Uhlaziyo oluchanekileyo kumasebe azinzileyo we-BIND DNS iseva 9.16.28 kunye ne-9.18.3 sele ishicilelwe, kunye nokukhutshwa okutsha kwesebe lokulinga 9.19.1. Kwiinguqulelo ze-9.18.3 kunye ne-9.19.1, ubuthathaka (CVE-2022-1183) ekuphunyezweni kwendlela ye-DNS-over-HTTPS, exhaswayo ukususela kwisebe le-9.18, ilungisiwe. Ukuba sesichengeni kubangela ukuba inkqubo enikwe igama ingqubene ukuba uqhagamshelo lwe-TLS kwisiphathi esisekwe kwi-HTTP lupheliswe phambi kwexesha. Umba uchaphazela kuphela iiseva ezisebenzela i-DNS ngaphezulu kwezicelo ze-HTTPS (DoH). Iiseva ezamkela imibuzo ye-DNS ngaphezulu kwe-TLS (DoT) kwaye ezingasebenzisi i-DoH azichatshazelwa ngulo mba.
Ukukhutshwa kwe-9.18.3 kwakhona kongeza uphuculo olusebenzayo. Inkxaso eyongeziweyo yoguqulelo lwesibini lwemimandla yekhathalogu ("Iindawo zekhathalogu"), echazwe kwidrafti yesihlanu yenkcazo ye-IETF. I-Zone Directory inikezela ngendlela entsha yokugcina iiseva ze-DNS zesibini apho, endaweni yokuchaza iirekhodi ezihlukeneyo zommandla ngamnye wesibini kwi-server yesibini, isethi ethile yemimandla yesibini idluliselwa phakathi kweeseva eziphambili kunye nezisesekondari. Ezo. Ngokuseta unikezelo lolawulo olufana nokudluliselwa kwemimandla nganye, iindawo ezidalwe kumncedisi oyintloko kwaye ziphawulwe njengoko zibandakanyiwe kuluhlu ziya kwenziwa ngokuzenzekelayo kumncedisi wesibini ngaphandle kwesidingo sokuhlela iifayile zoqwalaselo.
Uguqulelo olutsha longeza nenkxaso yeekhowudi zempazamo ze-"Stale" kunye ne "Stale NXDOMAIN Answer", ekhutshwe xa impendulo endala ibuyiswa kwi-cache. igama kunye nokugrumba banesiqinisekiso esakhelwe ngaphakathi sezatifikethi ze-TLS zangaphandle, ezinokuthi zisetyenziswe ukuphumeza ungqinisiso oluqinileyo okanye lwentsebenziswano olusekwe kwi-TLS (RFC 9103).
umthombo: opennet.ru