Ukulandela
Uluhlu olumhlophe lwababoneleli be-DNS lubandakanya
Umahluko obalulekileyo ekuphunyezweni kwe-DoH kwiFirefox, eyenza i-DoH isebenze ngokuthe ngcembe
Ukuba uyanqwena, umsebenzisi angenza okanye avale i-DoH esebenzisa i-βchrome://flags/#dns-over-httpsβ useto. Iindlela ezintathu zokusebenza zixhaswa: zikhuselekile, zizenzekelayo kwaye zivaliwe. Kwimowudi "ekhuselekileyo", iinginginya zimiselwa kuphela ngokusekelwe kumaxabiso akhuselweyo agcinwe ngaphambili (afunyenwe ngoqhagamshelo olukhuselekileyo) kwaye izicelo nge-DoH yokubuyela umva kwi-DNS eqhelekileyo ayisetyenziswa. Kwimo "ezenzekelayo", ukuba i-DoH kunye ne-cache ekhuselekileyo ayifumaneki, idatha inokufunyanwa kwi-cache engakhuselekanga kwaye ifikeleleke nge-DNS yendabuko. Kwimodi "yokucima", i-cache ekwabelwana ngayo ihlolwe kuqala kwaye ukuba akukho datha, isicelo sithunyelwa nge-DNS yenkqubo. Imowudi isetwe nge
Uvavanyo lokuvumela i-DoH luza kwenziwa kuwo onke amaqonga axhaswayo kwiChrome, ngaphandle kweLinux kunye ne-iOS ngenxa yobume obungabalulekanga bokwahlulahlula useto lwesixazululi kunye nokuthintela ufikelelo kwiisetingi zeDNS zesixokelelwano. Ukuba, emva kokuvumela i-DoH, kukho iingxaki zokuthumela izicelo kwiseva ye-DoH (umzekelo, ngenxa yokuvalwa kwayo, ukuqhagamshelwa kwenethiwekhi okanye ukusilela), isikhangeli siya kubuyisela isixokelelwano izicwangciso zeDNS ngokuzenzekelayo.
Injongo yolingelo kukuvavanya okokugqibela ukuphunyezwa kwe-DoH kunye nokufunda ifuthe lokusebenzisa i-DoH ekusebenzeni. Kufuneka kuqatshelwe ukuba enyanisweni inkxaso ye-DoH yayinjalo
Masikhumbule ukuba i-DoH inokuba luncedo ekuthinteleni ukuvuza kolwazi malunga namagama aceliwe abamba umkhosi ngokusebenzisa iiseva ze-DNS zababoneleli, ukulwa nokuhlaselwa kwe-MITM kunye ne-DNS traffic spoofing (umzekelo, xa uqhagamshela kwi-Wi-Fi yoluntu), ukubala ukuthintela kwi-DNS. inqanaba (i-DoH ayinakuthatha indawo ye-VPN kwindawo yokudlula ibhlokhi ephunyezwe kwinqanaba le-DPI) okanye ukulungelelanisa umsebenzi ukuba akunakwenzeka ukufikelela ngokuthe ngqo kwiiseva ze-DNS (umzekelo, xa usebenza nge-proxy). Ukuba kwimeko eqhelekileyo izicelo ze-DNS zithunyelwa ngokuthe ngqo kwiiseva ze-DNS ezichazwe kuqwalaselo lwenkqubo, ngoko kwimeko ye-DoH, isicelo sokumisela idilesi ye-IP yomninimzi sifakwe kwi-traffic ye-HTTPS kwaye sithunyelwe kumncedisi we-HTTP, apho inkqubo yokusombulula. izicelo ngeWeb API. Umgangatho okhoyo we-DNSSEC usebenzisa i-encryption kuphela ukuqinisekisa umxhasi kunye neseva, kodwa ayikhuseli i-traffic kwi-interception kwaye ayiqinisekisi ubumfihlo bezicelo.
umthombo: opennet.ru