ProHoster > Блог > ozi ịntanetị > A tọhapụrụ sava DNS 9.16.0

A tọhapụrụ sava DNS 9.16.0

Mgbe ọnwa 11 nke mmepe gasịrị, ISC consortium webatara Ntọhapụ kwụsiri ike nke mbụ nke ngalaba ọhụrụ dị mkpa nke sava BIND 9.16 DNS. A ga-enye nkwado maka alaka 9.16 ruo afọ atọ ruo nkeji nke abụọ nke 2 dịka akụkụ nke usoro nkwado agbatị. Mmelite maka ngalaba LTS gara aga 2023 ga-aga n'ihu na-ewepụta ruo Disemba 9.11. Nkwado maka alaka 2021 ga-akwụsị n'ime ọnwa atọ.

Main ihe ọhụrụ:

  • agbakwunyere KASP (Igodo na iwu nbanye), ụzọ dị mfe iji jikwaa igodo DNSSEC na mbinye aka dijitalụ, dabere na iwu ntọala akọwapụtara site na iji ntuziaka “dnssec-policy”. Ntuziaka a na-enye gị ohere ịhazi ọgbọ nke igodo ọhụrụ dị mkpa maka mpaghara DNS yana ngwa akpaka nke igodo ZSK na KSK.
  • Emezigharịrị sistemụ netwọkụ ahụ nke ọma wee gbanwee gaa na usoro nhazi arịrịọ asynchronous nke etinyere na ya dabere na ọba akwụkwọ. libuv.
    Nrụgharị ahụ arụpụtabeghị mgbanwe ọ bụla a na-ahụ anya, mana na mwepụta n'ọdịnihu ọ ga-enye ohere iji mejuputa ụfọdụ njikarịcha arụmọrụ dị ịrịba ama ma gbakwunye nkwado maka ụkpụrụ ọhụrụ dị ka DNS n'elu TLS.

  • Mma usoro maka ijikwa DNSSEC ntụkwasị obi arịlịka (Trust arịlịka, a ọha igodo kegidere a mpaghara iji nyochaa eziokwu nke a mpaghara). Kama ntọala igodo ntụkwasị obi na igodo jikwaa, nke emebiela ugbu a, atụpụtala ntuziaka ntụkwasị obi-arịlịka nke ga-enye gị ohere ijikwa ụdị igodo abụọ ahụ.

    Mgbe ị na-eji arịlịka ntụkwasị obi nwere mkpụrụokwu mbido, omume nke ntuziaka a bụ otu igodo jisiri ike, ya bụ. na-akọwa ntọala arịlịka ntụkwasị obi dịka RFC 5011 si dị. Mgbe ị na-eji okwu ntụkwasị obi-arịlịka na isiokwu static-key, omume ahụ dabara na ntuziaka igodo ntụkwasị obi, ya bụ. na-akọwa igodo na-adịgide adịgide nke anaghị emelite ozugbo. Trust-anchors na-enyekwa mkpụrụokwu abụọ ọzọ, initial-ds na static-ds, nke na-enye gị ohere iji arịlịka ntụkwasị obi na usoro. DS (Onye ntinye aka) kama DNSKEY, nke na-eme ka o kwe omume ịhazi njigide maka igodo na-ebipụtabeghị (nzukọ IANA na-ezube iji usoro DS maka igodo mpaghara isi n'ọdịnihu).

  • Agbakwunyela nhọrọ “+yaml” na akụrụngwa igwu, mdig na delv maka mmepụta na usoro YAML.
  • Agbakwunyela nhọrọ "+[enweghị] a na-atụghị anya ya" na akụrụngwa igwu, na-enye ohere ịnweta nzaghachi sitere na ndị ọbịa na-abụghị sava nke ezigara arịrịọ ahụ.
  • Agbakwunyere "+[no]expandaaaa" nhọrọ iji gwuo ọrụ, nke na-eme ka egosi adreesị IPv6 na ndekọ AAAA na nnochite anya 128-bit zuru ezu, karịa n'ụdị RFC 5952.
  • Agbakwunyere ikike ịgbanwee otu ọwa ọnụ ọgụgụ.
  • A na-emepụta ndekọ DS na CDS ugbu a naanị na SHA-256 hashes (a kwụsịrị ọgbọ dabere na SHA-1).
  • Maka kuki DNS (RFC 7873), algọridim ndabara bụ SipHash 2-4, na nkwado maka HMAC-SHA akwụsịla (AES ka edobere).
  • A na-ezigara mmepụta nke dnssec-signzone na dnssec-verify iwu ugbu a na mmepụta ọkọlọtọ (STDOUT), na naanị njehie na ịdọ aka ná ntị ka a na-ebipụta na STDERR (nhọrọ -f na-ebipụtakwa mpaghara mbinye aka). Agbakwunyela nhọrọ "-q" iji mebie mmepụta.
  • The DNSSEC nkwado koodu e reworked iji kpochapụ koodu mbiputegharị na ndị ọzọ subsystems.
  • Iji gosi ọnụ ọgụgụ n'ụdị JSON, naanị ọba akwụkwọ JSON-C ka enwere ike iji ugbu a. Nhọrọ nhazi "-with-libjson" ka ahagharịrị ka ọ bụrụ "-with-json-c".
  • Edemede nhazi ahụ anaghịzi adaba na "--sysconfdir" na /etc na "-localstatedir" na / var ma ọ bụrụ na akọwapụtara "--prefix". Ụzọ ndabara bụ $prefix/etc na $prefix/var, dị ka ejiri ya na Autoconf.
  • Koodu ewepụrụ na-emejuputa ọrụ DLV (Ngalaba Look-side Verification, nhọrọ dnssec-lookaside), nke kwụsịrị na BIND 9.12, yana onye njikwa dlv.isc.org nwere nkwarụ na 2017. Iwepụ DLV ndị ahụ tọhapụrụ koodu BIND na nsogbu ndị na-adịghị mkpa.

isi: opennet.ru

Tinye a comment