fa'afouga fa'asa'o i lala DNS mautu , fa'apea fo'i ma le lala fa'ata'ita'i o lo'o i lalo o le atina'e 9.15.2. O faʻasalalauga fou o loʻo faʻaalia ai le faʻafitauli o le tuʻuga (CVE-2019-6471) e mafai ona taʻitaʻia ai le faʻafitia o le tautua (faʻagasologa faʻamutaina pe a faʻaosoina) pe a poloka se numera tele o pepa ulufale mai.
E le gata i lea, o le lomiga fou 9.14.4 faʻaopoopoina le lagolago mo le GeoIP2 API mo le faʻafesoʻotaʻi o se nofoaga faʻamaumauga e faʻavae i luga o tuatusi IP mai le kamupani
MaxMind (faʻaogaina e ala i le fausiaina ma le "--with-geoip2" filifiliga). E le o toe lagolagoina e GeoIP2 nisi o ACL (e pei o le saoasaoa o fesoʻotaiga, faʻalapotopotoga, ma tulafono a le atunuu) na lagolagoina muamua mo le GeoIP API tuai, lea e le o toe tausia e MaxMind. Fa'ailoga fou dnssec-sign ma le dnssec-refresh ua fa'aopoopoina fa'atasi ma fa'atau mo le aofa'i o saini DNSSEC na fa'atupuina ma fa'afouina.
E le gata i lea, e mafai ona matauina DNS server Knot 2.8.3, lea na faʻaopoopoina se faila faʻapipiʻi tusi / ki mo TLS i le kdig, faʻateleina faʻamatalaga faʻamatalaga o faʻamaumauga o ogalaau mo saini tuusao-KSK ma le RRL module, ma faʻalauteleina siaki faʻatulagaina DNSSEC.
Knot Resolver 4.1.0 faʻafouina na faʻasaʻolotoina, lea na faʻaumatia (CVE-2019-10190, CVE-2019-10191): Avanoa e pasi siaki DNSSEC mo fesili igoa misi (NXDOMAIN) ma le mafai ona toe fa'afo'i se vaega DNSSEC-puipuia i se tulaga DNSSEC e le puipuia e ala i le fa'aseseina o pepa.
puna: opennet.ru