Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir
Champion
Champion

How to deal with DNS over HTTPS, DNS over TLS, QUIC and PSOM?

There is now a concerted move on part of multiple service providers to offer DNS over HTTPS. Browser vendors are doing it to differentiate their services supposedly addressing privacy issues, (i.e. Google LOL Smiley Happy ) and now, there is an offering of vendor-independent DNS over HTTPS from Cloudflare that could be found at https://1.1.1.1/  

Since not everyone running HTTPS inspection on their gateways or proxies, probability of evasion for categorized traffic is increasing.

Furthermore, presently the DNS group in services is limited to conventional DNS over UDP and DNS over TCP, so event if we are to inspect the HTTPS traffic, there are no guaranties that we can recognize and act on its DNS payload.

I would like to hear your thoughts on this subject as well as on inspection of the proprietary protocols such as QUIC and PSOM. 

30 Replies
Uriel_F
Employee
Employee

Hi,

We've published a script that allows getting the updated Application control package, 

You can get it here: sk165873 

 

Please don't hesitate to contact me if you encounter any issues with this script.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events