Reply to post: Re: not going to work

Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol

Anonymous Coward
Anonymous Coward

Re: not going to work

CloudFlare suggest their DoH offering runs via their standard 1.1.1.1 resolver:

86 ;;; DNS

chain=forward action=accept protocol=udp src-address=<internal subnet for domain-joined PCs>

dst-address=<internal Windows DNS> dst-port=53

87 chain=forward action=accept protocol=udp dst-address=208.67.222.222

dst-port=53

88 chain=forward action=accept protocol=udp dst-address=208.67.220.220

dst-port=53

89 chain=forward action=accept protocol=udp src-address=<Sky boxes>

dst-address=<ISP DNS 1> dst-port=53

90 chain=forward action=accept protocol=udp src-address=<Sky boxes>

dst-address=<ISP DNS 2> dst-port=53

91 chain=forward action=drop protocol=udp dst-port=53

92 chain=forward action=drop protocol=tcp dst-port=853

93 chain=forward action=drop protocol=udp dst-port=853

94 chain=forward action=drop protocol=tcp dst-port=53

95 chain=forward action=drop protocol=tcp dst-address=1.1.1.1 dst-port=443

96 chain=forward action=drop protocol=tcp dst-address=1.0.0.1 dst-port=443

97 chain=forward action=drop protocol=tcp dst-address=8.8.8.8 dst-port=443

98 chain=forward action=drop protocol=tcp dst-address=8.8.4.4 dst-port=443

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020