Vagadziri veFirefox vakazivisa kuwedzera kweDNS pamusoro peHTTPS (DoH) modhi, iyo inogoneswa nekusarudzika kune vashandisi muCanada (kare, DoH yaingove yakasarudzika yeUS). Kugonesa DoH yevashandisi vekuCanada kwakakamurwa kuita matanho akati wandei: Musi waChikunguru 20, DoH ichange ichishanda kune 1% yevashandisi vekuCanada uye, kunze kwezvinetso zvisingatarisirwi, kuvharirwa kuchawedzerwa kusvika ku100% mukupera kwaGunyana.
Shanduko yevashandisi veCanadian Firefox kuenda kuDoH inoitwa nekutora chikamu kweCIRA (Canadian Internet Registration Authority), iyo inodzora kuvandudzwa kweInternet muCanada uye inotarisira nzvimbo yepamusoro-soro "ca". CIRA yakasainawo TRR (Trusted Recursive Resolver) uye ndeimwe yevanopa DNS-pamusoro-HTTPS inowanikwa muFirefox.
Mushure mekuita DoH, yambiro icharatidzwa pahurongwa hwemushandisi, ichibvumira, kana zvichidikanwa, kuramba shanduko kuenda kuDoH uye kuenderera mberi nekushandisa hurongwa hwechinyakare hwekutumira zvikumbiro zvisina kunyorwa kune mupi weDNS server. Unogona kushandura mupi kana kudzima DoH mumaseting ekubatanidza network. Pamusoro peCIRA DoH maseva, unogona kusarudza Cloudflare uye NextDNS masevhisi.
Vanopa DoH vanopihwa muFirefox vanosarudzwa zvinoenderana nezvinodiwa kune vanovimbika vanogadzirisa DNS, zvinoenderana nekuti DNS anoshanda sei anogona kushandisa data rakagamuchirwa kuti rigadziriswe chete kuti ave nechokwadi chekushanda kwesevhisi, haafanire kuchengeta matanda akareba kupfuura maawa makumi maviri nemana, uye haagone. kuendesa data kune vechitatu mapato uye inodiwa kuburitsa ruzivo nezve nzira dzekugadzirisa data. Iyo sevhisi inofanirwawo kubvumirana kusaongorora, kusefa, kukanganisa kana kuvhara DNS traffic, kunze kwemamiriro akapihwa nemutemo.
Ngatiyeukei kuti DoH inogona kubatsira kudzivirira kubuda kweruzivo nezve akakumbirwa mazita ekugamuchira kuburikidza nemaseva eDNS evanopa, kurwisa MITM kurwiswa uye DNS traffic spoofing (semuenzaniso, kana uchibatanidza kune yeruzhinji Wi-Fi), kuverengera kuvharira paDNS. nhanho (DoH haigone kutsiva VPN munzvimbo yekupfuura nekuvharira kunoitwa padanho reDPI) kana kuronga basa kana zvisingaite kuwana zvakananga DNS maseva (semuenzaniso, paunenge uchishanda kuburikidza neproxy). Kana zviri zvakajairika zvikumbiro zveDNS zvakatumirwa zvakananga kumaseva eDNS anotsanangurwa mukugadziriswa kwehurongwa, saka mune yeDoH, chikumbiro chekuona iyo IP kero yakavharirwa muHTTPS traffic uye inotumirwa kuHTTP server, uko kunogadzirisa maitiro. zvikumbiro kuburikidza neWebhu API. Iyo iripo DNSSEC chiyero inoshandisa encryption chete kuratidza mutengi uye server, asi haidzivirire traffic kubva pakubata uye haivimbisi kuvanzika kwezvikumbiro.
Source: opennet.ru