DNS RPZ Protection From DoH
Blason R
blason16 at gmail.com
Wed Oct 2 17:04:06 UTC 2019
Block 443? Not even possible since most of the portals/web servers now a
days works on TCP/443
On Wed, Oct 2, 2019 at 6:57 PM Alan Clegg <alan at clegg.com> wrote:
> On 10/2/19 8:00 AM, Blason R wrote:
> > Hmm that is a good idea to block the DOH queries but what I understood
> > is blocking on perimeter level would be more appropriate.
>
> To nullify the abilities of DoH, you can block port TCP/443.
>
> That is pretty much guaranteed to keep DoH from working, but you may
> want to test this solution in the lab before you deploy widely.
>
> This method of controlling DoH may have side-effects.
>
> AlanC
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191002/686cfbb2/attachment.html>
More information about the bind-users
mailing list