Meraki

Community

DNS over HTTPS

remixedcat
Getting noticed
‎Nov 20 2020 12:17 AM
‎Nov 20 2020 12:17 AM

DNS over HTTPS

I just read this: https://www.zdnet.com/article/fearing-drama-mozilla-opens-public-consultation-before-worldwide-firef... 

 

And I want to know if the MX will still be as secure and this won't bypass any policies I have configured on the MX (layer 7, hostname, geoip blocks, AMP,etc) ??

 

Will this render the MX useless for this??

0 Kudos
6 Replies 6
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Nov 20 2020 1:16 AM
‎Nov 20 2020 1:16 AM

DoH will definitely affect some of the features mentioned. https://umbrella.cisco.com/blog/doh-dns-over-https-to-block-or-not-to-block perhaps will give you a better idea.

 

If you should decide not to support DoH within your environment, you could simply block access to the systems currently in use: https://support.umbrella.com/hc/en-us/articles/230904088-Preventing-Circumvention-of-Cisco-Umbrella-...

In response to CptnCrnch
remixedcat
Getting noticed
‎Nov 20 2020 4:17 PM
‎Nov 20 2020 4:17 PM

Well this sucks... I ca't change the DNS to umberalle or even google DNS or even manually adding those IPs... My ISP seems to not allow any kind of DNS changes whatsoever. Even locally on each individual computer.

 

Will adding "proxies and other anonimyzers" to content filtering work at all?

0 Kudos
In response to remixedcat
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 21 2020 6:28 PM
‎Nov 21 2020 6:28 PM

>Will adding "proxies and other anonimyzers" to content filtering work at all?

 

I expect it would.

 

DNS over HTTPS is going to breath new life into malware.  It opens up a whole new avenue for distribution.

In response to PhilipDAth
remixedcat
Getting noticed
‎Nov 22 2020 11:43 AM
‎Nov 22 2020 11:43 AM

This is disastrous. 😞

Also ads as well
0 Kudos
In response to remixedcat
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Nov 22 2020 11:54 AM
‎Nov 22 2020 11:54 AM

Every man and their dog owns develops VPNs so why not move into the DNS market as well. 

 

 

 

 

 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to PhilipDAth
Flashback
Here to help
‎Jun 2 2023 4:35 AM
‎Jun 2 2023 4:35 AM

DoH and DoT is now a category that can be chosen on the content filtering page.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.