|
|
|
|
|
|
by jannes
2012 days ago
|
|
|
Wait, how do you block DoH without blocking other HTTPS traffic? Do you have to block every known DoH server? Looking at Google's DoH certificate they list quite a few hostnames and IPs as Subject Alt Names: dns.google
*.dns.google.com
8888.google
dns.google.com
dns64.dns.google
2001:4860:4860::64
2001:4860:4860::6464
2001:4860:4860::8844
2001:4860:4860::8888
8.8.4.4
8.8.8.8
Issued by Google Trust Services... |
|
|