undefined | Better HN

0 pointsvetinari5y ago0 comments

You can also DNAT all port 53 traffic to your resolver. Devices will think they are talking to 8.8.8.8 or whatever, but in reality they will ask your resolver and your filtering will apply.

Your filtering can still break these devices.

0 comments

Spivak5y ago

This only works as long as DNS is both unauthenticated and unencrypted.

vetinariOP5y ago

Which, at port 53, it is.

Obviously, it would work with DoT (853) only with cert verification disabled.

j / k navigate · click thread line to collapse

0 comments

Spivak5y ago

This only works as long as DNS is both unauthenticated and unencrypted.

vetinariOP5y ago

Which, at port 53, it is.

Obviously, it would work with DoT (853) only with cert verification disabled.

j / k navigate · click thread line to collapse