From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Should we block DoH by default? Date: Wed, 04 Mar 2020 10:58:28 +0000 Message-ID: In-Reply-To: <20200304105645.GA18957@tehanu.it.jyu.fi> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0588880730788715218==" List-Id: --===============0588880730788715218== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, > On 4 Mar 2020, at 10:56, Tapani Tarvainen wro= te: >=20 > On Mar 04 10:11, Michael Tremer (michael.tremer(a)ipfire.org) wrote: >=20 >>>> Regarding external DNS servers, IoT and similar things >>>> come to my mind, which have their resolvers hard-coded in the firmware. >>>=20 >>> Thinking about those, how about an option to *redirect* connections >>> to port 53 of external servers to IPFire rather than rejecting them? >>=20 >> Yes, we could do that for 53 UDP and TCP, but not for 853 obviously. >=20 > Right. But if some IoT thingy relies on a hard-coded DNS-over-TLS > server there's little we can do about it, but redirection could > save the day with those that use good old 53. I would never expect any IoT product to use DNS-over-TLS. > --=20 > Tapani Tarvainen --===============0588880730788715218==--