Open-Xchange is pleased to announce the release of DNSdist 1.6.0, the latest version of its state-of-the-art DNS-aware load balancer, which protects, balances and filters internet users’ DNS traffic in front of OX PowerDNS or legacy recursive servers and is used to optimize the DNS traffic of hundreds of millions of internet users.
In addition to its load balancing capabilities, DNSdist comes with many additional features, including protection against malicious and abusive traffic, such as DDoS attacks, DNS tunneling and exfiltration.
DNSdist 1.6.0 includes improvements for another extremely important feature of DNSdist: DNS encryption with DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). Highlights include:
- Support of out-of-order processing 'for TCP and DNS over TLS connections: This makes it possible to have several concurrent queries on the same TCP connection, and to receive the answers to these queries as soon as they are ready. Along with connection reuse, this reduces the overhead of TCP by a huge factor and results in a performance gain for DoT and TCP connections.
- Support for accepting a Proxy Protocol header on incoming connections: Accepting a Proxy Protocol header on incoming connections allows an easier chaining of two DNSdist instances; for example, in distributed deployments such as DNSdist near the edge in a 5G network.
- Additional performance improvements: DNSdist 1.6.0 provides several enhancements to increase performance; for example, it reduces CPU overhead on sending protobuf messages and comes with cache improvements by allowing specific kind of queries to be answered from the DNSdist cache more often. DNSdist now also becomes even more efficient by reducing memory usage for idle DoH and DoT connections.
You can find more details on the improvements listed above, and all other features on the technical PowerDNS blog.
Stay tuned for further enhancements with DNSdist 1.7.0, which will be released later this year. With DNSdist 1.7.0, Open-Xchange will continue to advance in DNS encryption. In addition to encrypting DNS traffic between clients and devices and DNSdist, DNSdist 1.7.0 will also include encryption between DNSdist and the recursive backend.
Please reach out to us or your OX account manager if you want to learn more about DNSdist and DNS encryption with OX PowerDNS.
