Vagadziri veFirefox vaburitsa kuburikidza neshambadziro kuiswa kweiyo modhi Default DNS pamusoro peHTTPS (DoH) yevashandisi muUnited States. Kubva nhasi, DoH inogoneswa nekutadza pazvinhu zvese zvitsva zvinoshandiswa nevashandisi veUS. nepo kuvashandisi vazvino veUS varongedzerwa kuchinjira kuDoH mumavhiki mashoma. MuEuropean Union nedzimwe nyika, havasati varonga kuita DoH nekutadza.
Vashandisi vane sarudzo yekusarudza pakati pevapi vaviri: Cloudflare uye NextDNS, dzinovimbiswa solvers. Mushure mekumisikidza DoH, ivo vanogashira yambiro iyo inobvumidza mushandisi kusarudza kubuda munzvimbo dzepakati dzeDoH DNS maseva uye kudzokera kuchirongwa chetsika kutumira zvikumbiro zvisina kunyorwa kumupi weDNS server.
Panzvimbo pekuparadzirwa kwezvivakwa zveDNS resolutioners, DoH inoshandisa chinongedzo kune yakasarudzika DoH sevhisi, iyo inogona kutariswa seimwe poindi yekutadza. Basa iri parizvino rinopihwa kuburikidza vaviri DNS vanopa: CloudFlare (default) uye NextDNS.
Kunyora DNS data neDoH ingori nhanho yekutanga. ZveMozilla, inoda kuti makambani anobata iyi data ave nemitemo yakagadzwa, senge iya inotsanangurwa muchirongwa cheTRR, inoona kuti kuwana kweiyi data hakushandiswi. Naizvozvo, inofanirwa.
"Kune vazhinji vashandisi, zvinonetsa kwazvo kuziva kuti zvikumbiro zvavo zveDNS zviri kuenda kupi uye izvo zvakagadziriswa naanogadzirisa," akadaro Eric Rescorla, CTO weFirefox. "Chirongwa cheFirefox Trusted Recursive Resolver chirongwa chinobvumira Mozilla kutaurirana nevatengesi pachinzvimbo chavo uye inoda kuti vave nemitemo yakasimba yekuvanzika vasati vabata data reDNS." "Tinofara kuti NextDNS iri kubatana nesu pabasa redu kubatsira vanhu kuti vadzokere zvakare kutonga kwavo uye zvakavanzika pamhepo."
Muparidzi anogutsikana izvozvo nekubatanidza tekinoroji chaiyo (DoH mune ino kesi) uye zvinoda kushanda zvakanyanya kune avo vanoishandisa, tsvaga shamwari dzakanaka uye ugadzire zvibvumirano zviri pamutemo izvo zvinokoshesa zvakavanzika, nekutadza ichavandudza kuvanzika kwevashandisi.
Izvo zvakakosha kuti urangarira izvo DoH inogona kubatsira kubvisa kubuda kweruzivo pane mazita evaenzi akakumbirwa kuburikidza nemaseva eDNS evanopa, kurwisa MITM kurwisa uye kutsiva DNS traffic (semuenzaniso, kana uchibatana neruzhinji rweWi-Fi) uye inopikisa DNS (DoH) ichivharira haigone kutsiva VPN munzvimbo yekudzivirira mabhuroko anoitwa padanho reDPI) kana kuronga basa kana zvisingaite kuwana zvakananga DNS sevha (semuenzaniso, kana uchishanda kuburikidza neye proxy).
Kana zviri mumamiriro ezvinhu akajairika, mibvunzo yeDNS inotumirwa yakananga kumaseva eDNS akatsanangurwa musystem system, saka mune iyo DoH, chikumbiro chekuona iyo inomiririra IP kero yakavharirwa muHTTPS traffic uye inotumirwa kune server HTTP umo iyo kugadzirisa matanho zvikumbiro kuburikidza newebhu webhu. Iyo iripo DNSSEC standard inoshandisa kunyorera chete kune mutengi uye server sosi.
Iko kushandiswa kweDoH kunogona kukonzera matambudziko munzvimbo dzakaita sevabereki kudzora masystem, kuwana nzvimbo dzemazita dzemukati mumahurongwa emakambani, nzira yekusarudzika mune zvemukati kuendesa optimization masisitimu uye kutevedzwa nematare edzimhosva ekurwisa kupararira kwezvinhu zvisiri pamutemo uye kushandiswa kwevana vadiki.
Kuti utenderere kumatambudziko akadaro, sisitimu yekuongorora yakaitwa uye kuyedzwa iyo inoremadza DoH pasi pemamwe mamiriro.
Kuita shanduko kana kumisikidza kweye DoH mupi inogona kuve mune yekugadziriswa kweiyo network yekubatanidza. Semuenzaniso, unogona kudoma imwe seDoH server kuti uwane maseva eGoogle, mune: config.
Iko kukosha kwe0 kunoremadza zvachose, nepo 1 ichishandiswa kugonesa chero chipi chinokurumidza, 2 inoshandisa iyo yakasarudzika tsika uye ne backup DNS, 3 inongoshandisa DoH ne4 kushandisa girazi maitiro ayo DoH neDNS anoshandiswa zvakafanana .