You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying everything I can to keep DoH / DoT / DoQ out of my network.
I've already published several methods to achieve this, my manual here, my suricata rules here, daily updated.
Now looking into the data, returned by an SVCB DNS query.
initial discussion (pi-hole forum) here
question on the suricata forum here
TLDR; My opinion, SVCB data can be used by “rogue” applications to bypass the system configured DNS server, therefore, I would like to add a suricata rule that blocks SVCB (type 64) DNS queries.
The question, given wireshark is able to identify type 64 queries, how would suricata be able to block / reject these DNS queries
Thanks for your time and effort.
The text was updated successfully, but these errors were encountered:
not an issue, just an attempt to get help.
I'm trying everything I can to keep DoH / DoT / DoQ out of my network.
I've already published several methods to achieve this, my manual here, my suricata rules here, daily updated.
Now looking into the data, returned by an SVCB DNS query.
initial discussion (pi-hole forum) here
question on the suricata forum here
TLDR; My opinion, SVCB data can be used by “rogue” applications to bypass the system configured DNS server, therefore, I would like to add a suricata rule that blocks SVCB (type 64) DNS queries.
The question, given wireshark is able to identify type 64 queries, how would suricata be able to block / reject these DNS queries
Thanks for your time and effort.
The text was updated successfully, but these errors were encountered: