Madivelopa a Firefox alengeza kukulitsa kwa DNS pa HTTPS (DoH) mode, yomwe idzayatsidwa mwachisawawa kwa ogwiritsa ntchito ku Canada (m'mbuyomu, DoH inali yokhayo ya US). Kuthandizira DoH kwa ogwiritsa ntchito aku Canada kugawidwa m'magawo angapo: Pa Julayi 20, DoH idzatsegulidwa kwa 1% ya ogwiritsa ntchito aku Canada ndipo, kuletsa zovuta zosayembekezereka, kufalitsa kudzawonjezeka mpaka 100% kumapeto kwa Seputembala.
Kusintha kwa ogwiritsa ntchito Firefox ku Canada kupita ku DoH kumachitika ndi CIRA (Canadian Internet Registration Authority), yomwe imayang'anira chitukuko cha intaneti ku Canada ndipo imayang'anira gawo lapamwamba la "ca". CIRA yalembetsanso TRR (Trusted Recursive Resolver) ndipo ndi m'modzi mwa othandizira a DNS-over-HTTPS omwe akupezeka mu Firefox.
Pambuyo poyambitsa DoH, chenjezo lidzawonetsedwa pa makina a wogwiritsa ntchito, kulola, ngati angafune, kukana kusintha kwa DoH ndikupitiriza kugwiritsa ntchito ndondomeko yachikhalidwe yotumiza zopempha zosabisika ku seva ya DNS ya wothandizira. Mutha kusintha wopereka kapena kuletsa DoH pamakina olumikizira netiweki. Kuphatikiza pa maseva a CIRA DoH, mutha kusankha Cloudflare ndi ntchito za NextDNS.
Othandizira a DoH omwe amaperekedwa mu Firefox amasankhidwa molingana ndi zofunikira za otsimikiza a DNS odalirika, malinga ndi zomwe wogwiritsa ntchito wa DNS angagwiritse ntchito deta yomwe yalandilidwa kuti athetse vutoli kuti atsimikizire kuti ntchitoyo ikugwira ntchito, sayenera kusunga zipika zotalika kuposa maola 24, ndipo sangathe kusamutsa deta kwa anthu ena ndipo akuyenera kuulula zambiri za njira zopangira deta. Ntchitoyi iyeneranso kuvomereza kuti isayang'anire, kusefa, kusokoneza kapena kuletsa kuchuluka kwa magalimoto a DNS, kupatula ngati zili zoperekedwa ndi lamulo.
Tikumbukire kuti DoH ikhoza kukhala yothandiza poletsa kutayikira kwa zidziwitso za mayina omwe afunsidwa kudzera pa ma seva a DNS a othandizira, kuthana ndi kuukira kwa MITM ndi kuwonongeka kwa magalimoto a DNS (mwachitsanzo, polumikizana ndi Wi-Fi yapagulu), kuletsa kutsekereza pa DNS. mlingo (DoH siingalowe m'malo a VPN m'dera lodutsa kutsekereza komwe kumayendetsedwa pamlingo wa DPI) kapena pokonzekera ntchito ngati sizingatheke kupeza ma seva a DNS mwachindunji (mwachitsanzo, pogwira ntchito kudzera pa proxy). Ngati muzochitika zachilendo zopempha za DNS zimatumizidwa mwachindunji ku ma seva a DNS omwe amafotokozedwa mu kasinthidwe kachitidwe, ndiye kuti pa DoH, pempho loti mudziwe adilesi ya IP ya wolandirayo likuphatikizidwa mumayendedwe a HTTPS ndikutumizidwa ku seva ya HTTP, kumene wotsutsa amachitira. zopempha kudzera pa Web API. Muyezo womwe ulipo wa DNSSEC umagwiritsa ntchito kubisa kokha kuti utsimikizire kasitomala ndi seva, koma siziteteza magalimoto kuti zisasokonezedwe ndipo sizikutsimikizira chinsinsi cha zopempha.
Source: opennet.ru