An ƙaddamar da masu haɓaka uwar garken DNS kwanaki da suka wuce shiga reshen gwaji 9.17, aiwatar da goyon bayan sabar don fasaha DNS akan HTTPS (DoH, DNS akan HTTPS) da DNS akan TLS (DoT, DNS akan TLS), da XFR.
Aiwatar da yarjejeniyar HTTP / 2 da aka yi amfani da ita a cikin DoH dogara ne akan amfani da ɗakin karatu na nghttp2, wanda aka haɗa a cikin abubuwan dogaro (a nan gaba an shirya shi don canja wurin laburaren zuwa masu dogaro da zaɓi).
Tare da daidaitawa mai kyau, tsari mai suna guda ɗaya yanzu ba sabis kawai na DNS yake buƙata ba, har ma buƙatun da aka aika ta amfani da DoH (DNS akan HTTPS) da DoT (DNS akan TLS).
Har yanzu ba a aiwatar da tallafin abokin ciniki na HTTPS ba (dig) yayin da tallafin XFR-over-TLS ya kasance don buƙatun shigowa da masu fita.
Gudanar da buƙatun ta amfani da DoH da DoT ana kunna ta ta ƙara zaɓin http da tls a cikin umarnin saurara. Don tallafawa DNS akan HTTP ba a ɓoye ba, dole ne a saka "tls babu" a cikin tsarin. An bayyana maɓallai a cikin ɓangaren "tls". Tashar tashoshin yanar gizo na yau da kullun 853 don DoT, 443 don DoH, da 80 don DNS akan HTTP za a iya shawo kan su ta hanyar tls-port, https-port, da http-port sigogi.
Daga cikin siffofin na aiwatar da DoH a ɗaure, an lura cewa yana yiwuwa a canja wurin ayyukan ɓoye na TLS zuwa wani sabar, Wannan na iya zama dole a cikin yanayin da ake yin ajiyar takaddun shaida na TLS akan wani tsarin (alal misali, a cikin kayan aiki tare da sabar yanar gizo) kuma sauran ma'aikata ke halarta.
Taimako don Ana aiwatar da DNS akan HTTP wanda ba a ɓoye ba don sauƙaƙe ƙuduri kuma a matsayin Layer don turawa akan hanyar sadarwar cikin gida, akan hakan ne za'a iya shirya ɓoye a wani sabar. A kan sabar da ke nesa, ana iya amfani da nginx don samar da zirga-zirgar TLS, ta hanyar kwatankwacin yadda HTTPS ke haɗa abubuwa don shafuka.
Wani fasalin shine hadewar DoH azaman babban jigilar kaya, wanda za a iya amfani dashi ba kawai don aiwatar da buƙatun abokin ciniki ga mai warwarewa ba, har ma lokacin musayar bayanai tsakanin sabobin, canja wurin yankuna ta amfani da uwar garken DNS mai ƙarfi, da kuma sarrafa duk buƙatun da wasu abubuwan jigilar DNS ke tallafawa.
Daga cikin gazawar da za a iya samu ta hanyar katse tattarawa tare da DoH / DoT ko matsar da ɓoye zuwa wani sabar, an nuna mahimmancin rikitarwa na lambar tushe- An saka uwar garken HTTP da ɗakin karatu na TLS a cikin abun, wanda zai iya ƙunsar raunin aiki kuma yayi aiki azaman ƙarin mayaƙan hari. Hakanan, lokacin da ake amfani da DoH, zirga-zirga ya ƙaru.
Dole ku tuna da hakan DNS-over-HTTPS na iya zama da amfani don kauce wa bayanan sirri syi aiki a kan sunayen masu buƙata ta hanyar sabobin DNS na masu ba da sabis, yaƙi da hare-haren MITM da zirga-zirgar DNS, ƙuntatawa toshe matakin DNS ko don tsara aiki idan ba zai yiwu ba kai tsaye zuwa sabobin DNS.
Haka ne, a cikin yanayi na al'ada, ana aika buƙatun DNS kai tsaye zuwa ga sabobin DNS da aka bayyana a cikin tsarin tsarin, to, a cikin yanayin DNS akan HTTPS, buƙatar ƙayyade adireshin IP na mai watsa shiri an sanya shi a cikin zirga-zirgar HTTPS kuma an aika shi zuwa sabar HTTP, wanda mai warwarewa ke aiwatarwa yana buƙata ta hanyar yanar gizo API.
"DNS kan TLS" ya bambanta da "DNS akan HTTPS" ta amfani da daidaitattun ladabi na DNS (yawanci ana amfani da tashar tashar yanar gizo 853) a nannade cikin tashar sadarwa da aka ɓoye ta hanyar amfani da yarjejeniyar TLS tare da ingantaccen mai amfani ta hanyar takaddun TLS / SSL da aka tabbatar da takaddun shaida. hukuma.
A ƙarshe, an ambaci hakan DoH yana nan don gwaji a cikin sigar 9.17.10 kuma tallafin DoT ya kasance tun daga 9.17.7, sannan da zarar an daidaita shi, tallafi ga DoT da DoH zasu koma zuwa 9.16 reshe mai karko.