Valeriansaliou Constellation Versions Save

🌌 Pluggable authoritative DNS server. Entries can be added & removed from an HTTP REST API.

3 years ago

Breaking: A list of DNS resolvers must now be passed in the configuration using the dns.flatten.resolvers option for the DNS flattening service to work. This should fix a file descriptor leak seen when using Constellation in large-scale deployments, due to a weakness in the underlying DNS resolver library used (trust-dns-resolver), where some file descriptors would not be closed after performing a DNS request using the default system resolver. This can, after some time, overwhelm the system-enforced fd limit, and prevent Constellation from accepting any further TCP DNS query, as well as open any TCP client connection.

3 years ago

Added the ability to flatten CNAME values for a record (with the flatten API property; no CNAME flattening is done by default).
Do not return a CNAME value aside from A, AAAA, etc. records, set priority to flat records.

4 years ago

Updated GeoIP updates management to support new licensing requirements from MaxMind (you can now pass your license key in the initialization script and update URL).
Bumped dependencies.

4 years ago

Breaking: Reworked the Redis pool manager to be able to configure failover (ie. rescue) Redis servers, that should be set to be read-only (the primary Redis host has been moved to redis.master, while optional failover Redis hosts can be configured with redis.rescue).
Added the ability to perform DNS health checks on a forced virtual host, with the dns.health.http.host configuration variable.

4 years ago

Implemented health check retries in case of a failed attempt due to an invalid response status code or response body (retries were previously only performed in case of a TCP-level or TLS-level error, but it's also good to have them work for HTTP-level errors in some stacks).

4 years ago

Bumped http_req to v0.5.2, which adds support for IPv6 URIs.
Now showing replica identity in DNS health check Slack notifications (the server.identifier configuration property has been added, allowing this).

4 years ago

Added a DNS health check system, that temporarily removes unhealthy endpoints (for A, AAAA and CNAME RR types) from DNS responses for a host (HTTP and HTTPS checks are supported via the dns.health.http configuration property).
Improved the cache system, which is now able to serve stale cache if the Redis backend is unreachable.
Cached records are now kept up-to-date with Redis in the background, saving precious milliseconds in the main DNS responder thread (with the redis.cache_refresh_seconds configuration property).
Fixed an implementation mistake in the DNS responder, that resulted in a NOERROR with no records if Redis is unreachable, where the correct answer was SERVFAIL.
Fixed a bug in the Redis backend connector; if Redis went down and Constellation failed accessing Redis as many times as there were connections in the Redis pool, all further attempts would hang and timeout (where they should have failed fast with a Disconnected internal error).
Fixed a bug in the DNS NOERROR and NXDOMAIN response types that are sent depending on whether record exists or not (regression introduced in v1.7.0 with the cache system).
Bumped all dependencies (except trust-dns and trust-dns-server due to conflicts).

4 years ago

Added a metrics interface through the HTTP REST API, which provides statistics for: Query Types, Query Origins and Answer Codes.

5 years ago

Added the ability to serve empty DNS records to certain countries (with the blackhole API property).
Optimized Redis reads at scale with a local cache layer (this avoids hitting Redis 1M time if there are 1M DNS queries on the same name and type).
Added a Docker image, available on Docker Hub.
Bumped all dependencies (except trust-dns and trust-dns-server due to conflicts).

5 years ago

When there are multiple response records, randomize the returned order of those records (that is how most DNS servers work as to be used as load balancers).