Masangano ekutengeserana , ΠΈ , kudzivirira zvido zvevanopa Internet, kuUS Congress nechikumbiro chekuteerera kune dambudziko nekushandiswa kwe "DNS pamusoro peHTTPS" (DoH, DNS pamusoro peHTTPS) uye kukumbira kubva kuGoogle ruzivo rwakadzama nezvezvirongwa zvazvino uye zveramangwana kuti DoH igonese zvigadzirwa zvayo, pamwe chete wana chisungo chekusagonesa pakati nekusarudzika Kugadzirisa zvikumbiro zveDNS muChrome uye Android pasina kukurukurirana kwakazara nedzimwe nhengo dzeecosystem uye uchifunga zvingangoitika zvakashata.
Kunzwisisa bhenefiti yese yekushandisa encryption yeDNS traffic, masangano anoona sezvisingatenderwe kutarisisa kutonga pamusoro pekugadzirisa zita neruoko rumwe uye kubatanidza iyi mashandiro nekusarudzika kune yepakati DNS masevhisi. Kunyanya, zvinopokana kuti Google iri kuenda kuunza DoH nekusarudzika mu Android neChrome, iyo, kana yakasungirirwa kumaseva eGoogle, inogona kutyora hunhu hweiyo DNS zvivakwa uye kugadzira imwe pfungwa yekutadza.
Sezvo Chrome ne Android zvichitonga pamusika, kana vakamanikidza maseva avo eDoH, Google ichakwanisa kudzora ruzhinji rwemushandisi DNS mubvunzo unoyerera. Pamusoro pekudzikisa kuvimbika kwezvivakwa, danho rakadaro rinopawo Google mukana usina kunaka pamusoro pevakwikwidzi, sezvo kambani yaizowana rumwe ruzivo nezve zviito zvemushandisi, izvo zvinogona kushandiswa kuteedzera zviitiko zvevashandisi uye kusarudza kushambadzira kwakakodzera.
DoH inogonawo kukanganisa nzvimbo dzakaita semasisitimu ekudzora kwevabereki, kuwana nzvimbo dzemazita emukati mumasisitimu emabhizinesi, nzira mumasisitimu ekupa zvirimo, uye kutevedzera mirairo yedare mukupokana nekuparadzirwa kwezvinhu zvisiri pamutemo uye kumbunyikidzwa kwevadiki. DNS spoofing inowanzoshandiswa kudzosera vashandisi kune peji ine ruzivo nezve kupera kwemari kune munyoreri kana kupinda mune isina waya network.
Google , kuti kutya hakuna hwaro, sezvo isiri kuzogonesa DoH nekukasira muChrome uye Android. MuChrome 78, DoH ichagoneswa kuyedza neiyo default chete kune vashandisi vane marongero akagadziridzwa nevapeji veDNS vanopa sarudzo yekushandisa DoH seimwe nzira kune yechinyakare DNS. Kune avo vanoshandisa emuno ISP-yakapihwa DNS maseva, DNS mibvunzo icharamba ichitumirwa kuburikidza neiyo system solver. Avo. Zviito zveGoogle zvinongogumira pakutsiva muridzi wazvino nesevhisi yakaenzana kuti achinje kune nzira yakachengeteka yekushanda neDNS. Kuiswa kwekuyedza kweDoH kwakarongerwa Firefox, asi kusiyana neGoogle, Mozilla default DNS server ndeye CloudFlare. Iyi nzira yakatokonzera kubva kuOpenBSD chirongwa.
Ngatiyeukei kuti DoH inogona kubatsira kudzivirira kubuda kweruzivo nezve akakumbirwa mazita ekugamuchira kuburikidza nemaseva eDNS evanopa, kurwisa MITM kurwiswa uye DNS traffic spoofing (semuenzaniso, kana uchibatanidza kune yeruzhinji Wi-Fi), kuverengera kuvharira paDNS. nhanho (DoH haigone kutsiva VPN munzvimbo yekupfuura nekuvharira kunoitwa padanho reDPI) kana kuronga basa kana zvisingaite kuwana zvakananga DNS maseva (semuenzaniso, paunenge uchishanda kuburikidza neproxy).
Kana zviri zvakajairika zvikumbiro zveDNS zvakatumirwa zvakananga kumaseva eDNS anotsanangurwa mukugadziriswa kwehurongwa, saka mune yeDoH, chikumbiro chekuona iyo IP kero yakavharirwa muHTTPS traffic uye inotumirwa kuHTTP server, uko kunogadzirisa maitiro. zvikumbiro kuburikidza neWebhu API. Iyo iripo DNSSEC chiyero inoshandisa encryption chete kuratidza mutengi uye server, asi haidzivirire traffic kubva pakubata uye haivimbisi kuvanzika kwezvikumbiro. Parizvino nezve tsigira DoH.
Source: opennet.ru