Project

General

Profile

Actions

Feature #13138

open

DNS over HTTPS/TLS Blocking should be removed from SafeSearch

Added by Jon Brown almost 2 years ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Currently there is an option for DNS over HTTPS/TLS Blocking located

Firewall --> pfBlockerNG --> DNSBL --> DNSBL SafeSearch

This should be removed and only Feed lists used for blocking DoH instead, for the following reasons:

  • The SafeSearch list is static and DoH servers can be added and removed often, and unless a pfSense update is done, the list will not reflect the new changes.
  • Feeds can allow faster deployment of DoH server changes
  • There is already a DoH section in feeds
  • It is a little confusing to have 2 places to do DoH blocking
  • Most instructions assume a block list is the way to block DoH
  • the 'SafeSearch/DNS over HTTPS/TLS Blocking' utilises the whitelist system to prevent double entries which can be confusing until this is explained

NB: You can convert the current SafeSearch DoH list in to a feed

Actions #1

Updated by Mike Moore 7 months ago

The block list [if done by IP] offers the option to create an ALIAS which is more flexible then sink holing. I would prefer the feedlist to stay.

Actions

Also available in: Atom PDF