Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Does the ZenArmor DNS over https also block DNS over TLS?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Does the ZenArmor DNS over https also block DNS over TLS? (Read 574 times)
really_lost
Newbie
Posts: 8
Karma: 0
Does the ZenArmor DNS over https also block DNS over TLS?
«
on:
July 05, 2024, 03:42:47 am »
The subject is basically the question. I know DOH is much more common that DOT. There’s no ZenArmor policy for blocking DOT. Does the DOH block also block DOT or is there no way in ZenArmor to so that?
Logged
sy
Hero Member
Posts: 585
Karma: 44
Re: Does the ZenArmor DNS over https also block DNS over TLS?
«
Reply #1 on:
July 05, 2024, 10:00:59 am »
Hi,
DNS over TLS is defined as an application. You can block it in App Controls - Network Management - DNS over TLS
Logged
Seimus
Hero Member
Posts: 540
Karma: 56
Re: Does the ZenArmor DNS over https also block DNS over TLS?
«
Reply #2 on:
July 05, 2024, 11:13:15 am »
DOH and DoT are different things.
DOT is using port 853
DOH is using 443
Its always problematic to block properly DOH cause its mask as a HTTPs traffic.
ZenArmor block as sy said as an APP control. They basically have a list of all DOH/DOT capable servers and block them based on destination.
DOH in zen is in policies > Security
DOT in zen is in policies > App control > Network management > DNS over TLS (here is as well DOH, for some reason they have it twice)
Regards,
S.
«
Last Edit: July 05, 2024, 05:18:32 pm by Seimus
»
Logged
Networking is love. You may hate it, but in the end, you always come back to it.
OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G -
VM HA(SOON)
N100 - i226-V | Crucial 16G 4800 DDR5 | S 980 500G -
PROD
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Does the ZenArmor DNS over https also block DNS over TLS?