Virtually every router on the Internet has the built-in capability to block DoT ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on Feb 25, 2020 \| parent \| context \| favorite \| on: Mozilla’s DNS over HTTPs Virtually every router on the Internet has the built-in capability to block DoT with a single configuration change, but you can attempt to create a blacklist of DoH resolvers to try to stop that, so they're totally equivalent. That's the argument you've got.

vetinari on Feb 25, 2020 [–]

Not quite.

Nothing prevents Google or Cloudflare to run DoH on the same IPs as their user-facing services. Unless you are willing to block Search, for example, you might be SOL without TLS-terminating proxy.

tptacek on Feb 25, 2020 | [–]

Yes, sorry if I wasn't clear, I think the idea that DoH is just as filterable as DoT is silly.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact