github semihalev/sdns v1.6.1
on GitHub

4 hours ago

What's Changed

New Features

  • Add Reflex middleware for DNS amplification/reflection attack detection (#438)
    • Behavioral scoring based on query patterns (rate, types, amplification)
    • TCP connection proves real IP (clears suspicion)
    • Bounded memory with automatic cleanup (100K IPs max)
    • Learning mode for threshold tuning
    • Prometheus metrics for monitoring
  • Add config validation flag -t/--test for CI/CD pipelines (#439)
  • Add cache Prometheus metrics (hits, misses, evictions, prefetches, size, hit rate) (#439)

Bug Fixes

  • Fix rate limiter CPU spike (140% at 800 QPS) under random IP attacks (#403)
  • Fix concurrent CopyTo panic in resolver (#425)
  • Fix response silently truncated without TC bit being set
  • Fix MaxConcurrentQueries default value (#425)
  • Fix Windows console ANSI escape codes issue (#401)

Improvements

  • Add circuit breaker pattern to prevent querying known-down servers (#425)
  • Add goroutine limiting (MaxConcurrentQueries) to prevent resource exhaustion (#425)
  • Update zlog to v2 with improved Windows terminal support

Testing

  • Add comprehensive tests for util, cache, resolver, kubernetes, blocklist packages
  • Improved overall test coverage

Dependencies

  • Bump github.com/miekg/dns from 1.1.66 to 1.1.68
  • Bump github.com/quic-go/quic-go from 0.53.0 to 0.55.0
  • Bump k8s.io/client-go from 0.33.2 to 0.34.2
  • Bump golang.org/x/crypto from 0.41.0 to 0.45.0
  • Bump github.com/prometheus/client_golang
  • Other dependency updates

Full Changelog: v1.6.0...v1.6.1

Check out latest releases or
releases around semihalev/sdns v1.6.1

Don't miss a new sdns release

NewReleases is sending notifications on new releases.

Get notifications