|
|
Log in / Subscribe / Register

Fedora and fallback DNS servers

Fedora and fallback DNS servers

Posted Feb 26, 2021 10:22 UTC (Fri) by smurf (subscriber, #17840)
In reply to: Fedora and fallback DNS servers by jafd
Parent article: Fedora and fallback DNS servers

If you control the network anyway, you can just redirect all your users' DNS queries to your local resolver no matter which server the user intends to use.

to post comments

Fedora and fallback DNS servers

Posted Mar 5, 2021 12:09 UTC (Fri) by kpfleming (subscriber, #23250) [Link] (1 responses)

With the advent of DoH, this has gotten very hard to do well. Now you not only have to block UDP and TCP traffic to destination port 53, but you also have to block TCP traffic to port 443 on the well-known DoH servers, and hope that your users won't use a non-well-known server.

Fedora and fallback DNS servers

Posted Mar 5, 2021 12:13 UTC (Fri) by zdzichu (subscriber, #17118) [Link]

You need to intercept all communication, do MITM with TLS traffic and do deep packet inspection. Because users wanting to use DoH will create their own DoH resolvers on cheapest VPS instances in cloud. I know, they did that in my company.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds