Daba gal Shirkadda Google ku saabsan ulajeedka in la sameeyo tijaabo lagu tijaabinayo "DNS over HTTPS" (DoH, DNS over HTTPS) hirgelinta loo sameeyay browserka Chrome. Chrome 78, oo loo qorsheeyay Oktoobar 22-keeda, wuxuu lahaan doonaa qaybo isticmaale si caadi ah in la isticmaalo DoH Kaliya isticmaalayaasha habayntooda nidaamka hadda ku qeexan bixiyeyaasha DNS qaarkood ee loo aqoonsaday inay la jaan qaadayaan DoH ayaa ka qayb qaadan doona tijaabada si ay awood ugu yeeshaan DoH.
Liiska cad ee bixiyayaasha DNS waxaa ka mid ah Google (8.8.8.8), daruur daruur ah (8.8.4.4. , 1.1.1.1) iyo DNS.SB (1.0.0.1, 208.67.222.222). Haddii goobaha adeegsadaha DNS ay sheegaan mid ka mid ah adeegayaasha DNS ee kor lagu soo sheegay, DoH ee Chrome-ka waxaa loo hawlgelin doonaa si caadi ah. Kuwa adeegsada server-yada DNS ee uu bixiyo adeeg bixiyaha internetka ee deegaanka, wax walba way ahaan doonaan kuwo aan isbeddelin oo nidaamka xallinta wuxuu sii wadi doonaa in loo isticmaalo weydiimaha DNS.
Farqi muhiim ah oo u dhexeeya hirgelinta DoH ee Firefox, kaas oo si tartiib tartiib ah awood ugu siiyay DoH si caadi ah mar horeba dhamaadka Sebtembar, waa la'aanta ku xidhidhiyaha hal adeeg oo DoH ah. Haddii aad ku jirto Firefox by default Adeegga CloudFlare DNS, ka dib Chrome ayaa kaliya cusboonaysiin doona habka lagula shaqeeyo DNS adeeg u dhigma, iyada oo aan la beddelin bixiyaha DNS. Tusaale ahaan, haddii adeegsaduhu uu leeyahay DNS 8.8.8.8 ee ku qeexan goobaha nidaamka, markaa Chrome ayaa sameyn doona Adeegga Google DoH ("https://dns.google.com/dns-query"), haddii DNS yahay 1.1.1.1, ka dibna adeegga Cloudflare DoH ("https://cloudflare-dns.com/dns-query") iyo
Haddii la rabo, isticmaaluhu wuxuu awood u yeelan karaa ama joojin karaa DoH isagoo isticmaalaya goobta "chrome://flags/#dns-over-https". Saddex qaab hawleed ayaa la taageeray: sugan, toos ah iyo off. Habka "sugan", martigeliyayaasha waxaa lagu go'aamiyaa kaliya iyadoo lagu saleynayo qiyamka hore loo kaydiyay (oo lagu helay xiriir aamin ah) iyo codsiyada DoH; dib ugu noqoshada DNS caadiga ah lama dabaqo. Qaabka βotomaatigga ahβ, haddii DoH iyo kaydka sugan aan la heli karin, xogta waxaa lagala soo bixi karaa khasnadaha amniga ah oo laga geli karaa DNS-dhaqameedka. Habka "off", kaydka la wadaago ayaa marka hore la hubiyaa oo haddii aysan jirin xog, codsiga waxaa loo diraa nidaamka DNS. Habka waxaa loo dejiyay via kDnsOverHttpsMode , iyo qaabka khariidaynta serverka iyada oo loo marayo kDnsOverHttpsTemplates.
Tijaabada lagu suurtagelinayo DoH waxaa lagu fulin doonaa dhammaan aaladaha lagu taageero Chrome, marka laga reebo Linux iyo iOS sababtoo ah dabeecadda aan yareyn ee xallinta dejinta iyo xaddidida gelitaanka nidaamka DNS settings. Haddii, ka dib markii awood loo yeesho DoH, ay jiraan dhibaatooyin u dirida codsiyada server-ka DoH (tusaale ahaan, xannibaadda, isku xirka shabakada ama fashilka), browserku wuxuu si toos ah u soo celin doonaa nidaamka DNS Settings.
Ujeedada tijaabada ayaa ah in ugu danbeyn la tijaabiyo hirgelinta DoH iyo in la barto saameynta isticmaalka DoH ee waxqabadka. Waa in la ogaadaa in dhab ahaantii taageerada DoH ay ahayd galay codebase-ka Chrome bishii Febraayo, laakiin si loo habeeyo oo loo awoodsiiyo DoH soo saarida Chrome oo leh calan gaar ah iyo xulashooyin aan muuqan.
Aynu xusuusanno in DoH ay faa'iido u yeelan karto ka hortagga siidaynta macluumaadka ku saabsan magacyada martigeliyaha la codsaday iyada oo loo marayo server-yada DNS ee bixiyeyaasha, la dagaallanka weerarrada MITM iyo xajinta taraafikada DNS (tusaale ahaan, marka lagu xiro Wi-Fi dadweynaha), ka hortagga xannibaadda DNS heerka (DoH kuma beddeli karto VPN aagga ka-hortagga xannibaadda ee lagu hirgeliyay heerka DPI) ama abaabulka shaqada haddii aysan suurtagal ahayn in si toos ah loo galo server-yada DNS (tusaale ahaan, marka la adeegsanayo wakiil). Haddii xaalad caadi ah codsiyada DNS si toos ah loogu diro server-yada DNS ee lagu qeexay qaabeynta nidaamka, markaa kiiska DoH, codsiga lagu go'aaminayo cinwaanka IP-ga martida loo yahay waxaa lagu soo koobay taraafikada HTTPS waxaana loo diraa server-ka HTTP, halkaas oo xalinta xalinta. codsiyada iyada oo loo marayo API Web. Heerka DNSSEC ee jira wuxuu isticmaalaa sirta kaliya si loo xaqiijiyo macmiilka iyo server-ka, laakiin kama ilaaliyo taraafikada dhexda mana dammaanad qaadayso sirta codsiyada.
Source: opennet.ru