Izinhlangano zohwebo , ΠΈ , ukuvikela izintshisekelo zabahlinzeki be-inthanethi, kuCongress yase-US ngesicelo sokunaka inkinga ngokusetshenziswa kwe-βDNS phezu kwe-HTTPSβ (DoH, DNS phezu kwe-HTTPS) kanye nesicelo esivela ku-Google imininingwane enemininingwane mayelana nezinhlelo zamanje nezesikhathi esizayo zokuvumela i-DoH emikhiqizweni yayo, kanye thola isibopho sokunganiki amandla ukubekwa endaweni eyodwa ngokuzenzakalelayo Ukucubungula izicelo ze-DNS ku-Chrome naku-Android ngaphandle kwengxoxo egcwele yangaphambilini namanye amalungu e-ecosystem futhi kucatshangelwa imiphumela engemihle engaba khona.
Ngokuqonda inzuzo yonke yokusebenzisa ukubethela kwethrafikhi ye-DNS, izinhlangano zikubona njengokungamukelekile ukugxilisa ukulawula phezu kokulungiswa kwegama ngesandla esisodwa nokuxhumanisa le nqubo ngokuzenzakalelayo kumasevisi e-DNS amaphakathi. Ikakhulukazi, kuthiwa i-Google isondela ekwethuleni i-DoH ngokuzenzakalelayo ku-Android ne-Chrome, okuthi, uma iboshelwe kumaseva e-Google, ingaphula isimo sokwehlukaniswa kwengqalasizinda ye-DNS futhi idale iphuzu elilodwa lokwehluleka.
Njengoba i-Chrome ne-Android zibusa emakethe, uma ziphoqa amaseva azo e-DoH, i-Google izokwazi ukulawula iningi lokugeleza kwemibuzo ye-DNS yomsebenzisi. Ngokungeziwe ekwehliseni ukwethembeka kwengqalasizinda, umnyakazo onjalo uzophinde unikeze i-Google inzuzo engalungile ngaphezu kwezimbangi zayo, njengoba inkampani izothola ulwazi olwengeziwe mayelana nezenzo zabasebenzisi, ezingasetshenziswa ukulandelela umsebenzi wabasebenzisi nokukhetha ukukhangisa okufanelekile.
I-DoH ingase futhi iphazamise izindawo ezifana nezinhlelo zokulawula abazali, ukufinyelela ezindaweni zamagama zangaphakathi ezinhlelweni zamabhizinisi, umzila ezinhlelweni zokuthuthukisa ukulethwa kokuqukethwe, kanye nokuhambisana nemiyalelo yenkantolo emelene nokusatshalaliswa kokuqukethwe okungekho emthethweni kanye nokuxhashazwa kwezingane. I-DNS spoofing iphinde isetshenziselwe ukuqondisa kabusha abasebenzisi ekhasini elinolwazi mayelana nokuphela kwezimali kobhalisile noma ukungena kunethiwekhi engenantambo.
Google , ukuthi ukwesaba akunasisekelo, njengoba ingeke inike amandla i-DoH ngokuzenzakalelayo ku-Chrome naku-Android. Ku-Chrome 78, i-DoH izonikwa amandla ngokokuhlola ngokuzenzakalelayo kuphela kubasebenzisi labo izilungiselelo zabo ezilungiselelwe ngabahlinzeki be-DNS abanikeza inketho yokusebenzisa i-DoH njengenye indlela ye-DNS evamile. Kulabo abasebenzisa amaseva e-DNS ahlinzekwe yi-ISP, imibuzo ye-DNS izoqhubeka nokuthunyelwa ngesixazululi sesistimu. Labo. Izenzo ze-Google zikhawulelwe ekumiseleni umhlinzeki wamanje ngesevisi efanayo ukuze ashintshele endleleni evikelekile yokusebenza ne-DNS. Ukufakwa kokuhlola kwe-DoH nakho kuhlelelwe iFirefox, kodwa ngokungafani ne-Google, i-Mozilla Iseva ye-DNS ezenzakalelayo yi-CloudFlare. Le ndlela isivele yabangela kusuka kuphrojekthi ye-OpenBSD.
Masikhumbule ukuthi i-DoH ingaba wusizo ekuvimbeleni ukuvuza kolwazi mayelana namagama aceliwe osokhaya ngokusebenzisa iziphakeli ze-DNS zabahlinzeki, ukulwa nokuhlaselwa kwe-MITM kanye nokukhwabanisa kwethrafikhi ye-DNS (isibonelo, lapho uxhuma ku-Wi-Fi yomphakathi), ukuphikisana nokuvinjwa ku-DNS. ileveli (i-DoH ayikwazi ukufaka esikhundleni se-VPN endaweni yokudlula ukuvinjwa okwenziwa ezingeni le-DPI) noma yokuhlela umsebenzi uma kungenakwenzeka ukufinyelela ngokuqondile amaseva e-DNS (isibonelo, uma usebenza ngommeleli).
Uma esimweni esivamile izicelo ze-DNS zithunyelwa ngokuqondile kumaseva e-DNS achazwe ekucushweni kwesistimu, lapho-ke esimweni se-DoH, isicelo sokunquma ikheli le-IP lomsingathi sihlanganiswa kuthrafikhi ye-HTTPS futhi sithunyelwe kuseva ye-HTTP, lapho isixazululi sicubungula khona. izicelo nge-Web API. Izinga elikhona le-DNSSEC lisebenzisa ukubethela kuphela ukuze uqinisekise iklayenti neseva, kodwa alivikeli ithrafikhi ekungeneni futhi aliqinisekisi ukugcinwa kuyimfihlo kwezicelo. Okwamanje mayelana sekela i-DoH.
Source: opennet.ru