It's a big concern. I can block DNS on my network (except for pihole), but I can... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		everdrive on May 30, 2019 \| parent \| context \| favorite \| on: Pi-hole: A black hole for Internet advertisements It's a big concern. I can block DNS on my network (except for pihole), but I can't block QUIC, and certainly not HTTPS or TLS. If I know about an IP ahead of time, I can block those, but who's to guarantee that Google or any other nefarious service would always use a well known IP for DoH?

uponcoffee on May 30, 2019 [–]

How would devices use the obscure DoH IPs, there would have to be a method to update/lookup said IPs. That same method could be used to keep an up to date block list.

Alternatively, the traffic could be subject to heuristics to identify DoH connections.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact