags: Improvements, Performance
5503 Add the possibility to fill a :class:`NetmaskGroup` (using :meth:`NetmaskGroup:addMask`) from `exceeds*` results.
5509 Add better logging on queries that get dropped, timed out or received.
5515 Add :func:`QNameRule`.
5521 Correctly truncate EDNS Client Subnetmasks.
5527 Print useful messages when query and response actions are mixed.
5533 Add an optional action to :func:`addDynBlocks`.
5539 Add an optional interface parameter to :func:`addLocal`/:func:`setLocal`.
5542 :tags: Bug Fixes, Performance
5545 Get rid of ``std::move()`` calls preventing copy elision.
5552 Fix :func:`RecordsTypeCountRule`\ 's handling of the # of records in a section.
5558 Make a ``truncate`` action available to DynBlock and Lua.
5565 Change stats functions to always return lowercase names (Robin Geuze).
5571 Implement a runtime changeable rule that matches IP address for a certain time called :func:`TimedIPSetRule`.
5575 :pullreq: 5449, 5454
5577 Only use TCP Fast Open when supported and prevent compiler warnings.
5583 Add ``DNSRule::toString()`` and add virtual destructors to DNSRule, DNSAction and DNSResponseAction so the destructors of derived classes are run even when deleted via the base type.
5589 Add support for returning several IPs to spoof from Lua.
5593 :pullreq: 5490, 5508
5594 :tickets: 5420, 5507
5596 Add Lua bindings to be able to rotate DNSCrypt keys, see :doc:`guides/dnscrypt`.
5599 :tags: Improvements, Performance
5602 Add labels count to StatNode, only set the name once.
5613 :pullreq: 5396, 5577
5615 Add the capability to set arbitrary tags in protobuf messages.
5622 Skip timeouts on the response latency graph.
5629 Deprecate syntactic sugar functions.
5636 Don't use square brackets for IPv6 in Carbon metrics.
5643 Copy the DNS header before encrypting it in place.
5650 Add setConsoleConnectionsLogging().
5656 Fix potential pointer wrap-around on 32 bits.
5662 Make the API available with an API key only.
5667 Released December 29th 2016
5669 Changes since 1.1.0-beta2:
5674 - `#4783 <https://github.com/PowerDNS/pdns/pull/4783>`__: Add -latomic
5676 - `#4812 <https://github.com/PowerDNS/pdns/pull/4812>`__: Handle
5677 header-only responses, handle Refused as Servfail in the cache
5682 - `#4762 <https://github.com/PowerDNS/pdns/pull/4762>`__:
5683 SuffixMatchNode: Fix an insertion issue for an existing node
5684 - `#4772 <https://github.com/PowerDNS/pdns/pull/4772>`__: Fix dnsdist
5685 initscript config check
5690 Released December 14th 2016
5692 Changes since 1.1.0-beta1:
5697 - `#4518 <https://github.com/PowerDNS/pdns/pull/4518>`__: Fix dynblocks
5698 over TCP, allow refusing dyn blocked queries
5699 - `#4519 <https://github.com/PowerDNS/pdns/pull/4519>`__: Allow
5700 altering the ECS behavior via rules and Lua
5701 - `#4535 <https://github.com/PowerDNS/pdns/pull/4535>`__: Add
5702 ``DNSQuestion:getDO()``
5703 - `#4653 <https://github.com/PowerDNS/pdns/pull/4653>`__:
5704 ``getStatisticsCounters()`` to access counters from Lua
5705 - `#4657 <https://github.com/PowerDNS/pdns/pull/4657>`__: Add
5706 ``includeDirectory(dir)``
5707 - `#4658 <https://github.com/PowerDNS/pdns/pull/4658>`__: Allow editing
5709 - `#4702 <https://github.com/PowerDNS/pdns/pull/4702>`__: Add
5710 ``setUDPTimeout(n)``
5711 - `#4726 <https://github.com/PowerDNS/pdns/pull/4726>`__: Add an option
5712 to return ServFail when no server is available
5713 - `#4748 <https://github.com/PowerDNS/pdns/pull/4748>`__: Add
5714 ``setCacheCleaningPercentage()``
5719 - `#4533 <https://github.com/PowerDNS/pdns/pull/4533>`__: Fix building
5720 with clang on OS X and FreeBSD
5721 - `#4537 <https://github.com/PowerDNS/pdns/pull/4537>`__: Replace
5722 luawrapper's std::forward/std::make\_tuple combo with
5723 std::forward\_as\_tuple (Sangwhan "fish" Moon)
5724 - `#4596 <https://github.com/PowerDNS/pdns/pull/4596>`__: Change the
5725 default max number of queued TCP conns to 1000
5726 - `#4632 <https://github.com/PowerDNS/pdns/pull/4632>`__: Improve
5727 dnsdist error message on a common typo/config mistake
5728 - `#4694 <https://github.com/PowerDNS/pdns/pull/4694>`__: Don't use a
5729 const\_iterator for erasing (fix compilation with some versions of
5731 - `#4715 <https://github.com/PowerDNS/pdns/pull/4715>`__: Specify that
5732 dnsmessage.proto uses protobuf version 2
5733 - `#4765 <https://github.com/PowerDNS/pdns/pull/4765>`__: Some service
5739 - `#4425 <https://github.com/PowerDNS/pdns/pull/4425>`__: Fix a
5740 protobuf regression (requestor/responder mix-up) caused by a94673e
5741 - `#4541 <https://github.com/PowerDNS/pdns/pull/4541>`__: Fix insertion
5742 issues in SuffixMatchTree, move it to dnsname.hh
5743 - `#4553 <https://github.com/PowerDNS/pdns/pull/4553>`__: Flush output
5744 in single command client mode
5745 - `#4578 <https://github.com/PowerDNS/pdns/pull/4578>`__: Fix
5746 destination address reporting
5747 - `#4640 <https://github.com/PowerDNS/pdns/pull/4640>`__: Don't exit
5748 dnsdist on an exception in maintenance
5749 - `#4721 <https://github.com/PowerDNS/pdns/pull/4721>`__: Handle
5750 exceptions in the UDP responder thread
5751 - `#4734 <https://github.com/PowerDNS/pdns/pull/4734>`__: Add the TCP
5752 socket to the map only if the connection succeeds. Closes #4733
5753 - `#4742 <https://github.com/PowerDNS/pdns/pull/4742>`__: Decrement the
5754 queued TCP conn count if writing to the pipe fails
5755 - `#4743 <https://github.com/PowerDNS/pdns/pull/4743>`__: Ignore
5756 newBPFFilter() and newDynBPFFilter() in client mode
5757 - `#4753 <https://github.com/PowerDNS/pdns/pull/4753>`__: Fix FD leak
5758 on TCP connection failure, handle TCP worker creation failure
5759 - `#4764 <https://github.com/PowerDNS/pdns/pull/4764>`__: Prevent race
5760 while creating new TCP worker threads
5765 Released September 1st 2016
5767 Changes since 1.0.0:
5772 - `#3762 <https://github.com/PowerDNS/pdns/pull/3762>`__ Teeaction:
5773 send copy of query to second nameserver, sponge responses
5774 - `#3876 <https://github.com/PowerDNS/pdns/pull/3876>`__ Add
5775 ``showResponseRules()``, ``{mv,rm,top}ResponseRule()``
5776 - `#3936 <https://github.com/PowerDNS/pdns/pull/3936>`__ Filter on
5777 opcode, records count/type, trailing data
5778 - `#3975 <https://github.com/PowerDNS/pdns/pull/3975>`__ Make dnsdist
5779 {A,I}XFR aware, document possible issues
5780 - `#4006 <https://github.com/PowerDNS/pdns/pull/4006>`__ Add eBPF
5781 source address and qname/qtype filtering
5782 - `#4008 <https://github.com/PowerDNS/pdns/pull/4008>`__ Node
5783 infrastructure for querying recent traffic
