ProHoster > Ibhulogi > iindaba ze-intanethi > I-Mozilla iye yazisa umboneleli wesithathu we-DNS-over-HTTPS kwiFirefox

I-Mozilla iye yazisa umboneleli wesithathu we-DNS-over-HTTPS kwiFirefox

Inkampani yaseMozilla waqukumbela isivumelwano nababoneleli besithathu be-DNS ngaphezulu kwe-HTTPS (i-DoH, i-DNS ngaphezulu kwe-HTTPS) yeFirefox. Ukongeza kwiiseva ze-DNS ezazibonelelwa ngaphambili kwi-CloudFlare ("https://1.1.1.1/dns-query") kunye OkulandelayoDNS (https://dns.nextdns.io/id), inkonzo yeComcast nayo iya kufakwa kwisethingi (https://doh.xfinity.com/dns-query). Vula i-DoH kwaye ukhethe umboneleli unako kwisethingi yoqhagamshelo lwenethiwekhi.

Masikhumbule ukuba iFirefox 77 ibandakanya iDNS ngaphezulu kovavanyo lweHTTPS kunye nomxhasi ngamnye othumela izicelo zovavanyo ezili-10 aze akhethe ngokuzenzekelayo umnikezeli weDoH. Olu qwalaselo kuye kwanyanzeleka ukuba lucinywe ukukhutshwa 77.0.1, ekubeni yajika yaba luhlobo lohlaselo lwe-DDoS kwinkonzo ye-NextDNS, engakwaziyo ukumelana nomthwalo.

Ababoneleli beDoH ababonelelwa kwiFirefox bakhethwa ngokwe iimfuno kubasombululi be-DNS abathembekileyo, ngokutsho ukuba umqhubi we-DNS unokusebenzisa idatha efunyenweyo kwisisombululo kuphela ukuqinisekisa ukusebenza kwenkonzo, akufuneki agcine izingodo ngaphezu kweeyure ezingama-24, akakwazi ukudlulisela idatha kubantu besithathu kwaye unyanzelekile ukuba achaze ulwazi malunga iindlela zokucwangcisa idatha. Inkonzo kufuneka kwakhona ivume ukungabandakanyi, ukuhluza, ukuphazamisa okanye ukuvimba i-DNS traffic, ngaphandle kweemeko ezibonelelwe ngumthetho.

Iziganeko ezinxulumene ne-DNS-over-HTTPS nazo zinokuqatshelwa isigqibo I-Apple iya kuphumeza inkxaso ye-DNS-over-HTTPS kunye ne-DNS-over-TLS ekukhutshweni kwexesha elizayo le-iOS 14 kunye ne-macOS 11, ngokunjalo yongeza inkxaso yezandiso zeWebExtension kwiSafari.

Masikhumbule ukuba i-DoH inokuba luncedo ekuthinteleni ukuvuza kolwazi malunga namagama aceliwe abamba umkhosi ngokusebenzisa iiseva ze-DNS zababoneleli, ukulwa nokuhlaselwa kwe-MITM kunye ne-DNS ye-traffic spoofing (umzekelo, xa uqhagamshela kwi-Wi-Fi yoluntu), ukubala ukuthintela kwi-DNS. inqanaba (i-DoH ayinakuthatha indawo ye-VPN kwindawo yokudlula ibhlokhi ephunyezwe kwinqanaba le-DPI) okanye ukulungelelanisa umsebenzi ukuba akunakwenzeka ukufikelela ngokuthe ngqo kwiiseva ze-DNS (umzekelo, xa usebenza nge-proxy). Ukuba kwimeko eqhelekileyo izicelo ze-DNS zithunyelwa ngokuthe ngqo kwiiseva ze-DNS ezichazwe kuqwalaselo lwenkqubo, ngoko kwimeko ye-DoH, isicelo sokugqiba idilesi ye-IP yomninimzi sifakwe kwi-traffic ye-HTTPS kwaye sithunyelwe kumncedisi we-HTTP, apho inkqubo yokusombulula. izicelo ngeWeb API. Umgangatho okhoyo we-DNSSEC usebenzisa i-encryption kuphela ukuqinisekisa umxhasi kunye neseva, kodwa ayikhuseli i-traffic kwi-interception kwaye ayiqinisekisi ubumfihlo bezicelo.

umthombo: opennet.ru

Yongeza izimvo