Abaphuhlisi beFirefox
Emva kokuvula i-DoH, isilumkiso siboniswa kumsebenzisi, esivumela, ukuba uyanqweneleka, ukwala ukuqhagamshelana neeseva ze-DNS ze-DoH ezisembindini kunye nokubuyela kwisikimu sesiqhelo sokuthumela imibuzo engafihlwanga kwiseva ye-DNS yomnikezeli. Endaweni yeziseko ezingundoqo ezisasazwayo zabasombululi be-DNS, i-DoH isebenzisa isibophelelo kwinkonzo ethile ye-DoH, enokuthi ithathwe njengenqaku elinye lokusilela. Okwangoku, umsebenzi unikezelwa ngababoneleli be-DNS ababini - CloudFlare (engagqibekanga) kunye
Guqula umboneleli okanye uvale i-DoH
Masikhumbule ukuba i-DoH inokuba luncedo ekuthinteleni ukuvuza kolwazi malunga namagama aceliwe abamba umkhosi ngokusebenzisa iiseva ze-DNS zababoneleli, ukulwa nokuhlaselwa kwe-MITM kunye ne-DNS ye-traffic spoofing (umzekelo, xa uqhagamshela kwi-Wi-Fi yoluntu), ukubala ukuthintela kwi-DNS. inqanaba (i-DoH ayinakuthatha indawo ye-VPN kwindawo yokudlula ibhlokhi ephunyezwe kwinqanaba le-DPI) okanye ukulungelelanisa umsebenzi ukuba akunakwenzeka ukufikelela ngokuthe ngqo kwiiseva ze-DNS (umzekelo, xa usebenza nge-proxy). Ukuba kwimeko eqhelekileyo izicelo ze-DNS zithunyelwa ngokuthe ngqo kwiiseva ze-DNS ezichazwe kuqwalaselo lwenkqubo, ngoko kwimeko ye-DoH, isicelo sokugqiba idilesi ye-IP yomninimzi sifakwe kwi-traffic ye-HTTPS kwaye sithunyelwe kumncedisi we-HTTP, apho inkqubo yokusombulula. izicelo ngeWeb API. Umgangatho okhoyo we-DNSSEC usebenzisa i-encryption kuphela ukuqinisekisa umxhasi kunye neseva, kodwa ayikhuseli i-traffic kwi-interception kwaye ayiqinisekisi ubumfihlo bezicelo.
Ukukhetha ababoneleli beDoH ababonelelwe kwiFirefox,
I-DoH kufuneka isetyenziswe ngobunono. Umzekelo, kwiRussian Federation, iidilesi ze-IP 104.16.248.249 kunye 104.16.249.249 ezinxulumene neseva ye-DoH engagqibekanga mozilla.cloudflare-dns.com enikezelwa kwiFirefox,
I-DoH inokubangela iingxaki kwimimandla efana neenkqubo zolawulo lwabazali, ukufikelela kwiindawo zamagama zangaphakathi kwiinkqubo zequmrhu, ukukhetha iindlela kwiinkqubo zokuphucula ukuhanjiswa komxholo, kunye nokuthotyelwa kwemiyalelo yenkundla kwindawo yokulwa nokusasazwa komxholo ongekho mthethweni kunye nokusetyenziswa kakubi abantwana. Ukuthintela iingxaki ezinjalo, inkqubo yokutshekisha iye yaphunyezwa yaza yavavanywa eyenza i-DoH ingasebenzi ngokuzenzekelayo phantsi kweemeko ezithile.
Ukuchonga izisombululi zeshishini, imimandla engaqhelekanga yenqanaba lokuqala (TLDs) iyajongwa kwaye isisombululi senkqubo sibuyisela iidilesi ze-intranet. Ukugqiba ukuba ngaba ukulawulwa kwabazali kunikwe amandla, kwenziwa inzame yokusombulula igama elithi exampleadultsite.com kwaye ukuba isiphumo asihambelani ne-IP yangempela, kuthathwa ukuba ukuvimba umxholo wabantu abadala kuyasebenza kwinqanaba le-DNS. Iidilesi ze-IP zikaGoogle kunye ne-YouTube zikwajongiwe njengeempawu ukubona ukuba endaweni yazo kufakwe restrict.youtube.com, forcesafesearch.google.com kunye ne-restrictmoderate.youtube.com. Olu vavanyo luvumela abahlaseli abalawula ukusebenza kwesisombululi okanye abakwaziyo ukuphazamisana netrafikhi ukuze balinganise ukuziphatha okunjalo ukuvala uguqulelo oluntsonkothileyo lwetrafikhi ye-DNS.
Ukusebenza ngenkonzo enye ye-DoH nako kunokukhokelela kwiingxaki zokulungiswa kwe-traffic kuthungelwano lonikezelo lomxholo olulinganisa i-traffic usebenzisa i-DNS (iseva ye-DNS yenethiwekhi ye-CDN ivelisa impendulo ethathela ingqalelo idilesi yomxazululi kwaye inikezela ngoyena mntu ukufutshane ukufumana umxholo). Ukuthumela umbuzo we-DNS ukusuka kumsombululi okufutshane nomsebenzisi kwezo CDN iziphumo zokubuyisela idilesi yenginginya ekufutshane kumsebenzisi, kodwa ukuthumela umbuzo we-DNS osuka kwisisombululo esiphakathi kuya kubuyisela idilesi yenginginya ekufutshane kwiseva ye-DNS-phezu kwe-HTTPS. . Uvavanyo ekusebenzeni lubonise ukuba ukusetyenziswa kwe-DNS-over-HTTP xa usebenzisa i-CDN kukhokelela ekubeni kungabikho kulibaziseka ngaphambi kokuba kuqale ukuhanjiswa komxholo (ukunxibelelana ngokukhawuleza, ukulibaziseka akuzange kudlule i-10 millisecond, kwaye nokusebenza ngokukhawuleza kwabonwa kwiindlela zonxibelelwano ezicothayo. ). Ukusetyenziswa kwe-EDNS Client Subnet extension kwacatshangelwa ukubonelela ngolwazi lwendawo yomxhasi kwi-CDN solver.
umthombo: opennet.ru