Izici ezihlukahlukene zokusebenza kwe-DNS sezivele zithintwe ngokuphindaphindiwe ngumbhali ngenani le eshicilelwe njengengxenye yebhulogi. Ngesikhathi esifanayo, ukugcizelelwa okuyinhloko bekulokhu kuwukuthuthukisa ukuphepha kwale sevisi ye-inthanethi ebalulekile.
Kuze kube muva nje, naphezu kokuba sengozini okusobala kwethrafikhi ye-DNS, okusadluliselwa ngokusobala, ezenzweni ezinonya kubahlinzeki abafuna ukukhulisa imali yabo ngokushumeka ukukhangisa kokuqukethwe, izikhungo zokuphepha zikahulumeni kanye nokucwaninga, kanye nezigebengu nje, inqubo , naphezu kokuba khona kobuchwepheshe obuhlukahlukene obufana ne-DNSSEC/DANE, DNScrypt, DNS-over-TLS kanye ne-DNS-over-HTTPS, bumisiwe. Futhi uma izixazululo zeseva, futhi ezinye zazo sezinesikhathi eside zikhona, zaziwa kabanzi futhi zitholakala, ukusekelwa kwazo okuvela kwisofthiwe yeklayenti kushiya okuningi okungafunwa.
Ngenhlanhla, isimo siyashintsha. Ikakhulukazi, abathuthukisi besiphequluli esidumile seFirefox mayelana nezinhlelo zokuvumela imodi yokusekela ngokuzenzakalelayo (DoH) maduze. Lokhu kufanele kusize ukuvikela ithrafikhi ye-DNS yomsebenzisi we-WWW kusukela ezinsongweni ezingenhla, kodwa kungase kwethule ezintsha.
1. Izinkinga ze-DNS-over-HTTPS
Uma uthi nhlá, ukwethulwa kwenqwaba ye-DNS-over-HTTPS kusofthiwe ye-inthanethi kubangela ukusabela okuhle kuphela. Nokho, udeveli, njengoba besho, usemininingwaneni.
Inkinga yokuqala ekhawulela ububanzi bokusetshenziswa okubanzi kwe-DoH ukugxila kwayo kuthrafikhi yewebhu kuphela. Ngempela, iphrothokholi ye-HTTP kanye nenguqulo yayo yamanje i-HTTP/2, lapho i-DoH isekelwe khona, iyisisekelo se-WWW. Kodwa i-inthanethi akuyona nje iwebhu. Kunezinsiza eziningi ezidumile, njenge-imeyili, izithunywa ezisheshayo ezihlukahlukene, izinhlelo zokudlulisa amafayela, ukusakazwa kwe-multimedia, njll., ezingasebenzisi i-HTTP. Ngakho-ke, naphezu kombono owenziwe abaningi be-DoH njengekhambi, kuvele kungasasebenzi ngaphandle komzamo owengeziwe (nongenasidingo) wanoma yini enye ngaphandle kobuchwepheshe besiphequluli. Kodwa-ke, i-DNS-over-TLS ibukeka njengekhandidethi elifaneleka kakhulu kule ndima, esebenzisa ukufakwa kwethrafikhi ye-DNS ejwayelekile kuphrothokholi evikelekile ye-TLS.
Inkinga yesibili, okungenzeka ibaluleke kakhulu kuneyokuqala, ukulahlwa kwangempela kokuhlukaniswa okungokwemvelo kwe-DNS ngokuklama ukuze kusetshenziswe iseva ye-DoH eyodwa ecaciswe kuzilungiselelo zesiphequluli. Ikakhulukazi, i-Mozilla iphakamisa ukusebenzisa isevisi evela ku-Cloudflare. Isevisi efanayo iphinde yethulwa ngabanye abantu abavelele be-inthanethi, ikakhulukazi i-Google. Kuvele ukuthi ukuqaliswa kwe-DNS-over-HTTPS ngendlela ehlongozwayo okwamanje kwandisa kuphela ukuncika kwabasebenzisi bokugcina kumasevisi amakhulu kakhulu. Akuyona imfihlo ukuthi ulwazi olunganikezwa ukuhlaziywa kwemibuzo ye-DNS lungaqoqa idatha eyengeziwe mayelana nayo, futhi kukhuphule ukunemba nokufaneleka kwayo.