5784 - `#4042 <https://github.com/PowerDNS/pdns/pull/4042>`__ Add
5785 server-side TCP Fast Open support
5786 - `#4050 <https://github.com/PowerDNS/pdns/pull/4050>`__ Add
5787 ``clearRules()`` and ``setRules()``
5788 - `#4114 <https://github.com/PowerDNS/pdns/pull/4114>`__ Add
5789 ``QNameLabelsCountRule()`` and ``QNameWireLengthRule()``
5790 - `#4116 <https://github.com/PowerDNS/pdns/pull/4116>`__ Added src
5791 boolean to NetmaskGroupRule to match destination address (Reinier
5793 - `#4175 <https://github.com/PowerDNS/pdns/pull/4175>`__ Implemented
5794 query counting (Reinier Schoof)
5795 - `#4244 <https://github.com/PowerDNS/pdns/pull/4244>`__ Add a
5796 ``setCD`` parameter to set cd=1 on health check queries
5797 - `#4284 <https://github.com/PowerDNS/pdns/pull/4284>`__ Add
5798 RCodeRule(), Allow, Delay and Drop response actions
5799 - `#4305 <https://github.com/PowerDNS/pdns/pull/4305>`__ Add an
5800 optional Lua callback for altering a Protobuf message
5801 - `#4309 <https://github.com/PowerDNS/pdns/pull/4309>`__ Add
5802 showTCPStats function (RobinGeuze)
5803 - `#4329 <https://github.com/PowerDNS/pdns/pull/4329>`__ Add options to
5804 LogAction() so it can append (instead of truncate) (Duane Wessels)
5809 - `#3714 <https://github.com/PowerDNS/pdns/pull/3714>`__ Add
5810 documentation links to dnsdist.service (Ruben Kerkhof)
5811 - `#3754 <https://github.com/PowerDNS/pdns/pull/3754>`__ Allow the use
5812 of custom headers in the web server
5813 - `#3826 <https://github.com/PowerDNS/pdns/pull/3826>`__ Implement a
5814 'quiet' mode for SuffixMatchNodeRule()
5815 - `#3836 <https://github.com/PowerDNS/pdns/pull/3836>`__ Log the
5816 content of webserver's exceptions
5817 - `#3858 <https://github.com/PowerDNS/pdns/pull/3858>`__ Only log
5818 YaHTTP's parser exceptions in verbose mode
5819 - `#3877 <https://github.com/PowerDNS/pdns/pull/3877>`__ Increase max
5820 FDs in systemd unit, warn if clearly too low
5821 - `#4019 <https://github.com/PowerDNS/pdns/pull/4019>`__ Add an
5822 optional ``addECS`` option to ``TeeAction()``
5823 - `#4029 <https://github.com/PowerDNS/pdns/pull/4029>`__ Add version
5824 and feature information to version output
5825 - `#4079 <https://github.com/PowerDNS/pdns/pull/4079>`__ Return an
5826 error on RemoteLog{,Response}Action() w/o protobuf
5827 - `#4246 <https://github.com/PowerDNS/pdns/pull/4246>`__ API now sends
5828 pools as a JSON array instead of a string
5829 - `#4302 <https://github.com/PowerDNS/pdns/pull/4302>`__ Add ``help()``
5830 and ``showVersion()``
5831 - `#4286 <https://github.com/PowerDNS/pdns/pull/4286>`__ Add response
5832 rules to the API and Web status page
5833 - `#4068 <https://github.com/PowerDNS/pdns/pull/4068>`__ Display the
5834 dyn eBPF filters stats in the web interface
5839 - `#3755 <https://github.com/PowerDNS/pdns/pull/3755>`__ Fix RegexRule
5840 example in dnsdistconf.lua
5841 - `#3773 <https://github.com/PowerDNS/pdns/pull/3773>`__ Stop copying
5842 the HTTP request headers to the response
5843 - `#3837 <https://github.com/PowerDNS/pdns/pull/3837>`__ Remove dnsdist
5844 service file on trusty
5845 - `#3840 <https://github.com/PowerDNS/pdns/pull/3840>`__ Catch
5846 WrongTypeException in client mode
5847 - `#3906 <https://github.com/PowerDNS/pdns/pull/3906>`__ Keep the
5848 servers ordered inside pools
