|
|
|
|
|
|
by poitrus
2399 days ago
|
|
|
Oh sorry. We have developed a custom DNS solution that sites in front of unbound. We only use unbound for standard recursion and caching, all custom configuration management is operated in this home made DNS proxy. For trackers to use DoH, they could certainly perform XHR requests to resolve a domain, but they won't be able to use it to perform a request from the browser. You may use http://<ip> instead of http://<domain>, but this has two issues: 1. You won't be able to use virtual hosting (the Host header is gone), and thus you need one IP per "service", which is doable but harder, more custom and more expensive. 2. You won't be able to use HTTPS, except with an expensive certificate that is somewhat harder to setup. As most websites are HTTPS now, a non HTTPS tracker would rase mixed content errors. Not to mention that this IP would quickly be blocked by browser based ad blockers, and IPs are harder than domains to change. And all this is doable without DoH, you just embed the IP the ad library embedded by the site. |
|
|
I guess, XHR aside, mobile or desktop apps making DoH requests (to https://ipaddress) is something that can't be blocked by DNS based ad-blockers? A firewall might do the trick.