ProHoster > Блог > labaran intanet > Mozilla ta gabatar da mai ba da sabis na DNS-over-HTTPS na uku don Firefox

Mozilla ta gabatar da mai ba da sabis na DNS-over-HTTPS na uku don Firefox

Kamfanin Mozilla kammala yarjejeniya tare da masu samar da DNS na uku akan HTTPS (DoH, DNS akan HTTPS) don Firefox. Baya ga sabobin DNS da aka bayar a baya CloudFlare ("https://1.1.1.1/dns-query") da kuma DNS na gaba (https://dns.nextdns.io/id), Hakanan za a haɗa sabis ɗin Comcast a cikin saitunan (https://doh.xfinity.com/dns-query). Kunna DoH kuma zaɓi mai badawa iya a cikin saitunan haɗin cibiyar sadarwa.

Bari mu tuna cewa Firefox 77 ya haɗa da DNS akan gwajin HTTPS tare da kowane abokin ciniki yana aika buƙatun gwaji 10 kuma yana zaɓar mai bada DoH ta atomatik. Dole ne a kashe wannan cak a cikin sakin 77.0.1, Tun da ya juya zuwa wani nau'i na harin DDoS akan sabis na NextDNS, wanda ba zai iya jimre wa nauyin ba.

Ana zaɓar masu samar da DoH da aka bayar a Firefox bisa ga bukatun zuwa amintattun masu yanke shawara na DNS, bisa ga abin da ma'aikacin DNS zai iya amfani da bayanan da aka karɓa don ƙuduri kawai don tabbatar da aikin sabis ɗin, ba dole ba ne ya adana rajistan ayyukan fiye da sa'o'i 24, ba zai iya canja wurin bayanai zuwa wasu kamfanoni ba kuma yana da alhakin bayyana bayanai game da su. hanyoyin sarrafa bayanai. Sabis ɗin kuma dole ne ya yarda ba don tantancewa, tacewa, tsoma baki ko toshe zirga-zirgar DNS ba, sai dai cikin yanayin da doka ta tanadar.

Hakanan ana iya lura da abubuwan da suka shafi DNS-over-HTTPS yanke shawara Apple zai aiwatar da tallafi don DNS-over-HTTPS da DNS-over-TLS a cikin sakin iOS 14 da macOS 11 na gaba, haka kuma kara goyan bayan kari na WebExtension a cikin Safari.

Bari mu tuna cewa DoH na iya zama da amfani don hana leaks na bayanai game da sunayen rundunar da ake buƙata ta hanyar sabar DNS na masu samarwa, yaƙar hare-haren MITM da ɓarkewar zirga-zirgar ababen hawa na DNS (misali, lokacin haɗawa da Wi-Fi na jama'a), hana toshewa a DNS. matakin (DoH ba zai iya maye gurbin VPN ba a cikin yanki na toshe toshewa wanda aka aiwatar a matakin DPI) ko don tsara aiki idan ba zai yiwu ba kai tsaye zuwa sabar DNS (misali, lokacin aiki ta hanyar wakili). Idan a cikin yanayi na al'ada ana aika buƙatun DNS kai tsaye zuwa sabar DNS da aka ayyana a cikin tsarin tsarin, to, a cikin yanayin DoH, buƙatar tantance adireshin IP ɗin mai watsa shiri yana cikin zirga-zirgar HTTPS kuma a aika zuwa uwar garken HTTP, inda masu warware matsalar ke aiwatarwa. buƙatun ta hanyar API ɗin Yanar Gizo. Ma'auni na DNSSEC na yanzu yana amfani da ɓoyewa kawai don tabbatar da abokin ciniki da uwar garken, amma baya kare zirga-zirga daga shiga tsakani kuma baya bada garantin sirrin buƙatun.

source: budenet.ru

Add a comment