Cusboonaysiinta saxda ah ee laamaha xasilloon ee BIND DNS server 9.16.28 iyo 9.18.3 ayaa la daabacay, iyo sidoo kale sii deynta cusub ee laanta tijaabada 9.19.1. Noocyada 9.18.3 iyo 9.19.1, nuglaanta (CVE-2022-1183) ee hirgelinta habka DNS-over-HTTPS, oo la taageeray tan iyo laanta 9.18, ayaa la hagaajiyay. Nuglaanta waxay sababtaa in habka la magacaabay uu burburo haddii xidhiidhka TLS ee maamule ku salaysan HTTP la joojiyo wakhti hore. Arrintu waxay saamaysaa kaliya server-yada u adeega DNS codsiyada HTTPS (DoH). Adeegayaasha aqbala DNS ee ka sarreeya TLS (DoT) weydiimaha oo aan isticmaalin DoH ma saameynayso arrintan.
Siideynta 9.18.3 sidoo kale waxay ku daraysaa dhowr horumar oo shaqo ah. Taageero lagu daray nooca labaad ee aagagga buugaagta ("Aagagga Kaydka"), oo lagu qeexay qabyo-qoraalka shanaad ee qeexitaanka IETF. Hagaha Aagga waxa uu bixiyaa hab cusub oo lagu ilaalinayo server-yada DNS-ka sare, taas oo, halkii lagu qeexi lahaa diiwaannada aagagga sare ee server-ka sare, qayb gaar ah oo aagagga sare ah ayaa loo kala wareejiyaa inta u dhaxaysa server-yada hoose iyo sare. Kuwaas. Adiga oo dejinaya wareejinta hagaha la midka ah wareejinta aagagga gaarka ah, aagagga lagu sameeyay server-ka aasaasiga ah oo lagu calaamadeeyay sida ku jira tusaha ayaa si toos ah loogu abuuri doonaa server-ka sare iyada oo aan loo baahnayn in wax laga beddelo faylasha qaabeynta.
Nooca cusub waxa kale oo uu ku darayaa taageerada fidsan "Jawaab fadhiid ah" iyo "Jawaab NXDOMAIN ah" codes qaladka, oo la soo saaro marka jawaabta fadhiidka ah laga soo celiyo kaydka. Magacaaban oo qodaya waxay haystaan ββxaqiijinta shahaadooyinka TLS ee dibadda ah, kuwaas oo loo isticmaali karo hirgelinta xaqiijinta adag ama iskaashiga ku salaysan TLS (RFC 9103).
Source: opennet.ru