ukukhululwa kweseva ye-DNS yokugcina isikhashana , onesibopho sokuguqulwa kwegama eliphindaphindayo. I-PowerDNS Recursor yakhelwe phezu kwesisekelo sekhodi efanayo ne-PowerDNS Authoritative Server, kodwa amaseva e-PowerDNS aphindaphindayo nanegunya athuthukiswa ngemijikelezo ehlukene yokuthuthukisa futhi akhululwa njengemikhiqizo ehlukene. Ikhodi yephrojekthi ilayisensi ngaphansi kwe-GPLv2.
Iseva ihlinzeka ngamathuluzi okuqoqwa kwezibalo ezikude, isekela ukuqalisa kabusha okusheshayo, inenjini eyakhelwe ngaphakathi yokuxhuma izibambi ngolimi lwesiLua, isekela ngokugcwele i-DNSSEC, i-DNS64, i-RPZ (Izindawo Zenqubomgomo Yezimpendulo), futhi ikuvumela ukuthi uxhume izinhlu ezivinjelwe. Kungenzeka ukurekhoda imiphumela yokulungiswa njengamafayela wendawo ye-BIND. Ukuqinisekisa ukusebenza okuphezulu, izindlela zesimanje zokuxhumanisa eziningi zisetshenziswa ku-FreeBSD, Linux kanye ne-Solaris (kqueue, epoll, /dev/poll), kanye nesihlaluli sephakethe se-DNS esisebenza kahle esikwazi ukucubungula amashumi ezinkulungwane zezicelo ezifanayo.
Enguqulweni entsha:
- Ukuze uvimbele ukuvuza kolwazi mayelana nesizinda esiceliwe futhi kwandiswe ubumfihlo, indlela yokusebenza inikwe amandla ngokuzenzakalela (), esebenza ngemodi "ekhululekile". Ingqikithi yendlela yokwenza ukuthi isixazululi asisho igama eliphelele lomsingathi oyifunayo ezicelweni zaso kuseva yegama elikhuphukayo. Isibonelo, lapho sinquma ikheli lomsingathi i-foo.bar.baz.com, isixazululi sizothumela isicelo "QTYPE=NS,QNAME=baz.com" kuseva egunyaziwe yendawo ye-".com", ngaphandle kokusho " foo.bar". Ngendlela yayo yamanje, umsebenzi kumodi "ekhululekile" isetshenziswa.
- Amandla okufaka izicelo eziphumayo kuseva egunyaziwe kanye nezimpendulo kuzo ngefomethi ye-dnstap asetshenzisiwe (ukuze asetshenziswe, ukwakhiwa okunenketho ethi “-enable-dnstap” kuyadingeka).
- Ukucutshungulwa ngesikhathi esisodwa kwezicelo ezimbalwa ezingenayo ezithunyelwa ngoxhumo lwe-TCP kunikezwa, nemiphumela ibuyiswa njengoba isilungile, futhi hhayi ngokulandelana kwezicelo kulayini. Umkhawulo wezicelo ngesikhathi esisodwa unqunywa “".
- Kusetshenziswe indlela yokulandelela izizinda ezintsha (Newly Observed Domain), engasetshenziswa ukukhomba izizinda ezisolisayo noma izizinda ezihlobene nomsebenzi oyingozi, njengokusabalalisa uhlelo olungayilungele ikhompuyutha, ukubamba iqhaza kubugebengu bokweba imininingwane ebucayi, kanye nokusetshenziselwa ukusebenzisa ama-botnet. Indlela isuselwe ekuhlonzeni izizinda ebezingakafinyelelwa ngaphambilini nokuhlaziya lezi zizinda ezintsha. Esikhundleni sokulandelela izizinda ezintsha ngokumelene nesizindalwazi esiphelele sazo zonke izizinda ezake zabukwa, okudinga izinsiza ezibalulekile ukuze zigcinwe, i-NOD isebenzisa uhlaka lwe-probabilistic. (Isihlungi SeBloom Esizinzile), esikuvumela ukuthi unciphise inkumbulo nokusetshenziswa kwe-CPU. Ukuze uyinike amandla, kufanele ucacise okuthi “new-domain-tracking=yebo” kuzilungiselelo.
- Uma isebenza ngaphansi kwe-systemd, inqubo ye-PowerDNS Recursor manje isebenza ngaphansi kwe-pdns-recursor yomsebenzisi ongenalungelo esikhundleni sempande. Kuzinhlelo ezingenayo i-systemd nangaphandle kwe-chroot, uhla lwemibhalo oluzenzakalelayo lokugcina isokhethi lokulawula nefayela le-pid manje seliyi-/var/run/pdns-recursor.
Ngaphezu kwalokho, ukukhululwa , iseva ye-DNS egunyaziwe esebenza kahle kakhulu (i-recursor yakhelwe njengohlelo lokusebenza oluhlukile) esekela zonke izici zesimanje ze-DNS. Le phrojekthi ithuthukiswa ngokubhaliswa kwegama lesi-Czech CZ.NIC, elibhalwe ngo-C kanye ilayisensi ngaphansi kwe-GPLv3.
I-KnotDNS ibonakala ngokugxila ekusebenzeni okuphezulu kokucubungula imibuzo, okusebenzisa ukuqaliswa okunezintambo eziningi futhi ikakhulukazi okungavimbeli okukala kahle ezinhlelweni ze-SMP. Izici ezinjengokwengeza nokukhipha amazoni endizeni, ukudluliselwa kwendawo yeseva-kuya-kuseva, i-DDNS (izibuyekezo eziguqukayo), i-NSID (RFC 5001), izandiso ze-EDNS0 ne-DNSSEC (okuhlanganisa i-NSEC3), imikhawulo yesilinganiso sokuphendula (RRL) inikeziwe.
Ekukhishweni okusha:
- Kwengezwe ukulungiselelwa kwe-'remote.block-notify-after-transfer' ukuze ukhubaze ukuthumela imilayezo ye-NOTIFY;
- Kusetshenziswe ukusekelwa kokuhlola kwe-algorithm ye-Ed448 ku-DNSSE (idinga i-GnuTLS 3.6.12+ futhi ayikakhululwa );
- Ipharamitha ye-'local-serial' yengezwe ku-keymgr ukuze kutholwe noma kusethwe inombolo yeserial ye-SOA yendawo esayiniwe kusizindalwazi se-KASP;
- Ukwesekwa okwengeziwe kokungenisa okhiye be-Ed25519 kanye ne-Ed448 ngefomethi yeseva ye-BIND DNS ku-keymgr;
- Ukulungiselelwa okuzenzakalelayo kwe-'server.tcp-io-timeout' kunyuswe kwaba ngu-500 ms futhi i-'database.journal-db-max-size' yehliselwe ku-512 MiB kumasistimu angu-32-bit.
Source: opennet.ru