On 10/2/19 8:00 AM, Blason R wrote:
> Hmm that is a good idea to block the DOH queries but what I understood
> is blocking on perimeter level would be more appropriate.

To nullify the abilities of DoH, you can block port TCP/443.

That is pretty much guaranteed to keep DoH from working, but you may
want to test this solution in the lab before you deploy widely.

This method of controlling DoH may have side-effects.

AlanC
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to