DNS over HTTPS

Follow

Jim Regler

• September 11, 2019 13:46

With this coming rapidly what's the plan for blocking this traffic?

0

• 

  Firewalla

  • September 11, 2019 15:53

  This definitely will be an issue to network layer control, especially a problem for classification.   Blocking this should not be too hard, and we also likely to add an additional service to divert DNS to over HTTPS (after classification is done)

  1

  Comment actions Permalink
• 

  Wacey

  • November 13, 2019 16:20

  Any updates on what currently happens with DoH traffic? What features do we lose?

  I found a couple articles about DNS over HTTPS through pi-hole and I see it's possible to install pi-hole on the Firewalla but haven't looked at the downsides of this.

  https://docs.pi-hole.net/guides/dns-over-https/

  https://visibilityspots.org/dockerized-cloudflared-pi-hole.html

  0

  Comment actions Permalink
• 

  Firewalla

  • November 13, 2019 18:56

  We should be able to make DNS over HTTPS available for sure.  So you should have it natively.   Will do a facebook poll and see if people care about it. 

  1

  Comment actions Permalink
• 

  Firewalla

  • November 15, 2019 00:32

  BTW, we did a poll on Facebook, so very likely we will be integrating DNS over HTTPS on firewalla very soon.  Thank you for bring up the feature

  0

  Comment actions Permalink
• 

  audiofreak39

  • November 16, 2019 05:51

  Can you also consider integrating DNS over TLS on Firewalla as well? I would prefer that protocol instead. Thank you!

  0

  Comment actions Permalink
• 

  Firewalla

  • November 16, 2019 06:07

  There are three of them, DNSCrypt, DNS Over TLS, DNS over HTTPS.   And who we pick ... not sure yet :)

  0

  Comment actions Permalink
• 

  Braedach

  • December 09, 2019 07:40

  Would DNS over DOT or DOH protect against DNS Poisoning attacks.  Microsoft Windows currently doesn't have either natively (in planning apparently), Android 9 and above does.  Pretty sure Linux doesn't either without reconfiguration, not sure on IOS.

  Since this product is aimed at home users and small business, with the Gold product aimed at medium size business wouldn't this be a good idea.

  All i know is that using Google DNS or Cloudflare doesnt guarantee you are protected from such an attack (I found this out Friday two days after installing my Blue.

  0

  Comment actions Permalink
• 

  Firewalla

  • March 09, 2020 18:51

  DOH is out ... https://help.firewalla.com/hc/en-us/articles/360038449734-DNS-over-HTTPS-beta-

  DoH should protect you from the man in the middle (such as firewalla) from changing DNS. 

  0

  Comment actions Permalink
• 

  Michael Bierman

  • April 23, 2020 03:42

  Does Firewalla’s DOH work for upstream DNS if you run pi-hole on firewalla?

  0

  Comment actions Permalink
• 

  Firewalla

  • April 24, 2020 07:15

  if the flow is

  Firewalla --> Pihole --> [upstream]

  Here it doesn't matter where pihole is at, when DOH is on, it will be like

  Firewalla --> [DOH upstream]

  Pi-hole is a DNS server; when DOH is active, it just won't see the traffic. 

   

  0

  Comment actions Permalink
• 

  Michael Bierman

  • April 25, 2020 23:36

  That makes sense. Is it possible to do 
  Pihole -->  Firewalla --> [upstream]
  
  so that pihole can see what it needs to and request un blacklisted lookups from Firewalla which can do DoH and DNS caching?
  
  Or am I still confused?

  0

  Comment actions Permalink
• 

  Firewalla

  • April 26, 2020 00:44

  Most people we know if they run pi-hole on a raspberry pi, it will work this way.    We are not sure when pihole is installed on firewalla, that depends on how the dns port is exposed. 

  1

  Comment actions Permalink

Please sign in to leave a comment.