Kajeno, palo ea litšebeletso tse kholo tsa DNS le baetsi ba li-server tsa DNS ba tla tšoara ketsahalo e kopanetsoeng e etselitsoeng ho lebisa tlhokomelo ho ka ho arohana ha IP ha o sebetsana le melaetsa e meholo ea DNS. Ena ke ketsahalo ea bobeli e joalo, selemong se fetileng "letsatsi la folakha ea DNS" mabapi le ts'ebetso e nepahetseng ea likopo tsa EDNS.
Barupeluoa lenaneong la DNS la letsatsi la 2020 ba kopa li-buffer sizes tse khothaletsoang hore EDNS e behoe ho 1232 bytes (MTU size 1280 minus 48 bytes for headers), hammoho le ho sebetsana le likopo ka TCP ke karolo e lokelang ho ba le li-server. IN Ke ts'ehetso feela ea ho sebetsana le likopo ka UDP e tšoailoeng e tlama, 'me TCP e thathamisitsoe e le e lakatsehang, empa ha e hlokehe bakeng sa ts'ebetso. E ncha и thathamisa TCP ka ho hlaka e le bokhoni bo hlokahalang hore DNS e sebetse ka nepo. Mohato ona o fana ka maikutlo a ho qobella phetoho ho tloha ho romela likopo ho feta UDP ho sebelisa TCP maemong ao boholo ba EDNS buffer bo sa lekaneng.
Liphetoho tse reriloeng li tla felisa pherekano ka ho khetha boholo ba buffer ea EDNS le ho rarolla bothata ba ho arohana ha melaetsa e meholo ea UDP, e leng ho sebetsana le eona hangata ho lebisang ho lahleheloa ke pakete le ho qeta nako ka lehlakoreng la bareki. Ka lehlakoreng la bareki, boholo ba buffer ea EDNS bo tla lula bo le teng 'me likarabo tse kholo li tla romelloa hang-hang ho moreki ka TCP. Ho qoba ho romela melaetsa e meholo ka UDP ho tla boela ho rarolle mathata ka lipakete tse kholo tse theoleloang li-firewall tse ling le ho lumella ho thibela. bakeng sa chefo ea cache ea DNS, e ipapisitseng le ho qhekella ha lipakete tsa UDP tse arohaneng (ha li aroloa likotoana, sekhechana sa bobeli ha se kenye hlooho e nang le sets'oants'o, ka hona e ka etsoa, e lekane feela hore cheke e lumellane) .
Ho qala kajeno, bafani ba DNS ba nkang karolo ho kenyelletsa CloudFlare, Quad 9, Cisco (OpenDNS) le Google, EDNS buffer size ho tloha 4096 ho 1232 bytes ho li-server tsa eona tsa DNS (phetoho ea EDNS e tla phatlalatsoa ka libeke tse 4-6 'me e tla koahela palo e ntseng e eketseha ea likopo ka nako). Likarabo ho likopo tsa UDP tse sa lumellaneng le moeli o mocha li tla romelloa ka TCP. Barekisi ba li-server tsa DNS ba kenyelletsang BIND, Unbound, Knot, NSD le PowerDNS ba tla lokolla lintlafatso ho fetola boholo ba buffer ea EDNS ho tloha ho 4096 bytes ho ea ho 1232 byte.
Qetellong, liphetoho tsena li ka lebisa mathateng a tharollo ha u fihlella li-server tsa DNS tseo likarabo tsa tsona tsa UDP DNS li fetang 1232 bytes 'me li sitoa ho romela karabo ea TCP. Teko e entsoeng ho Google e bonts'itse hore ho fetola boholo ba buffer ea EDNS ha ho na phello ho sekhahla sa ho hloleha - ka buffer ea 4096 bytes, palo ea likopo tse fokolitsoeng tsa UDP ke 0.345%, 'me palo ea liteko tse sa fihlelleheng ho feta TCP ke 0.115%. Ka buffer ea 1232 byte, lipalo tsena ke 0.367% le 0.116%. Ho etsa ts'ehetso ea TCP karolo e hlokahalang ea DNS ho tla baka mathata ka hoo e ka bang 0.1% ea li-server tsa DNS. Hoa hlokomeloa hore maemong a morao-rao, ntle le TCP, ts'ebetso ea lisebelisoa tsena e se e ntse e sa tsitsa.
Baokameli ba li-server tsa DNS tse nang le matla ba lokela ho etsa bonnete ba hore seva sa bona se arabela ka TCP ho port network 53 le hore sekepe sena sa TCP ha sea thibeloa ke firewall. Seva ea DNS e tsebahalang le eona ha ea lokela ho romela likarabo tsa UDP tse kholo ho feta
e kopile EDNS buffer size. Ho seva ka boeona, boholo ba buffer ea EDNS bo lokela ho behoa ho 1232 bytes. Litharollo li na le litlhoko tse batlang li lekana - bokhoni bo tlamang ba ho arabela ka TCP, tšehetso e tlamang bakeng sa ho romela likopo tse pheta-phetoang ka TCP ha li fumana karabo e fokolang ea UDP, le ho beha buffer ea EDNS ho li-byte tsa 1232.
Mekhahlelo e latelang e na le boikarabello ba ho beha boholo ba buffer ea EDNS ho li-server tse fapaneng tsa DNS:
likhetho {
edns-udp-size 1232;
max-udp-size 1232;
};
max-udp-payload: 1232
net.bufsize(1232)
udp-truncation-threshold=1232
edns-outgoing-bufsize=1232
udp-truncation-threshold=1232
boholo ba edns-buffer: 1232
IPv4-edns-boholo: 1232
IPv6-edns-boholo: 1232
Source: opennet.ru