ukukhululwa , iseva ye-DNS enegunya lokusebenza okuphezulu (i-recursor yenziwe njengohlelo lokusebenza oluhlukile) esekela zonke izici zesimanje ze-DNS. Le phrojekthi ithuthukiswe yi-Czech naming registry CZ.NIC, ebhalwe ngo-C kanye ilayisensi ngaphansi kwe-GPLv3.
I-KnotDNS ibonakala ngokugxila ekusebenzeni okuphezulu kokucubungula imibuzo, okusebenzisa ukuqaliswa okunezintambo eziningi futhi ikakhulukazi okungavimbeli okukala kahle ezinhlelweni ze-SMP. Izici ezinjengokwengeza nokukhipha amazoni endizeni, ukudluliselwa kwendawo yeseva-kuya-kuseva, i-DDNS (izibuyekezo eziguqukayo), i-NSID (RFC 5001), izandiso ze-EDNS0 ne-DNSSEC (okuhlanganisa i-NSEC3), imikhawulo yesilinganiso sokuphendula (RRL) inikeziwe.
Ekukhishweni okusha:
- Kungezwe imodi yenethiwekhi esebenza kahle kakhulu, esetshenziswa kusetshenziswa isistimu engaphansi (I-eXpress Data Path), ehlinzeka ngamathuluzi okucubungula amaphakethe ezingeni lomshayeli wenethiwekhi ngaphambi kokuthi kusetshenzwe isitaki senethiwekhi ye-Linux kernel. Ukuze usebenzise imodi, i-Linux kernel 4.18 noma eyakamuva iyadingeka.
- Usekelo olungeziwe Lwezindawo Zekhathalogi, okwenza kube lula ukugcina amaseva esibili e-DNS. Uma lesi sici sinikwe amandla, esikhundleni sokuchaza amarekhodi ahlukene wendawo ngayinye yesibili kuseva yesibili, ikhathalogi yendawo idluliselwa phakathi kwamaseva ayinhloko nawesibili, ngemva kwalokho izindawo ezidalwe kuseva eyinhloko futhi zimakwe njengezifakiwe kukhathalogi zizozenzakalela. kudalwe kuseva yesibili ngaphandle kwesidingo sokuhlela ukulungiselelwa kwamafayela. Insiza ye-kcatalog yokuphrinta ihlongozwa ukuphatha ikhathalogi.
- Kwengezwe imodi yokuqinisekisa ye-DNSSEC entsha.
- Kwengezwe isisetshenziswa se-kzonesign sokukhiqiza mathupha amasiginesha edijithali ye-DNSSEC.
- Kwengezwe insiza ye-kxdpgun esebenzisa ukusebenza okuphezulu kwe-"DNS phezu kwe-UDP" generator ye-Linux.
- I-kdig yengeza usekelo lwe-DNS nge-HTTPS (DoH), esetshenziswa kusetshenziswa i-GnuTLS kanye ne-libnghttp2.
- Usekelo olungeziwe lokuphathwa kokhiye we-DNSSEC okhiye KSK (Ukhiye Wokusayina Wokhiye) ().
- Usekelo olungeziwe lokukhiqiza okunqunyiwe kwamasiginesha edijithali kusetshenziswa ama-algorithms e-ECDSA (idinga i-GnuTLS 3.6.10 nakamuva ukuze isebenze).
- Indlela ephephile yokwenza isipele nokubuyisela idatha yendawo ye-DNS iyaphakanyiswa.
- Ukusebenza kwemojula “yezibalo” kwenziwe ngcono kakhulu.
- Uma unika amandla imodi enemicu eminingi yokukhiqiza amasiginesha edijithali yezindawo ze-DNS, ukufana kokunye ukusebenza okungeziwe ngamazoni kuyaqinisekiswa.
- Kuthuthukiswe ukusebenza kahle kokugcinwa kwesikhashana kanye nokusebenza kwemibuzo okuthuthukisiwe.
Source: opennet.ru