Madivelopa a Firefox za kuloleza DNS pa HTTPS (DoH, DNS pa HTTPS) mwachisawawa kwa ogwiritsa ntchito aku US. Kubisa kwa magalimoto a DNS kumawonedwa ngati chinthu chofunikira kwambiri poteteza ogwiritsa ntchito. Kuyambira lero, makhazikitsidwe onse atsopano ndi ogwiritsa ntchito aku US azikhala ndi DoH kuyatsidwa mwachisawawa. Ogwiritsa ntchito omwe alipo aku US asinthidwa kukhala DoH mkati mwa milungu ingapo. Ku European Union ndi mayiko ena, yambitsani DoH mwachisawawa pakadali pano .
Pambuyo poyambitsa DoH, chenjezo limawonetsedwa kwa wogwiritsa ntchito, lomwe limalola, ngati angafune, kukana kulumikizana ndi ma seva apakati a DoH DNS ndikubwerera ku dongosolo lakale lotumiza mafunso osabisika ku seva ya DNS ya woperekayo. M'malo mwa malo ogawa a DNS resolutioners, DoH imagwiritsa ntchito chomangira ku ntchito inayake ya DoH, yomwe ingaganizidwe ngati kulephera kumodzi. Pakadali pano, ntchito imaperekedwa kudzera mwa othandizira awiri a DNS - CloudFlare (osasintha) ndi .
Sinthani wothandizira kapena kuletsa DoH mu zoikamo zolumikizira netiweki. Mwachitsanzo, mutha kutchula seva ina ya DoH “https://dns.google/dns-query” kuti mupeze ma seva a Google, “https://dns.quad9.net/dns-query” - Quad9 ndi “https:/ /doh .opendns.com/dns-query" - OpenDNS. About:config imaperekanso makonzedwe a network.trr.mode, momwe mungasinthire machitidwe a DoH: mtengo wa 0 umayimitsa DoH kwathunthu; 1 - DNS kapena DoH imagwiritsidwa ntchito, chilichonse chomwe chili mwachangu; 2 - DoH imagwiritsidwa ntchito mwachisawawa, ndipo DNS imagwiritsidwa ntchito ngati njira yobwerera; 3 - DoH yokha ndiyomwe imagwiritsidwa ntchito; 4 - mirroring mode imene DoH ndi DNS ntchito limodzi.
Tikumbukire kuti DoH ikhoza kukhala yothandiza poletsa kutayikira kwa zidziwitso za mayina omwe afunsidwa kudzera pa ma seva a DNS a othandizira, kuthana ndi kuukira kwa MITM ndi kuwonongeka kwa magalimoto a DNS (mwachitsanzo, polumikizana ndi Wi-Fi yapagulu), kuletsa kutsekereza pa DNS. mlingo (DoH siingalowe m'malo a VPN m'dera lodutsa kutsekereza komwe kumayendetsedwa pamlingo wa DPI) kapena pokonzekera ntchito ngati sizingatheke kupeza ma seva a DNS mwachindunji (mwachitsanzo, pogwira ntchito kudzera pa proxy). Ngati muzochitika zachilendo zopempha za DNS zimatumizidwa mwachindunji ku ma seva a DNS omwe amafotokozedwa mu kasinthidwe kachitidwe, ndiye kuti pa DoH, pempho loti mudziwe adilesi ya IP ya wolandirayo likuphatikizidwa mumayendedwe a HTTPS ndikutumizidwa ku seva ya HTTP, kumene wotsutsa amachitira. zopempha kudzera pa Web API. Muyezo womwe ulipo wa DNSSEC umagwiritsa ntchito kubisa kokha kuti utsimikizire kasitomala ndi seva, koma siziteteza magalimoto kuti zisasokonezedwe ndipo sizikutsimikizira chinsinsi cha zopempha.
