Kutsatira Kampani ya Google za cholinga choyesa kuyesa "DNS pa HTTPS" (DoH, DNS pa HTTPS) kukhazikitsa kukhazikitsidwa kwa msakatuli wa Chrome. Chrome 78, yokonzedwa pa Okutobala 22, idzakhala ndi magulu ena ogwiritsa ntchito mwachisawawa kugwiritsa ntchito DoH. Ogwiritsa ntchito okhawo omwe makina awo amakono amatchula opereka DNS ena omwe amadziwika kuti amagwirizana ndi DoH ndi omwe angatenge nawo gawo poyesa kuti atsegule DoH.
Othandizira a DNS ovomerezeka akuphatikizidwa Google (8.8.8.8, 8.8.4.4), Cloudflare (1.1.1.1, 1.0.0.1), OpenDNS (208.67.222.222, 208.67.220.220), Quad9 (9.9.9.9, 149.112.112.112wsing185.228.168.168. 185.228.169.168, 185.222.222.222) ndi DNS.SB (185.184.222.222, XNUMX). Ngati zokonda za DNS za wogwiritsa ntchito zikuwonetsa imodzi mwama seva a DNS omwe atchulidwa pamwambapa, DoH mu Chrome idzayatsidwa mwachisawawa. Kwa iwo omwe amagwiritsa ntchito ma seva a DNS operekedwa ndi omwe amawathandizira pa intaneti, chilichonse sichisintha ndipo chosankhacho chidzapitiliza kugwiritsidwa ntchito pamafunso a DNS.
Kusiyana kofunikira kuchokera pakukhazikitsa kwa DoH mu Firefox, komwe kunapangitsa kuti DoH pang'onopang'ono ikhale yosasinthika kale kumapeto kwa Seputembala, ndikusowa kolumikizana ndi ntchito imodzi ya DoH. Ngati mu Firefox mwachisawawa Seva ya CloudFlare DNS, ndiye Chrome idzangosintha njira yogwirira ntchito ndi DNS ku ntchito yofanana, popanda kusintha wopereka DNS. Mwachitsanzo, ngati wosuta ali ndi DNS 8.8.8.8 wotchulidwa mu zoikamo dongosolo, ndiye Chrome adzakhala Google DoH service (βhttps://dns.google.com/dns-queryβ), ngati DNS ndi 1.1.1.1, ndiye Cloudflare DoH service (βhttps://cloudflare-dns.com/dns-queryβ) Ndipo
Ngati angafune, wogwiritsa ntchitoyo atha kuyatsa kapena kuyimitsa DoH pogwiritsa ntchito "chrome://flags/#dns-over-https". Njira zitatu zogwirira ntchito zimathandizidwa: zotetezeka, zodziwikiratu komanso zozimitsa. Munjira "yotetezedwa", olandila amatsimikiziridwa potengera zomwe zidasungidwa kale (zolandilidwa kudzera pa intaneti yotetezedwa) ndi zopempha kudzera pa DoH; kubweza ku DNS wamba sikumayikidwa. Mu "automatic" mode, ngati DoH ndi cache yotetezedwa palibe, deta ikhoza kutengedwa kuchokera ku cache yosatetezedwa ndikufikiridwa kudzera mu DNS yachikhalidwe. Mu "off" mode, cache yogawidwa imafufuzidwa poyamba ndipo ngati palibe deta, pempholo limatumizidwa kudzera mu dongosolo la DNS. Njirayi imayikidwa kudzera kDnsOverHttpsMode , ndi template ya mapu a seva kudzera pa kDnsOverHttpsTemplates.
Kuyesera kothandizira DoH kudzachitika pamapulatifomu onse omwe athandizidwa mu Chrome, kupatula Linux ndi iOS chifukwa chosakhala chaching'ono chokhazikitsa zosintha komanso kuletsa zoikamo za DNS. Ngati, mutatha kuloleza DoH, pali zovuta kutumiza zopempha ku seva ya DoH (mwachitsanzo, chifukwa cha kutsekeka kwake, kulumikizidwa kwa netiweki kapena kulephera), msakatuli adzabwezera zokha zoikamo za DNS.
Cholinga cha kuyesaku ndikuyesa komaliza kukhazikitsidwa kwa DoH ndikuphunzira momwe kugwiritsa ntchito DoH kumagwirira ntchito. Tiyenera kudziwa kuti kwenikweni thandizo la DoH linali mu Chrome codebase kubwerera mu February, koma kukonza ndi kuyatsa DoH kuyambitsa Chrome ndi mbendera yapadera komanso zosankha zosadziwika bwino.
Tikumbukire kuti DoH ikhoza kukhala yothandiza poletsa kutulutsa kwa chidziwitso cha mayina omwe afunsidwa kudzera pa seva za DNS za opereka, kuthana ndi kuukira kwa MITM ndi kuwononga magalimoto a DNS (mwachitsanzo, polumikizana ndi Wi-Fi yapagulu), kuletsa kutsekereza pa DNS. mlingo (DoH siingalowe m'malo a VPN m'dera lodutsa kutsekereza komwe kumayendetsedwa pamlingo wa DPI) kapena pokonzekera ntchito ngati sizingatheke kupeza ma seva a DNS mwachindunji (mwachitsanzo, pogwira ntchito kudzera pa proxy). Ngati zili bwino, zopempha za DNS zimatumizidwa mwachindunji ku ma seva a DNS omwe amafotokozedwa mu kasinthidwe kachitidwe, ndiye kuti pa DoH, pempho lofuna kudziwa adilesi ya IP ya wolandirayo limayikidwa mumayendedwe a HTTPS ndikutumizidwa ku seva ya HTTP, komwe wokonza amakonza. zopempha kudzera pa Web API. Muyezo womwe ulipo wa DNSSEC umagwiritsa ntchito kubisa kokha kuti utsimikizire kasitomala ndi seva, koma siziteteza magalimoto kuti zisasokonezedwe ndipo sizikutsimikizira chinsinsi cha zopempha.
Source: opennet.ru