this post was submitted on 07 Mar 2024
597 points (96.9% liked)
linuxmemes
20912 readers
2549 users here now
I use Arch btw
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules
- Follow the site-wide rules and code of conduct
- Be civil
- Post Linux-related content
- No recent reposts
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
We don't even have Firefox at work.
Only options are Edge and Chrome.
Blame their DoH for killing FF deployment in the enterprise. Companies don't like not being in charge of their DNS traffic. DoT is better from corporate POV as that can all be blocked or redirected based on the port, not so much DoH which uses the same port as normal web traffic.
Those are definitely acronyms.
Wait, are you saying there's a way to tell Firefox to use a different DNS server than what's specified in the interface configuration?
BTW, thank you for the explanation, makes sense now!
Exactly that. And it looks just like any other web traffic.
Quite a few things will use their own DNS servers, not the one specified by the system or handed out over DHCP. I know many apps on the fire stick and Roku devices do this. So you have to intercept their traffic and redirect it to control it. If their using DoH then you can't do that and your pihole is useless against them.
Best you can do is maintain a list of well known DoH servers and block them outright. But that's a constantly moving losing battle.
Right, it just downed on me that DNS is nothing more than another application layer in the OSI model. Thanks again!
Nah, companies can just disable DOH if they want using GPOs.
https://github.com/mozilla/policy-templates/blob/v5.8/docs/index.md