Madivelopa a Firefox alengeza kukulitsa kwa DNS pa HTTPS (DoH) mode, yomwe idzayatsidwa mwachisawawa kwa ogwiritsa ntchito ku Canada (m'mbuyomu, DoH inali yokhayo ya US). Kuthandizira DoH kwa ogwiritsa ntchito aku Canada kugawidwa m'magawo angapo: Pa Julayi 20, DoH idzatsegulidwa kwa 1% ya ogwiritsa ntchito aku Canada ndipo, kuletsa zovuta zosayembekezereka, kufalitsa kudzawonjezeka mpaka 100% kumapeto kwa Seputembala.
Kusintha kwa ogwiritsa ntchito Firefox ku Canada kupita ku DoH kumachitika ndi CIRA (Canadian Internet Registration Authority), yomwe imayang'anira chitukuko cha intaneti ku Canada ndipo imayang'anira gawo lapamwamba la "ca". CIRA yalembetsanso TRR (Trusted Recursive Resolver) ndipo ndi m'modzi mwa othandizira a DNS-over-HTTPS omwe akupezeka mu Firefox.
Pambuyo poyambitsa DoH, chenjezo lidzawonetsedwa pa makina a wogwiritsa ntchito, kulola, ngati angafune, kukana kusintha kwa DoH ndikupitiriza kugwiritsa ntchito ndondomeko yachikhalidwe yotumiza zopempha zosabisika ku seva ya DNS ya wothandizira. Mutha kusintha wopereka kapena kuletsa DoH pamakina olumikizira netiweki. Kuphatikiza pa maseva a CIRA DoH, mutha kusankha Cloudflare ndi ntchito za NextDNS.
Othandizira a DoH omwe amaperekedwa mu Firefox amasankhidwa molingana ndi zofunikira za otsimikiza a DNS odalirika, malinga ndi zomwe wogwiritsa ntchito wa DNS angagwiritse ntchito deta yomwe yalandilidwa kuti athetse vutoli kuti atsimikizire kuti ntchitoyo ikugwira ntchito, sayenera kusunga zipika zotalika kuposa maola 24, ndipo sangathe kusamutsa deta kwa anthu ena ndipo akuyenera kuulula zambiri za njira zopangira deta. Ntchitoyi iyeneranso kuvomereza kuti isayang'anire, kusefa, kusokoneza kapena kuletsa kuchuluka kwa magalimoto a DNS, kupatula ngati zili zoperekedwa ndi lamulo.
Tikukumbutseni kuti DoH ingakhale yothandiza poletsa kutayikira kwa chidziwitso chokhudza mayina a ma host omwe apemphedwa kudzera mu ma seva a DNS a opereka chithandizo, kuthana ndi kuukira kwa MITM ndi kusokoneza kwa magalimoto a DNS (mwachitsanzo, polumikizana ndi Wi-Fi ya anthu onse), komanso kuletsa kutsekeka pamlingo wa DNS (DoH singalowe m'malo). VPN m'dera la kunyalanyaza kutsekereza komwe kumachitika pamlingo wa DPI) kapena pokonzekera ntchito ngati kupeza mwachindunji ma seva a DNS sikungatheke (mwachitsanzo, pogwira ntchito kudzera pa proxy). Ngakhale zili bwino, mafunso a DNS amatumizidwa mwachindunji ku ma seva a DNS omwe afotokozedwa mu kasinthidwe ka dongosolo, pankhani ya DoH pempho loti litsimikizidwe IP ma adilesi Dzina la hostname limasungidwa mu HTTPS traffic ndipo limatumizidwa ku seva ya HTTP, komwe resolver imakonza zopempha kudzera pa Web API. Muyezo wa DNSSEC womwe ulipo umagwiritsa ntchito encryption pongotsimikizira kasitomala ndi seva, koma suteteza magalimoto kuti asatsekeredwe kapena kutsimikizira chinsinsi cha zopempha.
Source: opennet.ru
