zlacker

[parent] [thread] 2 comments
1. callam+(OP)[view] [source] 2021-12-16 22:09:09
Just setup pihole - you can run it on any server and use it as a local dns server. Probably somebody else has done the work to list these spammy domains.
replies(1): >>paulry+H5
2. paulry+H5[view] [source] 2021-12-16 22:46:15
>>callam+(OP)
What about DNS over HTTPS?
replies(1): >>zamada+iH
◧◩
3. zamada+iH[view] [source] [discussion] 2021-12-17 03:31:46
>>paulry+H5
If you just want FF to not use it you can block "use-application-dns.net" which acts as a canary domain for it to disable DoH.

If you want to block it from things you don't trust to have such methods (or always listen to them) you'll have to upgrade to a firewall that can filter outbound connections to IPs the client hasn't received a DNS response for or require use of an explicit HTTP proxy for outbound connectivity.

Just blocking DNS can be a good middle ground for reasonable effectiveness without as much effort.

[go to top]