• Sem
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    The main thing is that now no one has proposed to ban DNS-over-HTTPS…

  • 𝘋𝘪𝘳𝘬
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    1 year ago

    So … people misusing DoH – a system that makes it impossible to block or see the traffic because you cannot block port 443 nowadays and where it is by design that the individual clients and not the operating system handle DNS requests?

    DoH was a mistake.

    • InFerNo
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      DoH can be blocked while allowing other traffic. idk how, but the fortigate at my work has an active rule to block DoH.

    • nani8ot
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Yes, it isn’t great how DoH traffic can’t be controlled well. Apps using DoH makes blocking ads unnecessarily more difficult. (DoT solves DNS encryption better imo.) HTTPS is already often unblocked and also difficult to analyze, but DNS is already used enough for malware communication.