Open-Xchange releases DNSdist 1.6.0

May 21, 2021


Open-Xchange is pleased to announce the release of DNSdist 1.6.0, the latest version of its state-of-the-art DNS-aware load balancer, which protects, balances and filters internet users’ DNS traffic in front of OX PowerDNS or legacy recursive servers and is used to optimize the DNS traffic of hundreds of millions of internet users.

In addition to its load balancing capabilities, DNSdist comes with many additional features, including protection against malicious and abusive traffic, such as DDoS attacks, DNS tunneling and exfiltration.

DNSdist 1.6.0 includes improvements for another extremely important feature of DNSdist: DNS encryption with DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). Highlights include:

  • Support of out-of-order processing 'for TCP and DNS over TLS connections: This makes it possible to have several concurrent queries on the same TCP connection, and to receive the answers to these queries as soon as they are ready. Along with connection reuse, this reduces the overhead of TCP by a huge factor and results in a performance gain for DoT and TCP connections.
  • Support for accepting a Proxy Protocol header on incoming connections: Accepting a Proxy Protocol header on incoming connections allows an easier chaining of two DNSdist instances; for example, in distributed deployments such as DNSdist near the edge in a 5G network.
  • Additional performance improvements: DNSdist 1.6.0 provides several enhancements to increase performance; for example, it reduces CPU overhead on sending protobuf messages and comes with cache improvements by allowing specific kind of queries to be answered from the DNSdist cache more often. DNSdist now also becomes even more efficient by reducing memory usage for idle DoH and DoT connections.

You can find more details on the improvements listed above, and all other features on the technical PowerDNS blog.

Stay tuned for further enhancements with DNSdist 1.7.0, which will be released later this year. With DNSdist 1.7.0, Open-Xchange will continue to advance in DNS encryption. In addition to encrypting DNS traffic between clients and devices and DNSdist, DNSdist 1.7.0 will also include encryption between DNSdist and the recursive backend.

Please reach out to us or your OX account manager if you want to learn more about DNSdist and DNS encryption with OX PowerDNS.


About the author

Alexander ter Haar

Alexander ter Haar

PowerDNS Product Management


Related Articles

PowerDNS brings encrypted DNS capabilities onto routers for the...

Helps protect confidentiality and integrity of traffic in the first mile CPE (customer premise equipment) manufacturers,...

Chris Holder Jul 5, 2023

DNSdist as a router-ready solution

As you might have read, with the release of DNSdist 1.8, PowerDNS brings DNS encryption with DNS over TLS (DoT) and DNS over...

Bob Brandt Apr 12, 2023

Production-ready PowerDNS Cloud Control available

DNS is one of the vital components of the internet, invisibly making the internet work for everyone for almost four decades....

Alexander ter Haar Dec 5, 2022

PowerDNS @ Network X 2022

This year, for the first time, Network X took place in Amsterdam, the Netherlands. As a new format, Network X combines the...

Cord Stukenberg Oct 25, 2022