More and more browsers use DNS over HTTPS (DoH) or DNS over TLS (DoT) with their own DNS servers for performing remote Domain Name System (DNS) resolution via the HTTPS/TLS protocol. When the client uses these protocols, it can pass the router's Content Security Management functionality because the DNS resolution is encrypted and could not be checked by the router. For better managing the clients' Internet activities, Vigor Router supports the function to block DNS over HTTPS and DNS over TLS protocols since the new firmware version 4.4.0.
1. Enable the Block DoT, Block DoH options via CSM >> DNS Filter >> Advanced Setting. Vigor Router adds the DoH servers that Chrome, Firefox, and Edge use in the Default DoH Servers setting. We can just select the Default DoH Servers option and tick all the default DNS server providers, then Vigor will block all the HTTPS DNS queries to the servers.
2. If another public DoH or DoT server is used, we can add the server via Objects Setting >> String Object.
Then select to enable the Customized DoH Server option.
1. Add the public DoH DNS server domain name into the Keyword object.
2. Add them into a Keyword Group.
3. Add an URL Content Filter profile.
4. Apply the URL Filter profile to Firewall.
Was this helpful?
Sorry about that. Contact Support if you need further assistance, or leave us some comments below to help us improve.