Ngokuphathelene nalokhu, umbhali wayengumsekeli wokusetshenziswa okukhulu hhayi kwe-DNS-over-HTTPS, kodwa ye-DNS-over-TLS kanye ne-DNSSEC/DANE njengendlela yendawo yonke, evikelekile futhi engabangeli ukuqhubekisela phambili ukufakwa phakathi kwezindlela ze-inthanethi. ukuze uqinisekise ukuphepha kwethrafikhi ye-DNS. Ngeshwa, ngenxa yezizathu ezisobala, umuntu akanakulindela ukwethulwa okusheshayo kokusekelwa ngobuningi kwezinye izindlela ze-DoH zibe isofthiwe yamakhasimende, futhi kuseyisizinda sabathandi bobuchwepheshe bezokuphepha.
Kodwa njengoba manje sesine-DoH, kungani singayisebenzisi ngemva kokweqa ukugadwa okungenzeka yizinkampani ngamaseva azo siye kuseva yethu ye-DNS-over-HTTPS?
2. Iphrothokholi ye-DNS-over-HTTPS
Uma ubheka izinga echaza iphrothokholi ye-DNS-over-HTTPS, uyabona ukuthi empeleni iyi-API yewebhu ekuvumela ukuthi uhlanganise iphakheji ye-DNS ejwayelekile kuphrothokholi ye-HTTP/2. Lokhu kwenziwa ngezihloko ezikhethekile ze-HTTP, kanye nokuguqulwa kwefomethi kanambambili yedatha ye-DNS edluliselwe (bona. kanye nemibhalo elandelayo) ibe ifomu elikuvumela ukuthi uyidlulisele futhi uyithole, kanye nokusebenza ngemethadatha edingekayo.
Ngokwezinga, i-HTTP/2 kuphela noxhumo oluvikelekile lwe-TLS okusekelwayo.
Ukuthumela isicelo se-DNS kungenziwa kusetshenziswa izindlela ezijwayelekile ze-GET ne-POST. Esimeni sokuqala, isicelo siguqulwa sibe iyunithi yezinhlamvu e-base64URL enekhodi, futhi kwesibili, ngendikimba yesicelo se-THUMELA ngendlela kanambambili. Kulokhu, uhlobo olukhethekile lwedatha ye-MIME lusetshenziswa phakathi nesicelo nempendulo ye-DNS application/dns-message.
root@eprove:~ # curl -H 'accept: application/dns-message' 'https://my.domaint/dns-query?dns=q80BAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE' -v
* Trying 2001:100:200:300::400:443...
* TCP_NODELAY set
* Connected to eprove.net (2001:100:200:300::400) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /usr/local/share/certs/ca-root-nss.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=my.domain
* start date: Jul 22 00:07:13 2019 GMT
* expire date: Oct 20 00:07:13 2019 GMT
* subjectAltName: host "my.domain" matched cert's "my.domain"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x801441000)
> GET /dns-query?dns=q80BAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE HTTP/2
> Host: eprove.net
> User-Agent: curl/7.65.3
> accept: application/dns-message
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< server: h2o/2.3.0-beta2
< content-type: application/dns-message
< cache-control: max-age=86274
< date: Thu, 12 Sep 2019 13:07:25 GMT
< strict-transport-security: max-age=15768000; includeSubDomains; preload
< content-length: 45
<
Warning: Binary output can mess up your terminal. Use "--output -" to tell
Warning: curl to output it to your terminal anyway, or consider "--output
Warning: <FILE>" to save to a file.
* Failed writing body (0 != 45)
* stopped the pause stream!
* Connection #0 to host eprove.net left intactNaka nesihloko isilawuli senqolobane: empendulweni evela kuseva yewebhu. Kupharamitha iminyaka eminingi iqukethe inani le-TTL lerekhodi le-DNS elibuyiswayo (noma inani eliphansi uma isethi yawo ibuyiswa).
Ngokusekelwe kulokhu okungenhla, ukusebenza kweseva ye-DoH kunezigaba ezimbalwa.
- Thola isicelo se-HTTP. Uma lena kuyi-GET bese ukhipha ikhodi kusuka ekubhalweni ngekhodi kwe-base64URL.
- Thumela leli phakethe kuseva ye-DNS.
- Thola impendulo kuseva ye-DNS
- Thola ubuncane bevelu ye-TTL kumarekhodi atholiwe.
- Buyisa impendulo kuklayenti nge-HTTP.
3. Iseva yakho ye-DNS-over-HTTPS
Indlela elula, eshesha kakhulu futhi ephumelela kakhulu yokusebenzisa iseva yakho ye-DNS-over-HTTPS ukusebenzisa iseva yewebhu ye-HTTP/2. , umbhali asebhale ngakho kafushane (bona “").
Lokhu kukhetha kusekelwa iqiniso lokuthi yonke ikhodi yeseva yakho ye-DoH ingenziwa ngokugcwele kusetshenziswa umhumushi ohlanganiswe ku-H2O uqobo. . Ngaphezu kwemitapo yolwazi ejwayelekile, ukushintshanisa idatha neseva ye-DNS, udinga (mrbgem) umtapo wezincwadi we-Socket, ngenhlanhla, osuvele ufakiwe enguqulweni yamanje yokuthuthukisa ye-H2O 2.3.0-beta2 kumachweba we-FreeBSD. Kodwa-ke, akunzima ukuyengeza kunoma iyiphi inguqulo yangaphambilini ngokuhlanganisa indawo yokugcina kukhathalogi /deps ngaphambi kokuhlanganiswa.
root@beta:~ # uname -v
FreeBSD 12.0-RELEASE-p10 GENERIC
root@beta:~ # cd /usr/ports/www/h2o
root@beta:/usr/ports/www/h2o # make extract
===> License MIT BSD2CLAUSE accepted by the user
===> h2o-2.2.6 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by h2o-2.2.6 for building
===> Extracting for h2o-2.2.6.
=> SHA256 Checksum OK for h2o-h2o-v2.2.6_GH0.tar.gz.
===> h2o-2.2.6 depends on file: /usr/local/bin/ruby26 - found
root@beta:/usr/ports/www/h2o # cd work/h2o-2.2.6/deps/
root@beta:/usr/ports/www/h2o/work/h2o-2.2.6/deps # git clone https://github.com/iij/mruby-socket.git
Клонирование в «mruby-socket»…
remote: Enumerating objects: 385, done.
remote: Total 385 (delta 0), reused 0 (delta 0), pack-reused 385
Получение объектов: 100% (385/385), 98.02 KiB | 647.00 KiB/s, готово.
Определение изменений: 100% (208/208), готово.
root@beta:/usr/ports/www/h2o/work/h2o-2.2.6/deps # ll
total 181
drwxr-xr-x 9 root wheel 18 12 авг. 16:09 brotli/
drwxr-xr-x 2 root wheel 4 12 авг. 16:09 cloexec/
drwxr-xr-x 2 root wheel 5 12 авг. 16:09 golombset/
drwxr-xr-x 4 root wheel 35 12 авг. 16:09 klib/
drwxr-xr-x 2 root wheel 5 12 авг. 16:09 libgkc/
drwxr-xr-x 4 root wheel 26 12 авг. 16:09 libyrmcds/
drwxr-xr-x 13 root wheel 32 12 авг. 16:09 mruby/
drwxr-xr-x 5 root wheel 11 12 авг. 16:09 mruby-digest/
drwxr-xr-x 5 root wheel 10 12 авг. 16:09 mruby-dir/
drwxr-xr-x 5 root wheel 10 12 авг. 16:09 mruby-env/
drwxr-xr-x 4 root wheel 9 12 авг. 16:09 mruby-errno/
drwxr-xr-x 5 root wheel 14 12 авг. 16:09 mruby-file-stat/
drwxr-xr-x 5 root wheel 10 12 авг. 16:09 mruby-iijson/
drwxr-xr-x 5 root wheel 11 12 авг. 16:09 mruby-input-stream/
drwxr-xr-x 6 root wheel 11 12 авг. 16:09 mruby-io/
drwxr-xr-x 5 root wheel 10 12 авг. 16:09 mruby-onig-regexp/
drwxr-xr-x 4 root wheel 10 12 авг. 16:09 mruby-pack/
drwxr-xr-x 5 root wheel 10 12 авг. 16:09 mruby-require/
drwxr-xr-x 6 root wheel 10 12 сент. 16:10 mruby-socket/
drwxr-xr-x 2 root wheel 9 12 авг. 16:09 neverbleed/
drwxr-xr-x 2 root wheel 13 12 авг. 16:09 picohttpparser/
drwxr-xr-x 2 root wheel 4 12 авг. 16:09 picotest/
drwxr-xr-x 9 root wheel 16 12 авг. 16:09 picotls/
drwxr-xr-x 4 root wheel 8 12 авг. 16:09 ssl-conservatory/
drwxr-xr-x 8 root wheel 18 12 авг. 16:09 yaml/
drwxr-xr-x 2 root wheel 8 12 авг. 16:09 yoml/
root@beta:/usr/ports/www/h2o/work/h2o-2.2.6/deps # cd ../../..
root@beta:/usr/ports/www/h2o # make install clean
...Ukucushwa kweseva yewebhu kuvame ukujwayelekile.
root@beta:/usr/ports/www/h2o # cd /usr/local/etc/h2o/
root@beta:/usr/local/etc/h2o # cat h2o.conf
# this sample config gives you a feel for how h2o can be used
# and a high-security configuration for TLS and HTTP headers
# see https://h2o.examp1e.net/ for detailed documentation
# and h2o --help for command-line options and settings
# v.20180207 (c)2018 by Max Kostikov http://kostikov.co e-mail: [email protected]
user: www
pid-file: /var/run/h2o.pid
access-log:
path: /var/log/h2o/h2o-access.log
format: "%h %v %l %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i""
error-log: /var/log/h2o/h2o-error.log
expires: off
compress: on
file.dirlisting: off
file.send-compressed: on
file.index: [ 'index.html', 'index.php' ]
listen:
port: 80
listen:
port: 443
ssl:
cipher-suite: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
cipher-preference: server
dh-file: /etc/ssl/dhparams.pem
certificate-file: /usr/local/etc/letsencrypt/live/eprove.net/fullchain.pem
key-file: /usr/local/etc/letsencrypt/live/my.domain/privkey.pem
hosts:
"*.my.domain":
paths: &go_tls
"/":
redirect:
status: 301
url: https://my.domain/
"my.domain:80":
paths: *go_tls
"my.domain:443":
header.add: "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload"
paths:
"/dns-query":
mruby.handler-file: /usr/local/etc/h2o/h2odoh.rbOkuhlukile kuphela isibambi se-URL /dns-query lapho iseva yethu ye-DNS-over-HTTPS, ebhalwe nge-mruby futhi ebizwa ngenketho yesibambi, empeleni inesibopho mruby.handler-file.
root@beta:/usr/local/etc/h2o # cat h2odoh.rb
# H2O HTTP/2 web server as DNS-over-HTTP service
# v.20190908 (c)2018-2019 Max Kostikov https://kostikov.co e-mail: [email protected]
proc {|env|
if env['HTTP_ACCEPT'] == "application/dns-message"
case env['REQUEST_METHOD']
when "GET"
req = env['QUERY_STRING'].gsub(/^dns=/,'')
# base64URL decode
req = req.tr("-_", "+/")
if !req.end_with?("=") && req.length % 4 != 0
req = req.ljust((req.length + 3) & ~3, "=")
end
req = req.unpack1("m")
when "POST"
req = env['rack.input'].read
else
req = ""
end
if req.empty?
[400, { 'content-type' => 'text/plain' }, [ "Bad Request" ]]
else
# --- ask DNS server
sock = UDPSocket.new
sock.connect("localhost", 53)
sock.send(req, 0)
str = sock.recv(4096)
sock.close
# --- find lowest TTL in response
nans = str[6, 2].unpack1('n') # number of answers
if nans > 0 # no DNS failure
shift = 12
ttl = 0
while nans > 0
# process domain name compression
if str[shift].unpack1("C") < 192
shift = str.index("x00", shift) + 5
if ttl == 0 # skip question section
next
end
end
shift += 6
curttl = str[shift, 4].unpack1('N')
shift += str[shift + 4, 2].unpack1('n') + 6 # responce data size
if ttl == 0 or ttl > curttl
ttl = curttl
end
nans -= 1
end
cc = 'max-age=' + ttl.to_s
else
cc = 'no-cache'
end
[200, { 'content-type' => 'application/dns-message', 'content-length' => str.size, 'cache-control' => cc }, [ str ] ]
end
else
[415, { 'content-type' => 'text/plain' }, [ "Unsupported Media Type" ]]
end
}Sicela uqaphele ukuthi iseva yendawo yokugcina isikhashana inesibopho sokucubungula amaphakethe e-DNS, kulokhu kusukela ekusabalaliseni okujwayelekile kwe-FreeBSD. Ngokombono wezokuphepha, lesi yisixazululo esilungile. Kodwa-ke, akukho okukuvimbela ukuthi umiselele localhost ekhelini elihlukile le-DNS ohlose ukulisebenzisa.
root@beta:/usr/local/etc/h2o # local-unbound verison
usage: local-unbound [options]
start unbound daemon DNS resolver.
-h this help
-c file config file to read instead of /var/unbound/unbound.conf
file format is described in unbound.conf(5).
-d do not fork into the background.
-p do not create a pidfile.
-v verbose (more times to increase verbosity)
Version 1.8.1
linked libs: mini-event internal (it uses select), OpenSSL 1.1.1a-freebsd 20 Nov 2018
linked modules: dns64 respip validator iterator
BSD licensed, see LICENSE in source package for details.
Report bugs to [email protected]
root@eprove:/usr/local/etc/h2o # sockstat -46 | grep unbound
unbound local-unbo 69749 3 udp6 ::1:53 *:*
unbound local-unbo 69749 4 tcp6 ::1:53 *:*
unbound local-unbo 69749 5 udp4 127.0.0.1:53 *:*
unbound local-unbo 69749 6 tcp4 127.0.0.1:53 *:*Okusele ukuqala kabusha i-H2O futhi ubone ukuthi yini eza kuyo.
root@beta:/usr/local/etc/h2o # service h2o restart
Stopping h2o.
Waiting for PIDS: 69871.
Starting h2o.
start_server (pid:70532) starting now...4. Ukuhlola
Ngakho-ke, ake sihlole imiphumela ngokuthumela isicelo sokuhlola futhi futhi sibheke ithrafikhi yenethiwekhi sisebenzisa insiza tcpdump.
root@beta/usr/local/etc/h2o # curl -H 'accept: application/dns-message' 'https://my.domain/dns-query?dns=q80BAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE'
Warning: Binary output can mess up your terminal. Use "--output -" to tell
Warning: curl to output it to your terminal anyway, or consider "--output
Warning: <FILE>" to save to a file.
...
root@beta:~ # tcpdump -n -i lo0 udp port 53 -xx -XX -vv
tcpdump: listening on lo0, link-type NULL (BSD loopback), capture size 262144 bytes
16:32:40.420831 IP (tos 0x0, ttl 64, id 37575, offset 0, flags [none], proto UDP (17), length 57, bad cksum 0 (->e9ea)!)
127.0.0.1.21070 > 127.0.0.1.53: [bad udp cksum 0xfe38 -> 0x33e3!] 43981+ A? example.com. (29)
0x0000: 0200 0000 4500 0039 92c7 0000 4011 0000 ....E..9....@...
0x0010: 7f00 0001 7f00 0001 524e 0035 0025 fe38 ........RN.5.%.8
0x0020: abcd 0100 0001 0000 0000 0000 0765 7861 .............exa
0x0030: 6d70 6c65 0363 6f6d 0000 0100 01 mple.com.....
16:32:40.796507 IP (tos 0x0, ttl 64, id 37590, offset 0, flags [none], proto UDP (17), length 73, bad cksum 0 (->e9cb)!)
127.0.0.1.53 > 127.0.0.1.21070: [bad udp cksum 0xfe48 -> 0x43fa!] 43981 q: A? example.com. 1/0/0 example.com. A 93.184.216.34 (45)
0x0000: 0200 0000 4500 0049 92d6 0000 4011 0000 ....E..I....@...
0x0010: 7f00 0001 7f00 0001 0035 524e 0035 fe48 .........5RN.5.H
0x0020: abcd 8180 0001 0001 0000 0000 0765 7861 .............exa
0x0030: 6d70 6c65 0363 6f6d 0000 0100 01c0 0c00 mple.com........
0x0040: 0100 0100 0151 8000 045d b8d8 22 .....Q...].."
^C
2 packets captured
23 packets received by filter
0 packets dropped by kernelOkukhiphayo kubonisa indlela isicelo sokuxazulula ngayo ikheli isibonelo.com yamukelwe futhi yacutshungulwa ngempumelelo iseva ye-DNS.
Manje okusele wukwenza iseva yethu isebenze esipheqululini seFirefox. Ukuze wenze lokhu, udinga ukushintsha izilungiselelo eziningana emakhasini okucushwa mayelana: i-config.
Okokuqala, leli ikheli le-API yethu lapho isiphequluli sizocela khona ulwazi lwe-DNS network.trr.uri. Kuyanconywa futhi ukucacisa isizinda se-IP kusuka kule URL ukuze uthole ukulungiswa kwe-IP evikelekile usebenzisa isiphequluli ngokwaso ngaphandle kokufinyelela ku-DNS network.trr.bootstrapAddress. Futhi ekugcineni, ipharamitha ngokwayo network.trr.mode kubandakanya ukusetshenziswa kwe-DoH. Ukusetha inani ku-"3" kuzophoqa isiphequluli ukuthi sisebenzise ngokukhethekile i-DNS-over-HTTPS ukuze kulungiswe igama, kuyilapho u-"2" othembeke kakhulu futhi ovikeleke kakhudlwana uzobeka kuqala i-DoH, okushiya ukubheka kwe-DNS okujwayelekile njengenketho yokubuyela emuva.
5. INZUZO!
Ingabe lesi sihloko sibe usizo? Sicela ungabi namahloni futhi usekele ngemali ngefomu lomnikelo (ngezansi).
Source: www.habr.com