On 29/02/20 2:26 am, Andrea Venturoli wrote:
In some corporate environment it might be desiderable to have all
clients use the internal DNS.
This is easily done with firewalls until DNS-over-HTTP comes into play.
How does Squid deals with this?
How to block it?
On 29.02.20 22:19, Amos Jeffries wrote:
With ACL that identify the relevant messages:
acl dns-query-url urlpath_regex ^/dns-query\??
acl dns-req-message req_header Content-Type ^application/dns-message$
acl doh_request any-of dns-query-url dns-req-message
acl doh_reply rep_header Content-Type ^application/dns-message$
I guess DoH means dns over https and thus needs sslbump enabled. the easy
but limited way would be to disable connections to publicly available DoH
servers.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet organization.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
