Činiće runje prěnje kroki z DNS přez HTTPS (DoH)? Žadyn strach! Smy lisćinu husto stajenych prašenjow naćisnyli, kotrež snano za wužitne maće, mjeztym zo so ze wšěm na najnowši staw přinjeseće, štož DoH skići. Za přidatne informacije hlejće [[Firefox DNS-over-HTTPS]]. __TOC__ =Kak DNS přez HTTPS za wužiwarjow Firefox na zakładźe narodnych šemow funguje, hdźež smy DoH po standardźe dodali= ==Što su prawidła priwatnosće za DNS přez HTTPS?== Implementowanje DoH je dźěl našeho dźěła za škit wužiwarjow před stajnym prěsćěhowanjom wosobinskich datow online. Zo byšće to činił, žada sej Mozilla ze zakonsce zawjazne dojednanje wote wšěch poskićowarjow DNS, kotřiž dadźa so w Firefox wubrać, zo naše [https://wiki.mozilla.org/Security/DOH-resolver-policy resolwerowe prawidła] spjelnjeja. Tute žadanja striktne mjezy na typ datow stajeja, kotrež so maja wobchować, što poskićowar móže z datami činić a kak dołho smě je wobchować. Tute striktne prawidła maja wužiwarjow před tym škitać, zo so jich daty hromadźeja a spjenježuja. ==Warnuja wužiwarjow, hdyž to je zmóžnjene a jim so wotpokazanje poskića?== Haj, zdźělenka so w Firefox zjewi a njezhubi so, doniž wužiwar njerozsudźa, hač chce škit priwatnosće DNS zmóžnić abo znjemóžnić. [[Image:OptIn_Infobar]] ==Móža wužiwarjo DoH znjemóžnić?== {for fx114}Yes, they can disable DoH, select their own DoH provider and make other configuration changes from the {menu Privacy & Security} panel in Firefox settings, as explained in the [[Configure DNS over HTTPS protection levels in Firefox]] article.{/for} {for not fx114}Yes, they can disable DoH from [[Connection settings in Firefox|Firefox Network settings]]. They can disable DoH and/or select their own DoH provider, as [[Firefox DNS-over-HTTPS#w_manually-enabling-and-disabling-dns-over-https|explained here]].{/for} ==Móža wužiwarjo dočasa wotpokazać?== Yes, you can set {pref network.trr.mode} to {pref 5} manually in the [[Configuration Editor for Firefox|Configuration Editor]]. Additional information about the modes can [https://wiki.mozilla.org/Trusted_Recursive_Resolver#network.trr.mode be found here]. ==Kak budźe so DoH na předewzaća ze swójskimi rozrisanjemi DNS wuskutkować?== We have made it easy for enterprises to disable this feature. In addition, Firefox will detect whether enterprise policies have been set on the device and will disable DoH in those circumstances. If you’re a system administrator who is interested in learning how to configure enterprise policies, please review [https://support.mozilla.org/products/firefox-enterprise/policies-customization-enterprise/policies-overview-enterprise the documentation]. ==Kak budźe so DoH na staršiske kontrole wuskutkować?== We know that some Internet Service Providers (ISPs) use DNS to offer a parental control service that blocks adult content. Mozilla’s view is that DNS is not the best approach to parental controls, but we also don’t want to break existing services, so we check a series of canary domains before enabling DoH. If these domains indicate that parental controls are on, then we disable DoH. For additional information, see [https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default this Mozilla blog post]. ==Njemóža syće prosće kontrolu za canary domain wšón čas wuwabić a DoH znjemóžnić?== Yes, canary domains are a solution that offers the best security to combat network attackers and prevent breaking existing deployments. We will be monitoring their use, investigating any incidents of abuse and looking at measures to contain those incidents. ==Budźe DoH Content Delivery Networks (CDN) kazyć?== We are aware that some CDNs use DNS-based traffic steering that may be affected by DoH. However, our [https://blog.mozilla.org/futurereleases/2019/04/02/dns-over-https-doh-update-recent-testing-results-and-next-steps measurements] show that DoH page load times are competitive compared to ordinary DNS page load times. During and after the rollout period, we will be monitoring Firefox’s performance to see if any defects exist. ==Kak Firefox ze split-horizon DNS wobchadźa?== If Firefox fails to resolve a domain via DoH, it will fall back to the DNS. This means that any domains that are only available on the ordinary DNS (because they aren’t public) will be resolved that way. If you have a domain that is publicly resolvable but resolves differently internally, then you should use enterprise settings to disable DoH. ==Wobkrućeće DNSSEC?== DNSSEC ensures that DNS responses have not been tampered with while in transit, but does not encrypt DNS requests and responses. We have prioritized encryption of DNS using DoH to protect user privacy. We are considering the implementation of DNSSEC in the future. =Partnerstwa DNS přez HTTPS= ==Kotry resolwer Firefox wužiwa?== In each country where we launch DoH, we will have a default resolver (e.g., in the US, the default resolver is Cloudflare). Users may alternately select from a list of [https://wiki.mozilla.org/Security/DOH-resolver-policy#Conforming_Resolvers additional providers] in our ''Trusted Recursive Resolver'' program, which requires compliance with our policy requirements regarding user privacy and security. Over time, we expect to add more providers to our ''Trusted Recursive Resolver'' program. Additionally, our vision is for DoH to be universally adopted and supported by all DNS resolvers. ==Kak Mozilla swoje dowěry hódne resolwery wuběra?== Our default resolvers are able to meet the strict [https://wiki.mozilla.org/Security/DOH-resolver-policy policy requirements] that we currently have in place. These requirements are backed up in legally binding contracts and are made public in a best in class privacy notices that document those policies and provide transparency to users. ==Dóstawa Mozilla płaćenja za słanje naprašowanja DNS na jeho standardne resolwery?== No money is being exchanged to route DNS requests to our default resolver partners. ==Spjenježuja Mozilla abo jeho standadne resolwery tute daty?== No, our policy explicitly forbids monetizing this data. Our goal with this feature is to provide important privacy protections to our users and to make it harder for existing DNS resolvers to monetize users’ DNS data. =Wjace wo implementaciji DNS přez HTTPS Firefox= ==Što je waš dodawanski plan?== We rolled out DoH by default to the United States in 2019, in Canada in 2021, and Russia and Ukraine in March 2022. We are currently in the planning stages for by-default rollouts to additional locales. ==Budźeće tutón standard w Europje dodawać?== As part of our continuing strategy to carefully measure the benefits and impact of DoH, we have released this feature by default in Russia, Ukraine as well as the US and Canada only so far. ==Čehodla Firefox DoH a nic DoT implementuje?== The IETF has standardized two DNS over secure transport protocols: [https://tools.ietf.org/rfcmarkup?doc=7858 DNS-over-TLS] (DoT) and [https://tools.ietf.org/rfcmarkup?doc=8484 DNS-over-HTTPS] (DoH). These two protocols have broadly similar security and privacy properties. We chose DoH because we believe it is a better fit for our existing mature browser networking stack (which is focused on HTTP) and provides better support for future protocol features such as HTTP/DNS multiplexing and QUIC. ==Da so DoT za syćowych wobhospodarjerjow lóšo namakać a blokować?== Yes, we don’t think that this is an advantage. Firefox provides mechanisms for network operators to signal that they have legitimate reasons for DoH to be disabled. We do not believe that blocking the connection to the resolver is an appropriate response. ==Přeradźuje Server Name Indication (SNI) domenowe mjena najebać to?== Yes, although not all domain names get leaked through SNI, we are concerned about SNI leaks and have started working on [https://datatracker.ietf.org/doc/draft-ietf-tls-esni Encrypted SNI]. ==Što su heuristiki DoH?== These are a set of checks that Firefox performs before enabling DoH by default for users in the rollout regions, to see if enabling DoH will have a negative impact. (These checks are ignored if you explicitly enabled DoH.) For example, DoH will remain disabled if enterprise policies or parental controls are enabled. To learn more, see [https://wiki.mozilla.org/Security/DNS_Over_HTTPS/Heuristics Security/DNS Over HTTPS/Heuristics] and [[Configuring Networks to Disable DNS over HTTPS]].

Činiće runje prěnje kroki z DNS přez HTTPS (DoH)? Žadyn strach! Smy lisćinu husto stajenych prašenjow naćisnyli, kotrež snano za wužitne maće, mjeztym zo so ze wšěm na najnowši staw přinjeseće, štož DoH skići. Za přidatne informacije hlejće Firefox DNS přez HTTPS.

Kak DNS přez HTTPS za wužiwarjow Firefox na zakładźe narodnych šemow funguje, hdźež smy DoH po standardźe dodali

Što su prawidła priwatnosće za DNS přez HTTPS?

Implementowanje DoH je dźěl našeho dźěła za škit wužiwarjow před stajnym prěsćěhowanjom wosobinskich datow online. Zo byšće to činił, žada sej Mozilla ze zakonsce zawjazne dojednanje wote wšěch poskićowarjow DNS, kotřiž dadźa so w Firefox wubrać, zo naše resolwerowe prawidła spjelnjeja. Tute žadanja striktne mjezy na typ datow stajeja, kotrež so maja wobchować, što poskićowar móže z datami činić a kak dołho smě je wobchować. Tute striktne prawidła maja wužiwarjow před tym škitać, zo so jich daty hromadźeja a spjenježuja.

Warnuja wužiwarjow, hdyž to je zmóžnjene a jim so wotpokazanje poskića?

Haj, zdźělenka so w Firefox zjewi a njezhubi so, doniž wužiwar njerozsudźa, hač chce škit priwatnosće DNS zmóžnić abo znjemóžnić.

Móža wužiwarjo DoH znjemóžnić?

Yes, they can disable DoH, select their own DoH provider and make other configuration changes from the Privacy & Security panel in Firefox settings, as explained in the Škitne schodźenki DNS přez HTTPS w Firefox konfigurować article. Yes, they can disable DoH from Firefox Network settings. They can disable DoH and/or select their own DoH provider, as explained here.

