Use a firewall with nat to redirect all dns traffic to a DoT or DoH dns proxy in... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		erinnh on March 20, 2019 \| parent \| context \| favorite \| on: How to take back control of /etc/resolv.conf on Li... Use a firewall with nat to redirect all dns traffic to a DoT or DoH dns proxy in your network. That way you dont have to tunnel all your traffic. (Though technically you could also use the tunnel for only DNS, but its not much easier than the solution above if you want this to apply to all your devices)

isostatic on March 20, 2019 [–]

If they’re intercepting and changing your dns packets, what else are they doing? At the very least you can assume port 80 is unsafe, and should be tunnelled. SNI as a privacy problem too, so forward 443.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact