kuburitswa kwe caching DNS server , inokonzera kudzokorora zita rekushandura. PowerDNS Recursor yakavakirwa pane imwecheteyo kodhi base sePowerDNS Authoritative Server, asi PowerDNS inodzokororwa uye ine mvumo DNS maseva anogadzirwa kuburikidza neakasiyana ekusimudzira uye anoburitswa sezvigadzirwa zvakasiyana. Project code ane rezinesi pasi peGPLv2.
Sevha inopa maturusi ekuunganidzira kure kwenhamba, inotsigira kutangazve ipapo, ine yakavakirwa-mukati injini yekubatanidza vanobata mumutauro weLua, inotsigira zvizere DNSSEC, DNS64, RPZ (Response Policy Zones), uye inokutendera kuti ubatanidze blacklists. Zvinogoneka kurekodha mhinduro senge BIND zone mafaera. Kuve nechokwadi chekuita kwepamusoro, nzira dzemazuva ano dzekubatanidza nzira dzinoshandiswa muFreeBSD, Linux uye Solaris (kqueue, epoll, /dev/poll), pamwe nepamusoro-inoita DNS packet parser inokwanisa kugadzirisa makumi ezviuru zvezvikumbiro zvakafanana.
Mushanduro itsva:
- Kuti udzivise kudonha kweruzivo nezve iyo yakakumbirwa domain uye kuwedzera kuvanzika, iyo michina inogoneswa nekusarudzika (), kushanda mu "relaxed" mode. Izvo zvakakosha zvechigadziriso ndechekuti mugadziri haataure zita rakazara reanodiwa muenzi muzvikumbiro zvaro kune inokwidza zita server. Semuyenzaniso, pakusarudza kero yemugamuchiri foo.bar.baz.com, mugadziri achatumira chikumbiro "QTYPE=NS,QNAME=baz.com" kune chiremera server ye ".com" zone, pasina kutaura " foo.bar". Mune chimiro chayo chazvino, basa rinoitwa mu "relaxed" mode.
- Iko kugona kurodha zvikumbiro zvinobuda kune sevha ine chiremera uye mhinduro kwavari mune dnstap fomati yaitwa (yekushandisa, kuvaka ne "-enable-dnstap" sarudzo inodiwa).
- Panguva imwe chete kugadziridzwa kwezvikumbiro zvakati wandei zvinotumirwa pamusoro pekubatana kweTCP kunopihwa, nemhedzisiro inodzoserwa sezvayakagadzirira, uye kwete mukurongeka kwezvikumbiro mumutsara. Muganho wezvikumbiro panguva imwe chete inotarwa ne "".
- Yakashandiswa nzira yekutevera madomasi matsva (Newly Observed Domain), iyo inogona kushandiswa kuona madhomeini anofungidzirwa kana madhomeini ane chekuita nekuita zvakaipa, sekuparadzira malware, kutora chikamu mu phishing, uye kushandiswa kushandisa botnets. Nzira yacho inobva pakuziva madomasi anga asati ambowanikwa uye kuongorora aya madomasi matsva. Panzvimbo yekutevera madomasi matsva achipesana nedhatabhesi yakazara yeese madomasi akamboonekwa, izvo zvinoda zvakakosha zviwanikwa kuti zvichengetedze, NOD inoshandisa probabilistic framework. (Stable Bloom Filter), iyo inokutendera kuti uderedze ndangariro uye CPU mashandisiro. Kuti uigonese, iwe unofanirwa kutsanangura "new-domain-tracking = hongu" muzvirongwa.
- Paunenge uchimhanya pasi pe systemd, iyo PowerDNS Recursor process ikozvino inomhanya pasi peasina kurongeka mushandisi pdns-recursor pachinzvimbo chemidzi. Kune masisitimu asina systemd uye asina chroot, iyo yakasarudzika dhairekitori yekuchengetedza socket yekudzora uye pid faira ikozvino /var/run/pdns-recursor.
Mukuwedzera, kusunungura , yakakwira-inoshanda inotenderwa DNS server (iyo recursor yakagadzirwa seyakasiyana application) inotsigira ese emazuva ano maDNS maficha. Chirongwa ichi chiri kuvandudzwa neCzech zita registry CZ.NIC, rakanyorwa muC uye ane rezinesi pasi peGPLv3.
KnotDNS inoratidzirwa nekutarisa kune yakakwira query process performance, iyo inoshandisa yakawanda-shinda uye kazhinji isingavharidzike kuita iyo inoyera zvakanaka paSMP masisitimu. Zvimiro zvakaita sekuwedzera nekubvisa nzvimbo panhunzi, kuendesa nzvimbo pakati pemaseva, DDNS (dynamic updates), NSID (RFC 5001), EDNS0 uye DNSSEC ekuwedzera (kusanganisira NSEC3), chiyero chekupindura (RRL) chinopihwa.
Mukuburitswa kutsva:
- Yakawedzera 'remote.block-notify-after-transfer' kuseta kudzima kutumira NOTIFY meseji;
- Yakaitwa tsigiro yekuyedza yeEd448 algorithm muDNSSE (inoda GnuTLS 3.6.12+ uye haisati yaburitswa. );
- Iyo 'local-serial' parameter yakawedzerwa ku keymgr kuwana kana kuseta iyo SOA serial nhamba yenzvimbo yakasainwa mudhatabhesi reKASP;
- Yakawedzerwa rutsigiro rwekupinza Ed25519 uye Ed448 makiyi muBIND DNS server fomati kune keymgr;
- Maseting e 'server.tcp-io-timeout' awedzerwa kusvika pa500 ms uye 'database.journal-db-max-size' yaderedzwa kusvika pa512 MiB pa32-bit systems.
Source: opennet.ru