top | item 19260702

(no title)

sudo-i | 7 years ago

TLS it seems it actually uses port 853 (which I didn't know). https://tools.ietf.org/html/rfc7858

So I guess in theory you can block that port outbound to all hosts to handle TLS's use case.

HTTPS is tougher, but just block all traffic to those hostnames with a DNS blacklist.

discuss

jlgaddis|7 years ago

That's DNS-over-TLS which, while similar, is something completely different than DNS-over-HTTPS (DoH).

DoH does, in fact, use 443/TCP, just like regular HTTPS traffic.