Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit

2017-10-27 11:12:22 +08:00
 EmmaSwan
It appears that “ DNS over TLS ” support is being added to Android, according to several commits added to the Android Open Source Project (AOSP). The addition in the Android repository shows that a new setting will be added under Developer Options allowing users to turn on or off DNS over TLS. Presumably, if such an option is being added to Developer Options, then that means it is in testing and may arrive in a future version of Android such as version 8.1.
5246 次点击
所在节点    DNS
13 条回复
EmmaSwan
2017-10-27 11:14:23 +08:00
https://www.engadget.com/2017/10/23/google-android-dns-tls/

Google's efforts to push websites to use encrypted connections is paying off. Just days ago, the search giant revealed that HTTPS use on its own products is at 89 percent overall, up from just 50 percent at the beginning of 2014. (Not sure what we're blabbering on about? Just peep the green lock icon and the word "secure" in the address bar). Now, Google is adding an extra layer of security to Android. XDA Developers has spotted that DNS over TLS (Transport Layer Security) support is heading to the mobile OS, according to the Android Open Source Project -- meaning DNS queries will be encrypted to the same level as HTTPS.

The Domain Name System (DNS) -- often referred to as the internet's phone book -- translates domain names (like engadget.com) into machine-readable IP addresses. The process is hidden from users, but essentially applies to every website you visit. While TLS hides your DNS requests, it won't afford you full privacy (as your Internet Service Provider can still see the IP address you're communicating with). For that, you'll still need a VPN app. But, this is also about DNS robustness. TLS would make it harder for hackers to hijack a DNS to spy on users or, worse still, to direct them to fake sites and phishing pages.

Updates to the Android repository suggest you will be able to disable DNS over TLS, and that it may arrive on a future update.
learnshare
2017-10-27 11:17:29 +08:00
会导致所有域名都解析不了
EmmaSwan
2017-10-27 11:20:39 +08:00
@learnshare 花薇 笑咪 带头表示, 不会跟风加入此功能, 会剔除此功能. 请大家放心
chairuosen
2017-10-27 11:24:40 +08:00
没太懂,是 http dns 的升级版么? ssl 证书不是对域名的么,然后这个域名也得解析啊。。
abdiweli
2017-10-27 11:33:51 +08:00
@chairuosen 貌似是加密 DNS 请求了,只有 DNS 服务器才知道你请求的是哪个网站,ISP 无法知道。
yksoft1
2017-10-27 11:36:04 +08:00
这个和 DNSSEC 有区别吗?
clavichord93
2017-10-27 15:18:13 +08:00
你们哪来的自信能用的这个功能?
Love4Taylor
2017-10-27 15:23:16 +08:00
@yksoft1 DNSSEC 是看的 DS 记录 但查询过程不加密的吧 (应该
DNS over TLS 是全程加密
zro
2017-10-27 15:29:08 +08:00
OpenWRT/LEDE 几时加入此功能咧?
RLib
2017-10-27 15:38:51 +08:00
DNS 还不是用的运营商的
lybtongji
2017-10-28 13:16:05 +08:00
我觉得到时运营商还是会把这个封了
txydhr
2017-10-30 06:21:14 +08:00
掩耳盗铃。。因为 99.9%的人都只用运营商的 dns
skylancer
2017-11-04 18:05:57 +08:00
有個卵用
什麽時候給 Android 加個自定義 DNS 功能 DNS Over TLS 才有用

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/401153

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX