Ka mor'a selemo le halofo ea tsoelo-pele ho lokolloa ha caching DNS server , e ikarabellang bakeng sa phetisetso ea mabitso. PowerDNS Recursor e hahiloe holim'a motheo oa khoutu e le 'ngoe le PowerDNS Authoritative Server, empa li-server tsa DNS tse nang le matla a ho pheta-pheta le tse nang le matla li hlahisoa ka mekhahlelo e fapaneng ea nts'etsopele 'me li lokolloa e le lihlahisoa tse arohaneng. Khoutu ea morero e nang le laesense tlasa GPLv2.
Phetolelo e ncha e felisa litaba tsohle tse amanang le ts'ebetso ea lipakete tsa DNS tse nang le lifolakha tsa EDNS. Liphetolelo tsa khale tsa PowerDNS Recursor pele ho 2016 li ne li e-na le tloaelo ea ho hlokomoloha lipakete tse nang le lifolakha tsa EDNS tse sa tšehetsoeng ntle le ho romela karabo ka mokhoa oa khale, ho lahla lifolakha tsa EDNS joalokaha ho hlokoa ka tlhaloso. Nakong e fetileng, boitšoaro bona bo sa tloaelehang bo ne bo tšehetsoa ho BIND ka mokhoa oa ho sebetsa, empa ka hare ho sebaka sa ka matsapa a Hlakola , Bahlahisi ba li-server tsa DNS ba nkile qeto ea ho tlohela sena.
Ho PowerDNS, mathata a ka sehloohong a ho sebetsana le lipakete tse nang le EDNS a ile a felisoa morao ka 2017 ka tokollo ea 4.1, 'me lekaleng la 2016 le lokollotsoeng ka 4.0, ho se lumellane ha motho ka mong ho hlahile tlas'a maemo a itseng' me, ka kakaretso, ha a kena-kenane le tloaelehileng. ts'ebetso. Ho PowerDNS Recursor 4.2, joalo ka ho , Ho tlositsoe li-workaround ho ts'ehetsa li-server tse nang le matla tse arabelang ka phoso likopo tse nang le lifolakha tsa EDNS. Ho fihlela joale, haeba ka mor'a ho romela kopo ka lifolakha tsa EDNS ho ne ho se na karabo ka mor'a nako e itseng, seva sa DNS se ne se nka hore lifolakha tse atolositsoeng ha lia tšehetsoa 'me tsa romela kopo ea bobeli ntle le lifolakha tsa EDNS. Hona joale boitšoaro bona bo se bo holofetse kaha khoutu ena e entse hore ho be le latency e eketsehileng ka lebaka la ho khutlisetsoa ha pakete, ho eketseha ha marang-rang le ho hlaka ha ho sa arabeloe ka lebaka la ho hlōleha ha marang-rang, le ho thibela ts'ebetsong ea likarolo tse thehiloeng ho EDNS tse kang DNS Cookies ho sireletsa khahlanong le litlhaselo tsa DDoS.
Ho entsoe qeto ea ho tšoara ketsahalo selemong se tlang e etselitsoeng ho lebisa tlhokomelo ho ka ho arohana ha IP ha o sebetsana le melaetsa e meholo ea DNS. E le karolo ea boikitlaetso lokisa boholo ba buffer bo khothalelitsoeng bakeng sa EDNS ho isa ho 1200 bytes, le ho sebetsana le likopo ka TCP ke karolo e lokelang ho ba le li-server. Hona joale ts'ehetso ea ho sebetsana le likōpo ka UDP e hlokahala, 'me TCP e lakatseha, empa ha e hlokehe bakeng sa ts'ebetso (tekanyetso e hloka bokhoni ba ho tima TCP). Ho etsoa tlhahiso ea ho tlosa khetho ea ho thibela TCP ho tloha boemong bo tloaelehileng le ho tiisa phetoho ho tloha ho romela likōpo ho feta UDP ho sebelisa TCP maemong ao boholo ba EDNS buffer bo sa lekaneng.
Liphetoho tse hlahisitsoeng e le karolo ea morero li tla felisa pherekano ka ho khetha boholo ba buffer ea EDNS le ho rarolla bothata ba ho arohana ha melaetsa e kholo ea UDP, e leng ho sebetsana le eona hangata ho lebisang ho lahleheloa ke pakete le ho qeta nako ka lehlakoreng la bareki. Ka lehlakoreng la bareki, boholo ba buffer ea EDNS bo tla lula bo le teng 'me likarabo tse kholo li tla romelloa hang-hang ho moreki ka TCP. Ho qoba ho romela melaetsa e meholo ka UDP ho tla boela ho u lumelle ho thibela bakeng sa chefo ea cache ea DNS, e ipapisitseng le ho qhekella ha lipakete tsa UDP tse arohaneng (ha li aroloa likotoana, sekhechana sa bobeli ha se kenye hlooho e nang le sets'oants'o, ka hona e ka etsoa, e lekane feela hore cheke e lumellane) .
