ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > BIND DNS Server 9.16.0 Tso tawm

BIND DNS Server 9.16.0 Tso tawm

Tom qab 11 lub hlis ntawm txoj kev loj hlob, lub koom haum ISC tswvcuab Thawj qhov ruaj khov tso tawm ntawm ceg tshiab tseem ceeb ntawm BIND 9.16 DNS server. Kev them nyiaj yug rau ceg 9.16 yuav muab rau peb xyoos txog rau lub quarter thib ob ntawm 2 raws li ib feem ntawm kev txhawb nqa txuas ntxiv. Kev hloov tshiab rau yav dhau los LTS ceg 2023 yuav txuas ntxiv tso tawm kom txog rau thaum Lub Kaum Ob Hlis 9.11. Kev them nyiaj yug rau ceg 2021 yuav xaus rau hauv peb lub hlis.

ntsiab kev tsim kho tshiab:

  • Ntxiv KASP (Key thiab Kos Npe Txoj Cai), ib txoj hauv kev yooj yim los tswj DNSSEC cov yuam sij thiab kos npe digital, raws li kev teeb tsa cov cai tau teev tseg siv "dnssec-policy" cov lus qhia. Cov lus qhia no tso cai rau koj los teeb tsa cov cim tshiab tsim nyog rau thaj chaw DNS thiab tsis siv neeg thov ZSK thiab KSK cov yuam sij.
  • Lub network subsystem tau raug kho dua tshiab thiab hloov mus rau qhov kev thov asynchronous txheej txheem ua raws li lub tsev qiv ntawv libuv.
    Kev rov ua haujlwm tseem tsis tau ua rau muaj kev hloov pauv pom, tab sis hauv kev tshaj tawm yav tom ntej nws yuav muab lub sijhawm los siv qee qhov kev ua tau zoo tshaj plaws thiab ntxiv kev txhawb nqa rau cov txheej txheem tshiab xws li DNS dhau TLS.

  • Cov txheej txheem txhim kho rau kev tswj hwm DNSSEC kev ntseeg siab anchors (Trust anchor, pej xeem tus yuam sij khi rau ib cheeb tsam los xyuas qhov tseeb ntawm cheeb tsam no). Hloov chaw ntawm kev ntseeg siab-cov yuam sij thiab kev tswj hwm-cov yuam sij, uas tam sim no tsis lees paub, tsab ntawv qhia kev ntseeg siab tshiab tau raug thov uas tso cai rau koj tswj hwm ob hom yuam sij.

    Thaum siv kev ntseeg siab-txiav nrog cov lus tseem ceeb thawj zaug, tus cwj pwm ntawm cov lus qhia no zoo ib yam rau cov yuam sij tswj, i.e. txhais cov kev ntseeg ruaj khov kho raws li RFC 5011. Thaum siv kev ntseeg siab-txheej txheem nrog cov lo lus tseem ceeb zoo li qub, tus cwj pwm sib raug rau cov lus qhia kev ntseeg siab, i.e. txhais tus yuam sij tsis tu ncua uas tsis tau hloov kho tshiab. Trust-anchors tseem muaj ob lo lus tseem ceeb ntxiv, pib-ds thiab zoo li qub-ds, uas tso cai rau koj siv kev ntseeg siab anchors hauv hom DS (Delegation Signer) es tsis txhob DNSKEY, uas ua rau nws muaj peev xwm los teeb tsa kev khi rau cov yuam sij uas tseem tsis tau luam tawm (lub koom haum IANA npaj yuav siv DS hom rau cov yuam sij hauv cheeb tsam yav tom ntej).

  • Qhov kev xaiv "+yaml" tau ntxiv rau qhov khawb, mdig thiab delv cov khoom siv rau cov zis hauv YAML hom.
  • Qhov kev xaiv "+[tsis muaj] npaj txhij txog" tau ntxiv rau hauv kev siv hluav taws xob, tso cai rau kev txais tos cov lus teb los ntawm cov tswv uas tsis yog lub server uas qhov kev thov raug xa mus.
  • Ntxiv "+[no]expandaaaa" kev xaiv los khawb qhov hluav taws xob, uas ua rau IPv6 chaw nyob hauv AAAA cov ntaub ntawv yuav tsum tau pom nyob rau hauv tag nrho 128-ntsis sawv cev, tsis yog hauv RFC 5952 hom.
  • Ntxiv lub peev xwm los hloov pab pawg ntawm kev txheeb cais raws.
  • DS thiab CDS cov ntaub ntawv tam sim no tsuas yog tsim los ntawm SHA-256 hashes (tiam raws li SHA-1 tau raug txiav lawm).
  • Rau DNS ncuav qab zib (RFC 7873), lub neej ntawd algorithm yog SipHash 2-4, thiab kev txhawb nqa rau HMAC-SHA tau raug txiav tawm (AES yog khaws cia).
  • Cov zis ntawm dnssec-signzone thiab dnssec-tshwj xeeb cov lus txib tam sim no raug xa mus rau cov qauv tso zis (STDOUT), thiab tsuas yog qhov yuam kev thiab cov lus ceeb toom raug luam tawm rau STDERR (qhov kev xaiv -f kuj luam tawm thaj tsam kos npe). Qhov kev xaiv "-q" tau muab ntxiv rau mute cov zis.
  • DNSSEC validation code tau raug rov ua haujlwm kom tshem tawm cov lej duplication nrog lwm cov subsystems.
  • Txhawm rau tso saib cov txheeb cais hauv JSON hom, tsuas yog lub tsev qiv ntawv JSON-C tam sim no siv tau. Cov kev xaiv configure "--with-libjson" tau renamed rau "--with-json-c".
  • Lub configure tsab ntawv tsis tas ua rau "--sysconfdir" hauv /etc thiab "--localstatedir" hauv /var tshwj tsis yog "--prefix" tau teev tseg. Tam sim no txoj hauv kev yog $prefix/etc thiab $prefix/var, raws li siv hauv Autoconf.
  • Tshem tawm cov cai siv DLV (Domain Look-aside Verification, dnssec-lookaside xaiv) kev pabcuam, uas tau txiav txim siab hauv BIND 9.12, thiab tus neeg ua haujlwm dlv.isc.org cuam tshuam tau raug kaw hauv 2017. Tshem tawm DLVs tso cai BIND code los ntawm cov teeb meem tsis tsim nyog.

Tau qhov twg los: opennet.ru

Ntxiv ib saib