Mushure memwedzi gumi neimwe yebudiriro, iyo ISC consortium Yekutanga yakagadzikana kuburitswa kwebazi idzva rakakosha reBIND 9.16 DNS server. Tsigiro yebazi 9.16 ichapihwa kwemakore matatu kusvika 2nd kota ye2023 sechikamu chekuwedzera rutsigiro. Zvigadziriso zveiyo yapfuura LTS bazi 9.11 icharamba ichiburitswa kusvika Zvita 2021. Tsigiro yebazi 9.14 ichapera mumwedzi mitatu.
chikuru :
- Yakawedzera KASP (Kiyi uye Kusaina Policy), nzira yakareruka yekugadzirisa makiyi eDNSSEC uye masiginecha edhijitari, zvichibva pamitemo yekumisikidza inotsanangurwa uchishandisa "dnssec-policy" rairo. Ichi chinongedzo chinokutendera kuti ugadzirise chizvarwa chemakiyi matsva anodiwa eDNS zone uye otomatiki application yeZSK neKSK makiyi.
- Iyo network subsystem yakagadziridzwa zvakanyanya uye nekuchinjirwa kune asynchronous chikumbiro chekugadzirisa masisitimu anoitwa zvichienderana neraibhurari. .
Iyo rework haisati yaita chero shanduko inooneka, asi mukuburitswa mune ramangwana ichapa mukana wekuita mamwe akakosha ekuita optimizations uye kuwedzera rutsigiro rwezvirongwa zvitsva seDNS pamusoro peTLS. - Yakavandudzwa maitiro ekutonga DNSSEC trust anchor (Trust anchor, kiyi yeruzhinji yakasungirirwa kune zone kuratidza huchokwadi hwenzvimbo iyi). Panzvimbo peakavimbika-makiyi uye anochengetedzwa-makiyi marongero, ayo ave kuderedzwa, itsva trust-anchors rairo yakatsanangurwa iyo inokutendera iwe kubata ese ari maviri makiyi.
Paunenge uchishandisa trust-anchors neyokutanga-kiyi kiyi kiyi, maitiro eiyi rairo akafanana neakagadziriswa-makiyi, i.e. inotsanangura kutendeseka anchor setting maererano neRFC 5011. Paunenge uchishandisa kuvimba-anchors ne-static-key keyword, maitiro anowirirana neakavimbika-makiyi ekuraira, i.e. inotsanangura kiyi inoramba iripo iyo isina kuvandudzwa yega. Trust-anchors inopawo mamwe mazwi maviri akakosha, ekutanga-ds uye static-ds, ayo anobvumidza iwe kushandisa trust anchors mune iyo fomati. (Delegation Signer) pachinzvimbo cheDNSKEY, izvo zvinoita kuti zvikwanise kugadzirisa zvisungo zvekiyi zvisati zvaburitswa (sangano reIANA rinoronga kushandisa DS fomati yemakiyi epakati penzvimbo mune ramangwana).
- Iyo "+yaml" sarudzo yakawedzerwa kune dig, mdig uye delv zvishandiso zvekubuda muYAML fomati.
- Iyo "+ [hapana] isingatarisirwe" sarudzo yakawedzerwa kune yekuchera utility, ichibvumira kugamuchirwa kwemhinduro kubva kune vanogamuchira kunze kwesevha iyo chikumbiro chakatumirwa.
- Yakawedzerwa "+[no]expandaaaa" sarudzo yekuchera zvinoshandiswa, izvo zvinoita kuti IPv6 kero mumarekodhi eAAAA iratidzwe yakazara 128-bit inomiririra, pane muRFC 5952 fomati.
- Yakawedzera kugona kushandura mapoka ematanho ehuwandu.
- DS neCDS marekodhi zvino anogadzirwa chete zvichibva paSHA-256 hashes (chizvarwa chakavakirwa paSHA-1 chakamiswa).
- YeDNS Cookie (RFC 7873), iyo default algorithm iSipHash 2-4, uye rutsigiro rweHMAC-SHA rwakamiswa (AES inochengetwa).
- Kubuda kweiyo dnssec-signzone uye dnssec-verify mirairo ikozvino yatumirwa kune yakajairwa kubuda (STDOUT), uye chete zvikanganiso uye yambiro zvinodhindwa ku STDERR (iyo -f sarudzo inodhinda nzvimbo yakasainwa). Iyo "-q" sarudzo yawedzerwa kuti inyaradze zvakabuda.
- Iyo DNSSEC yekusimbisa kodhi yakagadziriswazve kuti ibvise kudzokorora kwekodhi nemamwe ma subsystems.
- Kuratidza nhamba mufomati yeJSON, raibhurari yeJSON-C chete ndiyo inogona kushandiswa. Sarudzo yekumisikidza "--ne-libjson" yapihwa zita rekuti "--ne-json-c".
- Iyo yekumisikidza script haichagadzirisike ku "--sysconfdir" mu / etc uye "--localstatedir" mu / var kunze kwekunge "--prefix" yatsanangurwa. Nzira dzekutanga dzave ikozvino $ prefix/etc uye $prefix/var, sekushandiswa mu Autoconf.
- Yakabviswa kodhi yekushandisa iyo DLV (Domain Look-aside Verification, dnssec-lookaside sarudzo) sevhisi, iyo yakabviswa muBIND 9.12, uye yakabatana dlv.isc.org mugadziri akaremara muna 2017. Kubvisa maDLV kwakasunungura BIND kodhi kubva kumatambudziko asina basa.
Source: opennet.ru