Isebe elitsha elizinzileyo le-DNS BIND 9.18 likhutshiwe

Emva kweminyaka emibini yophuhliso, I-ISC ikhuphe inguqulelo yokuqala ezinzileyo ye isebe elitsha elikhulu lomncedisi I-DNS BIND 9.18 eya kuxhaswa iminyaka emithathu kude kube yikota yesibini ka-2025 njengenxalenye yomjikelo owandisiweyo wolondolozo.

Inkxaso yesebe le-9.11 iya kuphela ngoMatshi kwaye isebe le-9.16 phakathi ku-2023. Isebe lokulinga le-BIND 9.19.0 lenziwe ukuphuhlisa ukusebenza kuguqulelo oluzinzileyo olulandelayo lwe-BIND.

Ukuphehlelelwa I-BIND 9.18.0 imele ukuphumeza inkxaso ye-DNS teknoloji phezu kweHTTPS (DoH, DNS phezu kweHTTPS) kunye I-DNS ngaphezulu kwe-TLS (i-DoT, i-DNS ngaphezulu kwe-TLS), kunye nendlela yeXoT (i-XFR-over-TLS yosasazo olukhuselekileyo lwesiqulatho se-DNS ngaphezulu kwemimandla ye-TLS phakathi kweeseva (imimandla yokuthumela nokufumana ixhaswa ngeXoT).

Ngobumbeko olufanelekileyo, inkqubo enye enegama inokusebenza ngoku ingeyiyo kuphela imibuzo yeDNS yesiNtu, kodwa nayo imibuzo ethunyelwe kusetyenziswa iDNS ngaphezulu kweHTTPS kunye neDNS ngaphezulu kweTLS. Inkxaso ye-DNS ngaphezulu komxhasi we-TLS yakhelwe kwi-dig eluncedo, enokusetyenziswa ukuthumela imibuzo nge-TLS xa iflegi "+tls" icacisiwe.

Phakathi iimpawu zokuphunyezwa kwe-DoH kwi-BIND, ibalaselisa kungenzeka ukudlulisela imisebenzi yoguqulelo oluntsonkothileyo lweTLS komnye umncedisi, enokuthi ibe yimfuneko kwiimeko apho izatifikethi ze-TLS zigcinwe kwenye inkqubo (umzekelo, kwisiseko esineeseva zewebhu) kunye nenkonzo yabanye abasebenzi. Inkxaso ye-DNS engafihlwanga ngaphezulu kwe-HTTP iphunyezwe ukwenza lula ukulungisa iimpazamo kwaye njengomaleko wokudlulisela komnye umncedisi kuthungelwano lwangaphakathi (ukuhambisa uguqulelo oluntsonkothileyo kwiseva eyahlukileyo). Kwiseva ekude, i-nginx ingasetyenziselwa ukuvelisa itrafikhi ye-TLS, efana nendlela i-HTTPS ebophelela ngayo ilungiselelwe iziza.

Izinto ezintsha eziphambili ze-DNS BIND 9.18

Kolu guqulelo lutsha luvezwayo singayifumana loo nto izicwangciso zongezwa I-tcp-yamkele-i-buffer, i-tcp-thumela-i-buffer, i-udp-yamkele-i-buffer, kunye ne-udp-send-buffer ukuseta ubukhulu be-buffer obusetyenziswa xa uthumela kwaye ufumana izicelo nge-TCP kunye ne-UDP. Kwiiseva ezixakekileyo, ukwanda kwe-buffers engenayo kuya kuthintela ukuhla kweepakethi ngexesha le-spikes yezithuthi kwaye ukunciphisa kuya kunceda ukuphelisa ukuvala imemori ngezicelo ezindala.

Olunye utshintsho olwahlukileyo kukuba yongeza udidi olutsha lwelogi "rpz-passthru", evumela ukubhalisa ngokwahlukeneyo izenzo zogqithiso lwe-RPZ (IiNdawo zoMgaqo-nkqubo wokuPhendula), ukongeza yongeza "nsdname-wait-recurse" ukhetho kwicandelo lomgaqo-nkqubo wokuphendula, xa imiselwe ku "hayi", RPZ NSDNAME imigaqo isetyenziswa kuphela ukuba abagunyazisiweyo nameservers bakhona kwi cache yesicelo; ngenye indlela, umthetho we-RPZ NSDNAME awuhoywa, kodwa ulwazi lufunyanwa ngasemva kwaye lusetyenziswa kwizicelo ezilandelayo.

Ukujongana nemiba ngoqhekeko lwe-IP xa uphethe imiyalezo emikhulu ye-DNS, echongwe linyathelo leDNS Flag Day 2020, ikhowudi elungelelanisa ubungakanani be-EDNS buffer kwimeko apho umbuzo awuphendulwanga iye yasuswa kumsombululi. Ubungakanani bebuffer ye-EDNS ngoku bumiselwe ngokuqhubekayo (edns-udp-size) kuzo zonke izicelo eziphumayo.

Ngaphandle kwayo isusiwe inkxaso yeefayile zezowuni kwifomathi "yemaphu". (imephu kwifomati yefayile enkulu). Abasebenzisi bale fomati bayacetyiswa ukuba baguqule iindawo zibe kwifomati ekrwada besebenzisa into eluncedo enegama-yokuqokelela.

Ye- Olunye utshintsho olwahlukileyo:

  • Kwiirekhodi ezineentlobo ze-HTTPS kunye ne-SVCB, inkqubo yecandelo elithi "ADDITIONAL" iphunyeziwe.
  • Iintlobo zomgaqo-nkqubo wohlaziyo olongeziweyo (i-krb5-subdomain-self-rhs kunye ne-ms-subdomain-self-rhs) ukukhawulela ukuhlaziywa kwi-SRV kunye neerekhodi ze-PTR. Kwiibhloko zomgaqo-nkqubo wohlaziyo, ukukwazi ukubeka imida kwinani leerekhodi, ezihlukeneyo zohlobo ngalunye, zongezwe.
  • Ulwazi olongeziweyo malunga neprotocol yezothutho (UDP, TCP, TLS, HTTPS) kunye ne-DNS64 prefixes kwimveliso ye-dig utility.
  • Inkxaso eyongeziweyo yethala leencwadi le-OpenSSL 3.0.
  • Inkqubo yokwakha itshintshiwe ukuba isebenzise i-autoconf, i-automake, kunye ne-libtool.
  • Ukususwa kwenkxaso ye-DLZ yangaphambili (imimandla elayishekayo ngokutshintshayo) abalawuli kwaye endaweni yeemodyuli ze-DLZ.
  • Isusiwe yokwakha kwaye iqhube inkxaso yeqonga leWindows. Isebe lamva nje elinokufakwa kwi-Windows ngu-BIND 9.16.

Gqibela Ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha kwi ukulandela ikhonkco.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.