Timasanthula malingaliro okhudzana ndi mawonekedwe a DNS pa HTTPS, omwe posachedwapa akhala "fupa la mkangano" pakati pa opereka intaneti ndi opanga masakatuli.
/Chotsani /
Chiyambi cha kusagwirizana
Posachedwa, ΠΈ (kuphatikiza Habr) nthawi zambiri amalemba za DNS pa protocol ya HTTPS (DoH). Imabisa zopempha ndi mayankho a DNS. Njirayi imakulolani kuti mubise maina omwe amawagwiritsa ntchito. Kuchokera m'mabuku, titha kunena kuti protocol yatsopano (mu IETF mu 2018) adagawa gulu la IT m'misasa iwiri.
Theka limakhulupirira kuti ndondomeko yatsopanoyi idzawonjezera chitetezo cha intaneti, ndikuchigwiritsa ntchito muzogwiritsira ntchito ndi ntchito zawo. Theka lina likukhulupirira kuti ukadaulo umangosokoneza ntchito ya oyang'anira machitidwe. Tiyeni tione mkangano wa mbali zonse ziwiri.
Momwe DoH Imagwirira Ntchito
Tisanakambirane chifukwa chake ma ISP ndi ena omwe akuchita nawo msika ali a DNS kapena akutsutsana ndi HTTPS, tiyeni tiwone mwachangu momwe zimagwirira ntchito.
Pankhani ya DoH, pempho loti mudziwe adilesi ya IP yasungidwa mumayendedwe a HTTPS. Kenako imapita ku seva ya HTTP, komwe imakonzedwa pogwiritsa ntchito API. Nayi pempho lachitsanzo lochokera ku RFC 8484 ():
:method = GET
:scheme = https
:authority = dnsserver.example.net
:path = /dns-query?
dns=AAABAAABAAAAAAAAAWE-NjJjaGFyYWN0ZXJsYWJl
bC1tYWtlcy1iYXNlNjR1cmwtZGlzdGluY3QtZnJvbS1z
dGFuZGFyZC1iYXNlNjQHZXhhbXBsZQNjb20AAAEAAQ
accept = application/dns-message
Chifukwa chake magalimoto a DNS amabisika mumayendedwe a HTTPS. Wothandizira ndi seva amalankhulana pa doko lodziwika bwino 443. Zotsatira zake, zopempha ku dongosolo la dzina lachidziwitso zimakhalabe zosadziwika.
Chifukwa chiyani sakulandiridwa
Otsutsa DNS pa HTTPS kuti protocol yatsopano idzachepetsa chitetezo cha maulumikizidwe. Wolemba Paul Vixie, membala wa gulu lachitukuko la DNS, zipangitsa kuti zikhale zovuta kuti ma sysadmins atseke masamba omwe angakhale oyipa. Ogwiritsa ntchito wamba adzataya kuthekera kokhazikitsa zowongolera za makolo pazosakatula.
Lingaliro la Paulo likugawidwa ndi UK ISPs. Malamulo adziko kuti aletse zinthu zomwe zili ndi zoletsedwa. Koma thandizo la DoH mu asakatuli limasokoneza ntchito yosefa magalimoto. Otsutsa ndondomeko yatsopanoyi akuphatikizanso Boma la Communications Center ku England () ndi Internet Watch Foundation (), yomwe imasunga zolembera zazinthu zotsekedwa.
Mu blog yathu pa HabrΓ©:
Akatswiri amazindikira kuti DNS pa HTTPS ikhoza kukhala chiwopsezo ku cybersecurity. Kumayambiriro kwa Julayi, akatswiri achitetezo azidziwitso ochokera ku Netlab kachilombo koyamba komwe kamagwiritsa ntchito protocol yatsopano kuchita DDoS - . Pulogalamu yaumbanda idafikira ku DoH kuti ipeze zolemba (.txt) ndikuchotsa ma URL a maseva olamula ndi owongolera.
Zopempha zobisika za DoH sizinazindikiridwe ndi pulogalamu ya antivayirasi. akatswiri achitetezo chazidziwitso kuti pambuyo pa Godlua pulogalamu yaumbanda ina idzabwera, yosaoneka ndi kuwunika kwa DNS.
Koma si onse amene amatsutsa
Kuteteza DNS pa HTTPS pabulogu yanga APNIC injiniya Geoff Houston. Malinga ndi iye, ndondomeko yatsopanoyi ithandiza kulimbana ndi DNS kulanda kuukira, zomwe zafala kwambiri posachedwapa. Mfundo imeneyi Lipoti la Januware la kampani yoteteza zidziwitso FireEye. Kukula kwa protocol kunathandizidwanso ndi makampani akuluakulu a IT.
Kumayambiriro kwa chaka chatha, DoH idayamba kuyesedwa ku Google. Ndipo mwezi wapitawo kampaniyo Kupezeka Kwanthawi Zonse kwa ntchito yawo ya DoH. Google kuti idzawonjezera chitetezo cha deta yanu pa intaneti ndikuteteza ku MITM.
Wopanga msakatuli wina - Mozilla - DNS pa HTTPS kuyambira chilimwe chatha. Nthawi yomweyo, kampaniyo ikulimbikitsa ukadaulo watsopano m'malo a IT. Pachifukwa ichi, Internet Services Providers Association (ISPA) Mozilla ndi Woyipa wapaintaneti wa Chaka. Poyankha, oimira kampaniyo omwe akhumudwitsidwa ndi kusafuna kwa opanga ma telecom kuti apititse patsogolo zida zapaintaneti zakale.
/Chotsani /
Mothandizidwa ndi Mozilla ndi ena opereka intaneti. Makamaka, ku British Telecom kuti protocol yatsopano sidzakhudza kusefa zomwe zili mkati ndikuwonjezera chitetezo cha ogwiritsa ntchito aku UK. Mokakamizidwa ndi anthu ISPA "zoyipa" kusankhidwa.
Othandizira pamtambo adalimbikitsanso kukhazikitsidwa kwa DNS pa HTTPS, mwachitsanzo . Amapereka kale ntchito za DNS kutengera protocol yatsopano. Kuti mupeze mndandanda wathunthu wamasakatuli ndi makasitomala omwe ali ndi DoH, onani .
Mulimonsemo, sikoyenera kukamba za kutha kwa mkangano pakati pa misasa iwiriyi. Ubwino wa IT umaneneratu kuti ngati DNS pa HTTPS ikhala gawo lalikulu laukadaulo wapaintaneti, zitenga .
Zomwe timalemba mu blog yathu yamakampani:
Source: www.habr.com