Blocking DoH (DNS over HTTPS) by Vigor Router
More and more browsers use DNS over HTTPS (DoH) or DNS over TLS (DoT) with their own DNS servers for performing remote Domain Name System (DNS) resolution via the HTTPS/TLS protocol. When the client uses these protocols, it can pass the router's Content Security Management functionality because the DNS resolution is encrypted and could not be checked by the router. For better managing the clients' Internet activities, Vigor Router supports the function to block DNS over HTTPS and DNS over TLS protocols since the new firmware version 4.4.0.
Vigor Router Setup
1. Enable the Block DoT, Block DoH options via CSM >> DNS Filter >> Advanced Setting. Vigor Router adds the DoH servers that Chrome, Firefox, and Edge use in the Default DoH Servers setting. We can just select the Default DoH Servers option and tick all the default DNS server providers, then Vigor will block all the HTTPS DNS queries to the servers.
2. If another public DoH or DoT server is used, we can add the server via Objects Setting >> String Object.
Then select to enable the Customized DoH Server option.
For the older models , we could block DoT/DoH with the setup below:
1. Add the public DoH DNS server domain name into the Keyword object.
- Google: dns.google
- Cloudflare: cloudflare-dns.com
- OpenDNS: doh.opendns.com
- NextDNS: dns.nextdns.io
- Quad9: dns.quad9.net
- CleanBrowsing: doh.cleanbrowsing.org
2. Add them into a Keyword Group.
3. Add an URL Content Filter profile.
4. Apply the URL Filter profile to Firewall.
Published On:2022-09-07
Was this helpful?