Abaphuhlisi beFirefox babhengeze ukwandiswa kwe-DNS ngaphezulu kwe-HTTPS (DoH) imowudi, eya kuthi yenziwe ngokungagqibekanga kubasebenzisi baseCanada (ngaphambili, i-DoH yayingagqibekanga kuphela e-US). Ukuvumela i-DoH kubasebenzisi baseKhanada yohlulwe ngokwezigaba ezininzi: NgoJulayi wama-20, i-DoH iya kuqaliswa ukuba isebenze kwi-1% yabasebenzisi baseKhanada kwaye, ngaphandle kweengxaki ezingalindelekanga, ukhuseleko luya kongezwa ukuya kwi-100% ekupheleni kukaSeptemba.
Utshintsho lwabasebenzisi beFirefox yaseKhanada ukuya kwi-DoH lwenziwa ngokuthatha inxaxheba kwe-CIRA (iGunya loBhaliso lwe-Intanethi yaseKhanada), elilawula uphuhliso lwe-Intanethi eKhanada kwaye inoxanduva lommandla okwinqanaba eliphezulu “ca”. I-CIRA iphinde yabhalisela i-TRR (i-Trusted Recursive Resolver) kwaye ingomnye wababoneleli be-DNS-over-HTTPS abakhoyo kwiFirefox.
Emva kokuvula i-DoH, isilumkiso siya kuboniswa kwisixokelelwano somsebenzisi, sivumela, ukuba siyanqweneleka, ukwala ukutshintshela kwi-DoH kwaye uqhubeke usebenzisa inkqubo yesiqhelo yokuthumela izicelo ezingafihlwanga kwiseva ye-DNS yomnikezeli. Ungatshintsha umboneleli okanye uvale i-DoH kwisethingi yoqhagamshelwano lwenethiwekhi. Ukongeza kwiiseva ze-CIRA DoH, unokukhetha iinkonzo ze-Cloudflare kunye ne-NextDNS.
Ababoneleli be-DoH ababonelelwa kwiFirefox bakhethwe ngokuhambelana neemfuno zabasombululi be-DNS abathembekileyo, ngokutsho apho umqhubi weDNS angasebenzisa idatha efunyenweyo ngesisombululo kuphela ukuqinisekisa ukusebenza kwenkonzo, akufuneki agcine amalogi ixesha elide kuneeyure ezingama-24, kwaye akanako. ukudlulisela idatha kumaqela esithathu kwaye kuyafuneka ukuba achaze ulwazi malunga neendlela zokucwangcisa idatha. Inkonzo kufuneka kwakhona ivume ukungabandakanyi, ukuhluza, ukuphazamisa okanye ukuvimba i-DNS traffic, ngaphandle kweemeko ezibonelelwe ngumthetho.
Masikhumbule ukuba i-DoH inokuba luncedo ekuthinteleni ukuvuza kolwazi malunga namagama aceliwe abamba umkhosi ngokusebenzisa iiseva ze-DNS zababoneleli, ukulwa nokuhlaselwa kwe-MITM kunye ne-DNS ye-traffic spoofing (umzekelo, xa uqhagamshela kwi-Wi-Fi yoluntu), ukubala ukuthintela kwi-DNS. inqanaba (i-DoH ayinakuthatha indawo ye-VPN kwindawo yokudlula ibhlokhi ephunyezwe kwinqanaba le-DPI) okanye ukulungelelanisa umsebenzi ukuba akunakwenzeka ukufikelela ngokuthe ngqo kwiiseva ze-DNS (umzekelo, xa usebenza nge-proxy). Ukuba kwimeko eqhelekileyo izicelo ze-DNS zithunyelwa ngokuthe ngqo kwiiseva ze-DNS ezichazwe kuqwalaselo lwenkqubo, ngoko kwimeko ye-DoH, isicelo sokugqiba idilesi ye-IP yomninimzi sifakwe kwi-traffic ye-HTTPS kwaye sithunyelwe kumncedisi we-HTTP, apho inkqubo yokusombulula. izicelo ngeWeb API. Umgangatho okhoyo we-DNSSEC usebenzisa i-encryption kuphela ukuqinisekisa umxhasi kunye neseva, kodwa ayikhuseli i-traffic kwi-interception kwaye ayiqinisekisi ubumfihlo bezicelo.
umthombo: opennet.ru