|
|
|
|
|
|
by LinuxBender
1118 days ago
|
|
|
I have physical access to the devices and I can also see every device that is registered in DHCP making queries to Unbound. Unless a specific application is leaking requests to 443 I can say with certainty that they are using my DNS server. People on my network appreciate the ad blocking and I would hear about it if that stopped working. [Edit] I should also add that I do not block VPN's. If someone wants to manually bypass my DNS they can do so with a VPN client. Perhaps some day all the browsers will start creating VPN tunnels to random CDN's on 443. |
|
|
> I block DoH/DoT quite successfully on my network
How do you block encrypted traffic that’s mixed in with normal HTTPS? I get that you can block the well known IPs, but that’s only a partial solution.