Have you considered just blocking outgoing on port 53 on your network? There are... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		codecasaurus on May 20, 2020 \| parent \| context \| favorite \| on: Google rolls out DNS-over-HTTPS support in Chrome ... Have you considered just blocking outgoing on port 53 on your network? There are a few too many devices out there that have hardcoded DNS and don't respect the resolver communicated to it. (Chromecast is an easy example.)

foodscraps on May 20, 2020 [–]

Yes, 53 is allowed only to pihole and dropped everywhere else. I just blocked 853 on each pfsense interface. I will see how it acts when I get off work.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact