最新的 Nightly 版本 Firefox 已经支持 DoH,开启之后可以对同一服务器上的其他网站进行加密访问。因为 github.io 没有被屏蔽,所以开启 DoH 之后先访问一个没有被屏蔽的 github.io 网站,再访问 https://terminus2049.github.io/ 就能正常了。
我关闭代理工具之后,先访问英文维基百科,再访问中文维基百科,中文维基可正常访问。
各位有兴趣可以试试,欢迎反馈。下载 nightly 版本 firefox (https://www.mozilla.org/en-US/firefox/channel/desktop/#nightly )
按照以下步骤:
1] Type about:config in the location bar
2] Search for network.trr (TRR stands for Trusted Recursive Resolver – it is the DoH Endpoint used by Firefox.)
3] Change network.trr.mode to 2 to enable DoH. This will try and use DoH but will fallback to insecure DNS under some circumstances like captive portals. (Use mode 5 to disable DoH under all circumstances.)
4] Set network.trr.uri to your DoH server. Cloudflare’s is https://mozilla.cloudflare-dns.com/dns-query but you can use any DoH compliant endpoint.
参见
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/
However, once you’ve made that connection to the web server, then everything is encrypted. And the neat thing is that this encrypted connection can be used for any site that is hosted on that server, not just the one that you initially asked for.
This is sometimes called HTTP/2 connection coalescing, or simply connection reuse. When you open a connection to a server that supports it, that server will tell you what other sites it hosts. Then you can visit those other sites using that existing encrypted connection.
Why does this help? You don’t need to start up a new connection to visit these other sites. This means you don’t need to send that unencrypted initial request with its server name indication saying which site you’re visiting. Which means you can visit any of the other sites on the same server without revealing what sites you’re looking at to your ISP and on-path routers.