Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit
EmmaSwan 2017-10-27 11:12:22 +08:00 5649 次点击这是一个创建于 2913 天前的主题,其中的信息可能已经有所发展或是发生改变。
It appears that “ DNS over TLS ” support is being added to Android, according to several commits added to the Android Open Source Project (AOSP). The addition in the Android repository shows that a new setting will be added under Developer Options allowing users to turn on or off DNS over TLS. Presumably, if such an option is being added to Developer Options, then that means it is in testing and may arrive in a future version of Android such as version 8.1.
 | 1 EmmaSwan OP https://www.engadget.com/2017/10/23/google-android-dns-tls/ Google's efforts to push websites to use encrypted connections is paying off. Just days ago, the search giant revealed that HTTPS use on its own products is at 89 percent overall, up from just 50 percent at the beginning of 2014. (Not sure what we're blabbering on about? Just peep the green lock icon and the word "secure" in the address bar). Now, Google is adding an extra layer of security to Android. XDA Developers has spotted that DNS over TLS (Transport Layer Security) support is heading to the mobile OS, according to the Android Open Source Project -- meaning DNS queries will be encrypted to the same level as HTTPS. The Domain Name System (DNS) -- often referred to as the internet's phone book -- translates domain names (like engadget.com) into machine-readable IP addresses. The process is hidden from users, but essentially applies to every website you visit. While TLS hides your DNS requests, it won't afford you full privacy (as your Internet Service Provider can still see the IP address you're communicating with). For that, you'll still need a VPN app. But, this is also about DNS robustness. TLS would make it harder for hackers to hijack a DNS to spy on users or, worse still, to direct them to fake sites and phishing pages. Updates to the Android repository suggest you will be able to disable DNS over TLS, and that it may arrive on a future update. |
 | 2 learnshare 2017-10-27 11:17:29 +08:00 会导致所有域名都解析不了 |
| 3 EmmaSwan OP  1 @learnshare 花薇 笑咪 带头表示, 不会跟风加入此功能, 会剔除此功能. 请大家放心 |
 | 4 chairuosen 2017-10-27 11:24:40 +08:00 没太懂,是 http dns 的升级版么? ssl 证书不是对域名的么,然后这个域名也得解析啊。。 |
 | 5 abdiweli 2017-10-27 11:33:51 +08:00 @chairuosen 貌似是加密 DNS 请求了,只有 DNS 服务器才知道你请求的是哪个网站,ISP 无法知道。 |
 | 6 yksoft1 2017-10-27 11:36:04 +08:00 这个和 DNSSEC 有区别吗? |
 | 7 clavichord93 2017-10-27 15:18:13 +08:00 via iPhone 1 你们哪来的自信能用的这个功能? |
 | 8 love4taylor PRO @yksoft1 DNSSEC 是看的 DS 记录 但查询过程不加密的吧 (应该 DNS over TLS 是全程加密 |
 | 9 zro 2017-10-27 15:29:08 +08:00 OpenWRT/LEDE 几时加入此功能咧?  |
 | 10 RLib 2017-10-27 15:38:51 +08:00 DNS 还不是用的运营商的 |
 | 11 lybtongji 2017-10-28 13:16:05 +08:00 我觉得到时运营商还是会把这个封了 |
 | 12 txydhr 2017-10-30 06:21:14 +08:00 via iPhone 掩耳盗铃。。因为 99.9%的人都只用运营商的 dns |
 | 13 skylancer 2017-11-04 18:05:57 +08:00 有卵用 什麽候 Android 加自定 DNS 功能 DNS Over TLS 才有用 |
Select Language