Re: Interesting
> So what happens when the Chromecasts are updated to use DoH, meaning direct requests to Google can't be intercepted without a secure proxy setup
At that point, you're probably left with three choices:
* Accept it and go on with your life
* Get rid of the Chromecast (though over time, the trashpile will grow as more stuff supports it)
* Implement HTTPS interception and find a way to load your CA onto all manner of things
Actually, no. There may be a fourth option.
The DoH implementations I've seen so far use a hostname instead of an IP address for the resolver. That's obviously going to need to be looked up using traditional DNS.
So if the chromecast is using dns.google.com, blackhole that in your DNS and *hopefully* the thing will just fall back to using ordinary DNS as before.
No guarantee it'd work (I haven't tested), but it would certainly be the simplest solution
Biting the hand that feeds IT
