On 10/2/19 8:00 AM, Blason R wrote: > Hmm that is a good idea to block the DOH queries but what I understood > is blocking on perimeter level would be more appropriate.
To nullify the abilities of DoH, you can block port TCP/443. That is pretty much guaranteed to keep DoH from working, but you may want to test this solution in the lab before you deploy widely. This method of controlling DoH may have side-effects. AlanC _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users