[pbronez]

I wonder if this protocol could provide any relief to network admins trying to protect themselves from aggressive Smart TVs and other IoT devices that use DNS over HTTPS to avoid local DNS blocks. I suspect not, since anything designed to protect against ISP snooping should be available to device manufacturers to protect against local admin snooping.

[skissane]

I guess the only solution is to run your own MITM TLS proxy, and hope that the Smart TV or IoT device lets you install your own root certificate. (Which it quite possibly won't without jailbreaking... and even if it does, it probably isn't documented how to do it)

[unixhero]

This needs a fix

[michaelmior]

Why is protection necessary from these devices?

[p00f]

You can't use a PiHole, for example

[jsjohnst]

Depends on your firewall, but yes you can (assuming your goal is to block those queries)

[eddyg]

Which firewalls let you block DNS over HTTPS? (Without resorting to blocking random IP addresses from some list that constantly needs updating.)

[jsjohnst]

pfSense - it only blocks known DNS over HTTPS servers, but generally all “smart” devices that use it use the publicly available servers. I log and periodically check TCP flow metadata, so I could identify new ones later.

[stephenr]

Seems like a pretty simple solution. Don’t connect the tv to the internet.