KHWV DNS tam sim no muaj sim DNS txhawb dhau HTTPS

Qhov KHI DNS server developers unveiled ntau hnub dhau los koom tes nrog kev sim 9.17, kev siv ntawm kev pab txhawb nqa ntawm neeg rau zaub mov rau cov thev naus laus zis DNS dhau HTTPS (DoH, DNS dhau HTTPS) thiab DNS dhau ntawm TLS (DoT, DNS dhau TLS), ib yam li XFR.

Kev siv cov txheej txheem HTTP / 2 siv hauv DoH raws li siv nghttp2 library, uas tau suav nrog hauv cov tsim kev tiv thaiv (yav tom ntej nws tau npaj siab yuav hloov lub tsev qiv ntawv rau txoj kev xaiv raws kev xaiv).

Nrog rau kev teeb tsa kom zoo, ib qho txheej txheem muaj npe tam sim no tuaj yeem pabcuam tsis yog DNS kev thov ib txwm, tabsis tseem thov xa siv DoH (DNS dhau HTTPS) thiab DoT (DNS dhau TLS).

HTTPS tus neeg siv sab txhawb (khawb) tseem tsis tau siv, thaum XFR-dhau-TLS kev pab muaj rau cov thov tuaj thiab tawm.

Kev thov ua siv DoH thiab DoT nws tau ua haujlwm los ntawm kev ntxiv http thiab tls kev xaiv rau lub mloog-ntawm kev qhia. Txhawm rau txhawb DNS dhau HTTP unencrypted, koj yuav tsum qhia "tls tsis muaj" hauv kev teeb tsa. Cov yuam sij tau txhais hauv ntu "tls". Cov qauv network chaw nres nkoj 853 rau DoT, 443 rau DoH, thiab 80 rau DNS dhau HTTP tuaj yeem hla dhau ntawm tls-chaw nres nkoj, https-port, thiab http-port tsis tau.

Ntawm cov yam ntxwv ntawm qhov kev siv ntawm DoH hauv KHI, nws tau sau tseg tias nws muaj peev xwm hloov kev hloov encryption ua haujlwm rau TLS rau lwm tus neeg rau zaub mov, Qhov no yuav tsim nyog rau hauv cov xwm txheej uas qhov chaw khaws cia ntawm TLS daim ntawv pov thawj yog ua tiav rau lwm qhov system (piv txwv, hauv ib qho kev tsim kho hauv lub vev xaib nrog cov web servers) thiab tau mus kawm los ntawm lwm tus neeg ua haujlwm.

Txhawb rau DNS dhau HTTP unencrypted yog nqis tes los ua kom yooj yim debugging thiab raws li txheej txheej rau kev xa mus nyob rau sab hauv network, ntawm cov chaw uas encryption tuaj yeem tsim lwm tus neeg rau zaub mov. Ntawm cov neeg rau zaub mov rau tej thaj chaw deb, nginx tuaj yeem siv los ua kom muaj TLS tsheb, los ntawm cov piv txwv nrog txoj kev khi HTTPS tau tsim rau cov chaw.

Lwm cov cim yog kev sib xyaw ntawm DoH ua tus thauj dav dav, uas tuaj yeem siv tsis tsuas yog ua cov txheej txheem cov neeg thov rau tus daws teeb meem, tab sis kuj thaum sib pauv cov ntaub ntawv ntawm cov servers, hloov chaw aav siv tus sau kev tso cai ntawm DNS server, thiab ua cov kev thov kev txhawb nqa los ntawm lwm cov tsheb thauj khoom hauv DNS.

Ntawm qhov luv luv uas tuaj yeem tsim los ntawm los ntawm kev xiam oob khab nrog DoH / DoT lossis tsiv qhov hloov mus rau lwm lub server, qhov teeb meem dav dav ntawm codebase tau hais tseg- Ib cov built-in HTTP server thiab TLS cov tsev qiv ntawv yog ntxiv rau qhov muaj pes tsawg leeg, uas muaj peev xwm muaj peev xwm tiv thaiv qhov tsis zoo thiab ua raws li cov kev tawm tsam ntxiv. Tsis tas li, thaum DoH siv, kev nce tsheb nce.

Koj yuav tsum nco ntsoov tias DNS-dhau-HTTPS tuaj yeem muaj txiaj ntsig zoo kom tsis txhob muaj cov ntaub ntawv xov xwm sua haujlwm ntawm kev thov cov tswv npe los ntawm cov muab kev pabcuam 'DNS servers, tiv thaiv MITM kev tawm tsam thiab cov tsheb DNS, cov chaw tiv thaiv DNS-qib thaiv lossis npaj haujlwm ua haujlwm thaum tsis muaj peev xwm nkag ncaj qha rau DNS servers.

Yog lawm, nyob rau hauv ib qho xwm txheej, DNS thov xa ncaj qha rau cov DNS servers uas tau hais tseg hauv kev teeb tsa lub cev, tom qab ntawd, ntawm DNS dhau HTTPS, qhov kev thov los txiav txim siab IP chaw ntawm tus tswv nws yog encapsulated nyob rau hauv HTTPS kev tsheb thiab xa mus rau HTTP server, hauv kev txhim kho uas cov txheej txheem daws thov los ntawm web API.

"DNS dhau TLS" sib txawv ntawm "DNS dhau HTTPS" los ntawm kev siv tus qauv DNS raws tu qauv (feem ntau network chaw nres nkoj 853 yog siv) qhwv hauv kev sib txuas lus sib txuas lus channel tau teeb tsa siv TLS raws tu qauv nrog tus tswv tsev siv tau los ntawm TLS daim ntawv pov thawj / SSL ntawv pov thawj los ntawm ntawv pov thawj. txoj cai. 

Thaum kawg, nws tau hais tias DoH yog muaj rau kev sim hauv version 9.17.10 thiab DoT kev txhawb nqa tau nyob ib puag ncig txij li 9.17.7, ntxiv rau ib zaug ruaj khov, kev txhawb nqa rau DoT thiab DoH yuav tsiv mus rau 9.16 ceg ruaj khov.


Cov ntsiab lus ntawm tsab xov xwm ua raws li peb cov ntsiab cai ntawm kev tswj hwm kev ncaj nceesCov. Tshaj tawm ib qho yuam kev nyem no.

Yog thawj tus tuaj tawm tswv yim

Tso koj saib

Koj email chaw nyob yuav tsis tsum luam tawm. Yuav tsum tau teb cov cim nrog *

*

*

  1. Lub luag haujlwm rau cov ntaub ntawv: Miguel Ángel Gatón
  2. Lub hom phiaj ntawm cov ntaub ntawv: Tswj SPAM, kev tswj xyuas tawm tswv yim.
  3. Sau raws cai: Koj kev tso cai
  4. Kev sib txuas lus ntawm cov ntaub ntawv: Cov ntaub ntawv yuav tsis raug xa mus rau lwm tus neeg thib peb tsuas yog los ntawm kev txiav txim siab raug cai.
  5. Cov ntaub ntawv khaws cia: Cov Ntaub Ntawv khaws tseg los ntawm Occentus Networks (EU)
  6. Txoj Cai: Txhua lub sijhawm koj tuaj yeem txwv, rov qab thiab tshem tawm koj cov ntaub ntawv.