[Cryptography] Products that prevent DoH?
Chris Kuethe
chris.kuethe at gmail.com
Wed Mar 11 18:15:24 EDT 2020
On Wed, Mar 11, 2020 at 2:59 PM Udhay Shankar N <udhay at pobox.com> wrote:
>
> I came across this transcript of a podcast where a marketing person talks of a product (which she is, obviously, selling) is claimed to prevent the use of DNS over HTTPS.
> ...
> How would this work?
Didn't read the article but I can think of a couple of approaches.
1) block (NXDOMAIN) the canary domains in your local DNS so that
browsers don't try DoH
https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet
https://www.reddit.com/r/sysadmin/comments/dbs1ew/canary_domain_to_disable_firefoxchrome_doh/
2) block known DoH providers at your firewalls.
3) shoot down TLS sessions that looks like DoH
--
GDB has a 'break' feature; why doesn't it have 'fix' too?
More information about the cryptography
mailing list