Izinhlangano zohwebo
Ngokuqonda inzuzo yonke yokusebenzisa ukubethela kwethrafikhi ye-DNS, izinhlangano zikubona njengokungamukelekile ukugxilisa ukulawula phezu kokulungiswa kwegama ngesandla esisodwa nokuxhumanisa le nqubo ngokuzenzakalelayo kumasevisi e-DNS amaphakathi. Ikakhulukazi, kuthiwa i-Google isondela ekwethuleni i-DoH ngokuzenzakalelayo ku-Android ne-Chrome, okuthi, uma iboshelwe kumaseva e-Google, ingaphula isimo sokwehlukaniswa kwengqalasizinda ye-DNS futhi idale iphuzu elilodwa lokwehluleka.
Njengoba i-Chrome ne-Android zibusa emakethe, uma ziphoqa amaseva azo e-DoH, i-Google izokwazi ukulawula iningi lokugeleza kwemibuzo ye-DNS yomsebenzisi. Ngokungeziwe ekwehliseni ukwethembeka kwengqalasizinda, umnyakazo onjalo uzophinde unikeze i-Google inzuzo engalungile ngaphezu kwezimbangi zayo, njengoba inkampani izothola ulwazi olwengeziwe mayelana nezenzo zabasebenzisi, ezingasetshenziswa ukulandelela umsebenzi wabasebenzisi nokukhetha ukukhangisa okufanelekile.
I-DoH ingase futhi iphazamise izindawo ezifana nezinhlelo zokulawula abazali, ukufinyelela ezindaweni zamagama zangaphakathi ezinhlelweni zamabhizinisi, umzila ezinhlelweni zokuthuthukisa ukulethwa kokuqukethwe, kanye nokuhambisana nemiyalelo yenkantolo emelene nokusatshalaliswa kokuqukethwe okungekho emthethweni kanye nokuxhashazwa kwezingane. I-DNS spoofing iphinde isetshenziselwe ukuqondisa kabusha abasebenzisi ekhasini elinolwazi mayelana nokuphela kwezimali kobhalisile noma ukungena kunethiwekhi engenantambo.
Google
Masikhumbule ukuthi i-DoH ingaba wusizo ekuvimbeleni ukuvuza kolwazi mayelana namagama aceliwe osokhaya ngokusebenzisa iziphakeli ze-DNS zabahlinzeki, ukulwa nokuhlaselwa kwe-MITM kanye nokukhwabanisa kwethrafikhi ye-DNS (isibonelo, lapho uxhuma ku-Wi-Fi yomphakathi), ukuphikisana nokuvinjwa ku-DNS. ileveli (i-DoH ayikwazi ukufaka esikhundleni se-VPN endaweni yokudlula ukuvinjwa okwenziwa ezingeni le-DPI) noma yokuhlela umsebenzi uma kungenakwenzeka ukufinyelela ngokuqondile amaseva e-DNS (isibonelo, uma usebenza ngommeleli).
Uma esimweni esivamile izicelo ze-DNS zithunyelwa ngokuqondile kumaseva e-DNS achazwe ekucushweni kwesistimu, lapho-ke esimweni se-DoH, isicelo sokunquma ikheli le-IP lomsingathi sihlanganiswa kuthrafikhi ye-HTTPS futhi sithunyelwe kuseva ye-HTTP, lapho isixazululi sicubungula khona. izicelo nge-Web API. Izinga elikhona le-DNSSEC lisebenzisa ukubethela kuphela ukuze uqinisekise iklayenti neseva, kodwa alivikeli ithrafikhi ekungeneni futhi aliqinisekisi ukugcinwa kuyimfihlo kwezicelo. Okwamanje mayelana
Source: opennet.ru