Block DNS over HTTPS from clients on LAN
-
Hi, i want ask how to block DNS over HTTPS from clients on LAN (i dont want use proxy).
I use family filtering (DNS provider). Set DNS, DHCP and some firewall rules, so that LAN clients can only use family filtering DNS.
But, if clients will use browser with DNS over HTTPS, can i filter adult content? -
https://forum.netgate.com/topic/133679/heads-up-be-aware-of-trusted-recursive-resolver-trr-in-firefox
-
thx for quick reply.
So, for now we dont have any solution to solve this on pfsense box?
-
in CHROME 78 DoH is enabled by default. no means to disable it. flag chrome://flags/#dns-over-https is not even listed as option. .admx policies are outdated, regkeys HKLM\SOFTWARE\Policies\Google are undocumented for this option.
-
How about checking if you are really using DoH first:
https://1.1.1.1/help
-
https://1.1.1.1/help is helpful. i´ve set server:local-zone: "use-application-dns.net" static in resolver also "DNSOverHTTPS": {"Enabled": false} in distribution/policies.json - just saying chrome needs trr parameter documented just like firefox did. do you think DoH should be the future standard ? what is the purpose of dnscrypt-proxy ?