Lintlafatso tse lokisoang ho makala a tsitsitseng a BIND DNS server 9.16.28 le 9.18.3 li hatisitsoe, hammoho le tokollo e ncha ea lekala la liteko 9.19.1. Liphetolelong tsa 9.18.3 le 9.19.1, ts'oaetso (CVE-2022-1183) ts'ebetsong ea mochine oa DNS-over-HTTPS, o tšehetsoeng ho tloha lekaleng la 9.18, o lokisitsoe. Kotsi e etsa hore ts'ebetso e boletsoeng e senyehe haeba khokahano ea TLS ho sebatli se thehiloeng ho HTTP e emisoa pele ho nako. Taba ena e ama feela li-server tse sebeletsang DNS holim'a likopo tsa HTTPS (DoH). Li-server tse amohelang DNS mabapi le lipotso tsa TLS (DoT) 'me li sa sebelise DoH ha li amehe ke taba ena.
Phatlalatso 9.18.3 e boetse e eketsa lintlafatso tse 'maloa tsa ts'ebetso. Ts'ehetso e ekelitsoeng bakeng sa mofuta oa bobeli oa libaka tsa lethathamo la likhaolo ("Catalog Zones"), e hlalositsoeng moralong oa bohlano oa litlhaloso tsa IETF. Zone Directory e fana ka mokhoa o mocha oa ho boloka li-server tsa DNS tsa bobeli moo, ho e-na le ho hlalosa lirekoto tse arohaneng bakeng sa sebaka se seng le se seng sa bobeli ho seva sa bobeli, sete e itseng ea libaka tsa bobeli li fetisetsoa lipakeng tsa li-server tsa mantlha le tsa bobeli. Tseo. Ka ho theha phetiso ea directory e ts'oanang le phetisetso ea libaka tsa motho ka mong, libaka tse entsoeng ho seva sa mantlha mme li tšoailoe joalo ka ha li kenyellelitsoe bukeng li tla bōptjoa ka bohona ho seva sa bobeli ntle le tlhoko ea ho hlophisa lifaele tsa tlhophiso.
Mofuta o mocha o boetse o eketsa tšehetso bakeng sa likhoutu tsa phoso tsa "Stale Answer" le "Stale NXDOMAIN Answer", tse fanoeng ha karabo ea khale e khutlisoa ho tsoa ho cache. tse rehiloeng le ho cheka li na le netefatso e hahelletsoeng ea litifikeiti tsa kantle tsa TLS, tse ka sebelisoang ho kenya ts'ebetsong netefatso e matla kapa e kopanetsoeng e thehiloeng ho TLS (RFC 9103).
Source: opennet.ru