DNS RPZ Protection From DoH
Blason R
blason16 at gmail.com
Wed Oct 2 12:00:08 UTC 2019
Hmm that is a good idea to block the DOH queries but what I understood is
blocking on perimeter level would be more appropriate.
On Wed, Oct 2, 2019 at 4:58 PM Daniel Stirnimann <
daniel.stirnimann at switch.ch> wrote:
> You cannot block DoH with RPZ but you can block bootstrapping DoH if the
> web browser is configured to use "normal" DNS to lookup the DoH
> endpoint. See also:
>
> https://github.com/bambenek/block-doh
>
> Daniel
>
> On 02.10.19 13:23, Blason R wrote:
> > Hi Folks,
> >
> > Wondering if anyone has any clue or defining policies for blocking DoH
> > [DND Over HTTPS] traffic using bind RPZ feature?
> >
> > Does anyone have any use case about it?
> >
> > Thanks and Regards,
> > Blason R
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191002/4d6e251d/attachment.html>
More information about the bind-users
mailing list