Mozilla Company chibvumirano nevechitatu vanopa DNS pamusoro peHTTPS (DoH, DNS pamusoro peHTTPS) yeFirefox. Pamusoro peiyo yakambopihwa DNS maseva CloudFlare ("https://1.1.1.1/dns-query") uye (), sevhisi yeComcast ichaverengerwawo muzvirongwa (https://doh.xfinity.com/dns-query). Activate DoH uye sarudza mune network yekubatanidza marongero.
Ngatiyeukei kuti Firefox 77 yaisanganisira DNS pamusoro peHTTPS bvunzo nemutengi wega wega achitumira gumi zvikumbiro zvebvunzo uye otomatiki kusarudza mupi weDoH. Cheki iyi yaifanira kudzimwa pakuburitswa , sezvo yakashanduka kuita rudzi rweDDoS kurwiswa paNextDNS sevhisi, iyo yaisakwanisa kumirisana nemutoro.
Ivo vanopa DoH vanopihwa muFirefox vanosarudzwa zvinoenderana kune vanovimbika DNS vagadzirisi, maererano neiyo DNS mushandisi anogona kushandisa iyo data yakagamuchirwa kugadzirisa chete kuti ave nechokwadi chekushanda kwesevhisi, haifanire kuchengetedza matanda kweanopfuura maawa makumi maviri nemana, haigone kuendesa data kune wechitatu mapato uye inosungirwa kuburitsa ruzivo nezve. nzira dzekugadzirisa data. Iyo sevhisi inofanirwawo kubvumirana kusaongorora, kusefa, kukanganisa kana kuvhara DNS traffic, kunze kwemamiriro akapihwa nemutemo.
Zviitiko zvine chekuita neDNS-pamusoro-HTTPS zvinogonawo kucherechedzwa Apple ichaita tsigiro yeDNS-pamusoro-HTTPS uye DNS-pamusoro-TLS mune ramangwana kuburitswa kweIOS 14 uye macOS 11, pamwe chete. rutsigiro rweWebExtension ekuwedzera muSafari.
Ngatiyeukei kuti DoH inogona kubatsira kudzivirira kubuda kweruzivo nezve akakumbirwa mazita ekugamuchira kuburikidza nemaseva eDNS evanopa, kurwisa MITM kurwiswa uye DNS traffic spoofing (semuenzaniso, kana uchibatanidza kune yeruzhinji Wi-Fi), kuverengera kuvharira paDNS. nhanho (DoH haigone kutsiva VPN munzvimbo yekupfuura nekuvharira kunoitwa padanho reDPI) kana kuronga basa kana zvisingaite kuwana zvakananga DNS maseva (semuenzaniso, paunenge uchishanda kuburikidza neproxy). Kana zviri zvakajairika zvikumbiro zveDNS zvakatumirwa zvakananga kumaseva eDNS anotsanangurwa mukugadziriswa kwehurongwa, saka mune yeDoH, chikumbiro chekuona iyo IP kero yakavharirwa muHTTPS traffic uye inotumirwa kuHTTP server, uko kunogadzirisa maitiro. zvikumbiro kuburikidza neWebhu API. Iyo iripo DNSSEC chiyero inoshandisa encryption chete kuratidza mutengi uye server, asi haidzivirire traffic kubva pakubata uye haivimbisi kuvanzika kwezvikumbiro.
Source: opennet.ru