Kampani ya Mozilla mgwirizano ndi opereka atatu a DNS pa HTTPS (DoH, DNS pa HTTPS) a Firefox. Kuphatikiza pa ma seva a DNS omwe adaperekedwa kale CloudFlare ("https://1.1.1.1/dns-query") ndi (), ntchito ya Comcast idzaphatikizidwanso pazokonda (https://doh.xfinity.com/dns-query). Yambitsani DoH ndikusankha mu zoikamo zolumikizira netiweki.
Tikumbukire kuti Firefox 77 idaphatikizanso DNS pa mayeso a HTTPS pomwe kasitomala aliyense amatumiza zopempha 10 ndikusankha yekha wopereka DoH. Cheke iyi idayenera kuyimitsidwa potulutsidwa , popeza idasanduka mtundu wa DDoS kuwukira pa NextDNS service, yomwe sinathe kupirira katunduyo.
Othandizira a DoH operekedwa mu Firefox amasankhidwa malinga ndi kwa otsimikiza odalirika a DNS, malinga ndi zomwe wogwiritsa ntchito wa DNS angagwiritse ntchito zomwe adalandira kuti athetse vutoli kuti atsimikizire kuti ntchitoyo ikugwira ntchito, sayenera kusunga zipika kwa maola opitilira 24, sangathe kusamutsa deta kwa anthu ena ndipo akuyenera kuulula zambiri za njira zopangira deta. Ntchitoyi iyeneranso kuvomereza kuti isayang'anire, kusefa, kusokoneza kapena kuletsa kuchuluka kwa magalimoto a DNS, kupatula ngati zili zoperekedwa ndi lamulo.
Zochitika zokhudzana ndi DNS-over-HTTPS zitha kudziwikanso Apple idzagwiritsa ntchito thandizo la DNS-over-HTTPS ndi DNS-over-TLS pakutulutsa kwamtsogolo kwa iOS 14 ndi macOS 11, komanso kuthandizira zowonjezera za WebExtension mu Safari.
Tikumbukire kuti DoH ikhoza kukhala yothandiza poletsa kutayikira kwa zidziwitso za mayina omwe afunsidwa kudzera pa ma seva a DNS a othandizira, kuthana ndi kuukira kwa MITM ndi kuwonongeka kwa magalimoto a DNS (mwachitsanzo, polumikizana ndi Wi-Fi yapagulu), kuletsa kutsekereza pa DNS. mlingo (DoH siingalowe m'malo a VPN m'dera lodutsa kutsekereza komwe kumayendetsedwa pamlingo wa DPI) kapena pokonzekera ntchito ngati sizingatheke kupeza ma seva a DNS mwachindunji (mwachitsanzo, pogwira ntchito kudzera pa proxy). Ngati muzochitika zachilendo zopempha za DNS zimatumizidwa mwachindunji ku ma seva a DNS omwe amafotokozedwa mu kasinthidwe kachitidwe, ndiye kuti pa DoH, pempho loti mudziwe adilesi ya IP ya wolandirayo likuphatikizidwa mumayendedwe a HTTPS ndikutumizidwa ku seva ya HTTP, kumene wotsutsa amachitira. zopempha kudzera pa Web API. Muyezo womwe ulipo wa DNSSEC umagwiritsa ntchito kubisa kokha kuti utsimikizire kasitomala ndi seva, koma siziteteza magalimoto kuti zisasokonezedwe ndipo sizikutsimikizira chinsinsi cha zopempha.
Source: opennet.ru