Isu tinotaura nezve iyo DANE tekinoroji ndeyekutendesa mazita emadomasi uchishandisa DNS uye nei isiri kushandiswa zvakanyanya mumabhurawuza.
/Unssplash/
Chii chinonzi DANE
Certification Authorities (CAs) masangano ayo
Kuti udzivise mamiriro ezvinhu akadaro, makore akati wandei apfuura IETF
DANE (DNS-based Authentication of Named Entities) seti yezvakatemwa zvinokutendera kushandisa DNSSEC (Zita System Security Extensions) kudzora kuve kwechokwadi kweSSL zvitupa. DNSSEC ndeyekuwedzera kune iyo Domain Name System iyo inoderedza kero spoofing kurwiswa. Uchishandisa matekinoroji maviri aya, webmaster kana mutengi anogona kubata mumwe weDNS zone operators uye osimbisa huchokwadi hwechitupa chiri kushandiswa.
Chaizvoizvo, DANE inoshanda sechitupa chakasaina (iyo inovimbisa kuvimbika kwayo iDNSSEC) uye inozadzisa mabasa eCA.
Sei basa iri
Iyo DANE yakatarwa inotsanangurwa mukati
Mutengi anobatana nesaiti paInternet uye anoenzanisa chitupa chayo ne "kopi" yakagamuchirwa kubva kuDNS opareta. Kana vakaenderana, saka sosi yacho inoonekwa seyakavimbika.
Iyo DANE wiki peji inopa unotevera muenzaniso wechikumbiro cheDNS kumuenzaniso.org paTCP port 443:
IN TLSA _443._tcp.example.org
Mhinduro inotaridzika seiyi:
_443._tcp.example.com. IN TLSA (
3 0 0 30820307308201efa003020102020... )
DANE ine akati wandei ekuwedzera anoshanda neDNS marekodhi kunze kweTLSA. Yekutanga ndiyo SSHFP DNS rekodhi yekusimbisa makiyi paSSH yekubatanidza. Inotsanangurwa mu
Dambudziko nderei neDANE
Pakati paMay, musangano weDNS-OARC wakaitwa (iyi isangano risingabatsiri rinobata nekuchengeteka, kugadzikana uye kuvandudza kwezita rezita rezita). Nyanzvi pane imwe yemapanera
Mabhurawuza ane mukurumbira haatsigire chitupa chechokwadi uchishandisa DANE. Pamusika
kune akakosha plugins , iyo inoratidza kushanda kweTLSA zvinyorwa, asiwo rutsigiro rwavozvishoma nezvishoma mira .
Matambudziko nekugoverwa kweDANE mumabhurawuza anoenderana nehurefu hweiyo DNSSEC yekusimbisa maitiro. Iyo sisitimu inomanikidzwa kuita cryptographic macalculation kuti isimbise huchokwadi hweSSL chitupa uye kuburikidza neketani yese yeDNS maseva (kubva kumidzi yenzvimbo kuenda kune iyo host domain) paunotanga kubatana kune sosi.
/Unssplash/
Mozilla yakaedza kubvisa iyi dhizaini ichishandisa michina
Chimwe chikonzero chekuzivikanwa kwakaderera kweDANE kuderera kweDNSSEC pasirese -
Zvingangodaro, indasitiri inokura mune imwe nzira. Panzvimbo pekushandisa DNS kuona zvitupa zveSSL/TLS, vatambi vemusika vanosimudzira DNS-over-TLS (DoT) uye DNS-over-HTTPS (DoH) protocol. Takataura ekupedzisira mune imwe yedu
Ndezvipi zvimwe zvatinazvo zvekuwedzera kuverenga:
Maitiro ekuita otomatiki IT zvivakwa manejimendi - kukurukura matatu maitiro
JMAP - yakavhurika protocol inotsiva IMAP kana uchichinjana maemail
Maitiro Ekuchengetedza neApplication Programming Interface
DevOps mubasa regore uchishandisa muenzaniso we1cloud.ru
Evolution ye1cloud cloud architecture
1cloud technical support inoshanda sei?
Ngano pamusoro pemakore tekinoroji
Source: www.habr.com