Hacker News new | ask | show | jobs
by kube-system 2240 days ago
I have had good luck simply blocking any outbound port 53 traffic that doesn't come from pihole.

Although with DoH these days, I'm not confident my firewall rule is still doing a good job :(
1 comments
mulmen 2240 days ago
If someone was rude enough to bypass DHCP's suggested DNS is it reasonable to assume they were polite enough to use the standard port?

At this point every device on my network is hostile, default deny outbound is starting to feel like the reasonable starting point.

link