uphando malunga nokuqala kokufakwa ngokwezigaba (DoH, DNS phezu kwe-HTTPS) kubasebenzisi be-Chrome 85 abasebenzisa iqonga le-Android. Imowudi iya kwenziwa isebenze ngokuthe ngcembe, igubungela abasebenzisi abaninzi nangakumbi. Ngaphambili kwi Ukuvumela i-DNS-over-HTTPS kubasebenzisi bedesktop kuqalile.
I-DNS-over-HTTPS iya kwenziwa isebenze ngokuzenzekelayo kubasebenzisi abaseto zabo zichaza ababoneleli be-DNS abaxhasa obu buchwepheshe (kwi-DNS-over-HTTPS umboneleli ofanayo usetyenziswa njenge-DNS). Umzekelo, ukuba umsebenzisi une-DNS 8.8.8.8 echazwe kwiisetingi zenkqubo, ngoko inkonzo ye-DNS-over-HTTPS kaGoogle (βhttps://dns.google.com/dns-queryβ) iya kuvulwa kwiChrome ukuba iDNS yi-1.1.1.1 , ngoko inkonzo ye-DNS-over-HTTPS Cloudflare ("https://cloudflare-dns.com/dns-query"), njl.
Ukuphelisa iingxaki ngokusombulula iinethiwekhi ze-intranet zenkampani, i-DNS-over-HTTPS ayisetyenziswanga xa kumiselwa ukusetyenziswa kwesikhangeli kwiinkqubo ezilawulwa ngumbindi. I-DNS-over-HTTPS nayo ivaliwe xa iinkqubo zolawulo lwabazali zifakiwe. Kwimeko yokungaphumeleli ekusebenzeni kwe-DNS-over-HTTPS, kunokwenzeka ukubuyisela umva izicwangciso kwi-DNS eqhelekileyo. Ukulawula ukusebenza kwe-DNS-over-HTTPS, iinketho ezikhethekileyo zongezwe kwiisethingi zesiphequluli ezikuvumela ukuba ukhubaze i-DNS-over-HTTPS okanye ukhethe umboneleli owahlukileyo.
Masikhumbule ukuba i-DNS-over-HTTPS inokuba luncedo ekuthinteleni ukuvuza kolwazi malunga namagama aceliweyo abamba iiseva ngeeseva ze-DNS zababoneleli, ukulwa nokuhlaselwa kwe-MITM kunye ne-DNS traffic spoofing (umzekelo, xa uqhagamshela kwi-Wi-Fi yoluntu), ukubala. ukuvimba kwinqanaba le-DNS (i-DNS-over-HTTPS ayinakuthatha indawo ye-VPN kwi-blocking blocking ephunyezwe kwinqanaba le-DPI) okanye ukulungelelanisa umsebenzi xa kungenakwenzeka ukufikelela ngokuthe ngqo kwiiseva ze-DNS (umzekelo, xa usebenza nge-proxy). Ukuba kwimeko yesiqhelo izicelo ze-DNS zithunyelwa ngokuthe ngqo kwiiseva ze-DNS ezichazwe kuqwalaselo lwenkqubo, ngoko kwimeko ye-DNS-over-HTTPS isicelo sokumisela idilesi ye-IP yomkhosi ifakwe kwi-traffic ye-HTTPS kwaye ithunyelwe kumncedisi we-HTTP, apho umsombululi uqhuba izicelo ngeWeb API. Umgangatho okhoyo we-DNSSEC usebenzisa i-encryption kuphela ukuqinisekisa umxhasi kunye neseva, kodwa ayikhuseli i-traffic kwi-interception kwaye ayiqinisekisi ubumfihlo bezicelo.
umthombo: opennet.ru