Imibutho yorhwebo , ΠΈ , ukukhusela umdla wababoneleli be-Intanethi, kwiNkomfa yase-US ngesicelo sokunikela ingqalelo kwingxaki yokuphunyezwa kwe-"DNS phezu kwe-HTTPS" (i-DoH, i-DNS phezu kwe-HTTPS) kunye nesicelo esivela kuGoogle ulwazi oluthe kratya malunga nezicwangciso zangoku nezexesha elizayo ukwenzela ukuba i-DoH isebenze kwiimveliso zayo, ngokunjalo Fumana isibophelelo sokwenza ukuba kungabikho indawo esembindini ngokungagqibekanga Ukusetyenzwa kwezicelo ze-DNS kwi-Chrome kunye ne-Android ngaphandle kwengxoxo epheleleyo yangaphambili kunye namanye amalungu e-ecosystem kunye nokuthathela ingqalelo iziphumo ezibi ezinokubakho.
Ukuqonda isibonelelo esipheleleyo sokusebenzisa uguqulelo oluntsonkothileyo lwetrafikhi ye-DNS, imibutho ikubona kungamkelekanga ukugxila kulawulo lwesisombululo samagama ngakwisandla esinye kunye nokudibanisa le ndlela ngokungagqibekanga kwiinkonzo ze-DNS ezisembindini. Ngokukodwa, kuxoxwa ukuba uGoogle ujonge ukwazisa i-DoH ngokungagqibekanga kwi-Android kunye neChrome, ethi, ukuba ibotshelelwe kwiiseva zikaGoogle, iya kwaphula ubume besiseko se-DNS kwaye yenze inqaku elinye lokusilela.
Ekubeni iChrome kunye ne-Android zilawula imarike, ukuba zinyanzelisa iiseva zabo ze-DoH, uGoogle uya kuba nakho ukulawula uninzi lwabasebenzisi be-DNS query query. Ukongeza ekunciphiseni ukuthembeka kweziseko ezingundoqo, inyathelo elinjalo liya kunika iGoogle inzuzo engafanelekanga ngaphezu kwabakhuphisana nabo, ekubeni inkampani iya kufumana ulwazi olongezelelweyo malunga nezenzo zabasebenzisi, ezinokuthi zisetyenziswe ukulandelela umsebenzi wabasebenzisi kunye nokukhetha intengiso efanelekileyo.
I-DoH inokuphazamisana nemimandla efana neenkqubo zolawulo lwabazali, ukufikelela kwizithuba zamagama zangaphakathi kwiinkqubo zamashishini, iindlela kwiisistim zokuphucula ukuhanjiswa kwesiqulatho, kunye nokuthotyelwa kwemiyalelo yenkundla echasene nokusasazwa komxholo ongekho mthethweni kunye noxhatshazo lwabantwana. I-DNS spoofing ikwasetyenziswa rhoqo ukuqondisa abasebenzisi kwiphepha elinolwazi malunga nokuphela kwemali kumbhalisi okanye ukungena kwinethiwekhi engenazingcingo.
uphando , ukuba uloyiko alunasiseko, kuba ayizukwenza i-DoH ngokungagqibekanga kwiChrome nakwi-Android. Kwi-Chrome 78, i-DoH iya kwenziwa isebenze ngokungagqibekanga kuphela kubasebenzisi abaneseto zabo ziqwalaselwe ngababoneleli be-DNS ababonelela ngokhetho lokusebenzisa i-DoH njengenye indawo ye-DNS yemveli. Kwabo basebenzisa iiseva ze-DNS ezibonelelwe nge-ISP yendawo, imibuzo ye-DNS iya kuqhubeka ithunyelwa nge-sombululi yenkqubo. Ezo. Izenzo zikaGoogle zikhawulelwe ekutshintsheni umnikezeli wangoku ngenkonzo elinganayo ukutshintshela kwindlela ekhuselekileyo yokusebenza neDNS. Ukubandakanywa kovavanyo lwe-DoH kukwabekelwe iFirefox, kodwa ngokungafaniyo neGoogle, iMozilla iseva ye-DNS engagqibekanga yi-CloudFlare. Le ndlela sele ibangele ukusuka kwiprojekthi ye-OpenBSD.
Masikhumbule ukuba i-DoH inokuba luncedo ekuthinteleni ukuvuza kolwazi malunga namagama aceliwe abamba umkhosi ngokusebenzisa iiseva ze-DNS zababoneleli, ukulwa nokuhlaselwa kwe-MITM kunye ne-DNS ye-traffic spoofing (umzekelo, xa uqhagamshela kwi-Wi-Fi yoluntu), ukubala ukuthintela kwi-DNS. inqanaba (i-DoH ayinakuthatha indawo ye-VPN kwindawo yokudlula ibhlokhi ephunyezwe kwinqanaba le-DPI) okanye ukulungelelanisa umsebenzi ukuba akunakwenzeka ukufikelela ngokuthe ngqo kwiiseva ze-DNS (umzekelo, xa usebenza nge-proxy).
Ukuba kwimeko eqhelekileyo izicelo ze-DNS zithunyelwa ngokuthe ngqo kwiiseva ze-DNS ezichazwe kuqwalaselo lwenkqubo, ngoko kwimeko ye-DoH, isicelo sokugqiba idilesi ye-IP yomninimzi sifakwe kwi-traffic ye-HTTPS kwaye sithunyelwe kumncedisi we-HTTP, apho inkqubo yokusombulula. izicelo ngeWeb API. Umgangatho okhoyo we-DNSSEC usebenzisa i-encryption kuphela ukuqinisekisa umxhasi kunye neseva, kodwa ayikhuseli i-traffic kwi-interception kwaye ayiqinisekisi ubumfihlo bezicelo. Okwangoku malunga inkxaso ku-DoH.
umthombo: opennet.ru