←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 1 comments | 20 Oct 20 15:51 UTC | HN request time: 0s | source
Show context
paranorman ◴[20 Oct 20 16:02 UTC] No.24838948[source]
That’s annoying yet pretty predictable, at least we’ve still got https://pi-hole.net/ as an option until DNS encryption becomes widespread :/
replies(4): >>24839196 #>>24839381 #>>24840498 #>>24842893 #
buzzerbetrayed ◴[20 Oct 20 16:21 UTC] No.24839196[source]
Not a pi-hole user, but what is the plan for pi-hole once encrypted dns is everywhere? Will it just be dead? I can’t really think of a way for it not to be.
replies(7): >>24839311 #>>24839340 #>>24839349 #>>24839493 #>>24839565 #>>24840121 #>>24841388 #
blacksmith_tb ◴[20 Oct 20 16:28 UTC] No.24839311[source]
Couldn't you host pi-hole on a cheap VM and set it to be your DNS-over-TLS / DNS-over-HTTPS endpoint?
replies(1): >>24839365 #
Skunkleton ◴[20 Oct 20 16:31 UTC] No.24839365{3}[source]
This assumes that your software is doing what you asked it to do, not what some bigco or malware wanted it to do.
replies(2): >>24839572 #>>24839696 #
silon42 ◴[20 Oct 20 16:48 UTC] No.24839572{4}[source]
firewall anything that doesn't go through your DNS server... at least thay way the malware will be obviously detectable.
replies(1): >>24840148 #
1. Spivak ◴[20 Oct 20 17:34 UTC] No.24840148{5}[source]
But DoH is just any other HTTP request. This is the downside of networks blocking everything except 80/443 outbound and browsers not supporting SRV records.