Ngemuva kweMozilla, I-Google imemezele inhloso yayo yokwenza isivivinyo sokuhlola Ukuqaliswa kwesiphequluli se-Chrome nge «I-DNS ngaphezulu kwe-HTTPS » (DoH, DNS ngaphezulu kwe-HTTPS). Ngokukhishwa kwe-Chrome 78, kuhlelwe u-Okthoba 22.
Ezinye izigaba zabasebenzisi ngokuzenzakalela zizokwazi ukubamba iqhaza ekuhlolweni Ukwenza i-DoH isebenze, abasebenzisi kuphela abazobamba iqhaza ekucushweni kwesistimu kwamanje, okwaziwa abahlinzeki abathile be-DNS abasekela i-DoH.
Uhlu olumhlophe lomhlinzeki we-DNS lubandakanya nezinsizakalo ze I-Google, i-Cloudflare, i-OpenDNS, i-Quad9, i-Cleanbrowsing ne-DNS.SB. Uma izilungiselelo ze-DNS zomsebenzisi zicacisa eyodwa yamaseva we-DNS angenhla, i-DoH ku-Chrome izonikwa amandla ngokuzenzakalela.
Kulabo abasebenzisa amaseva we-DNS ahlinzekwa ngumhlinzeki wesevisi ye-Intanethi wendawo, konke kuzohlala kungashintshiwe futhi ukulungiswa kwesistimu kuzoqhubeka nokusetshenziselwa imibuzo ye-DNS.
Umehluko obalulekile ekusetshenzisweni kwe-DoH kuFirefox, lapho ukufakwa kancane kancane kwe-DoH ezenzakalelayo izoqala ekupheleni kukaSepthemba, ukungabi nokuxhumanisa nensizakalo eyodwa ye-DoH.
Uma iFirefox isebenzisa iseva ye-CloudFlare DNS ngokuzenzakalela, i-Chrome izobuyekeza kuphela indlela yokusebenza ne-DNS kusevisi efanayo, ngaphandle kokushintsha umhlinzeki we-DNS.
Uma ufisa, umsebenzisi anganika amandla noma akhubaze i-DoH usebenzisa izilungiselelo ze- "chrome: // flags / # dns-over-https". Yini enye izindlela ezintathu zokusebenza zisekelwa "Kuphephile", "kuyazenzakalela" futhi "kuvaliwe".
- Kumodi "ephephile", abasingathi banqunywa kuphela ngokuya ngamanani aphephile afakwe kunqolobane ngaphambilini (atholwe ngokuxhumeka okuphephile) nezicelo nge-DoH, ukubuyela emuva ku-DNS ejwayelekile akusetshenziswanga.
- Kumodi "ezenzakalelayo", uma i-DoH kanye nesilondolozi esivikelekile zingatholakali, kungenzeka ukuthola idatha kusuka kunqolobane engaphephile futhi uyifinyelele nge-DNS yendabuko.
- Kumodi "yokuvala", isilondolozi esijwayelekile sihlolwa kuqala futhi, uma kungekho datha, isicelo sithunyelwa nge-DNS yohlelo. Imodi isethwe ngamasethingi e-kDnsOverHttpsMode kanye nethempulethi yokwenza imephu yeseva nge-kDnsOverHttpsTemplates.
Ukuzama ukunika amandla i-DoH kuzokwenziwa kuzona zonke izingxenyekazi ezisekelwayo ku-Chrome, ngaphandle kweLinux ne-iOS, ngenxa yesimo esingelutho sokuhlaziywa kokulungiswa kwesixazululi nokufinyelela okulinganiselwe ekucushweni kohlelo lwe-DNS.
Uma kwenzeka ukuthi ngemuva kokunika amandla i-DoH kube khona ukwehluleka ukuthumela izicelo kuseva ye-DoH (ngokwesibonelo ngenxa yokuphahlazeka kokuxhumeka kwenethiwekhi, ukwehluleka noma ukwehluleka), isiphequluli sizobuyisela ngokuzenzakalela izilungiselelo zohlelo lwe-DNS.
Inhloso yalolu cwaningo ukuphothula ukuqaliswa kwe-DoH nokuhlola umthelela wohlelo lwe-DoH ekusebenzeni.
Kumele kuqashelwe ukuthi, empeleni, ukuxhaswa kweDoH kungezwe kwikhodi ye-Chrome ngoFebhuwari, kepha ukumisa nokunika amandla i-DoH, i-Chrome bekufanele iqalise ngefulegi elikhethekile nangesethi yezinketho ezingabonakali.
Kubalulekile ukwazi lokho I-DoH ingaba wusizo ekuqedeni ukuvuza kwemininingwane yegama lomethuleli iceliwe ngamaseva e-DNS abahlinzeki, ukulwa nokuhlaselwa kwe-MITM bese ushintsha ithrafikhi ye-DNS (ngokwesibonelo, lapho uxhuma kwi-Wi-Fi yomphakathi) nokuvimbela ukuvinjelwa kwezinga le-DNS (DoH) akukwazi ukufaka i-VPN endaweni yokugwema amabhlogo asetshenzisiwe ezingeni le-DPI) noma ukuhlela umsebenzi uma kungenakwenzeka ukufinyelela ngqo kumaseva e-DNS (ngokwesibonelo, lapho usebenza ngommeleli).
Uma ezimeni ezijwayelekile, imibuzo ye-DNS ithunyelwa ngqo kumaseva we-DNS achazwe ekucushweni kohlelo, bese kuthi ku-DoH, isicelo sokunquma ikheli le-IP lomsingathi lifakwe kuthrafikhi ye-HTTPS futhi sithunyelwe kuseva ye-HTTP lapho izinqubo zokuxazulula izicelo zisebenzisa i-web API.
Izinga elikhona le-DNSSEC lisebenzisa ukubethela kuphela ukuqinisekiswa kwamakhasimende neseva.