ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Yuav ua li cas DNSCrypt daws qhov teeb meem ntawm daim ntawv pov thawj tas sij hawm los ntawm kev qhia lub sijhawm siv tau 24-teev

Yuav ua li cas DNSCrypt daws qhov teeb meem ntawm daim ntawv pov thawj tas sij hawm los ntawm kev qhia lub sijhawm siv tau 24-teev

Yuav ua li cas DNSCrypt daws qhov teeb meem ntawm daim ntawv pov thawj tas sij hawm los ntawm kev qhia lub sijhawm siv tau 24-teev

Yav dhau los, daim ntawv pov thawj feem ntau tas sij hawm vim lawv yuav tsum tau rov ua dua manually. Tib neeg tsuas tsis nco qab ua li ntawd. Nrog rau qhov tshwm sim ntawm Let's Encrypt thiab cov txheej txheem hloov tshiab tsis siv neeg, nws zoo li qhov teeb meem yuav tsum tau daws. Tab sis tsis ntev los no Firefox dab neeg qhia tias nws yog, qhov tseeb, tseem cuam tshuam. Hmoov tsis zoo, daim ntawv pov thawj tseem yuav tas sijhawm.

Yog tias koj tsis nco qab zaj dab neeg, thaum ib tag hmo thaum lub Tsib Hlis 4, 2019, yuav luag tag nrho Firefox txuas ntxiv tam sim ntawd nres ua haujlwm.

Raws li nws tau muab tawm, qhov ua tsis tiav loj tshwm sim vim qhov tseeb tias Mozilla daim ntawv pov thawj tau tas sij hawm, uas tau siv los kos npe txuas ntxiv. Yog li ntawd, lawv tau raug cim tias "tsis raug" thiab tsis raug txheeb xyuas (kev paub meej). Nyob rau hauv lub forums, raws li ib tug workaround, nws tau pom zoo kom lov tes taw extension kos npe pov thawj nyob rau hauv txog: config los yog hloov lub kaw lus moos.

Mozilla tau tso tawm sai sai rau Firefox 66.0.4 thaj, uas daws qhov teeb meem nrog daim ntawv pov thawj tsis raug, thiab txhua qhov txuas ntxiv rov qab mus rau qhov qub. Cov neeg tsim khoom pom zoo kom txhim kho nws thiab tsis txhob siv tsis muaj workarounds los hla kev kos npe pov thawj vim tias lawv tuaj yeem cuam tshuam nrog thaj.

Txawm li cas los xij, zaj dab neeg no ib zaug qhia tias daim ntawv pov thawj tas sij hawm tseem yog qhov teeb meem tseem ceeb niaj hnub no.

Nyob rau hauv no hais txog, nws yog nthuav kom saib ib tug theej thawj txoj kev yuav ua li cas cov txheej txheem developers tau ua hauj lwm nrog rau txoj hauj lwm no DNSCrypt. Lawv cov tshuaj tuaj yeem muab faib ua ob ntu. Ua ntej, cov no yog daim ntawv pov thawj luv luv. Qhov thib ob, ceeb toom rau cov neeg siv txog qhov tas sij hawm ntawm cov khoom mus sij hawm ntev.

DNSCrypt

Yuav ua li cas DNSCrypt daws qhov teeb meem ntawm daim ntawv pov thawj tas sij hawm los ntawm kev qhia lub sijhawm siv tau 24-teevDNSCrypt yog DNS tsheb encryption raws tu qauv. Nws tiv thaiv DNS kev sib txuas lus los ntawm kev cuam tshuam thiab MiTM, thiab tseem tso cai rau koj hla kev thaiv ntawm cov lus nug DNS.

Cov txheej txheem wraps DNS tsheb khiav ntawm cov neeg siv khoom thiab cov neeg rau zaub mov hauv kev tsim cryptographic, ua haujlwm dhau UDP thiab TCP thauj cov txheej txheem. Txhawm rau siv nws, ob tus neeg siv khoom thiab tus neeg daws teeb meem DNS yuav tsum txhawb nqa DNSCrypt. Piv txwv li, txij li lub Peb Hlis 2016, nws tau qhib rau nws cov DNS servers thiab hauv Yandex browser. Ntau tus neeg muab kev pabcuam kuj tau tshaj tawm txog kev txhawb nqa, suav nrog Google thiab Cloudflare. Hmoov tsis zoo, tsis muaj ntau ntawm lawv (152 pej xeem DNS servers tau teev nyob rau hauv lub vev xaib raug cai). Tab sis qhov program dnscrypt-proxy tuaj yeem ntsia tau manually ntawm Linux, Windows thiab MacOS cov neeg siv khoom. Tseem muaj kev siv server.

Yuav ua li cas DNSCrypt daws qhov teeb meem ntawm daim ntawv pov thawj tas sij hawm los ntawm kev qhia lub sijhawm siv tau 24-teev

DNSCrypt ua haujlwm li cas? Hauv luv luv, tus neeg siv khoom siv tus yuam sij pej xeem ntawm tus kws kho mob xaiv thiab siv nws los txheeb xyuas nws cov ntawv pov thawj. Lub sij hawm luv luv rau pej xeem cov yuam sij rau kev sib kho thiab cov cim cim cim cim tau nyob ntawd. Cov neeg siv khoom raug txhawb kom tsim tus yuam sij tshiab rau txhua qhov kev thov, thiab cov servers raug txhawb kom hloov cov yuam sij txhua 24 teev. Thaum sib pauv cov yuam sij, X25519 algorithm yog siv, kos npe - EdDSA, rau thaiv encryption - XSalsa20-Poly1305 lossis XChaCha20-Poly1305.

Ib qho ntawm cov txheej txheem tsim tawm Frank Denis nws sau hais tiasuas tsis siv neeg hloov txhua 24 teev daws teeb meem ntawm daim ntawv pov thawj tas sij hawm. Hauv cov ntsiab lus, dnscrypt-proxy reference client lees txais daim ntawv pov thawj nrog rau lub sijhawm siv tau, tab sis teeb meem ceeb toom "Lub sijhawm dnscrypt-proxy tus yuam sij rau lub server no ntev dhau lawm" yog tias nws siv tau ntau dua 24 teev. Nyob rau tib lub sijhawm, Docker duab raug tso tawm, uas hloov pauv ceev ntawm cov yuam sij (thiab daim ntawv pov thawj) tau ua tiav.

Ua ntej, nws yog qhov tseem ceeb heev rau kev ruaj ntseg: yog tias tus neeg rau zaub mov raug cuam tshuam los yog tus yuam sij tau xau, nag hmo cov tsheb tsis tuaj yeem decrypted. Tus yuam sij twb hloov lawm. Qhov no yuav ua rau muaj teeb meem rau kev ua raws li Yarovaya Txoj Cai, uas yuam cov neeg muab kev pabcuam khaws cia tag nrho cov tsheb khiav, suav nrog kev nkag mus nkag. Qhov cuam tshuam yog tias nws tuaj yeem tom qab decrypted yog tias tsim nyog los ntawm kev thov tus yuam sij los ntawm lub xaib. Tab sis qhov no, lub xaib tsuas yog tsis tuaj yeem muab nws, vim nws siv cov yuam sij luv luv, tshem tawm cov qub.

Tab sis qhov tseem ceeb tshaj plaws, Denis sau, cov yuam sij luv luv yuam cov servers teeb tsa automation txij hnub ib. Yog tias tus neeg rau zaub mov txuas rau lub network thiab cov ntawv hloov pauv tseem ceeb tsis tau teeb tsa lossis tsis ua haujlwm, qhov no yuav raug kuaj pom tam sim ntawd.

Thaum automation hloov cov yuam sij txhua ob peb xyoos, nws tsis tuaj yeem tso siab rau, thiab tib neeg tuaj yeem tsis nco qab txog daim ntawv pov thawj tas sijhawm. Yog tias koj hloov cov yuam sij txhua hnub, qhov no yuav raug kuaj pom tam sim ntawd.

Nyob rau tib lub sijhawm, yog tias automation raug teeb tsa ib txwm, ces nws tsis muaj teeb meem ntau npaum li cas cov yuam sij raug hloov: txhua xyoo, txhua lub quarter lossis peb zaug hauv ib hnub. Yog tias txhua yam ua haujlwm ntev dua 24 teev, nws yuav ua haujlwm mus ib txhis, sau Frank Denis. Raws li nws, qhov kev pom zoo ntawm kev hloov pauv txhua hnub nyob rau hauv qhov thib ob version ntawm cov txheej txheem, ua ke nrog cov duab npaj ua Docker uas siv nws, txo cov naj npawb ntawm cov servers nrog daim ntawv pov thawj tas sijhawm, thaum tib lub sijhawm txhim kho kev ruaj ntseg.

Txawm li cas los xij, qee tus neeg muab kev pabcuam tseem txiav txim siab, rau qee qhov laj thawj, los teeb tsa lub sijhawm siv tau daim ntawv pov thawj rau ntau tshaj 24 teev. Qhov teeb meem no tau daws teeb meem loj nrog ob peb kab ntawm cov cai hauv dnscrypt-proxy: cov neeg siv tau txais cov ntaub ntawv ceeb toom 30 hnub ua ntej daim ntawv pov thawj tas sij hawm, lwm cov lus uas muaj qib siab dua 7 hnub ua ntej tas sij hawm, thiab cov lus tseem ceeb yog tias daim ntawv pov thawj muaj qhov seem. siv tau. tsawg dua 24 teev. Qhov no tsuas yog siv rau cov ntawv pov thawj uas pib muaj lub sijhawm siv tau ntev.

Cov lus no muab sijhawm rau cov neeg siv los ceeb toom rau DNS cov neeg ua haujlwm ntawm daim ntawv pov thawj yuav tas sijhawm ua ntej nws lig dhau lawm.

Tej zaum yog tias txhua tus neeg siv Firefox tau txais cov lus zoo li no, ces ib tus neeg yuav ceeb toom rau cov neeg tsim khoom thiab lawv yuav tsis tso cai rau daim ntawv pov thawj tas sijhawm. "Kuv tsis nco qab ib tus DNSCrypt servers ntawm cov npe ntawm cov pej xeem DNS servers uas tau muaj nws daim ntawv pov thawj tas sij hawm nyob rau hauv ob lossis peb xyoos dhau los," sau Frank Denis. Txawm li cas los xij, tej zaum nws yuav zoo dua los ceeb toom cov neeg siv ua ntej es tsis ua haujlwm txuas ntxiv yam tsis muaj kev ceeb toom.

Yuav ua li cas DNSCrypt daws qhov teeb meem ntawm daim ntawv pov thawj tas sij hawm los ntawm kev qhia lub sijhawm siv tau 24-teev


Tau qhov twg los: www.hab.com

Ntxiv ib saib