The following section outlines changes that have been made between DNS Edge Service Point versions:
Attention: When you upgrade to DNS Edge SP v3.3.1, you cannot downgrade to v3.0.7 or lower.
- Addressed the truncating of responses at 512 bytes when using UDP without EDNS.
- Addressed NXDOMAIN response behavior for Block Policy evaluation.
- Introduced support for utilizing the Source IP and CIDR as an operational matching criteria within a Namespace.
- Introduced the ability to resolve expired queries from cache when the upstream server is unavailable.
- Provided support for DNS/DHCP Server upgrades.
- Introduced updates to address multiple CVE vulnerabilities.
- Improved memory utilization to enhance resilience and restart conditions.
- Improved QPS performance with full query logging using a VM with current specifications. QPS guidance for various configurations will be published separately in a follow up communication.
- Vertical scalability: allocating additional memory and vCPUs will increase QPS performance within limits.
- Service points will now by default load balance queries to the forwarders
defined within a namespace. The service point will select a forwarder within
a namespace using the following algorithm:
- Pick the server with least number of queries “in the air”.
- In case of a tie, pick the one with the lowest measured latency (over an average on the last 128 queries answered by that server).
- Default health check of upstream DNS servers (For example, forwarders configured within a namespace configuration). The service point sends a health check query (a query for “a.root-servers.net.”) every second to determine the availability of a DNS server configured as a forwarder within a namespace. This record does not need to be resolved successfully for a positive health check, however the forwarder must return a status.
- Service points will now, by default, provide added resiliency by serving expired records from cache when the upstream DNS server defined in the namespace is unavailable. Expired records will be served when available in cache, for a duration of 1 hour after expiry.
- Configure the service point to enable Custom Logging — securely store your data in DNS Edge Cloud to conduct advanced analysis, and/or send data in a standard JSON format to any HTTP/HTTPS endpoint on your network. For more information on how to configure this functionality, refer to Custom Logging.
- Introduce fix for the upgrade to 3.0.6.
- Introduce support to deploy service points on a BlueCat DNS/DHCP Server.
- Initial introduction of support that enables customers to manage the service point updates independently.