Firefox Developers
Bayan kunna DoH, ana nuna gargadi ga mai amfani, wanda ke ba da damar, idan ana so, don ƙin tuntuɓar sabar DoH DNS ta tsakiya kuma komawa cikin tsarin gargajiya na aika tambayoyin da ba a ɓoye ba zuwa uwar garken DNS na mai bayarwa. Maimakon abubuwan da aka rarraba na masu warwarewar DNS, DoH yana amfani da ɗaure zuwa takamaiman sabis na DoH, wanda za'a iya la'akari da maki guda na gazawa. A halin yanzu, ana ba da aiki ta hanyar masu samar da DNS guda biyu - CloudFlare (tsoho) da
Canja mai bada ko kashe DoH
Bari mu tuna cewa DoH na iya zama da amfani don hana leaks na bayanai game da sunayen rundunar da ake buƙata ta hanyar sabar DNS na masu samarwa, yaƙar hare-haren MITM da ɓarkewar zirga-zirgar ababen hawa na DNS (misali, lokacin haɗawa da Wi-Fi na jama'a), hana toshewa a DNS. matakin (DoH ba zai iya maye gurbin VPN ba a cikin yanki na toshe toshewa wanda aka aiwatar a matakin DPI) ko don tsara aiki idan ba zai yiwu ba kai tsaye zuwa sabar DNS (misali, lokacin aiki ta hanyar wakili). Idan a cikin yanayi na al'ada ana aika buƙatun DNS kai tsaye zuwa sabar DNS da aka ayyana a cikin tsarin tsarin, to, a cikin yanayin DoH, buƙatar tantance adireshin IP ɗin mai watsa shiri yana cikin zirga-zirgar HTTPS kuma a aika zuwa uwar garken HTTP, inda masu warware matsalar ke aiwatarwa. buƙatun ta hanyar API ɗin Yanar Gizo. Ma'auni na DNSSEC na yanzu yana amfani da ɓoyewa kawai don tabbatar da abokin ciniki da uwar garken, amma baya kare zirga-zirga daga shiga tsakani kuma baya bada garantin sirrin buƙatun.
Don zaɓar masu samar da DoH da aka bayar a Firefox,
Ya kamata a yi amfani da DoH tare da taka tsantsan. Misali, a cikin Tarayyar Rasha, adiresoshin IP 104.16.248.249 da 104.16.249.249 masu alaƙa da tsohuwar uwar garken DoH mozilla.cloudflare-dns.com da aka bayar a Firefox,
Hakanan DoH na iya haifar da matsaloli a fannoni kamar tsarin kula da iyaye, samun damar yin amfani da wuraren suna a cikin tsarin kamfanoni, zaɓin hanya a cikin tsarin haɓaka abun ciki, da bin umarnin kotu a fagen yaƙi da rarraba abubuwan da ba bisa ka'ida ba da kuma amfani da su. kananan yara. Don kauce wa irin waɗannan matsalolin, an aiwatar da tsarin dubawa kuma an gwada shi wanda ke kashe DoH ta atomatik a ƙarƙashin wasu sharuɗɗa.
Don gano masu warwarewar kasuwanci, ana bincika wuraren yanki na matakin farko (TLDs) kuma mai warware tsarin ya dawo da adiresoshin intanet. Don sanin ko ana kunna ikon iyaye, ana ƙoƙarin warware sunan exampleadultsite.com kuma idan sakamakon bai dace da ainihin IP ba, ana ɗaukar cewa toshe abun ciki na manya yana aiki a matakin DNS. Ana kuma bincika adiresoshin IP na Google da YouTube a matsayin alamu don ganin ko an maye gurbinsu da restrict.youtube.com, forcefesearch.google.com da restrictmoderate.youtube.com. Waɗannan gwaje-gwajen suna ba da damar maharan waɗanda ke sarrafa aikin mai warwarewa ko kuma ke da ikon kutsawa cikin zirga-zirga don yin kwatankwacin irin wannan ɗabi'ar don murkushe ɓoyayyen zirga-zirgar DNS.
Yin aiki ta hanyar sabis na DoH guda ɗaya na iya haifar da matsaloli tare da haɓaka zirga-zirgar ababen hawa a cikin hanyoyin sadarwar abun ciki waɗanda ke daidaita zirga-zirga ta amfani da DNS (Sabar DNS na cibiyar sadarwar CDN ta haifar da amsa la'akari da adireshin mai warwarewa kuma yana ba da mafi kusancin masaukin don karɓar abun ciki). Aika tambaya ta DNS daga mai warwarewa mafi kusa da mai amfani a cikin irin waɗannan CDNs yana haifar da dawo da adireshin mai watsa shiri mafi kusa da mai amfani, amma aika tambayar DNS daga mai warwarewa ta tsakiya zai dawo da adireshin mai masaukin kusa da uwar garken DNS-over-HTTPS. . Gwaji a aikace ya nuna cewa yin amfani da DNS-over-HTTP lokacin amfani da CDN ya haifar da kusan babu jinkiri kafin fara canja wurin abun ciki (don haɗin sauri, jinkirin bai wuce millisecond 10 ba, kuma har ma an lura da saurin aiki akan jinkirin tashoshi na sadarwa. ). An kuma yi la'akari da yin amfani da tsawo na EDNS Client Subnet don samar da bayanin wurin abokin ciniki ga mai warware CDN.
source: budenet.ru