Bayan shekara daya da rabi na ci gaba saki na caching DNS uwar garken , da alhakin canza suna mai maimaitawa. PowerDNS Recursor an gina shi akan tushe guda ɗaya kamar PowerDNS Izini Server, amma PowerDNS recursive da masu ikon sabobin DNS ana haɓaka su ta hanyoyi daban-daban na haɓakawa kuma ana fitar da su azaman samfuran daban. Lambar aikin mai lasisi a ƙarƙashin GPLv2.
Sabuwar sigar tana kawar da duk batutuwan da suka shafi sarrafa fakitin DNS tare da tutocin EDNS. Tsofaffin sigogin PowerDNS Recursor kafin 2016 suna da al'adar yin watsi da fakiti tare da tutocin EDNS mara tallafi ba tare da aika amsa a cikin tsohon tsari ba, watsar da tutocin EDNS kamar yadda ƙayyadaddun ya buƙata. A baya can, ana samun goyan bayan wannan dabi'ar da ba ta dace ba a cikin BIND ta hanyar aiki, amma a cikin iyakokin a cikin ayyukan Fabrairu , Masu haɓaka uwar garken DNS sun yanke shawarar yin watsi da wannan hack.
A cikin PowerDNS, an kawar da manyan matsalolin sarrafa fakiti tare da EDNS a cikin 2017 a cikin saki 4.1, kuma a cikin reshe na 2016 da aka saki a cikin 4.0, rashin daidaituwa na mutum ya tashi wanda ya taso a ƙarƙashin wasu yanayi kuma, gabaɗaya, kada ku tsoma baki tare da al'ada. aiki. A cikin PowerDNS Recursor 4.2, kamar a cikin , Cire wuraren aiki don tallafawa sabar masu iko waɗanda ba daidai ba suna amsa buƙatun tare da tutocin EDNS. Har zuwa yanzu, idan bayan aika buƙatu tare da tutocin EDNS babu amsa bayan wani ɗan lokaci, uwar garken DNS ta ɗauka cewa ba a tallafawa tutoci masu tsayi kuma sun aika buƙatu ta biyu ba tare da tutocin EDNS ba. An kashe wannan halin yanzu yayin da wannan lambar ta haifar da ƙara jinkiri saboda sake aikawa da fakiti, ƙara yawan nauyin cibiyar sadarwa da rashin fahimta lokacin da ba a amsa ba saboda gazawar cibiyar sadarwa, kuma ya hana aiwatar da abubuwan da ke tushen EDNS irin su Kukis na DNS don kare kariya daga hare-haren DDoS.
An yanke shawarar gudanar da taron a shekara mai zuwa tsara don mayar da hankali a kan tare da rarrabuwar IP lokacin sarrafa manyan saƙonnin DNS. A matsayin wani bangare na shirin gyara madaidaitan buffer da aka ba da shawarar don EDNS zuwa 1200 bytes, kuma Gudanar da buƙatun ta hanyar TCP abu ne na dole ne ya kasance a kan sabobin. Yanzu ana buƙatar tallafi don buƙatun sarrafawa ta hanyar UDP, kuma TCP yana da kyawawa, amma ba a buƙata don aiki (misali yana buƙatar ikon musaki TCP). An ba da shawarar cire zaɓi don musaki TCP daga ma'auni kuma daidaita sauye-sauye daga aika buƙatun akan UDP zuwa amfani da TCP a lokuta inda kafaffen buffer na EDNS bai isa ba.
Canje-canjen da aka gabatar a matsayin wani ɓangare na shirin zai kawar da rudani tare da zaɓar girman buffer na EDNS da kuma magance matsalar rarrabuwar manyan saƙonnin UDP, wanda sarrafa shi sau da yawa yakan haifar da asarar fakiti da lokaci a gefen abokin ciniki. A gefen abokin ciniki, girman buffer na EDNS zai kasance akai-akai kuma za a aika da manyan martani nan da nan ga abokin ciniki akan TCP. Gujewa aika manyan saƙonni akan UDP shima zai baka damar toshewa don guba cache na DNS, dangane da magudin fakitin UDP masu ɓarna (lokacin da aka raba cikin gutsuttsauran ra'ayi, guntu na biyu ba ya haɗa da taken da mai ganowa, don haka ana iya ƙirƙira shi, wanda ya isa kawai don checksum ya dace) .
PowerDNS Recursor 4.2 yayi la'akari da matsaloli tare da manyan fakitin UDP kuma ya canza zuwa amfani da girman buffer na EDNS (edns-outgoing-bufsize) na 1232 bytes, maimakon iyakar da aka yi amfani da shi a baya na 1680 bytes, wanda yakamata ya rage yiwuwar rasa fakitin UDP. . An zaɓi ƙimar 1232 saboda ita ce matsakaicin girman girman amsawar DNS, la'akari da IPv6, ya dace da mafi ƙarancin ƙimar MTU (1280). Hakanan an rage darajar siginar-ƙofa, wanda ke da alhakin yanke martani ga abokin ciniki, zuwa 1232.
Sauran canje-canje a cikin PowerDNS Recursor 4.2:
- Ƙara goyon bayan inji (X-Proxied-For), wanda shine DNS daidai da taken X-Forwarded-For HTTP, yana ba da damar bayanai game da adireshin IP da lambar tashar jiragen ruwa na ainihin mai nema ta hanyar wakilai na tsaka-tsaki da masu daidaita kaya (kamar dnsdist) . Don kunna XPF akwai zaɓuɓɓuka""Kuma"";
- Ingantattun tallafi don tsawaita EDNS (ECS), wanda ke ba ku damar watsawa a cikin tambayoyin DNS zuwa bayanan uwar garken DNS mai iko game da rukunin yanar gizon da aka gurbata buƙatun farko da aka watsa tare da sarkar (bayanai game da subnet ɗin tushen abokin ciniki ya zama dole don ingantaccen aiki na hanyoyin sadarwar abun ciki) . Sabuwar sakin yana ƙara saitunan don zaɓin sarrafawa akan amfani da EDNS Client Subnet: "» tare da jerin abubuwan rufe fuska na cibiyar sadarwa wanda za a yi amfani da IP don su a cikin ECS a buƙatun masu fita. Don adiresoshin da ba su faɗi cikin takamaiman abin rufe fuska ba, babban adireshin da aka ƙayyade a cikin umarnin "". Ta hanyar umarnin"»zaku iya ayyana ƙananan hanyoyin sadarwa waɗanda buƙatun masu shigowa tare da cikakkun ƙimar ECS ba za a maye gurbinsu ba;
- Don sabobin sarrafa buƙatun da yawa a sakan daya (fiye da dubu 100), umarnin "", wanda ke ƙayyade adadin zaren don karɓar buƙatun mai shigowa da rarraba su tsakanin zaren ma'aikaci (yana da ma'ana kawai lokacin amfani da"").
- Ƙara saitin don ayyana naku fayil da yankunan da masu amfani za su iya yin rajistar reshen yanki, maimakon jerin da aka gina a cikin Recursor PowerDNS.
Aikin PowerDNS kuma ya sanar da ƙaura zuwa tsarin ci gaba na wata shida, tare da babban fitowar PowerDNS Recursor 4.3 na gaba a cikin Janairu 2020. Za a haɓaka sabuntawa don mahimman sakewa a cikin shekara, bayan haka za a sake fitar da gyare-gyaren rashin lahani na wasu watanni shida. Don haka, goyan bayan reshen Recursor na PowerDNS 4.2 zai kasance har zuwa Janairu 2021. An yi irin waɗannan canje-canje na sake zagayowar ci gaba don PowerDNS Izini Server, wanda ake tsammanin zai saki 4.2 nan gaba.
Babban fasali na PowerDNS Recursor:
- Kayan aiki don tarin ƙididdiga masu nisa;
- Nan take sake farawa;
- Ingin da aka gina don haɗa masu aiki a cikin yaren Lua;
- Cikakken goyon bayan DNSSEC da ;
- Taimakawa ga RPZ (Yankunan Manufofin Amsa) da ikon ayyana baƙar fata;
- Hanyoyin hana zubar da ciki;
- Ikon yin rikodin sakamakon ƙuduri azaman fayilolin yankin BIND.
- Don tabbatar da babban aiki, ana amfani da hanyoyin haɗin haɗin kai na zamani a cikin FreeBSD, Linux da Solaris (kqueue, epoll, /dev/poll), da kuma babban fakitin fakitin DNS mai iya sarrafa dubun dubatar buƙatun layi ɗaya.
source: budenet.ru