Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa PowerDNS Recursor 4.3 ndi KnotDNS 2.9.3

Kutulutsidwa kwa PowerDNS Recursor 4.3 ndi KnotDNS 2.9.3

chinachitika kumasulidwa kwa caching DNS seva Mphamvu ya PowerDNS 4.3, yomwe ili ndi udindo wotembenuza dzina lobwerezabwereza. PowerDNS Recursor imamangidwa pama code omwewo monga PowerDNS Authoritative Server, koma ma seva a PowerDNS obwereza komanso ovomerezeka a DNS amapangidwa kudzera mumayendedwe osiyanasiyana achitukuko ndipo amamasulidwa ngati zinthu zosiyana. Project kodi wogawidwa ndi zololedwa pansi pa GPLv2.

Seva imapereka zida zosonkhanitsira ziwerengero zakutali, imathandizira kuyambiranso pompopompo, ili ndi injini yolumikizira yolumikizira othandizira m'chilankhulo cha Lua, imathandizira mokwanira DNSSEC, DNS64, RPZ (Magawo a Mayankho a Mayankho), ndikukulolani kuti mulumikizane ndi mindandanda yakuda. Ndi zotheka kulemba zotsatira kusamvana ngati owona BIND zone. Kuwonetsetsa kuti magwiridwe antchito apamwamba, njira zamakono zolumikizirana zikugwiritsidwa ntchito mu FreeBSD, Linux ndi Solaris (kqueue, epoll, /dev/poll), komanso pakiti yapaketi ya DNS yochita bwino kwambiri yomwe imatha kukonza makumi masauzande a zopempha zofanana.

Mu mtundu watsopano:

  • Pofuna kupewa kutayikira kwa chidziwitso chokhudza dera lomwe mwafunsidwa ndikuwonjezera zinsinsi, makinawa amathandizidwa mwachisawawa QNAME Kuchepetsa (Zamgululi), ikugwira ntchito mu "relax" mode. Chofunikira cha makinawa ndikuti wosankhayo samatchula dzina lathunthu la wolandila yemwe akufuna pazopempha zake ku seva yapamtunda yakumtunda. Mwachitsanzo, posankha adilesi ya host foo.bar.baz.com, wotsimikiza adzatumiza pempho "QTYPE=NS,QNAME=baz.com" ku seva yovomerezeka ya ".com" zone, osatchulapo " foo.bar". Mu mawonekedwe ake apano, ntchito ikugwiritsidwa ntchito mu "relax" mode.
  • Kutha kulowetsa zopempha zotuluka ku seva yovomerezeka ndi mayankho kwa iwo mumtundu wa dnstap kwakhazikitsidwa (kuti mugwiritse ntchito, kumanga ndi "-enable-dnstap" njira ikufunika).
  • Kukonza munthawi yomweyo zopempha zingapo zomwe zikubwera zomwe zimaperekedwa kudzera pa intaneti ya TCP zimaperekedwa, zotsatira zimabwezedwa momwe zilili zokonzeka, osati mwadongosolo la zopempha pamzere. Malire a zopempha nthawi imodzi amatsimikiziridwa ndi "max-concurrent-requests-per-tcp-connection".
  • Anakhazikitsa njira yotsata madera atsopano ZINTHU (Newly Observed Domain), yomwe ingagwiritsidwe ntchito kuzindikira madera okayikitsa kapena madambwe okhudzana ndi zochitika zoyipa, monga kugawa pulogalamu yaumbanda, kuchita nawo zachinyengo, komanso kugwiritsidwa ntchito popanga ma botnets. Njirayi imachokera pakuzindikira madera omwe sanapezekepo kale ndikusanthula madera atsopanowa. M'malo motsata madera atsopano motsutsana ndi nkhokwe yathunthu ya madera onse omwe adawonedwapo, omwe amafunikira zofunikira kuti asungidwe, NOD imagwiritsa ntchito njira yotheka. SBF (Stable Bloom Filter), yomwe imakupatsani mwayi wochepetsera kukumbukira komanso kugwiritsa ntchito CPU. Kuti muyitse, muyenera kutchula "new-domain-tracking=yes" pazokonda.
  • Mukamagwira ntchito pansi pa systemd, njira ya PowerDNS Recursor tsopano ikuyenda pansi pa pdns-recursor wogwiritsa ntchito m'malo mwa mizu. Kwa machitidwe opanda systemd komanso opanda chroot, chikwatu chosasinthika chosungira socket ndi pid file tsopano ndi /var/run/pdns-recursor.

Komanso, losindikizidwa kumasula KnotDNS 2.9.3, seva yovomerezeka ya DNS yogwira ntchito kwambiri (recursor idapangidwa ngati pulogalamu yosiyana) yomwe imathandizira zida zonse zamakono za DNS. Ntchitoyi ikupangidwa ndi Czech name registry CZ.NIC, yolembedwa mu C ndi wogawidwa ndi zololedwa pansi pa GPLv3.

KnotDNS imasiyanitsidwa ndi kuyang'ana kwake pakukonza kwamafunso apamwamba, komwe imagwiritsa ntchito njira zambiri komanso zosatsekereza zomwe zimayendera bwino pamakina a SMP. Zinthu monga kuwonjezera ndi kuchotsa madera pa ntchentche, kusamutsa madera pakati pa ma seva, DDNS (zosintha zosintha), NSID (RFC 5001), EDNS0 ndi DNSSEC zowonjezera (kuphatikiza NSEC3), kuchepetsa kuyankha (RRL) kumaperekedwa.

M'kutulutsa kwatsopano:

  • Anawonjezera 'remote.block-notify-after-transfer' kuti muyimitse kutumiza mauthenga a NOTIFY;
  • Kuthandizira koyeserera kwa Ed448 algorithm mu DNSSE (imafuna GnuTLS 3.6.12+ ndipo sinatulutsidwebe Nettle 3.6+);
  • Gawo la 'local-serial' lawonjezedwa ku keymgr kuti mupeze kapena kukhazikitsa nambala ya SOA ya malo osainidwa munkhokwe ya KASP;
  • Thandizo lowonjezera pakulowetsa makiyi a Ed25519 ndi Ed448 mumtundu wa seva ya BIND DNS ku keymgr;
  • Zosasintha za 'server.tcp-io-timeout' zawonjezedwa kufika pa 500 ms ndipo 'database.journal-db-max-size' yatsitsidwa kukhala 512 MiB pa 32-bit systems.

Source: opennet.ru

Kuwonjezera ndemanga