1
henvm 2020-07-28 16:52:31 +08:00 via Android
我猜是 t 和 h 的区别
|
2
maemual 2020-07-28 16:53:43 +08:00
安全性上倒是没啥区别。主要是 DoT 使用的是独有的 853 端口,比较容易看出来。
|
3
h4lt 2020-07-28 16:55:22 +08:00 1
How are DNS over TLS and DNS over HTTPS different?
Each standard was developed separately and has its own RFC* documentation, but the most important difference between DoT and DoH is what port they use. DoT only uses port 853, while DoH uses port 443, which is the port that all other HTTPS traffic uses as well. Because DoT has a dedicated port, anyone with network visibility can see DoT traffic coming and going, even though the requests and responses themselves are encrypted. In contrast, with DoH, DNS queries and responses are somewhat camouflaged within other HTTPS traffic, since it all comes and goes from the same port. Ref: https://www.cloudflare.com/learning/dns/dns-over-tls/ |
4
miaomiao888 2020-07-28 18:05:34 +08:00
然而事实上目前用 443 的 DOH 反而更容易被干扰
所以主用 DOT,但日后推广开的话 DOT 可能更容易被封,还得回 DOH |
5
brMu OP @miaomiao888 你是用的国外的 dns 吗?
|
6
miaomiao888 2020-07-28 19:27:59 +08:00
@brMu 肯定了,国内也没 WFG 会去干扰呀,DNS 这东西还是纯净的好
|
7
tinkerer 2020-07-28 19:55:25 +08:00
@miaomiao888 DoH 用好 padding 被防火墙识别的概率跟 DoT 没得啥区别吧,当然首先我想知道你说的抗干扰是指可识别性还是指?
|
8
jamesxu 2020-07-28 19:57:00 +08:00 via iPhone
@miaomiao888 然而 1.1.1.1 和 8.8.8.8 经常被运营商干扰
|
9
tinkerer 2020-07-28 20:01:15 +08:00
另,DoH 的反向代理很简单
|
10
miaomiao888 2020-07-28 21:29:37 +08:00
@tinkerer 指稳定性,443 是重点关照端口,不光 DOH,平时 HTTPS 的网站也偶尔超时,而 DOT 虽然固定用的 853,但目前算是还没被关照,稳定点
|