【Hacker News搬运】macOS Sequoia 15可能绕过DNS加密

hackernews

Title: macOS Sequoia 15 may bypass DNS encryption

macOS Sequoia 15可能绕过DNS加密

Text:

hn link

Url: https://www.obdev.at/blog/warning-macos-sequoia-15-may-bypass-dns-encryption/

由于我无法直接访问互联网，我将基于您提供的链接标题和描述来生成回答。

标题：“警告：MacOS Monterey 15 可能绕过 DNS 加密”

总结：

这篇文章似乎是在警告用户关于 MacOS Monterey 15 版本中可能存在的一个问题，即该操作系统可能存在绕过 DNS 加密的情况。DNS 加密是一种保护用户隐私和数据安全的技术，它通过加密 DNS 查询和响应来防止中间人攻击和窥探。当 MacOS Monterey 15 系统绕过这种加密时，用户的网络活动可能会变得更加脆弱，使得敏感信息更容易受到攻击。

翻译成中文：

这篇文章发出警告，指出 MacOS Monterey 15 版本可能存在一个问题，即它可能绕过 DNS 加密。DNS 加密是一种保护用户隐私和数据安全的技术，它通过加密 DNS 查询和响应来防止中间人攻击和窃听。如果 MacOS Monterey 15 系统真的绕过了这种加密，那么用户的网络活动可能会变得更加容易受到攻击，敏感信息可能会因此泄露。

Post by: HelenePhisher

Comments:

kelnos: It's a little weird to me that getaddrinfo() is considered a "low-level legacy API". Maybe things are drastically different on macOS, but getaddrinfo() is <i>the</i> way to resolve names on Linux and I suspect the *BSDs.<p>Sure, I expect most macOS apps will use something in Foundation or some other NetworkKit-type framework to do DNS queries, but it's odd to me that the code there wouldn't then call down to getaddrinfo() or the like to do the dirty work. I guess GAI is blocking, so presumably there's some other low-level non-blocking call?

kelnos: 它；getaddrinfo（）被认为是一个“；低级遗留API”；。也许macOS上的情况截然不同，但getaddrinfo（）是<i>在Linux上解析名称的</i>方法，我怀疑是*BSD<p> 当然，我预计大多数macOS应用程序都会使用Foundation或其他NetworkKit类型的框架来执行DNS查询，但它；奇怪的是，那里的代码不会；然后调用getaddrinfo（）或类似方法来做脏活。我想GAI正在阻塞，所以大概有；还有其他低级非阻塞呼叫吗？

asplake: > Update 2024-09-17, 7:10 p.m.<p>> After further investigation, we found that this bug has already existed at least since macOS 14.5 Sonoma (maybe even earlier, but we currently don’t have access to an older 14.x system for testing).

asplake: &gt；更新2024-09-17，晚上7:10<p>&gt；经过进一步调查，我们发现这个bug至少从macOS 14.5 Sonoma开始就已经存在了（可能更早，但我们目前无法访问较旧的14.x系统进行测试）。

unluckier: Sequoia also breaks an application's ability to use DNS (or presumably anything UDP-based) if the macOS firewall is enabled, and an app is listed as "Block incoming connections".
<a href="https://waclaw.blog/macos-firewall-blocking-web-browsing-after-upgrading-to-sequoia/" rel="nofollow">https://waclaw.blog/macos-firewall-blocking-web-browsing-aft...</a>

unluckier: 红杉资本也破坏了一个应用程序；如果启用了macOS防火墙，并且应用程序被列为“DNS”，则可以使用DNS（或可能是任何基于UDP的）；阻止传入连接&quot；。<a href=“https:”waclaw.blog“macos防火墙在升级到红杉后阻止网页浏览”rel=“nofollow”>https:”&#x2F；waclaw.blog；macos-firewall-blocking-web-browsing-fft</a>

skrrtww: The title sort of implies this is intentional or privileged to Apple, while it rather seems more like just a bug.<p>I also wish people would post the FB numbers and the details of their report when they say they've reported things like this.

skrrtww: 标题似乎暗示这是苹果的故意或特权，而它看起来更像是一个bug<p> 我还希望人们在说他们的脸书号码和报告细节时，能发出来；我报道过这样的事情。

OJFord: I was confused at the Little Snitch mention, and then reading further it just seems like a LS bug, that it only works in certain cases.<p>Well, seems this is the LS blog, so only confusion is why this is portrayed as a macOS bug? I'm not saying it's wrong, it's their domain not mine after all, it just doesn't seem to be justified in TFA?

OJFord: 我对小飞贼的提及感到困惑，然后进一步阅读，它似乎只是一个LS bug，它只在某些情况下有效<p> 好吧，这似乎是LS博客，所以唯一令人困惑的是为什么这被描述为macOS bug？我；我不是这么说的；这是错误的，它；毕竟，他们的域名不是我的，只是不是；在TFA中似乎没有道理？