🥇PowerDNS Recursor 4.2 kutulutsidwa ndi tsiku la mbendera la DNS 2020

Patapita chaka ndi theka chitukuko zoperekedwa kumasulidwa kwa caching DNS seva Mphamvu ya PowerDNS 4.2, yomwe ili ndi udindo wotembenuza dzina lobwerezabwereza. PowerDNS Recursor imamangidwa pama code omwewo monga PowerDNS Authoritative Server, koma ma seva a PowerDNS obwereza komanso ovomerezeka a DNS amapangidwa kudzera mumayendedwe osiyanasiyana achitukuko ndipo amamasulidwa ngati zinthu zosiyana. Project kodi wogawidwa ndi zololedwa pansi pa GPLv2.

Mtundu watsopanowu umachotsa nkhani zonse zokhudzana ndi kukonza mapaketi a DNS okhala ndi mbendera za EDNS. Mabaibulo akale a PowerDNS Recursor isanafike 2016 anali ndi chizoloŵezi chonyalanyaza mapaketi okhala ndi mbendera za EDNS zosagwiritsidwa ntchito popanda kutumiza yankho mumtundu wakale, kutaya mbendera za EDNS monga momwe zimafunira. M'mbuyomu, khalidwe losavomerezekali linkathandizidwa mu BIND mu mawonekedwe a workaround, koma mkati mwa zidachitidwa mu February zoyeserera Tsiku la mbendera ya DNS, Opanga seva ya DNS adaganiza zosiya kuthyolako uku.

Mu PowerDNS, zovuta zazikulu pakukonza mapaketi ndi EDNS zidathetsedwa mchaka cha 2017 pakumasulidwa 4.1, ndipo mu nthambi ya 2016 yomwe idatulutsidwa mu 4.0, kusagwirizana kwapayekha kudawoneka komwe kumachitika pazifukwa zina ndipo, mwachidziwikire, sikusokoneza zachilendo. ntchito. Mu PowerDNS Recursor 4.2, monga mu PANGANI 9.14, Kuchotsa ntchito zothandizira ma seva ovomerezeka omwe amayankha molakwika zopempha ndi mbendera za EDNS. Mpaka pano, ngati pambuyo potumiza pempho ndi mbendera za EDNS panalibe yankho pambuyo pa nthawi inayake, seva ya DNS inaganiza kuti mbendera zowonjezera sizinathandizidwe ndikutumiza pempho lachiwiri popanda mbendera za EDNS. Khalidweli tsopano lalephereka chifukwa kachidindo kameneka kamapangitsa kuti pakhale latency yowonjezereka chifukwa cha kubwezeredwa kwa paketi, kuwonjezeka kwa maukonde ndi kusamveka bwino pamene osayankha chifukwa cha kulephera kwa intaneti, ndikulepheretsa kukhazikitsidwa kwa zinthu za EDNS monga DNS Cookies kuteteza ku DDoS.

Zaganiziridwa kuti zichitike chaka chamawa Tsiku la mbendera ya DNS 2020opangidwa kuti aziika chidwi chisankho mavuto ndi kugawanika kwa IP pokonza mauthenga akuluakulu a DNS. Monga gawo loyambira anakonza konzani miyeso yovomerezeka ya EDNS ku 1200 byte, ndi tanthauzira kukonza zopempha kudzera pa TCP ndizofunikira pa seva. Tsopano kuthandizira zopempha zothandizira kudzera pa UDP ndizofunikira, ndipo TCP ndiyofunikira, koma sikufunika kuti igwire ntchito (muyezo umafuna kutha kuletsa TCP). Ikukonzedwa kuti ichotse mwayi woletsa TCP kuchokera ku muyezo ndikuwongolera kusintha kuchokera kutumiza zopempha pa UDP kugwiritsa ntchito TCP munthawi yomwe kukula kwa buffer kwa EDNS sikukwanira.

Zosintha zomwe zaperekedwa ngati gawo lazoyambira zidzathetsa chisokonezo posankha kukula kwa buffer ya EDNS ndikuthetsa vuto la kugawikana kwa mauthenga akuluakulu a UDP, kukonzedwa komwe nthawi zambiri kumabweretsa kutayika kwa paketi ndi kutha kwa nthawi kwa kasitomala. Kumbali ya kasitomala, kukula kwa buffer kwa EDNS kudzakhala kosasintha ndipo mayankho akulu adzatumizidwa nthawi yomweyo kwa kasitomala pa TCP. Kupewa kutumiza mauthenga akuluakulu pa UDP kudzakulolani kuti mutseke kuwukira Kupha poyizoni ya DNS cache, kutengera kusintha kwa mapaketi a UDP ogawanika (pamene agawanika kukhala zidutswa, chidutswa chachiwiri sichimaphatikizapo mutu wokhala ndi chizindikiritso, kotero chikhoza kupangidwa, chomwe chimakwanira kuti cheki chifanane) .

