Shirkadda Mozilla heshiis lala galo bixiyeyaasha saddexaad ee DNS ee HTTPS (DoH, DNS over HTTPS) ee Firefox. Marka lagu daro adeegayaasha DNS ee hore loo bixiyay CloudFlare ("https://1.1.1.1/dns-query") iyo (), adeega Comcast waxa kale oo lagu dari doonaa goobaha (https://doh.xfinity.com/dns-query). Daar DoH oo dooro goobaha isku xirka shabakada
Aynu xasuusanno in Firefox 77 uu ku daray DNS ka badan HTTPS iyada oo macmiil kastaa soo dirayo 10 codsi oo tijaabo ah oo si toos ah u dooranaya bixiye DoH ah. Jeegaan waa in la curyaamiyo siidaynta , tan iyo markii ay isu beddeshay nooc ka mid ah weerarka DDoS ee adeegga NextDNS, kaas oo aan la qabsan karin culeyska.
Bixiyeyaasha DoH ee lagu bixiyo Firefox waxaa lagu doortay si waafaqsan Xallinta DNS ee la aamini karo, marka loo eego shaqaalaha DNS u isticmaali karo xogta la helay xallinta kaliya si loo hubiyo hawlgalka adeegga, waa inuusan kaydin diiwaannada wax ka badan 24 saacadood, uma wareejin karo xogta dhinacyada saddexaad oo ay ku qasban yihiin inay shaaciyaan macluumaadka ku saabsan hababka xogta. Adeeggu waa inuu sidoo kale ogolaado inuusan faafreeb, shaandheyn, faragelin ama xannibin taraafikada DNS, marka laga reebo xaaladaha sharcigu bixiyo.
Dhacdooyinka la xidhiidha DNS-over-HTTPS sidoo kale waa la xusi karaa Apple waxay hirgelin doontaa taageerada DNS-over-HTTPS iyo DNS-over-TLS siidaynta mustaqbalka ee iOS 14 iyo macOS 11, iyo sidoo kale taageerada kordhinta WebExtension ee Safari.
Aynu xusuusanno in DoH ay faa'iido u yeelan karto ka hortagga siidaynta macluumaadka ku saabsan magacyada martigeliyaha la codsaday iyada oo loo marayo server-yada DNS ee bixiyeyaasha, la dagaallanka weerarrada MITM iyo xajinta taraafikada DNS (tusaale ahaan, marka lagu xiro Wi-Fi dadweynaha), ka hortagga xannibaadda DNS heerka (DoH kuma beddeli karto VPN aagga ka-hortagga xannibaadda ee lagu hirgeliyay heerka DPI) ama abaabulka shaqada haddii aysan suurtagal ahayn in si toos ah loo galo server-yada DNS (tusaale ahaan, marka la adeegsanayo wakiil). Haddii xaalad caadi ah codsiyada DNS si toos ah loogu diro server-yada DNS ee lagu qeexay qaabeynta nidaamka, markaa kiiska DoH, codsiga lagu go'aaminayo cinwaanka IP-ga martida loo yahay waxaa lagu soo koobay taraafikada HTTPS waxaana loo diraa server-ka HTTP, halkaas oo xalinta xalinta. codsiyada iyada oo loo marayo API Web. Heerka DNSSEC ee jira wuxuu isticmaalaa sirta kaliya si loo xaqiijiyo macmiilka iyo server-ka, laakiin kama ilaaliyo taraafikada dhexda mana dammaanad qaadayso sirta codsiyada.
Source: opennet.ru