Google mayelana nokuqala kokufakwa ngezigaba (DoH, DNS phezu kwe-HTTPS) kubasebenzisi be-Chrome 85 abasebenzisa inkundla ye-Android. Imodi izovulwa kancane kancane, ihlanganise abasebenzisi abengeziwe. Ngaphambilini ku Ukunika amandla i-DNS-over-HTTPS kubasebenzisi bedeskithophu sekuqalile.
I-DNS-over-HTTPS izosebenza ngokuzenzakalela kubasebenzisi labo izilungiselelo zabo ezicacisa abahlinzeki be-DNS abasekela lobu buchwepheshe (ku-DNS-over-HTTPS umhlinzeki ofanayo osetshenziswa njenge-DNS). Isibonelo, uma umsebenzisi ene-DNS 8.8.8.8 ecaciswe kuzilungiselelo zesistimu, isevisi ye-Google ye-DNS-over-HTTPS (“https://dns.google.com/dns-query”) izokwenziwa isebenze ku-Chrome uma i-DNS ithi 1.1.1.1 , bese kuba isevisi ye-DNS-over-HTTPS Cloudflare (“https://cloudflare-dns.com/dns-query”), njll.
Ukuze kuqedwe izinkinga ngokuxazulula amanethiwekhi e-intranethi ezinkampani, i-DNS-over-HTTPS ayisetshenziswa uma kunqunywa ukusetshenziswa kwesiphequluli kumasistimu aphethwe emaphakathi. I-DNS-over-HTTPS iphinde ingasebenzi lapho kufakwa amasistimu okulawula abazali. Esimeni sokwehluleka ekusebenzeni kwe-DNS-over-HTTPS, kungenzeka ukuhlehlisa izilungiselelo ku-DNS evamile. Ukulawula ukusebenza kwe-DNS-over-HTTPS, izinketho ezikhethekile zengezwe kuzilungiselelo zesiphequluli ezikuvumela ukuthi ukhubaze i-DNS-over-HTTPS noma ukhethe umhlinzeki ohlukile.
Masikhumbule ukuthi i-DNS-over-HTTPS ingaba wusizo ekuvimbeleni ukuvuza kolwazi mayelana namagama aceliwe osokhaya ngokusebenzisa amaseva e-DNS abahlinzeki, ukulwa nokuhlaselwa kwe-MITM kanye nokukhwabanisa kwethrafikhi ye-DNS (isibonelo, uma uxhuma ku-Wi-Fi yomphakathi), ukubala. ukuvimbela kuvuliwe ezingeni le-DNS (i-DNS-over-HTTPS ayikwazi ukufaka esikhundleni i-VPN ekuvimbeni ngokudlula okusetshenziswa ezingeni le-DPI) noma ngokuhlela umsebenzi lapho kungenakwenzeka ukufinyelela ngokuqondile amaseva e-DNS (isibonelo, uma usebenza ngommeleli). Uma esimweni esivamile izicelo ze-DNS zithunyelwa ngokuqondile kumaseva e-DNS achazwe ekucushweni kwesistimu, khona-ke esimweni se-DNS-over-HTTPS isicelo sokunquma ikheli le-IP lomsingathi sifakwe kuthrafikhi ye-HTTPS futhi sithunyelwa kuseva ye-HTTP, lapho isixazululi sicubungula izicelo nge-Web API. Izinga elikhona le-DNSSEC lisebenzisa ukubethela kuphela ukuze uqinisekise iklayenti neseva, kodwa alivikeli ithrafikhi ekungeneni futhi aliqinisekisi ukugcinwa kuyimfihlo kwezicelo.
Source: opennet.ru