Hi Blason, depends on what you mean by “DoH”
You can disable the Mozilla automatic bootstrap with RPZ: https://kb.isc.org/docs/using-response-policy-zones-to-disable-mozilla-doh-by-default That’s the most lightweight option. The most heavyweight would be a transparent MITM HTTPS proxy/firewall. Somewhere in between is firewall blocking the well known IP addresses (the post from Daniel), but that mostly blocks the “good guys”. Ondřej -- Ondřej Surý — ISC > On 2 Oct 2019, at 13:24, Blason R <blaso...@gmail.com> wrote: > > > Hi Folks, > > Wondering if anyone has any clue or defining policies for blocking DoH [DND > Over HTTPS] traffic using bind RPZ feature? > > Does anyone have any use case about it? > > Thanks and Regards, > Blason R > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
