Kamupene Cloudflare DNS tūmatanui i ngā wāhi noho:
- 1.1.1.1
- 1.0.0.1
- 2606: 4700: 4700 1111 ::
- 2606: 4700: 4700 1001 ::
E kii ana ka whakamahia he kaupapa here "Tūmataititanga tuatahi", kia pai ai nga kaiwhakamahi ki nga korero o a raatau tono.
He rawe te ratonga na te mea, i tua atu i te DNS o mua, ka whai waahi ki te whakamahi i nga hangarau DNS-over-TLS и DNS-over-HTTPS, ka tino aukati i nga kaiwhakarato ki te whakarongo ki o tono i te ara tono - me te kohi tatauranga, te aro turuki, me te whakahaere panui. E kii ana a Cloudflare ko te ra panui (Aperira 1, 2018, 04/01 ranei i roto i te tuhipoka Amerika) kaore i whiriwhiria na te tupono noa: i tehea ra o te tau ka whakaatuhia "e wha nga waahanga"?
I te mea he mohio hangarau te hunga whakarongo a Habr, ko te waahanga tuku iho "he aha tatou e hiahia ai ki te DNS?" Ka hoatu e ahau ki te mutunga o te panui, a ka whakaatu ahau i nga mea tino pai ake:
Me pehea te whakamahi i te ratonga hou?
Ko te mea ngawari ko te tohu i nga wahitau tūmau DNS i runga ake nei i roto i to kaihoko DNS (he mea whakarunga ranei i roto i nga tautuhinga o te tūmau DNS rohe e whakamahia ana e koe). He mea tika ki te whakakapi i nga uara o mua? (8.8.8.8, me etahi atu), he iti noa iho ranei (77.88.8.8 me etahi atu e rite ana ki a raatau) ki nga kaitoro mai i Cloudflare - ma ratou e whakatau maau, engari he korero mo te timatanga te tere o nga whakautu, e ai ki a Cloudflare he tere ake te mahi i nga whakataetae katoa (kia whakamaramatia e au: ko nga ine i mahia e tetahi ratonga tuatoru, me te tere ki tetahi kaihoko motuhake, he rereke pea).
He pai ake te mahi me nga tikanga hou e rere ai te tono ki te kaimau ma te hononga whakamunatia (mehemea, ka whakahokia mai te whakautu ma roto), ko te DNS-over-TLS me te DNS-over-HTTPS kua whakahuahia. Heoi ano, kaore i te tautokohia i waho o te pouaka (e whakapono ana nga kaituhi he "ano" tenei), engari ko te whakarite i a raatau mahi i roto i to rorohiko (tae noa ki to taputapu) ehara i te mea uaua:
DNS i runga HTTPs (DoH)
E ai ki te ingoa, ka puta te whakawhitiwhiti korero i runga i te hongere HTTPS, e kii ana
- te aroaro o te taunga (mutunga) - kei te waahi a
- he kiritaki ka taea te tuku tono me te whiwhi whakautu.
Ka taea nga tono ki te DNS Wireformat kua tautuhia ki roto (i tukuna ma te whakamahi i nga tikanga POST me te GET HTTP), i te whakatakotoranga JSON ranei (ma te whakamahi i te tikanga GET HTTP). Ki ahau ake nei, ko te whakaaro ki te hanga patai DNS ma nga tono HTTP he ahua ohorere, engari he kowhatu tika kei roto: ko taua tono ka paahi nga punaha tātari waka, he maamaa noa nga whakautu, he ngawari ake te whakaputa tono. Ko nga whare pukapuka taunga me nga kawa te kawenga mo te haumarutanga.
Tauira patai, tika mai i nga tuhinga:
TIKI tono i roto i te hōputu Waearere DNS
$ curl -v "https://cloudflare-dns.com/dns-query?ct=application/dns-udpwireformat&dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB" | hexdump
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f968700a400)
GET /dns-query?ct=application/dns-udpwireformat&dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB HTTP/2
Host: cloudflare-dns.com
User-Agent: curl/7.54.0
Accept: */*
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
HTTP/2 200
date: Fri, 23 Mar 2018 05:14:02 GMT
content-type: application/dns-udpwireformat
content-length: 49
cache-control: max-age=0
set-cookie: __cfduid=dd1fb65f0185fadf50bbb6cd14ecbc5b01521782042; expires=Sat, 23-Mar-19 05:14:02 GMT; path=/; domain=.cloudflare.com; HttpOnly
server: cloudflare-nginx
cf-ray: 3ffe69838a418c4c-SFO-DOG
{ [49 bytes data]
100 49 100 49 0 0 493 0 --:--:-- --:--:-- --:--:-- 494
* Connection #0 to host cloudflare-dns.com left intact
0000000 ab cd 81 80 00 01 00 01 00 00 00 00 03 77 77 77
0000010 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00
0000020 01 c0 0c 00 01 00 01 00 00 0a 8b 00 04 5d b8 d8
0000030 22
0000031Tono POST i roto i te DNS Wireformat
$ echo -n 'q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' | base64 -D | curl -H 'Content-Type: application/dns-udpwireformat' --data-binary @- https://cloudflare-dns.com/dns-query -o - | hexdump
{ [49 bytes data]
100 49 100 49 0 0 493 0 --:--:-- --:--:-- --:--:-- 494
* Connection #0 to host cloudflare-dns.com left intact
0000000 ab cd 81 80 00 01 00 01 00 00 00 00 03 77 77 77
0000010 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00
0000020 01 c0 0c 00 01 00 01 00 00 0a 8b 00 04 5d b8 d8
0000030 22
0000031
He rite tonu, engari ma te whakamahi i a JSON
$ curl 'https://cloudflare-dns.com/dns-query?ct=application/dns-json&name=example.com&type=AAAA'
{
"Status": 0,
"TC": false,
"RD": true,
"RA": true,
"AD": true,
"CD": false,
"Question": [
{
"name": "example.com.",
"type": 1
}
],
"Answer": [
{
"name": "example.com.",
"type": 1,
"TTL": 1069,
"data": "93.184.216.34"
}
]
}Maamaa, he iti noa (mehemea) ka taea e nga kaitarai kaainga te mahi me te DNS penei, engari ehara tenei i te mea ka kore e puta te tautoko apopo - a, he mea whakamiharo, i konei ka taea e taatau te mahi me te DNS i roto i ta maatau tono (penei i mua. , kei runga noa i nga tūmau Cloudflare).
DNS mo TLS
Ma te taunoa, ka tukuna nga patai DNS kaore he whakamunatanga. Ko te DNS i runga i te TLS he huarahi ki te tuku i a raatau ma te hononga haumaru. Ka tautoko a Cloudflare i te DNS i runga i te TLS i runga i te tauranga paerewa 853 kua tohua . Ka whakamahia e tenei he tiwhikete i tukuna mo te manaaki cloudflare-dns.com, TLS 1.2 me TLS 1.3 e tautokohia ana.
Ko te whakarite hononga me te mahi me te kawa ka penei:
- I mua i te whakatuu hononga ki te DNS, ka penapenahia e te kiritaki he hash SHA64 kua whakawaehereherehia o te tiwhikete TLS cloudflare-dns.com (e kiia ana ko SPKI)
- Ka whakatauhia e te kiritaki DNS he hononga TCP ki cloudflare-dns.com:853
- Ka timata te kiritaki DNS i te tikanga ruru ringa TLS
- I te wa o te ruru a TLS, ka tukuna e te kaihautu cloudflare-dns.com tana tiwhikete TLS.
- Kia tau te hononga TLS, ka taea e te kaihoko DNS te tuku patai DNS ki runga i tetahi hongere haumaru, e kore ai e ruru me te tinihanga o nga tono me nga whakautu.
- Ko nga tono DNS katoa ka tukuna ma te hononga TLS me u ki nga korero e ai ki .
He tauira o te tono ma te DNS ma TLS:
$ kdig -d @1.1.1.1 +tls-ca +tls-host=cloudflare-dns.com example.com
;; DEBUG: Querying for owner(example.com.), class(1), type(1), server(1.1.1.1), port(853), protocol(TCP)
;; DEBUG: TLS, imported 170 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, C=US,ST=CA,L=San Francisco,O=Cloudflare, Inc.,CN=*.cloudflare-dns.com
;; DEBUG: SHA-256 PIN: yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=
;; DEBUG: #2, C=US,O=DigiCert Inc,CN=DigiCert ECC Secure Server CA
;; DEBUG: SHA-256 PIN: PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
;; TLS session (TLS1.2)-(ECDHE-ECDSA-SECP256R1)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 58548
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1536 B; ext-rcode: NOERROR
;; PADDING: 408 B
;; QUESTION SECTION:
;; example.com. IN A
;; ANSWER SECTION:
example.com. 2347 IN A 93.184.216.34
;; Received 468 B
;; Time 2018-03-31 15:20:57 PDT
;; From 1.1.1.1@853(TCP) in 12.6 msKo te ahua nei he pai ake mo nga kaitoro DNS rohe e mahi ana i nga hiahia o te whatunga rohe, te kaiwhakamahi kotahi ranei. He pono, ko te tautoko mo te paerewa kaore i te tino pai, engari me tumanako!
E rua nga kupu whakamarama mo ta matou e korero nei
Ko te DNS whakarāpopototanga e tohu ana mo te Ratonga Ingoa Rohe (no reira ko te korero "Ratonga DNS" he ahua kee; kei roto i te acronym te kupu "ratonga"), ka whakamahia hei whakaoti i tetahi mahi ngawari - kia mohio he aha te wahitau IP kei tetahi ingoa kaihautu motuhake. I nga wa katoa ka pao te tangata ki te hono, ka uru ranei tetahi wahitau ki te pae wahitau o te kaitirotiro (me kii, penei ""), kei te ngana te rorohiko a te tangata ki te mohio ko wai te tūmau hei tuku tono kia whiwhi i nga ihirangi o tetahi wharangi. I roto i te take o habrahabr.ru, ko te whakautu mai i te DNS ka mau he tohu mo te wahitau IP o te tūmau tukutuku: 178.248.237.68, katahi ka ngana te kaitirotiro ki te whakapā atu ki te tūmau me te wāhitau IP kua tohua.
I te wa ano, ko te tūmau DNS, i te whiwhi i te tono "he aha te wahitau IP o te kaihautu ko habrahabr.ru?", Ka whakatau mehemea kei te mohio ia ki tetahi mea mo te kaihautu kua tohua. Ki te kore, ka puta he patai ki etahi atu kaiwhakarato DNS o te ao, a, ma te hikoi, ka ngana ki te kimi i te whakautu ki te patai. Ko te mutunga, ka kitea te whakautu whakamutunga, ka tukuna nga raraunga kua kitea ki te kaihoko e tatari tonu ana, me te rongoa i roto i te keteroki o te tūmau DNS ake, ka taea e koe te whakautu i tetahi patai penei i te wa e whai ake nei.
Ko tetahi raruraru noa, ko te tuatahi, ka tukuna nga raraunga uiui DNS i roto i te marama (e taea ai e te tangata te uru atu ki te awa waka ki te wehe i nga patai DNS me nga whakautu ka puta, katahi ka poroporoaki mo o raatau ake kaupapa; ma tenei ka taea te kaha. ki te aro ki nga panui me te tika mo te kaihoko DNS, he tino nui tenei!). Tuarua, ko etahi o nga kaiwhakarato Ipurangi (kaore matou e tohu maihao, engari ko nga mea iti rawa) ka whakaatu i nga panui hei utu mo tetahi, tetahi atu wharangi kua tonohia (he mea tino ngawari te whakatinana: hei utu mo te wahitau IP kua tohua mo te tono mo te ingoa kaihautu. habranabr.ru ki te tangata matapōkere I tenei ara, ka whakahokia te wahitau o te kaiwhakarato paetukutuku, kei reira te whaarangi kei roto te panui ka tukuna). Tuatoru, kei reira nga kaiwhakarato uru Ipurangi e whakatinana ana i tetahi tikanga mo te whakatutuki i nga whakaritenga mo te aukati i nga waahi takitahi ma te whakakapi i nga whakautu DNS tika mo nga wahitau IP o nga rauemi tukutuku kua aukatihia me te IP IP o to raatau tūmau kei roto i nga wharangi stub (na reira, uru ki ka kaha ake te uaua o aua pae), ki te wahitau ranei o to tūmau takawaenga e mahi tātari ana.
Me tuku pea he pikitia mai i te paetukutuku ki konei , e whakaatu ana i te hononga ki te ratonga. Ko nga kaituhi, ko te ahua, kei te tino maia ki te kounga o o raatau DNS (engari, he uaua ki te tumanako ki tetahi mea rereke mai i Cloudflare):
Ka taea e tetahi te tino mohio ki a Cloudflare, te kaihanga o te ratonga: ka whiwhi ratou i a ratou taro ma te tautoko me te whakawhanake i tetahi o nga whatunga CDN tino rongonui o te ao (ko nga mahi e uru ana ki te tohatoha ihirangi, engari ki te manaaki i nga rohe DNS), a, na te hiahia o era, ko wai e kore e mohio nui, whakaako i era ko wai kare ratou e mohio, ki tera haere ki hea i runga i te whatunga o te ao, he maha nga wa e mate ana i te aukati i ona wahitau tūmau na e kore matou e kii ko wai - na te mea he DNS kaore e awehia e te "mamae, whiowhio me te tuhi" ka iti ake te kino ki a raatau pakihi mo tetahi kamupene. A ko nga painga hangarau (he mea iti, engari he pai: ina koa, mo nga kaihoko o te DNS Cloudflare koreutu, ko te whakahou i nga rekoata DNS o nga rauemi e whakahaerehia ana i runga i nga kaiwhakarato DNS a te kamupene ka tere tonu) kia pai ake te whakamahi i te ratonga i whakaahuatia i roto i te pou. .
Ko nga kaiwhakamahi kua rehita anake ka uru ki te rangahau. tēnā.
Ka whakamahi koe i te ratonga hou?
-
Ae, ma te tohu noa i roto i te OS me/ranei i runga i te pouara
-
Ae, ka whakamahia e au nga tikanga hou (DNS mo HTTP me DNS mo TLS)
-
Kao, he nui aku tūmau o nāianei (he kaiwhakarato tūmatanui tenei: Google, Yandex, etc.)
-
Kao, kaore au i te mohio he aha taku e whakamahi ana inaianei
-
Ka whakamahi ahau i taku ake DNS recursive me te kauhanga SSL i mua i a raatau
693 nga kaiwhakamahi i pooti. 191 nga kaiwhakamahi i aukati.
Source: will.com