DNS over HTTPS

remixedcat
Here to help

DNS over HTTPS

I just read this: https://www.zdnet.com/article/fearing-drama-mozilla-opens-public-consultation-before-worldwide-firef... 

 

And I want to know if the MX will still be as secure and this won't bypass any policies I have configured on the MX (layer 7, hostname, geoip blocks, AMP,etc) ??

 

Will this render the MX useless for this??

5 REPLIES 5
CptnCrnch
Kind of a big deal

Re: DNS over HTTPS

DoH will definitely affect some of the features mentioned. https://umbrella.cisco.com/blog/doh-dns-over-https-to-block-or-not-to-block perhaps will give you a better idea.

 

If you should decide not to support DoH within your environment, you could simply block access to the systems currently in use: https://support.umbrella.com/hc/en-us/articles/230904088-Preventing-Circumvention-of-Cisco-Umbrella-...

remixedcat
Here to help

Re: DNS over HTTPS

Well this sucks... I ca't change the DNS to umberalle or even google DNS or even manually adding those IPs... My ISP seems to not allow any kind of DNS changes whatsoever. Even locally on each individual computer.

 

Will adding "proxies and other anonimyzers" to content filtering work at all?

PhilipDAth
Kind of a big deal

Re: DNS over HTTPS

>Will adding "proxies and other anonimyzers" to content filtering work at all?

 

I expect it would.

 

DNS over HTTPS is going to breath new life into malware.  It opens up a whole new avenue for distribution.

remixedcat
Here to help

Re: DNS over HTTPS

This is disastrous. 😞

Also ads as well
BlakeRichardson
Kind of a big deal

Re: DNS over HTTPS

Every man and their dog owns develops VPNs so why not move into the DNS market as well. 

 

 

 

 

 

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.