Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 7 subscribers
  • Views 11085 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Chrome own DNS resolution

Jaime Blanco

Hi,

I have been researching latest Chrome development and it now has different mechanisms of resolving DNS queries, including DNS over HTTPS direct to Google servers and bypassing local DNS settings.

Is there a way to block it?

 

Some references:

www.reddit.com/.../

https://www.xda-developers.com/fix-dns-ad-blocker-chrome/

discourse.pi-hole.net/.../9500

 

Any thoughts on this?

Thanks.

Jaime



This thread was automatically locked due to age.
Parents
  • 0

    Had not heard this.

    Another reason to use HTTPS inspection, which insures that DNS resolution occurs at UTM.

  • 0 in reply to DouglasFoster

    Thanks!

    How HTTPS inspection would avoid DNS over HTTPS?

    Cheers.

    Jaime

  • 0 in reply to Jaime Blanco

    You cant block DNS if it allowed for all. If UTM is primary DNS server, maybe you can define a fake one

  • 0 in reply to Jaime Blanco

    I was actually thinking Standard Mode Web Proxy, because the browser is supposed to ask UTM to fetch the URL, and the URL-to-DNS lookup is done by UTM.  It would probably have to be combined with HTTPS inspection, since without decrypt-and-scan, UTM loses visibility to what is happening inside the tunnel (and Google uses https for everything they do.)

    But I also scanned the latest Chrome Group Policy settings, and there is a flag for

    BuiltInDnsClientEnabled (0=Disabled, 1=Enabled)

    I hope this has an equivalent effect as command line --disable-async-dns, but have not proved it yet.

    I read some posts which said that it was configurable from the flags page in some versions of Chrome, but I do not see a setting like that on the flags page of my current version.  So it appears that Chrome is making it harder and harder to disable this feature.   Must be good money in it for them.

Reply
  • 0 in reply to Jaime Blanco

    I was actually thinking Standard Mode Web Proxy, because the browser is supposed to ask UTM to fetch the URL, and the URL-to-DNS lookup is done by UTM.  It would probably have to be combined with HTTPS inspection, since without decrypt-and-scan, UTM loses visibility to what is happening inside the tunnel (and Google uses https for everything they do.)

    But I also scanned the latest Chrome Group Policy settings, and there is a flag for

    BuiltInDnsClientEnabled (0=Disabled, 1=Enabled)

    I hope this has an equivalent effect as command line --disable-async-dns, but have not proved it yet.

    I read some posts which said that it was configurable from the flags page in some versions of Chrome, but I do not see a setting like that on the flags page of my current version.  So it appears that Chrome is making it harder and harder to disable this feature.   Must be good money in it for them.

Children
No Data
Unfiltered HTML