If you select a bad server list, in addition to Ubisoft's top spot, Nintendo Switch's bald networking services must be indispensable. Although Nintendo has set up a Hong Kong CDN server for acceleration, the speed of update installation has not changed significantly. Generally, at this time, everyone will choose to change the DNS to improve the download speed of NS.
DNS (Domain Name System) is a very common term in work and life. Users only need to enter a recognizable web address in the browser, and the system will find the corresponding IP address in a short time. During the resolution process, DNS will access various name servers, and obtain stored numeric addresses corresponding to URLs from these name servers. Up to now, DNS has been developed for decades. Although it is widely used, it has rarely attracted people's attention to its security.
From a security point of view, usually no encryption is performed when the request is transmitted, and the DNS that anyone can read is actually insecure. This means that cybercriminals can easily use their own servers to intercept the victim’s DNS and redirect user requests to phishing websites, which publish malware or place a large number of advertisements on normal websites to attract users. This behavior We call it DNS hijacking. In order to reduce the occurrence of such situations, industry experts are currently struggling to discuss the feasibility of HTTPS-based DNS (DoH). So what is DNS over HTTPS and can it make the Internet more secure? We together look.
Why do we need DNS via HTTPS?
In daily surfing, if a user enters a URL that cannot be resolved (for example, due to a typing error), some Internet providers (ISPs) will deliberately use DNS hijacking technology to provide error messages. Once the ISP blocks this content, it will direct users to their own website where they can promote their own or third-party products. Although this is not illegal and will not directly harm users, this type of redirection will still make users disgusted. Therefore, using the DNS protocol alone is not very reliable.
And DoH (DNS over HTTPS) uses the secure HTTPS protocol to run DNS, the main purpose is to enhance the security and privacy of users. By using an encrypted HTTPS connection, the third party will no longer influence or monitor the resolution process. Therefore, fraudsters will not be able to view the requested URL and change it. If DNS based on HTTPS is used, the Transmission Control Protocol (TCP) in DoH will react faster when data is lost during transmission.
Currently, DoH has not yet become a global standard on the Internet, and most connections still rely on basic DNS. So far, only two companies, Google and Mozilla, have entered this field. Google is currently testing this feature with some users. In addition, there are applications for mobile devices, which can also surf the web via DoH. Android Pie also provides an option to enable HTTPS-based DNS through network settings.
How does DNS over HTTPS work?
Usually, some domain name resolution is directly performed from the user's client, and the corresponding domain name information is stored in the cache of the browser or router. All content transmitted during the period needs to be connected via UDP, because this can exchange information more quickly. But we all know that UDP is neither secure nor reliable. When using this protocol, data packets may be lost at any time, because there is no mechanism to guarantee the reliability of transmission.
And DoH relies on HTTPS, so it also relies on TCP, a protocol that is used more frequently on the Internet. In this way, the connection can be encrypted, and the TCP protocol can also ensure complete data transmission. In addition, HTTPS-based DNS is used, communication is always carried out through port 443, and actual network traffic is transmitted on port 443 (for example, to visit a website). Therefore, outsiders cannot distinguish between DNS requests and other communications, which also guarantees a higher level of user privacy.
Pros and cons of DoH
The advantages of DoH are obvious. The technology improves security and protects user privacy. Compared with traditional DNS, DoH provides encryption measures. It uses HTTPS, a common security protocol in the industry, to send DNS requests to the DNS server, so that the operator or a third party can only know the originator and destination during the entire transmission process, and know everything else, even I don't even know that we initiated a DNS request.
DoH's encryption measures can prevent eavesdropping or interception of DNS queries, but this also brings some potential risks. Some Internet security measures implemented over the years require visibility of the DNS request process. For example, parental control needs to rely on operators to block access to certain domain names for some users. Law enforcement agencies may want to track criminals through DNS data, and many organizations use security systems to protect their networks. These security systems also use DNS information to block known malicious sites. The introduction of DoH may seriously affect these situations. Therefore, DoH is still in a period of autonomous configuration. Users need to know who can see the data, who can access the data, and under what circumstances.
DoH and DoT
In addition to HTTPS-based DNS, there is currently another technology used to protect the domain name system: TLS-based DNS (DoT). These two protocols look very similar, and they both promise higher user security and privacy. But these two standards are developed separately, and each has its own RFC document. DoT uses the security protocol TLS, which adds TLS encryption to the User Datagram Protocol (UDP) used for DNS queries. DoT uses port 853, and DoH uses HTTPS port 443.
Because DoT has a dedicated port, even if the request and response itself are encrypted, anyone with network visibility can discover DoT traffic back and forth. DoH is the opposite. DNS queries and responses are to some extent masqueraded in other HTTPS traffic because they are all coming in and out of the same port.
Which one is better, DoT or DoH? This is still open for discussion. But from the perspective of network security, DoT can be said to be better. It enables network administrators to monitor and block DNS queries, which is very important for identifying and blocking malicious traffic. On the other hand, DoH queries are hidden in regular HTTPS traffic. This means that it is difficult to stop all other HTTPS traffic without blocking them.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。