DNS加密介绍及浏览器启用DNS over Https

DNS加密方式


DNS over HTTPS : 通过443端口传输加密的DNS
DNS over TLS: 通过853端口传输加密的DNS
Dnscrypt: 第三方开发,客户端需要导入公钥,使用的人较少
DNSSEC: 只能防止篡改IP,不能加密数据

普通用户推荐DNS over HTTPS


DNS over TLS由于使用853端口,很容易被中间人阻断,掉落到53端口而使加密失效.
DNS over TLS恶意流量容易被防御,网站维护方通常愿意选择这种方式.
对于普通用户,隐私更加重要,DNS over HTTPS使用443端口,基本不会被阻断.
(不排除你的域名会如google一样在大陆享受最高待遇)

浏览器启用DNS over HTTPS


chrome设置DNS over HTTPS


chrome67版本(推荐78版本)已经可以使用DNS over HTTPS,直接设置即可
chrome://flags/#dns-over-https

firefox设置DNS over HTTPS


firefox62已经可以使用DNS over HTTPS
打开about:config , 修改下面参数
network.trr.mode = 3
network.trr.uri = https://mozilla.cloudflare-dns.com/dns-query

Android设置DNS over TLS


Android 9直接设置私有DNS

支持DNS over HTTPS的服务商


  • Cloudflare: https://cloudflare-dns.com/dns-query
  • Google RFC 8484: https://dns.google/dns-query
  • Google JSON API: https://dns.google/resolve
  • Secure DNS EU: https://doh.securedns.eu/dns-query
  • Quad 9: https://dns.quad9.net/dns-query
  • Quad101: https://dns.twnic.tw/dns-query
  • dns.sb: https://doh.sb/dns-query
  • Cloudflare Tor: https://dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion/dns-query

几个亚洲的DoH地址推荐


  • https://doh-jp.blahdns.com/dns-query #日本linode
  • https://asia.dnscepat.id/dns-query #日本linode
  • https://public.dns.iij.jp/dns-query #日本iij
  • https://doh.eastas.pi-dns.com/dns-query #日本choopa
  • https://doh.mullvad.net/dns-query #需要自定义23.89.5.60

使用IP地址访问的DoH(推荐)


换来换去还是cloudflare的IP地址靠谱,推荐
  • https://185.222.222.222/dns-query
  • https://45.11.45.11/dns-query
  • https://1.1.1.1/dns-query
  • https://1.0.0.1/dns-query
  • https://162.159.36.1/dns-query
  • https://162.159.46.1/dns-query
  • https://2606:4700:4700:0000:0000:0000:0000:1111/dns-query
  • https://2606:4700:4700:0000:0000:0000:0000:1001/dns-query
  • https://2606:4700:4700:0000:0000:0000:0000:0064/dns-query
  • https://2606:4700:4700:0000:0000:0000:0000:6400/dns-query

DoH JSON API


  • https://8.8.8.8/resolve?name=example.com&type=a
  • https://8.8.4.4/resolve?name=example.com&type=a
  • https://9.9.9.9:5053/dns-query?name=example.com&type=a
  • https://185.222.222.222/dns-query?ct=application/dns-json&name=example.com&type=a
  • https://45.11.45.11/dns-query?ct=application/dns-json&name=example.com&type=a

参考网站:
https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
https://en.wikipedia.org/wiki/DNS_over_HTTPS
https://kb.adguard.com/en/general/dns-providers
https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation
https://developers.cloudflare.com/1.1.1.1/other-ways-to-use-1.1.1.1/dns-over-tor#setting-up-a-tor-client

此处评论已关闭