Inkampani yeMozilla isivumelwano nabahlinzeki besithathu be-DNS phezu kwe-HTTPS (DoH, DNS phezu kwe-HTTPS) yeFirefox. Ngaphezu kwamaseva e-DNS anikezwe ngaphambilini i-CloudFlare (“https://1.1.1.1/dns-query”) kanye (), isevisi ye-Comcast izophinda ifakwe kuzilungiselelo (https://doh.xfinity.com/dns-query). Vula i-DoH bese ukhetha kumasethingi okuxhumana kwenethiwekhi.
Masikhumbule ukuthi iFirefox 77 ifake i-DNS phezu kokuhlolwa kwe-HTTPS lapho iklayenti ngalinye lithumela izicelo zokuhlolwa eziyi-10 futhi likhetha ngokuzenzakalelayo umhlinzeki we-DoH. Lokhu kuhlola kudingeke ukuthi kukhutshazwe ekukhishweni , njengoba iphenduke uhlobo lokuhlasela kwe-DDoS kusevisi ye-NextDNS, engakwazi ukubhekana nomthwalo.
Abahlinzeki be-DoH abanikezwa kuFirefox bakhethwa ngokuya kuzixazululi ezithembekile ze-DNS, ngokuya ngokuthi u-opharetha we-DNS angasebenzisa idatha etholiwe ukuze axazulule kuphela ukuze aqinisekise ukusebenza kwesevisi, akumele agcine izingodo amahora angaphezu kwama-24, akakwazi ukudlulisa idatha kwabanye abantu, futhi kudingeka adalule ulwazi. mayelana nezindlela zokucubungula idatha. Isevisi kufanele futhi izibophezele ukuthi ngeke ihlole, ihlunge, iphazamise, noma ivimbe ithrafikhi ye-DNS, ngaphandle uma kudingwa umthetho.
Imicimbi ehlobene ne-DNS-over-HTTPS nayo ingaqashelwa I-Apple izosebenzisa ukwesekwa kwe-DNS-over-HTTPS ne-DNS-over-TLS ekukhishweni okuzayo kwe-iOS 14 ne-macOS 11, kanye ukusekelwa kwezandiso ze-WebExtension ku-Safari.
Khumbula ukuthi i-DoH ingaba wusizo ekuvimbeleni ukuvuza kolwazi mayelana namagama abasingathi aceliwe ngokusebenzisa amaseva e-DNS abahlinzeki, ukulwa nokuhlaselwa kwe-MITM kanye nokukhwabanisa kwethrafikhi ye-DNS (isibonelo, lapho uxhuma ku-Wi-Fi yomphakathi), ukuvinjwa okuphikisayo ezingeni le-DNS (DoH ayikwazi ukufaka esikhundleni se-VPN endaweni yokweqa ukuvimbela okwenziwa ezingeni le-DPI) noma ukuhlela umsebenzi uma kwenzeka kungenakwenzeka ukufinyelela ngokuqondile amaseva e-DNS (isibonelo, lapho usebenza ngommeleli). Nakuba ngokuvamile izicelo ze-DNS zithunyelwa ngokuqondile kumaseva e-DNS achazwe ekucushweni kwesistimu, esimweni se-DoH, isicelo sokunquma ikheli le-IP lomsingathi sifakwe kuthrafikhi ye-HTTPS futhi sithunyelwe kuseva ye-HTTP, lapho isixazululi sicubungula izicelo nge-. i-Web API. Izinga lamanje le-DNSSEC lisebenzisa ukubethela kuphela ukuze uqinisekise iklayenti neseva, kodwa alivikeli ithrafikhi ekungeneni futhi aliqinisekisi ukugcinwa kuyimfihlo kwezicelo.
Source: opennet.ru