PowerDNS Recursor 4.2 imaganizira mavuto ndi mapaketi akuluakulu a UDP ndikusintha kugwiritsa ntchito kukula kwa EDNS buffer (edns-outgoing-bufsize) ya 1232 bytes, m'malo mwa malire omwe amagwiritsidwa ntchito kale a 1680 bytes, omwe ayenera kuchepetsa kwambiri mwayi wotaya mapaketi a UDP. . Mtengo wa 1232 unasankhidwa chifukwa ndipamwamba kwambiri pomwe kukula kwa yankho la DNS, poganizira IPv6, kumagwirizana ndi mtengo wocheperako wa MTU (1280). Mtengo wa truncation-threshold parameter, womwe umayang'anira kuchepetsa mayankho kwa kasitomala, watsitsidwanso mpaka 1232.

Zosintha zina mu PowerDNS Recursor 4.2:

Thandizo la makina owonjezera XPF (X-Proxied-For), yomwe ndi DNS yofanana ndi mutu wa X-Forwarded-For HTTP, kulola zambiri za adilesi ya IP ndi nambala ya doko ya wopemphayo kuti atumizidwe kudzera mwa ma proxies apakatikati ndi zolemetsa (monga dnsdist) . Kuti mutsegule XPF pali zosankha "xpf-lolani-kuchokera"Ndipo"xpf-rr-kodi";
Thandizo lokwezeka la EDNS yowonjezera Client Subnet (ECS), yomwe imakulolani kuti mutumize mafunso mu DNS ku seva yovomerezeka ya DNS yokhudzana ndi subnet yomwe pempho loyambirira lomwe lidatumizidwa pa unyolo lidayikidwapo poizoni (deta yokhudzana ndi gwero la kasitomala ndiyofunikira kuti mugwiritse ntchito bwino maukonde operekera zinthu) . Kutulutsidwa kwatsopano kumawonjezera zoikamo pakuwongolera kosankha pakugwiritsa ntchito EDNS Client Subnet: "ecs-add-for» ndi mndandanda wa masks a netiweki omwe IP idzagwiritsidwa ntchito mu ECS pazopempha zomwe zatuluka. Kwa ma adilesi omwe sagwera mkati mwa masks omwe atchulidwa, adilesi yonse yomwe yafotokozedwa mu malangizo "ecs-scope-zero-adilesi". Kudzera mu malangizo "gwiritsani ntchito-incoming-edns-subnet»mutha kufotokozera ma subnets omwe zopempha zomwe zikubwera zodzaza ndi ECS sizidzasinthidwa;
Kwa maseva omwe akukonza zopempha zambiri pamphindikati (zoposa 100 zikwi), malangizo "distributor- threads", yomwe imatsimikizira kuchuluka kwa ulusi wolandira zopempha zomwe zikubwera ndikuzigawa pakati pa ulusi wa antchito (zimakhala zomveka pokhapokha mukugwiritsa ntchito "pdns-distributes-queries=inde").
Makonda owonjezera public-suffix-list-file kutanthauzira fayilo yanu ndi mndandanda wa ma suffixes onse madera omwe ogwiritsa ntchito amatha kulembetsa ma subdomain awo, m'malo mwa mndandanda womwe wamangidwa mu PowerDNS Recursor.

Pulojekiti ya PowerDNS idalengezanso za kusuntha kwachitukuko cha miyezi isanu ndi umodzi, ndikutulutsa kotsatira kwa PowerDNS Recursor 4.3 komwe kukuyembekezeka mu Januware 2020. Zosintha pazotulutsa zazikulu zidzapangidwa chaka chonse, pambuyo pake zosintha zosatetezeka zidzatulutsidwa kwa miyezi ina isanu ndi umodzi. Chifukwa chake, kuthandizira kwa nthambi ya PowerDNS Recursor 4.2 kupitilira mpaka Januware 2021. Kusintha kofananira kwachitukuko kwapangidwa kwa PowerDNS Authoritative Server, yomwe ikuyembekezeka kumasula 4.2 posachedwa.

Zina zazikulu za PowerDNS Recursor:

Zida zosonkhanitsira ziwerengero zakutali;
Kuyambitsanso pompopompo;
Injini yomangidwira yolumikizira zogwirira ntchito muchilankhulo cha Lua;
Thandizo lathunthu la DNSSEC ndi DNS64;
Thandizo la RPZ (Magawo a Mayankho a Mayankho) ndikutha kufotokozera mindandanda yakuda;
Anti-spoofing njira;
Kutha kujambula zotsatira ngati BIND zone mafayilo.
Kuwonetsetsa kuti magwiridwe antchito apamwamba, njira zamakono zolumikizirana zolumikizira zimagwiritsidwa ntchito mu FreeBSD, Linux ndi Solaris (kqueue, epoll, /dev/poll), komanso pakiti yapaketi ya DNS yochita bwino kwambiri yomwe imatha kukonza makumi masauzande a zopempha zofanana.

Source: opennet.ru

Kutulutsidwa kwa PowerDNS Recursor 4.2 ndi DNS mbendera ya tsiku la 2020

Kuwonjezera ndemanga kuletsa reply