Ngemva konyaka nengxenye yentuthuko ukukhululwa kweseva ye-DNS yokugcina isikhashana , onesibopho sokuguqulwa kwegama eliphindaphindayo. I-PowerDNS Recursor yakhelwe phezu kwesisekelo sekhodi efanayo ne-PowerDNS Authoritative Server, kodwa amaseva e-PowerDNS aphindaphindayo nanegunya athuthukiswa ngemijikelezo ehlukene yokuthuthukisa futhi akhululwa njengemikhiqizo ehlukene. Ikhodi yephrojekthi ilayisensi ngaphansi kwe-GPLv2.
Inguqulo entsha iqeda zonke izinkinga ezihlobene nokucutshungulwa kwamaphakethe e-DNS anamafulegi e-EDNS. Izinguqulo ezindala ze-PowerDNS Recursor ngaphambi kuka-2016 zazinomkhuba wokuziba amaphakethe anamafulegi we-EDNS angasekelwe ngaphandle kokuthumela impendulo ngefomethi endala, ukulahla amafulegi e-EDNS njengoba kudingwa yincazelo. Ngaphambilini, lokhu kuziphatha okungajwayelekile bekusekelwe ku-BIND ngendlela yokuxazulula izinkinga, kodwa ngaphakathi kobubanzi be-BIND. ngoFebhuwari izinhlelo , Abathuthukisi beseva ye-DNS banqume ukukuyeka lokhu kugebenga.
Ku-PowerDNS, izinkinga eziyinhloko ekucubunguleni amaphakethe nge-EDNS zaqedwa emuva ku-2017 ekukhululweni kwe-4.1, futhi egatsheni le-2016 elikhishwe ngo-4.0, ukungezwani komuntu ngamunye kwavela ngaphansi kwesethi yezimo ezithile futhi, ngokuvamile, akuphazamisi okujwayelekile. ukusebenza. Ku-PowerDNS Recursor 4.2, njengaku , Amasu okusebenza asusiwe ukuze asekele amaseva agunyaziwe aphendula ngokungalungile izicelo ezinamafulegi e-EDNS. Kuze kube manje, uma ngemva kokuthumela isicelo ngamafulege e-EDNS kungekho mpendulo ngemva kwesikhathi esithile, iseva ye-DNS icabange ukuthi amafulege anwetshiwe awasekelwanga futhi athumela isicelo sesibili ngaphandle kwamafulegi e-EDNS. Lokhu kuziphatha manje kukhutshaziwe njengoba le khodi ibangele ukubambezeleka okwandisiwe ngenxa yokudluliswa kabusha kwephakethe, ukukhushulwa komthwalo wenethiwekhi nokungaqondakali lapho ungaphenduli ngenxa yokwehluleka kwenethiwekhi, futhi kwavimbela ukuqaliswa kwezici ezisekelwe ku-EDNS ezifana namakhukhi we-DNS ukuze kuvikelwe ukuhlaselwa kwe-DDoS.
Kunqunywe ukuthi umcimbi ube ngonyaka ozayo yakhelwe ukugxila kukho ngokuhlukana kwe-IP lapho kucutshungulwa imilayezo emikhulu ye-DNS. Njengengxenye yesinyathelo lungisa osayizi bebhafa abanconyiwe be-EDNS ukuya kumabhayithi angu-1200, futhi ukucubungula izicelo nge-TCP isici okufanele sibe naso kumaseva. Manje ukusekelwa kokucubungula izicelo nge-UDP kuyadingeka, futhi i-TCP iyafiseleka, kodwa ayidingeki ekusebenzeni (okujwayelekile kudinga ikhono lokukhubaza i-TCP). Kuhlongozwa ukususa inketho yokukhubaza i-TCP kusukela ezingeni futhi kumiswe ukuguquka kusuka ekuthumeleni izicelo nge-UDP kuya ekusebenziseni i-TCP ezimeni lapho usayizi webhafa we-EDNS omisiwe ungenele.
Izinguquko ezihlongozwayo njengengxenye yesinyathelo zizoqeda ukudideka ngokukhetha usayizi webhafa we-EDNS futhi zixazulule inkinga yokuhlukaniswa kwemilayezo emikhulu ye-UDP, ukucutshungulwa kwayo okuvame ukuholela ekulahlekelweni kwephakethe kanye nokuphelelwa yisikhathi ohlangothini lweklayenti. Ohlangothini lweklayenti, usayizi webhafa we-EDNS uzohlala njalo futhi izimpendulo ezinkulu zizothunyelwa ngokushesha eklayentini nge-TCP. Ukugwema ukuthumela imilayezo emikhulu nge-UDP kuzokuvumela futhi ukuthi uvimbele ngokufaka ubuthi kunqolobane ye-DNS, ngokususelwa ekusetshenzisweni kwamaphakethe e-UDP ahlukanisiwe (lapho ihlukaniswa izingcezu, ucezu lwesibili alubandakanyi unhlokweni onesikhombi, ngakho-ke singakhiwa, okwanele kuphela ukuthi isheke lifane) .
I-PowerDNS Recursor 4.2 icabangela izinkinga ngamaphakethe amakhulu e-UDP futhi ishintshela ekusebenziseni usayizi webhafa we-EDNS (edns-outgoing-bufsize) wamabhayithi angu-1232, esikhundleni somkhawulo owawusetshenziswe ngaphambili wamabhayithi angu-1680, okufanele anciphise kakhulu amathuba okulahlekelwa amaphakethe e-UDP. . Inani elingu-1232 likhethiwe ngoba liwumkhawulo lapho usayizi wempendulo ye-DNS, kucatshangelwa i-IPv6, ingena enanini elincane le-MTU (1280). Inani lepharamitha ye-truncation-threshold, enesibopho sokuphungula izimpendulo kuklayenti, nalo lehlisiwe laya ku-1232.
Ezinye izinguquko ku-PowerDNS Recursor 4.2:
- Kwengezwe ukusekelwa kwendlela (I-X-Proxied-For), okuyi-DNS elingana nesihloko esithi X-Forwarded-For HTTP, evumela ulwazi mayelana nekheli lasesizindeni se-inthanethi kanye nenombolo yembobo yomfakisicelo wangempela ukuthi idluliselwe ngama-proxies amaphakathi nezikali zomthwalo (njenge-dnsdist) . Ukuze unike amandla i-XPF kunezinketho ""Futhi"";
- Usekelo oluthuthukisiwe lwesandiso se-EDNS (ECS), ekuvumela ukuthi udlulisele imibuzo ye-DNS kulwazi lweseva ye-DNS egunyaziwe mayelana ne-subnet lapho isicelo sokuqala esidluliswa khona ochungechungeni sifakwe ubuthi (idatha emayelana ne-subnet yomthombo weklayenti iyadingeka ukuze kusebenze kahle amanethiwekhi okulethwa kokuqukethwe) . Ukukhishwa okusha kungeza izilungiselelo zokulawula okukhethiwe kokusetshenziswa kwe-EDNS Client Subnet: "Β» ngohlu lwamamaski enethiwekhi lapho i-IP izosetshenziswa khona ku-ECS ezicelweni eziphumayo. Kumakheli angangeni kumamaski ashiwo, ikheli elijwayelekile elishiwo kumyalelo "". Ngomyalelo "Β»ungachaza ama-subnets lapho izicelo ezingenayo ezinamavelu e-ECS agcwalisiwe zingeke zishintshwe;
- Ukuze amaseva acubungula inani elikhulu lezicelo ngomzuzwana (ngaphezu kwezinkulungwane eziyi-100), umyalo "", enquma inani lezintambo zokwamukela izicelo ezingenayo futhi zisabalalise phakathi kwezintambo zabasebenzi (kunengqondo kuphela uma usebenzisa "").
- Kwengezwe ukulungiselelwa ukuchaza ifayela lakho nge izizinda lapho abasebenzisi bangabhalisa khona izizinda zabo ezingaphansi, esikhundleni sohlu olwakhelwe Ku-PowerDNS Recursor.
Iphrojekthi ye-PowerDNS iphinde yamemezela ukuthuthela emjikelezweni wokuthuthukiswa wezinyanga eziyisithupha, nokukhululwa okulandelayo kwe-PowerDNS Recursor 4.3 okulindeleke ngoJanuwari 2020. Izibuyekezo zokukhishwa okubalulekile zizothuthukiswa unyaka wonke, okuzothi ngemva kwalokho kukhishwe ukulungiswa kokuba sengozini ezinye izinyanga eziyisithupha. Ngakho, ukusekelwa kwegatsha le-PowerDNS Recursor 4.2 kuzohlala kuze kube nguJanuwari 2021. Izinguquko zomjikelezo wokuthuthukisa ezifanayo zenzelwe i-PowerDNS Authoritative Server, okulindeleke ukuthi ikhulule i-4.2 maduze nje.
Izici eziyinhloko ze-PowerDNS Recursor:
- Amathuluzi okuqoqwa kwezibalo akude;
- Ukuqalisa kabusha okusheshayo;
- Injini eyakhelwe ngaphakathi yokuxhuma izibambi ngolimi lwesiLua;
- Ukusekelwa okugcwele kwe-DNSSEC kanye ;
- Ukusekelwa kwe-RPZ (Izindawo Zenqubomgomo Yezimpendulo) kanye nekhono lokuchaza izinhlu zabavinjelwe;
- Izindlela zokulwa nokukhwabanisa;
- Ikhono lokurekhoda imiphumela yokulungiswa njengamafayela wendawo ye-BIND.
- Ukuqinisekisa ukusebenza okuphezulu, izindlela zesimanje zokuxhumanisa eziningi zisetshenziswa ku-FreeBSD, Linux kanye ne-Solaris (kqueue, epoll, /dev/poll), kanye nomhlahleli wephakethe we-DNS osebenza kahle kakhulu okwazi ukucubungula amashumi ezinkulungwane zezicelo ezifanayo.
Source: opennet.ru