Pambuyo pa miyezi 11 ya chitukuko, ISC consortium Kutulutsidwa koyamba kokhazikika kwa nthambi yofunikira ya seva ya BIND 9.16 DNS. Thandizo la nthambi 9.16 lidzaperekedwa kwa zaka zitatu mpaka 2nd quarter ya 2023 monga gawo la chithandizo chowonjezera. Zosintha za nthambi yam'mbuyo ya LTS 9.11 zipitilira kutulutsidwa mpaka Disembala 2021. Thandizo la nthambi 9.14 lidzatha m'miyezi itatu.
waukulu :
- Yowonjezera KASP (Mfundo Yofunikira ndi Kusaina), njira yosavuta yoyendetsera makiyi a DNSSEC ndi siginecha za digito, kutengera malamulo okhazikitsidwa pogwiritsa ntchito malangizo a "dnssec-policy". Langizoli limakupatsani mwayi wokonza makiyi atsopano ofunikira a zigawo za DNS ndikugwiritsa ntchito makiyi a ZSK ndi KSK.
- Ma network a subsystem adasinthidwanso kwambiri ndikusinthidwa kukhala njira yosasinthika yofunsira yomwe yakhazikitsidwa kutengera laibulale. .
Kukonzanso sikunapangitse kusintha kulikonse, koma m'tsogolomu kudzapereka mwayi wogwiritsa ntchito kukhathamiritsa kwakukulu kwa ntchito ndikuwonjezera chithandizo cha ma protocol atsopano monga DNS pa TLS. - Njira yowongolera pakuwongolera ma anchor a DNSSEC (Trust anchor, kiyi yapagulu yomangidwira kugawo kuti zitsimikizire zone iyi). M'malo mwa makiyi odalirika ndi makiyi oyendetsedwa, omwe tsopano achotsedwa, chitsogozo chatsopano cha trust-anchors chaperekedwa chomwe chimakulolani kuyang'anira mitundu yonse ya makiyi.
Mukamagwiritsa ntchito ma trust-anchors ndi mawu ofunika kwambiri, machitidwe a malangizowa ndi ofanana ndi makiyi oyendetsedwa, i.e. imatanthawuza kukhazikitsa kwa nangula wodalirika malinga ndi RFC 5011. Pogwiritsa ntchito trust-anchors ndi static-key keyword, khalidwe limagwirizana ndi malangizo odalirika-makiyi, i.e. imatanthauzira fungulo lokhazikika lomwe silimangosinthidwa zokha. Trust-anchors imaperekanso mawu ena awiri osafunikira, ma-ad-ds ndi static-ds, omwe amakulolani kugwiritsa ntchito ma nangula odalirika mumtunduwo. (Delegation Signer) m'malo mwa DNSKEY, zomwe zimapangitsa kuti zitheke kukonza zomangira makiyi omwe sanasindikizidwe (bungwe la IANA likukonzekera kugwiritsa ntchito mawonekedwe a DS kwa makiyi apakati mtsogolo).
- Njira ya "+yaml" yawonjezedwa ku dig, mdig ndi delv utilities kuti atulutse mu mtundu wa YAML.
- Njira ya "+ [palibe] zosayembekezereka" yawonjezedwa ku dig utility, kulola kulandila mayankho kuchokera kwa omwe akukhala nawo kupatula seva yomwe pempholo linatumizidwa.
- Chowonjezera "+[no]expandaaaa" njira yokumba zofunikira, zomwe zimapangitsa kuti maadiresi a IPv6 mu zolemba za AAAA awonetsedwe muzithunzi zonse za 128-bit, m'malo mwa RFC 5952.
- Anawonjezera kuthekera kosintha magulu a mayendedwe a ziwerengero.
- Zolemba za DS ndi CDS tsopano zimapangidwa potengera SHA-256 hashes (m'badwo wotengera SHA-1 wathetsedwa).
- Kwa DNS Cookie (RFC 7873), algorithm yokhazikika ndi SipHash 2-4, ndipo thandizo la HMAC-SHA lathetsedwa (AES yasungidwa).
- Zotulutsa za dnssec-signzone ndi dnssec-verify commands tsopano zatumizidwa ku standard output (STDOUT), ndipo zolakwika ndi machenjezo okha ndi omwe amasindikizidwa ku STDERR (the -f njira imasindikizanso zone yosainidwa). Njira ya "-q" yawonjezedwa kuti mutsegule zomwe zatuluka.
- Khodi yovomerezeka ya DNSSEC yakonzedwanso kuti athetse kubwereza kachidindo ndi ma subsystems ena.
- Kuti muwonetse ziwerengero mumtundu wa JSON, laibulale ya JSON-C yokha ndiyo yomwe ingagwiritsidwe ntchito. Njira yosinthira "--with-libjson" yasinthidwa kukhala "--with-json-c".
- Zolemba zosintha sizisinthanso ku "--sysconfdir" mu / etc ndi "--localstatedir" mu / var pokhapokha "--prefix" yatchulidwa. Njira zosasinthika tsopano ndi $ prefix/etc ndi $prefix/var, monga zimagwiritsidwira ntchito mu Autoconf.
- Khodi yochotsedwa yokhazikitsa ntchito ya DLV (Domain Look-aside Verification, dnssec-lookaside option) service, yomwe idatsitsidwa mu BIND 9.12, ndipo chogwirizira cha dlv.isc.org chidayimitsidwa mu 2017. Kuchotsa ma DLV kunamasula kachidindo ka BIND ku zovuta zosafunikira.
Source: opennet.ru