Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

DNS over HTTPS (DOH) cause misunderstanding info

Enzino78Enzino78 Enthusiast ✭✭
in Entry Level Firewalls

Hello Community,

I have noticed a traffic marked Hacking/Proxy Avoidance Systems for sessions directed to chrome.cloudflare-dns.com and I was identified it caused by the DOH setting that is default in chrome browser.

Have you any clue on this fact? Is it correct to looking for a workaround?


Thanks

Category: Entry Level Firewalls
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Enzino78 that is very interessting, but the current DoH situation on SNWL goes IMHO a bit deeper. I guess the DoH was enabled manually on Chrome by checking Secure DNS lookups?

    The CFS categorization is incorrect, that we can say for sure.

    But DoH (if not addressed properly by SNWL) will cause more problems, like FQDN wildcard lookups will not work any longer, because the Firewall cannot intercept the DNS requests anymore.

    There is a clear demand for DoH and might be resolved on DNS proxy level, accept old-school DNS from the network behind the firewall and translate into DoH or DoT on the way out. This would make FQDN lookups possible, DNS Security would still work etc.

    I will not even think about having DPI-SSL involved in DoH.

    As usual, just my € .02

    --Michael@BWC

Sign In or Register to comment.