saki na caching DNS uwar garken , da alhakin canza suna mai maimaitawa. PowerDNS Recursor an gina shi akan tushe guda ɗaya kamar PowerDNS Izini Server, amma PowerDNS recursive da masu ikon sabobin DNS ana haɓaka su ta hanyoyi daban-daban na haɓakawa kuma ana fitar da su azaman samfuran daban. Lambar aikin mai lasisi a ƙarƙashin GPLv2.
Sabar tana ba da kayan aiki don tarin ƙididdiga masu nisa, yana goyan bayan sake kunnawa nan take, yana da ingin ginannen ingin don haɗa masu aiki a cikin yaren Lua, yana goyan bayan DNSSEC, DNS64, RPZ (Yankunan Manufofin Amsa), kuma yana ba ku damar haɗa jerin sunayen baƙi. Yana yiwuwa a yi rikodin sakamakon ƙuduri azaman fayilolin yankin BIND. Don tabbatar da babban aiki, ana amfani da hanyoyin haɗin haɗin kai na zamani a cikin FreeBSD, Linux da Solaris (kqueue, epoll, /dev/poll), da kuma babban fakitin fakitin DNS mai iya sarrafa dubun dubatar buƙatun layi ɗaya.
A cikin sabon sigar:
- Don hana ɗumbin bayanai game da yankin da ake buƙata da ƙara sirri, ana kunna tsarin ta tsohuwa. (), aiki a cikin yanayin "natsuwa". Ma'anar tsarin shine cewa mai warwarewa baya ambaci cikakken sunan mai masaukin da ake so a cikin buƙatun sa zuwa uwar garken sunan sama. Misali, lokacin da aka tantance adireshin mai masaukin foo.bar.baz.com, mai warwarewa zai aika bukatar "QTYPE=NS,QNAME=baz.com" zuwa uwar garken mai iko na yankin ".com", ba tare da ambaton " foo.bar". A cikin tsari na yanzu, ana aiwatar da aikin a cikin yanayin "natsuwa".
- An aiwatar da ikon shigar da buƙatun masu fita zuwa uwar garken mai iko da amsa su cikin tsarin dnstap (don amfani, ana buƙatar ginawa tare da zaɓin “-enable-dnstap”).
- Ana ba da aiki guda ɗaya na buƙatun masu shigowa da yawa waɗanda aka watsa ta hanyar haɗin TCP, tare da mayar da sakamakon kamar yadda suke a shirye, kuma ba bisa tsari na buƙatun cikin layi ba. An ƙayyade iyakar buƙatun lokaci guda ta hanyar "".
- An aiwatar da dabara don bin diddigin sabbin yankuna (Newly Observed Domain), wanda za'a iya amfani dashi don gano wuraren da ake tuhuma ko yankunan da ke da alaƙa da ayyukan mugunta, kamar rarraba malware, shiga cikin phishing, da kuma amfani da su don sarrafa botnets. Hanyar ta dogara ne akan gano wuraren da ba a taɓa samun damar shiga ba da kuma nazarin waɗannan sabbin wuraren. Maimakon bin diddigin sabbin yankuna akan cikakken bayanan duk wuraren da aka taɓa gani, wanda ke buƙatar mahimman albarkatu don kiyayewa, NOD yana amfani da tsarin yuwuwar. (Stable Bloom Filter), wanda ke ba ku damar rage ƙwaƙwalwar ajiya da amfani da CPU. Don kunna shi, ya kamata ku saka "new-domain-tracking=ee" a cikin saitunan.
- Lokacin da yake gudana ƙarƙashin systemd, tsarin Recursor PowerDNS yanzu yana gudana ƙarƙashin pdns-recursor mai amfani mara gata maimakon tushen. Don tsarin ba tare da tsarin ba kuma ba tare da chroot ba, tsohuwar jagorar don adana soket ɗin sarrafawa da fayil ɗin pid yanzu /var/run/pdns-recursor.
Bugu da ƙari, saki , uwar garken DNS mai iko mai girma (an ƙirƙira mai maimaitawa azaman aikace-aikacen daban) wanda ke goyan bayan duk fasalulluka na DNS na zamani. Ana haɓaka aikin ta hanyar rajistar sunan Czech CZ.NIC, wanda aka rubuta a cikin C da mai lasisi a ƙarƙashin GPLv3.
KnotDNS yana bambanta ta hanyar mayar da hankali kan aiwatar da aikin tambaya mai girma, wanda yake amfani da aiwatar da zaren da yawa kuma galibi ba tare da toshewa ba wanda ke da kyau akan tsarin SMP. Siffofin kamar ƙarawa da share yankuna a kan tashi, canja wurin yankuna tsakanin sabobin, DDNS (sabuntawa mai ƙarfi), NSID (RFC 5001), EDNS0 da DNSSEC kari (ciki har da NSEC3), iyakance ƙimar amsawa (RRL).
A cikin sabon saki:
- Ƙara saitin 'remote.block-notify-after-transfer' don kashe aika saƙonnin SANARWA;
- Aiwatar da goyan bayan gwaji don Ed448 algorithm a cikin DNSSE (yana buƙatar GnuTLS 3.6.12+ kuma ba a sake shi ba tukuna. );
- An ƙara ma'aunin 'local-serial' a cikin keymgr don samun ko saita lambar SOA don yankin da aka sanya hannu a cikin bayanan KASP;
- Ƙara tallafi don shigo da maɓallan Ed25519 da Ed448 a cikin tsarin sabar DNS BIND zuwa keymgr;
- An ƙara saitunan 'server.tcp-io-timeout' na asali zuwa 500 ms kuma 'database.journal-db-max-size' an rage zuwa 512 MiB akan tsarin 32-bit.
source: budenet.ru