The best thing to do is to disable the whole thing, at the network level.
Or on every Firefox, in network.trr.mode=5
How sending all of my DNS data by default to cloudflare is good for privacy
is beyond me.
On Tue, Mar 10, 2020 at 12:33 PM Jay Wren (jawren) <jawren(a)cisco.com> wrote:
AFAIK, there isn't anything zeek can do to peek
into those dns over https
requests because it is encrypted in a TLS session. I suppose something
could be updated with a list of known DNS over HTTPS providers and traffic
to those IP addresses somehow flagged as such.
I don't trust the DNS over HTTPS providers any more than I trust my own
DNS servers and so I've blocked them on my network.
*From:* zeek-bounces(a)zeek.org <zeek-bounces(a)zeek.org> on behalf of Mitra,
*Sent:* Tuesday, March 10, 2020 10:47 AM
*To:* zeek(a)zeek.org <zeek(a)zeek.org>
*Subject:* [Zeek] DNS
Now that firefox has adopted dns over https will this require changes to
the zeek dns and http modules?
IT Network Systems Administrator
The Pas Campus
Zeek mailing list