• Saik0@lemmy.saik0.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 month ago

    Block all port 53 traffic from your network outside of your DNS server/pihole itself.
    Block all known DoH servers.

    If you want to get REALLY fancy you can write a NAT rule that will force any outgoing request on port 53 to route to your dns/pihole.

    I do all of this. It’s actually funny to see the requests that were hardcoded to go somewhere. Giant fuck you to those companies.

      • Saik0@lemmy.saik0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        Yes. But there are lists of well known IPs that are serving DoH. So you can just block those. Obviously blocking 443 is not a good idea.

        • Goun@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          Damn, never digged into that I thought blocking the DNS port would be enough, thanks for the information.