Kusankha othandizira a DoH operekedwa mu Firefox, kwa otsimikiza odalirika a DNS, malinga ndi zomwe wogwiritsa ntchito wa DNS angagwiritse ntchito zomwe adalandira kuti athetse vutoli kuti atsimikizire kuti ntchitoyo ikugwira ntchito, sayenera kusunga zipika kwa maola opitilira 24, sangathe kusamutsa deta kwa anthu ena ndipo akuyenera kuulula zambiri za njira zopangira deta. Ntchitoyi iyeneranso kuvomereza kuti isayang'anire, kusefa, kusokoneza kapena kuletsa kuchuluka kwa magalimoto a DNS, kupatula ngati zili zoperekedwa ndi lamulo.
DoH iyenera kugwiritsidwa ntchito mosamala. Mwachitsanzo, ku Russian Federation, ma adilesi a IP 104.16.248.249 ndi 104.16.249.249 okhudzana ndi seva yokhazikika ya DoH mozilla.cloudflare-dns.com yoperekedwa mu Firefox, в pa pempho la khoti la Stavropol la June 10.06.2013, XNUMX.
DoH imathanso kuyambitsa mavuto m'magawo monga machitidwe owongolera makolo, mwayi wopeza mayina amkati m'mabizinesi, kusankha njira pamakina opititsa patsogolo kasamalidwe kazinthu, komanso kutsata malamulo a khothi polimbana ndi kugawidwa kwa zinthu zosaloledwa komanso kugwiritsa ntchito mabizinesi. ana. Pofuna kupewa zovuta zotere, macheke akhazikitsidwa ndikuyesedwa omwe amalepheretsa DoH nthawi zina.
Kuti muzindikire othetsa mabizinesi, madomeni amtundu woyamba (TLDs) amawunikidwa ndipo chosinthira makina amabwezera ma adilesi a intranet. Kuti mudziwe ngati zowongolera za makolo zimayatsidwa, kuyesa kumapangidwa kuti athetse dzina la exampleadultsite.com ndipo ngati zotsatira zake sizikugwirizana ndi IP yeniyeni, zimaganiziridwa kuti kuletsa kwa akuluakulu kumagwira ntchito pamlingo wa DNS. Ma adilesi a IP a Google ndi YouTube amawunikidwanso ngati zizindikilo kuti awone ngati asinthidwa ndi restrict.youtube.com, forcesafesearch.google.com ndi restrictmoderate.youtube.com. Macheke awa amalola owukira omwe amawongolera magwiridwe antchito kapena omwe amatha kusokoneza kuchuluka kwa magalimoto kuti atengere izi kuti aletse kubisa kwa traffic ya DNS.
Kugwira ntchito kudzera muutumiki umodzi wa DoH kungathenso kubweretsa mavuto pakukhathamiritsa kwa magalimoto pamanetiweki operekera zinthu omwe amayendetsa kuchuluka kwa magalimoto pogwiritsa ntchito DNS (seva ya CDN ya DNS imapanga yankho poganizira adilesi yosinthira ndikupereka wolandirayo wapafupi kuti alandire zomwe zili). Kutumiza funso la DNS kuchokera kwa wosankha yemwe ali pafupi kwambiri ndi wogwiritsa ntchito mu ma CDN oterowo kumabweretsa kubweza adilesi ya wolandirayo yemwe ali pafupi kwambiri ndi wogwiritsa ntchito, koma kutumiza funso la DNS kuchokera kwa wotsimikiza wapakati kudzabwezera adilesi yomwe ili pafupi kwambiri ndi seva ya DNS-over-HTTPS. . Kuyesa m'machitidwe kunawonetsa kuti kugwiritsa ntchito DNS-over-HTTP mukamagwiritsa ntchito CDN kudapangitsa kuti kuchedwetsedwe kusanayambe kusamutsa zinthu (polumikizana mwachangu, kuchedwa sikunapitirire 10 milliseconds, ndipo ngakhale magwiridwe antchito achangu adawonedwa pamakina olankhulirana pang'onopang'ono. ). Kugwiritsiridwa ntchito kwa EDNS Client Subnet extension kunaganiziridwanso kuti kumapereka chidziwitso cha malo a kasitomala kwa CDN solver.
Source: opennet.ru