Does the ZenArmor DNS over https also block DNS over TLS?

Started by really_lost, July 05, 2024, 03:42:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 05, 2024, 03:42:47 AM
The subject is basically the question. I know DOH is much more common that DOT.  There's no ZenArmor policy for blocking DOT. Does the DOH block also block DOT or is there no way in ZenArmor to so that?

July 05, 2024, 10:00:59 AM #1
Hi,

DNS over TLS is defined as an application. You can block it in App Controls - Network Management - DNS over TLS

July 05, 2024, 11:13:15 AM #2 Last Edit: July 05, 2024, 05:18:32 PM by Seimus
DOH and DoT are different things.

DOT is using port 853
DOH is using 443

Its always problematic to block properly DOH cause its mask as a HTTPs traffic.

ZenArmor block as sy said as an APP control. They basically have a list of all DOH/DOT capable servers and block them based on destination.

DOH in zen is in policies > Security
DOT in zen is in policies > App control > Network management > DNS over TLS (here is as well DOH, for some reason they have it twice)

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
Print
Go Up Pages1
User actions