Móža wužiwarjo dočasa wotpokazać?

Yes, you can set network.trr.mode to 5 manually in the Configuration Editor. Additional information about the modes can be found here.

Kak budźe so DoH na předewzaća ze swójskimi rozrisanjemi DNS wuskutkować?

We have made it easy for enterprises to disable this feature. In addition, Firefox will detect whether enterprise policies have been set on the device and will disable DoH in those circumstances. If you’re a system administrator who is interested in learning how to configure enterprise policies, please review the documentation.

Kak budźe so DoH na staršiske kontrole wuskutkować?

We know that some Internet Service Providers (ISPs) use DNS to offer a parental control service that blocks adult content. Mozilla’s view is that DNS is not the best approach to parental controls, but we also don’t want to break existing services, so we check a series of canary domains before enabling DoH. If these domains indicate that parental controls are on, then we disable DoH. For additional information, see this Mozilla blog post.

Njemóža syće prosće kontrolu za canary domain wšón čas wuwabić a DoH znjemóžnić?

Yes, canary domains are a solution that offers the best security to combat network attackers and prevent breaking existing deployments. We will be monitoring their use, investigating any incidents of abuse and looking at measures to contain those incidents.

Budźe DoH Content Delivery Networks (CDN) kazyć?

We are aware that some CDNs use DNS-based traffic steering that may be affected by DoH. However, our measurements show that DoH page load times are competitive compared to ordinary DNS page load times. During and after the rollout period, we will be monitoring Firefox’s performance to see if any defects exist.

Kak Firefox ze split-horizon DNS wobchadźa?

If Firefox fails to resolve a domain via DoH, it will fall back to the DNS. This means that any domains that are only available on the ordinary DNS (because they aren’t public) will be resolved that way. If you have a domain that is publicly resolvable but resolves differently internally, then you should use enterprise settings to disable DoH.

Wobkrućeće DNSSEC?

DNSSEC ensures that DNS responses have not been tampered with while in transit, but does not encrypt DNS requests and responses. We have prioritized encryption of DNS using DoH to protect user privacy. We are considering the implementation of DNSSEC in the future.

Partnerstwa DNS přez HTTPS

Kotry resolwer Firefox wužiwa?

In each country where we launch DoH, we will have a default resolver (e.g., in the US, the default resolver is Cloudflare). Users may alternately select from a list of additional providers in our Trusted Recursive Resolver program, which requires compliance with our policy requirements regarding user privacy and security. Over time, we expect to add more providers to our Trusted Recursive Resolver program. Additionally, our vision is for DoH to be universally adopted and supported by all DNS resolvers.

Kak Mozilla swoje dowěry hódne resolwery wuběra?

Our default resolvers are able to meet the strict policy requirements that we currently have in place. These requirements are backed up in legally binding contracts and are made public in a best in class privacy notices that document those policies and provide transparency to users.

Dóstawa Mozilla płaćenja za słanje naprašowanja DNS na jeho standardne resolwery?

No money is being exchanged to route DNS requests to our default resolver partners.

Spjenježuja Mozilla abo jeho standadne resolwery tute daty?

No, our policy explicitly forbids monetizing this data. Our goal with this feature is to provide important privacy protections to our users and to make it harder for existing DNS resolvers to monetize users’ DNS data.

Wjace wo implementaciji DNS přez HTTPS Firefox

Što je waš dodawanski plan?

We rolled out DoH by default to the United States in 2019, in Canada in 2021, and Russia and Ukraine in March 2022. We are currently in the planning stages for by-default rollouts to additional locales.

Budźeće tutón standard w Europje dodawać?

As part of our continuing strategy to carefully measure the benefits and impact of DoH, we have released this feature by default in Russia, Ukraine as well as the US and Canada only so far.

Čehodla Firefox DoH a nic DoT implementuje?

The IETF has standardized two DNS over secure transport protocols: DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). These two protocols have broadly similar security and privacy properties. We chose DoH because we believe it is a better fit for our existing mature browser networking stack (which is focused on HTTP) and provides better support for future protocol features such as HTTP/DNS multiplexing and QUIC.

Da so DoT za syćowych wobhospodarjerjow lóšo namakać a blokować?

Yes, we don’t think that this is an advantage. Firefox provides mechanisms for network operators to signal that they have legitimate reasons for DoH to be disabled. We do not believe that blocking the connection to the resolver is an appropriate response.

Přeradźuje Server Name Indication (SNI) domenowe mjena najebać to?

Yes, although not all domain names get leaked through SNI, we are concerned about SNI leaks and have started working on Encrypted SNI.

Što su heuristiki DoH?

These are a set of checks that Firefox performs before enabling DoH by default for users in the rollout regions, to see if enabling DoH will have a negative impact. (These checks are ignored if you explicitly enabled DoH.) For example, DoH will remain disabled if enterprise policies or parental controls are enabled. To learn more, see Security/DNS Over HTTPS/Heuristics and Syće konfigurować, zo by so DNS přez HTTPS znjemóžnił.