DNS RPZ Protection From DoH

[Alan Clegg]

On 10/2/19 8:00 AM, Blason R wrote:
> Hmm that is a good idea to block the DOH queries but what I understood
> is blocking on perimeter level would be more appropriate.

To nullify the abilities of DoH, you can block port TCP/443.

That is pretty much guaranteed to keep DoH from working, but you may
want to test this solution in the lab before you deploy widely.

This method of controlling DoH may have side-effects.

AlanC