You run a DoH or DoT proxy on your edge device or a caching resolver that suppor... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tristor on Nov 29, 2022 | parent | context | favorite | on: An extensive tutorial on how to setup a Pi-Hole

You run a DoH or DoT proxy on your edge device or a caching resolver that supports DoH on your edge device, serve DNS from the edge device over DHCP and block outbound DNS from other devices on the network at the firewall. Doesn’t fix evil Google devices that intentionally use DoH to bypass DNS blocking, but there are ways (more complicated, unfortunately) to fix that too.

stock_toaster on Nov 30, 2022 [–]

I use unbound as my edge resolver, and you can use this to help prevent _some_ rogue DoH clients

  # nx domain for disabling firefox DoH, so we can still get adblocking
  # https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet
  local-zone: "use-application-dns.net" always_nxdomain

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact