Google game da farkon haɗawa da lokaci (DoH, DNS akan HTTPS) don masu amfani da Chrome 85 ta amfani da dandamalin Android. Za a kunna yanayin a hankali, yana rufe ƙarin masu amfani. A baya a An fara kunna DNS-over-HTTPS don masu amfani da tebur.
DNS-over-HTTPS za a kunna ta atomatik ga masu amfani waɗanda saitunan su ke ƙayyadad da masu samar da DNS waɗanda ke goyan bayan wannan fasaha (don DNS-over-HTTPS ana amfani da mai bada iri ɗaya azaman na DNS). Misali, idan mai amfani yana da DNS 8.8.8.8 da aka ƙayyade a cikin saitunan tsarin, to Google's DNS-over-HTTPS sabis ("https://dns.google.com/dns-query") za a kunna a Chrome idan DNS shine 1.1.1.1 , sannan sabis na DNS-over-HTTPS Cloudflare ("https://cloudflare-dns.com/dns-query"), da dai sauransu.
Don kawar da matsaloli tare da warware hanyoyin sadarwar intranet na kamfani, ba a amfani da DNS-over-HTTPS lokacin da ake tantance amfani da mai bincike a cikin tsarin sarrafawa na tsakiya. Hakanan ana kashe DNS-over-HTTPS lokacin da aka shigar da tsarin kulawar iyaye. Idan akwai gazawa a cikin aikin DNS-over-HTTPS, yana yiwuwa a jujjuya saituna zuwa DNS na yau da kullun. Don sarrafa aikin DNS-over-HTTPS, an ƙara zaɓuɓɓuka na musamman a cikin saitunan burauzar da ke ba ku damar kashe DNS-over-HTTPS ko zaɓi wani mai bada sabis na daban.
Bari mu tuna cewa DNS-over-HTTPS na iya zama da amfani don hana leaks na bayanai game da sunan rundunar da aka nema ta hanyar sabar DNS na masu samarwa, yaƙar hare-haren MITM da ɓarkewar zirga-zirgar ababen hawa na DNS (misali, lokacin haɗawa da Wi-Fi na jama'a), magancewa. toshewa a matakin DNS (DNS-over-HTTPS ba zai iya maye gurbin VPN ba ta hanyar toshewa da aka aiwatar a matakin DPI) ko don tsara aiki lokacin da ba zai yuwu a kai tsaye zuwa sabar DNS ba (misali, lokacin aiki ta hanyar wakili). Idan a cikin yanayin al'ada ana aika buƙatun DNS kai tsaye zuwa sabobin DNS waɗanda aka ayyana a cikin tsarin tsarin, to, a cikin yanayin DNS-over-HTTPS buƙatun don tantance adireshin IP ɗin mai masaukin yana cikin zirga-zirgar HTTPS kuma a aika zuwa sabar HTTP, inda. mai warwarewa yana aiwatar da buƙatun ta hanyar API na Yanar Gizo. Ma'auni na DNSSEC na yanzu yana amfani da ɓoyewa kawai don tabbatar da abokin ciniki da uwar garken, amma baya kare zirga-zirga daga shiga tsakani kuma baya bada garantin sirrin buƙatun.
source: budenet.ru