Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Seva ya DHCP Kea 1.6, yopangidwa ndi ISC consortium, yasindikizidwa

Seva ya DHCP Kea 1.6, yopangidwa ndi ISC consortium, yasindikizidwa

ISC Consortium lofalitsidwa Kutulutsidwa kwa seva ya DHCP gawo 1.6.0, m'malo mwa ISC DHCP yapamwamba. Magwero a polojekiti kufalitsa pansi pa chilolezo License ya Mozilla Public (MPL) 2.0, m'malo mwa License ya ISC yomwe idagwiritsidwa ntchito kale pa ISC DHCP.

Seva ya Kea DHCP idakhazikitsidwa pa BIND 10 ndi anamanga kugwiritsa ntchito modular zomangamanga, zomwe zikutanthauza kugawa magwiridwe antchito munjira zosiyanasiyana za purosesa. Chogulitsacho chimaphatikizapo kukhazikitsidwa kwa seva kwathunthu ndi chithandizo cha ma protocol a DHCPv4 ndi DHCPv6, omwe amatha kusintha ISC DHCP. Kea ali ndi zida zomangira zosinthira ma DNS zones (Dynamic DNS), imathandizira njira zopezera ma seva, kugawa ma adilesi, kukonzanso ndi kulumikizanso, kutumiza zopempha zazidziwitso, kusunga maadiresi a makamu, ndi kuyambitsa kwa PXE. Kukhazikitsa kwa DHCPv6 kumaperekanso kuthekera kopereka ma prefixes. API yapadera imaperekedwa kuti igwirizane ndi ntchito zakunja. Ndizotheka kusintha kasinthidwe pa ntchentche popanda kuyambitsanso seva.

Zambiri zokhudzana ndi ma adilesi operekedwa ndi magawo a kasitomala zitha kusungidwa m'mitundu yosiyanasiyana yosungira - zomwe zili m'mbuyo pano zimaperekedwa kuti zisungidwe mu mafayilo a CSV, MySQL DBMS, Apache Cassandra ndi PostgreSQL. Zosungirako zosungira alendo zitha kufotokozedwa mufayilo yosinthira mumtundu wa JSON kapena monga tebulo mu MySQL ndi PostgreSQL. Zimaphatikizapo chida cha perfdhcp choyezera momwe seva ya DHCP ikugwirira ntchito ndi zigawo zake zosonkhanitsa ziwerengero. Kea akuwonetsa ntchito yabwino, mwachitsanzo, pogwiritsa ntchito MySQL backend, seva imatha kuchita ma adilesi a 1000 pamphindikati (pafupifupi mapaketi a 4000 pamphindikati), ndipo pogwiritsira ntchito memfile backend, magwiridwe antchito amafikira magawo 7500 pamphindikati.

Seva ya DHCP Kea 1.6, yopangidwa ndi ISC consortium, yasindikizidwa

Chinsinsi kuwongolera mu Kea 1.6:

  • Kusintha kwa kasinthidwe (CB, Configuration Backend) kwakhazikitsidwa, kukulolani kuti muzitha kuyang'anira makonda a ma seva angapo a DHCPv4 ndi DHCPv6. Kumbuyo kumatha kugwiritsidwa ntchito kusungirako makonda ambiri a Kea, kuphatikiza zosintha zapadziko lonse lapansi, maukonde ogawana, ma subnets, zosankha, maiwe, ndi matanthauzidwe osankha. M'malo mosunga zosintha zonsezi mufayilo yokonzekera kwanuko, zitha kuyikidwa mu database yakunja. Pankhaniyi, ndizotheka kudziwa osati zonse, koma makonda ena kudzera mu CB, magawo opitilira kuchokera pankhokwe yakunja ndi mafayilo amasinthidwe am'deralo (mwachitsanzo, zosintha zapaintaneti zitha kusiyidwa m'mafayilo am'deralo).

    Pa ma DBMS osungirako kusungirako, MySQL yokha ndiyomwe imathandizidwa (MySQL, PostgreSQL ndi Cassandra zingagwiritsidwe ntchito kusungirako ma adilesi omwe amapatsidwa (leases), ndipo MySQL ndi PostgreSQL zingagwiritsidwe ntchito kusunga makamu). Kukonzekera mu database kungasinthidwe mwina kudzera mwachindunji ku DBMS kapena kudzera m'malaibulale osanjikiza okonzedwa mwapadera omwe amapereka malamulo oyendetsera kasinthidwe, monga kuwonjezera ndi kuchotsa magawo, zomangira, zosankha za DHCP ndi ma subnets;

  • Anawonjezera gulu latsopano la "DROP" lothandizira (mapaketi onse okhudzana ndi gulu la DROP amachotsedwa nthawi yomweyo), omwe angagwiritsidwe ntchito kugwetsa magalimoto osafunika, mwachitsanzo, mitundu ina ya mauthenga a DHCP;
  • Ma parameters atsopano max-lease-time ndi min-lease-time awonjezedwa, kukulolani kuti mudziwe nthawi ya moyo wa adiresi yomwe imamangiriza kasitomala (kubwereketsa) osati ngati mtengo wamtengo wapatali, koma mu mawonekedwe a mtundu wovomerezeka;
  • Kugwirizana kwabwino ndi zida zomwe sizigwirizana kwathunthu ndi miyezo ya DHCP. Kuti athetse vutoli, Kea tsopano akutumiza mauthenga amtundu wa DHCPv4 kumayambiriro kwenikweni kwa mndandanda wa zosankha, amayang'anira maonekedwe osiyanasiyana a mayina a alendo, amazindikira kutumiza kwa dzina lachidziwitso lopanda kanthu, ndipo amalola kuti ma code 0 kupyolera mu 255 afotokozedwe;
  • Soketi yolamulira yosiyana yawonjezedwa kwa DDNS daemon, momwe mungatumizire mwachindunji malamulo ndikusintha kasinthidwe. Malamulo otsatirawa amathandizidwa: build-report, config-get, config-reload, config-set, config-test, config-write, list-commands, shutdown ndi version-get;
  • Zathetsedwa zofooka (CVE-2019-6472, CVE-2019-6473, CVE-2019-6474), yomwe ingagwiritsidwe ntchito kuyambitsa kukana ntchito (kuyambitsa kuwonongeka kwa DHCPv4 ndi DHCPv6 osamalira seva) potumiza zopempha ndi zosankha zolakwika ndi makhalidwe. Choopsa chachikulu ndi vuto SVE-2019-6474, yomwe, ikagwiritsidwa ntchito posungirako memfile yomangiriza, imapangitsa kuti zikhale zosatheka kuyambiranso ntchito ya seva payokha, kotero kuti kulowetsedwa kwamanja ndi woyang'anira (kuyeretsa database yomangiriza) kumafunika kubwezeretsa ntchito.

Source: opennet.ru

Kuwonjezera ndemanga