|
|
Log in / Subscribe / Register

Fedora and fallback DNS servers

Fedora and fallback DNS servers

Posted Mar 5, 2021 12:09 UTC (Fri) by kpfleming (subscriber, #23250)
In reply to: Fedora and fallback DNS servers by smurf
Parent article: Fedora and fallback DNS servers

With the advent of DoH, this has gotten very hard to do well. Now you not only have to block UDP and TCP traffic to destination port 53, but you also have to block TCP traffic to port 443 on the well-known DoH servers, and hope that your users won't use a non-well-known server.

to post comments

Fedora and fallback DNS servers

Posted Mar 5, 2021 12:13 UTC (Fri) by zdzichu (subscriber, #17118) [Link]

You need to intercept all communication, do MITM with TLS traffic and do deep packet inspection. Because users wanting to use DoH will create their own DoH resolvers on cheapest VPS instances in cloud. I know, they did that in my company.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds