Masu bi
Farar jerin masu samar da DNS sun haɗa da
Bambanci mai mahimmanci daga aiwatar da DoH a Firefox, wanda a hankali ya kunna DoH ta tsohuwa
Idan ana so, mai amfani zai iya kunna ko kashe DoH ta amfani da saitin "chrome://flags/#dns-over-https". Ana tallafawa hanyoyin aiki guda uku: amintacce, atomatik da kashewa. A cikin yanayin “amintaccen”, ana ƙididdige runduna ne kawai bisa amintattun ƙimar da aka adana a baya (wanda aka karɓa ta hanyar amintaccen haɗi) da buƙatun ta hanyar DoH; ba a amfani da koma baya ga DNS na yau da kullun. A cikin yanayin "atomatik", idan babu DoH da amintaccen cache, za'a iya dawo da bayanai daga ma'ajin mara tsaro da samun dama ta hanyar DNS na gargajiya. A cikin yanayin "kashe", an fara bincika cache ɗin da aka raba kuma idan babu bayanai, ana aika buƙatar ta hanyar tsarin DNS. An saita yanayin ta hanyar
Gwajin don ba da damar DoH za a gudanar da shi a kan duk dandamalin da ke tallafawa a cikin Chrome, ban da Linux da iOS saboda yanayin rashin ƙaranci na saitunan warwarewa da hana damar shiga saitunan DNS. Idan, bayan kunna DoH, akwai matsalolin aika buƙatun zuwa uwar garken DoH (misali, saboda toshewarsa, haɗin yanar gizo ko gazawar), mai binciken zai dawo da saitunan DNS ta atomatik.
Manufar gwajin ita ce ta ƙarshe gwada aiwatar da DoH da nazarin tasirin amfani da DoH akan aiki. Ya kamata a lura cewa a gaskiya goyon bayan DoH ya kasance
Bari mu tuna cewa DoH na iya zama da amfani don hana leaks na bayanai game da sunayen rundunar da ake buƙata ta hanyar sabar DNS na masu samarwa, yaƙar hare-haren MITM da ɓarkewar zirga-zirgar ababen hawa na DNS (misali, lokacin haɗawa da Wi-Fi na jama'a), hana toshewa a DNS. matakin (DoH ba zai iya maye gurbin VPN ba a cikin yanki na toshe toshewa wanda aka aiwatar a matakin DPI) ko don tsara aiki idan ba zai yiwu ba kai tsaye zuwa sabar DNS (misali, lokacin aiki ta hanyar wakili). Idan a cikin yanayi na al'ada ana aika buƙatun DNS kai tsaye zuwa sabar DNS da aka ayyana a cikin tsarin tsarin, to, a cikin yanayin DoH, buƙatar tantance adireshin IP ɗin mai watsa shiri yana cikin zirga-zirgar HTTPS kuma a aika zuwa uwar garken HTTP, inda masu warware matsalar ke aiwatarwa. buƙatun ta hanyar API ɗin Yanar Gizo. Ma'auni na DNSSEC na yanzu yana amfani da ɓoyewa kawai don tabbatar da abokin ciniki da uwar garken, amma baya kare zirga-zirga daga shiga tsakani kuma baya bada garantin sirrin buƙatun.
source: budenet.ru