Kutevera Kambani yeGoogle nezvechinangwa chekuedza kuedza "DNS pamusoro peHTTPS" (DoH, DNS pamusoro peHTTPS) kushandiswa kuri kugadzirwa kweChrome browser. Chrome 78, yakarongerwa Gumiguru 22nd, ichava nemamwe mapoka evashandisi nekusarudzika kushandisa DoH. Vashandisi chete vane masisitimu avo azvino anotsanangura vamwe vanopa DNS vanozivikanwa sevanowirirana neDoH vachatora chikamu mukuyedza kugonesa DoH.
Iyo chena rondedzero yeDNS vanopa inosanganisira Google (8.8.8.8, 8.8.4.4), Cloudflare (1.1.1.1, 1.0.0.1), OpenDNS (208.67.222.222, 208.67.220.220), Quad9 (9.9.9.9, 149.112.112.112brows185.228.168.168) Clean.185.228.169.168 185.222.222.222, 185.184.222.222) uye DNS.SB (XNUMX, XNUMX). Kana zvigadziriso zvemushandisi zveDNS zvichitaura imwe yeataurwa pamusoro apa sevhavha yeDNS, DoH muChrome inozoitwa nekukasira. Kune avo vanoshandisa maDNS maseva anopihwa newavo wepaInternet mupi, zvese zvinoramba zvisina kuchinjika uye sisitimu inogadzirisa icharamba ichishandiswa kumibvunzo yeDNS.
Musiyano wakakosha kubva mukushandiswa kweDoH muFirefox, iyo yakagonesa DoH zvishoma nezvishoma nechekare pakupera kwaGunyana, kushaikwa kwekusungirira kune imwe sevhisi yeDoH. Kana muFirefox nekusingaperi CloudFlare DNS server, ipapo Chrome inongogadzirisa nzira yekushanda neDNS kune yakaenzana sevhisi, pasina kushandura DNS mupi. Semuenzaniso, kana mushandisi ane DNS 8.8.8.8 inotsanangurwa muhurongwa hwehurongwa, ipapo Chrome ichaita Google DoH sevhisi ("https://dns.google.com/dns-query"), kana DNS iri 1.1.1.1, ipapo Cloudflare DoH sevhisi ("https://cloudflare-dns.com/dns-query") Uye
Kana zvichidikanwa, mushandisi anogona kugonesa kana kudzima DoH uchishandisa iyo "chrome://flags/#dns-over-https" kuseta. Matatu ekushandisa modes anotsigirwa: akachengeteka, otomatiki uye akadzima. Mune "yakachengeteka" modhi, mauto anotemerwa chete zvichibva pane yaimbove cached yakachengeteka kukosha (yakagashirwa kuburikidza yakachengeteka yekubatanidza) uye zvikumbiro kuburikidza neDoH; yekudzokera kune yakajairwa DNS haishandiswe. Mune "otomatiki" modhi, kana DoH uye cache yakachengeteka zvisipo, data inogona kutorwa kubva kune isina kuchengetedzwa cache uye inowanikwa kuburikidza neyakajairwa DNS. Mu "off" mode, cache yakagovaniswa inotanga kuongororwa uye kana pasina data, chikumbiro chinotumirwa kuburikidza nehurongwa DNS. Iyo modhi inoiswa kuburikidza kDnsOverHttpsMode , uye server mepu template kuburikidza kDnsOverHttpsTemplates.
Kuedza kugonesa DoH kuchaitwa pamapuratifomu ese anotsigirwa muChrome, kunze kweLinux neIOS nekuda kwechimiro chisiri chidiki chekuparura zvigadziriso zvekugadzirisa uye kurambidza kupinda kune system DNS marongero. Kana, mushure mekugonesa DoH, pane matambudziko ekutumira zvikumbiro kune server yeDoH (semuenzaniso, nekuda kwekuvharika kwayo, network yekubatanidza kana kutadza), bhurawuza inongodzosa iyo DNS marongero.
Chinangwa chekuedza ndechekupedzisira kuyedza kushandiswa kweDoH uye kudzidza mabatiro ekushandisa DoH pakuita. Zvinofanira kucherechedzwa kuti chokwadi tsigiro yeDoH yaive muChrome codebase kumashure muna Kukadzi, asi kugadzirisa nekugonesa DoH kutanga Chrome nemureza wakakosha uye sarudzo dzisiri pachena.
Ngatiyeukei kuti DoH inogona kubatsira kudzivirira kubuda kweruzivo nezve akakumbirwa mazita ekugamuchira kuburikidza nemaseva eDNS evanopa, kurwisa MITM kurwiswa uye DNS traffic spoofing (semuenzaniso, kana uchibatanidza kune yeruzhinji Wi-Fi), kuverengera kuvharira paDNS. nhanho (DoH haigone kutsiva VPN munzvimbo yekupfuura nekuvharira kunoitwa padanho reDPI) kana kuronga basa kana zvisingaite kuwana zvakananga DNS maseva (semuenzaniso, paunenge uchishanda kuburikidza neproxy). Kana zviri zvakajairika zvikumbiro zveDNS zvakatumirwa zvakananga kumaseva eDNS anotsanangurwa mukugadziriswa kwehurongwa, saka mune yeDoH, chikumbiro chekuona iyo IP kero yakavharirwa muHTTPS traffic uye inotumirwa kuHTTP server, uko kunogadzirisa maitiro. zvikumbiro kuburikidza neWebhu API. Iyo iripo DNSSEC chiyero inoshandisa encryption chete kuratidza mutengi uye server, asi haidzivirire traffic kubva pakubata uye haivimbisi kuvanzika kwezvikumbiro.
Source: opennet.ru