开启 DoH 之后可以直连 https://terminus2049.github.io/
最新的 Nightly 版本 Firefox 已经支持 DoH,开启之后可以对同一服务器上的其他网站进行加密访问。因为 github.io 没有被屏蔽,所以开启 DoH 之后先访问一个没有被屏蔽的 github.io 网站,再访问 https://terminus2049.github.io/ 就能正常了。
我关闭代理工具之后,先访问英文维基百科,再访问中文维基百科,中文维基可正常访问。
各位有兴趣可以试试,欢迎反馈。下载 nightly 版本 firefox (https://www.mozilla.org/en-US/firefox/channel/desktop/#nightly )
按照以下步骤:
1] Type about:config in the location bar
2] Search for network.trr (TRR stands for Trusted Recursive Resolver – it is the DoH Endpoint used by Firefox.)
3] Change network.trr.mode to 2 to enable DoH. This will try and use DoH but will fallback to insecure DNS under some circumstances like captive portals. (Use mode 5 to disable DoH under all circumstances.)
4] Set network.trr.uri to your DoH server. Cloudflare’s is https://mozilla.cloudflare-dns.com/dns-query but you can use any DoH compliant endpoint.
参见
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/
However, once you’ve made that connection to the web server, then everything is encrypted. And the neat thing is that this encrypted connection can be used for any site that is hosted on that server, not just the one that you initially asked for.
This is sometimes called HTTP/2 connection coalescing, or simply connection reuse. When you open a connection to a server that supports it, that server will tell you what other sites it hosts. Then you can visit those other sites using that existing encrypted connection.
Why does this help? You don’t need to start up a new connection to visit these other sites. This means you don’t need to send that unencrypted initial request with its server name indication saying which site you’re visiting. Which means you can visit any of the other sites on the same server without revealing what sites you’re looking at to your ISP and on-path routers.
doh, https, terminus, github, io
关键就是先访问正常网站,然后再访问同一域名下的被屏蔽的网站。比如先访问英文维基百科,再访问中文维基百科。
这个厉害,收藏了!
听起来就好像是把英文维基百科的IP地址抄到hosts里面,然后告诉电脑这是中文维基百科。这回把这个事情直接做到浏览器里了。
@LoveFormula 这是加密连接复用,https的弱点是第一次与服务器交换公钥总是会被DNS污染,这个是同域名公钥复用,所以可行。
看不懂,来个文盲能看懂的
关了代理,youtube 都能直连了,真不习惯😂😂😂
https://zdnet.com/article/google-to-run-dns-over-https-doh-experiment-in-chrome/ Google Chrome 也计划引入 DNS-over-HTTPS (DoH)功能,加密 DNS 请求发送到非本地 DNS 解析器。
能出視頻教程針對小白嗎?