This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Chrome own DNS resolution

Hi,

I have been researching latest Chrome development and it now has different mechanisms of resolving DNS queries, including DNS over HTTPS direct to Google servers and bypassing local DNS settings.

Is there a way to block it?

 

Some references:

www.reddit.com/.../

https://www.xda-developers.com/fix-dns-ad-blocker-chrome/

discourse.pi-hole.net/.../9500

 

Any thoughts on this?

Thanks.

Jaime



This thread was automatically locked due to age.
Parents Reply Children
  • Thanks!

    How HTTPS inspection would avoid DNS over HTTPS?

    Cheers.

    Jaime

  • You cant block DNS if it allowed for all. If UTM is primary DNS server, maybe you can define a fake one

  • I was actually thinking Standard Mode Web Proxy, because the browser is supposed to ask UTM to fetch the URL, and the URL-to-DNS lookup is done by UTM.  It would probably have to be combined with HTTPS inspection, since without decrypt-and-scan, UTM loses visibility to what is happening inside the tunnel (and Google uses https for everything they do.)

    But I also scanned the latest Chrome Group Policy settings, and there is a flag for

    BuiltInDnsClientEnabled (0=Disabled, 1=Enabled)

    I hope this has an equivalent effect as command line --disable-async-dns, but have not proved it yet.

    I read some posts which said that it was configurable from the flags page in some versions of Chrome, but I do not see a setting like that on the flags page of my current version.  So it appears that Chrome is making it harder and harder to disable this feature.   Must be good money in it for them.