DNS over TLS

RE: DNS over TLS

Vivek Jagad — Mon, 18 Nov 2024 08:11:55 GMT

Hi MikeyS ,

Additionally, you can refer:

> DNS over HTTPS (DoH) for web security
> DNS over TLS / HTTPS with TLS Inspection - Discussions - Sophos Firewall - Sophos Community

RE: DNS over TLS

LuCar Toni — Sun, 17 Nov 2024 18:45:57 GMT

Sophos is following up with DoT in Sophos DNS Protection as well.
Something we are keen to implemented.

Sophos DNS Protection

Does the DNS Protection support DNS over TLS and DNS over HTTPS?

DNS Protection is only available for business customer - not for Home, as the home license is excluded from the licensing system.
This may change in the future.

To be honest - Most home users have other techniques running anyway: So business customers using techniques like Sophos DNS, while home customers running PiHole or other systems, made it not to the priority number 1 on the firewall roadmap - but on the DNS protection roadmap.

RE: DNS over TLS

alan weir — Sun, 17 Nov 2024 02:43:09 GMT

I asked about this a while ago also. I don't think DNS over TLS or even DNS over HTTPS is on the roadmap. It seems it's due to Sophos having their own DNS service which requires a subscription. It is a shame, because it wouldn't be that difficult to do, because DoT, DoH, STUN, and Quic DNS are becoming the standard to replace insecure DNS that is susceptible to DNS highjacking and ISP snooping.

I got around this by using Pi-Hole as my DNS server and set up secure DNS using Unbound with DNScrypt. Maybe you can consider a network-wide DNS server and filter like a Raspberry PI running Unbound or AdGuard Home and establish a DNS over TLS connection from that to wherever DNS resolver you want.

RE: DNS over TLS

RickWeiss — Fri, 15 Nov 2024 20:27:54 GMT

Sophos has demonstrated no interest in DNS over TLS or HTTPS. I honestly don't understand why when other firewall vendors have offered that for a long time. I personally got around that with a Linux server running Bind 9. Don't wait for Sophos.