[squid-users] Squid url redirector and DoH

[jonathanlee571 at gmail.com]

acl deny_rep_mime_doh rep_mime_type application/dns-message

for example would this work? I could get rid of a huge list and save memory if this solves my wackamole problem. I do not see anything on the Squid website but in theory that could resolve it right?

-----Original Message-----
From: jonathanlee571 at gmail.com <jonathanlee571 at gmail.com> 
Sent: Friday, January 10, 2025 2:54 PM
To: 'squid-users' <squid-users at lists.squid-cache.org>
Subject: RE: Squid url redirector and DoH

I have this hair brained idea to use the media type and get rid of the endless list. 

Could this work?

https://www.iana.org/assignments/media-types/media-types.xhtml

This lists mime types for doh with rfc 8484 and 8427 so technically could I just create a mime block for DoH and stop creating endless lists?

https://www.iana.org/assignments/media-types/application/dns-message
https://www.iana.org/assignments/media-types/application/dns+json

https://wiki.squid-cache.org/ConfigExamples/BlockingMimeTypes



-----Original Message-----
From: Jonathan Lee <jonathanlee571 at gmail.com> 
Sent: Friday, January 10, 2025 2:38 PM
To: squid-users <squid-users at lists.squid-cache.org>
Subject: Squid url redirector and DoH

Hello fellow Squid users, can you please help? I was wondering about this for years, I have a massive block list with DoH servers. Do you really need to block DoH if you want Squid to use a specific dns? Let’s say you are using a dns over tls, to Google or cloudflare and your system sometimes wants the DoH one.one.one.one is blocking that url really needed? My list is so big it is like playing wackamole with DoH. If I block it I see all the url requests if not I see IP addresses sometimes in the get requests. I must have a ACL with thousands and thousands of DoH servers in it. 

What is recommended with sites that want DoH however clients must use Squid per firewall ACLs? 
Sent from my iPhone