Vagadziri veFirefox
Mushure mekuita DoH, yambiro inoratidzwa kumushandisi, iyo inobvumira, kana zvichidikanwa, kuramba kubata maseva epakati eDoH DNS uye kudzokera kuhurongwa hwechinyakare hwekutumira mibvunzo isina kunyorwa kune mupi weDNS server. Panzvimbo penzvimbo yakagovaniswa yevanogadzirisa DNS, DoH inoshandisa chinosunga kune chaiyo DoH sevhisi, iyo inogona kutorwa sechinhu chimwe chekutadza. Parizvino, basa rinopihwa kuburikidza nevaviri veDNS vanopa - CloudFlare (default) uye
Chinja mupi kana kudzima DoH
Ngatiyeukei kuti DoH inogona kubatsira kudzivirira kubuda kweruzivo nezve akakumbirwa mazita ekugamuchira kuburikidza nemaseva eDNS evanopa, kurwisa MITM kurwiswa uye DNS traffic spoofing (semuenzaniso, kana uchibatanidza kune yeruzhinji Wi-Fi), kuverengera kuvharira paDNS. nhanho (DoH haigone kutsiva VPN munzvimbo yekupfuura nekuvharira kunoitwa padanho reDPI) kana kuronga basa kana zvisingaite kuwana zvakananga DNS maseva (semuenzaniso, paunenge uchishanda kuburikidza neproxy). Kana zviri zvakajairika zvikumbiro zveDNS zvakatumirwa zvakananga kumaseva eDNS anotsanangurwa mukugadziriswa kwehurongwa, saka mune yeDoH, chikumbiro chekuona iyo IP kero yakavharirwa muHTTPS traffic uye inotumirwa kuHTTP server, uko kunogadzirisa maitiro. zvikumbiro kuburikidza neWebhu API. Iyo iripo DNSSEC chiyero inoshandisa encryption chete kuratidza mutengi uye server, asi haidzivirire traffic kubva pakubata uye haivimbisi kuvanzika kwezvikumbiro.
Kusarudza vanopa veDoH vanopihwa muFirefox,
DoH inofanira kushandiswa nekuchenjerera. Semuyenzaniso, muRussian Federation, IP kero 104.16.248.249 uye 104.16.249.249 ine chekuita neiyo default DoH server mozilla.cloudflare-dns.com inopihwa muFirefox,
DoH inogona zvakare kukonzera matambudziko munzvimbo dzakaita senge masystem ekudzora evabereki, kuwana nzvimbo dzemukati dzemazita mumasisitimu emakambani, kusarudzwa kwenzira mumasisitimu ekupa zvirimo, uye kutevedzera mirairo yedare munzvimbo yekurwisa kugoverwa kwezvinhu zvisiri pamutemo uye kubiridzira. vadiki. Kunzvenga matambudziko akadai, cheki system yakaitwa uye yakaedzwa inodzima DoH otomatiki mune mamwe mamiriro.
Kuti uone vanogadzirisa bhizinesi, atypical ekutanga-level domains (TLDs) anotariswa uye iyo system solver inodzorera intranet kero. Kuti uone kana kutonga kwevabereki kunogoneswa, kuedza kunoitwa kugadzirisa zita rekuti exampleadultsite.com uye kana mhedzisiro isingaenderane neiyo IP chaiyo, inofungidzirwa kuti yevakuru kuvharisa kunoshanda padanho reDNS. Google neYouTube IP kero dzinotariswawo sezviratidzo kuona kana dzatsiviwa nerestrict.youtube.com, forcesafesearch.google.com uye restrictmoderate.youtube.com. Macheki aya anobvumira vanorwisa vanodzora kushanda kweanogadzirisa kana vanokwanisa kukanganisa traffic kuti vatevedze maitiro akadaro kudzima encryption yeDNS traffic.
Kushanda kuburikidza nesevhisi imwe chete yeDoH kunogona zvakare kukonzera matambudziko nekugadzirisa traffic mumatanho ekutakura emukati anoyera traffic uchishandisa DNS (iyo CDN network's DNS server inoburitsa mhinduro ichifunga nezvekero yegadziriso uye inopa mugamuchiri wepedyo kuti agamuchire zvirimo). Kutumira mubvunzo weDNS kubva kumugadzirisi ari padyo nemushandisi mune akadaro maCDN zvinoguma nekudzosera kero yemugamuchiri ari padyo nemushandisi, asi kutumira mubvunzo weDNS kubva kumugadzirisi wepakati kunodzosera kero yevaenzi padyo neDNS-pamusoro-HTTPS server. . Kuedza mukuita kwakaratidza kuti kushandiswa kweDNS-pamusoro-HTTP kana uchishandisa CDN kwakaita kuti pasave nekunonoka kusati kwatanga kufambiswa kwemukati (yekukurumidza kubatanidza, kunonoka hakuna kudarika 10 milliseconds, uye kunyange nekukurumidza kuita kwakaonekwa painononoka nzira yekutaurirana. ) Iko kushandiswa kweEDNS Client Subnet yekuwedzera kwaifungidzirwawo kupa ruzivo rwenzvimbo yemutengi kune CDN inogadzirisa.
Source: opennet.ru