topic Re: Block DNS over HTTPS requests in Firepower in Network Security

Block DNS over HTTPS requests in Firepower

Shocksmith — Tue, 27 Apr 2021 15:11:52 GMT

Hi,

We have a number of 5506-X devices licensed for URL, IPS, and Malware filtering on the Firepower Module. These are installed in an education setting and therefore it is critical that certain content is blocked for the children using the network. We have discovered today that a certain user has been able to access pornographic thumbnail images from google searches due to the fact that Google Chrome is set to use Secure DNS (DNS over HTTPS) on their device on a public/BYOD network.

What is the best way to prevent users from attempting to use DNS over HTTPS on the Firepower module, and enforce standard DNS requests? We are using ADSM on this device and have no FMC.

Any ideas or suggestions would be gratefully received.

Thanks,

Re: Block DNS over HTTPS requests in Firepower

rschlayer — Mon, 03 May 2021 14:50:22 GMT

You could try blocking the Application "DNS over HTTPs" or "DNS over TLS".

Worked in my lab just fine, this is FTD 6.7.0.1 managed by FMC though.

BR
Rick

Re: Block DNS over HTTPS requests in Firepower

Marvin Rhoads — Mon, 03 May 2021 16:32:58 GMT

What @rschlayer said - that's the best option you have with the setup you've described. The application blocking settings should be available in the Firepower configuration section of ASDM.

Re: Block DNS over HTTPS requests in Firepower

Shocksmith — Tue, 04 May 2021 06:14:51 GMT

Thanks for the response Rick. I actually found this option when looking at this last week but forgot to update the thread.

To confirm this can blocked using an application rule in ASDM.