5849 - `#3988 <https://github.com/PowerDNS/pdns/pull/3988>`__ Fix
5850 ``grepq()`` output in the README
5851 - `#3992 <https://github.com/PowerDNS/pdns/pull/3992>`__ Fix some typos
5852 in the AXFR/IXFR documentation
5853 - `#3995 <https://github.com/PowerDNS/pdns/pull/3995>`__ Fix comparison
5854 between signed and unsigned integer
5855 - `#4049 <https://github.com/PowerDNS/pdns/pull/4049>`__ Fix dnsdist
5856 rpm building script #4048 (Daniel Stirnimann)
5857 - `#4065 <https://github.com/PowerDNS/pdns/pull/4065>`__ Include
5858 editline/readline.h instead of readline.h/history.h
5859 - `#4067 <https://github.com/PowerDNS/pdns/pull/4067>`__ Disable eBPF
5860 support when BPF\_FUNC\_tail\_call is not found
5861 - `#4069 <https://github.com/PowerDNS/pdns/pull/4069>`__ Fix a buffer
5862 overflow when displaying an OpcodeRule
5863 - `#4101 <https://github.com/PowerDNS/pdns/pull/4101>`__ Fix $
5864 expansion in build-dnsdist-rpm
5865 - `#4198 <https://github.com/PowerDNS/pdns/pull/4198>`__ newServer
5866 setting maxCheckFailures makes no sense (stutiredboy)
5867 - `#4205 <https://github.com/PowerDNS/pdns/pull/4205>`__ Prevent the
5868 use of "any" addresses for downstream server
5869 - `#4220 <https://github.com/PowerDNS/pdns/pull/4220>`__ Don't log an
5870 error when parsing an invalid UDP query
5871 - `#4348 <https://github.com/PowerDNS/pdns/pull/4348>`__ Fix invalid
5872 outstanding count for {A,I}XFR over TCP
5873 - `#4365 <https://github.com/PowerDNS/pdns/pull/4365>`__ Reset origFD
5874 asap to keep the outstanding count correct
5875 - `#4375 <https://github.com/PowerDNS/pdns/pull/4375>`__ Tuple requires
5876 make\_tuple to initialize
5877 - `#4380 <https://github.com/PowerDNS/pdns/pull/4380>`__ Fix
5878 compilation with clang when eBPF support is enabled
5883 Released April 21st 2016
5885 Changes since 1.0.0-beta1:
5890 - `#3700 <https://github.com/PowerDNS/pdns/pull/3700>`__ Create user
5891 from the RPM package to drop privs
5892 - `#3712 <https://github.com/PowerDNS/pdns/pull/3712>`__ Make check
5893 should run testrunner
5894 - `#3713 <https://github.com/PowerDNS/pdns/pull/3713>`__ Remove
5895 contrib/dnsdist.service (Ruben Kerkhof)
5896 - `#3722 <https://github.com/PowerDNS/pdns/pull/3722>`__ Use LT\_INIT
5897 and disable static objects (Ruben Kerkhof)
5898 - `#3724 <https://github.com/PowerDNS/pdns/pull/3724>`__ Include
5899 PDNS\_CHECK\_OS in configure (Chris Hofstaedtler)
5900 - `#3728 <https://github.com/PowerDNS/pdns/pull/3728>`__ Document
5901 libedit Ctrl-R workaround for CentOS 6
5902 - `#3730 <https://github.com/PowerDNS/pdns/pull/3730>`__ Make
5903 ``topBandwidth()`` behave like other top\* functions
5904 - `#3731 <https://github.com/PowerDNS/pdns/pull/3731>`__ Clarify a bit
5905 the documentation of load-balancing policies
5910 - `#3711 <https://github.com/PowerDNS/pdns/pull/3711>`__ Building rpm
5911 needs systemd headers (Ruben Kerkhof)
5912 - `#3736 <https://github.com/PowerDNS/pdns/pull/3736>`__ Add missing
5913 Lua binding for NetmaskGroupRule()
5914 - `#3739 <https://github.com/PowerDNS/pdns/pull/3739>`__ Drop
5915 privileges after daemonizing and writing our pid
5920 Released April 14th 2016
5922 Changes since 1.0.0-alpha2:
5927 - Per-pool packet cache
5928 - Some actions do not stop the processing anymore when they match,
5929 allowing more complex setups: Delay, Disable Validation, Log,
5930 MacAddr, No Recurse and of course None
5931 - The new RE2Rule() is available, using the RE2 regular expression
5932 library to match queries, in addition to the existing POSIX-based
5934 - SpoofAction() now supports multiple A and AAAA records
5935 - Remote logging of questions and answers via Protocol Buffer
5940 - `#3405 <https://github.com/PowerDNS/pdns/pull/3405>`__ Add health
5941 check logging, ``maxCheckFailures`` to backend
5942 - `#3412 <https://github.com/PowerDNS/pdns/pull/3412>`__ Check config
5943 - `#3440 <https://github.com/PowerDNS/pdns/pull/3440>`__ Client
5944 operation improvements
5945 - `#3466 <https://github.com/PowerDNS/pdns/pull/3466>`__ Add dq binding
5946 for skipping packet cache in LuaAction (Jan Broer)
5947 - `#3499 <https://github.com/PowerDNS/pdns/pull/3499>`__ Add support
5948 for multiple carbon servers
5949 - `#3504 <https://github.com/PowerDNS/pdns/pull/3504>`__ Allow
5950 accessing the API with an optional API key
5951 - `#3556 <https://github.com/PowerDNS/pdns/pull/3556>`__ Add an option
5952 to limit the number of queued TCP connections
5953 - `#3578 <https://github.com/PowerDNS/pdns/pull/3578>`__ Add a
5954 ``disable-syslog`` option
5955 - `#3608 <https://github.com/PowerDNS/pdns/pull/3608>`__ Export cache
5957 - `#3622 <https://github.com/PowerDNS/pdns/pull/3622>`__ Display the
5958 ACL content on startup
5959 - `#3627 <https://github.com/PowerDNS/pdns/pull/3627>`__ Remove ECS
5960 option from response's OPT RR when necessary
5961 - `#3633 <https://github.com/PowerDNS/pdns/pull/3633>`__ Count "TTL too
5963 - `#3677 <https://github.com/PowerDNS/pdns/pull/3677>`__ systemd-notify
5969 - `#3388 <https://github.com/PowerDNS/pdns/pull/3388>`__ Lock the Lua
5970 context before executing a LuaAction
5971 - `#3433 <https://github.com/PowerDNS/pdns/pull/3433>`__ Check that the
5972 answer matches the initial query
5973 - `#3461 <https://github.com/PowerDNS/pdns/pull/3461>`__ Fix crash when
5974 calling rmServer() with an invalid index
5975 - `#3550 <https://github.com/PowerDNS/pdns/pull/3550>`__,\ `#3551 <https://github.com/PowerDNS/pdns/pull/3551>`__
5976 Fix build failure on FreeBSD (Ruben Kerkhof)
5977 - `#3594 <https://github.com/PowerDNS/pdns/pull/3594>`__ Prevent EOF
5978 error for empty console response w/o sodium
5979 - `#3634 <https://github.com/PowerDNS/pdns/pull/3634>`__ Prevent
5980 dangling TCP fd in case setupTCPDownstream() fails
5981 - `#3641 <https://github.com/PowerDNS/pdns/pull/3641>`__ Under
5982 threshold, QPS action should return None, not Allow
5983 - `#3658 <https://github.com/PowerDNS/pdns/pull/3658>`__ Fix a race
5984 condition in MaxQPSIPRule
5989 Released February 5th 2016
5991 Changes since 1.0.0-alpha1:
5996 - Lua functions now receive a DNSQuestion ``dq`` object instead of
5997 several parameters. This adds a greater compatibility with PowerDNS
5998 and allows adding more parameters without breaking the API
5999 (`#3198 <https://github.com/PowerDNS/pdns/issues/3198>`__)
6000 - Added a ``source`` option to ``newServer()`` to specify the local
6001 address or interface used to contact a downstream server
6002 (`#3138 <https://github.com/PowerDNS/pdns/issues/3138>`__)
