ukukhutshwa kwe-caching yeseva ye-DNS , uxanduva lokuguqula igama eliphinda-phindayo. I-PowerDNS Recursor yakhelwe kwisiseko sekhowudi efanayo ne-PowerDNS Authoritative Server, kodwa i-PowerDNS i-recursive ne-recursive servers ye-DNS iphuhliswa ngemijikelo eyahlukeneyo yophuhliso kwaye ikhutshwe njengemveliso eyahlukileyo. Ikhowudi yeprojekthi ilayisenisi phantsi kwe-GPLv2.
Umncedisi unikezela ngezixhobo zokuqokelela okude kwezibalo, isekela ukuqalisa kwakhona kwangoko, inenjini eyakhelweyo yokudibanisa abaphathi ngolwimi lwesiLua, ixhasa ngokupheleleyo i-DNSSEC, i-DNS64, i-RPZ (iMimandla yoMgaqo-nkqubo wokuPhendula), kwaye ikuvumela ukuba udibanise uluhlu lwabamnyama. Kuyenzeka ukurekhoda iziphumo zesisombululo njengefayile yendawo ye-BIND. Ukuqinisekisa ukusebenza okuphezulu, iindlela zale mihla zokudityaniswa koqhagamshelo zisetyenziswa kwiFreeBSD, Linux kunye neSolaris (kqueue, epoll, /dev/poll), kunye nomgangatho ophezulu wepakethi yeDNS parser ekwaziyo ukucubungula amashumi amawaka ezicelo ezifanayo.
Kwinguqulelo entsha:
- Ukuze kuthintelwe ukuvuza kolwazi malunga nesizinda esiceliweyo kunye nokwandisa ubumfihlo, indlela yokusebenza yenziwe ngokungagqibekanga (), esebenza kwimo “eyekiweyo”. Undoqo womatshini kukuba umsombululi akalikhankanyi igama elipheleleyo lenginginya efunwayo kwizicelo zayo kumncedisi wegama onyukayo. Umzekelo, xa kumiselwa idilesi yenginginya foo.bar.baz.com, umsombululi uya kuthumela isicelo "QTYPE=NS,QNAME=baz.com" kumncedisi ogunyazisiweyo wendawo ".com", ngaphandle kokukhankanya " foo.bar". Kwifom yayo yangoku, umsebenzi uphunyezwa kwimodi "ekhululekile".
- Ukukwazi ukuloga izicelo eziphumayo kumncedisi ogunyazisiweyo kunye neempendulo kubo kwifomathi ye-dnstap iphunyeziwe (ukusetyenziswa, ukwakha kunye ne "-enable-dnstap" ukhetho luyafuneka).
- Ukucutshungulwa kwangaxeshanye kwezicelo ezininzi ezingenayo ezidluliselwe kuqhagamshelo lwe-TCP kunikezelwa, kunye neziphumo ezibuyiselwa njengoko zilungile, kwaye kungekhona ngokulandelelana kwezicelo kumgca. Umda wezicelo ngaxeshanye umiselwa ngu “«.
- Kuphunyezwe ubuchule bokulandelela imimandla emitsha (I-Domain Esandula Ukuqwalaselwa), enokusetyenziswa ukuchonga imimandla erhanelwayo okanye imimandla eyayanyaniswa nomsebenzi okhohlakeleyo, njengokusasaza i-malware, ukuthatha inxaxheba kubuqhetseba, kunye nokusetyenziswa ukusebenzisa iibhotnets. Indlela isekelwe ekuchongeni imimandla engazange ifikeleleke ngaphambili kwaye ihlalutye le mimandla emitsha. Endaweni yokulandela imimandla emitsha ngokuchasene nesiseko sedatha esipheleleyo sayo yonke imimandla ekhe yajongwa, efuna izixhobo ezibalulekileyo ukuyigcina, iNOD isebenzisa isakhelo esinokwenzeka. (Isihluzo esizinzile seBloom), esikuvumela ukuba unciphise imemori kunye nokusetyenziswa kwe-CPU. Ukuyenza isebenze, khankanya "i-new-domain-tracking=ewe" kwiseto.
- Xa usebenza phantsi kwe-systemd, inkqubo ye-PowerDNS Recursor ngoku iqhuba phantsi kwe-pdns-recursor yomsebenzisi ongenalungelo endaweni yengcambu. Kwiinkqubo ngaphandle kwe-systemd kwaye ngaphandle kwe-chroot, ulawulo olungagqibekanga lokugcina isiseko solawulo kunye nefayile ye-pid ngoku /var/run/pdns-recursor.
Ukongeza, ukukhulula , iseva ye-DNS enegunya eliphezulu (i-recursor iyilwe njengesicelo esahlukileyo) esixhasa zonke izakhono ze-DNS zangoku. Le projekthi iphuhliswa yi-Czech name registry CZ.NIC, ebhalwe ngoC kunye ilayisenisi phantsi kwe-GPLv3.
I-KnotDNS yahlula ngokugxila ekuqhubeni imibuzo yokusebenza okuphezulu, apho isebenzisa i-multi-threaded kunye nokungathinteli ukuphunyezwa okulinganisa kakuhle kwiinkqubo ze-SMP. Iimpawu ezinjengokongeza kunye nokucima imimandla kwi-fly, imimandla yokudlulisa phakathi kweeseva, i-DDNS (uhlaziyo oluguqukayo), i-NSID (RFC 5001), i-EDNS0 kunye ne-DNSSEC izandiso (kubandakanywa ne-NSEC3), ukunciphisa izinga lokuphendula (RRL) zinikezelwe.
Kukhupho olutsha:
- Isetingi eyongeziweyo ethi 'remote.block-notify-after-transfer' ukuvala ukuthunyelwa kwemiyalezo ISAZISO;
- Iphunyezwe inkxaso yovavanyo lwe-algorithm ye-Ed448 kwi-DNSSE (ifuna i-GnuTLS 3.6.12+ kwaye ayikakhululwa );
- Ipharamitha ye-'local-serial' yongezwe kwi-keymgr ukufumana okanye ukuseta inombolo yothotho ye-SOA yendawo esayiniweyo kuvimba weenkcukacha we-KASP;
- Inkxaso eyongeziweyo yokungenisa ngaphandle kwe-Ed25519 kunye nezitshixo ze-Ed448 kwi-BIND DNS ifomati yeseva kwi-keymgr;
- Ukusetwa okungagqibekanga kwe-'server.tcp-io-timeout' kunyuswe ukuya kwi-500 ms kwaye i-'database.journal-db-max-size' ithotywe yaya kutsho kwi-512 MiB kwiisistim ze-32-bit.
umthombo: opennet.ru