Ukukhishwa kweseva ye-DNS yenqolobane ye-PowerDNS Recursor 4.6 kuyatholakala, enesibopho sokulungiswa kwamagama okuphindaphindayo. I-PowerDNS Recursor yakhelwe phezu kwesisekelo sekhodi esifanayo ne-PowerDNS Authoritative Server, kodwa amaseva e-DNS e-PowerDNS aphindaphindayo futhi anegunya athuthukiswa ngemijikelezo ehlukene yokuthuthukisa futhi akhululwa njengemikhiqizo ehlukene. Ikhodi yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-GPLv2.
Iseva ihlinzeka ngamathuluzi okuqoqwa kwezibalo ezikude, isekela ukuqalisa kabusha okusheshayo, inenjini eyakhelwe ngaphakathi yokuxhuma izibambi ngolimi lwesiLua, isekela ngokugcwele i-DNSSEC, i-DNS64, i-RPZ (Izindawo Zenqubomgomo Yezimpendulo), futhi ikuvumela ukuthi uxhume izinhlu ezivinjelwe. Kungenzeka ukurekhoda imiphumela yokulungiswa njengamafayela wendawo ye-BIND. Ukuqinisekisa ukusebenza okuphezulu, izindlela zesimanje zokuxhumanisa eziningi zisetshenziswa ku-FreeBSD, Linux kanye ne-Solaris (kqueue, epoll, /dev/poll), kanye nesihlaluli sephakethe se-DNS esisebenza kahle esikwazi ukucubungula amashumi ezinkulungwane zezicelo ezifanayo.
Enguqulweni entsha:
- Kwengezwe umsebenzi othi “Zone to Cache”, okuvumela ukuthi ubuyise ngezikhathi ezithile indawo ye-DNS bese ufaka okuqukethwe kuyo kunqolobane, ukuze inqolobane ihlale isesimweni “sokushisa” futhi iqukethe idatha ehlotshaniswa nendawo. Umsebenzi ungasetshenziswa nanoma yiluphi uhlobo lwendawo, okuhlanganisa impande. Ukubuyisa indawo kungenziwa kusetshenziswa i-DNS AXFR, i-HTTP, i-HTTPS, noma ngokulayisha kusuka kufayela lendawo.
- Kungenzeka ukusetha kabusha okufakiwe kusuka kunqolobane ngemuva kokuthola izicelo zesaziso ezingenayo.
- Kwengezwe usekelo lokubethela amakholi kumaseva e-DNS kusetshenziswa i-DoT (DNS phezu kwe-TLS). Ngokuzenzakalelayo, i-DoT inikwa amandla uma ucacisa imbobo 853 Yesidluliseli se-DNS noma uma ubeka ngokucacile amaseva e-DNS ngokusebenzisa ipharamitha yamachashazi-kuya-amagama-amagama. Ukuqinisekiswa kwesitifiketi akukenziwa, njengoba kunjalo ngokushintshela ku-DoT ngokuzenzekelayo kanye nokusekelwa kwayo yiseva ye-DNS (lezi zici zizonikwa amandla ngemva kokugunyazwa yikomiti lokulinganisa).
- Ikhodi yokusungula uxhumo oluphumayo lwe-TCP ibhalwe kabusha, futhi amandla okusebenzisa kabusha ukuxhumeka angeziwe. Ukuze usebenzise kabusha ukuxhumeka kwe-TCP (kanye ne-DoT), ukuxhumeka akusavaliwe ngokushesha ngemva kokucubungula isicelo, kodwa kushiywa kuvuliwe isikhathi esithile (ukuziphatha kulawulwa ukulungiselelwa kwe-tcp-out-max-idle-ms).
- Uhlu lwamamethrikhi aqoqiwe futhi athunyelwa ngaphandle anezibalo nolwazi lwezinhlelo zokuqapha lunwetshiwe.
- Kwengezwe isici sokuhlola Sokulandelela Umcimbi esikuvumela ukuthi uthole ulwazi oluningiliziwe mayelana nesikhathi sokwenziwa sesigaba sokulungiswa ngasinye.
Source: opennet.ru