Will these updates eventually make their way into CentOS EPEL? Looks like I'm still on 1.3.0 pulling from those repos.
On Tue, Jul 10, 2018 at 7:20 AM, Remi Gacogne <remi.gaco...@powerdns.com> wrote: > Hello everyone, > > We are very happy to announce the 1.3.2 release of dnsdist. This release > contains a few new features, but is mostly fixing bugs and documentation > issues reported since the release of dnsdist 1.3.0. You might be > wondering why this release is not numbered 1.3.1, we discovered a build > issue on some platforms right after tagging 1.3.1 and therefore decided > to release 1.3.2 right away. > > Breaking changes > ================ > > After discussing with several users, we noticed that quite a lot of them > were not aware that enabling the dnsdist's console without a key, even > restricted to the local host, could be a security issue and allow > privilege escalation by allowing an unprivileged user to connect to the > console and execute Lua code as the dnsdist user. We therefore decided > to refuse any connection to the console until a key has been set, so > please check that you do set a key before upgrading if you use the console. > > New features > ============ > > The DNS over TLS feature introduced in 1.3.0 was missing the ability to > support both an RSA and an ECDSA certificate at the same time, and it > was not possible to switch to a new certificate without restarting > dnsdist. This has now been fixed. > > The packet cache has also been improved in this release, with the > addition of a negative TTL option to be able to specify how long NODATA > and NXDOMAIN answers should be cache, as well as a way to dump the > content of the cache. We also made the detection of ECS collisions more > robust, preventing two queries for the same name, type and class but a > different ECS subnet from colliding even if they did hash to the same > value. > > This version gained the ability to insert dynamic rules that do nothing, > and do not stop the processing of subsequent rules, which is very useful > for testing purposes. The optimized DynblockRulesGroup introduced in > 1.3.0 also gained the ability to whitelist and blacklist ranges from > dynamic rules, for example to prevent some clients from ever being > blocked by a rate-limiting rule. > > Finally, we introduced the new SetECSAction directive to be able to > force the ECS value sent to a downstream server for some or all queries. > > Bug fixes > ========= > > In addition to various documentation and cosmetics fixes, a few annoying > bugs have been fixed in this release: > > - If the first connection attempt to a given backend failed, dnsdist > didn't properly reconnect even when the backend became available ; > - Dynamic blocks were sometimes created with the wrong duration ; > - The ability to iterate over the results of the Lua exceed*() functions > was broken in 1.3.0, preventing manual whitelisting from Lua ; > - Some statistics were displayed with too many decimals in the web > interface ; > - A backend outstanding queries counter could become wrong if it dropped > a lot of queries for a while. > > > Please see the dnsdist website [1] for the more complete changelog > [2] and the current documentation. > > Release tarballs are available on the downloads website [3]. > > Several packages are also available on our repository [4]. > > > [1]: https://dnsdist.org > [2]: https://dnsdist.org/changelog.html > [3]: https://downloads.powerdns.com/releases/dnsdist-1.3.2.tar.bz2 > [4]: https://repo.powerdns.com/ > > Best regards, > > -- > Remi Gacogne > PowerDNS.COM BV - https://www.powerdns.com/ > > > _______________________________________________ > dnsdist mailing list > dnsdist@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/dnsdist > >
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
