| # Here are some domains I block to interfere with DNS-over-HTTPS, so that my own DNS-based security schemes work. | |
| # If you're going to be doing this, you should probably block all outbound 53, 853, and 5353 on your network, | |
| # except from your own internal DNS resolver (eg. pihole) | |
| # | |
| # Data from https://github.com/curl/curl/wiki/DNS-over-HTTPS | |
| one.one.one.one | |
| canadianshield.cira.ca | |
| doh.dns.sb | |
| dnsforge.de | |
| dns.google | |
| dns.google.com | |
| doh.dns.apple.com | |
| doh.seby.io | |
| dns-nyc.aaflalo.me | |
| dns.aaflalo.me | |
| ibksturm.synology.me | |
| fi.doh.dns.snopyta.org | |
| doh.cleanbrowsing.org | |
| doh.tiarap.org | |
| jp.tiarap.org | |
| doh.powerdns.org | |
| dns.switch.ch | |
| digitale-gesellschaft.ch | |
| resolver-eu.lelux.fi | |
| doh.li | |
| adblock.mydns.network | |
| dns.aa.net.uk | |
| dns.adguard.com | |
| dns-family.adguard.com | |
| dns.containerpi.com | |
| cloudflare-dns.com | |
| mozilla.cloudflare-dns.com | |
| family.cloudflare-dns.com | |
| security.cloudflare-dns.com | |
| doh-de.blahdns.com | |
| doh-fi.blahdns.com | |
| doh-jp.blahdns.com | |
| doh.eastus.pi-dns.com | |
| doh.westus.pi-dns.com | |
| doh.northeu.pi-dns.com | |
| doh.centraleu.pi-dns.com | |
| doh.familyshield.opendns.com | |
| doh.opendns.com | |
| example.doh.blockerdns.com | |
| dns.dns-over-https.com | |
| doh.dnslify.com | |
| doh.xfinity.com | |
| dns.rubyfish.cn | |
| captnemo.in | |
| doh.captnemo.in | |
| jcdns.fun | |
| dns.nextdns.io | |
| doh-2.seby.io | |
| doh.tiar.app | |
| jp.tiar.app | |
| doh.42l.fr | |
| doh.libredns.gr | |
| dns.flatuslifir.is | |
| dns10.quad9.net | |
| dns11.quad9.net | |
| dns9.quad9.net | |
| dns.quad9.net | |
| dohdot.coxlab.net | |
| doh.ffmuc.net | |
| ordns.he.net | |
| doh.armadillodns.net | |
| dns.dnsoverhttps.net | |
| ibuki.cgnat.net | |
| rdns.faelix.net | |
| dns.hostux.net | |
| applied-privacy.net | |
| doh.applied-privacy.net | |
| commons.host | |
| dns.twnic.tw | |
| doh.crypto.sx | |
| odvr.nic.cz |
Not sure if you are still keeping this list updated, but if so, here are some that need to be removed.
The DNS query name does not exist: fi.doh.dns.snopyta.org. [for Block_DOH]
The DNS query name does not exist: adblock.mydns.network. [for Block_DOH]
The DNS query name does not exist: dns.containerpi.com. [for Block_DOH]
The DNS query name does not exist: dns.flatuslifir.is. [for Block_DOH]
The DNS query name does not exist: doh.armadillodns.net. [for Block_DOH]
Thanks. I'll probably review the list of DOH servers soon; for my purposes it doesn't hurt to have these names in my block list, whether or not they're in use.
Nice! Thank you!
Could you please move this to a Git repository so updates can be pulled from a static address.
https://gist.githubusercontent.com/ckuethe/f71185f604be9cde370e702aa179fc2e/raw/ always points to the most current version - just delete the stuff after /raw/ . That trick works best for any gist with a single file
This was really helpful. Thank you.
https://github.com/curl/curl/wiki/DNS-over-HTTPS
List of over 500 DoH domain you can block. A script to scrape all the domains on that list is at the bottom.
Thank you @serendrewpity
How would you use this scrape tool to generate the text file? Can you put this on GIT to make it accessible for us n00bs?
really good. thanks