您(Did)听说过DNS over HTTPS吗?你想知道什么是DoH吗?为什么这个加密DNS请求的新(DNS)安全标准(security standard)很重要,为什么要使用它?在本指南中,我们将回答所有这些问题,并向您展示如何在当今最流行的网络浏览器(web browser today)Google Chrome中启用(Google Chrome)基于(HTTPS)HTTPS的DNS。有很多地方需要覆盖,所以让我们开始吧:
什么是基于HTTPS的DNS或安全 DNS 查找(HTTPS or Secure DNS lookups)?
DNS over HTTPS,简称 DoH,是一种允许通过 HTTPS 协议进行安全 DNS 查找的协议。(DNS over HTTPS, or DoH, in short, is a protocol that allows secure DNS lookups over the HTTPS protocol.)这听起来既复杂又奇怪,不是吗?事实上,事实并非如此,我们将解释原因:
HTTPS是HTTP 协议(HTTP protocol)的改进和更安全的版本。HTTP或超文本传输协议(Hypertext Transfer Protocol)是在万维网(World Wide Web)上传输数据的基础。简而言之,HTTP是网站用于工作和操作的协议。HTTPS是HTTP的安全版本,它使网站更加安全。它还使恶意方更难拦截通信,因为它会加密流量。
DNS是一种标准,可将 Internet 上网站的 IP 地址转换为我们人类可读且更易于理解和记忆的东西。例如,我们都知道要访问Google,我们必须在网络浏览器(web browser)的地址栏中输入 google.com 。但是,您正在使用的计算机或设备(computer or device)会将该地址(google.com)转换为对机器更友好的地址,例如,可以是 172.217.19.110 之类的地址。DNS处理将网站的人类可读名称转换为机器可读形式的过程。不幸的是,DNS并没有以安全的方式执行此操作(secure manner),因此整个过程对任何怀有恶意并知道(intent and knowledge)如何破坏您的信息的人开放。有关DNS的更多详细信息,请阅读:什么是DNS?如何在Windows中查看我的(Windows)DNS设置?
由于DNS的设计方式,尽管网站如果使用HTTPS会更安全,但黑客或您与网站之间的任何人都可以窃听您正在访问的网站或您在网络上寻找的内容。这可以是您的互联网服务提供商(service provider),但也可以是控制您刚刚连接的公共Wi-Fi的人。(Wi-Fi)
(DNS)HTTPS上的(HTTPS)DNS将改变这个安全漏洞(security hole),并对将网站名称转换为 IP 地址的整个过程进行加密。DoH 或基于 HTTPS 的 DNS 是负责加密您的网络浏览器和您访问的网站之间的连接的事情之一。(DoH or DNS over HTTPS is one of the things that are responsible for encrypting the connections between your web browser and the websites you visit.)
如何在Windows、Mac、Chrome OS和Android上的(Android)Google Chrome中启用(Google Chrome)基于(HTTPS)HTTPS的DNS
无论(Regardless)您使用的是 Windows、Mac、Chrome OS还是Android ,在(Android)Google Chrome中启用DNS over HTTPS ( DoH )的步骤都是相同的,只是有一些视觉差异。为简单起见,我们使用仅在Windows 10上的(Windows 10)Chrome中截取的屏幕截图。要启用DoH,请打开Google Chrome并在其地址栏中(address bar)输入chrome://flags/#dns-over-https。然后,按键盘上的Enter 。
您会看到一个页面,其中包含Google Chrome中可用的实验性功能和设置。第一个应该称为安全 DNS 查找(Secure DNS lookups)。在它下面,谷歌(Google)解释说此设置“通过 HTTPS 启用 DNS。启用此功能后,您的浏览器可能会尝试使用安全的 HTTPS 连接来查找网站和其他网络资源的地址。-Mac、Windows、Chrome OS、安卓”("Enables DNS over HTTPS. When this feature is enabled, your browser may try to use a secure HTTPS connection to look up the addresses of websites and other web resources. – Mac, Windows, Chrome OS, Android")。单击(Click)或点击右侧的按钮,该按钮应显示“默认”。("Default.")
从显示的选项列表中,选择Enabled。
一旦您启用DNS over HTTPS 设置(HTTPS setting),谷歌浏览器(Google Chrome)就会要求您重新启动(Relaunch)它,以便它可以应用更改。单击(Click)或点击重新启动(Relaunch)按钮或关闭并重新打开Google Chrome。
现在, Google Chrome已配置为尽可能使用基于 HTTPS(HTTPS)的DNS。然而,这并不意味着你现在是安全的。请继续阅读以了解您应该采取以下哪些步骤。
注意:(NOTE:)在iOS 版Chrome中,此功能尚不可用。
更改Windows PC 上的DNS服务器(DNS)
并非所有 Internet 服务提供商都支持 DoH(Not all Internet Service Providers support DoH),只有少数公共DNS服务器支持。公共 DNS 服务器的两个最佳提供商是 Google 和 Cloudflare。(best providers of public DNS servers are Google and Cloudflare.)除非您的互联网服务提供商(internet service provider)已经通过HTTPS提供对DNS的支持,否则Google 和 Cloudflare(Google and Cloudflare)的DNS服务器是您的最佳选择。Google 的公共 DNS 服务器(Google's public DNS servers)IP 地址是8.8.8.8 和 8.8.4.4(8.8.8.8 and 8.8.4.4),而Cloudflare 的公共 DNS 服务器(Cloudflare's public DNS servers)IP 地址是1.1.1.1 和 1.0.0.1(1.1.1.1 and 1.0.0.1)。如果您不知道如何更改您的DNS服务器Windows,请按照我们在此处详述的步骤操作:通过 3 个步骤更改Windows PC使用的DNS服务器。
在Windows 10(Windows 10)中快速执行此操作的方法是打开“设置”应用(Settings app),转到“网络和 Internet”(Network & Internet) -> “更改适配器选项(Change adapter options)”,双击或双击您的网络连接(network connection),然后按“属性(Properties)”按钮。然后,双击或双击Internet Protocol version 4 (TCP/IPv4),标记“使用以下 DNS 服务器地址”("Use the following DNS server address")并输入我们前面提到的Google 或 Cloudflare(Google or Cloudflare)公共DNS服务器的 IP 地址。
将DNS服务器设置为支持DNS over HTTPS的服务器后,您应该已准备就绪。剩下的就是让您检查DoH是否真的在您的计算机或设备(computer or device)上工作。
如何测试基于HTTPS的(HTTPS)DNS在Google Chrome中是否有效
要检查DoH是否在您的Google Chrome中工作,请打开它,然后访问Cloudflare 的浏览体验安全检查网页(Cloudflare's Browsing Experience Security Check webpage)。按橙色的检查我的浏览器(Check My Browser) 按钮并等待(button and wait)测试完成。
如果安全 DNS(Secure DNS)测试标记为绿色并显示“您正在使用加密的 DNS 传输 [...]”,("You are using encrypted DNS transport [...],")那么您已成功为设备上的 Google Chrome 配置了基于(Google Chrome)HTTPS的(HTTPS)DNS。
而已!
您是否(Did)在Google Chrome中打开了基于HTTPS的(HTTPS)DNS?
如您所见,基于 HTTPS(HTTPS)的DNS是一个非常重要的协议,许多具有安全意识的人都在等待实现。幸运的是,谷歌浏览器(Google Chrome)现在支持DoH,并且启用它并不难,尽管它确实需要几个步骤。您是否(Did)在Google Chrome中启用了基于HTTPS的(HTTPS)DNS?你(Did)有遇到什么问题吗?在下面发表评论,让我们解决它们。
What is DNS over HTTPS or Secure DNS lookups? Enable it in Google Chrome!
Did you heаr about DNS over HTTPS? Do yoυ want to know what DoH is? Why this new security stаndard thаt encrypts DNS rеquests is important, and why you should uѕe it? In this guide, we answer all these qυestions, and show you how to enable DNS over HTTPS in Google Chrome, which is the most popular web browser today. There's plentу of ground to cover, so let's get started:
What is DNS over HTTPS or Secure DNS lookups?
DNS over HTTPS, or DoH, in short, is a protocol that allows secure DNS lookups over the HTTPS protocol. It sounds complicated and strange, doesn't it? In fact, it is not, and we're going to explain why:
HTTPS is an improved and more secure version of the HTTP protocol. HTTP, or Hypertext Transfer Protocol, is the base on which data is transferred on the World Wide Web. In much simpler words, HTTP is a protocol used by websites to work and operate. HTTPS is the secure version of HTTP, which allows websites to be more secure. It is also makes it harder for malicious parties to intercept communications because it encrypts traffic.
DNS is a standard that translates the IP addresses of the websites on the internet into something readable and easier to understand and remember for us humans. For example, we all know that to visit Google, we have to enter google.com in the address bar of the web browser. However, the computer or device on which you're working on translates that address - google.com - into something more machine-friendly, which can be, for example, an address like 172.217.19.110. DNS handles the process of translating the human-readable name of a website into the machine-readable form. Unfortunately, DNS doesn't do this in a secure manner, so the entire process is open to anyone with malicious intent and knowledge on how to compromise your information. For more details about DNS, read: What is DNS? How do I see my DNS settings in Windows?.
Because of the way DNS is designed, although websites can be more secure if they use HTTPS, hackers or anyone that is between you and the websites can eavesdrop on what websites you're visiting or what you are looking for on the web. That can be your internet service provider, but it can also be someone who has taken control of the public Wi-Fi to which you just connected.
DNS over HTTPS is going to change this security hole and encrypt the whole process that translates the names of the websites into IP addresses. DoH or DNS over HTTPS is one of the things that are responsible for encrypting the connections between your web browser and the websites you visit.
How to enable DNS over HTTPS in Google Chrome on Windows, Mac, Chrome OS, and Android
Regardless of whether you use Windows, Mac, Chrome OS, or Android, the steps to enable DNS over HTTPS (DoH) in Google Chrome are the same, with a few visual differences. To keep things simple, we're using screenshots taken only in Chrome on Windows 10. To enable DoH, open Google Chrome and, in its address bar, type chrome://flags/#dns-over-https. Then, press Enter on your keyboard.
You are shown a page full of experimental features and settings available in Google Chrome. The first one should be called Secure DNS lookups. Under it, Google explains that this setting "Enables DNS over HTTPS. When this feature is enabled, your browser may try to use a secure HTTPS connection to look up the addresses of websites and other web resources. – Mac, Windows, Chrome OS, Android". Click or tap on the button found on the right side, which should say "Default."
From the list of options displayed, select Enabled.
As soon as you enable the DNS over HTTPS setting, Google Chrome asks you to Relaunch it so that it can apply the change. Click or tap on the Relaunch button or close and reopen Google Chrome.
Now Google Chrome is configured to use DNS over HTTPS whenever that's possible. However, that doesn't mean that you are safe just yet. Read on to see which are the following steps you should take.
NOTE: In Chrome for iOS, this feature is not available yet.
Change the DNS servers on your Windows PC
Not all Internet Service Providers support DoH, and there are only a few public DNS servers that do. Two of the best providers of public DNS servers are Google and Cloudflare. Unless your internet service provider already offers support for DNS over HTTPS, Google and Cloudflare's DNS servers are your best options. Google's public DNS servers IP addresses are 8.8.8.8 and 8.8.4.4, while Cloudflare's public DNS servers IP addresses are 1.1.1.1 and 1.0.0.1. If you don't know how to change your DNS servers in Windows, follow the steps we've detailed here: Change the DNS servers used by your Windows PC in 3 steps.
The quick way to do it in Windows 10 is to open the Settings app, go to Network & Internet -> Change adapter options, double-click or double-tap on your network connection, and press the Properties button. Then, double-click or double-tap on Internet Protocol version 4 (TCP/IPv4), mark the "Use the following DNS server address" and enter the IP addresses of Google or Cloudflare public DNS servers that we mentioned earlier.
Once you've set the DNS servers to ones that support DNS over HTTPS, you should be all set. All that remains is for you to check whether DoH actually works on your computer or device.
How to test if DNS over HTTPS works in Google Chrome
To check whether DoH works in your Google Chrome, open it, and visit Cloudflare's Browsing Experience Security Check webpage. Press the orange Check My Browser button and wait for the testing to be done.
If the Secure DNS test is marked green and says that "You are using encrypted DNS transport [...]," then you've successfully configured DNS over HTTPS for Google Chrome on your device.
That's it!
Did you turn DNS over HTTPS on in Google Chrome?
As you've seen, DNS over HTTPS is quite an important protocol that many security-conscious people have waited to see implemented. Fortunately, Google Chrome now supports DoH, and enabling it is not very hard, although it does require a few steps. Did you enable DNS over HTTPS in your Google Chrome? Did you encounter any problems? Leave a comment below, and let's resolve them.