And I want to know if the MX will still be as secure and this won't bypass any policies I have configured on the MX (layer 7, hostname, geoip blocks, AMP,etc) ??
Will this render the MX useless for this??
DoH will definitely affect some of the features mentioned. https://umbrella.cisco.com/blog/doh-dns-over-https-to-block-or-not-to-block perhaps will give you a better idea.
If you should decide not to support DoH within your environment, you could simply block access to the systems currently in use: https://support.umbrella.com/hc/en-us/articles/230904088-Preventing-Circumvention-of-Cisco-Umbrella-...
Well this sucks... I ca't change the DNS to umberalle or even google DNS or even manually adding those IPs... My ISP seems to not allow any kind of DNS changes whatsoever. Even locally on each individual computer.
Will adding "proxies and other anonimyzers" to content filtering work at all?
>Will adding "proxies and other anonimyzers" to content filtering work at all?
I expect it would.
DNS over HTTPS is going to breath new life into malware. It opens up a whole new avenue for distribution.
Every man and their dog owns develops VPNs so why not move into the DNS market as well.