URL's for local devices how, given the need for a local 'bypassed' DNS :) :(
-
In the past, it was easy. All DNS-query's were passing to the VLAN-GW via port 53. Local url's where handled by the local DNS and the rest was forwarded to higher level.
However port 853 was added and worse applications where starting to bypass the local DNS and accessing a DNS else where.
That could both be managed by nat-ing all querys via the local DNS
But in more recent days DNS querys tend to be hided in HTTPS and QUIC and ... bypassing the local DNS (what I like given the dictators in this world), however:
- gone is the routing using your local dns
- gone is the option to block advertising
- gone is the option to see which sites your equipment is accessing
I have been considering blocking "443 and 80 UDP", but I do not think that is a good idea.
Note that you can pursued / force e.g. Firefox to use classical DNS .... (change settings)Any one a solution, especially in relation to local url's?
-
You also cannot really redirect DoT requests. Normally the client require an SSL certificate, which match the servers host name.
@louis2 said in URL's for local devices how, given the need for a local 'bypassed' DNS :) :(:
But in more recent days DNS querys tend to be hided in HTTPS and QUIC and ... bypassing the local DNS
That's called DNS over HTTTPS.
Since you cannot distinguish it from normal HTTPS traffic, you can only block the destination addresses. You can do this with pfBlockerNG. There are lists of DoH servers available in the net.If the application cannot connect to it's favorite DoH server it should try to use the systems DNS resolver.