Hi!
I want create some rules about blocking DoH-dns-server with iptables.
Is this right?
iptables -A INPUT -s 1.0.0.1 -j DROP
iptables -A INPUT -s 9.9.9.9 -j DROP
etc.
or?
iptables -A OUTPUT -s 1.0.0.1 -j DROP
iptables -A OUTPUT -s 9.9.9.9 -j DROP
ugnvs
14 August 2019 16:40
2
Hello,
Frankly, I'm very puzzled with your question.
Let me explain myself: I am completely unaware whether Ubuntu Mate has any DoH resolver installed (and configured) by default and whether there are some packages which silently use embedded DoH resolver under their hood. Hence, the reasoning: before you need to block DoH servers you need to have a DoH client as a prerequisite.
Could you share some detail regarding DoH client in question, please?
Anyway,
command-line, iptables
may help.
ugnvs
14 August 2019 16:49
3
By the way, Ubuntu Mate has pre-installed package 'ufw' which greatly simplifies netfilter configuration. See also
I use pi-hole, dnscrypt with dnssec and without DoH-dns-servers.
I want block these DoH-dns servers with iptables:
adguard.com
104.20.31.130
104.20.30.130
cdn.cloudflare.net
cloudflare-dns.com
dns.cloudflare.com
ian.ns.cloudflare.com
kim.ns.cloudflare.com
ns1.cloudflare-dns.com
ns2.cloudflare-dns.com
ns3.cloudflare-dns.com
todd.ns.cloudflare.com
173.245.59.118
104.16.249.249
104.16.248.249
1.1.1.1
1.0.0.1
ns0.comododns.com
ns1.comododns.com
ns0.comododns.net
ns1.comododns.net
8.26.56.26
8.20.247.20
commons.host
139.162.131.245
dns.aaflalo.me
176.56.236.175
dns.adguard.com
176.103.130.131
176.103.130.130
dns-family.adguard.com
176.103.130.134
176.103.130.132
dns.google
8.8.8.8
8.8.4.4
dns.quad9.net
dns9.quad9.net
dns10.quad9.net
149.112.112.112
149.112.112.11
149.112.112.10
149.112.112.9
9.9.9.11
9.9.9.10
9.9.9.9
dns.dns-over-https.com
45.77.124.64
45.32.253.116
dns.dnsoverhttps.net
104.236.178.232
dns-gcp.aaflalo.me
168.235.81.167
dns.nextdns.io
45.90.30.0
45.90.28.0
dns.rubyfish.cn
118.89.110.78
47.96.179.163
doh.armadillodns.net
206.189.215.75
doh.appliedprivacy.net
37.252.185.229
doh.captnemo.in
139.59.48.222
doh-ch.blahdns.com
104.19.199.29
104.19.198.29
doh.cleanbrowsing.org
185.228.168.168
185.228.168.10
doh.crypto.sx
104.28.1.106
104.28.0.106
doh.dns.sb
172.64.203.17
172.64.202.17
doh.dnswarden.com
116.203.70.156
116.203.35.255
doh-jp.blahdns.com
108.61.201.119
doh.li
46.101.66.244
doh.netweaver.uk
185.157.233.92
doh.powerdns.org
136.144.215.158
doh.securedns.eu
146.185.167.43
doh.tiar.app
174.138.29.175
jp.tiar.app
172.104.93.80
ns1.Level3.net
ns2.Level3.net
4.2.2.2
4.2.2.1
opendns.com
208.67.222.222
208.67.220.220
rdns.faelix.net
185.134.197.54
185.134.196.54
46.227.200.55
46.227.200.54
I don't want use DoH-dns-servers because of bad dns-security.
1 Like