Actions
Feature #13138
open
DNS over HTTPS/TLS Blocking should be removed from SafeSearch
Status:
New
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Description
Currently there is an option for DNS over HTTPS/TLS Blocking located
Firewall --> pfBlockerNG --> DNSBL --> DNSBL SafeSearch
This should be removed and only Feed lists used for blocking DoH instead, for the following reasons:
- The SafeSearch list is static and DoH servers can be added and removed often, and unless a pfSense update is done, the list will not reflect the new changes.
- Feeds can allow faster deployment of DoH server changes
- There is already a DoH section in feeds
- It is a little confusing to have 2 places to do DoH blocking
- Most instructions assume a block list is the way to block DoH
- the 'SafeSearch/DNS over HTTPS/TLS Blocking' utilises the whitelist system to prevent double entries which can be confusing until this is explained
NB: You can convert the current SafeSearch DoH list in to a feed
Updated by Mike Moore over 1 year ago
The block list [if done by IP] offers the option to create an ALIAS which is more flexible then sink holing. I would prefer the feedlist to stay.
Actions