Inkampani yeMozilla
Masikhumbule ukuthi iFirefox 77 ifake i-DNS phezu kokuhlolwa kwe-HTTPS lapho iklayenti ngalinye lithumela izicelo zokuhlolwa eziyi-10 futhi likhetha ngokuzenzakalelayo umhlinzeki we-DoH. Lokhu kuhlola kudingeke ukuthi kukhutshazwe ekukhishweni
Abahlinzeki be-DoH abanikezwa kuFirefox bakhethwa ngokuya
Imicimbi ehlobene ne-DNS-over-HTTPS nayo ingaqashelwa
Khumbula ukuthi i-DoH ingaba wusizo ekuvimbeleni ukuvuza kolwazi mayelana namagama abasingathi aceliwe ngokusebenzisa amaseva e-DNS abahlinzeki, ukulwa nokuhlaselwa kwe-MITM kanye nokukhwabanisa kwethrafikhi ye-DNS (isibonelo, lapho uxhuma ku-Wi-Fi yomphakathi), ukuvinjwa okuphikisayo ezingeni le-DNS (DoH ayikwazi ukufaka esikhundleni se-VPN endaweni yokweqa ukuvimbela okwenziwa ezingeni le-DPI) noma ukuhlela umsebenzi uma kwenzeka kungenakwenzeka ukufinyelela ngokuqondile amaseva e-DNS (isibonelo, lapho usebenza ngommeleli). Nakuba ngokuvamile izicelo ze-DNS zithunyelwa ngokuqondile kumaseva e-DNS achazwe ekucushweni kwesistimu, esimweni se-DoH, isicelo sokunquma ikheli le-IP lomsingathi sifakwe kuthrafikhi ye-HTTPS futhi sithunyelwe kuseva ye-HTTP, lapho isixazululi sicubungula izicelo nge-. i-Web API. Izinga lamanje le-DNSSEC lisebenzisa ukubethela kuphela ukuze uqinisekise iklayenti neseva, kodwa alivikeli ithrafikhi ekungeneni futhi aliqinisekisi ukugcinwa kuyimfihlo kwezicelo.
Source: opennet.ru