GEO Version 2.3.57.0 Release Notes
GEO Version 2.3.57.0 is a feature and bug fix update for the General Availability (GA) branch, made available on 30 June 2022. Please read the sections below before installing or upgrading to this release.
These notes list the fixes related directly to GEO product functionality. For a list of the new features, changes, and fixes in the base LMOS system on which GEO is running, please see the LoadMaster Release Notes for LMOS 7.2.57.0.
Upgrade Notes
Please see the LoadMaster Release Notes for LMOS 7.2.57.0 for a list of supported models for this release as well as for other upgrade notes, including how to validate the update image's digital signature.
New Features
GEO: BIND Upgrade and EDNS Client Subnet (ECS) Support
BIND is an open source software suite provided by the Internet Systems Consortium (ISC) for interacting with the Domain Name System (DNS). LoadMaster and LoadMaster GEO have been updated to version 9.16.24. BIND 9.16 is the current “Stable/ESV version”, according to the ISC website.
Alongside this update, GEO has been enhanced with Extended DNS (EDNS) Client Subnet, or ECS, support. This is a new global option on the GSLB Miscellaneous Params page, which is disabled by default on upgrade and enabled by default on a fresh install. With this feature enabled, GEO will be able to provide better greographic location determination over previous releases.
The ECS feature leverages the larger EDNS packet size and the Client Subnet field that can be set by the client making the DNS request. When a DNS query arrives with an ECS value set, that value will be used as the client location for all DNS operations, with the exception of deny lists. If there is no ECS information in the query (i.e., it was either never supplied by the client or was stripped out by an intervening DNS server that doesn’t support EDNS), GEO will behave as in previous releases.
GEO: Manage FQDN UI Sorting and Filtering
The GEO Manage FQDN UI has been enhanced to provide:
- Sorting: Controls on the table columns allow for sorting FQDNs by Name, IP Address, or Availability.
- Filtering: You can limit the number of FQDNs displayed by selecting one of the Name or IP address radio buttons at the top right of the table; typing in the text box immediately limits the display to matching FQDNs. These can then be sorted using the controls above. Clearing the text box cancels filtering and displays all items.
GEO: Increase Limit on IPs per FQDN to 256
The number of IP addresses permitted in a single FQDN (Fully Qualified Domain Name) has been increased from 64 to 256. This allows traffic to a single FQDN to be directed to up to 256 endpoints, providing the ability to scale across large load spikes and keep services highly availability.
The Web Application Firewall > Access Settings page of the UI now displays the version of the currently installed OWASP Core Rule Set (CRS).
The WAF section of the Virtual Services Properties page has been updated to no longer allow individual custom rules to be selected. Custom rule selection is supported on a file basis only.
Issues Resolved
|
LM-118 |
GEO: Fixed issues that could cause the configuration file generation number and the SOA serial number to become out of sync over time. |
New Known Issues
|
LM-477 |
GEO Downgrade: When downgrading from a release that supports more than 64 IPs per FQDN to a release that only supports up to 64 IPs per FQDN, the GEO configuration may become corrupted if there is at least one FQDN in the configuration that contains more than 64 IP addresses. The corruption will likely be evidenced by errors in the UI/API when you list the FQDNs. To avoid this issue entirely, reduce the number of IPs per FQDN to 64 or less for all FQDNs defined before you downgrade. If you have already downgraded, you can switch back to the previous boot partition to go back to the newer release (which supports > 64 IPs per FQDN); you can then reduce the number of IPs as above and downgrade again. If neither of these options is possible, please contact Kemp Support who will consult with engineering on a solution to your issues. |
|
LM-864 |
GEO Performance: Starting with LMOS 7.2.55.0, a performance degradation has been seen where Queries per Second (QPS) can be up to 50% lower than with version 7.2.54 and previous releases. This issue will be addressed in the LMOS 7.2.58.0 release. |
|
LM-1134 |
GEO EDNS Client Subnet (ECS): It has been observed that with ECS enabled and an FQDN with the default private/public behavior selected, a private-network client may receive a non-routable DNS response in certain scenarios. |
Existing Known Issues
|
PD-19704 |
GEO Cluster Status: When adding a Cluster that is unavailable (DOWN) to a Site, the Site may reflect the Cluster's status as available (UP) for a short time before changing to DOWN. |
|
PD-19108 LM-127 |
GEO: Modifying an FQDN entry displays a spurious error on the system console, similar to the one shown below. The FQDN is modified properly. <FQDN>:794 Uncaught ReferenceError: disp_addrr_elements is not defined at <FQDN>:794 (anonymous) @ <FQDN>:794 |
|
PD-19093 LM-127 |
GEO: Cannot configure GEO into partnering mode unless there is at least one FQDN already defined. |
|
PD-18615 LM-134 |
GEO: No statistics (queries per second, etc.) are displayed for a site if the FQDN is configured to use the "All Available" Selection Criteria. |
|
PD-15633 |
GEO: If you add a Zone Name to GEO after you have created working FQDNs, GEO may no longer respond to queries for one or more of the FQDNs after the Zone Name is added. The workaround is to remove and then re-add the FQDNs that are no longer working. |
|
PD-9765 |
GEO: DNS TCP requests from unknown sources are not supported. |