6003 - CNAME and IPv6-only support have been added to spoofed responses
6004 (`#3064 <https://github.com/PowerDNS/pdns/issues/3064>`__)
6005 - ``grepq()`` can be used to search for slow queries, along with
6007 - New Lua functions: ``addDomainCNAMESpoof()``, ``AllowAction()`` by
6008 @bearggg, ``exceedQRate()``, ``MacAddrAction()``, ``makeRule()``,
6009 ``NotRule()``, ``OrRule()``, ``QClassRule()``, ``RCodeAction()``,
6010 ``SpoofCNAMEAction()``, ``SuffixMatchNodeRule()``, ``TCPRule()``,
6012 - ``NetmaskGroup`` support have been added in Lua
6013 (`#3144 <https://github.com/PowerDNS/pdns/issues/3144>`__)
6014 - Added ``MacAddrAction()`` to add the source MAC address to the
6016 (`#3313 <https://github.com/PowerDNS/pdns/issues/3313>`__)
6021 - An issue in DelayPipe could make dnsdist crash at startup
6022 - ``downstream-timeouts`` metric was not always updated
6023 - ``truncateTC`` was unproperly updating the response length
6024 (`#3126 <https://github.com/PowerDNS/pdns/issues/3126>`__)
6025 - DNSCrypt responses larger than queries were unproperly truncated
6026 - An issue prevented info message from being displayed in non-verbose
6027 mode, fixed by Jan Broer
6028 - Reinstating an expired Dynamic Rule was not correctly logged
6029 (`#3323 <https://github.com/PowerDNS/pdns/issues/3323>`__)
6030 - Initialized counters in the TCP client thread might have cause FD and
6031 memory leak, reported by Martin Pels
6032 (`#3300 <https://github.com/PowerDNS/pdns/issues/3300>`__)
6033 - We now drop queries containing no question (qdcount == 0)
6034 (`#3290 <https://github.com/PowerDNS/pdns/issues/3290>`__)
6035 - Outstanding TCP queries count was not always correct
6036 (`#3288 <https://github.com/PowerDNS/pdns/issues/3288>`__)
6037 - A locking issue in exceedRespGen() might have caused crashes
6038 (`#3277 <https://github.com/PowerDNS/pdns/issues/3277>`__)
6039 - Useless sockets were created in client mode
6040 (`#3257 <https://github.com/PowerDNS/pdns/issues/3257>`__)
6041 - ``addAnyTCRule()`` was generating TC=1 responses even over TCP
6042 (`#3251 <https://github.com/PowerDNS/pdns/issues/3251>`__)
6047 - Cleanup of the HTML by Sander Hoentjen
6048 - Fixed an XSS reported by @janeczku
6049 (`#3217 <https://github.com/PowerDNS/pdns/issues/3217>`__)
6050 - Removed remote images
6051 - Set the charset to UTF-8, added some security-related and CORS HTTP
6053 - Added server latency by Jan Broer
6054 (`#3201 <https://github.com/PowerDNS/pdns/issues/3201>`__)
6055 - Switched to official minified versions of JS scripts, by Sander
6056 Hoentjen (`#3317 <https://github.com/PowerDNS/pdns/issues/3317>`__)
6057 - Don't log unauthenticated HTTP request as an authentication failure
6059 Various documentation updates and minor cleanups:
6060 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6062 - Added documentation for Advanced DNS Protection features (Dynamic
6063 rules, ``maintenance()``)
6064 - Make ``topBandwidth()`` default to the top 10 clients
6065 - Replaced readline with libedit
6066 - Added GPL2 License
6067 (`#3200 <https://github.com/PowerDNS/pdns/issues/3200>`__)
6068 - Added incbin License
6069 (`#3269 <https://github.com/PowerDNS/pdns/issues/3269>`__)
6070 - Updated completion rules
6071 - Removed wrong option ``--daemon-no`` by Stefan Schmidt
6076 Released December 24th 2015