Hi Blason, depends on what you mean by “DoH”
You can disable the Mozilla automatic bootstrap with RPZ: https://kb.isc.org/docs/using-response-policy-zones-to-disable-mozilla-doh-by-default That’s the most lightweight option. The most heavyweight would be a transparent MITM HTTPS proxy/firewall. Somewhere in between is firewall blocking the well known IP addresses (the post from Daniel), but that mostly blocks the “good guys”. Ondřej -- Ondřej Surý — ISC > On 2 Oct 2019, at 13:24, Blason R <[email protected]> wrote: > > > Hi Folks, > > Wondering if anyone has any clue or defining policies for blocking DoH [DND > Over HTTPS] traffic using bind RPZ feature? > > Does anyone have any use case about it? > > Thanks and Regards, > Blason R > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
