ProHoster > Блог > labaran intanet > An Saki Sabar Sabar DNS 9.16.0

An Saki Sabar Sabar DNS 9.16.0

Bayan watanni 11 na ci gaba, ƙungiyar ISC gabatar Bargawar sakin farko ta sabon reshe mai mahimmanci na uwar garken DNS 9.16 BIND. Za a ba da tallafi ga reshe na 9.16 na tsawon shekaru uku har zuwa kwata na 2nd na 2023 a matsayin wani ɓangare na ƙarin zagaye na tallafi. Sabuntawa na reshen LTS na baya 9.11 za a ci gaba da fitowa har zuwa Disamba 2021. Taimakon reshe 9.14 zai ƙare a cikin watanni uku.

Main sababbin abubuwa:

  • Ƙara KASP (Maɓallin Maɓalli da Manufofin Sa hannu), hanya mai sauƙi don sarrafa maɓallan DNSSEC da sa hannun dijital, dangane da saitin ƙa'idodin da aka ayyana ta amfani da umarnin "dnssec-policy". Wannan umarnin yana ba ku damar saita tsara sabbin maɓallan da suka dace don yankunan DNS da aikace-aikacen atomatik na maɓallan ZSK da KSK.
  • An sake fasalin tsarin cibiyar sadarwa sosai kuma an canza shi zuwa tsarin sarrafa buƙatun asynchronous wanda aka aiwatar dangane da ɗakin karatu. libuv.
    Sake aikin bai riga ya haifar da wasu canje-canje na bayyane ba, amma a cikin sakewa na gaba zai ba da damar aiwatar da wasu mahimman abubuwan ingantawa da ƙara goyan baya ga sabbin ka'idoji kamar DNS akan TLS.

  • Ingantaccen tsari don sarrafa amintattun anchors na DNSSEC (Trust anga, maɓalli na jama'a da ke daure zuwa yanki don tabbatar da sahihancin wannan yanki). Maimakon amintattun maɓallai da saitunan maɓallan da aka sarrafa, waɗanda a yanzu sun ƙare, an gabatar da sabon umarnin amintattu wanda zai ba ku damar sarrafa nau'ikan maɓallan biyu.

    Lokacin amfani da amintattun anka tare da maɓalli na farko, halayen wannan umarnin yayi kama da maɓallan sarrafawa, watau. yana bayyana saitin anka amana daidai da RFC 5011. Lokacin amfani da amintattun anka tare da maɓalli mai mahimmanci, halayen sun dace da umarnin amintattun maɓallan, watau. yana bayyana maɓalli mai tsayi wanda ba'a sabunta shi ta atomatik. Trust-anchors kuma yana ba da ƙarin kalmomi guda biyu, na farko-ds da static-ds, waɗanda ke ba ku damar amfani da amintattun anchors a cikin tsari. DS (Mai Sa hannu na Wakili) maimakon DNSKEY, wanda ke ba da damar saita ɗaurin maɓallan da ba a buga ba tukuna (ƙungiyar IANA tana shirin yin amfani da tsarin DS don maɓallin yanki na tsakiya a nan gaba).

  • An ƙara zaɓin "+yaml" zuwa kayan aikin tono, mdig da delv don fitarwa a tsarin YAML.
  • An ƙara zaɓin "+[ba] wanda ba'a tsammani" zuwa kayan aikin tono, yana ba da damar karɓar martani daga runduna ban da sabar da aka aika da buƙatar zuwa gare ta.
  • An ƙara zaɓin "+[no]expandaaaa" don tono mai amfani, wanda ke haifar da adiresoshin IPv6 a cikin bayanan AAAA don nunawa a cikakken wakilcin 128-bit, maimakon a cikin tsarin RFC 5952.
  • Ƙara ikon canza ƙungiyoyin tashoshi na ƙididdiga.
  • Ana samar da bayanan DS da CDS kawai bisa SHA-256 hashes (an daina tsarawa bisa SHA-1).
  • Don Kuki na DNS (RFC 7873), tsohuwar algorithm ita ce SipHash 2-4, kuma an dakatar da goyan bayan HMAC-SHA (ana riƙe AES).
  • Fitowar dnssec-signzone da dnssec-verify umarni ana aika yanzu zuwa daidaitaccen fitarwa (STDOUT), kuma kurakurai da gargaɗi kawai ana buga su zuwa STDERR (zaɓin -f shima yana buga yankin da aka sanya hannu). An ƙara zaɓin "-q" don kashe abin da aka fitar.
  • An sake yin aiki da lambar tabbatarwa ta DNSSEC don kawar da kwafin lambar tare da sauran tsarin aiki.
  • Don nuna ƙididdiga a tsarin JSON, ɗakin karatu na JSON-C kawai za a iya amfani da shi. Zaɓin daidaitawa "-with-libjson" an sake masa suna zuwa "-with-json-c".
  • Rubutun daidaitawa ba ya daina yin kuskure zuwa "--sysconfdir" a / sauransu da "--localstatedir" a cikin / var sai dai idan an ƙayyade "--prefix". Tsoffin hanyoyin yanzu sune $ prefix/etc da $ prefix/var, kamar yadda aka yi amfani da su a cikin Autoconf.
  • Lambar da aka cire tana aiwatar da sabis ɗin DLV (Tabbatar Duba-a gefen yanki, zaɓi dnssec-lookaside), wanda aka soke a BIND 9.12, kuma an kashe mai kula da dlv.isc.org a cikin 2017. Cire DLVs ya 'yantar da lambar BIND daga matsalolin da ba dole ba.

source: budenet.ru

Add a comment