Closed mvevitsis closed 1 month ago
To ensure the bootstrap is your DNS server you must redirect or block standard DNS outbound (TCP/UDP 53) and block all DNS over TLS (TCP 853) outbound.
Wouldn't it be best to block UDP for 853 as well (DoQ)?
Yes, that's missing from the text.
Also might want a warning with the DoH IP blocklist that quad9 can use port 5053 instead of 443.
fixed in next release
To ensure the bootstrap is your DNS server you must redirect or block standard DNS outbound (TCP/UDP 53) and block all DNS over TLS (TCP 853) outbound.
Wouldn't it be best to block UDP for 853 as well (DoQ)?