Ua raws li Google tuam txhab hais txog lub hom phiaj los ua qhov kev sim los sim "DNS dhau HTTPS" (DoH, DNS dhau HTTPS) kev siv tau tsim rau Chrome browser. Chrome 78, teem rau Lub Kaum Hli 22nd, yuav muaj qee cov neeg siv los ntawm lub neej ntawd siv DoH. Tsuas yog cov neeg siv uas nws qhov kev teeb tsa tam sim no qhia qee cov chaw muab kev pabcuam DNS pom tau tias yog sib xws nrog DoH yuav koom nrog hauv kev sim ua kom DoH.
Cov npe dawb ntawm cov chaw muab DNS suav nrog Google (8.8.8.8, 8.8.4.4, CloudFlare (1.1.1.1), Khaub Ncaws (1.0.0.1. 208.67.222.222, 208.67.220.220) thiab DNS.SB (9, 9.9.9.9). Yog tias tus neeg siv qhov chaw DNS qhia ib qho ntawm cov lus hais saum toj no DNS servers, DoH hauv Chrome yuav qhib los ntawm lub neej ntawd. Rau cov neeg siv DNS servers muab los ntawm lawv lub chaw muab kev pabcuam hauv Is Taws Nem, txhua yam yuav nyob twj ywm tsis hloov pauv thiab tus neeg daws teeb meem yuav txuas ntxiv siv rau cov lus nug DNS.
Qhov sib txawv tseem ceeb los ntawm kev siv DoH hauv Firefox, uas maj mam qhib DoH los ntawm lub neej ntawd twb thaum kawg lub Cuaj Hli, yog qhov tsis muaj kev khi rau ib qho kev pabcuam DoH. Yog tias hauv Firefox los ntawm lub neej ntawd CloudFlare DNS neeg rau zaub mov, tom qab ntawd Chrome tsuas yog hloov kho txoj kev ua haujlwm nrog DNS rau qhov kev pabcuam sib npaug, yam tsis hloov DNS tus muab kev pabcuam. Piv txwv li, yog tias tus neeg siv muaj DNS 8.8.8.8 teev nyob rau hauv lub kaw lus, ces Chrome yuav Google DoH kev pabcuam (βhttps://dns.google.com/dns-queryβ), yog DNS yog 1.1.1.1, ces Cloudflare DoH kev pabcuam (βhttps://cloudflare-dns.com/dns-queryβ) Thiab
Yog xav tau, tus neeg siv tuaj yeem pab lossis lov tes taw DoH siv qhov "chrome://flags/#dns-over-https" teeb tsa. Peb hom kev khiav hauj lwm tau txais kev txhawb nqa: ruaj ntseg, tsis siv neeg thiab tawm. Hauv "kev nyab xeeb" hom, cov tswv tau txiav txim siab tsuas yog raws li yav tas los cached ruaj ntseg qhov tseem ceeb (tau txais los ntawm kev sib txuas ruaj ntseg) thiab kev thov ntawm DoH; rov qab mus rau DNS li niaj zaus tsis siv. Hauv hom "tsis siv neeg", yog tias DoH thiab cov cache ruaj ntseg tsis muaj, cov ntaub ntawv tuaj yeem rov qab tau los ntawm cov cache tsis ruaj ntseg thiab nkag mus los ntawm cov tsoos DNS. Hauv "tawm" hom, qhov sib koom cache yog thawj zaug kuaj xyuas thiab yog tias tsis muaj cov ntaub ntawv, qhov kev thov raug xa los ntawm qhov system DNS. Hom yog teem los ntawm kDnsOverHttpsMode , thiab tus neeg rau zaub mov mapping template los ntawm kDnsOverHttpsTemplates.
Qhov kev sim ua kom DoH yuav ua tiav ntawm txhua lub platform uas txhawb nqa hauv Chrome, tshwj tsis yog Linux thiab iOS vim qhov tsis tseem ceeb ntawm kev txheeb xyuas qhov teeb meem daws teeb meem thiab txwv tsis pub nkag mus rau qhov system DNS chaw. Yog tias, tom qab qhib DoH, muaj teeb meem xa cov lus thov mus rau DoH server (piv txwv li, vim nws qhov thaiv, kev sib txuas hauv network lossis tsis ua haujlwm), tus browser yuav cia li rov qab qhov system DNS nqis.
Lub hom phiaj ntawm kev sim yog txhawm rau ntsuas qhov kawg ntawm kev siv DoH thiab kawm txog qhov cuam tshuam ntawm kev siv DoH ntawm kev ua haujlwm. Nws yuav tsum raug sau tseg tias qhov tseeb DoH kev txhawb nqa yog rau hauv Chrome codebase rov qab rau lub Ob Hlis, tab sis kom teeb tsa thiab pab kom DoH launching Chrome nrog tus chij tshwj xeeb thiab cov txheej txheem tsis pom tseeb.
Cia peb nco qab tias DoH tuaj yeem muaj txiaj ntsig zoo rau kev tiv thaiv kev xau ntawm cov ntaub ntawv hais txog cov npe thov los ntawm DNS servers ntawm cov chaw muab kev pabcuam, tiv thaiv MITM kev tawm tsam thiab DNS kev spoofing (piv txwv li, thaum txuas rau pej xeem Wi-Fi), tiv thaiv kev thaiv ntawm DNS theem (DoH tsis tuaj yeem hloov lub VPN hauv thaj tsam ntawm kev hla kev thaiv kev siv ntawm DPI qib) lossis rau kev teeb tsa ua haujlwm yog tias nws tsis tuaj yeem nkag mus rau DNS servers ncaj qha (piv txwv li, thaum ua haujlwm los ntawm lub npe). Yog tias nyob rau hauv ib qho xwm txheej DNS thov raug xa ncaj qha mus rau DNS servers uas tau teev tseg hauv qhov system teeb tsa, tom qab ntawd hauv DoH, qhov kev thov kom txiav txim siab tus tswv tsev IP chaw nyob yog encapsulated hauv HTTPS tsheb thiab xa mus rau HTTP server, qhov twg cov txheej txheem daws teeb meem. thov los ntawm Web API. Tus txheej txheem DNSSEC uas twb muaj lawm siv encryption tsuas yog txhawm rau txheeb xyuas tus neeg siv khoom thiab cov neeg rau zaub mov, tab sis tsis tiv thaiv kev tsheb los ntawm kev cuam tshuam thiab tsis lees paub qhov tsis pub lwm tus paub ntawm kev thov.
Tau qhov twg los: opennet.ru