Create a Post
Showing results for 
Search instead for 
Did you mean: 

How to deal with DNS over HTTPS, DNS over TLS, QUIC and PSOM?

There is now a concerted move on part of multiple service providers to offer DNS over HTTPS. Browser vendors are doing it to differentiate their services supposedly addressing privacy issues, (i.e. Google LOL Smiley Happy ) and now, there is an offering of vendor-independent DNS over HTTPS from Cloudflare that could be found at  

Since not everyone running HTTPS inspection on their gateways or proxies, probability of evasion for categorized traffic is increasing.

Furthermore, presently the DNS group in services is limited to conventional DNS over UDP and DNS over TCP, so event if we are to inspect the HTTPS traffic, there are no guaranties that we can recognize and act on its DNS payload.

I would like to hear your thoughts on this subject as well as on inspection of the proprietary protocols such as QUIC and PSOM. 

30 Replies


We've published a script that allows getting the updated Application control package, 

You can get it here: sk165873 


Please don't hesitate to contact me if you encounter any issues with this script.