PowerDNS Recursor 4.2 e nahanela mathata ka lipakete tse kholo tsa UDP le li-switches ho sebelisa boholo ba EDNS buffer size (edns-outgoing-bufsize) ea 1232 bytes, ho e-na le moeli o sebelisitsoeng pele oa 1680 bytes, o lokelang ho fokotsa haholo monyetla oa ho lahleheloa ke lipakete tsa UDP. . Boleng ba 1232 bo khethiloe hobane ke boholo boo boholo ba karabo ea DNS, ho nahanoa ka IPv6, bo kenang bonyane ba boleng ba MTU (1280). Boleng ba "truncation-threshold parameter", e ikarabellang bakeng sa ho fokotsa likarabo ho mofani, le bona bo theotsoe ho 1232.
Liphetoho tse ling ho PowerDNS Recursor 4.2:
- Tšehetso ea mochine e ekelitsoeng (X-Proxied-For), e leng DNS e lekanang le hlooho ea X-Forwarded-For HTTP, e lumellang tlhahisoleseling mabapi le aterese ea IP le nomoro ea boema-kepe ea mokopi oa mantlha hore e fetisetsoe ka li-proxies tse mahareng le li-balancers tsa mojaro (joalo ka dnsdist) . Ho thusa XPF ho na le likhetho ""Le"";
- Tšehetso e ntlafalitsoeng bakeng sa katoloso ea EDNS (ECS), e u lumellang hore u fetisetse lipotso tsa DNS ho data e nang le matla ea DNS mabapi le subnet eo kopo ea pele e fetisitsoeng ka ketane e neng e chefo (data e mabapi le mohloli oa subnet ea moreki ea hlokahala bakeng sa ts'ebetso e sebetsang ea marang-rang a phano ea litaba) . Tokollo e ncha e eketsa litlhophiso tsa taolo e ikhethileng mabapi le ts'ebeliso ea EDNS Client Subnet: "»ka lethathamo la limaske tsa marang-rang tseo IP e tla sebelisoa ho ECS likopong tse tsoang. Bakeng sa liaterese tse sa oeleng ka har'a limaske tse boletsoeng, aterese e akaretsang e boletsoeng ho taelo "". Ka taelo "» o ka hlalosa li-subnets tseo ho tsona likopo tse kenang tse nang le litekanyetso tse tlatsitsoeng tsa ECS li ke keng tsa nkeloa sebaka;
- Bakeng sa li-server tse sebetsanang le palo e kholo ea likopo motsotsoana (ho feta likete tse 100), taelo "", e khethollang palo ea likhoele bakeng sa ho amohela likopo tse kenang le ho li aba pakeng tsa likhoele tsa basebetsi (hoa utloahala ha u sebelisa "").
- Setlhophiso se ekelitsoeng ho hlalosa faele ea hau ka libaka tseo basebelisi ba ka ingolisang li-subdomain tsa bona ho fapana le lenane le hahiloeng ho PowerDNS Recursor.
Morero oa PowerDNS o boetse o phatlalalitse phetoho ea potoloho ea nts'etsopele ea likhoeli tse ts'eletseng, ka tokollo e kholo e latelang ea PowerDNS Recursor 4.3 e lebelletsoeng ka Pherekhong 2020. Lintlafatso tsa tokollo ea bohlokoa li tla ntlafatsoa selemo ho pota, ka mor'a moo ho tla lokolloa litokiso tsa tlokotsi bakeng sa likhoeli tse ling tse tšeletseng. Kahoo, tšehetso bakeng sa lekala la PowerDNS Recursor 4.2 e tla tšoarella ho fihlela Pherekhong 2021. Liphetoho tse tšoanang tsa potoloho ea ntlafatso li entsoe bakeng sa PowerDNS Authoritative Server, e lebelletsoeng ho lokolla 4.2 haufinyane.
Likarolo tsa mantlha tsa PowerDNS Recursor:
- Lisebelisoa tsa ho bokella lipalo-palo tse hole;
- Restart hang hang;
- Enjene e hahelletsoeng ka har'a ho hokela bahlokomeli ka puo ea Selua;
- Tšehetso e feletseng ea DNSSEC le ;
- Tšehetso bakeng sa RPZ (Libaka tsa Leano la Likarabo) le bokhoni ba ho hlalosa li-blacklists;
- Mekhoa e khahlanong le spoofing;
- Bokhoni ba ho rekota liphetho tsa qeto e le lifaele tsa libaka tsa BIND.
- Ho netefatsa ts'ebetso e phahameng, mekhoa ea sejoale-joale ea ho kopanya li-multiplexing e sebelisoa ho FreeBSD, Linux le Solaris (kqueue, epoll, /dev/poll), hammoho le pakete ea DNS e sebetsang hantle haholo e khonang ho sebetsana le likopo tse likete tse mashome tse tšoanang.
Source: opennet.ru