Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have blocked 1.1.1.1 and 8.8.8.8 and noticed some devices behave very badly, often crashing or restarting. Debugging the issue, once I removed the firewall rule they behaved normally. Almost all of the affected devices were google related, Android TV for example.


You can also DNAT all port 53 traffic to your resolver. Devices will think they are talking to 8.8.8.8 or whatever, but in reality they will ask your resolver and your filtering will apply.

Your filtering can still break these devices.


This only works as long as DNS is both unauthenticated and unencrypted.


Which, at port 53, it is.

Obviously, it would work with DoT (853) only with cert verification disabled.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: