Abathuthukisi beFirefox bakhiphile ngesikhangiso ukufakwa kwemodi I-DNS ezenzakalelayo ngaphezulu kwe-HTTPS (DoH) yabasebenzisi abase-United States. Kusukela namhlanje, i-DoH inikwe amandla ngokuzenzakalela kukho konke ukufaka okusha ngabasebenzisi base-US. kanti kubasebenzisi bamanje base-US bahlelelwe ukushintshela ku-DoH emasontweni ambalwa. E-European Union nakwamanye amazwe, abakahleleli ukwenza i-DoH isebenze ngokuzenzakalela.
Abasebenzisi banenketho yokukhetha phakathi kwabahlinzeki ababili: i-Cloudflare ne-NextDNS, okungama-solvers athembekile. Ngemuva kokuvula i-DoH, bazothola isexwayiso esivumela umsebenzisi ukuthi aphume ekufinyeleleni kumaseva we-DoH DNS abuyele emuva kuhlelo lwendabuko lokuthumela izicelo ezingabetheliwe kuseva ye-DNS yomhlinzeki.
Esikhundleni sengqalasizinda esatshalalisiwe yezixazululi ze-DNS, I-DoH isebenzisa isixhumanisi sesevisi ethile ye-DoH, engathathwa njengephuzu elilodwa lokwehluleka. Umsebenzi njengamanje unikezwa ngabahlinzeki ababili be-DNS: i-CloudFlare (okuzenzakalelayo) ne-NextDNS.
Ukubethela idatha ye-DNS nge-DoH kuyisinyathelo sokuqala. OkweMozilla, edinga izinkampani ezisingatha le datha ukuthi zibe nemithetho esunguliwe, njengaleyo echazwe kuhlelo lwe-TRR, iqinisekisa ukuthi ukufinyelela kule datha akuhlukunyezwa. Ngakho-ke, kufanele.
"Kubasebenzisi abaningi, kunzima kakhulu ukwazi ukuthi izicelo zabo ze-DNS ziya kuphi nokuthi umxazululi wenzani ngazo," kusho u-Eric Rescorla, weFirefox CTO. "Uhlelo lweFirefox Trusted Recursive Resolver luvumela iMozilla ukuthi ixoxisane nabathengisi egameni layo futhi ibadinge ukuthi babe nezinqubomgomo eziqinile zobumfihlo ngaphambi kokuphatha idatha yakho ye-DNS." Siyajabula ukuthi i-NextDNS isebenzisana nathi njengoba sisebenzela abantu ukuthi baphinde bakwazi ukulawula idatha yabo nobumfihlo ku-inthanethi. "
Umshicileli uqinisekile ukuthi ngokuhlanganisa ubuchwepheshe obufanele (DoH kuleli cala) nezidingo eziqinile zokusebenza kulabo abakwenzayo, thola abalingani abahle futhi basungule izivumelwano zomthetho ezibeka phambili ubumfihlo, ngokuzenzakalela izothuthukisa ubumfihlo bomsebenzisi.
Kubalulekile ukukhumbula lokho I-DoH ingaba wusizo ekuqedeni ukuvuza kolwazi kumagama wokubamba aceliwe ngamaseva we-DNS abahlinzeki, ukulwa nokuhlaselwa kwe-MITM bese ushintsha ithrafikhi ye-DNS (ngokwesibonelo, lapho uxhuma kwi-Wi-Fi yomphakathi) futhi uphikisana nokuvinjelwa kwe-DNS (DoH) akukwazi ukufaka i-VPN endaweni yokudlula amabhulokhi asetshenzisiwe ezingeni le-DPI) noma ukuhlela umsebenzi uma kungenakwenzeka ukufinyelela ngqo kwi-DNS amaseva (ngokwesibonelo, lapho usebenza ngommeleli).
Uma ezimeni ezijwayelekile, imibuzo ye-DNS ithunyelwa ngqo kumaseva we-DNS achazwe ekucushweni kohlelo, bese kuthi ku-DoH, isicelo sokunquma ikheli le-IP lomsingathi lifakwe kuthrafikhi ye-HTTPS futhi sithunyelwe kuseva ye-HTTP lapho izinqubo zokuxazulula izicelo zisebenzisa i-web API. Izinga elikhona le-DNSSEC lisebenzisa ukubethela kuphela ukuqinisekiswa kwamakhasimende neseva.
Ukusetshenziswa kwe-DoH kungadala izinkinga ezindaweni ezinjengezinhlelo zokulawulwa kwabazali, ukufinyelela kuzikhala zamagama zangaphakathi ezinhlelweni zebhizinisi, Ukukhethwa kwendlela ezinhlelweni zokuthuthukisa ukulethwa kokuqukethwe kanye nokuhambisana nemiyalo yenkantolo yokulwa nokusabalala kokuqukethwe okungekho emthethweni nokuxhashazwa kwabancane.
Ukuthola izinkinga ezinjalo, uhlelo lokuqinisekisa selusetshenzisiwe futhi lwahlolwa olukhubaza ngokuzenzakalela i-DoH ngaphansi kwezimo ezithile.
Ukwenza ushintsho noma ukwenziwa kungasebenzi komhlinzeki we-DoH kungaba lapho kumiswa ukuxhumana kwenethiwekhi. Isibonelo, ungacacisa enye iseva ye-DoH ukufinyelela amaseva we-Google, cishe ku: config.
Inani le-0 likhubaza ngokuphelele, ngenkathi i-1 isetshenziselwa ukunika amandla ukuthi yikuphi okushesha kakhulu, i-2 isebenzisa amanani azenzakalelayo futhi nge-DNS yokusekelayo, i-3 isebenzisa i-DoH ne-4 kuphela ukusebenzisa imodi yesibuko lapho i-DoH ne-DNS zisetshenziswa khona ngokufana .