Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: really_lost on July 05, 2024, 03:42:47 AM

Title: Does the ZenArmor DNS over https also block DNS over TLS?
Post by: really_lost on July 05, 2024, 03:42:47 AM
The subject is basically the question. I know DOH is much more common that DOT.  There's no ZenArmor policy for blocking DOT. Does the DOH block also block DOT or is there no way in ZenArmor to so that?

Title: Re: Does the ZenArmor DNS over https also block DNS over TLS?
Post by: sy on July 05, 2024, 10:00:59 AM
Hi,

DNS over TLS is defined as an application. You can block it in App Controls - Network Management - DNS over TLS

Title: Re: Does the ZenArmor DNS over https also block DNS over TLS?
Post by: Seimus on July 05, 2024, 11:13:15 AM
DOH and DoT are different things.

DOT is using port 853
DOH is using 443

Its always problematic to block properly DOH cause its mask as a HTTPs traffic.

ZenArmor block as sy said as an APP control. They basically have a list of all DOH/DOT capable servers and block them based on destination.

DOH in zen is in policies > Security
DOT in zen is in policies > App control > Network management > DNS over TLS (here is as well DOH, for some reason they have it twice)

Regards,
S.
Text only | Text with Images