Isu tinoongorora maonero ane chekuita neiyo DNS pamusoro peHTTPS, ichangobva kuve "pfupa rekupokana" pakati pevanopa Internet uye vanogadzira browser.
/Unssplash/
Hunhu hwekusawirirana
Munguva pfupi yapfuura, ΠΈ (kusanganisira Habr), vanowanzo nyora nezveDNS pamusoro peHTTPS (DoH) protocol. Iyo encrypts zvikumbiro kune DNS server uye mhinduro kwavari. Iyi nzira inokubvumira kuti uvanze mazita evatenzi vanowanikwa nemushandisi. Kubva muzvinyorwa tinogona kugumisa kuti protocol itsva (muIETF muna 2018) yakakamura nharaunda yeIT kuita misasa miviri.
Hafu inotenda kuti protocol nyowani ichavandudza kuchengetedzeka kweInternet uye vari kuishandisa mumashandisirwo avo nemasevhisi. Imwe hafu ine chokwadi chekuti tekinoroji inongoita kuti basa revatariri vehurongwa rive rakaoma. Zvadaro, tichaongorora nharo dzemativi maviri.
Mashandiro anoita DoH
Tisati tapinda mukuti nei maISPs nevamwe vatori vechikamu pamusika vari kana vachipokana neDNS pamusoro peHTTPS, ngatitarisei muchidimbu kuti inoshanda sei.
Panyaya yeDoH, chikumbiro chekuona iyo IP kero yakavharirwa muHTTPS traffic. Inobva yaenda kuHTTP server, kwainogadziriswa uchishandisa API. Heino muenzaniso chikumbiro kubva kuRFC 8484 ():
:method = GET
:scheme = https
:authority = dnsserver.example.net
:path = /dns-query?
dns=AAABAAABAAAAAAAAAWE-NjJjaGFyYWN0ZXJsYWJl
bC1tYWtlcy1iYXNlNjR1cmwtZGlzdGluY3QtZnJvbS1z
dGFuZGFyZC1iYXNlNjQHZXhhbXBsZQNjb20AAAEAAQ
accept = application/dns-message
Saka, DNS traffic yakavanzwa muHTTPS traffic. Mutengi uye sevha vanotaurirana pamusoro peiyo standard port 443. Somugumisiro, zvikumbiro kune domain name system zvinoramba zvisingazivikanwi.
Sei asina kuitirwa nyasha?
Vanopikisa DNS pamusoro peHTTPS kuti iyo itsva protocol inoderedza kuchengetedzwa kwekubatanidza. By Paul Vixie, nhengo yeboka reDNS rekuvandudza, achaita kuti zvinyanye kuomera vatariri vehurongwa kuvharira nzvimbo dzinogona kuve dzakaipa. Vashandisiwo zvavo vanorasikirwa nekwaniso yekumisikidza zvidzoreso zvevabereki mumabhurawuza.
Maonero aPaul akagovaniswa nevanopa internet veku UK. Mutemo wenyika vavhare kubva kune zviwanikwa zvine zvinorambidzwa. Asi tsigiro yeDoH mumabhurawuza inoomesa basa rekusefa traffic. Vatsoropodzi veprotocol nyowani vanosanganisirawo Government Communications Center muEngland () uye Internet Watch Foundation (), iyo inochengetedza rejista yezviwanikwa zvakavharwa.
Mune yedu blog paHabrΓ©:
Nyanzvi dzinoona kuti DNS pamusoro peHTTPS inogona kuve cybersecurity kutyisidzira. Mukutanga kwaChikunguru, nyanzvi dzekuchengetedza ruzivo kubva kuNetlab hutachiona hwekutanga hwakashandisa protocol nyowani kuita DDoS kurwisa - . Iyo malware yakawana DoH kuti itore zvinyorwa zvinyorwa (TXT) uye kubvisa kuraira uye kutonga sevha ma URL.
Zvikumbiro zveDoH zvakavharidzirwa hazvina kuzivikanwa neantivirus software. Nyanzvi dzekuchengetedza ruzivo kuti mushure meGodlua imwe malware ichauya, isingaonekwe kune passive DNS yekutarisa.
Asi havasi vose vanopikisana nazvo
Mukudzivirira DNS pamusoro peHTTPS pane yake blog APNIC injiniya Geoff Houston. Sekureva kwake, iyo protocol nyowani ichaita kuti zvikwanise kurwisa DNS kupambwa kwekurwisa, izvo zvave kuwedzera kuwanda. Chokwadi ichi Chirevo chaNdira kubva ku cybersecurity kambani FireEye. Makambani makuru eIT akatsigirawo kuvandudzwa kweprotocol.
Mukutanga kwegore rapfuura, DoH yakatanga kuyedzwa paGoogle. Uye mwedzi wapfuura kambani General Kuwanika shanduro yebasa rayo reDoH. PaGoogle , kuti ichawedzera kuchengetedzwa kwedata remunhu pane network uye kudzivirira kubva kuMITM kurwiswa.
Mumwe mugadziri webrowser - Mozilla - DNS pamusoro peHTTPS kubva zhizha rapfuura. Panguva imwecheteyo, kambani iri kushingaira kusimudzira tekinoroji nyowani munharaunda yeIT. Kune izvi, iyo Internet Services Providers Association (ISPA) Mozilla yeInternet Villain yeGore Mubairo. Mukupindura, vamiririri vekambani , vanoodzwa mwoyo nekuzengurira kwevashandisi venhare kuvandudza zvivakwa zvavo zveInternet zvechinyakare.
/Unssplash/
Mukutsigira Mozilla uye vamwe vanopa Internet. Kunyanya, kuBritish Telecom kuti iyo protocol nyowani haizokanganisa kusefa kwemukati uye ichavandudza chengetedzo yevashandisi veUK. Pasi pekumanikidzwa kwevanhu ISPA "villain" kusarudzwa.
Cloud providers vakakurudzirawo kuunzwa kweDNS pamusoro peHTTPS, semuenzaniso . Ivo vanotopa DNS masevhisi zvichibva pane itsva protocol. Rondedzero yakazara yemabhurawuza uye vatengi vanotsigira DoH inowanikwa pa .
Chero zvazvingava, hazvisati zvichibvira kutaura nezvekuguma kwekurwisana pakati pemisasa miviri. Nyanzvi dzeIT dzinofanotaura kuti kana DNS pamusoro peHTTPS ichifanirwa kuve chikamu cheiyo mainstream Internet tekinoroji stack, zvinotora .
Chii chimwe chatinonyora nezvacho mune yedu yekambani blog:
Source: www.habr.com