Looking for dohservers.txt?

As soon as the idiocy known as DNS over HTTPS (DoH) first appeared, I was one of the first to warn how this was a fundamentally bad idea. It breaks the widely used DNS based controls that individuals, families and business have deployed in recent years to restrict access to malicious and unwanted (porn, social media, etc) domains by allowing a user with a DoH enabled browser to bypass these security measures entirely.

As a result, I was also one of the first to develop a blocklist that could be used by DNS blocklist enabled firewalls such as pfSense, to block user attempts to access DoH servers, and thus bypass network controls. As I said at the time, my list was a temporary measure until a more sustainable solution was available.

With the introduction of a specific DoH server feed in the latest version of the pfBlockerNG plugin for pfSense, I have retired the dohserver.txt blocklist and now recommend anyone who needs this functionality to use the DoH feed that pfBlockedNG provides natively. Anyone who continues to have my old feed setup in their firewall to be pulled periodically will be getting a 404 error.

This information has also been updated in my Safer@Home with pfSense book.

Update to Safer@Home

If you purchased my Safer@Home with pfSense book in 2020, please note that I uploaded a minor update in early January to account for the fact that I am no longer hosting the DNS over HTTPS blacklist that I refer to in the book (I provide an alternative using the pfBlockerNG lists). If you purchased through Amazon or any of the other major resellers, you should be able to redownload the ebook from the sellers website in order to get the update.