Ba tare da DNS ba, Intanet ba ta iya aiki cikin sauƙi, tunda DNS taka muhimmiyar rawa a cikin tsaro ta yanar gizo kamar yadda sabobin DNS zasu iya zama masu rauni da amfani da su azaman vector don sauran nau'ikan hare-hare.
En daftarin aiki Mai taken: "Tallafin rufaffen DNS a Yanayin Kasuwanci," Hukumar Tsaron Kasa (NSA), wata hukumar gwamnati ce ta Ma'aikatar Tsaro ta Amurka, da aka buga kwanaki da yawa da suka gabata wani rahoto kan tsaron yanar gizo a cikin kamfanoni.
Takardar yayi bayani game da fa'idodi da haɗarin karɓar yarjejeniya Nameaddamar da Sunan Yanki (DoH) a cikin yanayin kamfanoni.
Ga waɗanda ba su san DNS ba, ya kamata su san cewa ma'auni ne na daidaitawa, tsari da kuma rarrabuwa a kan sikelin duniya, yana ba da taswira tsakanin sunayen masu karɓar, adiresoshin IP (IPv4 da IPv6), bayanin uwar garken suna, da dai sauransu.
Koyaya, ya zama sanannen kamfani na kai hari ga masu aikata laifuka ta hanyar yanar gizo yayin da DNS ke raba buƙatunsu da martani a cikin rubutu mai haske, wanda ɓangare na uku mara izini zai iya kallon saukinsa.
Hukumar leken asirin da tsarin kula da bayanai na gwamnatin Amurka ta ce ana amfani da rufaffen bayanan DNS don hana sauraren sauti da nakkasa zirga-zirgar DNS.
"Tare da karuwar shahararren rubutaccen DNS, dole ne masu kamfanonin sadarwar kamfanoni da masu gudanarwa su fahimci yadda za a samu nasarar aiwatar da shi ta hanyar tsarinsu," in ji kungiyar. "Ko da kuwa kamfanin bai karbe su ba bisa ka'ida, sabbin masu bincike da sauran manhajoji na iya kokarin amfani da rufaffen bayanan DNS da tsallake kariya ta gargajiya na tushen kamfani na DNS," in ji shi.
Sunan yankin sunan cewa yana amfani da yarjejeniya ta amintar da yarjejeniya akan TLS (Https) encrypts tambayoyin DNS don tabbatar da sirri, mutunci, da kuma tushen tushe yayin ma'amala tare da mai warware DNS na abokin ciniki. Rahoton na NSA ya ce yayin da DoH na iya kare sirrin buƙatun DNS da amincin martani, kamfanonin da ke amfani da shi za su yi asara, Duk da haka, wasu abubuwan sarrafawa da suke buƙata yayin amfani da DNS a cikin hanyoyin sadarwar su, sai dai idan sun ba da izinin Resolver DoH ɗin su azaman amfani.
DoH mai yanke shawara na kamfani na iya zama sabar-kamfani mai sarrafa DNS ko warwarewa ta waje.
Koyaya, idan mai yanke shawara na kamfanin DNS bai yarda da DoH ba, yakamata a ci gaba da amfani da mai warware sha'anin kuma yakamata a dakatar da duk ɓoyayyen DNS ɗin kuma a toshe shi har sai ƙarfin DNS ɗin da aka rufeshi ya kasance cikakke cikin abubuwan haɗin ginin kamfanoni na DNS.
M, NSA ta bada shawarar cewa zirga-zirgar DNS don hanyar sadarwar kamfani, ɓoye ko a'a, za'a aika shi kawai ga mai ƙaddara kamfanin DNS Wannan yana taimakawa wajen tabbatar da amfani mai kyau na mahimmancin tsaro na kasuwanci, yana ba da damar isa ga albarkatun cibiyar sadarwar gida, da kare bayanai akan hanyar sadarwa ta ciki.
Ta yaya Kasuwancin DNS Architectures ke aiki
- Mai amfani yana son ziyartar gidan yanar gizon da bai san cutarwa ba kuma yana buga sunan yankin a cikin burauzar yanar gizo.
- Ana aika buƙatar sunan yanki zuwa warwarewar kamfanin DNS tare da bayyananniyar fakiti akan tashar 53.
- Tambayoyin da suka keta manufofin sa ido na DNS na iya haifar da faɗakarwa da / ko a toshe su.
- Idan adireshin IP ɗin yankin ba a cikin ɓoye yanki na mai warware matsalar DNS ba kuma ba a tace yankin ba, zai aika tambayar DNS ta ƙofar kamfanin.
- Corporateofar kamfanin tana tura tambayar DNS a cikin rubutu mai tsabta zuwa sabar DNS ta waje. Hakanan yana toshe buƙatun DNS waɗanda basa zuwa daga mai warware DNS na kamfanin.
- Amsar tambaya tare da adireshin IP na yankin, adireshin wani sabar DNS tare da ƙarin bayani, ko an dawo da kuskure a cikin ingantaccen rubutu ta ƙofar kamfanoni;
ƙofar kamfanoni ta aika da martani ga kamfani na DNS mai warwarewa. Matakan 3 zuwa 6 ana maimaita su har sai an sami adireshin IP ɗin da aka nema ko kuskure ya auku. - Mai warware DNS ya dawo da martani ga burauzar gidan yanar gizon mai amfani, wanda hakan ke buƙatar shafin yanar gizon daga adireshin IP ɗin a cikin martanin.
Source: https://media.defense.gov/