Emva kweenyanga ezili-11 zophuhliso, i-ISC consortium Ukukhutshwa kokuqala okuzinzileyo kwesebe elitsha elibalulekileyo le-BIND 9.16 DNS server. Inkxaso yesebe 9.16 iya kubonelelwa iminyaka emithathu kude kube yikota yesi-2 ka-2023 njengenxalenye yomjikelo wenkxaso owandisiweyo. Uhlaziyo lwesebe le-LTS langaphambili 9.11 liya kuqhubeka nokukhutshwa kude kube nguDisemba 2021. Inkxaso yesebe 9.14 iya kuphela kwiinyanga ezintathu.
Siseko :
- I-KASP eyongeziweyo (iSitshixo kunye noMgaqo-nkqubo wokuSayina), indlela elula yokulawula izitshixo ze-DNSSEC kunye neesignesha zedijithali, ngokusekelwe kwimigaqo yokumisela echazwe ngokusebenzisa i-directive "dnssec-policy". Lo myalelo ikuvumela ukuba uqwalasele ukuveliswa kwamaqhosha amatsha ayimfuneko kwiindawo ze-DNS kunye nosetyenziso oluzenzekelayo lwe-ZSK kunye ne-KSK izitshixo.
- Inkqubo engaphantsi yothungelwano iye yayilwa ngokutsha kwaye yatshintshelwa kwindlela yokuqhuba isicelo engahambelaniyo ephunyeziweyo ngokusekwe kwithala leencwadi. .
Ukuhlaziywa akukaphumeleli naluphi na utshintsho olubonakalayo, kodwa kwixesha elizayo ukukhutshwa kuya kunika ithuba lokuphumeza ukuphuculwa komsebenzi obalulekileyo kunye nokongeza inkxaso kwiiprothokholi ezintsha ezifana ne-DNS phezu kwe-TLS. - Inkqubo ephuculweyo yokulawula i-ankile ye-DNSSEC ye-trust (I-ankile ye-Trust, isitshixo sikawonke-wonke esibotshelelwe kummandla wokuqinisekisa ubunyani balo mmandla). Esikhundleni sezitshixo ezithembekileyo kunye nezitshixo ezilawulwayo, eziyehlisiwe ngoku, umyalelo omtsha we-trust-anchors ucetywayo okuvumela ukuba ulawule zombini iindidi zezitshixo.
Xa usebenzisa i-trust-anchors kunye negama elingundoqo lokuqala, ukuziphatha kwalo myalelo kufana nezitshixo ezilawulwayo, okt. ichaza isiseko se-anchor yokuthembela ngokuhambelana ne-RFC 5011. Xa usebenzisa i-trust-anchors kunye ne-static-key keyword, ukuziphatha kuhambelana nomyalelo we-trusted-keys, okt. ichaza isitshixo esizingileyo esingahlaziywanga ngokuzenzekelayo. I-Trust-anchors inikezela ngamagama angundoqo amabini, i-fiily-ds kunye ne-static-ds, ekuvumela ukuba usebenzise iiankile zokuthembela kwifomathi. (I-Delegation Signer) endaweni ye-DNSKEY, eyenza kube lula ukuqwalasela izibophelelo zezitshixo ezingekapapashwa (umbutho we-IANA uceba ukusebenzisa ifomathi ye-DS yezitshixo zezowuni eziphambili kwixesha elizayo).
- Ukhetho "+yaml" longezwe kwi-dig, mdig kunye ne-delv eziluncedo kwimveliso kwifomathi ye-YAML.
- Ukhetho "+[akukho]engalindelekanga" yongezwe kwi-dig utility, ivumela ulwamkelo lweempendulo ezivela kumamkeli-zindwendwe ngaphandle komncedisi apho isicelo sithunyelwe khona.
- Kongezwe "+[no]expandaaaa" ukhetho lokugrumba into eluncedo, ebangela ukuba iidilesi ze-IPv6 kwiirekhodi ze-AAAA ziboniswe ngokumelwa okupheleleyo kwe-128-bit, endaweni ye-RFC 5952 ifomathi.
- Kongezwe ukukwazi ukutshintsha amaqela amajelo ezibalo.
- Iirekhodi ze-DS kunye ne-CDS ngoku ziveliswa kuphela ngokusekelwe kwi-SHA-256 hashes (isizukulwana esisekelwe kwi-SHA-1 siyekisiwe).
- Kwi-DNS Cookie (RFC 7873), i-algorithm engagqibekanga yi-SipHash 2-4, kunye nenkxaso ye-HMAC-SHA iyekile (i-AES igcinwe).
- Imveliso ye-dnssec-signzone kunye ne-dnssec-verify imiyalelo ngoku ithunyelwa kwimveliso eqhelekileyo (STDOUT), kwaye kuphela iimpazamo nezilumkiso eziprintwe kwi STDERR (i -f ukhetho lukwaprinta indawo esayiniweyo). U "-q" ukhetho longeziwe ukuthulisa imveliso.
- Ikhowudi yokuqinisekisa ye-DNSSEC iye yaphinda yasetyenziswa ukuze kupheliswe ukuphinda-phindwa kwekhowudi kunye nezinye ii-subsystems.
- Ukubonisa izibalo kwifomathi ye-JSON, lithala leencwadi le-JSON-C kuphela elinokusetyenziswa ngoku. Inketho yoqwalaselo "--with-libjson" ithiywe ngokutsha ukuya "--with-json-c".
- Isikripthi soqwalaselo asisangagqibekanga ukuya ku-"--sysconfdir" kwi-/njl kunye ne-"--localstatedir" kwi/var ngaphandle kokuba u-"--prefix" uchaziwe. Iindlela ezingagqibekanga ngoku ziyi-$ prefix/etc kunye ne-$prefix/var, njengoko isetyenziswe kwi-Autoconf.
- Ikhowudi esusiweyo yokuphumeza i-DLV (i-Domain Look-aside Verification, i-dnssec-lookaside option) inkonzo, eyehlisiwe kwi-BIND 9.12, kunye nomphathi we-dlv.isc.org ohambelana nawo wakhutshazwa kwi-2017. Ukususa ii-DLVs kukhulule ikhowudi ye-BIND kwiingxaki ezingeyomfuneko.
umthombo: opennet.ru